Merge branch 'feature/account-deletion' into 'develop' - pleroma - My custom branche(s) on git.pleroma.social/pleroma/pleroma

commit: 8b0c222b436d9473f868087fb4eaf78a0b1e7052
parent: 40af4525940e8bdf09520c2320ae93d6c945bee2
Author: lambda <pleromagit@rogerbraun.net>
Date:   Sun, 20 May 2018 10:57:19 +0000

Merge branch 'feature/account-deletion' into 'develop'

Feature/account deletion

Closes #115

See merge request pleroma/pleroma!157
Diffstat:
M lib/pleroma/web/common_api/utils.ex 11 +++++++++++
M lib/pleroma/web/router.ex 1 +
M lib/pleroma/web/twitter_api/controllers/util_controller.ex 12 ++++++++++++
M test/web/common_api/common_api_utils_test.exs 15 +++++++++++++++
M test/web/twitter_api/twitter_api_controller_test.exs 27 +++++++++++++++++++++++++++

5 files changed, 66 insertions(+), 0 deletions(-)
diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
@@ -1,7 +1,9 @@
 defmodule Pleroma.Web.CommonAPI.Utils do
   alias Pleroma.{Repo, Object, Formatter, Activity}
   alias Pleroma.Web.ActivityPub.Utils
+  alias Pleroma.User
   alias Calendar.Strftime
+  alias Comeonin.Pbkdf2
 
   # This is a hack for twidere.
   def get_by_id_or_ap_id(id) do
@@ -184,4 +186,13 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       String.slice(name, 0..30) <> "…"
     end
   end
+
+  def confirm_current_password(user, params) do
+    with %User{local: true} = db_user <- Repo.get(User, user.id),
+         true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
+      {:ok, db_user}
+    else
+      _ -> {:error, "Invalid password."}
+    end
+  end
 end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
@@ -73,6 +73,7 @@ defmodule Pleroma.Web.Router do
   scope "/api/pleroma", Pleroma.Web.TwitterAPI do
     pipe_through(:authenticated_api)
     post("/follow_import", UtilController, :follow_import)
+    post("/delete_account", UtilController, :delete_account)
   end
 
   scope "/oauth", Pleroma.Web.OAuth do
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
   alias Pleroma.Web
   alias Pleroma.Web.OStatus
   alias Pleroma.Web.WebFinger
+  alias Pleroma.Web.CommonAPI
   alias Comeonin.Pbkdf2
   alias Pleroma.Formatter
   alias Pleroma.Web.ActivityPub.ActivityPub
@@ -195,4 +196,15 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
 
     json(conn, "job started")
   end
+
+  def delete_account(%{assigns: %{user: user}} = conn, params) do
+    case CommonAPI.Utils.confirm_current_password(user, params) do
+      {:ok, user} ->
+        Task.start(fn -> User.delete(user) end)
+        json(conn, %{status: "success"})
+
+      {:error, msg} ->
+        json(conn, %{error: msg})
+    end
+  end
 end
diff --git a/test/web/common_api/common_api_utils_test.exs b/test/web/common_api/common_api_utils_test.exs
@@ -1,5 +1,6 @@
 defmodule Pleroma.Web.CommonAPI.UtilsTest do
   alias Pleroma.Web.CommonAPI.Utils
+  alias Pleroma.Builders.{UserBuilder}
   use Pleroma.DataCase
 
   test "it adds attachment links to a given text and attachment set" do
@@ -15,4 +16,18 @@ defmodule Pleroma.Web.CommonAPI.UtilsTest do
     assert res ==
              "<br><a href=\"#{name}\" class='attachment'>Sakura Mana – Turned on by a Se…</a>"
   end
+
+  describe "it confirms the password given is the current users password" do
+    test "incorrect password given" do
+      {:ok, user} = UserBuilder.insert()
+
+      assert Utils.confirm_current_password(user, %{"password" => ""}) ==
+               {:error, "Invalid password."}
+    end
+
+    test "correct password given" do
+      {:ok, user} = UserBuilder.insert()
+      assert Utils.confirm_current_password(user, %{"password" => "test"}) == {:ok, user}
+    end
+  end
 end
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -800,4 +800,31 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     user = Repo.get!(User, user.id)
     assert user.bio == "Hello,<br>World! I<br> am a test."
   end
+
+  describe "POST /api/pleroma/delete_account" do
+    setup [:valid_user]
+
+    test "without credentials", %{conn: conn} do
+      conn = post(conn, "/api/pleroma/delete_account")
+      assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+    end
+
+    test "with credentials and invalid password", %{conn: conn, user: current_user} do
+      conn =
+        conn
+        |> with_credentials(current_user.nickname, "test")
+        |> post("/api/pleroma/delete_account", %{"password" => "hi"})
+
+      assert json_response(conn, 200) == %{"error" => "Invalid password."}
+    end
+
+    test "with credentials and valid password", %{conn: conn, user: current_user} do
+      conn =
+        conn
+        |> with_credentials(current_user.nickname, "test")
+        |> post("/api/pleroma/delete_account", %{"password" => "test"})
+
+      assert json_response(conn, 200) == %{"status" => "success"}
+    end
+  end
 end

M	lib/pleroma/web/common_api/utils.ex	11	+++++++++++
M	lib/pleroma/web/router.ex	1	+
M	lib/pleroma/web/twitter_api/controllers/util_controller.ex	12	++++++++++++
M	test/web/common_api/common_api_utils_test.exs	15	+++++++++++++++
M	test/web/twitter_api/twitter_api_controller_test.exs	27	+++++++++++++++++++++++++++