Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T319 user delete acct #204

Merged
merged 8 commits into from Apr 28, 2021
Merged

T319 user delete acct #204

merged 8 commits into from Apr 28, 2021

Conversation

ghost
Copy link

@ghost ghost commented Nov 5, 2019

this adds a user UI component on the settings page to allow account deletion by the user

requires #202 and will maybe need a rebase

  • I have signed the CLA

@thebaer thebaer added this to the 0.12 milestone Nov 11, 2019
@thebaer
Copy link
Member

thebaer commented Feb 9, 2020
edited

We should address federation (T720 and T721) and then finish #203 before merging this.

Also, we might hold off on this for much longer. It's possible that in certain environments, admins won't want users to be able to easily delete all data without permission. We need to understand this a bit more before we can merge this in. But all account deletion work up until this PR can go ahead.

@thebaer thebaer removed this from the 0.12 milestone Feb 10, 2020
@thebaer thebaer mentioned this pull request Oct 14, 2020
Closed
@thebaer thebaer changed the base branch from develop to T319-admin-delete-acct April 22, 2021 14:10
@thebaer thebaer added this to the 0.13 milestone Apr 22, 2021
@thebaer
Prevent admin self-deletion in API
1d8facf 
Ref T319
@thebaer
Move user account deletion to confirmation modal
a6c93c3 
This mimics the admin UI for deleting a user account.

Ref T319
@thebaer
Add Cross-Site Request Forgery (CSRF) protection on account deletion
b092421 
This requires admins to generate a new encryption key with:
  writefreely keys generate

Ref T319
@thebaer
Tweak "deletion success" message and note it doesn't work
7c1c121 
Ref T319
@thebaer thebaer marked this pull request as ready for review April 22, 2021 16:46
@thebaer
Copy link
Member

thebaer commented Apr 22, 2021

This now uses a modal / confirmation UX similar to the admin side of things.

2021-04-22_12-56-29.mp4

@thebaer
Make open account deletion configurable
d3d77ce 
This adds a configuration option to the [app] section: open_deletion. When
true, users can delete their account on their own.

Ref T319
@thebaer
Copy link
Member

thebaer commented Apr 22, 2021

This is ready for review. For admins, two things to note:

You'll want to enable open account deletions through the Admin Dashboard or your config file (under the [app] section, add: open_deletion = true).

This adds CSRF protection on the account deletion endpoint, which requires a new encryption key. To generate that, run:

writefreely keys generate

Base automatically changed from T319-admin-delete-acct to develop April 28, 2021 13:47
@thebaer
Copy link
Member

thebaer commented Apr 28, 2021

Merging now.

@thebaer thebaer merged commit affcd27 into develop Apr 28, 2021
@thebaer thebaer deleted the T319-user-delete-acct branch April 28, 2021 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
0.13
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@thebaer