Redesign the account deletion page.

Provide better information about the effect of deleting an account, and possible alternatives. Require username/password authentication before deleting accounts. Add an optional message box so users can explain why they deleted their account.
2026-01-26 15:28:37 -05:00 · 2011-11-04 11:01:15 -07:00
parent 894733727e
commit ea1fb6f97d
5 changed files with 93 additions and 41 deletions
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -624,19 +624,27 @@ class ApiController(RedditController):

    @validatedForm(VUser(),
                   VModhash(),
-                   areyousure1 = VOneOf('areyousure1', ('yes', 'no')),
-                   areyousure2 = VOneOf('areyousure2', ('yes', 'no')),
-                   areyousure3 = VOneOf('areyousure3', ('yes', 'no')))
-    def POST_delete_user(self, form, jquery,
-                         areyousure1, areyousure2, areyousure3):
+                   delete_message = VLength("delete_message", max_length=500),
+                   username = VRequired("user", errors.NOT_USER),
+                   user = VThrottledLogin(["user", "passwd"]),
+                   confirm = VBoolean("confirm"))
+    def POST_delete_user(self, form, jquery, delete_message, username, user, confirm):
        """
-        /prefs/delete.  Make sure there are three yes's.
+        /prefs/delete. Check the username/password and confirmation.
        """
-        if areyousure1 == areyousure2 == areyousure3 == 'yes':
-            c.user.delete()
-            form.redirect('/?deleted=true')
-        else:
-            form.set_html('.status', _("see? you don't really want to leave"))
+        if username != c.user.name:
+            c.errors.add(errors.NOT_USER, field="user")
+
+        if not confirm:
+            c.errors.add(errors.CONFIRM, field="confirm")
+
+        if not (form.has_errors('vdelay', errors.RATELIMIT) or
+                form.has_errors("user", errors.NOT_USER) or
+                form.has_errors("passwd", errors.WRONG_PASSWORD) or
+                form.has_errors("delete_message", errors.TOO_LONG) or
+                form.has_errors("confirm", errors.CONFIRM)):
+            c.user.delete(delete_message)
+            form.redirect("/?deleted=true")

    @noresponse(VUser(),
                VModhash(),
--- a/r2/r2/controllers/errors.py
+++ b/r2/r2/controllers/errors.py
@@ -35,6 +35,7 @@ error_list = dict((
        ('USER_BLOCKED', _("you can't send to a user that you have blocked")),
        ('NO_THING_ID', _('id not specified')),
        ('NOT_AUTHOR', _("you can't do that")),
+        ('NOT_USER', _("you are not logged in as that user")),
        ('DELETED_LINK', _('the link you are commenting on has been deleted')),
        ('DELETED_COMMENT', _('that comment has been deleted')),
        ('DELETED_THING', _('that element has been deleted')),
@@ -87,6 +88,7 @@ error_list = dict((
        ('TOO_MUCH_FLAIR_CSS', _('too many flair css classes')),
        ('OAUTH2_INVALID_CLIENT', _('invalid client id')),
        ('OAUTH2_ACCESS_DENIED', _('access denied by the user')),
+        ('CONFIRM', _("please confirm the form")),
    ))
 errors = Storage([(e, e) for e in error_list.keys()])

--- a/r2/r2/models/account.py
+++ b/r2/r2/models/account.py
@@ -302,7 +302,8 @@ class Account(Thing):
        rel.note = note
        rel._commit()

-    def delete(self):
+    def delete(self, delete_message=None):
+        self.delete_message = delete_message
        self._deleted = True
        self._commit()

--- a/r2/r2/public/static/css/reddit.css
+++ b/r2/r2/public/static/css/reddit.css
@@ -2619,7 +2619,7 @@ form input[type=radio] {margin: 2px .5em 0 0; }


 /* delete page */
-.delete-field {
+.white-field, .delete-field {
    background-color: white;
    padding: 10px;
 }
@@ -2632,6 +2632,29 @@ form input[type=radio] {margin: 2px .5em 0 0; }
    background: transparent;
 }

+#pref-delete textarea#delete-message {
+    font-size: smaller;
+    height: 5em;
+}
+
+#pref-delete .md ul {
+    margin-top: 0;
+    margin-bottom: 0;
+}
+
+#pref-delete .md ul li {
+    margin: .5em 0;
+}
+
+#pref-delete .credentials input {
+    margin: .2em 0;
+}
+
+#pref-delete .credentials .error,
+#pref-delete .error.RATELIMIT {
+    margin-left: 5px;
+}
+
 /*pref page boxes*/
 .pretty-form.short-text input[type=text],
 .pretty-form.short-text textarea,
--- a/r2/r2/templates/prefdelete.html
+++ b/r2/r2/templates/prefdelete.html
@@ -19,41 +19,59 @@
 ## All portions of the code written by CondeNet are Copyright (c) 2006-2010
 ## CondeNet, Inc. All Rights Reserved.
 ################################################################################
-
+<%!
+   from r2.lib.filters import safemarkdown
+%>
 <%namespace file="utils.html" import="error_field"/>
 <%namespace name="utils" file="utils.html"/>

-<% import random %>
-<%def name="areyousure(name)">
-  <% yes, no = random.choice((("yes", "no"), ("no", "yes"))) %>
-  <% syes = _(yes) %>
-  <% sno = _(no) %>
-  
+<h1>${_("delete your reddit account")}</h1>

-  <div class="spacer">
-    <%utils:round_field title="${_('are you sure?')}">
-      <div class="rounded delete-field">
-        <input name="${name}" id="${name}yes" type="radio" value="${yes}"/>
-        <label for="${name}yes">${syes}</label>
+<form action="/post/delete" method="post"
+  onsubmit="${"return post_form(this, 'delete_user', function(x) {return '%s'})" % _("deleting...")}" id="pref-delete">

-        <br/>
-  
-        <input name="${name}" id="${name}no" type="radio" value="${no}"/>
-        <label for="${name}no">${sno}</label>
-      </div>
-    </%utils:round_field>
-  </div>  
-</%def>
+<div class="spacer">
+  <%utils:round_field title="${_('sorry to see you go!')}">
+    <div class="rounded white-field">
+      ${unsafe(safemarkdown(_(
+        " * if you're having a problem on reddit, please consider [contacting us](/feedback) about it before deleting your account.\n"
+        " * deleting your account will not delete the content of posts and comments you've made on reddit. to do so, please delete them individually."
+      )))}
+    </div>
+  </%utils:round_field>
+</div>

-<h1>${_("delete your reddit account? hope you have a good reason.")}</h1>
+<div class="spacer">
+  <%utils:round_field title="${_('why are you deleting this account?')}" description="(${_('optional')})">
+    <textarea name="delete_message" id="delete-message"></textarea>
+    ${error_field("TOO_LONG", "delete_message")}
+  </%utils:round_field>
+</div>

-<form action="/post/delete" method="post" 
-      onsubmit="${"return post_form(this, 'delete_user', function(x) {return '%s'})" % _("deleting...")}" id="pref-delete">
+<div class="spacer">
+  <%utils:round_field title="${_('account credentials')}" description="(${_('for security purposes')})" css_class="credentials">
+    <label for="delete-password">${_("username")}</label>
+    ${error_field("NOT_USER", "user")}
+    <input name="user" id="delete_user" type="text" />
+    <label for="delete-password">${_("password")}</label>
+    ${error_field("WRONG_PASSWORD", "passwd")}
+    <input name="passwd" id="delete_password" type="password" />
+  </%utils:round_field>
+</div>  

-${areyousure("areyousure1")}
-${areyousure("areyousure2")}
-${areyousure("areyousure3")}
+<div class="spacer">
+  <%utils:round_field title="${_('confirmation')}">
+    <div class="rounded white-field">
+      <input name="confirm" id="confirm-delete" type="checkbox"/>
+      <label for="confirm-delete">${_("I understand that deleted accounts are not recoverable.")}</label>
+    </div>
+    ${error_field("CONFIRM", "confirm")}
+  </%utils:round_field>
+</div>

-<input type="submit" class="btn" value="${_('delete')}"/>
-<span class="status"></span>
+<div class="spacer">
+  <button type="submit" class="btn">${_("delete account")}</button>
+  <span class="status"></span>
+  ${error_field("RATELIMIT", "vdelay")}
+</div>
 </form>