]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/accounts_controller.rb
Add tests to ensure tokens are revoked
[rails.git] / app / controllers / accounts_controller.rb
index 3b540234b055ea1a9205e2c74181011c1c418f7c..63da1293ff731ecfe85d0430f9c6f0f1819a2008 100644 (file)
@@ -35,18 +35,30 @@ class AccountsController < ApplicationController
       :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
     )
 
       :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
     )
 
+    user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
+
     if params[:user][:auth_provider].blank? ||
        (params[:user][:auth_provider] == current_user.auth_provider &&
         params[:user][:auth_uid] == current_user.auth_uid)
     if params[:user][:auth_provider].blank? ||
        (params[:user][:auth_provider] == current_user.auth_provider &&
         params[:user][:auth_uid] == current_user.auth_uid)
-      update_user(current_user, params)
+      update_user(current_user, user_params)
       if current_user.errors.count.zero?
         redirect_to edit_account_path
       else
         render :edit
       end
     else
       if current_user.errors.count.zero?
         redirect_to edit_account_path
       else
         render :edit
       end
     else
-      session[:new_user_settings] = params
+      session[:new_user_settings] = user_params.to_h
       redirect_to auth_url(params[:user][:auth_provider], params[:user][:auth_uid]), :status => :temporary_redirect
     end
   end
       redirect_to auth_url(params[:user][:auth_provider], params[:user][:auth_uid]), :status => :temporary_redirect
     end
   end
+
+  def destroy
+    current_user.soft_destroy!
+
+    session.delete(:user)
+    session_expires_automatically
+
+    flash[:notice] = t ".success"
+    redirect_to root_path
+  end
 end
 end