if user has pass ask for it before deleting it

2025-12-18 16:06:35 +01:00
parent c7ed97a452
commit d54b0bcdef
4 changed files with 218 additions and 34 deletions
--- a/desktop/src/api/user/user.controller.ts
+++ b/desktop/src/api/user/user.controller.ts
@@ -168,20 +168,39 @@ export async function deleteUser(req: FastifyRequest, reply: FastifyReply) {
        const { id } = req.params as { id: string };
        const userId = parseInt(id, 10);

+        const body = (req.body ?? {}) as { password?: string };
+        const password = body.password;
+
        if (!userId || isNaN(userId)) {
            return reply.code(400).send({ error: "Invalid user id" });
        }

-        const result = await userService.deleteUser(userId);
-
-        if (result && result.changes > 0) {
-            return { success: true, message: "User deleted successfully" };
-        } else {
+        const user = await userService.getUserById(userId);
+        if (!user) {
            return reply.code(404).send({ error: "User not found" });
        }

+        if (user.has_password) {
+            if (!password) {
+                return reply.code(401).send({ error: "Password required" });
+            }
+
+            const isValid = await userService.verifyPassword(userId, password);
+            if (!isValid) {
+                return reply.code(401).send({ error: "Incorrect password" });
+            }
+        }
+
+        const result = await userService.deleteUser(userId);
+
+        if (result.changes > 0) {
+            return reply.send({ success: true });
+        }
+
+        return reply.code(500).send({ error: "Failed to delete user" });
+
    } catch (err) {
-        console.error("Delete User Error:", (err as Error).message);
+        console.error("Delete User Error:", err);
        return reply.code(500).send({ error: "Failed to delete user" });
    }
 }
@@ -246,16 +265,17 @@ export async function changePassword(req: FastifyRequest, reply: FastifyReply) {
            return reply.code(404).send({ error: "User not found" });
        }

-        // Si el usuario tiene contraseña actual, debe proporcionar la contraseña actual
-        if (user.has_password && currentPassword) {
-            const isValid = await userService.verifyPassword(userId, currentPassword);
+        if (user.has_password) {
+            if (!currentPassword) {
+                return reply.code(401).send({ error: "Current password required" });
+            }

+            const isValid = await userService.verifyPassword(userId, currentPassword);
            if (!isValid) {
                return reply.code(401).send({ error: "Current password is incorrect" });
            }
        }

-        // Actualizar la contraseña (null para eliminarla, string para establecerla)
        await userService.updateUser(userId, { password: newPassword });

        return reply.send({
--- a/desktop/src/scripts/users.js
+++ b/desktop/src/scripts/users.js
@@ -694,30 +694,102 @@ window.handleDeleteConfirmation = function(userId) {

    closeModal();

+    if (user.has_password) {
+        modalAniList.innerHTML = `
+        <div class="modal-overlay"></div>
+        <div class="modal-content" style="max-width:400px;">
+            <div class="modal-header">
+                <h2>Confirm Deletion</h2>
+                <button class="modal-close" onclick="closeModal()">
+                    <svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                        <line x1="18" y1="6" x2="6" y2="18"></line>
+                        <line x1="6" y1="6" x2="18" y2="18"></line>
+                    </svg>
+                </button>
+            </div>
+
+            <form id="deleteWithPasswordForm">
+                <p style="margin-bottom:1.25rem; color:var(--color-text-secondary)">
+                    Enter your password to permanently delete
+                    <b>${user.username}</b>
+                </p>
+
+                <div class="form-group">
+                    <label for="deletePassword">Password</label>
+                    <div class="password-toggle-wrapper">
+                        <input
+                            type="password"
+                            id="deletePassword"
+                            required
+                            placeholder="Enter password"
+                            autofocus
+                        >
+                        <button
+                            type="button"
+                            class="password-toggle-btn"
+                            onclick="togglePasswordVisibility('deletePassword', this)"
+                        >
+                            <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                                <path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"></path>
+                                <circle cx="12" cy="12" r="3"></circle>
+                            </svg>
+                        </button>
+                    </div>
+                </div>
+
+                <div class="modal-actions">
+                    <button type="button" class="btn-secondary" onclick="closeModal()">
+                        Cancel
+                    </button>
+                    <button type="submit" class="btn-disconnect">
+                        Delete Profile
+                    </button>
+                </div>
+            </form>
+        </div>
+    `;
+        modalAniList.classList.add('active');
+
+        document
+            .getElementById('deleteWithPasswordForm')
+            .addEventListener('submit', e => {
+                e.preventDefault();
+                const password = document.getElementById('deletePassword').value;
+                handleConfirmedDeleteUser(userId, password);
+            });
+
+        return;
+    }
+
    showConfirmationModal(
        'Confirm Deletion',
-        `Are you absolutely sure you want to delete profile ${user.username}? This action cannot be undone.`,
+        `Are you absolutely sure you want to delete profile ${user.username}?`,
        `handleConfirmedDeleteUser(${userId})`
    );
 };

-window.handleConfirmedDeleteUser = async function(userId) {
+window.handleConfirmedDeleteUser = async function(userId, password = null) {
    closeModal();
-    showUserToast('Deleting user...', 'info');

    try {
-        const res = await fetch(`${API_BASE}/users/${userId}`, { method: 'DELETE' });
+        const options = { method: 'DELETE' };
+
+        if (password) {
+            options.headers = { 'Content-Type': 'application/json' };
+            options.body = JSON.stringify({ password });
+        }
+
+        const res = await fetch(`${API_BASE}/users/${userId}`, options);

        if (!res.ok) {
            const error = await res.json();
-            throw new Error(error.error || 'Error deleting user');
+            throw new Error(error.error);
        }

        await loadUsers();
        showUserToast('User deleted successfully!', 'success');
    } catch (err) {
-        console.error(err);
-        showUserToast('Error deleting user', 'error');
+        showUserToast(err.message || 'Error deleting user', 'error');
    }
 };

--- a/docker/src/api/user/user.controller.ts
+++ b/docker/src/api/user/user.controller.ts
@@ -168,20 +168,39 @@ export async function deleteUser(req: FastifyRequest, reply: FastifyReply) {
        const { id } = req.params as { id: string };
        const userId = parseInt(id, 10);

+        const body = (req.body ?? {}) as { password?: string };
+        const password = body.password;
+
        if (!userId || isNaN(userId)) {
            return reply.code(400).send({ error: "Invalid user id" });
        }

-        const result = await userService.deleteUser(userId);
-
-        if (result && result.changes > 0) {
-            return { success: true, message: "User deleted successfully" };
-        } else {
+        const user = await userService.getUserById(userId);
+        if (!user) {
            return reply.code(404).send({ error: "User not found" });
        }

+        if (user.has_password) {
+            if (!password) {
+                return reply.code(401).send({ error: "Password required" });
+            }
+
+            const isValid = await userService.verifyPassword(userId, password);
+            if (!isValid) {
+                return reply.code(401).send({ error: "Incorrect password" });
+            }
+        }
+
+        const result = await userService.deleteUser(userId);
+
+        if (result.changes > 0) {
+            return reply.send({ success: true });
+        }
+
+        return reply.code(500).send({ error: "Failed to delete user" });
+
    } catch (err) {
-        console.error("Delete User Error:", (err as Error).message);
+        console.error("Delete User Error:", err);
        return reply.code(500).send({ error: "Failed to delete user" });
    }
 }
@@ -246,16 +265,17 @@ export async function changePassword(req: FastifyRequest, reply: FastifyReply) {
            return reply.code(404).send({ error: "User not found" });
        }

-        // Si el usuario tiene contraseña actual, debe proporcionar la contraseña actual
-        if (user.has_password && currentPassword) {
-            const isValid = await userService.verifyPassword(userId, currentPassword);
+        if (user.has_password) {
+            if (!currentPassword) {
+                return reply.code(401).send({ error: "Current password required" });
+            }

+            const isValid = await userService.verifyPassword(userId, currentPassword);
            if (!isValid) {
                return reply.code(401).send({ error: "Current password is incorrect" });
            }
        }

-        // Actualizar la contraseña (null para eliminarla, string para establecerla)
        await userService.updateUser(userId, { password: newPassword });

        return reply.send({
--- a/docker/src/scripts/users.js
+++ b/docker/src/scripts/users.js
@@ -694,30 +694,102 @@ window.handleDeleteConfirmation = function(userId) {

    closeModal();

+    if (user.has_password) {
+        modalAniList.innerHTML = `
+        <div class="modal-overlay"></div>
+        <div class="modal-content" style="max-width:400px;">
+            <div class="modal-header">
+                <h2>Confirm Deletion</h2>
+                <button class="modal-close" onclick="closeModal()">
+                    <svg width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                        <line x1="18" y1="6" x2="6" y2="18"></line>
+                        <line x1="6" y1="6" x2="18" y2="18"></line>
+                    </svg>
+                </button>
+            </div>
+
+            <form id="deleteWithPasswordForm">
+                <p style="margin-bottom:1.25rem; color:var(--color-text-secondary)">
+                    Enter your password to permanently delete
+                    <b>${user.username}</b>
+                </p>
+
+                <div class="form-group">
+                    <label for="deletePassword">Password</label>
+                    <div class="password-toggle-wrapper">
+                        <input
+                            type="password"
+                            id="deletePassword"
+                            required
+                            placeholder="Enter password"
+                            autofocus
+                        >
+                        <button
+                            type="button"
+                            class="password-toggle-btn"
+                            onclick="togglePasswordVisibility('deletePassword', this)"
+                        >
+                            <svg width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
+                                <path d="M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z"></path>
+                                <circle cx="12" cy="12" r="3"></circle>
+                            </svg>
+                        </button>
+                    </div>
+                </div>
+
+                <div class="modal-actions">
+                    <button type="button" class="btn-secondary" onclick="closeModal()">
+                        Cancel
+                    </button>
+                    <button type="submit" class="btn-disconnect">
+                        Delete Profile
+                    </button>
+                </div>
+            </form>
+        </div>
+    `;
+        modalAniList.classList.add('active');
+
+        document
+            .getElementById('deleteWithPasswordForm')
+            .addEventListener('submit', e => {
+                e.preventDefault();
+                const password = document.getElementById('deletePassword').value;
+                handleConfirmedDeleteUser(userId, password);
+            });
+
+        return;
+    }
+
    showConfirmationModal(
        'Confirm Deletion',
-        `Are you absolutely sure you want to delete profile ${user.username}? This action cannot be undone.`,
+        `Are you absolutely sure you want to delete profile ${user.username}?`,
        `handleConfirmedDeleteUser(${userId})`
    );
 };

-window.handleConfirmedDeleteUser = async function(userId) {
+window.handleConfirmedDeleteUser = async function(userId, password = null) {
    closeModal();
-    showUserToast('Deleting user...', 'info');

    try {
-        const res = await fetch(`${API_BASE}/users/${userId}`, { method: 'DELETE' });
+        const options = { method: 'DELETE' };
+
+        if (password) {
+            options.headers = { 'Content-Type': 'application/json' };
+            options.body = JSON.stringify({ password });
+        }
+
+        const res = await fetch(`${API_BASE}/users/${userId}`, options);

        if (!res.ok) {
            const error = await res.json();
-            throw new Error(error.error || 'Error deleting user');
+            throw new Error(error.error);
        }

        await loadUsers();
        showUserToast('User deleted successfully!', 'success');
    } catch (err) {
-        console.error(err);
-        showUserToast('Error deleting user', 'error');
+        showUserToast(err.message || 'Error deleting user', 'error');
    }
 };