def confirm_delete_account(request, user_slug):
if request.method != "POST":
return redirect("edit_account", user_slug, permanent=False)
user = get_object_or_404(User, slug=user_slug)
if user.id != request.me.id and not request.me.is_god:
raise Http404()
confirmation_hash = request.POST.get("secret_hash")
code = request.POST.get("code")
if confirmation_hash != user.secret_hash or not code:
raise AccessDenied(
title="Что-то не сходится",
message=
"Проверьте правильность кода и попробуйте запросить удаление аккаунта еще раз"
)
# verify code (raises an exception)
Code.check_code(recipient=user.email, code=code)
# cancel payments
cancel_all_stripe_subscriptions(user.stripe_id)
# mark user for deletion
user.deleted_at = datetime.utcnow()
user.save()
# remove sessions
Session.objects.filter(user=user).delete()
# schedule data cleanup task
schedule("gdpr.forget.delete_user_data",
user,
next_run=datetime.utcnow() + settings.GDPR_DELETE_TIMEDELTA)
# notify user
async_task(
send_delete_account_confirm_email,
user=user,
)
# notify admins
async_task(
send_telegram_message,
chat=ADMIN_CHAT,
text=f"💀 Юзер удалился: {settings.APP_HOST}/user/{user.slug}/",
)
return render(
request,
"users/messages/delete_account_confirmed.html",
)
def email_login_code(request):
email = request.GET.get("email")
code = request.GET.get("code")
if not email or not code:
return redirect("login")
goto = request.GET.get("goto")
email = email.lower().strip()
code = code.lower().strip()
user = Code.check_code(recipient=email, code=code)
session = Session.create_for_user(user)
if not user.is_email_verified:
# save 1 click and verify email
user.is_email_verified = True
user.save()
if user.deleted_at:
# cancel user deletion
user.deleted_at = None
user.save()
redirect_to = reverse("profile", args=[user.slug]) if not goto else goto
response = redirect(redirect_to)
return set_session_cookie(response, user, session)
