Account deletion

Fixes #182
6 years ago · de3707983a
parent a3b7d5557b
commit de3707983a
4 changed files with 36 additions and 2 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -123,6 +123,7 @@ fn main() {
            routes::user::edit,
            routes::user::edit_auth,
            routes::user::update,
+            routes::user::delete,
            routes::user::follow,
            routes::user::follow_auth,
            routes::user::activity_details,
--- a/src/routes/user.rs
+++ b/src/routes/user.rs
@ -7,7 +7,7 @@ use atom_syndication::{Entry, FeedBuilder};
 use rocket::{
    request::LenientForm,
    response::{Redirect, Flash, Content},
-    http::ContentType
+    http::{ContentType, Cookies}
 };
 use rocket_contrib::Template;
 use serde_json;
@ -224,6 +224,21 @@ fn update(_name: String, conn: DbConn, user: User, data: LenientForm<UpdateUserF
    Redirect::to(uri!(me))
 }

+#[get("/@/<name>/delete")]
+fn delete(name: String, conn: DbConn, user: User, mut cookies: Cookies) -> Redirect {
+    let account = User::find_by_fqn(&*conn, name.clone()).unwrap();
+    if user.id == account.id {
+        account.delete(&*conn);
+
+        let cookie = cookies.get_private(AUTH_COOKIE).unwrap();
+        cookies.remove_private(cookie);
+
+        Redirect::to(uri!(super::instance::index))
+    } else {
+        Redirect::to(uri!(edit: name = name))
+    }
+}
+
 #[derive(FromForm, Serialize, Validate)]
 #[validate(schema(function = "passwords_match", skip_on_field_errors = "false", message = "Passwords are not matching"))]
 struct NewUserForm {
--- a/static/css/main.css
+++ b/static/css/main.css
@ -494,6 +494,16 @@ main .article-meta .tags li a {
 	color: white;
 }

+.button.destructive {
+    color: #ef767a;
+    border-color: #ef767a;
+}
+
+.button.destructive:hover {
+    background: #ef767a99;
+    color: white;
+}
+
 /* Errors */

 p.error {
--- a/templates/users/edit.html.tera
+++ b/templates/users/edit.html.tera
@ -8,7 +8,7 @@
 <h1>{{ "Your Profile" | _ }}</h1>
 <form method="post">
    <!-- Rocket hack to use various HTTP methods -->
-    <input type=hidden name="_method" value="put">    
+    <input type=hidden name="_method" value="put">

    <label for="display_name">{{ "Display Name" | _ }}</label>
    <input name="display_name" value="{{ account.display_name }}">
@ -21,4 +21,12 @@

    <input type="submit" value="{{ "Update account" | _ }}"/>
 </form>
+
+<h2>{{ "Danger zone" | _ }}</h2>
+<p>{{ "Be very careful, any action taken here can't be cancelled." | _ }}
+{% if not account.is_admin %}
+    <p><a class="inline-block button destructive" href="/@/{{ account.fqn }}/delete">{{ "Delete your account" | _ }}</a></p>
+{% else %}
+    <p>{{ "Sorry, but as an admin, you can't leave your instance." | _ }}</p>
+{% endif %}
 {% endblock content %}