mirror of
https://github.com/Lynnesbian/FediBooks/
synced 2024-11-25 08:38:59 +00:00
added account deletion functionality, fixes #33
This commit is contained in:
parent
0f717a82bb
commit
200897c5d7
3 changed files with 53 additions and 3 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -2,3 +2,4 @@ __pycache__
|
||||||
config.json
|
config.json
|
||||||
planning.txt
|
planning.txt
|
||||||
*.pyc
|
*.pyc
|
||||||
|
/debug
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
<p>All of your FediBooks bots will stop working, but their accounts will remain open. You can delete them manually or repurpose them for something else.</p>
|
<p>All of your FediBooks bots will stop working, but their accounts will remain open. You can delete them manually or repurpose them for something else.</p>
|
||||||
<p>If you're sure you want to delete your account, enter your password below and click "Close my account".</p>
|
<p>If you're sure you want to delete your account, enter your password below and click "Close my account".</p>
|
||||||
<p>
|
<p>
|
||||||
<input type="password" placeholder="Password">
|
<input type="password" name="password" placeholder="Password">
|
||||||
</p>
|
</p>
|
||||||
<a class="button btn-secondary" href="/"><i class="fas fa-times"></i> Cancel</a>
|
<a class="button btn-secondary" href="/"><i class="fas fa-times"></i> Cancel</a>
|
||||||
<button class="button btn-dangerous"><i class="fas fa-trash"></i> Close my account</button>
|
<button class="button btn-dangerous"><i class="fas fa-trash"></i> Close my account</button>
|
||||||
|
|
53
app/webui.py
53
app/webui.py
|
@ -61,9 +61,58 @@ def show_signup_page():
|
||||||
def render_settings():
|
def render_settings():
|
||||||
return settings(mysql)
|
return settings(mysql)
|
||||||
|
|
||||||
@app.route("/delete")
|
@app.route("/delete", methods=['GET', 'POST'])
|
||||||
def render_delete():
|
def render_delete():
|
||||||
return render_template("close_account.html", error = session.pop('error', None))
|
if request.method == 'GET':
|
||||||
|
return render_template("close_account.html", error = session.pop('error', None))
|
||||||
|
else:
|
||||||
|
# deletion logic
|
||||||
|
pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest().replace(b"\0", b"\1")
|
||||||
|
c = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
|
||||||
|
c.execute("SELECT * FROM users WHERE id = %s", (session['user_id'],))
|
||||||
|
data = c.fetchone()
|
||||||
|
c.close()
|
||||||
|
if data == None:
|
||||||
|
# should never happen ;)
|
||||||
|
session['error'] = "An unknown error occurred."
|
||||||
|
return redirect(url_for("render_delete"), 303)
|
||||||
|
|
||||||
|
if bcrypt.checkpw(pw_hashed, data['password']):
|
||||||
|
# passwords match, delete the account
|
||||||
|
session['error'] = "succ ess"
|
||||||
|
c = mysql.connection.cursor()
|
||||||
|
c.execute("SELECT credentials_id FROM bots WHERE user_id = %s", (session['user_id'],))
|
||||||
|
credentials_list = c.fetchall()
|
||||||
|
for credentials_id in credentials_list:
|
||||||
|
c.execute("SELECT client_id, client_secret, secret FROM credentials WHERE id = %s", (credentials_id,))
|
||||||
|
# TODO: maybe schedule the push deletions on a cron job or something, if the user has a lot of accounts (or they're on slow instances) this could take a while or even time out
|
||||||
|
credentials = c.fetchone()
|
||||||
|
try:
|
||||||
|
client = Mastodon(
|
||||||
|
credentials[0],
|
||||||
|
credentials[1],
|
||||||
|
credentials[2],
|
||||||
|
"https://{}".format(id.split("@")[2])
|
||||||
|
)
|
||||||
|
client.push_subscription_delete()
|
||||||
|
except:
|
||||||
|
# if it fails, don't prevent the user from deleting their account
|
||||||
|
# TODO: maybe notify that some accounts failed to unregister push
|
||||||
|
pass
|
||||||
|
c.execute("DELETE FROM `credentials` WHERE `id` = %s", (credentials_id,))
|
||||||
|
|
||||||
|
# the big boy step
|
||||||
|
c.execute("DELETE FROM users WHERE id = %s", (session['user_id'],))
|
||||||
|
|
||||||
|
c.close()
|
||||||
|
mysql.connection.commit()
|
||||||
|
|
||||||
|
# TODO: show a "deletion successful" message or something
|
||||||
|
return redirect(url_for("do_signout"), 303)
|
||||||
|
|
||||||
|
else:
|
||||||
|
session['error'] = "Password incorrect."
|
||||||
|
return redirect(url_for("render_delete"), 303)
|
||||||
|
|
||||||
@app.route("/bot/edit/<id>", methods = ['GET', 'POST'])
|
@app.route("/bot/edit/<id>", methods = ['GET', 'POST'])
|
||||||
def render_bot_edit(id):
|
def render_bot_edit(id):
|
||||||
|
|
Loading…
Reference in a new issue