implement user deletion
This commit is contained in:
parent
84ded6a5af
commit
1486c63c44
|
@ -219,6 +219,30 @@ def user(handle, password, db=None):
|
|||
return db.insert('users', data)
|
||||
|
||||
|
||||
@newtrans
|
||||
def del_user(token=None, username=None, db=None):
|
||||
if not username and not token:
|
||||
return
|
||||
|
||||
if not username and token:
|
||||
token_data = get.token(token)
|
||||
userid = token_data['userid'] if token_data else None
|
||||
|
||||
else:
|
||||
user = get.user(username)
|
||||
userid = user['id'] if user else None
|
||||
|
||||
if not userid:
|
||||
return
|
||||
|
||||
tokens = query('tokens', {'userid': userid}, one=False)
|
||||
|
||||
for token in tokens:
|
||||
db.delete('tokens', id=token['id'])
|
||||
|
||||
db.delete('users', id=userid)
|
||||
|
||||
|
||||
@newtrans
|
||||
def token(username, db=None):
|
||||
userdata = get.user(username)
|
||||
|
|
|
@ -56,6 +56,6 @@
|
|||
%div{'class': 'section account delete'}
|
||||
%h2{'class': 'title'} Delete Account
|
||||
%form{'action': 'https://{{config.host}}/account/delete', 'method': 'post'}
|
||||
%input{'type': 'password', 'name': 'password1', 'placeholder': 'new password'}
|
||||
%input{'type': 'password', 'name': 'password', 'placeholder': 'password'}
|
||||
%br
|
||||
%input{'type': 'submit', 'value': 'Delete'}
|
||||
|
|
|
@ -278,8 +278,26 @@ class Account(HTTPMethodView):
|
|||
|
||||
return render('account.html', request, context)
|
||||
|
||||
async def post(self, requrest, action=''):
|
||||
async def post(self, request, action=''):
|
||||
action = re.sub(r'[^a-z]+', '', action.lower())
|
||||
password = request['form'].get('password')
|
||||
token = request.cookies.get('token')
|
||||
token_data = get.token(token)
|
||||
user = get.user(token_data['userid'])
|
||||
username = user['handle']
|
||||
|
||||
if action == 'delete':
|
||||
if None in [password, token, user]:
|
||||
return response.redirect('/account')
|
||||
|
||||
if not get.verify_password(username, password):
|
||||
return await self.get(request, msg='Invalid password')
|
||||
|
||||
print(put.del_user(token))
|
||||
resp = response.redirect('/')
|
||||
del resp.cookies['token']
|
||||
return resp
|
||||
|
||||
return await self.get(request)
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue