Merge pull request hotsh#620 from carols10cents/account_deletion

Account deletion
quicktwit · Sep 3, 2012 · 4f7c297 · 4f7c297
2 parents 1f16095 + 07e7a59
commit 4f7c297
Show file tree

Hide file tree

Showing 18 changed files with 199 additions and 12 deletions.
diff --git a/app/assets/javascripts/main.js.coffee.erb b/app/assets/javascripts/main.js.coffee.erb
@@ -117,3 +117,10 @@ jQuery $ ->
 
   if( $("#tweet").length > 0)
     $("#tweet").change(recordTickyboxChange)
+
+  #########################################
+  # Delete account
+  #########################################
+  $("#delete_account").bind "click", (ev) ->
+    ev.preventDefault()
+    $(this).closest("form").submit()
diff --git a/app/assets/stylesheets/content.scss.erb b/app/assets/stylesheets/content.scss.erb
@@ -338,6 +338,29 @@
   }
 }
 
+.delete-account {
+  .to_delete {
+    @include clearfix;
+  }
+  a {
+    float: right;
+  }
+}
+
+.js #delete .delete_account_submit {
+  display: none;
+}
+
+.no-js #delete a#delete_account {
+  display: none;
+}
+
+.destructive_action:hover {
+  background-color: #c88;
+  color: #fff;
+  border-color: #522;
+}
+
 /* ****************************** */
 /* Sidebar */
 /* ****************************** */

diff --git a/app/assets/stylesheets/forms.scss b/app/assets/stylesheets/forms.scss
@@ -40,6 +40,12 @@ form {
       }
     }
   }
+  input[type="text"] {
+    padding: 6px;
+  }
+  input.username{
+    width: 200px;
+  }
 
   .form-submit {
     @include prepend(4);

diff --git a/app/assets/stylesheets/lib/css3buttons.scss.erb b/app/assets/stylesheets/lib/css3buttons.scss.erb
@@ -1,6 +1,6 @@
 @import "base";
 
-.button { display: inline-block; padding: 7px 9px; font-size: 12px; line-height:1; color: #3C3C3D; text-shadow: 1px 1px 0 #FFFFFF; background: #ECECEC 0 0 no-repeat; white-space: nowrap; overflow: visible; cursor: pointer; text-decoration: none; border: 1px solid #CACACA; -webkit-border-radius: 2px; -moz-border-radius: 2px; -webkit-background-clip: padding-box; border-radius: 2px; outline: none; position: relative; zoom: 1; *display: inline; }
+.button { @include copy-face; display: inline-block; padding: 7px 9px; font-size: 12px; color: #3C3C3D; text-shadow: 1px 1px 0 #FFFFFF; background: #ECECEC 0 0 no-repeat; white-space: nowrap; overflow: visible; cursor: pointer; text-decoration: none; border: 1px solid #CACACA; -webkit-border-radius: 2px; -moz-border-radius: 2px; -webkit-background-clip: padding-box; border-radius: 2px; outline: none; position: relative; zoom: 1; *display: inline; }
 .button.primary { font-weight: bold }
 .button:hover { color: #FFFFFF; border-color: #4c9092; text-decoration: none; text-shadow: -1px -1px 0 rgba(0,0,0,0.3); background-position: 0 -40px; background-color: $link_color; }
 .button:active,

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -102,6 +102,15 @@ def show_layout?
     !pjax_request?
   end
 
+  def sign_in(user)
+    session[:user_id] = user.id
+  end
+
+  def sign_out
+    session[:user_id] = nil
+    @current_user = nil
+  end
+
 private
 
   MOBILE_BROWSERS = ["android", "ipod", "opera mini", "blackberry", "palm","hiptop","avantgo","plucker", "xiino","blazer","elaine", "windows ce; ppc;", "windows ce; smartphone;","windows ce; iemobile", "up.browser","up.link","mmp","symbian","smartphone", "midp","wap","vodafone","o2","pocket","kindle", "mobile","pda","psp","treo"]

diff --git a/app/controllers/auth_controller.rb b/app/controllers/auth_controller.rb
@@ -58,7 +58,7 @@ def auth
     @auth.nickname = auth['info']['nickname']
     @auth.save
 
-    session[:user_id] = @auth.user.id
+    sign_in(@auth.user)
 
     flash[:notice] = "You're now logged in."
 
@@ -92,7 +92,7 @@ def destroy
       auth = Authorization.first(:provider => params[:provider], :user_id => user.id)
       auth.destroy if auth
       # Without re-setting the session[:user_id] we're logged out
-      session[:user_id] = user.id
+      sign_in(user)
     end
 
     redirect_to edit_user_path(user)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
@@ -26,7 +26,7 @@ def create
       if @user.valid?
         if params[:password].length > 0
           @user.save
-          session[:user_id] = @user.id
+          sign_in(@user)
           flash[:notice] = "Thanks for signing up!"
           redirect_to root_path
           return
@@ -44,7 +44,7 @@ def create
       render :new
     else
       if user = User.authenticate(params[:username], params[:password])
-        session[:user_id] = user.id
+        sign_in(user)
         flash[:notice] = "Login successful."
         redirect_to root_path
         return
@@ -57,7 +57,7 @@ def create
   end
 
   def destroy
-    session[:user_id] = nil
+    sign_out
     flash[:notice] = "You've been logged out."
     redirect_to root_path
   end

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -1,5 +1,6 @@
 class UsersController < ApplicationController
   before_filter :find_user, :only => [:show, :edit, :update, :feed, :following, :followers]
+  before_filter :require_user, :only => [:edit, :update, :confirm_delete, :destroy]
 
   def index
     @title = "users"
@@ -98,7 +99,7 @@ def create
       Authorization.create_from_session!(session, @user)
 
       flash[:notice] = "Thanks! You're all signed up with #{@user.username} for your username."
-      session[:user_id] = @user.id
+      sign_in(@user)
       redirect_to root_path
     else
       render :new
@@ -197,7 +198,7 @@ def confirm_email
       user.email_confirmed = true
       user.reset_perishable_token
       # Register a session for the user
-      session[:user_id] = user.id
+      sign_in(user)
       flash[:notice] = "Email successfully confirmed."
       redirect_to root_path
     end
@@ -311,6 +312,23 @@ def reset_password_with_token
     end
   end
 
+  def confirm_delete
+  end
+
+  def destroy
+    if current_user && params[:username_confirmation] == current_user.username
+      current_user.destroy
+      sign_out
+      flash[:notice] = "Your account has been deleted. We're sorry to see you go."
+      redirect_to root_path
+    elsif current_user
+      flash[:notice] = "Nothing was deleted since you did not type your username."
+      redirect_to edit_user_path
+    else
+      redirect_to root_path
+    end
+  end
+
   private
 
   def find_user

diff --git a/app/models/author.rb b/app/models/author.rb
@@ -60,8 +60,8 @@ class Author
   # Associations
 
   # As we said, an Author has a Feed that they're the... author of. And if
-  # they're local, they also have a User, too.
-  one :feed
+  # they're local, they also have a User.
+  one :feed, :dependent => :destroy
   one :user
 
   # This takes results from an omniauth reponse and generates an author

diff --git a/app/models/feed.rb b/app/models/feed.rb
@@ -28,7 +28,7 @@ class Feed
   belongs_to :author
   key :author_id, ObjectId
 
-  many :updates, :order => 'created_at desc'
+  many :updates, :order => 'created_at desc', :dependent => :destroy
 
   timestamps!
 

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -46,6 +46,15 @@ class User
   # This will establish other entities related to the User
   after_create :finalize
 
+  # Mongo_mapper does not run :dependent => :destroy on belongs_to
+  # relationships, so clean up manually.
+  # https://github.com/jnunemaker/mongomapper/blob/master/test/functional/associations/test_belongs_to_proxy.rb#L155
+  before_destroy :clean_up
+
+  def clean_up
+    self.author.destroy
+  end
+
   def feed
     self.author.feed
   end

diff --git a/app/views/static/follow.html.haml b/app/views/static/follow.html.haml
@@ -4,7 +4,7 @@
 
 #follow-form.search
   = form_tag "/subscriptions" do
-    %input{:type => "text", :name => "subscribe_to"}
+    %input{:type => "text", :name => "subscribe_to", :class => "username" }
     %input.button.follow{:type => "submit", :value => "Follow"}
 
 %h3 OStatus Sites

diff --git a/app/views/users/confirm_delete.haml b/app/views/users/confirm_delete.haml
@@ -0,0 +1,23 @@
+#delete
+  %h3 Warning
+
+  %p
+    You are about to delete your account. This will also delete all your status updates, and this cannot be undone.
+
+  %p
+    If you are sure you want to do this, please type your username as confirmation:
+
+  = form_tag user_path(current_user), :class => "delete_account_confirm" do
+    %input{:type => "hidden", :name => "_method", :value => "delete"}
+    %input{:type => :text, :name => :username_confirmation, :class => "username"}
+
+    -# We have both a submit button and links here because of a Firefox
+    -# CSS bug that sets line-height on buttons that can't be overridden.
+    -# Since Cancel should be a link that goes back to the edit profile
+    -# page, to match the height in Firefox, both Delete and Cancel are links.
+    -# Having the submit button, which is hidden using CSS, allows enter to
+    -# submit the form and makes something that will work without javascript.
+
+    %input{:type => "submit", :value => "Delete Account", :class => "delete_account_submit button"}
+    = link_to "Delete Account", "#", :id => "delete_account", :class => "button destructive_action"
+    = link_to "Cancel", edit_user_path(current_user), :class => "button"
diff --git a/app/views/users/edit.haml b/app/views/users/edit.haml
@@ -36,3 +36,9 @@
       - else
         %form.profile-update{:action => "/auth/twitter", :method => "GET", :name => "profile_update_form"}
           %input.button{:type => "submit", :value => "Add Twitter Account"}
+
+  .delete-account.bottom-block
+    %h4 Delete Account
+
+    .to_delete
+      = link_to "Delete Account", account_deletion_confirmation_path, :class => "button destructive_action"
diff --git a/config/routes.rb b/config/routes.rb
@@ -38,6 +38,7 @@
   match 'reset_password', :to => "users#reset_password_new", :via => :get
   match 'reset_password', :to => "users#reset_password_create", :via => :post
   match 'reset_password/:token', :to => "users#reset_password_with_token", :via => :get, :as => "reset_password"
+  match 'users/:id/confirm_delete', :to => "users#confirm_delete", :constraints => { :id => /[^\/]+/ }, :as => "account_deletion_confirmation", :via => :get
 
   # Updates
   resources :updates, :only => [:index, :show, :create, :destroy]

diff --git a/test/acceptance/acceptance_helper.rb b/test/acceptance/acceptance_helper.rb
@@ -115,4 +115,10 @@ def get_user_xrd user
 
     Nokogiri.XML(last_response.body)
   end
+
+  def logged_out?
+    within "#header" do
+      assert has_no_content?("Log Out")
+    end
+  end
 end
diff --git a/test/acceptance/account_deletion_test.rb b/test/acceptance/account_deletion_test.rb
@@ -0,0 +1,72 @@
+require 'require_relative' if RUBY_VERSION[0,3] == '1.8'
+require_relative 'acceptance_helper'
+
+describe "Delete your account" do
+  include AcceptanceHelper
+
+  before do
+    @u = Fabricate(:user)
+    @update = Fabricate(:update)
+    @u.feed.updates << @update
+    log_in_username(@u)
+  end
+
+  it "lets you delete your account and deletes all your updates" do
+    visit "/users/#{@u.username}/edit"
+    click_link "Delete Account"
+
+    fill_in "username_confirmation", :with => @u.username
+    click_button "Delete Account"
+
+    within flash do
+      assert has_content?("Your account has been deleted. We're sorry to see you go.")
+    end
+
+    assert logged_out?
+
+    visit "/updates"
+    within "#updates" do
+      assert has_no_content?(@update.text)
+    end
+  end
+
+  it "returns you to your edit page if you click cancel" do
+    visit "/users/#{@u.username}/edit"
+    click_link "Delete Account"
+    click_link "Cancel"
+    page.current_url.must_match("/users/#{@u.username}/edit")
+  end
+
+  it "returns you to your edit page if you dont type a username" do
+    visit "/users/#{@u.username}/edit"
+    click_link "Delete Account"
+    click_button "Delete Account"
+
+    page.current_url.must_match("/users/#{@u.username}/edit")
+    within flash do
+      assert has_content?("Nothing was deleted since you did not type your username.")
+    end
+  end
+
+  it "returns you to your edit page if you type your username wrong" do
+    visit "/users/#{@u.username}/edit"
+    click_link "Delete Account"
+    fill_in "username_confirmation", :with => "nopenopenope"
+    click_button "Delete Account"
+
+    page.current_url.must_match("/users/#{@u.username}/edit")
+    within flash do
+      assert has_content?("Nothing was deleted since you did not type your username.")
+    end
+  end
+
+  it "does not let you delete someone else's account" do
+    @someone_else = Fabricate(:user, :username => "someone_else")
+    delete "/users/someone_else"
+
+    visit "/users/someone_else"
+    within "span.user-text" do
+      assert has_content?("someone_else")
+    end
+  end
+end
diff --git a/test/acceptance/profile_test.rb b/test/acceptance/profile_test.rb
@@ -156,7 +156,14 @@
     end
   end
 
+  it "doesn't let a logged out user update someone's profile" do
+    u = Fabricate(:user)
+    visit "/users/#{u.username}/edit"
+    page.current_url.wont_match(/\/users\/#{u.username}\/edit/)
+  end
+
   it "doesn't let you update someone else's profile" do
+    log_in_as_some_user
     u = Fabricate(:user)
     visit "/users/#{u.username}/edit"
     assert_match /\/users\/#{u.username}$/, page.current_url