Implement account deletion at /accounts/delete

3 files changed, 43 insertions, 2 deletions

diff --git a/pydis_site/apps/home/forms/__init__.py b/pydis_site/apps/home/forms/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/pydis_site/apps/home/forms/__init__.py
diff --git a/pydis_site/apps/home/forms/account_deletion.py b/pydis_site/apps/home/forms/account_deletion.py
new file mode 100644
index 00000000..17ffe5c1
--- /dev/null
+++ b/pydis_site/apps/home/forms/account_deletion.py
@@ -0,0 +1,24 @@
+from crispy_forms.helper import FormHelper
+from crispy_forms.layout import Layout
+from django.forms import CharField, Form
+from django_crispy_bulma.layout import IconField, Submit
+
+
+class AccountDeletionForm(Form):
+    """Account deletion form, to collect username for confirmation of removal."""
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.helper = FormHelper()
+
+        self.helper.form_method = "post"
+        self.helper.add_input(Submit("submit", "I understand, delete my account"))
+
+        self.helper.layout = Layout(
+            IconField("username", icon_prepend="user")
+        )
+
+    username = CharField(
+        label="Username",
+        required=True
+    )
diff --git a/pydis_site/apps/home/views/account/delete.py b/pydis_site/apps/home/views/account/delete.py
index f80089d5..798b8a33 100644
--- a/pydis_site/apps/home/views/account/delete.py
+++ b/pydis_site/apps/home/views/account/delete.py
@@ -1,9 +1,12 @@
 from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib.messages import ERROR, INFO, add_message
 from django.http import HttpRequest, HttpResponse
-from django.shortcuts import render
+from django.shortcuts import redirect, render
 from django.urls import reverse
 from django.views import View
 
+from pydis_site.apps.home.forms.account_deletion import AccountDeletionForm
+
 
 class DeleteView(LoginRequiredMixin, View):
     """Account deletion view, for removing linked user accounts from the DB."""
@@ -14,7 +17,21 @@ class DeleteView(LoginRequiredMixin, View):
 
     def get(self, request: HttpRequest) -> HttpResponse:
         """HTTP GET: Return the view template."""
-        return render(request, "home/account/delete.html")
+        return render(
+            request, "home/account/delete.html",
+            context={"form": AccountDeletionForm()}
+        )
 
     def post(self, request: HttpRequest) -> HttpResponse:
         """HTTP POST: Process the deletion, as requested by the user."""
+        form = AccountDeletionForm(request.POST)
+
+        if not form.is_valid() or request.user.username != form.cleaned_data["username"]:
+            add_message(request, ERROR, "Please enter your username exactly as shown.")
+
+            return redirect(reverse("account_delete"))
+
+        request.user.delete()
+        add_message(request, INFO, "Your account has been deleted.")
+
+        return redirect(reverse("home"))