Better Auth•5mo ago

delete user with password doesn't work if sendDeleteAccountVerification is set up

As the title says. I'm trying to implement user deletion with both: password (for credentials & phoneNumber users) & email verification (for OAuth users). I set up sendDeleteAccountVerification, deleting account by sendingDeleteVerification works, but by using password doesn't work. It just gives success state (if the password is correct) but doesn't work.. auth.ts:

user: {
  deleteUser: {
  sendDeleteAccountVerification: async ({ user, url, token }, request) => {
          await sendDeleteAccountVerificationEmail({
            email: user.email,
            name: user.name,
            deletionUrl: url,
          });
        },
        enabled: true,
    }
  }
}

user: {
  deleteUser: {
  sendDeleteAccountVerification: async ({ user, url, token }, request) => {
          await sendDeleteAccountVerificationEmail({
            email: user.email,
            name: user.name,
            deletionUrl: url,
          });
        },
        enabled: true,
    }
  }
}

delete-user-dialog.tsx

const handleDelete = async (e: React.FormEvent) => {
    e.preventDefault();
    setError(null);

    startTransition(async () => {
      
      if (userHasPassword){
      await authClient.deleteUser({
        password,
        fetchOptions: {
          onSuccess: (ctx) => {
            toast.success("Your account has been deleted successfully.");
            setOpen(false);
          },
          onError: (ctx) => {
            setError(ctx.error.message);
          },
        },
      });
    }else{
      await authClient.deleteUser({
        callbackURL: "/goodbye",
        fetchOptions: {
          onSuccess: (ctx) => {
            toast.success("Verification email sent! Please check your inbox.");
            setOpen(false);
          },
          onError: (ctx) => {
            setError(ctx.error.message);
          },
        },
      });
    }
    });
  };

const handleDelete = async (e: React.FormEvent) => {
    e.preventDefault();
    setError(null);

    startTransition(async () => {
      
      if (userHasPassword){
      await authClient.deleteUser({
        password,
        fetchOptions: {
          onSuccess: (ctx) => {
            toast.success("Your account has been deleted successfully.");
            setOpen(false);
          },
          onError: (ctx) => {
            setError(ctx.error.message);
          },
        },
      });
    }else{
      await authClient.deleteUser({
        callbackURL: "/goodbye",
        fetchOptions: {
          onSuccess: (ctx) => {
            toast.success("Verification email sent! Please check your inbox.");
            setOpen(false);
          },
          onError: (ctx) => {
            setError(ctx.error.message);
          },
        },
      });
    }
    });
  };

1 Reply

MaqedOP•5mo ago

Also, It sends an deletion email even though I passed the password. Is there any workaround for that? I made a workaround for it by implementing it myself lol. actions/auth.ts

"use server";
import { auth, beforeUserDeletion, getServerAuthSession } from "@/lib/auth";
import { db } from "@/lib/db";

export async function deleteUserWithPassword({
  password,
}: {
  password: string;
}) {
  const session = await getServerAuthSession();
  if (!session) throw new Error("Unauthenticated");
  const account = await db.account.findFirst({
    where: {
      userId: Number(session.user.id),
      providerId: "credential",
      password: {
        not: null,
      },
    },
  });

  if (!account) {
    throw new Error("You don't have a password");
  }
  const ctx = await auth.$context;
  const isPasswordVerified = await ctx.password.verify({
    password,
    hash: account.password as string,
  });
  if (!isPasswordVerified) throw new Error("Incorrect password");

  await beforeUserDeletion(session.user);

  return await db.user.delete({
    where: {
      id: Number(session.user.id),
    },
  });
}

"use server";
import { auth, beforeUserDeletion, getServerAuthSession } from "@/lib/auth";
import { db } from "@/lib/db";

export async function deleteUserWithPassword({
  password,
}: {
  password: string;
}) {
  const session = await getServerAuthSession();
  if (!session) throw new Error("Unauthenticated");
  const account = await db.account.findFirst({
    where: {
      userId: Number(session.user.id),
      providerId: "credential",
      password: {
        not: null,
      },
    },
  });

  if (!account) {
    throw new Error("You don't have a password");
  }
  const ctx = await auth.$context;
  const isPasswordVerified = await ctx.password.verify({
    password,
    hash: account.password as string,
  });
  if (!isPasswordVerified) throw new Error("Incorrect password");

  await beforeUserDeletion(session.user);

  return await db.user.delete({
    where: {
      id: Number(session.user.id),
    },
  });
}

Gaming

Programming

delete user with password doesn't work if sendDeleteAccountVerification is set up

Did you find this page helpful?