From: lain Date: Wed, 15 Dec 2021 21:26:45 +0000 (+0000) Subject: Merge branch 'delete-account-fix' into 'develop' X-Git-Url: http://git.squeep.com/?a=commitdiff_plain;h=6eb7d69e60a96e577de92de232ed48e509f23cd4;hp=-c;p=akkoma Merge branch 'delete-account-fix' into 'develop' TwitterAPI: allow deleting one's own account with request body Closes #2799 and #2746 See merge request pleroma/pleroma!3564 --- 6eb7d69e60a96e577de92de232ed48e509f23cd4 diff --combined lib/pleroma/web/api_spec/operations/twitter_util_operation.ex index ebcfd3be2,be45720b1..5a2b0bc49 --- a/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex +++ b/lib/pleroma/web/api_spec/operations/twitter_util_operation.ex @@@ -121,10 -121,7 +121,10 @@@ defmodule Pleroma.Web.ApiSpec.TwitterUt type: :object, required: [:email, :password], properties: %{ - email: %Schema{type: :string, description: "New email"}, + email: %Schema{ + type: :string, + description: "New email. Set to blank to remove the user's email." + }, password: %Schema{type: :string, description: "Current password"} } } @@@ -191,6 -188,7 +191,7 @@@ parameters: [ Operation.parameter(:password, :query, :string, "Password") ], + requestBody: request_body("Parameters", delete_account_request(), required: false), responses: %{ 200 => Operation.response("Success", "application/json", %Schema{ @@@ -237,4 -235,22 +238,22 @@@ responses: %{200 => Operation.response("Web Page", "test/html", %Schema{type: :string})} } end + + defp delete_account_request do + %Schema{ + title: "AccountDeleteRequest", + description: "POST body for deleting one's own account", + type: :object, + properties: %{ + password: %Schema{ + type: :string, + description: "The user's own password for confirmation.", + format: :password + } + }, + example: %{ + "password" => "prettyp0ony1313" + } + } + end end diff --combined test/pleroma/web/twitter_api/util_controller_test.exs index 3380aec22,e944228cc..ee658ddf6 --- a/test/pleroma/web/twitter_api/util_controller_test.exs +++ b/test/pleroma/web/twitter_api/util_controller_test.exs @@@ -26,7 -26,11 +26,7 @@@ defmodule Pleroma.Web.TwitterAPI.UtilCo test "it updates notification settings", %{user: user, conn: conn} do conn |> put( - "/api/pleroma/notification_settings?#{ - URI.encode_query(%{ - block_from_strangers: true - }) - }" + "/api/pleroma/notification_settings?#{URI.encode_query(%{block_from_strangers: true})}" ) |> json_response_and_validate_schema(:ok) @@@ -41,7 -45,11 +41,7 @@@ test "it updates notification settings to enable hiding contents", %{user: user, conn: conn} do conn |> put( - "/api/pleroma/notification_settings?#{ - URI.encode_query(%{ - hide_notification_contents: 1 - }) - }" + "/api/pleroma/notification_settings?#{URI.encode_query(%{hide_notification_contents: 1})}" ) |> json_response_and_validate_schema(:ok) @@@ -294,22 -302,9 +294,22 @@@ assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400) end - test "with proper permissions, valid password and blank email", %{ - conn: conn - } do + test "with proper permissions, valid password and blank email, when instance requires user email", + %{ + conn: conn + } do + orig_account_activation_required = + Pleroma.Config.get([:instance, :account_activation_required]) + + Pleroma.Config.put([:instance, :account_activation_required], true) + + on_exit(fn -> + Pleroma.Config.put( + [:instance, :account_activation_required], + orig_account_activation_required + ) + end) + conn = conn |> put_req_header("content-type", "multipart/form-data") @@@ -318,30 -313,6 +318,30 @@@ assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."} end + test "with proper permissions, valid password and blank email, when instance does not require user email", + %{ + conn: conn + } do + orig_account_activation_required = + Pleroma.Config.get([:instance, :account_activation_required]) + + Pleroma.Config.put([:instance, :account_activation_required], false) + + on_exit(fn -> + Pleroma.Config.put( + [:instance, :account_activation_required], + orig_account_activation_required + ) + end) + + conn = + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_email", %{password: "test", email: ""}) + + assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"} + end + test "with proper permissions, valid password and non unique email", %{ conn: conn } do @@@ -473,7 -444,10 +473,10 @@@ test "with proper permissions and wrong or missing password", %{conn: conn} do for params <- [%{"password" => "hi"}, %{}] do - ret_conn = post(conn, "/api/pleroma/delete_account", params) + ret_conn = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/delete_account", params) assert json_response_and_validate_schema(ret_conn, 200) == %{ "error" => "Invalid password." @@@ -481,8 -455,28 +484,28 @@@ end end - test "with proper permissions and valid password", %{conn: conn, user: user} do - conn = post(conn, "/api/pleroma/delete_account?password=test") + test "with proper permissions and valid password (URL query)", %{conn: conn, user: user} do + conn = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/delete_account?password=test") + + ObanHelpers.perform_all() + assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"} + + user = User.get_by_id(user.id) + refute user.is_active + assert user.name == nil + assert user.bio == "" + assert user.password_hash == nil + end + + test "with proper permissions and valid password (JSON body)", %{conn: conn, user: user} do + conn = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/pleroma/delete_account", %{password: "test"}) + ObanHelpers.perform_all() assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}