Added endpoint for user account deletion

This commit is contained in:
Syldexia 2018-05-11 12:32:59 +01:00
parent 89954a2ce7
commit a16117225f
5 changed files with 88 additions and 0 deletions

View File

@ -1,7 +1,9 @@
defmodule Pleroma.Web.CommonAPI.Utils do defmodule Pleroma.Web.CommonAPI.Utils do
alias Pleroma.{Repo, Object, Formatter, Activity} alias Pleroma.{Repo, Object, Formatter, Activity}
alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.ActivityPub.Utils
alias Pleroma.User
alias Calendar.Strftime alias Calendar.Strftime
alias Comeonin.Pbkdf2
# This is a hack for twidere. # This is a hack for twidere.
def get_by_id_or_ap_id(id) do def get_by_id_or_ap_id(id) do
@ -184,4 +186,19 @@ defmodule Pleroma.Web.CommonAPI.Utils do
String.slice(name, 0..30) <> "" String.slice(name, 0..30) <> ""
end end
end end
def confirm_current_password(user, params) do
case user do
nil ->
{:error, "Invalid credentials."}
_ ->
with %User{local: true} = db_user <- Repo.get(User, user.id),
true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
{:ok, db_user}
else
_ -> {:error, "Invalid password."}
end
end
end
end end

View File

@ -211,6 +211,8 @@ defmodule Pleroma.Web.Router do
post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner) post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner)
post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background) post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background)
post("/account/delete_account", TwitterAPI.Controller, :delete_account)
post( post(
"/account/most_recent_notification", "/account/most_recent_notification",
TwitterAPI.Controller, TwitterAPI.Controller,

View File

@ -364,6 +364,19 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
end end
end end
def delete_account(%{assigns: %{user: user}} = conn, params) do
case CommonAPI.Utils.confirm_current_password(user, params) do
{:ok, user} ->
case User.delete(user) do
:ok -> json(conn, %{status: "success"})
:error -> error_json(conn, "Unable to delete user.")
end
{:error, msg} ->
forbidden_json_reply(conn, msg)
end
end
def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do
activities = TwitterAPI.search(user, params) activities = TwitterAPI.search(user, params)

View File

@ -1,5 +1,6 @@
defmodule Pleroma.Web.CommonAPI.UtilsTest do defmodule Pleroma.Web.CommonAPI.UtilsTest do
alias Pleroma.Web.CommonAPI.Utils alias Pleroma.Web.CommonAPI.Utils
alias Pleroma.Builders.{UserBuilder}
use Pleroma.DataCase use Pleroma.DataCase
test "it adds attachment links to a given text and attachment set" do test "it adds attachment links to a given text and attachment set" do
@ -15,4 +16,23 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
assert res == assert res ==
"<br><a href=\"#{name}\" class='attachment'>Sakura Mana Turned on by a Se…</a>" "<br><a href=\"#{name}\" class='attachment'>Sakura Mana Turned on by a Se…</a>"
end end
describe "it confirms the password given is the current users password" do
test "with no credentials" do
assert Utils.confirm_current_password(nil, %{"password" => "test"}) ==
{:error, "Invalid credentials."}
end
test "with incorrect password given" do
{:ok, user} = UserBuilder.insert()
assert Utils.confirm_current_password(user, %{"password" => ""}) ==
{:error, "Invalid password."}
end
test "with correct password given" do
{:ok, user} = UserBuilder.insert()
assert Utils.confirm_current_password(user, %{"password" => "test"}) == {:ok, user}
end
end
end end

View File

@ -800,4 +800,40 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
user = Repo.get!(User, user.id) user = Repo.get!(User, user.id)
assert user.bio == "Hello,<br>World! I<br> am a test." assert user.bio == "Hello,<br>World! I<br> am a test."
end end
describe "POST /api/account/delete_account" do
setup [:valid_user]
test "without credentials", %{conn: conn} do
conn = post(conn, "/api/account/delete_account")
assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
end
test "with credentials and invalid password", %{conn: conn, user: current_user} do
conn =
conn
|> with_credentials(current_user.nickname, "test")
|> post("/api/account/delete_account", %{
"password" => ""
})
assert json_response(conn, 403) == %{
"error" => "Invalid password.",
"request" => "/api/account/delete_account"
}
end
test "with credentials and valid password", %{conn: conn, user: current_user} do
conn =
conn
|> with_credentials(current_user.nickname, "test")
|> post("/api/account/delete_account", %{
"password" => "test"
})
assert json_response(conn, 200) == %{"status" => "success"}
fetched_user = Repo.get(User, current_user.id)
assert fetched_user.info == %{"deactivated" => true}
end
end
end end