add stronger language around wallet deletion and seed restores

seed-restores
lza_menace 4 years ago
parent 375bbe9b98
commit f2677349dc

@ -23,7 +23,8 @@ class Delete(FlaskForm):
class Restore(FlaskForm): class Restore(FlaskForm):
seed = StringField('Seed Phrase', validators=[DataRequired()], render_kw={"placeholder": "25 word mnemonic seed phrase", "class": "form-control"}) seed = StringField('Seed Phrase', validators=[DataRequired()], render_kw={"placeholder": "25 word mnemonic seed phrase", "class": "form-control"})
risks_accepted = BooleanField('I accept the risks:', validators=[DataRequired()], render_kw={"class": "form-control-span"})
def validate_seed(self, seed): def validate_seed(self, seed):
if len(self.seed.data.split()) != 25: if len(self.seed.data.split()) != 25:
raise ValidationError("Invalid seed provided; must be 25 word format") raise ValidationError("Invalid seed provided; must be standard Wownero 25 word format")

@ -154,6 +154,7 @@
<div class="section-heading text-center"> <div class="section-heading text-center">
<h2>Delete Account</h2> <h2>Delete Account</h2>
<p>You can and should delete your wallet from the server. Please ensure you have copied the mnemonic seed from the secrets above if there are still funds associated with the keys.</p> <p>You can and should delete your wallet from the server. Please ensure you have copied the mnemonic seed from the secrets above if there are still funds associated with the keys.</p>
<p>I highly recommend making a new wallet on your own and transferring funds there to ensure only you have full ownership and visibility into the private keys / seed. Not your keys, not your crypto!</p>
<form method="POST" action="{{ url_for('auth.delete') }}" class="send-form"> <form method="POST" action="{{ url_for('auth.delete') }}" class="send-form">
{{ delete_form.csrf_token }} {{ delete_form.csrf_token }}
{% for f in delete_form %} {% for f in delete_form %}

@ -20,6 +20,8 @@
<hr><br /><br /> <hr><br /><br />
<form method="POST" action="{{ url_for('wallet.setup') }}" class="send-form"> <form method="POST" action="{{ url_for('wallet.setup') }}" class="send-form">
<p><strong>! WARNING !</strong><br /> If you input a mnemonic seed here I could theoretically steal your money, even without a wallet on my server; so could a hacker if they compromised my server.</p>
<p>You <strong>can</strong> and <strong>should</strong> use a <a href="https://wownero.org/#wallets" target="_blank">wallet</a> you can run locally to ensure your funds are safe, especially if there is a lot there. Proceed at your own risk.</p>
{{ restore_form.csrf_token }} {{ restore_form.csrf_token }}
{% for f in restore_form %} {% for f in restore_form %}
{% if f.name != 'csrf_token' %} {% if f.name != 'csrf_token' %}

Loading…
Cancel
Save