From 43f56f12917f154fbb70cbc305daba9e2fd364ed Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 4 Sep 2019 04:13:54 +0200 Subject: [PATCH] Change account deletion page to have better explanations (#11753) Fix deletion of unconfirmed account not freeing up the username Add prefill of logged-in user's email in the reconfirmation form --- .../auth/confirmations_controller.rb | 23 ++++++++++++++++++ app/javascript/styles/mastodon/forms.scss | 9 +++++++ app/services/suspend_account_service.rb | 1 + app/views/auth/setup/show.html.haml | 5 +--- app/views/auth/shared/_links.html.haml | 22 ++++++++++------- app/views/settings/deletes/show.html.haml | 24 +++++++++++++------ config/locales/en.yml | 16 +++++++++---- 7 files changed, 77 insertions(+), 23 deletions(-) diff --git a/app/controllers/auth/confirmations_controller.rb b/app/controllers/auth/confirmations_controller.rb index 0d7c6e7c2d3..3e419eb96f3 100644 --- a/app/controllers/auth/confirmations_controller.rb +++ b/app/controllers/auth/confirmations_controller.rb @@ -4,15 +4,38 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController layout 'auth' before_action :set_body_classes + before_action :require_unconfirmed! skip_before_action :require_functional! + def new + super + + resource.email = current_user.unconfirmed_email || current_user.email if user_signed_in? + end + private + def require_unconfirmed! + redirect_to edit_user_registration_path if user_signed_in? && current_user.confirmed? && current_user.unconfirmed_email.blank? + end + def set_body_classes @body_classes = 'lighter' end + def after_resending_confirmation_instructions_path_for(_resource_name) + if user_signed_in? + if user.confirmed? && user.approved? + edit_user_registration_path + else + auth_setup_path + end + else + new_user_session_path + end + end + def after_confirmation_path_for(_resource_name, user) if user.created_by_application && truthy_param?(:redirect_to_app) user.created_by_application.redirect_uri diff --git a/app/javascript/styles/mastodon/forms.scss b/app/javascript/styles/mastodon/forms.scss index ac99124ea86..16352340bf6 100644 --- a/app/javascript/styles/mastodon/forms.scss +++ b/app/javascript/styles/mastodon/forms.scss @@ -112,6 +112,15 @@ code { padding: 0.2em 0.4em; background: darken($ui-base-color, 12%); } + + li { + list-style: disc; + margin-left: 18px; + } + } + + ul.hint { + margin-bottom: 15px; } span.hint { diff --git a/app/services/suspend_account_service.rb b/app/services/suspend_account_service.rb index 902af376c83..85da7e92107 100644 --- a/app/services/suspend_account_service.rb +++ b/app/services/suspend_account_service.rb @@ -61,6 +61,7 @@ class SuspendAccountService < BaseService return if !@account.local? || @account.user.nil? if @options[:including_user] + @options[:destroy] = true if !@account.user_confirmed? || @account.user_pending? @account.user.destroy else @account.user.disable! diff --git a/app/views/auth/setup/show.html.haml b/app/views/auth/setup/show.html.haml index 8bb44ca7f79..c14fed56f8b 100644 --- a/app/views/auth/setup/show.html.haml +++ b/app/views/auth/setup/show.html.haml @@ -17,7 +17,4 @@ .simple_form %p.hint= t('auth.setup.email_settings_hint_html', email: content_tag(:strong, @user.email)) -.form-footer - %ul.no-list - %li= link_to t('settings.account_settings'), edit_user_registration_path - %li= link_to t('auth.logout'), destroy_user_session_path, data: { method: :delete } +.form-footer= render 'auth/shared/links' diff --git a/app/views/auth/shared/_links.html.haml b/app/views/auth/shared/_links.html.haml index 3c68ccd2220..e6c3f7cca6d 100644 --- a/app/views/auth/shared/_links.html.haml +++ b/app/views/auth/shared/_links.html.haml @@ -1,12 +1,18 @@ %ul.no-list - - if controller_name != 'sessions' - %li= link_to t('auth.login'), new_session_path(resource_name) + - if user_signed_in? + %li= link_to t('settings.account_settings'), edit_user_registration_path + - else + - if controller_name != 'sessions' + %li= link_to t('auth.login'), new_user_session_path - - if devise_mapping.registerable? && controller_name != 'registrations' - %li= link_to t('auth.register'), available_sign_up_path + - if controller_name != 'registrations' + %li= link_to t('auth.register'), available_sign_up_path - - if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations' - %li= link_to t('auth.forgot_password'), new_password_path(resource_name) + - if controller_name != 'passwords' && controller_name != 'registrations' + %li= link_to t('auth.forgot_password'), new_user_password_path - - if devise_mapping.confirmable? && controller_name != 'confirmations' - %li= link_to t('auth.didnt_get_confirmation'), new_confirmation_path(resource_name) + - if controller_name != 'confirmations' + %li= link_to t('auth.didnt_get_confirmation'), new_user_confirmation_path + + - if user_signed_in? && controller_name != 'setup' + %li= link_to t('auth.logout'), destroy_user_session_path, data: { method: :delete } diff --git a/app/views/settings/deletes/show.html.haml b/app/views/settings/deletes/show.html.haml index b246f83a16e..6e2ff31c577 100644 --- a/app/views/settings/deletes/show.html.haml +++ b/app/views/settings/deletes/show.html.haml @@ -2,15 +2,25 @@ = t('settings.delete') = simple_form_for @confirmation, url: settings_delete_path, method: :delete do |f| - .warning - %strong - = fa_icon('warning') - = t('deletes.warning_title') - = t('deletes.warning_html') + %p.hint= t('deletes.warning.before') - %p.hint= t('deletes.description_html') + %ul.hint + - if current_user.confirmed? && current_user.approved? + %li.warning-hint= t('deletes.warning.irreversible') + %li.warning-hint= t('deletes.warning.username_unavailable') + %li.warning-hint= t('deletes.warning.data_removal') + %li.warning-hint= t('deletes.warning.caches') + - else + %li.positive-hint= t('deletes.warning.email_change_html', path: edit_user_registration_path) + %li.positive-hint= t('deletes.warning.email_reconfirmation_html', path: new_user_confirmation_path) + %li.positive-hint= t('deletes.warning.email_contact_html', email: Setting.site_contact_email) + %li.positive-hint= t('deletes.warning.username_available') - = f.input :password, placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password'), :autocomplete => 'off' }, hint: t('deletes.confirm_password') + %p.hint= t('deletes.warning.more_details_html', terms_path: terms_path) + + %hr.spacer/ + + = f.input :password, wrapper: :with_block_label, input_html: { :autocomplete => 'off' }, hint: t('deletes.confirm_password') .actions = f.button :button, t('deletes.proceed'), type: :submit, class: 'negative' diff --git a/config/locales/en.yml b/config/locales/en.yml index ad29e0a7484..687f5f2a04a 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -626,13 +626,21 @@ en: x_months: "%{count}mo" x_seconds: "%{count}s" deletes: - bad_password_msg: Nice try, hackers! Incorrect password + bad_password_msg: The password you entered was incorrect confirm_password: Enter your current password to verify your identity - description_html: This will permanently, irreversibly remove content from your account and deactivate it. Your username will remain reserved to prevent future impersonations. proceed: Delete account success_msg: Your account was successfully deleted - warning_html: Only deletion of content from this particular server is guaranteed. Content that has been widely shared is likely to leave traces. Offline servers and servers that have unsubscribed from your updates will not update their databases. - warning_title: Disseminated content availability + warning: + before: 'Before proceeding, please read these notes carefully:' + caches: Content that has been cached by other servers may persist + data_removal: Your posts and other data will be permanently removed + email_change_html: You can change your e-mail address without deleting your account + email_contact_html: If it still doesn't arrive, you can e-mail %{email} for help + email_reconfirmation_html: If you are not receiving the confirmation e-mail, you can request it again + irreversible: You will not be able to restore or reactivate your account + more_details_html: For more details, see the privacy policy. + username_available: Your username will become available again + username_unavailable: Your username will remain unavailable directories: directory: Profile directory explanation: Discover users based on their interests