X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/c34ed1e3706020c59aa8dc70ece41c36a8a30930..0d0a9fc0044a77aa8f5b70761b7529e2191e5a3e:/app/controllers/accounts_controller.rb

diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 3b540234b..d45dce66a 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -11,15 +11,13 @@ class AccountsController < ApplicationController
 
   before_action :check_database_readable
   before_action :check_database_writable, :only => [:update]
-  before_action :allow_thirdparty_images, :only => [:edit, :update]
+
+  allow_thirdparty_images :only => [:edit, :update]
+  allow_social_login :only => [:edit, :update]
 
   def edit
     @tokens = current_user.oauth_tokens.authorized
 
-    append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
-    )
-
     if errors = session.delete(:user_errors)
       errors.each do |attribute, error|
         current_user.errors.add(attribute, error)
@@ -31,22 +29,34 @@ class AccountsController < ApplicationController
   def update
     @tokens = current_user.oauth_tokens.authorized
 
-    append_content_security_policy_directives(
-      :form_action => %w[accounts.google.com *.facebook.com login.live.com github.com meta.wikimedia.org]
-    )
+    user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider)
 
     if params[:user][:auth_provider].blank? ||
        (params[:user][:auth_provider] == current_user.auth_provider &&
         params[:user][:auth_uid] == current_user.auth_uid)
-      update_user(current_user, params)
+      update_user(current_user, user_params)
       if current_user.errors.count.zero?
         redirect_to edit_account_path
       else
         render :edit
       end
     else
-      session[:new_user_settings] = params
+      session[:new_user_settings] = user_params.to_h
       redirect_to auth_url(params[:user][:auth_provider], params[:user][:auth_uid]), :status => :temporary_redirect
     end
   end
+
+  def destroy
+    if current_user.deletion_allowed?
+      current_user.soft_destroy!
+
+      session.delete(:user)
+      session_expires_automatically
+
+      flash[:notice] = t ".success"
+      redirect_to root_path
+    else
+      head :bad_request
+    end
+  end
 end