defmodule Pleroma.Web.CommonAPI.Utils do
alias Pleroma.{Repo, Object, Formatter, Activity}
alias Pleroma.Web.ActivityPub.Utils
+ alias Pleroma.User
alias Calendar.Strftime
+ alias Comeonin.Pbkdf2
# This is a hack for twidere.
def get_by_id_or_ap_id(id) do
String.slice(name, 0..30) <> "…"
end
end
+
+ def confirm_current_password(user, params) do
+ case user do
+ nil ->
+ {:error, "Invalid credentials."}
+
+ _ ->
+ with %User{local: true} = db_user <- Repo.get(User, user.id),
+ true <- Pbkdf2.checkpw(params["password"], db_user.password_hash) do
+ {:ok, db_user}
+ else
+ _ -> {:error, "Invalid password."}
+ end
+ end
+ end
end
post("/account/update_profile_banner", TwitterAPI.Controller, :update_banner)
post("/qvitter/update_background_image", TwitterAPI.Controller, :update_background)
+ post("/account/delete_account", TwitterAPI.Controller, :delete_account)
+
post(
"/account/most_recent_notification",
TwitterAPI.Controller,
end
end
+ def delete_account(%{assigns: %{user: user}} = conn, params) do
+ case CommonAPI.Utils.confirm_current_password(user, params) do
+ {:ok, user} ->
+ case User.delete(user) do
+ :ok -> json(conn, %{status: "success"})
+ :error -> error_json(conn, "Unable to delete user.")
+ end
+
+ {:error, msg} ->
+ forbidden_json_reply(conn, msg)
+ end
+ end
+
def search(%{assigns: %{user: user}} = conn, %{"q" => _query} = params) do
activities = TwitterAPI.search(user, params)
defmodule Pleroma.Web.CommonAPI.UtilsTest do
alias Pleroma.Web.CommonAPI.Utils
+ alias Pleroma.Builders.{UserBuilder}
use Pleroma.DataCase
test "it adds attachment links to a given text and attachment set" do
assert res ==
"<br><a href=\"#{name}\" class='attachment'>Sakura Mana – Turned on by a Se…</a>"
end
+
+ describe "it confirms the password given is the current users password" do
+ test "with no credentials" do
+ assert Utils.confirm_current_password(nil, %{"password" => "test"}) ==
+ {:error, "Invalid credentials."}
+ end
+
+ test "with incorrect password given" do
+ {:ok, user} = UserBuilder.insert()
+
+ assert Utils.confirm_current_password(user, %{"password" => ""}) ==
+ {:error, "Invalid password."}
+ end
+
+ test "with correct password given" do
+ {:ok, user} = UserBuilder.insert()
+ assert Utils.confirm_current_password(user, %{"password" => "test"}) == {:ok, user}
+ end
+ end
end
user = Repo.get!(User, user.id)
assert user.bio == "Hello,<br>World! I<br> am a test."
end
+
+ describe "POST /api/account/delete_account" do
+ setup [:valid_user]
+
+ test "without credentials", %{conn: conn} do
+ conn = post(conn, "/api/account/delete_account")
+ assert json_response(conn, 403) == %{"error" => "Invalid credentials."}
+ end
+
+ test "with credentials and invalid password", %{conn: conn, user: current_user} do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/account/delete_account", %{
+ "password" => ""
+ })
+
+ assert json_response(conn, 403) == %{
+ "error" => "Invalid password.",
+ "request" => "/api/account/delete_account"
+ }
+ end
+
+ test "with credentials and valid password", %{conn: conn, user: current_user} do
+ conn =
+ conn
+ |> with_credentials(current_user.nickname, "test")
+ |> post("/api/account/delete_account", %{
+ "password" => "test"
+ })
+
+ assert json_response(conn, 200) == %{"status" => "success"}
+ fetched_user = Repo.get(User, current_user.id)
+ assert fetched_user.info == %{"deactivated" => true}
+ end
+ end
end
projects / akkoma / commitdiff