Merge pull request #858 from solid/feature/delete-pod

Delete account implementation

Author: kjetilk

default-templates/emails/delete-account.js

@@ -0,0 +1,49 @@
+'use strict'
+
+/**
+ * Returns a partial Email object (minus the `to` and `from` properties),
+ * suitable for sending with Nodemailer.
+ *
+ * Used to send a Delete Account email, upon user request
+ *
+ * @param data {Object}
+ *
+ * @param data.deleteUrl {string}
+ * @param data.webId {string}
+ *
+ * @return {Object}
+ */
+function render (data) {
+  return {
+    subject: 'Delete Solid-account request',
+
+    /**
+     * Text version
+     */
+    text: `Hi,
+
+We received a request to delete your Solid account, ${data.webId}
+
+To delete your account, click on the following link:
+
+${data.deleteUrl}
+
+If you did not mean to delete your account, ignore this email.`,
+
+    /**
+     * HTML version
+     */
+    html: `<p>Hi,</p>
+
+<p>We received a request to delete your Solid account, ${data.webId}</p>
+
+<p>To delete your account, click on the following link:</p>
+
+<p><a href="${data.deleteUrl}">${data.deleteUrl}</a></p>
+
+<p>If you did not mean to delete your account, ignore this email.</p>
+`
+  }
+}
+
+module.exports.render = render

default-templates/new-account/index.html

@@ -20,7 +20,6 @@
     </div>
   </nav>
 
-
   <p class="lead">
     <span>
       This is a public homepage of {{#if name}}{{name}}, whose WebID is{{else}}a user with WebID{{/if}}
@@ -54,26 +53,49 @@ <h1>Apps</h1>
       </a>
     </div>
   </section>
+
+  <section class="hidden" id="account-settings">
+    <h1>Account settings</h1>
+    <div class="list-group">
+      <a href="/account/delete/" class="list-group-item">
+        <span class="lead">Delete account</span>
+      </a>
+    </div>
+  </section>
 </div>
 
 <script src="/common/js/solid-auth-client.bundle.js"></script>
 <script type="text/javascript">
   (function () {
-    'use strict'
-    var button = document.getElementById('session-action')
-    var loggedIn = false
+    'use strict';
+    var button = document.getElementById('session-action');
+    var loggedIn = false;
+    var accountSettings = document.getElementById('account-settings');
 
-    solid.auth.trackSession(session => {
-      loggedIn = !!session
-      button.innerText = loggedIn ? 'Log out' : 'Log in'
+    solid.auth.trackSession(function(session) {
+      loggedIn = !!session;
+      button.innerText = loggedIn ? 'Log out' : 'Log in';
       button.classList.remove('btn-default');
-      button.classList.add(loggedIn ? 'btn-danger' : 'btn-primary')
-    })
+      button.classList.add(loggedIn ? 'btn-danger' : 'btn-primary');
+      if (loggedIn) {
+        var sessionOrigin = getOriginFromWebId(session.webId);
+        var isOwner = sessionOrigin === location.origin;
+        accountSettings.classList.toggle('hidden', !isOwner);
+      }
+    });
 
     button.addEventListener('click', function () {
-      loggedIn ? solid.auth.logout() : solid.auth.popupLogin()
-    })
-  })()
+      loggedIn ? solid.auth.logout() : solid.auth.popupLogin();
+    });
+
+    function getOriginFromWebId(webId) {
+      if (window.URL.prototype) {
+        return new URL(webId).origin;
+      }
+      var uriParts = webId.split('/');
+      return uriParts[0] + '//' + uriParts[2];
+    }
+  })();
 </script>
 </body>
 </html>

default-views/account/account-deleted.hbs

@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Account Deleted</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+</head>
+<body>
+<div class="container">
+  <h4>Account Deleted</h4>
+</div>
+<div class="container">
+  <p>Your account has been deleted.</p>
+</div>
+</body>
+</html>

default-views/account/delete-confirm.hbs

@@ -0,0 +1,51 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Delete Account</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+</head>
+<body>
+<div class="container">
+  <h4>Delete Account</h4>
+</div>
+<div class="container">
+  <form method="post" action="/account/delete/confirm">
+    {{#if error}}
+      <div class="form-group">
+        <div class="row">
+          <div class="col-md-12">
+            <p class="text-danger"><strong>{{error}}</strong></p>
+          </div>
+        </div>
+      </div>
+    {{/if}}
+
+    {{#if validToken}}
+      <p>Beware that this is an irreversible action. All your data that is stored in the POD will be deleted.</p>
+
+      <div class="form-group">
+        <div class="row">
+          <div class="col-md-2">
+            <button type="submit" class="btn btn-danger">Delete account</button>
+          </div>
+        </div>
+
+        <input type="hidden" name="token" value="{{token}}" />
+      </div>
+    {{else}}
+      <div class="form-group">
+        <div class="row">
+          <div class="col-md-12">
+            <div>
+              <strong>Token not valid</strong>
+            </div>
+          </div>
+        </div>
+      </div>
+    {{/if}}
+  </form>
+</div>
+</body>
+</html>

default-views/account/delete-link-sent.hbs

@@ -0,0 +1,17 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Delete Account Link Sent</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+</head>
+<body>
+<div class="container">
+  <h4>Confirm account deletion</h4>
+</div>
+<div class="container">
+  <p>A link to confirm the deletion of this account has been sent to your email.</p>
+</div>
+</body>
+</html>

default-views/account/delete.hbs

@@ -0,0 +1,51 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Delete Account</title>
+  <link rel="stylesheet" href="/common/css/bootstrap.min.css">
+  <script></script>
+</head>
+<body>
+<div class="container">
+  <h4>Delete Account</h4>
+</div>
+<div class="container">
+  <form method="post" action="/account/delete">
+    <div class="form-group">
+      {{#if error}}
+        <div class="row">
+          <div class="col-md-12">
+            <p class="text-danger"><strong>{{error}}</strong></p>
+          </div>
+        </div>
+      {{/if}}
+      <div class="row">
+        <div class="col-md-12">
+          {{#if multiuser}}
+            <p>Please enter your account name. A delete account link will be
+              emailed to the address you provided during account registration.</p>
+
+            <label for="username">Account Name:</label>
+            <input type="text" class="form-control" name="username" id="username"
+                   placeholder="alice" />
+          {{else}}
+            <p>A delete account link will be
+              emailed to the address you provided during account registration.</p>
+          {{/if}}
+        </div>
+      </div>
+    </div>
+
+    <div class="form-group">
+      <div class="row">
+        <div class="col-md-2">
+          <button type="submit" class="btn btn-primary">Send Delete Account Link</button>
+        </div>
+      </div>
+    </div>
+  </form>
+</div>
+</body>
+</html>

lib/api/accounts/user-accounts.js

@@ -6,6 +6,8 @@ const debug = require('../../debug').accounts
 
 const CreateAccountRequest = require('../../requests/create-account-request')
 const AddCertificateRequest = require('../../requests/add-cert-request')
+const DeleteAccountRequest = require('../../requests/delete-account-request')
+const DeleteAccountConfirmRequest = require('../../requests/delete-account-confirm-request')
 
 /**
  * Returns an Express middleware handler for checking if a particular account
@@ -68,6 +70,12 @@ function middleware (accountManager) {
 
   router.post('/api/accounts/cert', bodyParser, newCertificate(accountManager))
 
+  router.get('/account/delete', DeleteAccountRequest.get)
+  router.post('/account/delete', bodyParser, DeleteAccountRequest.post)
+
+  router.get('/account/delete/confirm', DeleteAccountConfirmRequest.get)
+  router.post('/account/delete/confirm', bodyParser, DeleteAccountConfirmRequest.post)
+
   return router
 }
 

lib/debug.js

@@ -11,4 +11,5 @@ exports.server = debug('solid:server')
 exports.subscription = debug('solid:subscription')
 exports.container = debug('solid:container')
 exports.accounts = debug('solid:accounts')
+exports.email = debug('solid:email')
 exports.ldp = debug('solid:ldp')