From f2677349dc44fdde4836f58e33096e135610483a Mon Sep 17 00:00:00 2001
From: lza_menace <lza_menace@protonmail.com>
Date: Tue, 29 Dec 2020 15:47:10 -0800
Subject: [PATCH] add stronger language around wallet deletion and seed
 restores

---
 wowstash/forms.py                        | 3 ++-
 wowstash/templates/wallet/dashboard.html | 3 ++-
 wowstash/templates/wallet/setup.html     | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/wowstash/forms.py b/wowstash/forms.py
index 06511e8..69b88d3 100644
--- a/wowstash/forms.py
+++ b/wowstash/forms.py
@@ -23,7 +23,8 @@ class Delete(FlaskForm):
 
 class Restore(FlaskForm):
     seed = StringField('Seed Phrase', validators=[DataRequired()], render_kw={"placeholder": "25 word mnemonic seed phrase", "class": "form-control"})
+    risks_accepted = BooleanField('I accept the risks:', validators=[DataRequired()], render_kw={"class": "form-control-span"})
 
     def validate_seed(self, seed):
         if len(self.seed.data.split()) != 25:
-            raise ValidationError("Invalid seed provided; must be 25 word format")
+            raise ValidationError("Invalid seed provided; must be standard Wownero 25 word format")
diff --git a/wowstash/templates/wallet/dashboard.html b/wowstash/templates/wallet/dashboard.html
index 54dfaeb..b69a37c 100644
--- a/wowstash/templates/wallet/dashboard.html
+++ b/wowstash/templates/wallet/dashboard.html
@@ -154,6 +154,7 @@
         <div class="section-heading text-center">
           <h2>Delete Account</h2>
           <p>You can and should delete your wallet from the server. Please ensure you have copied the mnemonic seed from the secrets above if there are still funds associated with the keys.</p>
+          <p>I highly recommend making a new wallet on your own and transferring funds there to ensure only you have full ownership and visibility into the private keys / seed. Not your keys, not your crypto!</p>
           <form method="POST" action="{{ url_for('auth.delete') }}" class="send-form">
               {{ delete_form.csrf_token }}
               {% for f in delete_form %}
@@ -168,7 +169,7 @@
               {% for field, errors in delete_form.errors.items() %}
                   <li>{{ send_form[field].label }}: {{ ', '.join(errors) }}</li>
               {% endfor %}
-            </ul>
+              </ul>
               <input type="submit" value="Delete" class="btn btn-link btn-outline btn-xl">
           </form>
         </div>
diff --git a/wowstash/templates/wallet/setup.html b/wowstash/templates/wallet/setup.html
index ca20475..1841a85 100644
--- a/wowstash/templates/wallet/setup.html
+++ b/wowstash/templates/wallet/setup.html
@@ -20,6 +20,8 @@
           <hr><br /><br />
 
           <form method="POST" action="{{ url_for('wallet.setup') }}" class="send-form">
+              <p><strong>! WARNING !</strong><br /> If you input a mnemonic seed here I could theoretically steal your money, even without a wallet on my server; so could a hacker if they compromised my server.</p>
+              <p>You <strong>can</strong> and <strong>should</strong> use a <a href="https://wownero.org/#wallets" target="_blank">wallet</a> you can run locally to ensure your funds are safe, especially if there is a lot there. Proceed at your own risk.</p>
               {{ restore_form.csrf_token }}
               {% for f in restore_form %}
                 {% if f.name != 'csrf_token' %}
@@ -33,7 +35,7 @@
               {% for field, errors in restore_form.errors.items() %}
                   <li>{{ restore_form[field].label }}: {{ ', '.join(errors) }}</li>
               {% endfor %}
-            </ul>
+              </ul>
               <input type="submit" value="Restore From Seed" class="btn btn-link btn-outline btn-xl">
           </form>
         </div>