Let users self-delete their account, provided they dont hold any staff positions closes #240

4 years ago · 18240670cf
parent 8aea6e3abf
commit 18240670cf
5 changed files with 69 additions and 1 deletions
--- a/controllers/forms.js
+++ b/controllers/forms.js
@ -34,6 +34,7 @@ const express  = require('express')
 	, boardSettingsController = require(__dirname+'/forms/boardsettings.js')
 	, transferController = require(__dirname+'/forms/transfer.js')
 	, resignController = require(__dirname+'/forms/resign.js')
+	, deleteAccountController = require(__dirname+'/forms/deleteaccount.js')
 	, loginController = require(__dirname+'/forms/login.js')
 	, registerController = require(__dirname+'/forms/register.js')
 	, changePasswordController = require(__dirname+'/forms/changepassword.js')
@ -88,6 +89,7 @@ router.post('/logout', useSession, logout);
 router.post('/register', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, verifyCaptcha, calcPerms, registerController);
 router.post('/changepassword', geoAndTor, torPreBypassCheck, processIp, useSession, sessionRefresh, verifyCaptcha, changePasswordController);
 router.post('/resign', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, hasPerms(3), paramConverter, resignController);
+router.post('/deleteaccount', useSession, sessionRefresh, csrf, calcPerms, isLoggedIn, paramConverter, deleteAccountController);

 //removes captcha cookie, for refreshing for noscript users
 router.post('/newcaptcha', newCaptcha);
--- a/controllers/forms/deleteaccount.js
+++ b/controllers/forms/deleteaccount.js
@ -0,0 +1,37 @@
+'use strict';
+
+const deleteAccount = require(__dirname+'/../../models/forms/deleteaccount.js')
+	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+
+module.exports = async (req, res, next) => {
+
+	if (!req.body.confirm) {
+		return dynamicResponse(req, res, 400, 'message', {
+			'title': 'Bad request',
+			'error': 'Missing confirmation',
+			'redirect': '/account.html'
+		});
+	}
+
+	const { modBoards, ownedBoards } = res.locals.user;
+	if (ownedBoards.length > 0 || modBoards.length > 0) {
+		return dynamicResponse(req, res, 400, 'message', {
+			'title': 'Bad request',
+			'message': 'You cannot delete your account while you hold staff position on any board',
+			'redirect': `/account.html`
+		});
+	}
+
+	try {
+		await deleteAccount(res.locals.user.username);
+	} catch (err) {
+		return next(err);
+	}
+
+	return dynamicResponse(req, res, 200, 'message', {
+		'title': 'Success',
+		'message': 'Board deleted',
+		'redirect': req.params.board ? '/' : '/globalmanage/settings.html'
+	});
+
+}
--- a/db/accounts.js
+++ b/db/accounts.js
@ -78,6 +78,14 @@ module.exports = {
 		}).skip(skip).limit(limit).toArray();
 	},

+	deleteOne: async (username) => {
+		const res = await db.deleteOne({
+			'_id': username
+		});
+		cache.del(`users:${username}`);
+		return res;
+	},
+
 	deleteMany: async (usernames) => {
 		const res = await db.deleteMany({
 			'_id': {
--- a/models/forms/deleteaccount.js
+++ b/models/forms/deleteaccount.js
@ -0,0 +1,10 @@
+'use strict';
+
+const { Accounts } = require(__dirname+'/../../db/')
+
+module.exports = async (username) => {
+
+	//this definitely needs to be its own file (v:
+	await Accounts.deleteOne(username);
+
+}
--- a/views/pages/account.pug
+++ b/views/pages/account.pug
@ -86,4 +86,15 @@ block content
 					label.postform-style.ph-5
 						input(type='checkbox', name='confirm', value='true' required)
 				input(type='submit', value='submit')
-		
+
+	hr(size=1)
+	h4.no-m-p Delete your account:
+	.form-wrapper.flexleft.mt-10
+		form.form-post(action=`/forms/deleteaccount`, enctype='application/x-www-form-urlencoded', method='POST')
+			input(type='hidden' name='_csrf' value=csrf)
+			.row
+				.label I'm sure
+				label.postform-style.ph-5
+					input(type='checkbox', name='confirm', value='true' required)
+			input(type='submit', value='submit')
+