From 5bfb7b4ce6c23f84c27643e9871b78b867f86b7e Mon Sep 17 00:00:00 2001 From: Syldexia Date: Sun, 13 May 2018 14:24:15 +0100 Subject: [PATCH] Moved account deletion stuff to somewhere that hopefully makes more sense --- lib/pleroma/web/common_api/utils.ex | 16 +++++----------- lib/pleroma/web/router.ex | 3 +-- .../twitter_api/controllers/util_controller.ex | 14 ++++++++++++++ .../web/twitter_api/twitter_api_controller.ex | 13 ------------- .../twitter_api/twitter_api_controller_test.exs | 17 +++++------------ 5 files changed, 25 insertions(+), 38 deletions(-) diff --git a/lib/pleroma/web/common_api/utils.ex b/lib/pleroma/web/common_api/utils.ex index 5c2123f2d..d9f80ee0f 100644 --- a/lib/pleroma/web/common_api/utils.ex +++ b/lib/pleroma/web/common_api/utils.ex @@ -188,17 +188,11 @@ defp shortname(name) do end def confirm_current_password(user, params) do - case user do - nil -> - {:error, "Invalid credentials."} - - _ -> - with %User{local: true} = db_user <- Repo.get(User, user.id), - true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do - {:ok, db_user} - else - _ -> {:error, "Invalid password."} - end + with %User{local: true} = db_user <- Repo.get(User, user.id), + true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do + {:ok, db_user} + else + _ -> {:error, "Invalid password."} end end end diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 829d9fc7b..2b5209b75 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -73,6 +73,7 @@ def user_fetcher(username) do scope "/api/pleroma", Pleroma.Web.TwitterAPI do pipe_through(:authenticated_api) post("/follow_import", UtilController, :follow_import) + post("/delete_account", UtilController, :delete_account) end scope "/oauth", Pleroma.Web.OAuth do @@ -211,8 +212,6 @@ def user_fetcher(username) do post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner) post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background) - post("/account/delete_account", TwitterAPI.Controller, :delete_account) - post( "/account/most_recent_notification", TwitterAPI.Controller, diff --git a/lib/pleroma/web/twitter_api/controllers/util_controller.ex b/lib/pleroma/web/twitter_api/controllers/util_controller.ex index ea540b34c..3f3ddb9e4 100644 --- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex +++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex @@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do alias Pleroma.Web alias Pleroma.Web.OStatus alias Pleroma.Web.WebFinger + alias Pleroma.Web.CommonAPI alias Comeonin.Pbkdf2 alias Pleroma.Formatter alias Pleroma.Web.ActivityPub.ActivityPub @@ -195,4 +196,17 @@ def follow_import(%{assigns: %{user: user}} = conn, %{"list" => list}) do json(conn, "job started") end + + def delete_account(%{assigns: %{user: user}} = conn, params) do + case CommonAPI.Utils.confirm_current_password(user, params) do + {:ok, user} -> + case User.delete(user) do + :ok -> json(conn, %{status: "success"}) + :error -> json(conn, %{error: "Unable to delete user."}) + end + + {:error, msg} -> + json(conn, %{error: msg}) + end + end end diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex index a51cfa036..a99487738 100644 --- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex +++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex @@ -364,19 +364,6 @@ def update_profile(%{assigns: %{user: user}} = conn, params) do end end - def delete_account(%{assigns: %{user: user}} = conn, params) do - case CommonAPI.Utils.confirm_current_password(user, params) do - {:ok, user} -> - case User.delete(user) do - :ok -> json(conn, %{status: "success"}) - :error -> error_json(conn, "Unable to delete user.") - end - - {:error, msg} -> - forbidden_json_reply(conn, msg) - end - end - def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do activities = TwitterAPI.search(user, params) diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index a9350d189..170dda145 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -801,11 +801,11 @@ test "Convert newlines to
in bio", %{conn: conn} do assert user.bio == "Hello,
World! I
am a test." end - describe "POST /api/account/delete_account" do + describe "POST /api/pleroma/delete_account" do setup [:valid_user] test "without credentials", %{conn: conn} do - conn = post(conn, "/api/account/delete_account") + conn = post(conn, "/api/pleroma/delete_account") assert json_response(conn, 403) == %{"error" => "Invalid credentials."} end @@ -813,23 +813,16 @@ test "with credentials and invalid password", %{conn: conn, user: current_user} conn = conn |> with_credentials(current_user.nickname, "test") - |> post("/api/account/delete_account", %{ - "password" => "" - }) + |> post("/api/pleroma/delete_account", %{"password" => "hi"}) - assert json_response(conn, 403) == %{ - "error" => "Invalid password.", - "request" => "/api/account/delete_account" - } + assert json_response(conn, 200) == %{"error" => "Invalid password."} end test "with credentials and valid password", %{conn: conn, user: current_user} do conn = conn |> with_credentials(current_user.nickname, "test") - |> post("/api/account/delete_account", %{ - "password" => "test" - }) + |> post("/api/pleroma/delete_account", %{"password" => "test"}) assert json_response(conn, 200) == %{"status" => "success"} fetched_user = Repo.get(User, current_user.id)