Skip to content

Enable users without passwords to delete their accounts #9827

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Enable users without passwords to delete their accounts #9827

wants to merge 1 commit into from

Conversation

seanh
Copy link
Member

@seanh seanh commented Aug 15, 2025
edited
Loading

Testing:

  • Sign up with a provider, go to http://localhost:5000/account/delete, and you'll be able to delete your account by confirming your username rather than your password. If you enter the wrong username you'll get a validation error. If you enter the right username your account will be deleted.
  • Log in as a user with a password (e.g. devdata_user), go to http://localhost:5000/account/delete, and you'll have to confirm your password to delete your account.

@seanh seanh requested a review from robertknight August 15, 2025 21:00
@seanh seanh force-pushed the enable-deleting-users-without-passwords branch from 8a42748 to 2e58a62 Compare August 15, 2025 21:19
seanh
seanh commented Aug 15, 2025
View reviewed changes
h/views/accounts.py
schema = schemas.DeleteAccountSchema().bind(request=self.request)
@property
def form(self):
if self._form: # pragma: no cover
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The way this legacy Deform/Colander forms stuff works with instantiating schemas and then binding them to the request and then using request.create_form() and handle_form_submission() is just a nightmare for testability. This # pragma: no cover here was my concession to practicality. The form has to be cached on self._form, otherwise rendering of validation errors breaks.

seanh
seanh commented Aug 15, 2025
View reviewed changes
tests/unit/h/accounts/schemas_test.py
Comment on lines 562 to +567

def test_it_with_no_csrf_token(self, schema, pyramid_csrf_request):
del pyramid_csrf_request.headers["X-CSRF-Token"]

with pytest.raises(BadCSRFToken):
schema.deserialize({"password": "test_password"})
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added this missing test for DeleteAccountSchema.

robertknight
robertknight approved these changes Aug 18, 2025
View reviewed changes
h/accounts/schemas.py
@@ -293,6 +293,22 @@ def validator(self, node, value):
raise exc


class DeleteAccountSchemaNoPassword(CSRFSchema):
username = colander.SchemaNode(
colander.String(), title=_("Confirm your username to delete your account")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wondered about the phrasing here. GitHub uses "Type {text} to confirm" in its confirmation dialogs for dangerous actions, which is slightly more direct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robertknight robertknight robertknight approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seanh @robertknight