diff --git a/src/handlers/accounts.rs b/src/handlers/accounts.rs index c6d27ec..847a47a 100644 --- a/src/handlers/accounts.rs +++ b/src/handlers/accounts.rs @@ -149,9 +149,11 @@ pub async fn delete_account( let user: User = serde_json::from_value(user).map_err(|_| AppError::Internal)?; // Verify the master password hash + let provided_hash = payload.master_password_hash + .ok_or_else(|| AppError::BadRequest("Missing master password hash".to_string()))?; if !constant_time_eq( user.master_password_hash.as_bytes(), - payload.master_password_hash.as_bytes(), + provided_hash.as_bytes(), ) { return Err(AppError::Unauthorized("Invalid password".to_string())); } diff --git a/src/models/user.rs b/src/models/user.rs index fc612b4..b795bf5 100644 --- a/src/models/user.rs +++ b/src/models/user.rs @@ -79,5 +79,7 @@ pub struct KeyData { #[derive(Debug, Deserialize)] #[serde(rename_all = "camelCase")] pub struct DeleteAccountRequest { - pub master_password_hash: String, + #[serde(alias = "MasterPasswordHash")] + pub master_password_hash: Option, + pub otp: Option, } \ No newline at end of file