Added a 'delete account' function [#14 state:resolved]

s2j1h · Oct 22, 2010 · 7db8c81 · 7db8c81
1 parent 9182d92
commit 7db8c81
Show file tree

Hide file tree

Showing 12 changed files with 3,147 additions and 22 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -21,7 +21,10 @@ def index
 
 
   helper_method :current_user
-
+
+
+
+
   private
     def current_user_session
       return @current_user_session if defined?(@current_user_session)
@@ -60,4 +63,16 @@ def redirect_back_or_default(default)
       session[:return_to] = nil
     end
 
+    def hash_secretkey(secret_key)
+      Digest::SHA256.hexdigest(secret_key)
+    end
+
+    def encrypt_identity(digested_key,value)
+      [Encryptor.encrypt(:value => value, :key => digested_key)].pack('m*')
+    end
+
+    def decrypt_identity(digested_key,encrypted_value)
+      Encryptor.decrypt(:value => encrypted_value.unpack('m*').to_s, :key => digested_key)
+    end
+
 end
diff --git a/app/controllers/identities_controller.rb b/app/controllers/identities_controller.rb
@@ -134,15 +134,6 @@ def destroy
   end
 
 
- private
-    def hash_secretkey(secret_key)
-      Digest::SHA256.hexdigest(secret_key)
-    end 
-    def encrypt_identity(digested_key,value)
-      [Encryptor.encrypt(:value => value, :key => digested_key)].pack('m*')
-    end
-    def decrypt_identity(digested_key,encrypted_value)
-      Encryptor.decrypt(:value => encrypted_value.unpack('m*').to_s, :key => digested_key)
-    end
+
 
 end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -1,6 +1,6 @@
 class UsersController < ApplicationController
   before_filter :require_no_user, :only => [:new, :create]
-  before_filter :require_user, :only => [:show, :edit, :update]
+  before_filter :require_user, :only => [:show, :edit, :update, :delete]
 
   ssl_required :new, :create, :edit, :update if Rails.env.production?
   ssl_allowed :index if Rails.env.production?
@@ -37,4 +37,26 @@ def update
       render :action => 'edit'
     end
   end
+
+  def delete
+    @user = current_user
+    @user_session = UserSession.find
+    digested_key = hash_secretkey(params[:secretkey])
+    if current_user.secretkey != digested_key 
+      flash[:error] = 'Sorry but your secret key doesn\'t match.'
+      render :action => "edit"
+    else
+      if @user.destroy
+        Notifier.deliver_delete_account(@user)
+        Notifier.deliver_lost_user(@user)      
+        @user_session.destroy
+        flash[:notice] = "Successfully deleted your account"
+        redirect_to :controller => :application, :action => "index"
+      else
+        flash[:error] = 'Sorry an error occurs while deleting your account'
+        render :action => "edit"
+      end
+    end
+
+  end
 end
diff --git a/app/models/notifier.rb b/app/models/notifier.rb
@@ -26,16 +26,23 @@ def new_user(user)
     @content_type="text/html"
     @sent_on     = Time.now
     @body[:user] = user
-  end
+  end  
 
-  def connection(user)
-    @recipients  = user.email
+   def lost_user(user)
+    @recipients  = 'vauban@zeneffy.fr'
     @from        = 'vauban@zeneffy.fr'
-    @subject     = "Connection to your Vauban account"
+    @subject     = "[Vauban.zeneffy.fr] You have lost an user :("
     @content_type="text/html"
     @sent_on     = Time.now
     @body[:user] = user
   end
 
+   def delete_account(user)
+    @subject      = "Your vauban account has been successfully closed"
+    @from         = "vauban@zeneffy.fr"
+    @recipients   = user.email
+    @content_type = "text/html"
+    @sent_on      = Time.now    
+  end
 
 end
diff --git a/app/views/identities/index.html.erb b/app/views/identities/index.html.erb
@@ -37,11 +37,11 @@
             resizable: false,
             buttons: {
                 'Get credentials': function() {
-                $(this).dialog('close');
+                  $(this).dialog('close');
                 id = url.slice(url.lastIndexOf("/")+1,url.length);
                 url = url.slice(0,url.lastIndexOf("/")+1) + "edit";
                 var secretkey = $("#secretkey").val();
-                $('<form method="post" action="' + url + '" />')
+                $('<form method="post" action="' + url + '" />')     
                         .append('<input type="hidden" name="id" value="'+id+'" />')
                         .append('<input type="hidden" name="secretkey" value="'+secretkey+'" />')
                         .append('<input type="hidden" name="action" value="edit" />')

diff --git a/app/views/notifier/delete_account.html.erb b/app/views/notifier/delete_account.html.erb
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+  </head>
+  <body>
+    <h1>Your account has been deleted</h1>
+
+<p>
+  A request to delete your account has been made today - We confirm you that none of your identities has been kept and this is the last mail you will received from us.
+</p>
+<p>
+  Feel free to contact us at vauban@zeneffy.fr if you have any comment or feedbacks after using Vauban
+</p>
+
+<p>
+  The Vauban team
+</p>
+
+</body>
+</html>
diff --git a/app/views/notifier/lost_user.html.erb b/app/views/notifier/lost_user.html.erb
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
+  </head>
+  <body>
+    <h1>Lost user</h1>
+
+<p>Dear site administrator,</p>
+<p>
+Sorry but an user deleted its account from Vauban today.
+</p>
+<p>
+<b>User</b>: <%=h @user.username %><br/>
+<b>User's email</b>: <%=h @user.email %><br/>
+<b>deleted at</b>: <%= Time.now %>
+</p>
+
+</body>
+</html>
diff --git a/app/views/notifier/password_reset_instructions.html.erb b/app/views/notifier/password_reset_instructions.html.erb
@@ -18,5 +18,9 @@
 If the above URL does not work try copying and pasting it into your browser. If you continue to have problem please feel free to contact us at vauban@zeneffy.fr.
 </p>
 
+<p>
+  The Vauban team
+</p>
+
 </body>
 </html>
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
@@ -1,3 +1,58 @@
+<script type="text/javascript">
+    var url;
+    $(document).ready(function(){
+        $("a.delete").click(function(event){
+            event.preventDefault();
+            url = this.href;
+            $("#dialog-form").dialog('open');
+            $("#secretkey:last").focus();
+        });
+        $('#dialog-form').find('input').keypress(function(e) {
+                if ((e.which && e.which == 13) || (e.keyCode && e.keyCode == 13)) {
+                        $(this).parent().parent().parent().parent().find('.ui-dialog-buttonpane').find('button:first').click(); /* Assuming the first one is the action button */
+                        return false;
+                }
+        });
+        $("#dialog-form").dialog({
+           autoOpen: false,
+            modal: true,
+            closeOnEscape: false,
+            resizable: false,
+            buttons: {
+                'Delete my account!': function() {
+                $(this).dialog('close');                
+                url = url.slice(0,url.lastIndexOf("/")+1) + "signout";
+                var secretkey = $("#secretkey").val();
+                $('<form method="post" action="' + url + '" />')                
+                        .append('<input type="hidden" name="secretkey" value="'+secretkey+'" />')
+                        .append('<input type="hidden" name="action" value="delete" />')
+                        .append('<input type="hidden" name="_method" value="delete" />')
+                        .append('<input type="hidden" name="authenticity_token" value="' + AUTH_TOKEN + '" />')
+                        .appendTo('body')
+                        .submit();
+                return false;
+                },
+                'Cancel': function() {                
+                  $(this).dialog('close');
+                }
+            },
+            Cancel: function() {
+                  $(this).dialog('close');
+            }
+        });         
+    });
+</script>
+
+<div id="dialog-form" title="Delete account" style="display:none">
+  <p style="color: red"><b>You are going to delete your account: all your identities will be deleted - no data will be recoverable.</b></p>
+  <p>Please enter your secret key only if you really want to delete it</p>
+  <form>
+    <%= label_tag :secretkey %>: <%= password_field_tag :secretkey, nil, :class => 'text ui-widget-content'  %>
+  </form>
+</div>
+
+
+
 <% content_for :title do %>Edit Your profile<% end %>
 <% content_for :tab do %>profile<% end %>
 
@@ -17,6 +72,6 @@
 <%= f.label :password_confirmation %><span class="require">*</span>:<br/><%= f.password_field :password_confirmation %>
   </p>
   <p id="submit-button"><%= f.submit "Submit" %> or <%= link_to 'Cancel', identities_path %> </p>
-
+   <%= link_to 'I want to delete my account now!', users_path,:class => "delete"%>
 <% end %>
 
diff --git a/config/routes.rb b/config/routes.rb
@@ -1,6 +1,4 @@
-ActionController::Routing::Routes.draw do |map|
-  map.connect 'feedbacks', :conditions => { :method => :get },
-                           :controller => "application", :action => "index"
+ActionController::Routing::Routes.draw do |map|  
   map.connect 'feedbacks', :conditions => { :method => :post },
                                     :controller => "feedbacks", :action => "create"
 
@@ -12,6 +10,7 @@
 
   map.login "login", :controller => "user_sessions", :action => "new"
   map.logout "logout", :controller => "user_sessions", :action => "destroy"
+  map.signout "signout", :controller => "users", :action => "delete"
   map.register "register", :controller => "users", :action => "new"
   map.lostpassword "lostpassword", :controller => "password_resets" , :action => "new"
 

diff --git a/db/development.sqlite3 b/db/development.sqlite3