Merge pull request #6 from kobaltz/account-deletion

Added Account Deletion
kobaltz · Aug 9, 2024 · 17d44c3 · 17d44c3
2 parents 9472446 + 1314dd1
commit 17d44c3
Show file tree

Hide file tree

Showing 6 changed files with 90 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -98,12 +98,13 @@ settings.
 
 ```ruby
 ActionAuth.configure do |config|
+  config.allow_user_deletion = true
+  config.default_from_email = "[email protected]"
+  config.magic_link_enabled = true
+  config.verify_email_on_sign_in = true
   config.webauthn_enabled = true
   config.webauthn_origin = "http://localhost:3000" # or "https://example.com"
   config.webauthn_rp_name = Rails.application.class.to_s.deconstantize
-  config.verify_email_on_sign_in = true
-  config.magic_link_enabled = true
-  config.default_from_email = "[email protected]"
 end
 ```
 
@@ -129,7 +130,7 @@ These are the planned features for ActionAuth. The ones that are checked off are
 
 ⏳ - OAuth with Google, Facebook, Github, Twitter, etc.
 
-⏳ - Account Deletion
+✅ - Account Deletion
 
 ⏳ - Account Lockout
 
@@ -213,6 +214,29 @@ they can add a Passkey to their account. The Passkey could be an iCloud Keychain
 key like a Yubikey, or a mobile device. If enabled and configured, the user will be prompted to use
 their Passkey after they log in.
 
+## Magic Links
+
+Magic Links are a way to authenticate a user without requiring a password. This is done by sending
+an email to the user with a link that will log them in. This is a great way to allow users to log in
+without having to remember a password. This is especially useful for users who may not have a password
+manager or have a hard time remembering passwords.
+
+## Account Deletion
+
+Account deletion is a feature that is enabled by default. When a user deletes their account, the account
+is marked as deleted and the user is logged out. The user will no longer be able to log in with their
+email and password. The user will need to create a new account if they wish to continue using the application.
+
+Here's an example of how you may want to add a delete account button to your application. Obviously, you
+will want to style this to fit your application and have some kind of confirmation dialog.
+
+```
+<p>
+  Unhappy with the service?
+  <%= button_to "Delete Account", action_auth.users_path, method: :delete %>
+</p>
+```
+
 #### Configuration
 
 The migrations are already copied over to your application when you run

diff --git a/app/controllers/action_auth/users_controller.rb b/app/controllers/action_auth/users_controller.rb
@@ -0,0 +1,10 @@
+module ActionAuth
+  class UsersController < ApplicationController
+    before_action :authenticate_user!
+
+    def destroy
+      Current.user.destroy
+      redirect_to main_app.root_url, notice: "Your account has been deleted."
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
@@ -3,13 +3,18 @@
   post "sign_in", to: "sessions#create"
   get  "sign_up", to: "registrations#new"
   post "sign_up", to: "registrations#create"
-  resources :sessions, only: [:index, :show, :destroy]
-  resource  :password, only: [:edit, :update]
+
   namespace :identity do
     resource :email,              only: [:edit, :update]
     resource :email_verification, only: [:show, :create]
     resource :password_reset,     only: [:new, :edit, :create, :update]
   end
+  resource  :password, only: [:edit, :update]
+  resources :sessions, only: [:index, :show, :destroy]
+
+  if ActionAuth.configuration.allow_user_deletion?
+    resource  :users, only: [:destroy]
+  end
 
   if ActionAuth.configuration.webauthn_enabled?
     resources :webauthn_credentials, only: [:new, :create, :destroy] do

diff --git a/lib/action_auth/configuration.rb b/lib/action_auth/configuration.rb
@@ -1,29 +1,36 @@
 module ActionAuth
   class Configuration
 
+    attr_accessor :allow_user_deletion
+    attr_accessor :default_from_email
+    attr_accessor :magic_link_enabled
+    attr_accessor :verify_email_on_sign_in
     attr_accessor :webauthn_enabled
     attr_accessor :webauthn_origin
     attr_accessor :webauthn_rp_name
-    attr_accessor :verify_email_on_sign_in
-    attr_accessor :magic_link_enabled
-    attr_accessor :default_from_email
+
 
     def initialize
+      @allow_user_deletion = true
+      @default_from_email = "[email protected]"
+      @magic_link_enabled = true
+      @verify_email_on_sign_in = true
       @webauthn_enabled = defined?(WebAuthn)
       @webauthn_origin = "http://localhost:3000"
       @webauthn_rp_name = Rails.application.class.to_s.deconstantize
-      @verify_email_on_sign_in = true
-      @magic_link_enabled = true
-      @default_from_email = "[email protected]"
     end
 
-    def webauthn_enabled?
-      @webauthn_enabled.respond_to?(:call) ? @webauthn_enabled.call : @webauthn_enabled
+    def allow_user_deletion?
+      @allow_user_deletion.respond_to?(:call) ? @allow_user_deletion.call : @allow_user_deletion
     end
 
     def magic_link_enabled?
       @magic_link_enabled.respond_to?(:call) ? @magic_link_enabled.call : @magic_link_enabled
     end
 
+    def webauthn_enabled?
+      @webauthn_enabled.respond_to?(:call) ? @webauthn_enabled.call : @webauthn_enabled
+    end
+
   end
 end
diff --git a/test/controllers/action_auth/users_controller_test.rb b/test/controllers/action_auth/users_controller_test.rb
@@ -0,0 +1,21 @@
+require "test_helper"
+
+module ActionAuth
+  class UsersControllerTest < ActionDispatch::IntegrationTest
+    include Engine.routes.url_helpers
+
+    setup do
+      @user = sign_in_as(action_auth_users(:one))
+    end
+
+    test "destroys user" do
+      assert_difference("User.count", -1) do
+        delete users_url(@user)
+      end
+
+      assert_response :redirect
+      follow_redirect!
+      assert_match "Your account has been deleted.", response.body
+    end
+  end
+end
diff --git a/test/dummy/app/views/welcome/index.html.erb b/test/dummy/app/views/welcome/index.html.erb
@@ -1,11 +1,19 @@
 <h1>Welcome#index</h1>
-
+<% flash.each do |message| %>
+  <%= message %>
+<% end %>
 <h2>Session Information</h2>
 <p><strong>current_session:</strong> <%= current_session.inspect %></p>
 <p><strong>current_user:</strong> <%= current_user.inspect %></p>
 <p><strong>user_signed_in?:</strong> <%= user_signed_in? %></p>
+<p>
+  Unhappy with the service?
+  <%= button_to "Delete Account", action_auth.users_path, method: :delete %>
+</p>
 
 <h2>ActionAuth Configuration</h2>
+Account Deletion Enabled: <%= ActionAuth.configuration.allow_user_deletion? %><br>
+Magic Links Enabled: <%= ActionAuth.configuration.magic_link_enabled? %><br>
 WebAuthn Enabled: <%= ActionAuth.configuration.webauthn_enabled? %>
 
 <h2>Routes</h2>