Added endpoint for user account deletion

lib/pleroma/web/common_api/utils.ex

@@ -1,7 +1,9 @@
 defmodule Pleroma.Web.CommonAPI.Utils do
   alias Pleroma.{Repo, Object, Formatter, Activity}
   alias Pleroma.Web.ActivityPub.Utils
+  alias Pleroma.User
   alias Calendar.Strftime
+  alias Comeonin.Pbkdf2
 
   # This is a hack for twidere.
   def get_by_id_or_ap_id(id) do
@@ -184,4 +186,19 @@ defmodule Pleroma.Web.CommonAPI.Utils do
       String.slice(name, 0..30) <> "…"
     end
   end
+
+  def confirm_current_password(user, params) do
+    case user do
+      nil ->
+        {:error, "Invalid credentials."}
+
+      _ ->
+        with %User{local: true} = db_user <- Repo.get(User, user.id),
+             true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
+          {:ok, db_user}
+        else
+          _ -> {:error, "Invalid password."}
+        end
+    end
+  end
 end

lib/pleroma/web/router.ex

@@ -211,6 +211,8 @@ defmodule Pleroma.Web.Router do
     post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner)
     post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background)
 
+    post("/account/delete_account", TwitterAPI.Controller, :delete_account)
+
     post(
       "/account/most_recent_notification",
       TwitterAPI.Controller,

lib/pleroma/web/twitter_api/twitter_api_controller.ex

@@ -364,6 +364,19 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
     end
   end
 
+  def delete_account(%{assigns: %{user: user}} = conn, params) do
+    case CommonAPI.Utils.confirm_current_password(user, params) do
+      {:ok, user} ->
+        case User.delete(user) do
+          :ok -> json(conn, %{status: "success"})
+          :error -> error_json(conn, "Unable to delete user.")
+        end
+
+      {:error, msg} ->
+        forbidden_json_reply(conn, msg)
+    end
+  end
+
   def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do
     activities = TwitterAPI.search(user, params)