hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

TwitterAPI: allow deleting one's own account with request body

Browse source
This commit is contained in:
Alex Gleason 2021-12-13 16:15:33 -05:00
commit 8672ad6b00
No known key found for this signature in database
GPG key ID: 7211D1F99744FBB7
3 changed files with 49 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/pleroma/web/twitter_api/controllers/util_controller.ex
View file

@ -123,8 +123,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end
end
def delete_account(%{assigns: %{user: user}} = conn, params) do
password = params[:password] || ""
def delete_account(%{assigns: %{user: user}, body_params: body_params} = conn, params) do
# This endpoint can accept a query param or JSON body for backwards-compatibility.
# Submitting a JSON body is recommended, so passwords don't end up in server logs.
password = body_params[:password] || params[:password] || ""
case CommonAPI.Utils.confirm_current_password(user, password) do
{:ok, user} ->