Deactivate local users on deletion instead of deleting the record

Prevents the possibility of re-registration, which allowed to read DMs of the deleted account. Also includes a migration that tries to find any already deleted accounts and insert skeletons for them. Closes pleroma/pleroma#1687
2020-04-29 14:26:31 +03:00 · 2020-04-29 14:26:31 +03:00 · e55876409b
commit e55876409b
parent e186d9941d
6 changed files with 63 additions and 17 deletions
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -1445,8 +1445,15 @@ defmodule Pleroma.User do
    end)

    delete_user_activities(user)
-    invalidate_cache(user)
-    Repo.delete(user)
+
+    if user.local do
+      user
+      |> change(%{deactivated: true, email: nil})
+      |> update_and_set_cache()
+    else
+      invalidate_cache(user)
+      Repo.delete(user)
+    end
  end

  def perform(:deactivate_async, user, status), do: deactivate(user, status)
--- a/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
+++ b/lib/pleroma/web/pleroma_api/controllers/pleroma_api_controller.ex
@ -61,7 +61,10 @@ defmodule Pleroma.Web.PleromaAPI.PleromaAPIController do
          else
            users =
              Enum.map(user_ap_ids, &User.get_cached_by_ap_id/1)
-              |> Enum.filter(& &1)
+              |> Enum.filter(fn
+                %{deactivated: false} -> true
+                _ -> false
+              end)

            %{
              name: emoji,