From 300b8bdefce677796998e98fde711e3422584e5b Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Fri, 3 Apr 2020 23:30:04 -0500
Subject: [PATCH] user deletions: add confirmation dialog.

---
 .../maintenance/user/deletions_controller.rb         |  2 +-
 app/views/maintenance/user/deletions/show.html.erb   | 12 +++---------
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/app/controllers/maintenance/user/deletions_controller.rb b/app/controllers/maintenance/user/deletions_controller.rb
index 351b26c1a..a74d16946 100644
--- a/app/controllers/maintenance/user/deletions_controller.rb
+++ b/app/controllers/maintenance/user/deletions_controller.rb
@@ -5,7 +5,7 @@ module Maintenance
       end
 
       def destroy
-        deletion = UserDeletion.new(CurrentUser.user, params[:password])
+        deletion = UserDeletion.new(CurrentUser.user, params.dig(:user, :password))
         deletion.delete!
         session.delete(:user_id)
         redirect_to(posts_path, :notice => "You are now logged out")
diff --git a/app/views/maintenance/user/deletions/show.html.erb b/app/views/maintenance/user/deletions/show.html.erb
index e7ded1d06..7334839bb 100644
--- a/app/views/maintenance/user/deletions/show.html.erb
+++ b/app/views/maintenance/user/deletions/show.html.erb
@@ -32,15 +32,9 @@
       undone. Your account cannot be recovered after it is deactivated.
     </p>
 
-    <%= form_tag(maintenance_user_deletion_path, :method => :delete, :class => "simple_form") do %>
-      <div class="input">
-        <label>Password</label>
-        <%= password_field_tag :password %>
-      </div>
-
-      <div class="input">
-        <%= submit_tag "Deactivate account" %>
-      </div>
+    <%= edit_form_for(:user, url: maintenance_user_deletion_path, method: :delete) do |f| %>
+      <%= f.input :password %>
+      <%= f.submit "Deactivate account", "data-confirm": "Are you sure you want to deactivate your account? This cannot be undone" %>
     <% end %>
   </div>
 </div>