Produits Entr'ouvert » Authentic 2

    A2_DELETION_REQUEST_LIFETIME=Setting(

        default=48*3600,

        definition='Lifetime in seconds of the user account deletion request'),

{% load i18n %}{% autoescape off %}{% blocktrans %}Account deletion on {{ site }}{% endblocktrans %}{% endautoescape %}

{% load i18n %}

<html>

  <body style="max-width: 90ex">

        <p>{% blocktrans %}{{ full_name }},{% endblocktrans %}</p>

        <p>

{% blocktrans %}

Please click on {{ deletion_url }} if you want to validate your account deletion request on {{ site }}.

If so, all related data will be deleted in the next few hours.

You won't be able to log in with this account anymore.

{% endblocktrans %}

        </p>

  </body>

</html>

{% load i18n %}{% autoescape off %}{% blocktrans %}{{ full_name }},{% endblocktrans %}

{% blocktrans %}

Please click on {{ deletion_url }} if you want to validate your account deletion request on {{ site }}.

If so, all related data will be deleted in the next few hours.

You won't be able to log in with this account anymore.

{% endblocktrans %}

{% endautoescape %}

{% load i18n %}{% autoescape off %}{% blocktrans %}Validate account deletion request on {{ site }}{% endblocktrans %}{% endautoescape %}

{% load authentic2 %}

  <p>

  {% blocktrans with first_name=user.first_name last_name=user.last_name possessive=user.last_name|endswith:"s"|yesno:"','s" %}

  Delete {{ first_name }} {{ last_name }}{{ possessive }} account and all related personal data?

  {% endblocktrans %}

  </p>

{% extends "authentic2/base-page.html" %}

{% load i18n %}

{% block page-title %}

  {{ block.super }} - {% trans "Account deletion" %}

{% endblock %}

{% block content %}

  <p>{{ message }}</p>

{% endblock %}

from django import template

register = template.Library()

@register.filter

def endswith(value, suffix):

    return value.endswith(suffix)

    url(r'validate-deletion/(?P<deletion_token>[\w: -]+)/$',

        views.ValidateDeletionView.as_view(),

        name='validate_deletion'),

def build_deletion_url(request, **kwargs):

    data = kwargs.copy()

    data['user_pk'] = request.user.pk

    deletion_token = signing.dumps(data)

    delete_url = request.build_absolute_uri(

            reverse('validate_deletion', kwargs={'deletion_token': deletion_token}))

    return delete_url

def send_account_deletion_code(request, user):

    '''Send an account deletion notification code to a user.

       Can raise an smtplib.SMTPException

    '''

    logger = logging.getLogger(__name__)

    deletion_url = build_deletion_url(request)

    context = {

        'full_name': request.user.get_full_name(),

        'user': request.user,

        'site': request.get_host(),

        'deletion_url': deletion_url}

    template_names = [

        'authentic2/account_deletion_code']

    if user.ou:

        template_names.insert(0, 'authentic2/account_deletion_code_%s' % user.ou.slug)

    send_templated_mail(user.email, template_names, context, request=request)

    logger.info(u'account deletion code sent to %s', user.email)

registration_completion = valid_token(RegistrationCompletionView.as_view())

class DeleteView(View):

    def get(self, request, *args, **kwargs):

        utils.send_account_deletion_code(self.request, self.request.user)

        messages.info(request,

                _("An account deletion validation email has been sent to your email address."))

        return utils.redirect(request, 'account_management')

class ValidateDeletionView(TemplateView):

    template_name = 'authentic2/accounts_delete_validation.html'

    title = _('Confirm account deletion')

    user = None

    def dispatch(self, request, *args, **kwargs):

        error = None

        try:

            deletion_token = signing.loads(kwargs['deletion_token'],

                    max_age=app_settings.A2_DELETION_REQUEST_LIFETIME)

            user_pk = deletion_token['user_pk']

            self.user = get_user_model().objects.get(pk=user_pk)

            # A user account wont be deactived twice

            if not self.user.is_active:

                raise ValidationError(

                    _('This account had previously been deactivated and will be deleted soon.'))

            logger.info('user %s confirmed the deletion of their own account', self.user)

        except signing.SignatureExpired:

            error = _('The account deletion request is too old, try again')

        except signing.BadSignature:

            error = _('The account deletion request is invalid, try again')

        except ValueError:

            error = _('The account deletion request was not on this site, try again')

        except ValidationError as e:

            error = e.message

        except get_user_model().DoesNotExist:

            error = _('This account has previously been deleted.')

        if error:

            return render(request, 'authentic2/accounts_plain_message.html',

                    context={'message': error})

        return super(ValidateDeletionView, self).dispatch(request, *args, **kwargs)

    def post(self, request, *args, **kwargs):

        if 'cancel' not in request.POST:

            utils.send_account_deletion_mail(self.request, self.user)

            models.DeletedUser.objects.delete_user(self.user)

            self.user.email += '#%d' % random.randint(1, 10000000)

            self.user.email_verified = False

            self.user.save(update_fields=['email', 'email_verified'])

            logger.info(u'deletion of account %s performed', self.user)

            hooks.call_hooks('event', name='delete-account', user=self.user)

            if self.user == request.user:

                # No validation message displayed, as the user will surely

                # notice their own account deletion...

                return utils.redirect(request, 'auth_logout')

            # No real use for cancel_url or next_url here, assuming the link

            # has been received by email.

            return render(request, 'authentic2/accounts_plain_message.html',

                    context={'message': 'Deletion performed.'})

        return utils.redirect(request, '/')

    def get_context_data(self, **kwargs):

        ctx = super(ValidateDeletionView, self).get_context_data(**kwargs)

        ctx['user'] = self.user # Not necessarily the user in request

        return ctx

from utils import login, logout, get_link_from_mail

    assert len(mailoutbox) == 1

    link = get_link_from_mail(mailoutbox[0])

    assert 'Validate account deletion request on testserver' == mailoutbox[0].subject

    assert [simple_user.email] == mailoutbox[0].to

    page = app.get(link)

    assert len(mailoutbox) == 2

    assert 'Account deletion on testserver' == mailoutbox[1].subject

    assert [simple_user.email] == mailoutbox[0].to

def test_account_delete_when_logged_out(app, simple_user, mailoutbox):

    assert simple_user.is_active

    assert not len(mailoutbox)

    page = login(app, simple_user, path=reverse('delete_account'))

    assert len(mailoutbox) == 1

    link = get_link_from_mail(mailoutbox[0])

    logout(app)

    page = app.get(link)

    assert 'Delete %s %s\'s account and all related personal data?' % (

            simple_user.first_name, simple_user.last_name) in page.text

    response = page.form.submit(name='submit')

    assert not User.objects.get(pk=simple_user.pk).is_active

    assert len(mailoutbox) == 2

    assert 'Account deletion on testserver' == mailoutbox[1].subject

    assert [simple_user.email] == mailoutbox[0].to

    assert "Deletion performed" in response.text

def test_account_delete_by_other_user(app, simple_user, user_ou1, mailoutbox):

    assert simple_user.is_active

    assert user_ou1.is_active

    assert not len(mailoutbox)

    page = login(app, simple_user, path=reverse('delete_account'))

    assert len(mailoutbox) == 1

    link = get_link_from_mail(mailoutbox[0])

    logout(app)

    login(app, user_ou1, path=reverse('account_management'))

    page = app.get(link)

    assert 'Delete %s %s\'s account and all related personal data?' % (

            simple_user.first_name, simple_user.last_name) in page.text

    response = page.form.submit(name='submit')

    assert not User.objects.get(pk=simple_user.pk).is_active

    assert User.objects.get(pk=user_ou1.pk).is_active

    assert "Deletion performed" in response.text

    assert len(mailoutbox) == 2

    assert 'Account deletion on testserver' == mailoutbox[1].subject

    assert [simple_user.email] == mailoutbox[0].to

def test_account_delete_fake_token(app, simple_user, mailoutbox):

    response = app.get(reverse('validate_deletion', kwargs={'deletion_token': 'thisismostlikelynotavalidtoken'}))

    assert "The account deletion request is invalid, try again" in response.text

def test_account_delete_expired_token(app, simple_user, mailoutbox, freezer):

    freezer.move_to('2019-08-01')

    page = login(app, simple_user, path=reverse('delete_account'))

    freezer.move_to('2019-08-04') # Too late...

    link = get_link_from_mail(mailoutbox[0])

    response = app.get(link)

    assert "The account deletion request is too old, try again" in response.text

def test_account_delete_valid_token_unexistent_user(app, simple_user, mailoutbox):

    page = login(app, simple_user, path=reverse('delete_account'))

    link = get_link_from_mail(mailoutbox[0])

    simple_user.delete()

    response = app.get(link)

    assert 'This account has previously been deleted.' in response.text

def test_account_delete_valid_token_inactive_user(app, simple_user, mailoutbox):

    page = login(app, simple_user, path=reverse('delete_account'))

    link = get_link_from_mail(mailoutbox[0])

    simple_user.is_active = False

    simple_user.save()

    response = app.get(link)

    assert "This account had previously been deactivated" in response.text