fix: request current password when deleting users (#5667)

frontend/src/api/users.ts

@@ -42,8 +42,14 @@ export async function update(
   });
 }
 
-export async function remove(id: number) {
+export async function remove(
+  id: number,
+  currentPassword: string | null = null
+) {
   await fetchURL(`/api/users/${id}`, {
     method: "DELETE",
+    body: JSON.stringify({
+      ...(currentPassword != null ? { current_password: currentPassword } : {}),
+    }),
   });
 }

frontend/src/views/settings/User.vue

@@ -71,6 +71,7 @@ import { computed, inject, onMounted, ref, watch } from "vue";
 import { useRoute, useRouter } from "vue-router";
 import { useI18n } from "vue-i18n";
 import { StatusError } from "@/api/utils";
+import { authMethod } from "@/utils/constants";
 
 const error = ref<StatusError>();
 const originalUser = ref<IUser>();
@@ -105,11 +106,7 @@ const fetchData = async () => {
 
   try {
     if (isNew.value) {
-      const {
-        authMethod,
-        defaults,
-        createUserDir: _createUserDir,
-      } = await settings.get();
+      const { defaults, createUserDir: _createUserDir } = await settings.get();
       isCurrentPasswordRequired.value = authMethod == "json";
       createUserDir.value = _createUserDir;
       user.value = {
@@ -146,7 +143,7 @@ const deleteUser = async (e: Event) => {
     return false;
   }
   try {
-    await api.remove(user.value.id);
+    await api.remove(user.value.id, currentPassword.value);
     router.push({ path: "/settings/users" });
     $showSuccess(t("settings.userDeleted"));
   } catch (err) {