From dadc1da194850a18bf28edcfef2dd41a7e644b2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= <adria.casajus@proton.ch>
Date: Wed, 6 Aug 2025 10:13:29 +0200
Subject: [PATCH 1/6] Soft delete users

---
 app/api/views/user.py                 | 22 +++------------------
 app/auth/views/login.py               |  2 +-
 app/dashboard/views/delete_account.py | 28 ++++-----------------------
 app/user_utils.py                     | 20 +++++++++++++++++++
 email_handler.py                      |  2 +-
 5 files changed, 29 insertions(+), 45 deletions(-)
 create mode 100644 app/user_utils.py

diff --git a/app/api/views/user.py b/app/api/views/user.py
index 700792319..af6cb17c9 100644
--- a/app/api/views/user.py
+++ b/app/api/views/user.py
@@ -1,12 +1,9 @@
 from flask import jsonify, g
-from sqlalchemy_utils.types.arrow import arrow
 
 from app.api.base import api_bp, require_api_sudo, require_api_auth
-from app.constants import JobType
 from app.extensions import limiter
-from app.log import LOG
-from app.models import Job, ApiToCookieToken
-from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
+from app.models import ApiToCookieToken
+from app.user_utils import soft_delete_user
 
 
 @api_bp.route("/user", methods=["DELETE"])
@@ -14,21 +11,8 @@
 def delete_user():
     """
     Delete the user. Requires sudo mode.
-
     """
-    # Schedule delete account job
-    emit_user_audit_log(
-        user=g.user,
-        action=UserAuditLogAction.UserMarkedForDeletion,
-        message=f"Marked user {g.user.id} ({g.user.email}) for deletion from API",
-    )
-    LOG.w("schedule delete account job for %s", g.user)
-    Job.create(
-        name=JobType.DELETE_ACCOUNT.value,
-        payload={"user_id": g.user.id},
-        run_at=arrow.now(),
-        commit=True,
-    )
+    soft_delete_user(g.user, "API")
     return jsonify(ok=True)
 
 
diff --git a/app/auth/views/login.py b/app/auth/views/login.py
index ffa09a6a6..624c92f86 100644
--- a/app/auth/views/login.py
+++ b/app/auth/views/login.py
@@ -64,7 +64,7 @@ def login():
             LoginEvent(LoginEvent.ActionType.disabled_login).send()
         elif user.delete_on is not None:
             flash(
-                f"Your account is scheduled to be deleted on {user.delete_on}",
+                "Email or password incorrect",
                 "error",
             )
             LoginEvent(LoginEvent.ActionType.scheduled_to_be_deleted).send()
diff --git a/app/dashboard/views/delete_account.py b/app/dashboard/views/delete_account.py
index b3ef1b4d6..c80f75a96 100644
--- a/app/dashboard/views/delete_account.py
+++ b/app/dashboard/views/delete_account.py
@@ -1,14 +1,11 @@
-import arrow
 from flask import flash, redirect, url_for, request, render_template
 from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
 
-from app.constants import JobType
 from app.dashboard.base import dashboard_bp
 from app.dashboard.views.enter_sudo import sudo_required
-from app.log import LOG
-from app.models import Subscription, Job
-from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
+from app.models import Subscription
+from app.user_utils import soft_delete_user
 
 
 class DeleteDirForm(FlaskForm):
@@ -32,25 +29,8 @@ def delete_account():
             flash("Please cancel your current subscription first", "warning")
             return redirect(url_for("dashboard.setting"))
 
-        # Schedule delete account job
-        LOG.w("schedule delete account job for %s", current_user)
-        emit_user_audit_log(
-            user=current_user,
-            action=UserAuditLogAction.UserMarkedForDeletion,
-            message=f"User {current_user.id} ({current_user.email}) marked for deletion via webapp",
-        )
-        Job.create(
-            name=JobType.DELETE_ACCOUNT.value,
-            payload={"user_id": current_user.id},
-            run_at=arrow.now(),
-            commit=True,
-        )
-
-        flash(
-            "Your account deletion has been scheduled. "
-            "You'll receive an email when the deletion is finished",
-            "info",
-        )
+        soft_delete_user(current_user, "webapp")
+        flash("Your account deletion has been scheduled", "info")
         return redirect(url_for("dashboard.setting"))
 
     return render_template("dashboard/delete_account.html", delete_form=delete_form)
diff --git a/app/user_utils.py b/app/user_utils.py
new file mode 100644
index 000000000..3c3a77338
--- /dev/null
+++ b/app/user_utils.py
@@ -0,0 +1,20 @@
+import arrow
+
+from app.db import Session
+from app.log import LOG
+from app.models import User, ApiKey
+from app.session import logout_session
+from app.user_audit_log_utils import emit_user_audit_log, UserAuditLogAction
+
+
+def soft_delete_user(user: User, source: str):
+    LOG.i(f"Marked user {user} for soft-deletion")
+    emit_user_audit_log(
+        user=user,
+        action=UserAuditLogAction.UserMarkedForDeletion,
+        message=f"Marked user {user} ({user.email}) for deletion from {source}",
+    )
+    user.delete_on = arrow.utcnow()
+    ApiKey.filter_by(user_id=user.id).delete()
+    Session.commit()
+    logout_session()
diff --git a/email_handler.py b/email_handler.py
index 5f0f6805b..0c52467ad 100644
--- a/email_handler.py
+++ b/email_handler.py
@@ -632,7 +632,7 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
                     if reply_contact:
                         reply_to_contact.append(reply_contact)
 
-    if alias.user.delete_on is not None:
+    if alias.user.is_active():
         LOG.d(f"user {user} is pending to be deleted. Do not forward")
         EmailLog.create(
             contact_id=contact.id,

From 33e3982c0b0da4f02ae5899f690441bd8188f8f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= <adria.casajus@proton.ch>
Date: Wed, 6 Aug 2025 10:28:43 +0200
Subject: [PATCH 2/6] Add soft-delete management on the admin panel

---
 app/admin_model.py                | 63 ++++++++++++++++++++++++++++++-
 app/models.py                     |  1 +
 templates/admin/email_search.html | 42 ++++++++++++++++-----
 3 files changed, 96 insertions(+), 10 deletions(-)

diff --git a/app/admin_model.py b/app/admin_model.py
index e59f2b089..4809bf337 100644
--- a/app/admin_model.py
+++ b/app/admin_model.py
@@ -969,7 +969,7 @@ def delete_partner_link(self):
             return redirect(url_for("admin.email_search.index", query=user_id))
 
         AdminAuditLog.create(
-            admin_user_id=user.id,
+            admin_user_id=current_user.id,
             model=User.__class__.__name__,
             model_id=user.id,
             action=AuditLogActionEnum.unlink_user.value,
@@ -979,6 +979,67 @@ def delete_partner_link(self):
 
         return redirect(url_for("admin.email_search.index", query=user_id))
 
+    @expose("/stop_soft_delete_user", methods=["POST"])
+    def stop_soft_delete_user(self):
+        user_id = request.form.get("user_id")
+        if not user_id:
+            flash("Missing user_id", "error")
+            return redirect(url_for("admin.email_search.index"))
+        try:
+            user_id = int(user_id)
+        except ValueError:
+            flash("Missing user_id", "error")
+            return redirect(url_for("admin.email_search.index", query=user_id))
+        user = User.get(user_id)
+        if user is None:
+            flash("User not found", "error")
+            return redirect(url_for("admin.email_search.index", query=user_id))
+        if user.delete_on is None:
+            flash("User is not pending deletion", "error")
+            return redirect(url_for("admin.email_search.index", query=user_id))
+
+        user.delete_on = None
+        AdminAuditLog.create(
+            admin_user_id=current_user.id,
+            model=User.__class__.__name__,
+            model_id=user.id,
+            action=AuditLogActionEnum.stop_soft_delete_user.value,
+            data={"user_id": user_id},
+        )
+        Session.commit()
+
+        return redirect(url_for("admin.email_search.index", query=user_id))
+
+    @expose("/force_soft_delete_user", methods=["POST"])
+    def force_soft_delete_user(self):
+        user_id = request.form.get("user_id")
+        if not user_id:
+            flash("Missing user_id", "error")
+            return redirect(url_for("admin.email_search.index"))
+        try:
+            user_id = int(user_id)
+        except ValueError:
+            flash("Missing user_id", "error")
+            return redirect(url_for("admin.email_search.index", query=user_id))
+        user = User.get(user_id)
+        if user is None:
+            flash("User not found", "error")
+            return redirect(url_for("admin.email_search.index", query=user_id))
+        if user.delete_on is None:
+            flash("User is not pending deletion", "error")
+            return redirect(url_for("admin.email_search.index", query=user_id))
+        User.delete(user.id)
+        AdminAuditLog.create(
+            admin_user_id=current_user.id,
+            model=User.__class__.__name__,
+            model_id=user.id,
+            action=AuditLogActionEnum.delete_object.value,
+            data={"user_id": user_id},
+        )
+        Session.commit()
+
+        return redirect(url_for("admin.email_search.index", query=user_id))
+
 
 class CustomDomainWithValidationData:
     def __init__(self, domain: CustomDomain):
diff --git a/app/models.py b/app/models.py
index b0526d83a..1435cea2a 100644
--- a/app/models.py
+++ b/app/models.py
@@ -242,6 +242,7 @@ class AuditLogActionEnum(EnumE):
     stop_trial = 11
     unlink_user = 12
     delete_custom_domain = 13
+    stop_soft_delete_user = 14
 
 
 class Phase(EnumE):
diff --git a/templates/admin/email_search.html b/templates/admin/email_search.html
index fe52d6cc1..2c646e685 100644
--- a/templates/admin/email_search.html
+++ b/templates/admin/email_search.html
@@ -39,15 +39,39 @@ <h4>User {{ user.email }} with ID {{ user.id }}.</h4>
         {% endif %}
         {% if user.delete_on %}
 
-          <td class="text-danger">{{ user.delete_on }}</td>
+          <td>
+          <div class="text-danger">
+              {{ user.delete_on.format('YYYY-MM-DD HH:mm:ss') }}
+          </div>
+            <div class="d-flex justify-content-between">
+
+            <form class="d-inline"
+                  action="{{ url_for("admin.email_search.stop_soft_delete_user") }}"
+                  method="POST">
+                <input type="hidden" name="user_id" value="{{ user.id }}">
+                <button type="submit"
+                        onclick="return confirm('Are you sure you would like to stop user soft-deletion?');"
+                        class="btn btn-success d-inline">Restore</button>
+            </form>
+
+            <form class="d-inline"
+                  action="{{ url_for("admin.email_search.force_soft_delete_user") }}"
+                  method="POST">
+                <input type="hidden" name="user_id" value="{{ user.id }}">
+                <button type="submit"
+                        onclick="return confirm('Are you sure you would like to delete the user now?');"
+                        class="btn btn-danger d-inline">Delete now</button>
+            </form>
+            </div>
+          </td>
         {% else %}
           <td class="text-success">None</td>
         {% endif %}
         <td>{{ "yes" if user.is_paid() else "No" }}</td>
         <td>{{ "yes" if user.is_premium() else "No" }}</td>
         <td>{{ user.get_active_subscription() }}</td>
-        <td>{{ user.created_at }}</td>
-        <td>{{ user.updated_at }}</td>
+        <td>{{ user.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
+        <td>{{ user.updated_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
         {% if pu %}
 
           <td class="flex">
@@ -91,7 +115,7 @@ <h4>
             <a href="?query={{ mailbox.email }}">{{ mailbox.email }}</a>
           </td>
           <td>{{ "Yes" if mailbox.verified else "No" }}</td>
-          <td>{{ mailbox.created_at }}</td>
+          <td>{{ mailbox.created_at.format('YYYY-MM-DD HH:mm:ss')}}</td>
         </tr>
       {% endfor %}
     </tbody>
@@ -120,7 +144,7 @@ <h4>
             <a href="?query={{ alias.email }}">{{ alias.email }}</a>
           </td>
           <td>{{ "Yes" if alias.enabled else "No" }}</td>
-          <td>{{ alias.created_at }}</td>
+          <td>{{ alias.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
         </tr>
       {% endfor %}
     </tbody>
@@ -141,7 +165,7 @@ <h4>Deleted Alias {{ deleted_alias.email }} with ID {{ deleted_alias.id }}.</h4>
       <tr>
         <td>{{ deleted_alias.id }}</td>
         <td>{{ deleted_alias.email }}</td>
-        <td>{{ deleted_alias.created_at }}</td>
+        <td>{{ deleted_alias.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
         <td>{{ deleted_alias.reason }}</td>
       </tr>
     </tbody>
@@ -171,7 +195,7 @@ <h4>
         <td>{{ dom_deleted_alias.domain.domain }}</td>
         <td>{{ dom_deleted_alias.domain.id }}</td>
         <td>{{ dom_deleted_alias.domain.user_id }}</td>
-        <td>{{ dom_deleted_alias.created_at }}</td>
+        <td>{{ dom_deleted_alias.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
       </tr>
     </tbody>
   </table>
@@ -201,7 +225,7 @@ <h4>Alias Audit Log</h4>
           </td>
           <td>{{ entry.action }}</td>
           <td>{{ entry.message }}</td>
-          <td>{{ entry.created_at }}</td>
+          <td>{{ entry.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
         </tr>
       {% endfor %}
     </tbody>
@@ -227,7 +251,7 @@ <h4>User Audit Log</h4>
           </td>
           <td>{{ entry.action }}</td>
           <td>{{ entry.message }}</td>
-          <td>{{ entry.created_at }}</td>
+          <td>{{ entry.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
         </tr>
       {% endfor %}
     </tbody>

From 5afde2bd8ce8e47f62e7410734d45b6e3ee8d473 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= <adria.casajus@proton.ch>
Date: Wed, 6 Aug 2025 10:36:41 +0200
Subject: [PATCH 3/6] Fix inverted condition

---
 email_handler.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/email_handler.py b/email_handler.py
index 0c52467ad..a85888d69 100644
--- a/email_handler.py
+++ b/email_handler.py
@@ -632,7 +632,7 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
                     if reply_contact:
                         reply_to_contact.append(reply_contact)
 
-    if alias.user.is_active():
+    if not alias.user.is_active():
         LOG.d(f"user {user} is pending to be deleted. Do not forward")
         EmailLog.create(
             contact_id=contact.id,

From aa9a582871baf09aa47efb52da91dd1e15f4e3b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= <adria.casajus@proton.ch>
Date: Wed, 6 Aug 2025 10:48:06 +0200
Subject: [PATCH 4/6] Update test

---
 tests/api/test_user.py | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/tests/api/test_user.py b/tests/api/test_user.py
index 76bc3b851..3ea82cf7c 100644
--- a/tests/api/test_user.py
+++ b/tests/api/test_user.py
@@ -2,9 +2,8 @@
 
 from flask import url_for
 
-from app.constants import JobType
 from app.db import Session
-from app.models import Job, ApiToCookieToken
+from app.models import Job, ApiToCookieToken, User, ApiKey
 from tests.api.utils import get_new_user_and_api_key
 
 
@@ -45,11 +44,9 @@ def test_delete_with_sudo(flask_client):
     )
 
     assert r.status_code == 200
-    jobs = Job.all()
-    assert len(jobs) == 1
-    job = jobs[0]
-    assert job.name == JobType.DELETE_ACCOUNT.value
-    assert job.payload == {"user_id": user.id}
+    db_user = User.get(user.id)
+    assert db_user.delete_on is not None
+    assert ApiKey.filter_by(user_id=db_user.id).count() == 0
 
 
 def test_get_cookie_token(flask_client):

From e2993c787775fb6f76063f1b948703731e757853 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= <adria.casajus@proton.ch>
Date: Wed, 6 Aug 2025 12:05:48 +0200
Subject: [PATCH 5/6] html format

---
 templates/admin/abuser_lookup.html        | 275 +++++++++++-----------
 templates/admin/custom_domain_search.html |  24 +-
 templates/admin/email_search.html         |  38 ++-
 templates/dashboard/delete_account.html   |  10 +-
 templates/dashboard/setting.html          |   4 +-
 5 files changed, 179 insertions(+), 172 deletions(-)

diff --git a/templates/admin/abuser_lookup.html b/templates/admin/abuser_lookup.html
index f58c794e6..0e53e2b17 100644
--- a/templates/admin/abuser_lookup.html
+++ b/templates/admin/abuser_lookup.html
@@ -1,152 +1,163 @@
 {% extends 'admin/master.html' %}
 
 {% macro show_user_overview(bundle) -%}
-    <h5>Overview</h5>
-    <table class="table table-striped table-bordered table-hover">
-        <thead>
-        <tr>
-            <th scope="col">User ID</th>
-            <th scope="col">Primary email address</th>
-            <th scope="col">User created</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr>
-            <td>
-                {% if bundle.get('user', None) %}
-                    <a href="/admin/user/?search={{ bundle.get('user').id }}">{{ bundle.get('user').id }}</a>
-                {% else %}
-                    {{ bundle.get('account_id') }}
-                {% endif %}
-            </td>
-            <td>
-                {% if bundle.get('user', None) %}
-                    <a href="/admin/admin.email_search/?query={{ bundle.get('user').email }}">{{ bundle.get('user').email }}</a>
-                {% else %}
-                    {{ bundle.get('email', '') }}
-                {% endif %}
-            </td>
-            <td>{{ bundle.get('user_created_at', '').strftime('%B %d, %Y %I:%M %p') }}</td>
-        </tr>
-        </tbody>
-    </table>
+  <h5>Overview</h5>
+  <table class="table table-striped table-bordered table-hover">
+    <thead>
+      <tr>
+        <th scope="col">User ID</th>
+        <th scope="col">Primary email address</th>
+        <th scope="col">User created</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td>
+          {% if bundle.get('user', None) %}
+
+            <a href="/admin/user/?search={{ bundle.get("user").id }}">{{ bundle.get("user").id }}</a>
+          {% else %}
+            {{ bundle.get("account_id") }}
+          {% endif %}
+        </td>
+        <td>
+          {% if bundle.get('user', None) %}
+
+            <a href="/admin/admin.email_search/?query={{ bundle.get("user").email }}">{{ bundle.get("user").email }}</a>
+          {% else %}
+            {{ bundle.get('email', '') }}
+          {% endif %}
+        </td>
+        <td>{{ bundle.get('user_created_at', '').strftime('%B %d, %Y %I:%M %p') }}</td>
+      </tr>
+    </tbody>
+  </table>
 {%- endmacro %}
 {% macro show_emails_table(emails) -%}
-    <table class="table table-striped table-bordered table-hover">
-        <thead>
+  <table class="table table-striped table-bordered table-hover">
+    <thead>
+      <tr>
+        <th scope="col">#</th>
+        <th scope="col">Email address</th>
+        <th scope="col">Date created</th>
+      </tr>
+    </thead>
+    <tbody>
+      {% for idx, email in emails|enumerate %}
+
         <tr>
-            <th scope="col">#</th>
-            <th scope="col">Email address</th>
-            <th scope="col">Date created</th>
+          <th scope="row">{{ idx + 1 }}</th>
+          <td>{{ email.get('address', '') }}</td>
+          <td>{{ email.get('created_at', '').strftime('%B %d, %Y %I:%M %p') }}</td>
         </tr>
-        </thead>
-        <tbody>
-        {% for idx, email in emails|enumerate %}
-            <tr>
-                <th scope="row">{{ idx + 1 }}</th>
-                <td>{{ email.get('address', '') }}</td>
-                <td>{{ email.get('created_at', '').strftime('%B %d, %Y %I:%M %p') }}</td>
-            </tr>
-        {% endfor %}
-        </tbody>
-    </table>
+      {% endfor %}
+    </tbody>
+  </table>
 {%- endmacro %}
 {% macro show_bundle(no, bundle) -%}
-    <h3>Bundle #{{ no + 1 }}</h3>
-    {{ show_user_overview(bundle) }}
-    {% if bundle.get('aliases', []) %}
-        <h5>List of aliases</h5>
-        {{ show_emails_table(bundle.get('aliases', [])) }}
-    {% endif %}
-    {% if bundle.get('mailboxes', []) %}
-        <h5>List of mailboxes</h5>
-        {{ show_emails_table(bundle.get('mailboxes', [])) }}
-    {% endif %}
-    <div>
-        <button type="button" class="btn btn-secondary"
-                onclick="navigator.clipboard.writeText('{{ bundle.get('json', '') }}');alert('The bundle data has been copied to your clipboard.');">
-            Copy bundle
-        </button>
-    </div>
-    <hr>
+  <h3>Bundle #{{ no + 1 }}</h3>
+  {{ show_user_overview(bundle) }}
+  {% if bundle.get('aliases', []) %}
+
+    <h5>List of aliases</h5>
+    {{ show_emails_table(bundle.get('aliases', []) ) }}
+  {% endif %}
+  {% if bundle.get('mailboxes', []) %}
+
+    <h5>List of mailboxes</h5>
+    {{ show_emails_table(bundle.get('mailboxes', []) ) }}
+  {% endif %}
+  <div>
+    <button type="button"
+            class="btn btn-secondary"
+            onclick="navigator.clipboard.writeText('{{ bundle.get('json', '') }}');alert('The bundle data has been copied to your clipboard.');">
+      Copy bundle
+    </button>
+  </div>
+  <hr>
 {%- endmacro %}
 {% macro show_bundles(bundles) -%}
-    <div class="flex gap-2">
-        {% for idx, bundle in bundles|enumerate %}
-            <div>
-                {{ show_bundle(idx, bundle) }}
-            </div>
-        {% endfor %}
-    </div>
+  <div class="flex gap-2">
+    {% for idx, bundle in bundles|enumerate %}<div>{{ show_bundle(idx, bundle) }}</div>{% endfor %}
+  </div>
 {%- endmacro %}
 {% macro show_audit_log(audit_log) -%}
-    {% if audit_log and audit_log|length > 0 %}
-        <p>
-            <a class="btn btn-primary" data-toggle="collapse" href="#multiCollapseExample1" role="button"
-               aria-expanded="false" aria-controls="multiCollapseExample1">Toggle audit log</a>
-        </p>
-        <div class="row">
-            <div class="col">
-                <div class="collapse multi-collapse" id="multiCollapseExample1">
-                    <div class="card card-body">
-                        <table class="table table-striped table-bordered table-hover">
-                            <thead>
-                            <tr>
-                                <th scope="col">#</th>
-                                <th scope="col">Action</th>
-                                <th scope="col">Message</th>
-                                <th scope="col">Date created</th>
-                                <th scope="col">Admin User ID</th>
-                            </tr>
-                            </thead>
-                            <tbody>
-                            {% for idx, log in audit_log|enumerate %}
-                                <tr>
-                                    <th scope="row">{{ idx + 1 }}</th>
-                                    <td>
-                                        <code>{{ log.get('action', '') }}</code>
-                                    </td>
-                                    <td>{{ log.get('message', '') }}</td>
-                                    <td>{{ log.get('created_at', '').strftime('%B %d, %Y %I:%M %p') }}</td>
-                                    <td>
-                                        <a href="/admin/user/?search={{ log.admin_id }}">{{ log.admin_id }}</a>
-                                    </td>
-                                </tr>
-                            {% endfor %}
-                            </tbody>
-                        </table>
-                    </div>
-                    <br>
-                </div>
-            </div>
+  {% if audit_log and audit_log|length > 0 %}
+
+    <p>
+      <a class="btn btn-primary"
+         data-toggle="collapse"
+         href="#multiCollapseExample1"
+         role="button"
+         aria-expanded="false"
+         aria-controls="multiCollapseExample1">Toggle audit log</a>
+    </p>
+    <div class="row">
+      <div class="col">
+        <div class="collapse multi-collapse" id="multiCollapseExample1">
+          <div class="card card-body">
+            <table class="table table-striped table-bordered table-hover">
+              <thead>
+                <tr>
+                  <th scope="col">#</th>
+                  <th scope="col">Action</th>
+                  <th scope="col">Message</th>
+                  <th scope="col">Date created</th>
+                  <th scope="col">Admin User ID</th>
+                </tr>
+              </thead>
+              <tbody>
+                {% for idx, log in audit_log|enumerate %}
+
+                  <tr>
+                    <th scope="row">{{ idx + 1 }}</th>
+                    <td>
+                      <code>{{ log.get('action', '') }}</code>
+                    </td>
+                    <td>{{ log.get('message', '') }}</td>
+                    <td>{{ log.get('created_at', '').strftime('%B %d, %Y %I:%M %p') }}</td>
+                    <td>
+                      <a href="/admin/user/?search={{ log.admin_id }}">{{ log.admin_id }}</a>
+                    </td>
+                  </tr>
+                {% endfor %}
+              </tbody>
+            </table>
+          </div>
+          <br>
         </div>
-    {% endif %}
+      </div>
+    </div>
+  {% endif %}
 {%- endmacro %}
 {% block body %}
 
+  <div class="border border-dark border-2 mt-1 mb-2 p-3">
+    <form method="get">
+      <div class="form-group">
+        <label for="search">UserID or Email to search::</label>
+        <input type="text"
+               class="form-control"
+               name="search"
+               value="{{ query or '' }}" />
+      </div>
+      <button type="submit" class="btn btn-primary">Look up</button>
+    </form>
+  </div>
+  {% if data.no_match and query %}
+
+    <div class="border border-dark border-2 mt-1 mb-2 p-3 alert alert-warning"
+         role="alert">No abuser data was found for the provided email address.</div>
+  {% endif %}
+  {% if data.bundles %}
+
     <div class="border border-dark border-2 mt-1 mb-2 p-3">
-        <form method="get">
-            <div class="form-group">
-                <label for="search">UserID or Email to search::</label>
-                <input type="text"
-                       class="form-control"
-                       name="search"
-                       value="{{ query or '' }}"/>
-            </div>
-            <button type="submit" class="btn btn-primary">Look up</button>
-        </form>
-    </div>
-    {% if data.no_match and query %}
-        <div class="border border-dark border-2 mt-1 mb-2 p-3 alert alert-warning"
-             role="alert">No abuser data was found for the provided email address.
-        </div>
-    {% endif %}
-    {% if data.bundles %}
-        <div class="border border-dark border-2 mt-1 mb-2 p-3">
-            <h3 class="mb-3">Found abuser data for <code>{{ data.query }}</code></h3>
-            {{ show_audit_log(data.audit_log) }}
-            {{ show_bundles(data.bundles) }}
-        </div>
-    {% endif %}
+      <h3 class="mb-3">
+        Found abuser data for <code>{{ data.query }}</code>
+      </h3>
+      {{ show_audit_log(data.audit_log) }}
+      {{ show_bundles(data.bundles) }}
     </div>
+  {% endif %}
+</div>
 {% endblock %}
diff --git a/templates/admin/custom_domain_search.html b/templates/admin/custom_domain_search.html
index e3fefb2fa..19d9fdcbf 100644
--- a/templates/admin/custom_domain_search.html
+++ b/templates/admin/custom_domain_search.html
@@ -135,18 +135,17 @@ <h5>{{ title }}</h5>
 {% macro show_domain(domain_with_data) -%}
   <div class="col-md-3 mb-4">
     <div class="card card-shadow">
-
       {% if domain_with_data.domain.pending_deletion == True %}
-          <div class="domain-title domain-pending-deletion text-center">
-              <h4>Domain {{ domain_with_data.domain.domain }}</h4>
-              <h5>Scheduled for deletion</h5>
-          </div>
+
+        <div class="domain-title domain-pending-deletion text-center">
+          <h4>Domain {{ domain_with_data.domain.domain }}</h4>
+          <h5>Scheduled for deletion</h5>
+        </div>
       {% else %}
-          <div class="domain-title domain-active text-center">
-              <h4>Domain {{ domain_with_data.domain.domain }}</h4>
-          </div>
+        <div class="domain-title domain-active text-center">
+          <h4>Domain {{ domain_with_data.domain.domain }}</h4>
+        </div>
       {% endif %}
-
       <div class="card-body">
         {% set domain = domain_with_data.domain %}
         <ul class="list-group">
@@ -158,17 +157,16 @@ <h4>Domain {{ domain_with_data.domain.domain }}</h4>
             {{ show_verification("DKIM {}.{}".format(dkim_domain, domain.domain) , domain_with_data.dkim_expected[dkim_domain], [domain_with_data.dkim_validation.get(dkim_domain+"."+domain.domain,'')]) }}
           {% endfor %}
         </ul>
-
         <form class="my-3"
               action="{{ url_for("admin.custom_domain_search.delete_custom_domain") }}"
               method="POST">
-            <input type="hidden" name="domain_id" value="{{ domain.id }}">
+          <input type="hidden" name="domain_id" value="{{ domain.id }}">
+          {% if domain_with_data.domain_pending_deletion == False %}
 
-            {% if domain_with_data.domain_pending_deletion == False %}
             <button type="submit"
                     onclick="return confirm('Are you sure you would like to delete the custom domain?');"
                     class="btn btn-danger w-100">Delete</button>
-            {% endif %}
+          {% endif %}
         </form>
       </div>
     </div>
diff --git a/templates/admin/email_search.html b/templates/admin/email_search.html
index 2c646e685..6f24706d9 100644
--- a/templates/admin/email_search.html
+++ b/templates/admin/email_search.html
@@ -40,28 +40,24 @@ <h4>User {{ user.email }} with ID {{ user.id }}.</h4>
         {% if user.delete_on %}
 
           <td>
-          <div class="text-danger">
-              {{ user.delete_on.format('YYYY-MM-DD HH:mm:ss') }}
-          </div>
+            <div class="text-danger">{{ user.delete_on.format("YYYY-MM-DD HH:mm:ss") }}</div>
             <div class="d-flex justify-content-between">
-
-            <form class="d-inline"
-                  action="{{ url_for("admin.email_search.stop_soft_delete_user") }}"
-                  method="POST">
+              <form class="d-inline"
+                    action="{{ url_for("admin.email_search.stop_soft_delete_user") }}"
+                    method="POST">
                 <input type="hidden" name="user_id" value="{{ user.id }}">
                 <button type="submit"
                         onclick="return confirm('Are you sure you would like to stop user soft-deletion?');"
                         class="btn btn-success d-inline">Restore</button>
-            </form>
-
-            <form class="d-inline"
-                  action="{{ url_for("admin.email_search.force_soft_delete_user") }}"
-                  method="POST">
+              </form>
+              <form class="d-inline"
+                    action="{{ url_for("admin.email_search.force_soft_delete_user") }}"
+                    method="POST">
                 <input type="hidden" name="user_id" value="{{ user.id }}">
                 <button type="submit"
                         onclick="return confirm('Are you sure you would like to delete the user now?');"
                         class="btn btn-danger d-inline">Delete now</button>
-            </form>
+              </form>
             </div>
           </td>
         {% else %}
@@ -70,8 +66,8 @@ <h4>User {{ user.email }} with ID {{ user.id }}.</h4>
         <td>{{ "yes" if user.is_paid() else "No" }}</td>
         <td>{{ "yes" if user.is_premium() else "No" }}</td>
         <td>{{ user.get_active_subscription() }}</td>
-        <td>{{ user.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
-        <td>{{ user.updated_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
+        <td>{{ user.created_at.format("YYYY-MM-DD HH:mm:ss") }}</td>
+        <td>{{ user.updated_at.format("YYYY-MM-DD HH:mm:ss") }}</td>
         {% if pu %}
 
           <td class="flex">
@@ -115,7 +111,7 @@ <h4>
             <a href="?query={{ mailbox.email }}">{{ mailbox.email }}</a>
           </td>
           <td>{{ "Yes" if mailbox.verified else "No" }}</td>
-          <td>{{ mailbox.created_at.format('YYYY-MM-DD HH:mm:ss')}}</td>
+          <td>{{ mailbox.created_at.format("YYYY-MM-DD HH:mm:ss") }}</td>
         </tr>
       {% endfor %}
     </tbody>
@@ -144,7 +140,7 @@ <h4>
             <a href="?query={{ alias.email }}">{{ alias.email }}</a>
           </td>
           <td>{{ "Yes" if alias.enabled else "No" }}</td>
-          <td>{{ alias.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
+          <td>{{ alias.created_at.format("YYYY-MM-DD HH:mm:ss") }}</td>
         </tr>
       {% endfor %}
     </tbody>
@@ -165,7 +161,7 @@ <h4>Deleted Alias {{ deleted_alias.email }} with ID {{ deleted_alias.id }}.</h4>
       <tr>
         <td>{{ deleted_alias.id }}</td>
         <td>{{ deleted_alias.email }}</td>
-        <td>{{ deleted_alias.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
+        <td>{{ deleted_alias.created_at.format("YYYY-MM-DD HH:mm:ss") }}</td>
         <td>{{ deleted_alias.reason }}</td>
       </tr>
     </tbody>
@@ -195,7 +191,7 @@ <h4>
         <td>{{ dom_deleted_alias.domain.domain }}</td>
         <td>{{ dom_deleted_alias.domain.id }}</td>
         <td>{{ dom_deleted_alias.domain.user_id }}</td>
-        <td>{{ dom_deleted_alias.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
+        <td>{{ dom_deleted_alias.created_at.format("YYYY-MM-DD HH:mm:ss") }}</td>
       </tr>
     </tbody>
   </table>
@@ -225,7 +221,7 @@ <h4>Alias Audit Log</h4>
           </td>
           <td>{{ entry.action }}</td>
           <td>{{ entry.message }}</td>
-          <td>{{ entry.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
+          <td>{{ entry.created_at.format("YYYY-MM-DD HH:mm:ss") }}</td>
         </tr>
       {% endfor %}
     </tbody>
@@ -251,7 +247,7 @@ <h4>User Audit Log</h4>
           </td>
           <td>{{ entry.action }}</td>
           <td>{{ entry.message }}</td>
-          <td>{{ entry.created_at.format('YYYY-MM-DD HH:mm:ss') }}</td>
+          <td>{{ entry.created_at.format("YYYY-MM-DD HH:mm:ss") }}</td>
         </tr>
       {% endfor %}
     </tbody>
diff --git a/templates/dashboard/delete_account.html b/templates/dashboard/delete_account.html
index d708bec0a..e4e16e643 100644
--- a/templates/dashboard/delete_account.html
+++ b/templates/dashboard/delete_account.html
@@ -7,14 +7,16 @@
   <div class="card">
     <div class="card-body">
       <div class="h2">Account Deletion</div>
-      <div class="my-3 alert alert-warning">
-        Once an account is deleted, it can't be restored.
-        All its records (aliases, domains, settings, etc.) are immediately deleted.
+      <div class="my-3 alert alert-danger">
+        Once an account is deleted, it can't be restored. You will lose access immediately to all the data stored in this account (aliases, domains, settings, etc.)
+      </div>
+      <div class="my-3 alert alert-danger">
+        You will not be able to create another account with the same email for some time.
       </div>
       <form method="post">
         <input type="hidden" name="form-name" value="delete-account">
         {{ delete_form.csrf_token }}
-        <span class="delete-account btn btn-outline-danger">Delete account</span>
+        <span class="delete-account btn btn-outline-danger">Delete my account.</span>
       </form>
     </div>
   </div>
diff --git a/templates/dashboard/setting.html b/templates/dashboard/setting.html
index 60a68796f..f8d332b64 100644
--- a/templates/dashboard/setting.html
+++ b/templates/dashboard/setting.html
@@ -488,9 +488,9 @@
                         <input type="hidden" name="form-name" value="alias-delete-action">
                         <select class="form-control mr-sm-2" name="alias-delete-action">
                           <option value="{{ UserAliasDeleteAction.MoveToTrash.value }}" {% if current_user.alias_delete_action.value == UserAliasDeleteAction.MoveToTrash.value %}
-                            selected="selected"{% endif %}>Move to Trash</option>
+                             selected="selected"{% endif %}>Move to Trash</option>
                           <option value="{{ UserAliasDeleteAction.DeleteImmediately.value }}" {% if current_user.alias_delete_action.value == UserAliasDeleteAction.DeleteImmediately.value %}
-                            selected="selected"{% endif %}>Delete immediately</option>
+                             selected="selected"{% endif %}>Delete immediately</option>
                         </select>
                         <button class="btn btn-outline-primary">Update</button>
                       </form>

From a99e70d6a62504eecf4993cbc0db8a5a34a2eaca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?= <adria.casajus@proton.ch>
Date: Wed, 6 Aug 2025 12:15:03 +0200
Subject: [PATCH 6/6] Added logs

---
 app/user_utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/user_utils.py b/app/user_utils.py
index 3c3a77338..9be3adeec 100644
--- a/app/user_utils.py
+++ b/app/user_utils.py
@@ -8,7 +8,7 @@
 
 
 def soft_delete_user(user: User, source: str):
-    LOG.i(f"Marked user {user} for soft-deletion")
+    LOG.i(f"Marked user {user} for soft-deletion from {source}")
     emit_user_audit_log(
         user=user,
         action=UserAuditLogAction.UserMarkedForDeletion,