Fix/remove user/soft removal

[ObadaS]

Original PR : #1718 from @OhMaley

A brief description of the purpose of the changes contained in this PR.

Fixes some small issues seen after deploying the delete user feature.

It should fix the following problem:

• email formatting
• setting is_active to False on user deletion
• hide deleted user on competition participant list + add an option to display them

Related PR

#1691 (original)
#1716 (for deployment)

Issues this PR resolves

#1159

Reminder on the hand testing checklist

• Create a new user
• Complete its profile with as much information as possible
• Create an organization
• Create a competition
• Create a Queue
• Add a submission
• Make the competition and the submission public
• Log out and log in with another user
• Take a look at the new user profile
• Log out and log in with the new user's account
• Delete the account using the account view
• Check your email (or the message in the console)
• Click on the given link
• Check that admins received an email with information on the user's deletion
• Check the the deleted user's got a confirmation email
• Try to log in with the deleted user's account. And fail
• Log in as another user
• Check that the competition and submissions of the removed user are still here but without personal data
• Take a look at the removed user's profile and check that no personal information is displayed

Checklist

• Code review by me
• Hand tested by me
• I'm proud of my work
• Code review by reviewer
• Hand tested by reviewer
• CircleCi tests are passing
• Ready to merge

[ObadaS]

The email that is sent to administrators has the wrong username

[ObadaS]

It seems like the link that the user gets to delete their accounts does not expire when clicked, which can then be used generate multiple emails sent to admins

[ihsaan-ullah]

The links in the deletion email are incomplete(e.g. competitions/345 instead of codabench.org/competitions/345)

[Didayolo]

From Tristan:

Regarding the following points I have not developed them as it would require more time than I have as well as your opinions:

• change the owner of a queue when the previous owner get his account removed
• what to do regarding an organization when a user get his account removed. (in case he is the owner, in case he is the last member, in case he is part of an organization and in case the organization has made some submissions)

[OhMaley]

It seems like the link that the user gets to delete their accounts does not expire when clicked, which can then be used generate multiple emails sent to admins

A very naive solution would be to add a check on the is_deleted attribute of the user in the /src/apps/profiles/views.py inside the delete method. This do not create the one time usage mechanism but it can avoid to trigger all the deletion mechanism.

If you want implement the one time usage feature it will probably requires a new model like TokenUsage whose going to be a oneToOne table between a user, a token with a is_used boolean. Some methods to generate a token and some lines of code to check and modify the is_used attribute. Something around those lines.

[OhMaley]

The links in the deletion email are incomplete(e.g. competitions/345 instead of codabench.org/competitions/345)

Indeed it is missing the protocol and the domain in the url.

What we currently have: <a class="item" href="{% url 'profiles:organization_profile' pk=organization.id %}">
What we should have: <a class="item" href="{{ protocol }}://{{ domain }}{% url 'profiles:organization_profile' pk=organization.id %}">

We simply need to add protocol and doamin to the context passed down to the html template, as well as adding those in the html template

[ihsaan-ullah]

With my latest commit, I have added the following updates:

• restricted the usage of deletion link more than one time (if you delete your account, clicking the link will give you an error)
• used a different deletion token like signup token that expires after account deletion
• account deletion modal was not disappearing after clicking the Delete my account button, now it will disappear