hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'delete-account-fix' into 'develop'

Browse source 
TwitterAPI: allow deleting one's own account with request body

Closes #2799 and #2746

See merge request pleroma/pleroma!3564
This commit is contained in:
lain 2021-12-15 21:26:45 +00:00
commit 6eb7d69e60
3 changed files with 49 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/pleroma/web/twitter_api/controllers/util_controller.ex
View file

@ -123,8 +123,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end
end
def delete_account(%{assigns: %{user: user}} = conn, params) do
password = params[:password] || ""
def delete_account(%{assigns: %{user: user}, body_params: body_params} = conn, params) do
# This endpoint can accept a query param or JSON body for backwards-compatibility.
# Submitting a JSON body is recommended, so passwords don't end up in server logs.
password = body_params[:password] || params[:password] || ""
case CommonAPI.Utils.confirm_current_password(user, password) do
{:ok, user} ->