Moved account deletion stuff to somewhere that hopefully makes more sense
This commit is contained in:
parent
a16117225f
commit
5bfb7b4ce6
5 changed files with 25 additions and 38 deletions
|
@ -188,17 +188,11 @@ defmodule Pleroma.Web.CommonAPI.Utils do
|
||||||
end
|
end
|
||||||
|
|
||||||
def confirm_current_password(user, params) do
|
def confirm_current_password(user, params) do
|
||||||
case user do
|
with %User{local: true} = db_user <- Repo.get(User, user.id),
|
||||||
nil ->
|
true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
|
||||||
{:error, "Invalid credentials."}
|
{:ok, db_user}
|
||||||
|
else
|
||||||
_ ->
|
_ -> {:error, "Invalid password."}
|
||||||
with %User{local: true} = db_user <- Repo.get(User, user.id),
|
|
||||||
true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
|
|
||||||
{:ok, db_user}
|
|
||||||
else
|
|
||||||
_ -> {:error, "Invalid password."}
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -73,6 +73,7 @@ defmodule Pleroma.Web.Router do
|
||||||
scope "/api/pleroma", Pleroma.Web.TwitterAPI do
|
scope "/api/pleroma", Pleroma.Web.TwitterAPI do
|
||||||
pipe_through(:authenticated_api)
|
pipe_through(:authenticated_api)
|
||||||
post("/follow_import", UtilController, :follow_import)
|
post("/follow_import", UtilController, :follow_import)
|
||||||
|
post("/delete_account", UtilController, :delete_account)
|
||||||
end
|
end
|
||||||
|
|
||||||
scope "/oauth", Pleroma.Web.OAuth do
|
scope "/oauth", Pleroma.Web.OAuth do
|
||||||
|
@ -211,8 +212,6 @@ defmodule Pleroma.Web.Router do
|
||||||
post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner)
|
post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner)
|
||||||
post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background)
|
post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background)
|
||||||
|
|
||||||
post("/account/delete_account", TwitterAPI.Controller, :delete_account)
|
|
||||||
|
|
||||||
post(
|
post(
|
||||||
"/account/most_recent_notification",
|
"/account/most_recent_notification",
|
||||||
TwitterAPI.Controller,
|
TwitterAPI.Controller,
|
||||||
|
|
|
@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
|
||||||
alias Pleroma.Web
|
alias Pleroma.Web
|
||||||
alias Pleroma.Web.OStatus
|
alias Pleroma.Web.OStatus
|
||||||
alias Pleroma.Web.WebFinger
|
alias Pleroma.Web.WebFinger
|
||||||
|
alias Pleroma.Web.CommonAPI
|
||||||
alias Comeonin.Pbkdf2
|
alias Comeonin.Pbkdf2
|
||||||
alias Pleroma.Formatter
|
alias Pleroma.Formatter
|
||||||
alias Pleroma.Web.ActivityPub.ActivityPub
|
alias Pleroma.Web.ActivityPub.ActivityPub
|
||||||
|
@ -195,4 +196,17 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
|
||||||
|
|
||||||
json(conn, "job started")
|
json(conn, "job started")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def delete_account(%{assigns: %{user: user}} = conn, params) do
|
||||||
|
case CommonAPI.Utils.confirm_current_password(user, params) do
|
||||||
|
{:ok, user} ->
|
||||||
|
case User.delete(user) do
|
||||||
|
:ok -> json(conn, %{status: "success"})
|
||||||
|
:error -> json(conn, %{error: "Unable to delete user."})
|
||||||
|
end
|
||||||
|
|
||||||
|
{:error, msg} ->
|
||||||
|
json(conn, %{error: msg})
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -364,19 +364,6 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def delete_account(%{assigns: %{user: user}} = conn, params) do
|
|
||||||
case CommonAPI.Utils.confirm_current_password(user, params) do
|
|
||||||
{:ok, user} ->
|
|
||||||
case User.delete(user) do
|
|
||||||
:ok -> json(conn, %{status: "success"})
|
|
||||||
:error -> error_json(conn, "Unable to delete user.")
|
|
||||||
end
|
|
||||||
|
|
||||||
{:error, msg} ->
|
|
||||||
forbidden_json_reply(conn, msg)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do
|
def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do
|
||||||
activities = TwitterAPI.search(user, params)
|
activities = TwitterAPI.search(user, params)
|
||||||
|
|
||||||
|
|
|
@ -801,11 +801,11 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|
||||||
assert user.bio == "Hello,<br>World! I<br> am a test."
|
assert user.bio == "Hello,<br>World! I<br> am a test."
|
||||||
end
|
end
|
||||||
|
|
||||||
describe "POST /api/account/delete_account" do
|
describe "POST /api/pleroma/delete_account" do
|
||||||
setup [:valid_user]
|
setup [:valid_user]
|
||||||
|
|
||||||
test "without credentials", %{conn: conn} do
|
test "without credentials", %{conn: conn} do
|
||||||
conn = post(conn, "/api/account/delete_account")
|
conn = post(conn, "/api/pleroma/delete_account")
|
||||||
assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
|
assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -813,23 +813,16 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
|
||||||
conn =
|
conn =
|
||||||
conn
|
conn
|
||||||
|> with_credentials(current_user.nickname, "test")
|
|> with_credentials(current_user.nickname, "test")
|
||||||
|> post("/api/account/delete_account", %{
|
|> post("/api/pleroma/delete_account", %{"password" => "hi"})
|
||||||
"password" => ""
|
|
||||||
})
|
|
||||||
|
|
||||||
assert json_response(conn, 403) == %{
|
assert json_response(conn, 200) == %{"error" => "Invalid password."}
|
||||||
"error" => "Invalid password.",
|
|
||||||
"request" => "/api/account/delete_account"
|
|
||||||
}
|
|
||||||
end
|
end
|
||||||
|
|
||||||
test "with credentials and valid password", %{conn: conn, user: current_user} do
|
test "with credentials and valid password", %{conn: conn, user: current_user} do
|
||||||
conn =
|
conn =
|
||||||
conn
|
conn
|
||||||
|> with_credentials(current_user.nickname, "test")
|
|> with_credentials(current_user.nickname, "test")
|
||||||
|> post("/api/account/delete_account", %{
|
|> post("/api/pleroma/delete_account", %{"password" => "test"})
|
||||||
"password" => "test"
|
|
||||||
})
|
|
||||||
|
|
||||||
assert json_response(conn, 200) == %{"status" => "success"}
|
assert json_response(conn, 200) == %{"status" => "success"}
|
||||||
fetched_user = Repo.get(User, current_user.id)
|
fetched_user = Repo.get(User, current_user.id)
|
||||||
|
|
Loading…
Reference in a new issue