Moved account deletion stuff to somewhere that hopefully makes more sense

2018-05-13 14:24:15 +01:00 · 2018-05-13 14:24:15 +01:00 · 5bfb7b4ce6
commit 5bfb7b4ce6
parent a16117225f
5 changed files with 25 additions and 38 deletions
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@ -188,17 +188,11 @@ defp shortname(name) do
  end

  def confirm_current_password(user, params) do
-    case user do
-      nil ->
-        {:error, "Invalid credentials."}
-
-      _ ->
-        with %User{local: true} = db_user <- Repo.get(User, user.id),
-             true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
-          {:ok, db_user}
-        else
-          _ -> {:error, "Invalid password."}
-        end
+    with %User{local: true} = db_user <- Repo.get(User, user.id),
+          true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
+      {:ok, db_user}
+    else
+      _ -> {:error, "Invalid password."}
    end
  end
 end
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -73,6 +73,7 @@ def user_fetcher(username) do
  scope "/api/pleroma", Pleroma.Web.TwitterAPI do
    pipe_through(:authenticated_api)
    post("/follow_import", UtilController, :follow_import)
+    post("/delete_account", UtilController, :delete_account)
  end

  scope "/oauth", Pleroma.Web.OAuth do
@ -211,8 +212,6 @@ def user_fetcher(username) do
    post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner)
    post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background)

-    post("/account/delete_account", TwitterAPI.Controller, :delete_account)
-
    post(
      "/account/most_recent_notification",
      TwitterAPI.Controller,
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
  alias Pleroma.Web
  alias Pleroma.Web.OStatus
  alias Pleroma.Web.WebFinger
+  alias Pleroma.Web.CommonAPI
  alias Comeonin.Pbkdf2
  alias Pleroma.Formatter
  alias Pleroma.Web.ActivityPub.ActivityPub
@ -195,4 +196,17 @@ def follow_import(%{assigns: %{user: user}} = conn, %{"list" => list}) do

    json(conn, "job started")
  end
+
+  def delete_account(%{assigns: %{user: user}} = conn, params) do
+    case CommonAPI.Utils.confirm_current_password(user, params) do
+      {:ok, user} ->
+        case User.delete(user) do
+          :ok -> json(conn, %{status: "success"})
+          :error -> json(conn, %{error: "Unable to delete user."})
+        end
+
+      {:error, msg} ->
+        json(conn, %{error: msg})
+    end
+  end
 end
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@ -364,19 +364,6 @@ def update_profile(%{assigns: %{user: user}} = conn, params) do
    end
  end

-  def delete_account(%{assigns: %{user: user}} = conn, params) do
-    case CommonAPI.Utils.confirm_current_password(user, params) do
-      {:ok, user} ->
-        case User.delete(user) do
-          :ok -> json(conn, %{status: "success"})
-          :error -> error_json(conn, "Unable to delete user.")
-        end
-
-      {:error, msg} ->
-        forbidden_json_reply(conn, msg)
-    end
-  end
-
  def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do
    activities = TwitterAPI.search(user, params)

--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@ -801,11 +801,11 @@ test "Convert newlines to <br> in bio", %{conn: conn} do
    assert user.bio == "Hello,<br>World! I<br> am a test."
  end

-  describe "POST /api/account/delete_account" do
+  describe "POST /api/pleroma/delete_account" do
    setup [:valid_user]

    test "without credentials", %{conn: conn} do
-      conn = post(conn, "/api/account/delete_account")
+      conn = post(conn, "/api/pleroma/delete_account")
      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
    end

@ -813,23 +813,16 @@ test "with credentials and invalid password", %{conn: conn, user: current_user}
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
-        |> post("/api/account/delete_account", %{
-          "password" => ""
-        })
+        |> post("/api/pleroma/delete_account", %{"password" => "hi"})

-      assert json_response(conn, 403) == %{
-               "error" => "Invalid password.",
-               "request" => "/api/account/delete_account"
-             }
+      assert json_response(conn, 200) == %{"error" => "Invalid password."}
    end

    test "with credentials and valid password", %{conn: conn, user: current_user} do
      conn =
        conn
        |> with_credentials(current_user.nickname, "test")
-        |> post("/api/account/delete_account", %{
-          "password" => "test"
-        })
+        |> post("/api/pleroma/delete_account", %{"password" => "test"})

      assert json_response(conn, 200) == %{"status" => "success"}
      fetched_user = Repo.get(User, current_user.id)