check password validity in user delete socket call

public/src/client/account/edit.js

@@ -169,10 +169,9 @@ define('forum/account/edit', ['forum/account/header', 'translator', 'components'
 					confirmBtn.html('<i class="fa fa-spinner fa-spin"></i>');
 					confirmBtn.prop('disabled', true);
 
-					socket.emit('user.checkPassword', {
-						uid: parseInt(ajaxify.data.uid, 10),
+					socket.emit('user.deleteAccount', {
 						password: $('#confirm-password').val(),
-					}, function (err, ok) {
+					}, function (err) {
 						function restoreButton() {
 							translator.translate('[[modules:bootbox.confirm]]', function (confirmText) {
 								confirmBtn.text(confirmText);
@@ -183,20 +182,11 @@ define('forum/account/edit', ['forum/account/header', 'translator', 'components'
 						if (err) {
 							restoreButton();
 							return app.alertError(err.message);
-						} else if (!ok) {
-							restoreButton();
-							return app.alertError('[[error:invalid-password]]');
 						}
 
 						confirmBtn.html('<i class="fa fa-check"></i>');
-						socket.emit('user.deleteAccount', {}, function (err) {
-							if (err) {
-								return app.alertError(err.message);
-							}
-
 						window.location.href = config.relative_path + '/';
 					});
-					});
 
 					return false;
 				});

src/socket.io/user.js

@@ -36,6 +36,11 @@ SocketUser.deleteAccount = function (socket, data, callback) {
 	}
 
 	async.waterfall([
+		function (next) {
+			user.isPasswordCorrect(socket.uid, data.password, function (err, ok) {
+				next(err || !ok ? new Error('[[error:invalid-password]]') : undefined);
+			});
+		},
 		function (next) {
 			user.isAdministrator(socket.uid, next);
 		},
@@ -56,7 +61,15 @@ SocketUser.deleteAccount = function (socket, data, callback) {
 			});
 			next();
 		},
-	], callback);
+	], function (err) {
+		if (err) {
+			return setTimeout(function () {
+				callback(err);
+			}, 2500);
+		}
+
+		callback();
+	});
 };
 
 SocketUser.emailExists = function (socket, data, callback) {