Merge branch 'feature/account-deletion' into 'develop'

Feature/account deletion Closes #115 See merge request pleroma/pleroma!157
2018-05-20 10:57:19 +00:00 · 2018-05-20 10:57:19 +00:00 · 8b0c222b43
commit 8b0c222b43
parent 40af452594 d1366f8d46
5 changed files with 66 additions and 0 deletions
--- a/lib/pleroma/web/common_api/utils.ex
+++ b/lib/pleroma/web/common_api/utils.ex
@ -1,7 +1,9 @@
 defmodule Pleroma.Web.CommonAPI.Utils do
  alias Pleroma.{Repo, Object, Formatter, Activity}
  alias Pleroma.Web.ActivityPub.Utils
+  alias Pleroma.User
  alias Calendar.Strftime
+  alias Comeonin.Pbkdf2

  # This is a hack for twidere.
  def get_by_id_or_ap_id(id) do
@ -184,4 +186,13 @@ defmodule Pleroma.Web.CommonAPI.Utils do
      String.slice(name, 0..30) <> "…"
    end
  end
+
+  def confirm_current_password(user, params) do
+    with %User{local: true} = db_user <- Repo.get(User, user.id),
+         true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
+      {:ok, db_user}
+    else
+      _ -> {:error, "Invalid password."}
+    end
+  end
 end
--- a/lib/pleroma/web/router.ex
+++ b/lib/pleroma/web/router.ex
@ -73,6 +73,7 @@ defmodule Pleroma.Web.Router do
  scope "/api/pleroma", Pleroma.Web.TwitterAPI do
    pipe_through(:authenticated_api)
    post("/follow_import", UtilController, :follow_import)
+    post("/delete_account", UtilController, :delete_account)
  end

  scope "/oauth", Pleroma.Web.OAuth do
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -4,6 +4,7 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
  alias Pleroma.Web
  alias Pleroma.Web.OStatus
  alias Pleroma.Web.WebFinger
+  alias Pleroma.Web.CommonAPI
  alias Comeonin.Pbkdf2
  alias Pleroma.Formatter
  alias Pleroma.Web.ActivityPub.ActivityPub
@ -195,4 +196,15 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do

    json(conn, "job started")
  end
+
+  def delete_account(%{assigns: %{user: user}} = conn, params) do
+    case CommonAPI.Utils.confirm_current_password(user, params) do
+      {:ok, user} ->
+        Task.start(fn -> User.delete(user) end)
+        json(conn, %{status: "success"})
+
+      {:error, msg} ->
+        json(conn, %{error: msg})
+    end
+  end
 end