Add account settings page with options to update email, password and delete account

2025-12-02 16:32:45 +11:00
parent d983854c7c
commit 814691c235
9 changed files with 347 additions and 13 deletions
--- a/routes/settings.py
+++ b/routes/settings.py
@@ -50,7 +50,8 @@ def export():
        return render_block(
            environment,
            "dashboard/settings/export.html",
-            "page"
+            "page",
+            current_user=current_user
        )
    return render_template("dashboard/settings/export.html")

@@ -74,7 +75,8 @@ def api_keys():
            "dashboard/settings/api_keys.html", 
            "page", 
            api_keys=api_keys,
-            functions=functions
+            functions=functions,
+            current_user=current_user
        )
    return render_template("dashboard/settings/api_keys.html", api_keys=api_keys, functions=functions)

@@ -129,7 +131,8 @@ def database_schema():
            environment,
            "dashboard/settings/database_schema.html",
            "page",
-            schema_info=schema_info
+            schema_info=schema_info,
+            current_user=current_user
        )
    return render_template("dashboard/settings/database_schema.html", schema_info=schema_info)

@@ -145,10 +148,92 @@ def login_history():
            environment,
            "dashboard/settings/login_history.html",
            "page",
-            history=history
+            history=history,
+            current_user=current_user
        )
    return render_template("dashboard/settings/login_history.html", history=history)

+@settings.route("/account", methods=["GET"])
+@login_required
+def account():
+    """Display account settings page"""
+    if htmx:
+        return render_block(
+            environment,
+            "dashboard/settings/account.html",
+            "page",
+            current_user=current_user
+        )
+    return render_template("dashboard/settings/account.html")
+
+@settings.route("/account/password", methods=["POST"])
+@login_required
+def update_password():
+    """Update user password"""
+    from werkzeug.security import generate_password_hash, check_password_hash
+    
+    current_password = request.form.get('current_password')
+    new_password = request.form.get('new_password')
+    confirm_password = request.form.get('confirm_password')
+    
+    # Verify current password
+    user_data = db.get_user(current_user.id)
+    if not check_password_hash(user_data['password_hash'], current_password):
+        return render_template("dashboard/settings/account.html", error="Incorrect current password")
+    
+    # Validate new password
+    if len(new_password) < 10:
+        return render_template("dashboard/settings/account.html", error="New password must be at least 10 characters")
+    
+    if new_password != confirm_password:
+        return render_template("dashboard/settings/account.html", error="New passwords do not match")
+    
+    # Update password
+    new_hash = generate_password_hash(new_password)
+    db.update_user_password(current_user.id, new_hash)
+    
+    return render_template("dashboard/settings/account.html", success="Password updated successfully")
+
+@settings.route("/account/email", methods=["POST"])
+@login_required
+def update_email():
+    """Update user email"""
+    email = request.form.get('email')
+    
+    # Basic validation
+    if email and '@' not in email:
+        return render_template("dashboard/settings/account.html", error="Invalid email address")
+    
+    db.update_user_email(current_user.id, email)
+    
+    # Update current user object in session if needed, or just reload page
+    return render_template("dashboard/settings/account.html", success="Email updated successfully")
+
+@settings.route("/account/delete", methods=["POST"])
+@login_required
+def delete_account():
+    """Delete user account"""
+    from werkzeug.security import check_password_hash
+    from flask_login import logout_user
+    
+    password = request.form.get('password')
+    confirm_text = request.form.get('confirm_text')
+    
+    # Verify password
+    user_data = db.get_user(current_user.id)
+    if not check_password_hash(user_data['password_hash'], password):
+        return render_template("dashboard/settings/account.html", error="Incorrect password")
+    
+    # Verify confirmation text
+    if confirm_text != "DELETE":
+        return render_template("dashboard/settings/account.html", error="Please type DELETE to confirm")
+    
+    # Delete account
+    db.delete_user(current_user.id)
+    logout_user()
+    
+    return redirect(url_for('landing_page'))
+

 def get_database_schema():
    """Fetch database schema information for ERD generation"""