From 2e912b7e1c50565bb262979052b4b5e30154bd2d Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Mon, 15 Feb 2021 19:32:08 +0100
Subject: [PATCH] Make data conservation policy updates password-protected

---
 src/controllers/settings_controller.rs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/controllers/settings_controller.rs b/src/controllers/settings_controller.rs
index 393ed72..ddf2286 100644
--- a/src/controllers/settings_controller.rs
+++ b/src/controllers/settings_controller.rs
@@ -215,6 +215,8 @@ pub fn get_data_conservation_policy(r: &mut HttpRequestHandler) -> RequestResult
 
 /// Set data conservation policy
 pub fn set_data_conservation_policy(r: &mut HttpRequestHandler) -> RequestResult {
+    r.need_user_password("password")?;
+
     let policy = NewDataConservationPolicy {
         user_id: r.user_id()?,
         delete_account_after: r.post_positive_u64_opt("inactive_account_lifetime")?,