ask password to close account - closes #671

app/controllers/Account.scala

@@ -97,17 +97,25 @@ object Account extends LilaController {
 
   def close = Auth { implicit ctx =>
     me =>
-      Ok(html.account.close(me)).fuccess
+      Ok(html.account.close(me, Env.security.forms.closeAccount)).fuccess
   }
 
-  def closeConfirm = Auth { ctx =>
+  def closeConfirm = AuthBody { implicit ctx =>
     me =>
-      implicit val req = ctx.req
-      (UserRepo disable me.id) >>
-        Env.team.api.quitAll(me.id) >>
-        (Env.security disconnect me.id) inject {
-          Redirect(routes.User show me.username) withCookies LilaCookie.newSession
+      implicit val req = ctx.body
+      FormFuResult(Env.security.forms.closeAccount) { err =>
+        fuccess(html.account.close(me, err))
+      } { password =>
+        UserRepo.checkPassword(me.id, password) flatMap {
+          case false => BadRequest(html.account.close(me, Env.security.forms.closeAccount)).fuccess
+          case true =>
+            (UserRepo disable me.id) >>
+              Env.team.api.quitAll(me.id) >>
+              (Env.security disconnect me.id) inject {
+                Redirect(routes.User show me.username) withCookies LilaCookie.newSession
+              }
         }
+      }
   }
 
   def kid = Auth { implicit ctx =>

app/views/account/close.scala.html

@@ -1,4 +1,4 @@
-@(u: User)(implicit ctx: Context)
+@(u: User, form: Form[_])(implicit ctx: Context)
 
 @title = @{ s"${u.username} - ${trans.closeAccount.str()}" }
 
@@ -10,13 +10,18 @@
       @trans.closeAccountExplanation()
     </p>
     <form action="@routes.Account.closeConfirm" method="POST">
-      <br /><br />
-      <a href="@routes.User.show(u.username)">
-        @trans.changedMindDoNotCloseAccount()
-      </a>
-      <br /><br />
-      <br /><br />
-      <input type="submit" class="submit button" value="@trans.closeYourAccount()" />
+      <ul>
+        @account.passwdFormField(form("passwd"), trans.password.str())
+        <li>@errMsg(form)</li>
+        <li>
+          <button type="submit" class="submit button">@trans.closeYourAccount()</button>
+        </li>
+        <li>
+          <a href="@routes.User.show(u.username)">
+            @trans.changedMindDoNotCloseAccount()
+          </a>
+        </li>
+      </ul>
     </form>
   </div>
 </div>

app/views/account/passwdFormField.scala.html

@@ -11,4 +11,3 @@
   value="@field.value"/>
   @errMsg(field)
 </li>
-

modules/security/src/main/DataForm.scala

@@ -94,6 +94,8 @@ final class DataForm(
   )(ChangeEmail.apply)(ChangeEmail.unapply)
     .verifying("This email already exists", e => !emailAddress.isTaken(e.email))
   )
+
+  val closeAccount = Form(single("passwd" -> nonEmptyText))
 }
 
 object DataForm {