Implement account deletion

2025-11-18 14:08:04 +00:00 · 2019-02-19 11:25:18 +01:00
parent b92a535469
commit 6861cbf5aa
4 changed files with 72 additions and 3 deletions
--- a/ivatar/ivataraccount/forms.py
+++ b/ivatar/ivataraccount/forms.py
@@ -199,3 +199,6 @@ class UploadLibravatarExportForm(forms.Form):
            _('This field must be checked since we need to be able to\
              distribute photos to third parties.')
        })
+
+class DeleteAccountForm(forms.Form):
+    password = forms.CharField(label=_('Password'), required=False, widget=forms.PasswordInput())
--- a/ivatar/ivataraccount/templates/delete.html
+++ b/ivatar/ivataraccount/templates/delete.html
@@ -0,0 +1,35 @@
+{% extends 'base.html' %}                                                                                                                      
+{% load i18n %}
+{% load static %}
+
+{% block title %}{% trans 'Delete your Libravatar account' %}{% endblock title %}
+
+{% block content %}
+
+<h1>{% trans 'Delete your account' %}</h1>
+
+<p><strong>{% trans 'There is no way to undo this operation.' %}</strong></p>
+
+<form method="post" name="deleteaccount" id="form-deleteaccount">{% csrf_token %}
+
+{% if user.password %}
+<p>{% trans 'Please confirm your identity by entering your current password.' %}</p>
+
+{{ form.password.errors }}
+<div class="form-group" style='max-width:300px;'>
+<label for="id_password">{% trans 'Password' %}:</label>
+<input type="password" name="password" autofocus required class="form-control" id="id_password">
+</div>
+
+{% endif %}
+
+<p>{% trans 'Are you sure you want to <strong>permanently delete</strong> your Libravatar account?' %}</p>
+
+<button type="submit" class="btn btn-danger">{% trans 'Yes, delete all of my stuff' %}</button>
+&nbsp;
+<button type="cancel" class="btn btn-default" href="{% url 'profile' %}">{% trans 'Cancel' %}</button>
+
+</form>
+
+<div style="height:40px"></div>
+{% endblock content %}
--- a/ivatar/ivataraccount/urls.py
+++ b/ivatar/ivataraccount/urls.py
@@ -23,6 +23,7 @@ from . views import CropPhotoView
 from . views import UserPreferenceView, UploadLibravatarExportView
 from . views import ResendConfirmationMailView
 from . views import IvatarLoginView
+from . views import DeleteAccountView

 # Define URL patterns, self documenting
 # To see the fancy, colorful evaluation of these use:
@@ -60,9 +61,7 @@ urlpatterns = [  # pylint: disable=invalid-name
    path('export/', login_required(
        TemplateView.as_view(template_name='export.html')
    ), name='export'),
-    path('delete/', login_required(
-        TemplateView.as_view(template_name='delete.html')
-    ), name='delete'),
+    path('delete/', DeleteAccountView.as_view(), name='delete'),
    path('profile/', ProfileView.as_view(), name='profile'),
    path('add_email/', AddEmailView.as_view(), name='add_email'),
    path('add_openid/', AddOpenIDView.as_view(), name='add_openid'),
--- a/ivatar/ivataraccount/views.py
+++ b/ivatar/ivataraccount/views.py
@@ -39,6 +39,7 @@ from .gravatar import get_photo as get_gravatar_photo

 from .forms import AddEmailForm, UploadPhotoForm, AddOpenIDForm
 from .forms import UpdatePreferenceForm, UploadLibravatarExportForm
+from .forms import DeleteAccountForm
 from .models import UnconfirmedEmail, ConfirmedEmail, Photo
 from .models import UnconfirmedOpenId, ConfirmedOpenId, DjangoOpenIDStore
 from .models import UserPreference
@@ -917,3 +918,34 @@ class PasswordResetView(PasswordResetViewOriginal):
            except Exception as exc:
                pass
        return super().post(self, request, args, kwargs)
+
+
+@method_decorator(login_required, name='dispatch')
+class DeleteAccountView(SuccessMessageMixin, FormView):
+    '''
+    View class for account deletion
+    '''
+
+    template_name = 'delete.html'
+    form_class = DeleteAccountForm
+    success_url = reverse_lazy('home')
+
+    def get(self, request, *args, **kwargs):
+        return super().get(self, request, args, kwargs)
+
+    def post(self, request, *args, **kwargs):
+        '''
+        Handle account deletion
+        '''
+        if request.user.password:
+            if 'password' in request.POST:
+                if not request.user.check_password(request.POST['password']):
+                    messages.error(request, _('Incorrect password'))
+                    return HttpResponseRedirect(reverse_lazy('delete'))
+            else:
+                messages.error(request, _('No password given'))
+                return HttpResponseRedirect(reverse_lazy('delete'))
+
+                raise(_('No password given'))
+        request.user.delete() # should delete all confirmed/unconfirmed/photo objects
+        return super().post(self, request, args, kwargs)