implement user deletion

uncia/database/put.py

@@ -219,6 +219,30 @@ def user(handle, password, db=None):
 	return db.insert('users', data)
 
 
+@newtrans
+def del_user(token=None, username=None, db=None):
+	if not username and not token:
+		return
+
+	if not username and token:
+		token_data = get.token(token)
+		userid = token_data['userid'] if token_data else None
+
+	else:
+		user = get.user(username)
+		userid = user['id'] if user else None
+
+	if not userid:
+		return
+
+	tokens = query('tokens', {'userid': userid}, one=False)
+
+	for token in tokens:
+		db.delete('tokens', id=token['id'])
+
+	db.delete('users', id=userid)
+
+
 @newtrans
 def token(username, db=None):
 	userdata = get.user(username)

uncia/frontend/templates/account.haml

@@ -56,6 +56,6 @@
 	%div{'class': 'section account delete'}
 		%h2{'class': 'title'} Delete Account
 		%form{'action': 'https://{{config.host}}/account/delete', 'method': 'post'}
-			%input{'type': 'password', 'name': 'password1', 'placeholder': 'new password'}
+			%input{'type': 'password', 'name': 'password', 'placeholder': 'password'}
 			%br
 			%input{'type': 'submit', 'value': 'Delete'}

uncia/views.py

@@ -278,8 +278,26 @@ class Account(HTTPMethodView):
 
 		return render('account.html', request, context)
 
-	async def post(self, requrest, action=''):
+	async def post(self, request, action=''):
 		action = re.sub(r'[^a-z]+', '', action.lower())
+		password = request['form'].get('password')
+		token = request.cookies.get('token')
+		token_data = get.token(token)
+		user = get.user(token_data['userid'])
+		username = user['handle']
+
+		if action == 'delete':
+			if None in [password, token, user]:
+				return response.redirect('/account')
+
+			if not get.verify_password(username, password):
+				return await self.get(request, msg='Invalid password')
+
+			print(put.del_user(token))
+			resp = response.redirect('/')
+			del resp.cookies['token']
+			return resp
+
 		return await self.get(request)