Also, we might hold off on this for much longer. It's possible that in certain environments, admins won't want users to be able to easily delete all data without permission. We need to understand this a bit more before we can merge this in. But all account deletion work up until this PR can go ahead.
This requires admins to generate a new encryption key with: writefreely keys generate Ref T319
This is ready for review. For admins, two things to note:
You'll want to enable open account deletions through the Admin Dashboard or your config file (under the
This adds CSRF protection on the account deletion endpoint, which requires a new encryption key. To generate that, run: