Moved account deletion stuff to somewhere that hopefully makes more sense

This commit is contained in:
Syldexia 2018-05-13 14:24:15 +01:00
parent a16117225f
commit 5bfb7b4ce6
5 changed files with 25 additions and 38 deletions

View file

@ -188,11 +188,6 @@ defp shortname(name) do
end end
def confirm_current_password(user, params) do def confirm_current_password(user, params) do
case user do
nil ->
{:error, "Invalid credentials."}
_ ->
with %User{local: true} = db_user <- Repo.get(User, user.id), with %User{local: true} = db_user <- Repo.get(User, user.id),
true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
{:ok, db_user} {:ok, db_user}
@ -201,4 +196,3 @@ def confirm_current_password(user, params) do
end end
end end
end end
end

View file

@ -73,6 +73,7 @@ def user_fetcher(username) do
scope "/api/pleroma", Pleroma.Web.TwitterAPI do scope "/api/pleroma", Pleroma.Web.TwitterAPI do
pipe_through(:authenticated_api) pipe_through(:authenticated_api)
post("/follow_import", UtilController, :follow_import) post("/follow_import", UtilController, :follow_import)
post("/delete_account", UtilController, :delete_account)
end end
scope "/oauth", Pleroma.Web.OAuth do scope "/oauth", Pleroma.Web.OAuth do
@ -211,8 +212,6 @@ def user_fetcher(username) do
post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner) post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner)
post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background) post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background)
post("/account/delete_account", TwitterAPI.Controller, :delete_account)
post( post(
"/account/most_recent_notification", "/account/most_recent_notification",
TwitterAPI.Controller, TwitterAPI.Controller,

View file

@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
alias Pleroma.Web alias Pleroma.Web
alias Pleroma.Web.OStatus alias Pleroma.Web.OStatus
alias Pleroma.Web.WebFinger alias Pleroma.Web.WebFinger
alias Pleroma.Web.CommonAPI
alias Comeonin.Pbkdf2 alias Comeonin.Pbkdf2
alias Pleroma.Formatter alias Pleroma.Formatter
alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.ActivityPub.ActivityPub
@ -195,4 +196,17 @@ def follow_import(%{assigns: %{user: user}} = conn, %{"list" => list}) do
json(conn, "job started") json(conn, "job started")
end end
def delete_account(%{assigns: %{user: user}} = conn, params) do
case CommonAPI.Utils.confirm_current_password(user, params) do
{:ok, user} ->
case User.delete(user) do
:ok -> json(conn, %{status: "success"})
:error -> json(conn, %{error: "Unable to delete user."})
end
{:error, msg} ->
json(conn, %{error: msg})
end
end
end end

View file

@ -364,19 +364,6 @@ def update_profile(%{assigns: %{user: user}} = conn, params) do
end end
end end
def delete_account(%{assigns: %{user: user}} = conn, params) do
case CommonAPI.Utils.confirm_current_password(user, params) do
{:ok, user} ->
case User.delete(user) do
:ok -> json(conn, %{status: "success"})
:error -> error_json(conn, "Unable to delete user.")
end
{:error, msg} ->
forbidden_json_reply(conn, msg)
end
end
def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do
activities = TwitterAPI.search(user, params) activities = TwitterAPI.search(user, params)

View file

@ -801,11 +801,11 @@ test "Convert newlines to <br> in bio", %{conn: conn} do
assert user.bio == "Hello,<br>World! I<br> am a test." assert user.bio == "Hello,<br>World! I<br> am a test."
end end
describe "POST /api/account/delete_account" do describe "POST /api/pleroma/delete_account" do
setup [:valid_user] setup [:valid_user]
test "without credentials", %{conn: conn} do test "without credentials", %{conn: conn} do
conn = post(conn, "/api/account/delete_account") conn = post(conn, "/api/pleroma/delete_account")
assert json_response(conn, 403) == %{"error" => "Invalid credentials."} assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
end end
@ -813,23 +813,16 @@ test "with credentials and invalid password", %{conn: conn, user: current_user}
conn = conn =
conn conn
|> with_credentials(current_user.nickname, "test") |> with_credentials(current_user.nickname, "test")
|> post("/api/account/delete_account", %{ |> post("/api/pleroma/delete_account", %{"password" => "hi"})
"password" => ""
})
assert json_response(conn, 403) == %{ assert json_response(conn, 200) == %{"error" => "Invalid password."}
"error" => "Invalid password.",
"request" => "/api/account/delete_account"
}
end end
test "with credentials and valid password", %{conn: conn, user: current_user} do test "with credentials and valid password", %{conn: conn, user: current_user} do
conn = conn =
conn conn
|> with_credentials(current_user.nickname, "test") |> with_credentials(current_user.nickname, "test")
|> post("/api/account/delete_account", %{ |> post("/api/pleroma/delete_account", %{"password" => "test"})
"password" => "test"
})
assert json_response(conn, 200) == %{"status" => "success"} assert json_response(conn, 200) == %{"status" => "success"}
fetched_user = Repo.get(User, current_user.id) fetched_user = Repo.get(User, current_user.id)