From 6cc062d88e7b70a61d52e6eab633de57c4114cb2 Mon Sep 17 00:00:00 2001 From: Gareth Coles Date: Tue, 22 Oct 2019 16:00:16 +0100 Subject: Implement account deletion at /accounts/delete --- pydis_site/apps/home/forms/__init__.py | 0 pydis_site/apps/home/forms/account_deletion.py | 24 ++++++++++++++++++ pydis_site/apps/home/views/account/delete.py | 21 ++++++++++++++-- pydis_site/templates/home/account/delete.html | 34 +++++++++++++++++++++++++- 4 files changed, 76 insertions(+), 3 deletions(-) create mode 100644 pydis_site/apps/home/forms/__init__.py create mode 100644 pydis_site/apps/home/forms/account_deletion.py (limited to 'pydis_site') diff --git a/pydis_site/apps/home/forms/__init__.py b/pydis_site/apps/home/forms/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/pydis_site/apps/home/forms/account_deletion.py b/pydis_site/apps/home/forms/account_deletion.py new file mode 100644 index 00000000..17ffe5c1 --- /dev/null +++ b/pydis_site/apps/home/forms/account_deletion.py @@ -0,0 +1,24 @@ +from crispy_forms.helper import FormHelper +from crispy_forms.layout import Layout +from django.forms import CharField, Form +from django_crispy_bulma.layout import IconField, Submit + + +class AccountDeletionForm(Form): + """Account deletion form, to collect username for confirmation of removal.""" + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.helper = FormHelper() + + self.helper.form_method = "post" + self.helper.add_input(Submit("submit", "I understand, delete my account")) + + self.helper.layout = Layout( + IconField("username", icon_prepend="user") + ) + + username = CharField( + label="Username", + required=True + ) diff --git a/pydis_site/apps/home/views/account/delete.py b/pydis_site/apps/home/views/account/delete.py index f80089d5..798b8a33 100644 --- a/pydis_site/apps/home/views/account/delete.py +++ b/pydis_site/apps/home/views/account/delete.py @@ -1,9 +1,12 @@ from django.contrib.auth.mixins import LoginRequiredMixin +from django.contrib.messages import ERROR, INFO, add_message from django.http import HttpRequest, HttpResponse -from django.shortcuts import render +from django.shortcuts import redirect, render from django.urls import reverse from django.views import View +from pydis_site.apps.home.forms.account_deletion import AccountDeletionForm + class DeleteView(LoginRequiredMixin, View): """Account deletion view, for removing linked user accounts from the DB.""" @@ -14,7 +17,21 @@ class DeleteView(LoginRequiredMixin, View): def get(self, request: HttpRequest) -> HttpResponse: """HTTP GET: Return the view template.""" - return render(request, "home/account/delete.html") + return render( + request, "home/account/delete.html", + context={"form": AccountDeletionForm()} + ) def post(self, request: HttpRequest) -> HttpResponse: """HTTP POST: Process the deletion, as requested by the user.""" + form = AccountDeletionForm(request.POST) + + if not form.is_valid() or request.user.username != form.cleaned_data["username"]: + add_message(request, ERROR, "Please enter your username exactly as shown.") + + return redirect(reverse("account_delete")) + + request.user.delete() + add_message(request, INFO, "Your account has been deleted.") + + return redirect(reverse("home")) diff --git a/pydis_site/templates/home/account/delete.html b/pydis_site/templates/home/account/delete.html index 8d68a0e3..1020a82b 100644 --- a/pydis_site/templates/home/account/delete.html +++ b/pydis_site/templates/home/account/delete.html @@ -1,4 +1,6 @@ {% extends 'base/base.html' %} + +{% load crispy_forms_tags %} {% load static %} {% block title %}Delete Account{% endblock %} @@ -6,7 +8,37 @@ {% block content %} {% include "base/navbar.html" %} -
+
+
+

Account Deletion

+ +
+
+ +
+
+

+ You have requested to delete the account with username + {{ user.username }}. +

+ +

+ Please note that this cannot be undone. +

+ +

+ To verify that you'd like to remove your account, please type your username into the box below. +

+
+
+
+
+
+
+ {% crispy form %} +
+
+
{% endblock %} -- cgit v1.2.3