From b24061fb05105dfe7e47e84a39414eb736968632 Mon Sep 17 00:00:00 2001
From: iou1name <iou1name@national.shitposting.agency>
Date: Thu, 26 Sep 2019 18:29:39 -0400
Subject: [PATCH] added /delete_key

---
 buckler.py           | 24 ++++++++++++++++++++++++
 templates/index.html | 35 +++++++++++++++++++----------------
 2 files changed, 43 insertions(+), 16 deletions(-)

diff --git a/buckler.py b/buckler.py
index 06271d3..e47accd 100644
--- a/buckler.py
+++ b/buckler.py
@@ -312,6 +312,30 @@ async def set_session(request):
 	return web.json_response(error)
 
 
+@routes.post(config.url_prefix + '/delete_key', name='delete_key')
+@auth.auth_required
+async def delete_key(request):
+	"""Allows a user to delete a security key."""
+	data = await request.post()
+	async with request.app['pool'].acquire() as conn:
+		for key, value in data.items():
+			key_id = key.replace('fido-', '')
+			if not key_id:
+				continue
+			try:
+				key_id = int(key_id)
+			except ValueError:
+				continue
+			if value != 'on':
+				continue
+			await conn.execute(
+				"DELETE FROM user_credential "
+				"WHERE id = $1 AND user_id = $2",
+				key_id, request['session']['id'])
+	index_url = request.app.router['index'].url_for()
+	raise web.HTTPFound(location=index_url)
+
+
 async def init_app():
 	"""Initializes the application."""
 	app = web.Application()
diff --git a/templates/index.html b/templates/index.html
index 5841303..cbdcfdf 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -78,22 +78,25 @@
 				<article style="display: none;">
 					<hr>
 					{% if fido2_keys %}
-					<table id="security_keys">
-						<thead>
-							<tr>
-								<th>Nick</th>
-								<th>Delete</th>
-							</tr>
-						</thead>
-						<tbody>
-							{% for key in fido2_keys %}
-							<tr>
-								<td>{{ key['nick'] }}</td>
-								<td><input aria-label="Delete {{ key['nick'] }}" id="fido-{{ key['id'] }}" name="fido-{{ key['id'] }}" type="checkbox"></td>
-							</tr>
-							{% endfor %}
-						</tbody>
-					</table>
+					<form action="{{ request.app.router['delete_key'].url_for() }}" method="POST" enctype="application/x-www-form-urlencoded">
+						<table id="security_keys">
+							<thead>
+								<tr>
+									<th>Nick</th>
+									<th>Delete</th>
+								</tr>
+							</thead>
+							<tbody>
+								{% for key in fido2_keys %}
+								<tr>
+									<td>{{ key['nick'] }}</td>
+									<td><input aria-label="Delete {{ key['nick'] }}" id="fido-{{ key['id'] }}" name="fido-{{ key['id'] }}" type="checkbox"></td>
+								</tr>
+								{% endfor %}
+							</tbody>
+						</table>
+						<input type="submit" value="Delete">
+					</form>
 					{% else %}
 					<span>No registered keys.</span>
 					{% endif %}