def post(self): # One can only delete themselves, if they are logged in and post with a # vaild state if not self.request.form.get("csrf") == session.get('state'): return self.flash_out( "The state does not match the session, please try again", 401, url_for("myaccount_view")) # Get the user id from session uid = session.get('uid') if not uid: self.auth.logout() return self.flash_out( "No valid login detected", 401, url_for("login_view")) # Revoke the access token for the provider provider = session.get('provider') if provider == "google": self.google.disconnect() elif provider == 'facebook': self.facebook.disconnect() # Delete all the items that belong to the user Items.delete_by_user(dbs, uid) # Delete the user's image Images.delete_by_id(dbs, self.user.picture) # Delete the user User.delete_user(dbs, uid) self.auth.logout() return self.flash_out("The account has been deleted", 200, "/")