Change account deletion page to have better explanations (#11753)

Fix deletion of unconfirmed account not freeing up the username

Add prefill of logged-in user's email in the reconfirmation form
This commit is contained in:
Eugen Rochko 2019-09-04 04:13:54 +02:00 committed by GitHub
parent c1e238a77b
commit 43f56f1291
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 77 additions and 23 deletions

View File

@ -4,15 +4,38 @@ class Auth::ConfirmationsController < Devise::ConfirmationsController
layout 'auth'
before_action :set_body_classes
before_action :require_unconfirmed!
skip_before_action :require_functional!
def new
super
resource.email = current_user.unconfirmed_email || current_user.email if user_signed_in?
end
private
def require_unconfirmed!
redirect_to edit_user_registration_path if user_signed_in? && current_user.confirmed? && current_user.unconfirmed_email.blank?
end
def set_body_classes
@body_classes = 'lighter'
end
def after_resending_confirmation_instructions_path_for(_resource_name)
if user_signed_in?
if user.confirmed? && user.approved?
edit_user_registration_path
else
auth_setup_path
end
else
new_user_session_path
end
end
def after_confirmation_path_for(_resource_name, user)
if user.created_by_application && truthy_param?(:redirect_to_app)
user.created_by_application.redirect_uri

View File

@ -112,6 +112,15 @@ code {
padding: 0.2em 0.4em;
background: darken($ui-base-color, 12%);
}
li {
list-style: disc;
margin-left: 18px;
}
}
ul.hint {
margin-bottom: 15px;
}
span.hint {

View File

@ -61,6 +61,7 @@ class SuspendAccountService < BaseService
return if !@account.local? || @account.user.nil?
if @options[:including_user]
@options[:destroy] = true if !@account.user_confirmed? || @account.user_pending?
@account.user.destroy
else
@account.user.disable!

View File

@ -17,7 +17,4 @@
.simple_form
%p.hint= t('auth.setup.email_settings_hint_html', email: content_tag(:strong, @user.email))
.form-footer
%ul.no-list
%li= link_to t('settings.account_settings'), edit_user_registration_path
%li= link_to t('auth.logout'), destroy_user_session_path, data: { method: :delete }
.form-footer= render 'auth/shared/links'

View File

@ -1,12 +1,18 @@
%ul.no-list
- if user_signed_in?
%li= link_to t('settings.account_settings'), edit_user_registration_path
- else
- if controller_name != 'sessions'
%li= link_to t('auth.login'), new_session_path(resource_name)
%li= link_to t('auth.login'), new_user_session_path
- if devise_mapping.registerable? && controller_name != 'registrations'
- if controller_name != 'registrations'
%li= link_to t('auth.register'), available_sign_up_path
- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations'
%li= link_to t('auth.forgot_password'), new_password_path(resource_name)
- if controller_name != 'passwords' && controller_name != 'registrations'
%li= link_to t('auth.forgot_password'), new_user_password_path
- if devise_mapping.confirmable? && controller_name != 'confirmations'
%li= link_to t('auth.didnt_get_confirmation'), new_confirmation_path(resource_name)
- if controller_name != 'confirmations'
%li= link_to t('auth.didnt_get_confirmation'), new_user_confirmation_path
- if user_signed_in? && controller_name != 'setup'
%li= link_to t('auth.logout'), destroy_user_session_path, data: { method: :delete }

View File

@ -2,15 +2,25 @@
= t('settings.delete')
= simple_form_for @confirmation, url: settings_delete_path, method: :delete do |f|
.warning
%strong
= fa_icon('warning')
= t('deletes.warning_title')
= t('deletes.warning_html')
%p.hint= t('deletes.warning.before')
%p.hint= t('deletes.description_html')
%ul.hint
- if current_user.confirmed? && current_user.approved?
%li.warning-hint= t('deletes.warning.irreversible')
%li.warning-hint= t('deletes.warning.username_unavailable')
%li.warning-hint= t('deletes.warning.data_removal')
%li.warning-hint= t('deletes.warning.caches')
- else
%li.positive-hint= t('deletes.warning.email_change_html', path: edit_user_registration_path)
%li.positive-hint= t('deletes.warning.email_reconfirmation_html', path: new_user_confirmation_path)
%li.positive-hint= t('deletes.warning.email_contact_html', email: Setting.site_contact_email)
%li.positive-hint= t('deletes.warning.username_available')
= f.input :password, placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password'), :autocomplete => 'off' }, hint: t('deletes.confirm_password')
%p.hint= t('deletes.warning.more_details_html', terms_path: terms_path)
%hr.spacer/
= f.input :password, wrapper: :with_block_label, input_html: { :autocomplete => 'off' }, hint: t('deletes.confirm_password')
.actions
= f.button :button, t('deletes.proceed'), type: :submit, class: 'negative'

View File

@ -626,13 +626,21 @@ en:
x_months: "%{count}mo"
x_seconds: "%{count}s"
deletes:
bad_password_msg: Nice try, hackers! Incorrect password
bad_password_msg: The password you entered was incorrect
confirm_password: Enter your current password to verify your identity
description_html: This will <strong>permanently, irreversibly</strong> remove content from your account and deactivate it. Your username will remain reserved to prevent future impersonations.
proceed: Delete account
success_msg: Your account was successfully deleted
warning_html: Only deletion of content from this particular server is guaranteed. Content that has been widely shared is likely to leave traces. Offline servers and servers that have unsubscribed from your updates will not update their databases.
warning_title: Disseminated content availability
warning:
before: 'Before proceeding, please read these notes carefully:'
caches: Content that has been cached by other servers may persist
data_removal: Your posts and other data will be permanently removed
email_change_html: You can <a href="%{path}">change your e-mail address</a> without deleting your account
email_contact_html: If it still doesn't arrive, you can e-mail <a href="mailto:%{email}">%{email}</a> for help
email_reconfirmation_html: If you are not receiving the confirmation e-mail, you can <a href="%{path}">request it again</a>
irreversible: You will not be able to restore or reactivate your account
more_details_html: For more details, see the <a href="%{terms_path}">privacy policy</a>.
username_available: Your username will become available again
username_unavailable: Your username will remain unavailable
directories:
directory: Profile directory
explanation: Discover users based on their interests