diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 7c8471303..018b4df76 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -84,9 +84,14 @@ class UsersController < ApplicationController Resque.enqueue(Jobs::DeleteAccount, current_user.id) current_user.lock_access! sign_out current_user - flash[:notice] = I18n.t 'users.destroy' + flash[:notice] = I18n.t 'users.destroy.success' redirect_to root_path else + if params[:user].present? && params[:user][:current_password].present? + flash[:error] = t 'users.destroy.wrong_password' + else + flash[:error] = t 'users.destroy.no_password' + end redirect_to :back end end diff --git a/app/views/users/edit.html.haml b/app/views/users/edit.html.haml index 664bfc550..d0e6ac949 100644 --- a/app/views/users/edit.html.haml +++ b/app/views/users/edit.html.haml @@ -170,7 +170,7 @@ = f.error_messages %p - = f.label :current_password, t('.current_password') - = f.password_field :current_password + = f.label :close_account_password, t('.current_password'), :for => :close_account_password + = f.password_field :current_password, :id => :close_account_password %p = f.submit t('.close_account'), :confirm => t('are_you_sure') diff --git a/config/locales/diaspora/en.yml b/config/locales/diaspora/en.yml index 338be3792..438793a68 100644 --- a/config/locales/diaspora/en.yml +++ b/config/locales/diaspora/en.yml @@ -938,7 +938,10 @@ en: ignored_users: "Ignored Users" stop_ignoring: "Stop ignoring" - destroy: "Your account has been locked. It may take 20 minutes for us to finish closing your account. Thank you for trying Diaspora." + destroy: + success: "Your account has been locked. It may take 20 minutes for us to finish closing your account. Thank you for trying Diaspora." + no_password: "Please enter your current password to close your account." + wrong_password: "The entered password didn't match your current password." getting_started: well_hello_there: "Well, hello there!" community_welcome: "Diaspora's community is happy to have you aboard!" diff --git a/features/closes_account.feature b/features/closes_account.feature index c0ccfcc1d..f0f8eb817 100644 --- a/features/closes_account.feature +++ b/features/closes_account.feature @@ -8,8 +8,9 @@ Feature: Close Account Given I am signed in When I click on my name in the header And I follow "Settings" + And I put in my password in "close_account_password" And I preemptively confirm the alert - And I follow "Close Account" + And I press "Close Account" Then I should be on the home page When I go to the new user session page @@ -18,6 +19,25 @@ Feature: Close Account When I wait for the ajax to finish Then I should see "Invalid email or password." + Scenario: user is forced to enter something in the password field on closing account + Given I am signed in + When I click on my name in the header + And I follow "Settings" + And I preemptively confirm the alert + And I press "Close Account" + Then I should be on the edit user page + And I should see "Please enter your current password to close your account." + + Scenario: user is forced to enter the right password in the password field on closing account + Given I am signed in + When I click on my name in the header + And I follow "Settings" + And I preemptively confirm the alert + And I fill in "close_account_password" with "none sense" + And I press "Close Account" + Then I should be on the edit user page + And I should see "The entered password didn't match your current password." + Scenario: post display should not throw error when mention is removed for the user whose account is closed Given a user named "Bob Jones" with email "bob@bob.bob" And a user named "Alice Smith" with email "alice@alice.alice" @@ -31,8 +51,9 @@ Feature: Close Account Then I sign in as "bob@bob.bob" When I click on my name in the header And I follow "Settings" + And I put in my password in "close_account_password" And I preemptively confirm the alert - And I follow "Close Account" + And I press "Close Account" Then I sign in as "alice@alice.alice" And I am on the home page Then I should see "Hi, Bob Jones long time no see"