def confirm_delete_account(request, user_slug):
if request.method != "POST":
return redirect("edit_account", user_slug, permanent=False)
user = get_object_or_404(User, slug=user_slug)
if user.id != request.me.id and not request.me.is_god:
raise Http404()
confirmation_hash = request.POST.get("secret_hash")
code = request.POST.get("code")
if confirmation_hash != user.secret_hash or not code:
raise AccessDenied(
title="Что-то не сходится",
message=
"Проверьте правильность кода и попробуйте запросить удаление аккаунта еще раз"
)
# verify code (raises an exception)
Code.check_code(recipient=user.email, code=code)
# cancel payments
cancel_all_stripe_subscriptions(user.stripe_id)
# mark user for deletion
user.deleted_at = datetime.utcnow()
user.save()
# remove sessions
Session.objects.filter(user=user).delete()
# schedule data cleanup task
schedule("gdpr.forget.delete_user_data",
user,
next_run=datetime.utcnow() + settings.GDPR_DELETE_TIMEDELTA)
# notify user
async_task(
send_delete_account_confirm_email,
user=user,
)
# notify admins
async_task(
send_telegram_message,
chat=ADMIN_CHAT,
text=f"💀 Юзер удалился: {settings.APP_HOST}/user/{user.slug}/",
)
return render(
request,
"users/messages/delete_account_confirmed.html",
)
def request_delete_account(request, user_slug):
if request.method != "POST":
return redirect("edit_account", user_slug, permanent=False)
user = get_object_or_404(User, slug=user_slug)
if user.id != request.me.id and not request.me.is_god:
raise Http404()
confirmation_string = request.POST.get("confirm")
if confirmation_string != settings.GDPR_DELETE_CONFIRMATION:
raise BadRequest(
title="Неправильная строка подтверждения",
message=
f"Вы должны в точности написать \"{settings.GDPR_DELETE_CONFIRMATION}\" "
f"чтобы запустить процедуру удаления аккаунта")
DataRequests.register_forget_request(user)
code = Code.create_for_user(user=user,
recipient=user.email,
length=settings.GDPR_DELETE_CODE_LENGTH)
async_task(send_delete_account_request_email, user=user, code=code)
return render(request, "users/messages/delete_account_requested.html",
{"user": user})
def email_login_code(request):
email = request.GET.get("email")
code = request.GET.get("code")
if not email or not code:
return redirect("login")
goto = request.GET.get("goto")
email = email.lower().strip()
code = code.lower().strip()
user = Code.check_code(recipient=email, code=code)
session = Session.create_for_user(user)
if not user.is_email_verified:
# save 1 click and verify email
user.is_email_verified = True
user.save()
if user.deleted_at:
# cancel user deletion
user.deleted_at = None
user.save()
redirect_to = reverse("profile", args=[user.slug]) if not goto else goto
response = redirect(redirect_to)
return set_session_cookie(response, user, session)
def setUpTestData(cls):
# Set up data for the whole TestCase
cls.new_user: User = User.objects.create(
email="*****@*****.**",
membership_started_at=datetime.now() - timedelta(days=5),
membership_expires_at=datetime.now() + timedelta(days=5),
slug="ujlbu4"
)
cls.code = Code.create_for_user(user=cls.new_user, recipient=cls.new_user.email)
def email_login(request):
if request.method != "POST":
return redirect("login")
goto = request.POST.get("goto")
email_or_login = request.POST.get("email_or_login")
if not email_or_login:
return redirect("login")
email_or_login = email_or_login.strip()
if "|-" in email_or_login:
# secret_hash login
email_part, secret_hash_part = email_or_login.split("|-", 1)
user = User.objects.filter(email=email_part,
secret_hash=secret_hash_part).first()
if not user:
return render(
request, "error.html", {
"title":
"Такого юзера нет 🤔",
"message":
"Пользователь с таким кодом не найден. "
"Попробуйте авторизоваться по обычной почте или юзернейму.",
})
session = Session.create_for_user(user)
redirect_to = reverse("profile", args=[user.slug
]) if not goto else goto
response = redirect(redirect_to)
return set_session_cookie(response, user, session)
else:
# email/nickname login
user = User.objects.filter(
Q(email=email_or_login.lower()) | Q(slug=email_or_login)).first()
if not user:
return render(
request, "error.html", {
"title":
"Такого юзера нет 🤔",
"message":
"Пользователь с такой почтой не найден в списке членов Клуба. "
"Попробуйте другую почту или никнейм. "
"Если совсем ничего не выйдет, напишите нам, попробуем помочь.",
})
code = Code.create_for_user(user=user,
recipient=user.email,
length=settings.AUTH_CODE_LENGTH)
async_task(send_auth_email, user, code)
async_task(notify_user_auth, user, code)
return render(request, "auth/email.html", {
"email": user.email,
"goto": goto,
})