added /delete_key

This commit is contained in:
iou1name 2019-09-26 18:29:39 -04:00
parent 4309d65c85
commit b24061fb05
2 changed files with 43 additions and 16 deletions

View File

@ -312,6 +312,30 @@ async def set_session(request):
return web.json_response(error)
@routes.post(config.url_prefix + '/delete_key', name='delete_key')
@auth.auth_required
async def delete_key(request):
"""Allows a user to delete a security key."""
data = await request.post()
async with request.app['pool'].acquire() as conn:
for key, value in data.items():
key_id = key.replace('fido-', '')
if not key_id:
continue
try:
key_id = int(key_id)
except ValueError:
continue
if value != 'on':
continue
await conn.execute(
"DELETE FROM user_credential "
"WHERE id = $1 AND user_id = $2",
key_id, request['session']['id'])
index_url = request.app.router['index'].url_for()
raise web.HTTPFound(location=index_url)
async def init_app():
"""Initializes the application."""
app = web.Application()

View File

@ -78,22 +78,25 @@
<article style="display: none;">
<hr>
{% if fido2_keys %}
<table id="security_keys">
<thead>
<tr>
<th>Nick</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
{% for key in fido2_keys %}
<tr>
<td>{{ key['nick'] }}</td>
<td><input aria-label="Delete {{ key['nick'] }}" id="fido-{{ key['id'] }}" name="fido-{{ key['id'] }}" type="checkbox"></td>
</tr>
{% endfor %}
</tbody>
</table>
<form action="{{ request.app.router['delete_key'].url_for() }}" method="POST" enctype="application/x-www-form-urlencoded">
<table id="security_keys">
<thead>
<tr>
<th>Nick</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
{% for key in fido2_keys %}
<tr>
<td>{{ key['nick'] }}</td>
<td><input aria-label="Delete {{ key['nick'] }}" id="fido-{{ key['id'] }}" name="fido-{{ key['id'] }}" type="checkbox"></td>
</tr>
{% endfor %}
</tbody>
</table>
<input type="submit" value="Delete">
</form>
{% else %}
<span>No registered keys.</span>
{% endif %}