From 8f346ac69fa26fcf0ce37cedaacd2f17807d789e Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Mon, 20 Jun 2011 18:26:55 -0700
Subject: [PATCH] remove email address and keys from server when user selects
'forget', fixes #22
---
authority/server/db.js | 16 ++++++++++++++++
authority/server/wsapi.js | 23 +++++++++++++++++++++++
authority/static/manage.html | 9 ++++++---
3 files changed, 45 insertions(+), 3 deletions(-)
diff --git a/authority/server/db.js b/authority/server/db.js
index b59a2564d..4d362888e 100644
--- a/authority/server/db.js
+++ b/authority/server/db.js
@@ -277,3 +277,19 @@ exports.pubkeysForEmail = function(identity, cb) {
cb(keys);
});
};
+
+
+// FIXME: I'm not sure I'm using this data model properly
+exports.removeEmail = function(authenticated_email, email, cb) {
+ // figure out the user, and remove Email only from addressed
+ // linked to the authenticated email address
+ emailToUserID(authenticated_email, function(user_id) {
+ executeTransaction([
+ [ "delete from emails where emails.address = ? and user = ?", [ email,user_id ] ] ,
+ [ "delete from keys where email in (select address from emails where emails.address = ? and user = ?)", [ email,user_id ] ],
+ ], function (error) {
+ if (error) cb(error);
+ else cb();
+ });
+ });
+};
\ No newline at end of file
diff --git a/authority/server/wsapi.js b/authority/server/wsapi.js
index aa234fda1..0bfb38b9e 100644
--- a/authority/server/wsapi.js
+++ b/authority/server/wsapi.js
@@ -117,6 +117,8 @@ exports.authenticate_user = function(req, resp) {
});
};
+// need CSRF protection
+
exports.add_email = function (req, resp) {
var urlobj = url.parse(req.url, true);
var getArgs = urlobj.query;
@@ -145,6 +147,27 @@ exports.add_email = function (req, resp) {
}
};
+exports.remove_email = function(req, resp) {
+ // this should really be POST, but for now I'm having trouble seeing
+ // how to get POST args properly, so it's a GET (Ben).
+ // hmmm, I really want express or some other web framework!
+ var urlobj = url.parse(req.url, true);
+ var getArgs = urlobj.query;
+
+ if (!checkParams(getArgs, resp, [ "email"])) return;
+ if (!checkAuthed(req, resp)) return;
+
+ logRequest("remove_email", getArgs);
+
+ db.removeEmail(req.session.authenticatedUser, getArgs.email, function(error) {
+ if (error) {
+ console.log("error removing email " + getArgs.email);
+ httputils.badRequest(resp, error.toString());
+ } else {
+ httputils.jsonResponse(resp, true);
+ }});
+};
+
exports.set_key = function (req, resp) {
var urlobj = url.parse(req.url, true);
var getArgs = urlobj.query;
diff --git a/authority/static/manage.html b/authority/static/manage.html
index 8d8fc1c11..0a3be8403 100644
--- a/authority/static/manage.html
+++ b/authority/static/manage.html
@@ -48,7 +48,6 @@ function display_saved_ids()
$("#emailList").empty();
_(emails).each(function(data, e) {
- debugger;
var block = $("<div>").addClass("emailblock");
var label = $("<div>").addClass("email").text(e);
var meta = $("<div>").addClass("meta");
@@ -69,13 +68,17 @@ function display_saved_ids()
// linkblock.append(" / ");
// linkblock.append(priva);
- var deauth = $("<button>").text("Sign Out");
+ var deauth = $("<button>").text("Forget this Email");
meta.append(deauth);
deauth.click(function() {
var t = JSON.parse(window.localStorage.emails);
delete t[e];
window.localStorage.emails = JSON.stringify(t);
- display_saved_ids();
+ // remove email from server
+ $.get("/wsapi/remove_email", {"email" : e}, function(response) {
+ alert("response is : " +response);
+ display_saved_ids();
+ });
});
var d = new Date(data.created);
--
GitLab