1
0
Fork 0
mirror of https://github.com/Lynnesbian/FediBooks/ synced 2024-11-25 08:38:59 +00:00

added account deletion functionality, fixes #33

This commit is contained in:
Lynne Megido 2019-12-19 19:53:05 +10:00
parent 0f717a82bb
commit 200897c5d7
3 changed files with 53 additions and 3 deletions

1
.gitignore vendored
View file

@ -2,3 +2,4 @@ __pycache__
config.json config.json
planning.txt planning.txt
*.pyc *.pyc
/debug

View file

@ -23,7 +23,7 @@
<p>All of your FediBooks bots will stop working, but their accounts will remain open. You can delete them manually or repurpose them for something else.</p> <p>All of your FediBooks bots will stop working, but their accounts will remain open. You can delete them manually or repurpose them for something else.</p>
<p>If you're sure you want to delete your account, enter your password below and click "Close my account".</p> <p>If you're sure you want to delete your account, enter your password below and click "Close my account".</p>
<p> <p>
<input type="password" placeholder="Password"> <input type="password" name="password" placeholder="Password">
</p> </p>
<a class="button btn-secondary" href="/"><i class="fas fa-times"></i> Cancel</a> <a class="button btn-secondary" href="/"><i class="fas fa-times"></i> Cancel</a>
<button class="button btn-dangerous"><i class="fas fa-trash"></i> Close my account</button> <button class="button btn-dangerous"><i class="fas fa-trash"></i> Close my account</button>

View file

@ -61,9 +61,58 @@ def show_signup_page():
def render_settings(): def render_settings():
return settings(mysql) return settings(mysql)
@app.route("/delete") @app.route("/delete", methods=['GET', 'POST'])
def render_delete(): def render_delete():
return render_template("close_account.html", error = session.pop('error', None)) if request.method == 'GET':
return render_template("close_account.html", error = session.pop('error', None))
else:
# deletion logic
pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest().replace(b"\0", b"\1")
c = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
c.execute("SELECT * FROM users WHERE id = %s", (session['user_id'],))
data = c.fetchone()
c.close()
if data == None:
# should never happen ;)
session['error'] = "An unknown error occurred."
return redirect(url_for("render_delete"), 303)
if bcrypt.checkpw(pw_hashed, data['password']):
# passwords match, delete the account
session['error'] = "succ ess"
c = mysql.connection.cursor()
c.execute("SELECT credentials_id FROM bots WHERE user_id = %s", (session['user_id'],))
credentials_list = c.fetchall()
for credentials_id in credentials_list:
c.execute("SELECT client_id, client_secret, secret FROM credentials WHERE id = %s", (credentials_id,))
# TODO: maybe schedule the push deletions on a cron job or something, if the user has a lot of accounts (or they're on slow instances) this could take a while or even time out
credentials = c.fetchone()
try:
client = Mastodon(
credentials[0],
credentials[1],
credentials[2],
"https://{}".format(id.split("@")[2])
)
client.push_subscription_delete()
except:
# if it fails, don't prevent the user from deleting their account
# TODO: maybe notify that some accounts failed to unregister push
pass
c.execute("DELETE FROM `credentials` WHERE `id` = %s", (credentials_id,))
# the big boy step
c.execute("DELETE FROM users WHERE id = %s", (session['user_id'],))
c.close()
mysql.connection.commit()
# TODO: show a "deletion successful" message or something
return redirect(url_for("do_signout"), 303)
else:
session['error'] = "Password incorrect."
return redirect(url_for("render_delete"), 303)
@app.route("/bot/edit/<id>", methods = ['GET', 'POST']) @app.route("/bot/edit/<id>", methods = ['GET', 'POST'])
def render_bot_edit(id): def render_bot_edit(id):