Fix account deletion.

2019-07-21 19:37:20 +00:00 · 2019-07-21 19:37:20 +00:00 · 971d454e2c
commit 971d454e2c
parent 5a7e695e53
9 changed files with 76 additions and 13 deletions
--- a/api/app.js
+++ b/api/app.js
@ -63,6 +63,7 @@ router.get('/user/token', auth, user.token);
 router.get('/token', auth, user.token);
 router.get('/user/transaction', auth, user.transaction);
 router.post('/user/settings', auth, user.settings);
+router.post('/user/delete', auth, user.deleteUser);
 router.post('/user/pro', auth, pro.create);
 router.delete('/user/pro', auth, pro.cancel);
 router.get('/file', auth, file.list);
--- a/api/routes/user.js
+++ b/api/routes/user.js
@ -64,6 +64,24 @@ export async function settings(ctx) {
  ctx.body = {};
 }

+export async function deleteUser(ctx) {
+  ctx.assert(
+    ctx.request.body, 400,
+    '{"error": {"message": "Current Password required to update account.", "code": 612}}',
+  );
+  ctx.assert(
+    ctx.request.body.current_password, 400,
+    '{"error": {"message": "Current Password required to update account.", "code": 612}}',
+  );
+  const user = await models.user.findByPk(ctx.user.id);
+  ctx.assert(
+    await passwords.match(ctx.request.body.current_password, user.password), 400,
+    '{"error": {"message": "Incorrect password", "code": 606}}',
+  );
+  await user.destroy();
+  ctx.body = '{"action":"logout", "message": "Account deleted"}';
+}
+
 export async function events(ctx) {
  const pubsub = redis.createClient(redisUrl);
  pubsub.on('message', (channel, message) => {
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -30,7 +30,7 @@ services:
      - export:/export
    ports:
      - "3000:3000"
-    command: yarn run start
+    command: yarn run watch-server
  worker:
    build: ./
    environment:
--- a/package.json
+++ b/package.json
@ -19,7 +19,7 @@
    "test": "yarn run test-seed && mocha -r babel-register test/**/*.spec.js",
    "test-seed": "babel-node test/fixtures/user.js",
    "watch": "concurrently -k -n watch-js,watch-sass \"yarn run watch-js\" \"yarn run watch-sass\"",
-    "watch-js": "webpack --mode=development --progress -c webpack.config.js",
+    "watch-js": "webpack -w --mode=development --progress -c webpack.config.js",
    "watch-server": "nodemon -r babel-register -i web/public",
    "watch-sass": "node-sass --include-path ./node_modules/ -w -r -o web/public/styles/ web/public/styles/"
  },
--- a/test/fixtures/user.js
+++ b/test/fixtures/user.js
@ -1,4 +1,5 @@
 import co from 'co';
+import passwords from 'passwords';

 import models from '../../models';

@ -6,9 +7,10 @@ import debugname from 'debug';
 const debug = debugname('hostr:db');

 function *createUser() {
+  const password = yield passwords.hash('test-password');
  const user = yield models.user.create({
    'email': 'test@hostr.co',
-    'password': '$pbkdf2-256-1$2$kBhIDRqFwnF/1ms6ZHfME2o2$a48e8c350d26397fcc88bf0a7a2817b1cdcd1ffffe0521a5',
+    'password': password,
    'ip': '127.0.0.1',
    'plan': 'Free',
    'activated': true,
--- a/web/public/src/app/controllers.js
+++ b/web/public/src/app/controllers.js
@ -91,6 +91,16 @@ export class AccountController {
        $scope.error = response.data.error.message;
      });
    };
+    $scope.delete = (form) => {
+      $scope.updated = false;
+      $scope.error = false;
+      SettingService.delete(form).then(() => {
+        delete $scope.user.current_password;
+        window.location = '/logout';
+      }, (response) => {
+        $scope.error = response.data.error.message;
+      });
+    };
  }
 }
 AccountController.$inject = ['$scope', 'UserService', 'SettingService'];
--- a/web/public/src/app/services.js
+++ b/web/public/src/app/services.js
@ -84,6 +84,9 @@ export class SettingService {
    service.update = (data) => {
      return $http.post(window.settings.apiURL + '/user/settings', data);
    };
+    service.delete = (data) => {
+      return $http.post(window.settings.apiURL + '/user/delete', data);
+    };
    return service;
  }

--- a/web/public/src/partials/account.html
+++ b/web/public/src/partials/account.html
@ -39,16 +39,16 @@
                  <div class="alert alert-danger" ng-show="error">{{error}}</div>
                  <div class="alert alert-success" ng-show="updated">Updated your details successfully</div>
                    <div class="form-group">
-                        <label for="fname">Email</label>
-                        <input type="email" class="form-control" id="fname" value="{{user.email}}" ng-model="user.email">
+                        <label for="email">Email</label>
+                        <input type="email" class="form-control" id="email" value="{{user.email}}" ng-model="user.email">

                        <span>
                            <strong>Required.</strong> Password resets will be sent to this address.</span>
                    </div>

                    <div class="form-group">
-                        <label for="fname">New Password</label>
-                        <input type="password" class="form-control" id="fname"   ng-model="user.new_password">
+                        <label for="newPassword">New Password</label>
+                        <input type="password" class="form-control" id="newPassword" autocomplete="new-password" ng-model="user.new_password">

                        <span>Leave this field blank unless you want to update your password.</span>
                    </div>
@ -56,17 +56,43 @@
                    <hr>

                    <div class="form-group">
-                        <label for="fname">Current Password</label>
-                        <input type="password" class="form-control" id="fname"  ng-model="user.current_password">
+                        <label for="password">Current Password</label>
+                        <input type="password" class="form-control" id="password" ng-model="user.current_password">

                        <span><strong>Required.</strong> When updating your details we require your current password.</span>
                    </div>

                    <button type="submit" href="#" class="btn btn-signup">Save Changes</button>
-                    <!-- <button type="button" href="#" class="btn">Cancel</button> -->
-                    <!-- <button type="button" class="btn btn-danger">Delete Account</button> -->
                </form>

+                <hr>
+
+                <div class="panel panel-default panel-danger">
+                    <div class="panel-body">
+                <h3>Danger Zone</h3>
+
+
+                <form role="form" ng-submit="delete(userDelete)">
+                    <div class="alert alert-danger" ng-show="error">{{error}}</div>
+
+                      <div class="form-group">
+
+                          <label for="deletePassword">Current Password</label>
+                          <input type="password" class="form-control" id="deletePassword" autocomplete="new-password" ng-model="userDelete.current_password">
+  
+                          <span><strong>Required.</strong> When deleting your account we require your current password.</span>
+                      </div>
+
+                      <div class="form-group">
+                            <label for="deleteConfirm">Please enter "DELETE" below</label>
+                            <input type="input" class="form-control" id="deleteConfirm" ng-model="userDelete.delete_confirm">
+                        </div>
+
+                      <button type="submit" class="btn btn-danger" ng-disabled="userDelete.delete_confirm!=='DELETE'">Delete Account</button>
+                      <button type="button" href="#" class="btn">Cancel</button>
+                  </form>
+                </div>
+                </div>
            </div>
        </div>
 </section>
--- a/web/public/styles/app.scss
+++ b/web/public/styles/app.scss
@ -917,8 +917,11 @@ a {
    color: #FF524F;
  }

-  .btn-danger {
-    float: right;
+  .panel-danger {
+    margin-top: 75px;
+    h3 {
+      color: #FF524F;
+    }
  }

  form {