Allow a user to delete their own account

server/fishtest/templates/user.mak

@@ -17,7 +17,42 @@
           e.target.submit();
       });
     }
+
+    async function handleDeleteAccount() {
+      await DOMContentLoaded();
+      document.getElementById("password").addEventListener("input", (e) => {
+        const value = e.target.value;
+        const deleteAccBtn = document.getElementById("delete_account_btn");
+        const saveBtn = document.getElementById("save_btn");
+
+        if (value) {
+          deleteAccBtn.removeAttribute("disabled");
+          saveBtn.removeAttribute("disabled");
+        } else {
+          deleteAccBtn.setAttribute("disabled", "");
+          saveBtn.setAttribute("disabled", "");
+        }
+      });
+
+      document.getElementById("delete_own_account").addEventListener("input", (e) => {
+        const value = e.target.value;
+        const confirmDeleteBtn = document.getElementById("confirm_delete_btn");
+        if (value == "${user['username']}") {
+          confirmDeleteBtn.removeAttribute("disabled");
+        } else {
+          confirmDeleteBtn.setAttribute("disabled", "");
+        }
+      })
+
+      document.getElementById("delete_own_account").addEventListener("keypress", (e) => {
+        if (e.key === 'Enter') {
+          e.preventDefault();
+        }
+      })
+    }
+
     handleGitHubToken();
+    handleDeleteAccount();
   </script>
 % else:
   <script>
@@ -211,7 +246,46 @@
           </div>
         </div>
       </div>
-      <button type="submit" class="btn btn-primary w-100">Save</button>
+      <button
+        id="save_btn"
+        type="submit"
+        class="btn btn-primary w-100 mb-2"
+        disabled
+      >Save</button>
+      <button
+        id="delete_account_btn"
+        type="button"
+        class="btn btn-danger w-100"
+        data-bs-toggle="modal"
+        data-bs-target="#delete_account_modal"
+        disabled
+      >Delete Your Account</button>
+
+      <div id="delete_account_modal" class="modal fade" tabindex="-1" aria-labelledby="delete_account_modal" aria-hidden="true">
+        <div class="modal-dialog modal-dialog-centered">
+          <div class="modal-content">
+            <div class="modal-header">
+              <h5 class="modal-title">Confirmation Required</h5>
+              <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+            </div>
+            <div class="modal-body">
+              <p>Are you sure you want to delete your own account? Please type your username to confirm.</p>
+              <input
+                type="text"
+                id="delete_own_account"
+                name="delete_own_account"
+                class="form-control"
+                placeholder="Enter your username"
+              >
+              <div class="invalid-feedback">Username does not match. Please try again.</div>
+            </div>
+            <div class="modal-footer">
+              <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
+              <button id="confirm_delete_btn" type="submit" class="btn btn-primary" disabled>Confirm</button>
+            </div>
+          </div>
+        </div>
+      </div>
     % elif 'pending' in user and user['pending']:
       <div class="alert alert-dark mb-3">
         <label class="mb-2 h5">User Approval:</label>

server/fishtest/userdb.py

@@ -137,18 +137,24 @@ def save_user(self, user):
         self.last_blocked_time = 0
         self.clear_cache()
 
-    def remove_user(self, user, rejector):
-
+    def remove_user(self, user, rejector=""):
+        self.user_cache.delete_one({"_id": user["_id"]})
         result = self.users.delete_one({"_id": user["_id"]})
         if result.deleted_count > 0:
             # User successfully deleted
             self.last_pending_time = 0
             self.clear_cache()
             # logs rejected users to the server
-            print(
-                f"user: {user['username']} with email: {user['email']} was rejected by: {rejector}",
-                flush=True,
-            )
+            if rejector:
+                print(
+                    f"user: {user['username']} with email: {user['email']} was rejected by: {rejector}",
+                    flush=True,
+                )
+            else:
+                print(
+                    f"user: {user['username']} with email: {user['email']} deleted their own account",
+                    flush=True,
+                )
             return True
         else:
             # User not found

server/fishtest/views.py

@@ -613,6 +613,16 @@ def user(request):
     user_data = request.userdb.get_user(user_name)
     if user_data is None:
         raise HTTPNotFound()
+
+    if (
+        profile
+        and "delete_own_account" in request.POST
+        and request.POST["delete_own_account"] == user_name
+    ):
+        removed = request.userdb.remove_user(user_data, rejector=None)
+        if removed:
+            logout(request)
+
     if "user" in request.POST:
         if profile:
             old_password = request.params.get("old_password").strip()