Merge f9096a0 into 6800d7c

geokey/core/settings/base.py

@@ -146,7 +146,8 @@
 ACCOUNT_FORMS = {
     'signup': 'geokey.users.forms.UserRegistrationForm',
     'change_password': 'geokey.users.forms.CustomPasswordChangeForm',
-    'reset_password_from_key': 'geokey.users.forms.CustomResetPasswordKeyForm'
+    'reset_password_from_key': 'geokey.users.forms.CustomResetPasswordKeyForm',
+    'delete_account': 'geokey.users.forms.UserDeleteAccount'
 }
 SOCIALACCOUNT_ADAPTER = 'geokey.core.adapters.SocialAccountAdapter'
 SOCIALACCOUNT_QUERY_EMAIL = True

geokey/core/url/admin.py

@@ -243,6 +243,9 @@
     url(r'^profile/$',
         user_views.UserProfile.as_view(),
         name='userprofile'),
+    url(r'^deleteuser/$',
+        user_views.DeleteUser.as_view(),
+        name='delete_user'),
     url(r'^accounts/(?P<account_id>[0-9]+)/disconnect/$',
         user_views.AccountDisconnect.as_view(),
         name='account_disconnect'),

geokey/subsets/tests/test_views.py

@@ -276,7 +276,7 @@ def test_post_on_locked_project_with_admin(self):
         self.assertEqual(0, Subset.objects.count())
         self.assertEqual(response.status_code, 302)
         self.assertIn(
-            '/admin/projects/%s/subsets/new/' % (project.id),
+            '/admin/projects/%s/subsets/new/' % project.id,
             response['location']
         )
 
@@ -301,7 +301,7 @@ def test_post_on_project_when_no_categories_with_admin(self):
         self.assertEqual(0, Subset.objects.count())
         self.assertEqual(response.status_code, 302)
         self.assertIn(
-            '/admin/projects/%s/subsets/new/' % (project.id),
+            '/admin/projects/%s/subsets/new/' % project.id,
             response['location']
         )
 
@@ -774,7 +774,7 @@ def test_post_non_existing_with_admin(self):
     def test_post_on_locked_project_with_admin(self):
         """
         Updating with project admin when the project is locked should render
-        the page withh an error message
+        the page with an error message
         """
 
         subset = SubsetFactory.create()

geokey/superusertools/tests/test_views.py

@@ -228,7 +228,6 @@ def test_post_with_user(self):
 
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.content.decode('utf-8'), rendered)
-        response = render_helpers.remove_csrf(response.content.decode('utf-8'))
         self.assertEqual(User.objects.filter(is_active=False).count(), 3)
         self.assertEqual(len(EmailAddress.objects.filter(verified=False)), 3)
 

geokey/templates/account/delete_account.html

@@ -0,0 +1,62 @@
+{% extends 'base.html' %}
+{% block title %} | Delete account{% endblock %}
+
+{% block main %}
+<div class="page-header">
+    <div class="container">
+        <h1>Delete account</h1>
+    </div>
+</div>
+
+<div class="container">
+    {% include 'snippets/messages.html' %}
+
+    <div class="row">
+        <div class="col-sm-8 col-sm-offset-2 col-md-6 col-md-offset-3">
+            {% if form.errors %}
+                <div class="alert alert-danger">
+                    <p>An error occurred. Please try again.</p>
+                </div>
+            {% endif %}
+
+            <form action="{% url 'admin:delete_user' %}" method="POST" novalidate>
+                {% csrf_token %}
+                <div class="row">
+                    <div class="panel panel-danger">
+                        <div class="panel-heading">
+                            <h2 class="panel-title">Warning: Delete user account</h2>
+                        </div>
+
+                        <div class="panel-body becareful">
+                            <div>
+                                <p>You are about to delete your user account.
+                                <strong>This cannot be undone, not even by admins.</strong>
+                                </p>
+                                <p>Before continuing, please be aware:</p>
+                                <ol>
+                                    <li>Your contributions will be made anonymous and you will no
+                                        longer have any control over them nor any rights to change them.</li>
+                                    <li>If you want to edit or delete any contributions, do so
+                                        <strong>before</strong> deleting your account.</li>
+                                    <li>Deleting your account cannot be undone. If you click the Delete button
+                                        below, there's no going back.</li>
+                                </ol>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+
+                <div class="form-group">
+                    <button type="submit" class="btn btn-lg btn-primary">Delete my account</button>
+                    &nbsp;&nbsp;&nbsp;
+                    <a role="button" href="{% url 'admin:userprofile' %}" class="btn btn-lg btn-link">Cancel</a>
+                </div>
+            </form>
+        </div>
+    </div>
+</div>
+{% endblock %}
+
+{% block libraries %}
+<script src="/static/js/admin.ui.forms.validate.js"></script>
+{% endblock %}

geokey/templates/superusertools/manage_inactive_users.html

@@ -14,7 +14,8 @@ <h1>Superuser tools</h1>
     {% include 'snippets/messages.html' %}
 
     <div class="row">
-        <form class="col-sm-12 col-md-12 col-lg-12" method="POST" action="{% url 'admin:superusertools_manage_inactive_users' %}">
+        <form class="col-sm-12 col-md-12 col-lg-12" method="POST"
+              action="{% url 'admin:superusertools_manage_inactive_users' %}">
             {% csrf_token %}
 
             <h2 class="header">Manage inactive users</h2>
@@ -36,11 +37,12 @@ <h2 class="header">Manage inactive users</h2>
                         <tbody>
                             {% for user in inactive_users %}
                                 <tr>
-                                    <td class="text-center"><input type="checkbox" name="activate_users" value="{{ user.id }}"></td>
+                                    <td class="text-center"><input title="activate_users" type="checkbox"
+                                                                   name="activate_users" value="{{ user.id }}"></td>
                                     <td>{{ user.display_name }}</td>
                                     <td>{{ user.email|urlize }}</td>
                                     <td>{{ user.date_joined|date:'d F, Y' }}</td>
-                                </td>
+                                </tr>
                             {% endfor %}
                         </tbody>
                     </table>

geokey/templates/users/profile.html

@@ -4,74 +4,89 @@
 {% load social %}
 
 {% block main %}
-{% get_social_apps as social_apps %}
-<div class="page-header">
-    <div class="container">
-        <h1>Your profile</h1>
+    {% get_social_apps as social_apps %}
+    <div class="page-header">
+        <div class="container">
+            <h1>Your profile</h1>
+        </div>
     </div>
-</div>
 
-<div class="container">
-    {% include 'snippets/messages.html' %}
+    <div class="container">
+        {% include 'snippets/messages.html' %}
 
-    <div class="row">
-        <div class="col-md-6 {% if not social_apps %}col-sm-8 col-sm-offset-2 col-md-offset-3{% endif %}">
-            <h2 class="header">Profile information</h2>
+        <div class="row">
+            <div class="col-md-6 {% if not social_apps %}col-sm-8 col-sm-offset-2 col-md-offset-3{% endif %}">
+                <h2 class="header">Profile information</h2>
 
-            <form action="{% url 'admin:userprofile' %}" method="POST" novalidate>
-                {% csrf_token %}
+                <form action="{% url 'admin:userprofile' %}" method="POST" novalidate>
+                    {% csrf_token %}
 
-                <div class="form-group {% if form.email.errors %}has-error{% endif %}">
-                    <label for="email">Email address</label>
-                    <input type="email" class="form-control input-lg" id="email" name="email" value="{% if form.data.email %}{{ form.data.email }}{% else %}{{ user.email }}{% endif %}" required />
-                    {% if form.email.errors %}<span class="help-block">{{ form.email.errors|striptags }}</span>{% endif %}
-                </div>
+                    <div class="form-group {% if form.email.errors %}has-error{% endif %}">
+                        <label for="email">Email address</label>
+                        <input type="email" class="form-control input-lg" id="email" name="email" value="
+                            {% if form.data.email %}{{ form.data.email }}{% else %}{{ user.email }}{% endif %}"
+                               required/>
+                        {% if form.email.errors %}
+                            <span class="help-block">{{ form.email.errors|striptags }}</span>{% endif %}
+                    </div>
 
-                <div class="form-group {% if form.display_name.errors %}has-error{% endif %}">
-                    <label for="display_name">Display name</label>
-                    <input type="text" class="form-control input-lg" id="display_name" name="display_name" maxlength="50" value="{% if form.data.display_name %}{{ form.data.display_name }}{% else %}{{ user.display_name }}{% endif %}" required />
-                    {% if form.display_name.errors %}<span class="help-block">{{ form.display_name.errors|striptags }}</span>{% endif %}
-                </div>
+                    <div class="form-group {% if form.display_name.errors %}has-error{% endif %}">
+                        <label for="display_name">Display name</label>
+                        <input type="text" class="form-control input-lg" id="display_name" name="display_name"
+                               maxlength="50"
+                               value="{% if form.data.display_name %}{{ form.data.display_name }}{% else %}{{ user.display_name }}{% endif %}"
+                               required/>
+                        {% if form.display_name.errors %}
+                            <span class="help-block">{{ form.display_name.errors|striptags }}</span>{% endif %}
+                    </div>
 
-                <div class="form-group">
-                    <button type="submit" class="btn btn-lg btn-primary">Update profile</button>
-                    <a type="button" href="{% url 'account_change_password' %}" class="btn btn-lg btn-link">{% if user.has_usable_password %}Change password{% else %}Set password{% endif %}</a>
-                </div>
-            </form>
-        </div>
+                    <div class="form-group">
+                        <button type="submit" class="btn btn-lg btn-primary">Update profile</button>
+                        <a type="button" href="{% url 'account_change_password' %}" class="btn btn-lg btn-link">
+                            {% if user.has_usable_password %}Change password{% else %}Set password{% endif %}
+                        </a>
+                    </div>
 
-        {% if social_apps %}
-            <div class="col-md-6">
-                <h2 class="header">Connect social accounts</h2>
+                    <div class="form-group">
+                        <a type="button" href="{% url 'admin:delete_user' %}" class="btn btn-lg btn-link">
+                            Delete account</a>
+                    </div>
+                </form>
+            </div>
 
-                {% include 'snippets/social_apps.html' with process='connect' %}
+            {% if social_apps %}
+                <div class="col-md-6">
+                    <h2 class="header">Connect social accounts</h2>
 
-                {% if accounts %}
-                    <h2 class="header">Your connected accounts</h2>
+                    {% include 'snippets/social_apps.html' with process='connect' %}
 
-                    {% for account in accounts %}
-                        {% with account.get_provider_account as provider_account %}
-                            {% if forloop.first %}
-                                <ul class="list-unstyled overview-list social">
-                            {% endif %}
+                    {% if accounts %}
+                        <h2 class="header">Your connected accounts</h2>
+
+                        {% for account in accounts %}
+                            {% with account.get_provider_account as provider_account %}
+                                {% if forloop.first %}
+                                    <ul class="list-unstyled overview-list social">
+                                {% endif %}
 
                             <li>
                                 <strong>{{ provider_account }}</strong>
-                                <a role="button" href="{% url 'admin:account_disconnect' account.id %}" class="btn btn-sm btn-default pull-right">Disconnect</a>
+                                <a role="button" href="{% url 'admin:account_disconnect' account.id %}"
+                                   class="btn btn-sm btn-default pull-right">Disconnect</a>
                             </li>
 
                             {% if forloop.last %}
                                 </ul>
                             {% endif %}
-                        {% endwith %}
-                    {% endfor %}
-                {% endif %}
-            </div>
-        {% endif %}
+                            {% endwith %}
+                        {% endfor %}
+                    {% endif %}
+                </div>
+            {% endif %}
+        </div>
     </div>
-</div>
 {% endblock %}
 
 {% block libraries %}
-<script src="/static/js/admin.ui.forms.validate.js"></script>
+    <script src="/static/js/admin.ui.forms.validate.js"></script>
 {% endblock %}

geokey/users/forms.py

@@ -123,3 +123,16 @@ def save(self, *args, **kwargs):
         """
         AccessToken.objects.filter(user=self.user).delete()
         super(CustomResetPasswordKeyForm, self).save(*args, **kwargs)
+
+
+class UserDeleteAccount(ResetPasswordKeyForm):
+    """
+    Deletes the user, assigning all of their contributions to the anonymous user.
+    """
+    def save(self, *args, **kwargs):
+        """
+        TBD
+        """
+        # Deletes all OAuth access tokens assigned to the user.
+        AccessToken.objects.filter(user=self.user).delete()
+        super(UserDeleteAccount, self).save(*args, **kwargs)