mirror of
https://github.com/simple-login/app.git
synced 2024-11-14 08:01:13 +01:00
d324e2fa79
* Fix: Add csrf verification to directory updates * Update templates/dashboard/directory.html * Added csrf for delete account form * Fix tests * Added CSRF check for settings page * Added csrf to batch import * Added CSRF to alias dashboard and alias transfer * Added csrf to contact manager * Added csrf to mailbox * Added csrf for mailbox detail * Added csrf to domain detail * Lint Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
50 lines
1.7 KiB
Python
50 lines
1.7 KiB
Python
import arrow
|
|
from flask import flash, redirect, url_for, request, render_template
|
|
from flask_login import login_required, current_user
|
|
from flask_wtf import FlaskForm
|
|
|
|
from app.config import JOB_DELETE_ACCOUNT
|
|
from app.dashboard.base import dashboard_bp
|
|
from app.dashboard.views.enter_sudo import sudo_required
|
|
from app.log import LOG
|
|
from app.models import Subscription, Job
|
|
|
|
|
|
class DeleteDirForm(FlaskForm):
|
|
pass
|
|
|
|
|
|
@dashboard_bp.route("/delete_account", methods=["GET", "POST"])
|
|
@login_required
|
|
@sudo_required
|
|
def delete_account():
|
|
delete_form = DeleteDirForm()
|
|
if request.method == "POST" and request.form.get("form-name") == "delete-account":
|
|
if not delete_form.validate():
|
|
flash("Invalid request", "warning")
|
|
return render_template(
|
|
"dashboard/delete_account.html", delete_form=delete_form
|
|
)
|
|
sub: Subscription = current_user.get_paddle_subscription()
|
|
# user who has canceled can also re-subscribe
|
|
if sub and not sub.cancelled:
|
|
flash("Please cancel your current subscription first", "warning")
|
|
return redirect(url_for("dashboard.setting"))
|
|
|
|
# Schedule delete account job
|
|
LOG.w("schedule delete account job for %s", current_user)
|
|
Job.create(
|
|
name=JOB_DELETE_ACCOUNT,
|
|
payload={"user_id": current_user.id},
|
|
run_at=arrow.now(),
|
|
commit=True,
|
|
)
|
|
|
|
flash(
|
|
"Your account deletion has been scheduled. "
|
|
"You'll receive an email when the deletion is finished",
|
|
"info",
|
|
)
|
|
return redirect(url_for("dashboard.setting"))
|
|
|
|
return render_template("dashboard/delete_account.html", delete_form=delete_form)
|