diff --git a/ivatar/ivataraccount/forms.py b/ivatar/ivataraccount/forms.py index 52cb4da..21acf57 100644 --- a/ivatar/ivataraccount/forms.py +++ b/ivatar/ivataraccount/forms.py @@ -199,3 +199,6 @@ class UploadLibravatarExportForm(forms.Form): _('This field must be checked since we need to be able to\ distribute photos to third parties.') }) + +class DeleteAccountForm(forms.Form): + password = forms.CharField(label=_('Password'), required=False, widget=forms.PasswordInput()) diff --git a/ivatar/ivataraccount/templates/delete.html b/ivatar/ivataraccount/templates/delete.html new file mode 100644 index 0000000..d0d55b6 --- /dev/null +++ b/ivatar/ivataraccount/templates/delete.html @@ -0,0 +1,35 @@ +{% extends 'base.html' %} +{% load i18n %} +{% load static %} + +{% block title %}{% trans 'Delete your Libravatar account' %}{% endblock title %} + +{% block content %} + +

{% trans 'Delete your account' %}

+ +

{% trans 'There is no way to undo this operation.' %}

+ +
{% csrf_token %} + +{% if user.password %} +

{% trans 'Please confirm your identity by entering your current password.' %}

+ +{{ form.password.errors }} +
+ + +
+ +{% endif %} + +

{% trans 'Are you sure you want to permanently delete your Libravatar account?' %}

+ + +  + + +
+ +
+{% endblock content %} diff --git a/ivatar/ivataraccount/urls.py b/ivatar/ivataraccount/urls.py index cdf22ce..57b679d 100644 --- a/ivatar/ivataraccount/urls.py +++ b/ivatar/ivataraccount/urls.py @@ -23,6 +23,7 @@ from . views import CropPhotoView from . views import UserPreferenceView, UploadLibravatarExportView from . views import ResendConfirmationMailView from . views import IvatarLoginView +from . views import DeleteAccountView # Define URL patterns, self documenting # To see the fancy, colorful evaluation of these use: @@ -60,9 +61,7 @@ urlpatterns = [ # pylint: disable=invalid-name path('export/', login_required( TemplateView.as_view(template_name='export.html') ), name='export'), - path('delete/', login_required( - TemplateView.as_view(template_name='delete.html') - ), name='delete'), + path('delete/', DeleteAccountView.as_view(), name='delete'), path('profile/', ProfileView.as_view(), name='profile'), path('add_email/', AddEmailView.as_view(), name='add_email'), path('add_openid/', AddOpenIDView.as_view(), name='add_openid'), diff --git a/ivatar/ivataraccount/views.py b/ivatar/ivataraccount/views.py index e0b3034..1ac6daf 100644 --- a/ivatar/ivataraccount/views.py +++ b/ivatar/ivataraccount/views.py @@ -39,6 +39,7 @@ from .gravatar import get_photo as get_gravatar_photo from .forms import AddEmailForm, UploadPhotoForm, AddOpenIDForm from .forms import UpdatePreferenceForm, UploadLibravatarExportForm +from .forms import DeleteAccountForm from .models import UnconfirmedEmail, ConfirmedEmail, Photo from .models import UnconfirmedOpenId, ConfirmedOpenId, DjangoOpenIDStore from .models import UserPreference @@ -917,3 +918,34 @@ class PasswordResetView(PasswordResetViewOriginal): except Exception as exc: pass return super().post(self, request, args, kwargs) + + +@method_decorator(login_required, name='dispatch') +class DeleteAccountView(SuccessMessageMixin, FormView): + ''' + View class for account deletion + ''' + + template_name = 'delete.html' + form_class = DeleteAccountForm + success_url = reverse_lazy('home') + + def get(self, request, *args, **kwargs): + return super().get(self, request, args, kwargs) + + def post(self, request, *args, **kwargs): + ''' + Handle account deletion + ''' + if request.user.password: + if 'password' in request.POST: + if not request.user.check_password(request.POST['password']): + messages.error(request, _('Incorrect password')) + return HttpResponseRedirect(reverse_lazy('delete')) + else: + messages.error(request, _('No password given')) + return HttpResponseRedirect(reverse_lazy('delete')) + + raise(_('No password given')) + request.user.delete() # should delete all confirmed/unconfirmed/photo objects + return super().post(self, request, args, kwargs)