add stronger language around wallet deletion and seed restores

4 years ago · f2677349dc
parent 375bbe9b98
commit f2677349dc
3 changed files with 7 additions and 3 deletions
--- a/wowstash/forms.py
+++ b/wowstash/forms.py
@ -23,7 +23,8 @@ class Delete(FlaskForm):

 class Restore(FlaskForm):
    seed = StringField('Seed Phrase', validators=[DataRequired()], render_kw={"placeholder": "25 word mnemonic seed phrase", "class": "form-control"})
+    risks_accepted = BooleanField('I accept the risks:', validators=[DataRequired()], render_kw={"class": "form-control-span"})

    def validate_seed(self, seed):
        if len(self.seed.data.split()) != 25:
-            raise ValidationError("Invalid seed provided; must be 25 word format")
+            raise ValidationError("Invalid seed provided; must be standard Wownero 25 word format")
--- a/wowstash/templates/wallet/dashboard.html
+++ b/wowstash/templates/wallet/dashboard.html
@ -154,6 +154,7 @@
        <div class="section-heading text-center">
          <h2>Delete Account</h2>
          <p>You can and should delete your wallet from the server. Please ensure you have copied the mnemonic seed from the secrets above if there are still funds associated with the keys.</p>
+          <p>I highly recommend making a new wallet on your own and transferring funds there to ensure only you have full ownership and visibility into the private keys / seed. Not your keys, not your crypto!</p>
          <form method="POST" action="{{ url_for('auth.delete') }}" class="send-form">
              {{ delete_form.csrf_token }}
              {% for f in delete_form %}
@ -168,7 +169,7 @@
              {% for field, errors in delete_form.errors.items() %}
                  <li>{{ send_form[field].label }}: {{ ', '.join(errors) }}</li>
              {% endfor %}
-            </ul>
+              </ul>
              <input type="submit" value="Delete" class="btn btn-link btn-outline btn-xl">
          </form>
        </div>
--- a/wowstash/templates/wallet/setup.html
+++ b/wowstash/templates/wallet/setup.html
@ -20,6 +20,8 @@
          <hr><br /><br />

          <form method="POST" action="{{ url_for('wallet.setup') }}" class="send-form">
+              <p><strong>! WARNING !</strong><br /> If you input a mnemonic seed here I could theoretically steal your money, even without a wallet on my server; so could a hacker if they compromised my server.</p>
+              <p>You <strong>can</strong> and <strong>should</strong> use a <a href="https://wownero.org/#wallets" target="_blank">wallet</a> you can run locally to ensure your funds are safe, especially if there is a lot there. Proceed at your own risk.</p>
              {{ restore_form.csrf_token }}
              {% for f in restore_form %}
                {% if f.name != 'csrf_token' %}
@ -33,7 +35,7 @@
              {% for field, errors in restore_form.errors.items() %}
                  <li>{{ restore_form[field].label }}: {{ ', '.join(errors) }}</li>
              {% endfor %}
-            </ul>
+              </ul>
              <input type="submit" value="Restore From Seed" class="btn btn-link btn-outline btn-xl">
          </form>
        </div>