def post(self):
# One can only delete themselves, if they are logged in and post with a
# vaild state
if not self.request.form.get("csrf") == session.get('state'):
return self.flash_out(
"The state does not match the session, please try again", 401, url_for("myaccount_view"))
# Get the user id from session
uid = session.get('uid')
if not uid:
self.auth.logout()
return self.flash_out(
"No valid login detected", 401, url_for("login_view"))
# Revoke the access token for the provider
provider = session.get('provider')
if provider == "google":
self.google.disconnect()
elif provider == 'facebook':
self.facebook.disconnect()
# Delete all the items that belong to the user
Items.delete_by_user(dbs, uid)
# Delete the user's image
Images.delete_by_id(dbs, self.user.picture)
# Delete the user
User.delete_user(dbs, uid)
self.auth.logout()
return self.flash_out("The account has been deleted", 200, "/")
