X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/1f8df781be6788a43e0a76a9874366930473f64c..6cef0850a413725a4ca598d2664473839a1c0e4f:/app/controllers/accounts_controller.rb

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 63da1293f..6b47ca666 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -17,7 +17,7 @@ class AccountsController < ApplicationController
     @tokens = current_user.oauth_tokens.authorized
 
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.microsoftonline.com github.com meta.wikimedia.org]
     )
 
     if errors = session.delete(:user_errors)
@@ -32,7 +32,7 @@ class AccountsController < ApplicationController
     @tokens = current_user.oauth_tokens.authorized
 
     append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
+      :form_action => %w[accounts.google.com *.facebook.com login.microsoftonline.com github.com meta.wikimedia.org]
     )
 
     user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
@@ -53,12 +53,16 @@ class AccountsController < ApplicationController
   end
 
   def destroy
-    current_user.soft_destroy!
+    if current_user.deletion_allowed?
+      current_user.soft_destroy!
 
-    session.delete(:user)
-    session_expires_automatically
+      session.delete(:user)
+      session_expires_automatically
 
-    flash[:notice] = t ".success"
-    redirect_to root_path
+      flash[:notice] = t ".success"
+      redirect_to root_path
+    else
+      head :bad_request
+    end
   end
 end