Merge pull request #1638 from mstriemer/user-deletion-1523

Require confirmation of email to delete user (fixes #1523)
mozilla · Feb 10, 2016 · 0912b92 · 0912b92
2 parents e96d961 + 5ff4ee2
commit 0912b92
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 22 deletions.
diff --git a/src/olympia/users/forms.py b/src/olympia/users/forms.py
@@ -26,8 +26,8 @@
     UserProfile, UserNotification, BlacklistedName, BlacklistedEmailDomain,
     BlacklistedPassword)
 from .widgets import (
-    NotificationsSelectMultiple, RequiredEmailInput, RequiredInputMixin,
-    RequiredTextarea)
+    NotificationsSelectMultiple, RequiredCheckboxInput, RequiredEmailInput,
+    RequiredInputMixin, RequiredTextarea)
 
 
 log = commonware.log.getLogger('z.users')
@@ -217,19 +217,21 @@ def save(self, **kw):
 
 
 class UserDeleteForm(forms.Form):
-    password = forms.CharField(max_length=255, required=True,
-                               widget=forms.PasswordInput(render_value=False))
-    confirm = forms.BooleanField(required=True)
+    email = forms.CharField(max_length=255, required=True,
+                            widget=RequiredEmailInput)
+    confirm = forms.BooleanField(required=True, widget=RequiredCheckboxInput)
 
     def __init__(self, *args, **kwargs):
         self.request = kwargs.pop('request', None)
         super(UserDeleteForm, self).__init__(*args, **kwargs)
+        self.fields['email'].widget.attrs['placeholder'] = (
+            self.request.user.email)
 
-    def clean_password(self):
-        data = self.cleaned_data
-        amouser = self.request.user
-        if not amouser.check_password(data["password"]):
-            raise forms.ValidationError(_("Wrong password entered!"))
+    def clean_email(self):
+        user_email = self.request.user.email
+        if not user_email == self.cleaned_data['email']:
+            raise forms.ValidationError(_('Email must be {email}.').format(
+                email=user_email))
 
     def clean(self):
         amouser = self.request.user

diff --git a/src/olympia/users/templates/users/delete.html b/src/olympia/users/templates/users/delete.html
@@ -45,10 +45,10 @@ <h1>{{ _('Delete User Account') }}</h1>
           <fieldset>
             <legend>{{ _('Confirm account deletion') }}</legend>
             <ul>
-              <li{% if form.password.errors %} class="error"{% endif %}>
-                <label for="id_password">{{ _('Password') }} {{ required() }}</label>
-                {{ form.password }}
-                {{ form.password.errors }}
+              <li{% if form.email.errors %} class="error"{% endif %}>
+                <label for="id_email">{{ _('Email') }} {{ required() }}</label>
+                {{ form.email }}
+                {{ form.email.errors }}
               </li>
               <li{% if form.confirm.errors %} class="error"{% endif %}>
                 <label for="id_confirm" class="check">

diff --git a/src/olympia/users/tests/test_forms.py b/src/olympia/users/tests/test_forms.py
@@ -144,22 +144,22 @@ def test_required_attrs(self):
 
 class TestUserDeleteForm(UserFormBase):
 
-    def test_bad_password(self):
+    def test_bad_email(self):
         self.client.login(username='jbalogh@mozilla.com', password='password')
-        data = {'password': 'wrongpassword', 'confirm': True, }
+        data = {'email': 'wrong@example.com', 'confirm': True}
         r = self.client.post('/en-US/firefox/users/delete', data)
-        msg = "Wrong password entered!"
-        self.assertFormError(r, 'form', 'password', msg)
+        msg = "Email must be jbalogh@mozilla.com."
+        self.assertFormError(r, 'form', 'email', msg)
 
     def test_not_confirmed(self):
         self.client.login(username='jbalogh@mozilla.com', password='password')
-        data = {'password': 'password'}
+        data = {'email': 'jbalogh@mozilla.com'}
         r = self.client.post('/en-US/firefox/users/delete', data)
         self.assertFormError(r, 'form', 'confirm', 'This field is required.')
 
     def test_success(self):
         self.client.login(username='jbalogh@mozilla.com', password='password')
-        data = {'password': 'password', 'confirm': True, }
+        data = {'email': 'jbalogh@mozilla.com', 'confirm': True}
         self.client.post('/en-US/firefox/users/delete', data, follow=True)
         # TODO XXX: Bug 593055
         #self.assertContains(r, "Profile Deleted")
@@ -172,7 +172,7 @@ def test_developer_attempt(self, f):
         """A developer's attempt to delete one's self must be thwarted."""
         f.return_value = True
         self.client.login(username='jbalogh@mozilla.com', password='password')
-        data = {'password': 'password', 'confirm': True, }
+        data = {'email': 'jbalogh@mozilla.com', 'confirm': True}
         r = self.client.post('/en-US/firefox/users/delete', data, follow=True)
         self.assertContains(r, 'You cannot delete your account')
 

diff --git a/src/olympia/users/views.py b/src/olympia/users/views.py
@@ -151,7 +151,7 @@ def delete(request):
             form = None
             return http.HttpResponseRedirect(reverse('users.login'))
     else:
-        form = forms.UserDeleteForm()
+        form = forms.UserDeleteForm(request=request)
 
     return render(request, 'users/delete.html',
                   {'form': form, 'amouser': amouser})

diff --git a/src/olympia/users/widgets.py b/src/olympia/users/widgets.py
@@ -78,3 +78,7 @@ class RequiredEmailInput(RequiredInputMixin, forms.EmailInput):
 
 class RequiredTextarea(RequiredInputMixin, forms.Textarea):
     """A Django Textarea with required attributes."""
+
+
+class RequiredCheckboxInput(RequiredInputMixin, forms.CheckboxInput):
+    """A Django Checkbox with required attributes."""