Users cannot delete their own accounts

[georgemaschke]

Description:

Users cannot delete their own accounts under Rocket.Chat 5.0.4

Steps to reproduce:

1. As an unprivileged (non-admin) user, log into Rocket.Chat account;
2. Click on "My Account";
3. Choose "Delete my account";
4. Upon prompt, "If you are sure type in your username," type in user name and click "Delete" button;
5. A prompt saying "invalid password" appears (user was logged in, and there was never any indication that the password was required)
6. Account is not deleted.
7. Repeat process, but provide password and confirm it before clicking "Delete my account."
8. A prompt saying "invalid password appears" and account is not deleted.

Expected behavior:

Account is deleted.

Actual behavior:

Account is not deleted.

Server Setup Information:

• Version of Rocket.Chat Server: 5.0.4
• Operating System: Ubuntu 20.04
• Deployment Method: snap
• Number of Running Instances: 1
• DB Replicaset Oplog: enabled
• NodeJS Version: 14.19.3
• MongoDB Version: 5.0.6

Client Setup Information

• Desktop App or Browser Version: Brave 1.42.97 and Tor Browser 11.5.1
• Operating System: macOS 12.5.1

Additional context

Relevant logs:

[ankar84]

duplicate of https://github.com/RocketChat/feature-requests/issues/695

[georgemaschke]

It's not a duplicate of RocketChat/feature-requests#695. That report concerns deletion of DMs (that issue may be relevant to this one). However, this report concerns deletion of accounts.

[ankar84]

Sorry, my bad! You are right!

[Gummikavalier]

I confirm the deletion issue with locally created rocketchat accounts. Dialog asks for a username, but the password is required instead.

Deletion of accounts provisioned with Oauth works without issues.

[georgemaschke]

Entering the account password instead of the user name results in the account being deleted. The message presented after this is confusing, however. Instead of confirming account deletion, it unhelpfully states:

REGISTER USERNAME The username is used to allow others to mention you in messages. Loading suggestions

[micheal-earl]

Entering the account password instead of the user name results in the account being deleted. The message presented after this is confusing, however. Instead of confirming account deletion, it unhelpfully states:

REGISTER USERNAME The username is used to allow others to mention you in messages. Loading suggestions

I was able to successfully delete my account by entering my password in the dialog box that asks for my username as per this post.

Issue still exists, dialog should ask for password instead of username (or maybe it is supposed to take username and it is mistakenly taking password?)

[pranavreddyg]

Yeah. I used password instead of the username and the account got deleted.

[hugocostadev]

Hi there, thanks for the contribution! 🚀 💯

You are right, this still persists in the latest release.

The modal should display to enter the password with the password field

---

Questions? Help needed? Feature Requests?

• Join our Open Server in the #support channel and feel free to raise a question
• Join our Community Forum and search/create a post there
• Feature Request: Open an issue in Feature Request repository

[Simer13]

@hugocostadev what is the ultimate changes that are required? Do you want the modal to ask for username or the password?

[hugocostadev]

@hugocostadev what is the ultimate changes that are required?

Do you want the modal to ask for username or the password?

It should ask for password , and should be a password field instead of a text. The Backends already expects the password, it's just a matter to adjust the text and change the input type