Exemplo n.º 1
0
def confirm_delete_account(request, user_slug):
    if request.method != "POST":
        return redirect("edit_account", user_slug, permanent=False)

    user = get_object_or_404(User, slug=user_slug)
    if user.id != request.me.id and not request.me.is_god:
        raise Http404()

    confirmation_hash = request.POST.get("secret_hash")
    code = request.POST.get("code")
    if confirmation_hash != user.secret_hash or not code:
        raise AccessDenied(
            title="Что-то не сходится",
            message=
            "Проверьте правильность кода и попробуйте запросить удаление аккаунта еще раз"
        )

    # verify code (raises an exception)
    Code.check_code(recipient=user.email, code=code)

    # cancel payments
    cancel_all_stripe_subscriptions(user.stripe_id)

    # mark user for deletion
    user.deleted_at = datetime.utcnow()
    user.save()

    # remove sessions
    Session.objects.filter(user=user).delete()

    # schedule data cleanup task
    schedule("gdpr.forget.delete_user_data",
             user,
             next_run=datetime.utcnow() + settings.GDPR_DELETE_TIMEDELTA)

    # notify user
    async_task(
        send_delete_account_confirm_email,
        user=user,
    )

    # notify admins
    async_task(
        send_telegram_message,
        chat=ADMIN_CHAT,
        text=f"💀 Юзер удалился: {settings.APP_HOST}/user/{user.slug}/",
    )

    return render(
        request,
        "users/messages/delete_account_confirmed.html",
    )
Exemplo n.º 2
0
def email_login_code(request):
    email = request.GET.get("email")
    code = request.GET.get("code")
    if not email or not code:
        return redirect("login")

    goto = request.GET.get("goto")
    email = email.lower().strip()
    code = code.lower().strip()

    user = Code.check_code(recipient=email, code=code)
    session = Session.create_for_user(user)

    if not user.is_email_verified:
        # save 1 click and verify email
        user.is_email_verified = True
        user.save()

    if user.deleted_at:
        # cancel user deletion
        user.deleted_at = None
        user.save()

    redirect_to = reverse("profile", args=[user.slug]) if not goto else goto
    response = redirect(redirect_to)
    return set_session_cookie(response, user, session)