1
0
Fork 0
mirror of https://github.com/Lynnesbian/FediBooks/ synced 2024-11-25 16:48:58 +00:00

Compare commits

...

4 commits

5 changed files with 103 additions and 7 deletions

1
.gitignore vendored
View file

@ -2,3 +2,4 @@ __pycache__
config.json
planning.txt
*.pyc
/debug

View file

@ -13,5 +13,6 @@
"pl.765racing.com",
"yorishiro.space",
"pl.smuglo.li",
"albin.social"
"albin.social",
"social.sunshinegardens.org"
]

View file

@ -0,0 +1,36 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>FediBooks</title>
{% include 'imports.html' %}
</head>
<body>
<div class="container centred">
<h1 class="thin centred">Close your FediBooks account</h1>
</div>
{% include 'error.html' %}
<div class="container centred">
<form method='POST'>
<h2>
<i class="fas fa-user-slash" style="font-size:3em;"></i>
</h2>
<div class="container centred">
<p>Are you sure you want to <strong>permanently</strong> delete your account?</p>
<p>All of your FediBooks bots will stop working, but their accounts will remain open. You can delete them manually or repurpose them for something else.</p>
<p>If you're sure you want to delete your account, enter your password below and click "Close my account".</p>
<p>
<input type="password" name="password" placeholder="Password">
</p>
<a class="button btn-secondary" href="/"><i class="fas fa-times"></i> Cancel</a>
<button class="button btn-dangerous"><i class="fas fa-trash"></i> Close my account</button>
</div>
</form>
</div>
{% include 'footer.html' %}
</body>
</html>

View file

@ -18,7 +18,7 @@
<form method="POST" class="full-width">
<div class="container light">
<h2 class="thin centred">Login settings</h2>
<p class="centred">Update your email and password here.</p>
<p class="centred">Update your email and password here, or close your account.</p>
</div>
<div class="row">
@ -29,6 +29,10 @@
<label for="password" class="large">Password</label>
<input type="password" name="password"pattern=".{8,}" placeholder="Unchanged">
</div>
<div class="row">
<label for="delete" class="large">Delete account</label>
<a name="delete" class="button btn-dangerous" href="/delete"><i class="fas fa-trash"></i> Close account</a>
</div>
<div class="container light">
<h2 class="thin centred">Contact settings</h2>

View file

@ -61,6 +61,59 @@ def show_signup_page():
def render_settings():
return settings(mysql)
@app.route("/delete", methods=['GET', 'POST'])
def render_delete():
if request.method == 'GET':
return render_template("close_account.html", error = session.pop('error', None))
else:
# deletion logic
pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest().replace(b"\0", b"\1")
c = mysql.connection.cursor(MySQLdb.cursors.DictCursor)
c.execute("SELECT * FROM users WHERE id = %s", (session['user_id'],))
data = c.fetchone()
c.close()
if data == None:
# should never happen ;)
session['error'] = "An unknown error occurred."
return redirect(url_for("render_delete"), 303)
if bcrypt.checkpw(pw_hashed, data['password']):
# passwords match, delete the account
session['error'] = "succ ess"
c = mysql.connection.cursor()
c.execute("SELECT credentials_id FROM bots WHERE user_id = %s", (session['user_id'],))
credentials_list = c.fetchall()
for credentials_id in credentials_list:
c.execute("SELECT client_id, client_secret, secret FROM credentials WHERE id = %s", (credentials_id,))
# TODO: maybe schedule the push deletions on a cron job or something, if the user has a lot of accounts (or they're on slow instances) this could take a while or even time out
credentials = c.fetchone()
try:
client = Mastodon(
credentials[0],
credentials[1],
credentials[2],
"https://{}".format(id.split("@")[2])
)
client.push_subscription_delete()
except:
# if it fails, don't prevent the user from deleting their account
# TODO: maybe notify that some accounts failed to unregister push
pass
c.execute("DELETE FROM `credentials` WHERE `id` = %s", (credentials_id,))
# the big boy step
c.execute("DELETE FROM users WHERE id = %s", (session['user_id'],))
c.close()
mysql.connection.commit()
# TODO: show a "deletion successful" message or something
return redirect(url_for("do_signout"), 303)
else:
session['error'] = "Password incorrect."
return redirect(url_for("render_delete"), 303)
@app.route("/bot/edit/<id>", methods = ['GET', 'POST'])
def render_bot_edit(id):
return bot_edit(id, mysql)
@ -287,7 +340,8 @@ def do_login():
@app.route("/issue/bug")
def report_bug():
return render_template("report_bug.html")
# return render_template("report_bug.html")
return render_template("coming_soon.html")
@app.route("/help/settings")
def help_settings():