Reputation: 12042
How to enforce providing password for devise to delete account
how can I make devise enforce getting correct password before canceling registration (deleting account)
Upvotes: 0
Views: 622
Answers (2)
Reputation: 14630
Yeah, the key here is knowing how to encrypt params[:password] to be able to compare it to the current_user.encrypted_password
Older versions of Devise use a password_salt as well. My advice to you would be to look at how devise does this on sign in, and use the same method in your destroy action, or whatever user-facing page you have for that.
Upvotes: 0
Reputation: 3054
You can either:
- Do something along the lines of pst's answer: have a text box for :canceled in a form that when saved, cancels the account. Since it would be part of the user model, devise would force the password check upon the update action.
Do it yourself via a button that warns (similar to the delete buttons often in Rails). The controller that receives the request would simply do something like the following (I seem to remember that Devise uses MD5, maybe it's SHA1, SHA2, unsure- see documentation; the key is to use the same type):
if params[:password] == Digest::MD5.hexdigest(params[:password]) cancel_account(…) … end
Upvotes: 1
Related Questions
- How to "soft delete" user with Devise
- Require password only when changing password devise registration
- Rails + devise: Trying to delete user account
- Rails app won't delete user account using devise
- Deleting user's account in Rails
- Rails Devise not Deleting Account
- How to make passwords optional using Devise?
- Preventing user deletion in Ruby On Rails and Devise Application
- How can I remove a user's password in Devise?
- Devise: Create User without Password then Require Password to Use Account?