From dc24a40a37602093981286edbe39750b03218faa Mon Sep 17 00:00:00 2001
From: Adhityaa Chandrasekar <adtac@adtac.in>
Date: Thu, 2 Jan 2020 13:41:07 -0800
Subject: [PATCH] api, frontend: add account deletion

Closes https://gitlab.com/commento/commento/issues/120
---
 api/errors.go                     |  2 +
 api/owner_delete.go               | 79 +++++++++++++++++++++++++++
 api/owner_new.go                  |  6 +--
 api/router_api.go                 |  1 +
 api/router_static.go              |  1 +
 frontend/dashboard.html           |  1 +
 frontend/gulpfile.js              |  8 +++
 frontend/js/login.js              | 10 ++++
 frontend/js/settings.js           | 54 +++++++++++++++++++
 frontend/sass/dashboard-main.scss |  2 +-
 frontend/settings.html            | 90 +++++++++++++++++++++++++++++++
 11 files changed, 249 insertions(+), 5 deletions(-)
 create mode 100644 api/owner_delete.go
 create mode 100644 frontend/js/settings.js
 create mode 100644 frontend/settings.html

diff --git a/api/errors.go b/api/errors.go
index 14b0d7c..2d6b5cc 100644
--- a/api/errors.go
+++ b/api/errors.go
@@ -47,3 +47,5 @@ var errorNoSuchUnsubscribeSecretHex = errors.New("Invalid unsubscribe link.")
 var errorEmptyPaths = errors.New("Empty paths field.")
 var errorInvalidDomain = errors.New("Invalid domain name. Do not include the URL path after the forward slash.")
 var errorInvalidEntity = errors.New("That entity does not exist.")
+var errorCannotDeleteOwnerWithActiveDomains = errors.New("You cannot delete your account until all domains associated with your account are deleted.")
+var errorNoSuchOwner = errors.New("No such owner.")
diff --git a/api/owner_delete.go b/api/owner_delete.go
new file mode 100644
index 0000000..882d1de
--- /dev/null
+++ b/api/owner_delete.go
@@ -0,0 +1,79 @@
+package main
+
+import (
+	"net/http"
+)
+
+func ownerDelete(ownerHex string, deleteDomains bool) error {
+	domains, err := domainList(ownerHex)
+	if err != nil {
+		return err
+	}
+
+	if len(domains) > 0 {
+		if !deleteDomains {
+			return errorCannotDeleteOwnerWithActiveDomains
+		}
+		for _, d := range domains {
+			if err := domainDelete(d.Domain); err != nil {
+				return err
+			}
+		}
+	}
+
+	statement := `
+		DELETE FROM owners
+		WHERE ownerHex = $1;
+	`
+	_, err = db.Exec(statement, ownerHex)
+	if err != nil {
+		return errorNoSuchOwner
+	}
+
+	statement = `
+		DELETE FROM ownersessions
+		WHERE ownerHex = $1;
+	`
+	_, err = db.Exec(statement, ownerHex)
+	if err != nil {
+		logger.Errorf("cannot delete from ownersessions: %v", err)
+		return errorInternal
+	}
+
+	statement = `
+		DELETE FROM resethexes
+		WHERE hex = $1;
+	`
+	_, err = db.Exec(statement, ownerHex)
+	if err != nil {
+		logger.Errorf("cannot delete from resethexes: %v", err)
+		return errorInternal
+	}
+
+	return nil
+}
+
+func ownerDeleteHandler(w http.ResponseWriter, r *http.Request) {
+	type request struct {
+		OwnerToken *string `json:"ownerToken"`
+	}
+
+	var x request
+	if err := bodyUnmarshal(r, &x); err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	o, err := ownerGetByOwnerToken(*x.OwnerToken)
+	if err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	if err = ownerDelete(o.OwnerHex, false); err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	bodyMarshal(w, response{"success": true})
+}
diff --git a/api/owner_new.go b/api/owner_new.go
index 82c417d..4e4e540 100644
--- a/api/owner_new.go
+++ b/api/owner_new.go
@@ -92,10 +92,8 @@ func ownerNewHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if _, err := commenterNew(*x.Email, *x.Name, "undefined", "undefined", "commento", *x.Password); err != nil {
-		bodyMarshal(w, response{"success": false, "message": err.Error()})
-		return
-	}
+	// Errors in creating a commenter account should not hold this up.
+	_, _ = commenterNew(*x.Email, *x.Name, "undefined", "undefined", "commento", *x.Password)
 
 	bodyMarshal(w, response{"success": true, "confirmEmail": smtpConfigured})
 }
diff --git a/api/router_api.go b/api/router_api.go
index aed7c6a..98ecf28 100644
--- a/api/router_api.go
+++ b/api/router_api.go
@@ -9,6 +9,7 @@ func apiRouterInit(router *mux.Router) error {
 	router.HandleFunc("/api/owner/confirm-hex", ownerConfirmHexHandler).Methods("GET")
 	router.HandleFunc("/api/owner/login", ownerLoginHandler).Methods("POST")
 	router.HandleFunc("/api/owner/self", ownerSelfHandler).Methods("POST")
+	router.HandleFunc("/api/owner/delete", ownerDeleteHandler).Methods("POST")
 
 	router.HandleFunc("/api/domain/new", domainNewHandler).Methods("POST")
 	router.HandleFunc("/api/domain/delete", domainDeleteHandler).Methods("POST")
diff --git a/api/router_static.go b/api/router_static.go
index 984d433..6d0f9af 100644
--- a/api/router_static.go
+++ b/api/router_static.go
@@ -101,6 +101,7 @@ func staticRouterInit(router *mux.Router) error {
 		"/confirm-email",
 		"/unsubscribe",
 		"/dashboard",
+		"/settings",
 		"/logout",
 		"/profile",
 	}
diff --git a/frontend/dashboard.html b/frontend/dashboard.html
index b0425b0..6d9c958 100644
--- a/frontend/dashboard.html
+++ b/frontend/dashboard.html
@@ -14,6 +14,7 @@
   <div id="navbar" class="navbar">
     <a href="[[[.Origin]]]/" class="navbar-item navbar-logo-text"><img src="[[[.CdnPrefix]]]/images/logo.svg" class="navbar-logo">Commento</a>
     <div class="navbar-item">
+      <a href="[[[.Origin]]]/settings" class="navbar-item">Settings</a>
       <a href="[[[.Origin]]]/logout" class="navbar-item">Logout</a>
       <div class="float-right"><b><div id="owner-name"></div></b></div>
     </div>
diff --git a/frontend/gulpfile.js b/frontend/gulpfile.js
index 17ca4d0..1fffb04 100644
--- a/frontend/gulpfile.js
+++ b/frontend/gulpfile.js
@@ -70,6 +70,14 @@ const jsCompileMap = {
     "js/dashboard-danger.js",
     "js/dashboard-export.js",
   ],
+  "js/settings.js": [
+    "js/constants.js",
+    "js/utils.js",
+    "js/http.js",
+    "js/errors.js",
+    "js/self.js",
+    "js/settings.js"
+  ],
   "js/logout.js": [
     "js/constants.js",
     "js/utils.js",
diff --git a/frontend/js/login.js b/frontend/js/login.js
index 18dc355..2f293c1 100644
--- a/frontend/js/login.js
+++ b/frontend/js/login.js
@@ -33,12 +33,22 @@
     }
   }
 
+  // Shows messages produced from account deletion.
+  function displayDeletedOwner() {
+    var deleted = global.paramGet("deleted");
+
+    if (deleted === "true") {
+      $("#msg").html("Your account has been deleted.")
+    }
+  }
+
 
   // Shows email confirmation and password reset messages, if any.
   global.displayMessages = function() {
     displayConfirmedEmail();
     displayChangedPassword();
     displaySignedUp();
+    displayDeletedOwner();
   };
 
 
diff --git a/frontend/js/settings.js b/frontend/js/settings.js
new file mode 100644
index 0000000..5a98e0d
--- /dev/null
+++ b/frontend/js/settings.js
@@ -0,0 +1,54 @@
+(function (global, document) {
+  "use strict";
+
+  (document);
+
+  global.vueConstruct = function(callback) {
+    var reactiveData = {
+      hasSource: global.owner.hasSource,
+      lastFour: global.owner.lastFour,
+    };
+
+    global.settings = new Vue({
+      el: "#settings",
+      data: reactiveData,
+    });
+
+    if (callback !== undefined) {
+      callback();
+    }
+  };
+
+  global.settingShow = function(setting) {
+    $(".pane-setting").removeClass("selected");
+    $(".view").hide();
+    $("#" + setting).addClass("selected");
+    $("#" + setting + "-view").show();
+  };
+
+  global.deleteOwnerHandler = function() {
+    if (!confirm("Are you absolutely sure you want to delete your account?")) {
+      return;
+    }
+
+    var json = {
+      "ownerToken": global.cookieGet("commentoOwnerToken"),
+    }
+
+    $("#delete-owner-button").prop("disabled", true);
+    $("#delete-owner-button").text("Deleting...");
+    global.post(global.origin + "/api/owner/delete", json, function(resp) {
+      if (!resp.success) {
+        $("#delete-owner-button").prop("disabled", false);
+        $("#delete-owner-button").text("Delete Account");
+        global.globalErrorShow(resp.message);
+        $("#error-message").text(resp.message);
+        return;
+      }
+
+      global.cookieDelete("commentoOwnerToken");
+      document.location = global.origin + "/login?deleted=true";
+    });
+  };
+
+} (window.commento, document));
diff --git a/frontend/sass/dashboard-main.scss b/frontend/sass/dashboard-main.scss
index e6df7c8..a8ea49c 100644
--- a/frontend/sass/dashboard-main.scss
+++ b/frontend/sass/dashboard-main.scss
@@ -84,7 +84,7 @@ body {
       margin: 8px;
 
       .left {
-        padding: 8px;
+        padding: 8px 16px;
 
         .title {
           font-weight: bold;
diff --git a/frontend/settings.html b/frontend/settings.html
new file mode 100644
index 0000000..fd1a295
--- /dev/null
+++ b/frontend/settings.html
@@ -0,0 +1,90 @@
+<html>
+  <head>
+    <script src="[[[.CdnPrefix]]]/js/jquery.js"></script>
+    <script src="[[[.CdnPrefix]]]/js/vue.js"></script>
+    <script src="[[[.CdnPrefix]]]/js/highlight.js"></script>
+    <script src="[[[.CdnPrefix]]]/js/chartist.js"></script>
+    <script src="[[[.CdnPrefix]]]/js/settings.js"></script>
+    <script src="https://js.stripe.com/v3/"></script>
+    <link rel="icon" href="[[[.CdnPrefix]]]/images/120x120.png">
+    <link rel="stylesheet" href="[[[.CdnPrefix]]]/css/chartist.css">
+    <link rel="stylesheet" href="[[[.CdnPrefix]]]/css/dashboard.css">
+    <title>Commento: Settings</title>
+  </head>
+
+  <div id="navbar" class="navbar">
+    <a href="[[[.Origin]]]/" class="navbar-item navbar-logo-text"><img src="[[[.CdnPrefix]]]/images/logo.svg" class="navbar-logo">Commento</a>
+    <div class="navbar-item">
+      <a href="[[[.Origin]]]/dashboard" class="navbar-item">Dashboard</a>
+      <a href="[[[.Origin]]]/logout" class="navbar-item">Logout</a>
+      <div class="float-right"><b><div id="owner-name"></div></b></div>
+    </div>
+  </div>
+
+  <script>
+  window.onload = function() {
+    window.commento.selfGet(function() {
+      window.commento.vueConstruct(function() {
+        window.commento.settingShow("delete-owner");
+      });
+    });
+  };
+  </script>
+
+  <div class="global-error" id="global-error"></div>
+  <div class="global-ok" id="global-ok"></div>
+
+  <div id="settings" class="dashboard-container">
+    <div class="pane-left">
+      <div class="pane-setting" id="delete-owner" onclick="window.commento.settingShow('delete-owner')">
+        <div class="pane-setting-inside">
+          <div class="setting-title">Delete Account</div>
+        </div>
+      </div>
+    </div>
+
+    <div class="pane-right pane-right-lefter">
+      <div id="delete-owner-view" class="view hidden">
+        <div class="view-inside">
+          <div class="mid-view">
+            <div class="center center-title">
+              Delete Account
+            </div>
+
+            <div class="action-buttons-container">
+              <div class="action-buttons">
+                <div class="action-button">
+                  <div class="left">
+                    <div class="title">
+                      Delete Account
+                    </div>
+                    <div class="subtitle">
+                      This will permanently delete your account and any data associated with your account. You must first delete all domains in the dashboard before doing this.
+                    </div>
+                  </div>
+                  <div class="right">
+                    <button onclick="document.location.hash='#delete-owner-modal'" class="button big-red-button">Delete</button>
+                  </div>
+                </div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <div id="delete-owner-modal" class="modal-window">
+    <div class="inside">
+      <a href="#modal-close" title="Close" class="modal-close"></a>
+      <div class="modal-title">Delete Accont</div>
+      <div class="modal-subtitle">
+        Are you absolutely sure you want to delete your account? This is a permanent change; there is no way to recover your account or any data associated with it.
+      </div>
+      <div class="modal-contents center">
+        <button id="delete-owner-button" class="button big-red-button" onclick="window.commento.deleteOwnerHandler()">Delete Account</button>
+      </div>
+    </div>
+  </div>
+
+</html>