diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex
index 5c2123f2d..d9f80ee0f 100644
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@@ -188,17 +188,11 @@ defmodule Pleroma.Web.CommonAPI.Utils do
end
def confirm_current_password(user, params) do
- case user do
- nil ->
- {:error, "Invalid credentials."}
-
- _ ->
- with %User{local: true} = db_user <- Repo.get(User, user.id),
- true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
- {:ok, db_user}
- else
- _ -> {:error, "Invalid password."}
- end
+ with %User{local: true} = db_user <- Repo.get(User, user.id),
+ true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
+ {:ok, db_user}
+ else
+ _ -> {:error, "Invalid password."}
end
end
end
diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex
index 829d9fc7b..2b5209b75 100644
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@@ -73,6 +73,7 @@ defmodule Pleroma.Web.Router do
scope "/api/pleroma", Pleroma.Web.TwitterAPI do
pipe_through(:authenticated_api)
post("/follow_import", UtilController, :follow_import)
+ post("/delete_account", UtilController, :delete_account)
end
scope "/oauth", Pleroma.Web.OAuth do
@@ -211,8 +212,6 @@ defmodule Pleroma.Web.Router do
post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner)
post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background)
- post("/account/delete_account", TwitterAPI.Controller, :delete_account)
-
post(
"/account/most_recent_notification",
TwitterAPI.Controller,
diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
index ea540b34c..3f3ddb9e4 100644
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
alias Pleroma.Web
alias Pleroma.Web.OStatus
alias Pleroma.Web.WebFinger
+ alias Pleroma.Web.CommonAPI
alias Comeonin.Pbkdf2
alias Pleroma.Formatter
alias Pleroma.Web.ActivityPub.ActivityPub
@@ -195,4 +196,17 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
json(conn, "job started")
end
+
+ def delete_account(%{assigns: %{user: user}} = conn, params) do
+ case CommonAPI.Utils.confirm_current_password(user, params) do
+ {:ok, user} ->
+ case User.delete(user) do
+ :ok -> json(conn, %{status: "success"})
+ :error -> json(conn, %{error: "Unable to delete user."})
+ end
+
+ {:error, msg} ->
+ json(conn, %{error: msg})
+ end
+ end
end
diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
index a51cfa036..a99487738 100644
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@@ -364,19 +364,6 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
end
end
- def delete_account(%{assigns: %{user: user}} = conn, params) do
- case CommonAPI.Utils.confirm_current_password(user, params) do
- {:ok, user} ->
- case User.delete(user) do
- :ok -> json(conn, %{status: "success"})
- :error -> error_json(conn, "Unable to delete user.")
- end
-
- {:error, msg} ->
- forbidden_json_reply(conn, msg)
- end
- end
-
def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do
activities = TwitterAPI.search(user, params)
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index a9350d189..170dda145 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -801,11 +801,11 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
assert user.bio == "Hello,
World! I
am a test."
end
- describe "POST /api/account/delete_account" do
+ describe "POST /api/pleroma/delete_account" do
setup [:valid_user]
test "without credentials", %{conn: conn} do
- conn = post(conn, "/api/account/delete_account")
+ conn = post(conn, "/api/pleroma/delete_account")
assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
end
@@ -813,23 +813,16 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
conn =
conn
|> with_credentials(current_user.nickname, "test")
- |> post("/api/account/delete_account", %{
- "password" => ""
- })
+ |> post("/api/pleroma/delete_account", %{"password" => "hi"})
- assert json_response(conn, 403) == %{
- "error" => "Invalid password.",
- "request" => "/api/account/delete_account"
- }
+ assert json_response(conn, 200) == %{"error" => "Invalid password."}
end
test "with credentials and valid password", %{conn: conn, user: current_user} do
conn =
conn
|> with_credentials(current_user.nickname, "test")
- |> post("/api/account/delete_account", %{
- "password" => "test"
- })
+ |> post("/api/pleroma/delete_account", %{"password" => "test"})
assert json_response(conn, 200) == %{"status" => "success"}
fetched_user = Repo.get(User, current_user.id)