Skip to main content

tuwunel_api/oidc/account/
account_deactivate.rs

1use const_str::format as const_format;
2use ruma::UserId;
3use tuwunel_core::{Result, info, utils::html::escape as html_escape};
4use tuwunel_service::Services;
5
6use super::{ACCOUNT_HEAD, url_encode};
7
8/// Shows a POST confirmation form for account deactivation. The `login_token`
9/// is peeked (not consumed) by the GET handler and embedded here; submitting
10/// the form consumes it, re-authenticating this destructive action.
11pub(super) async fn account_deactivate_confirm_html(
12	user_id: &UserId,
13	login_token: &str,
14) -> Result<String> {
15	let uid = html_escape(user_id.as_str());
16	let tok = html_escape(login_token);
17	let tok_enc = url_encode(login_token);
18
19	Ok(CONFIRM_HTML
20		.replace("{uid}", &uid)
21		.replace("{tok}", &tok)
22		.replace("{tok_enc}", &tok_enc))
23}
24
25/// Executes the account deactivation, signing out every session and blocking
26/// future logins. Called only from the POST handler once the token is consumed.
27pub(super) async fn account_deactivate_execute_html(
28	services: &Services,
29	user_id: &UserId,
30) -> Result<String> {
31	services.users.deactivate_account(user_id).await?;
32
33	info!(?user_id, "Account deactivated via account management page");
34
35	Ok(EXECUTE_HTML.replace("{uid}", &html_escape(user_id.as_str())))
36}
37
38static CONFIRM_HTML: &str = const_format!(
39	r#"
40<!DOCTYPE html>
41<html lang="en">
42	<head>
43		{ACCOUNT_HEAD}
44		<title>Deactivate Account</title>
45	</head>
46	<body>
47		<h1>Deactivate Account</h1>
48		<p>
49			Signed in as <strong>{{uid}}</strong>.
50		</p>
51		<p class="warn">
52			Deactivate your account? This signs out all of your sessions and
53			permanently prevents logging in again. This cannot be undone.
54		</p>
55		<form method="POST" action="/_tuwunel/oidc/account_callback">
56			<input type="hidden" name="action" value="org.matrix.account_deactivate">
57			<input type="hidden" name="loginToken" value="{{tok}}">
58			<button type="submit" class="danger">Deactivate account</button>
59			<a
60				class="cancel"
61				href="/_tuwunel/oidc/account_callback?action=org.matrix.sessions_list&loginToken={{tok_enc}}"
62			>
63				Cancel
64			</a>
65		</form>
66	</body>
67</html>"#
68);
69
70static EXECUTE_HTML: &str = const_format!(
71	r#"
72<!DOCTYPE html>
73<html lang="en">
74	<head>
75		{ACCOUNT_HEAD}
76		<title>Account Deactivated</title>
77	</head>
78	<body>
79		<h1 class="ok">Account Deactivated</h1>
80		<p>
81			Account <strong>{{uid}}</strong> has been deactivated and all of its
82			sessions signed out.
83		</p>
84	</body>
85</html>"#
86);