Add exception when authentication returns different user id than logged in in Settings\RemoveMe
This commit is contained in:
parent
1f7b6a63bb
commit
b29a68d467
1 changed files with 15 additions and 14 deletions
|
@ -23,11 +23,9 @@ namespace Friendica\Module\Settings;
|
||||||
|
|
||||||
use Friendica\App;
|
use Friendica\App;
|
||||||
use Friendica\Content\Widget;
|
use Friendica\Content\Widget;
|
||||||
use Friendica\Core\Config\Capability\IManageConfigValues;
|
|
||||||
use Friendica\Core\L10n;
|
use Friendica\Core\L10n;
|
||||||
use Friendica\Core\Renderer;
|
use Friendica\Core\Renderer;
|
||||||
use Friendica\Core\Session\Capability\IHandleUserSessions;
|
use Friendica\Core\Session\Capability\IHandleUserSessions;
|
||||||
use Friendica\Database\Database;
|
|
||||||
use Friendica\DI;
|
use Friendica\DI;
|
||||||
use Friendica\Model\User;
|
use Friendica\Model\User;
|
||||||
use Friendica\Model\User\Cookie;
|
use Friendica\Model\User\Cookie;
|
||||||
|
@ -41,10 +39,6 @@ use Psr\Log\LoggerInterface;
|
||||||
|
|
||||||
class RemoveMe extends BaseSettings
|
class RemoveMe extends BaseSettings
|
||||||
{
|
{
|
||||||
/** @var IManageConfigValues */
|
|
||||||
private $config;
|
|
||||||
/** @var Database */
|
|
||||||
private $database;
|
|
||||||
/** @var Emailer */
|
/** @var Emailer */
|
||||||
private $emailer;
|
private $emailer;
|
||||||
/** @var SystemMessages */
|
/** @var SystemMessages */
|
||||||
|
@ -52,12 +46,10 @@ class RemoveMe extends BaseSettings
|
||||||
/** @var Cookie */
|
/** @var Cookie */
|
||||||
private $cookie;
|
private $cookie;
|
||||||
|
|
||||||
public function __construct(Cookie $cookie, SystemMessages $systemMessages, Emailer $emailer, Database $database, IManageConfigValues $config, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
|
public function __construct(Cookie $cookie, SystemMessages $systemMessages, Emailer $emailer, IHandleUserSessions $session, App\Page $page, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, array $server, array $parameters = [])
|
||||||
{
|
{
|
||||||
parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
|
parent::__construct($session, $page, $l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);
|
||||||
|
|
||||||
$this->config = $config;
|
|
||||||
$this->database = $database;
|
|
||||||
$this->emailer = $emailer;
|
$this->emailer = $emailer;
|
||||||
$this->systemMessages = $systemMessages;
|
$this->systemMessages = $systemMessages;
|
||||||
$this->cookie = $cookie;
|
$this->cookie = $cookie;
|
||||||
|
@ -80,6 +72,9 @@ class RemoveMe extends BaseSettings
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$userId = User::getIdFromPasswordAuthentication($this->session->getLocalUserId(), trim($request[$hash]));
|
$userId = User::getIdFromPasswordAuthentication($this->session->getLocalUserId(), trim($request[$hash]));
|
||||||
|
if ($userId != $this->session->getLocalUserId()) {
|
||||||
|
throw new \RuntimeException($this->t("There was a validation error, please make sure you're logged in with the account you want to remove and try again.") . ' ' . $this->t('If this error persists, please contact your administrator.'));
|
||||||
|
}
|
||||||
} catch (\Throwable $e) {
|
} catch (\Throwable $e) {
|
||||||
$this->systemMessages->addNotice($e->getMessage());
|
$this->systemMessages->addNotice($e->getMessage());
|
||||||
return;
|
return;
|
||||||
|
@ -101,13 +96,19 @@ class RemoveMe extends BaseSettings
|
||||||
$this->emailer->send($email);
|
$this->emailer->send($email);
|
||||||
}
|
}
|
||||||
|
|
||||||
User::remove($userId);
|
try {
|
||||||
|
User::remove($userId);
|
||||||
|
|
||||||
$this->session->clear();
|
$this->session->clear();
|
||||||
$this->cookie->clear();
|
$this->cookie->clear();
|
||||||
|
|
||||||
$this->systemMessages->addInfo($this->t('Your user account has been successfully removed. Bye bye!'));
|
$this->systemMessages->addInfo($this->t('Your account has been successfully removed. Bye bye!'));
|
||||||
$this->baseUrl->redirect();
|
$this->baseUrl->redirect();
|
||||||
|
} catch (\RuntimeException $e) {
|
||||||
|
$this->systemMessages->addNotice($e->getMessage());
|
||||||
|
} finally {
|
||||||
|
return;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function content(array $request = []): string
|
protected function content(array $request = []): string
|
||||||
|
|
Loading…
Reference in a new issue