mirror of
https://github.com/superseriousbusiness/gotosocial
synced 2025-06-05 21:59:39 +02:00
[feature] Federate local account deletion (#431)
* add account delete to API * model account delete request * add AccountDeleteLocal * federate local account deletes * add DeleteLocal * update transport (controller) to allow shortcuts * delete logic + testing * update swagger docs * more tests + fixes
This commit is contained in:
@@ -71,6 +71,8 @@ const (
|
||||
BlockPath = BasePathWithID + "/block"
|
||||
// UnblockPath is for removing a block of an account
|
||||
UnblockPath = BasePathWithID + "/unblock"
|
||||
// DeleteAccountPath is for deleting one's account via the API
|
||||
DeleteAccountPath = BasePath + "/delete"
|
||||
)
|
||||
|
||||
// Module implements the ClientAPIModule interface for account-related actions
|
||||
@@ -90,6 +92,9 @@ func (m *Module) Route(r router.Router) error {
|
||||
// create account
|
||||
r.AttachHandler(http.MethodPost, BasePath, m.AccountCreatePOSTHandler)
|
||||
|
||||
// delete account
|
||||
r.AttachHandler(http.MethodPost, DeleteAccountPath, m.AccountDeletePOSTHandler)
|
||||
|
||||
// get account
|
||||
r.AttachHandler(http.MethodGet, BasePathWithID, m.muxHandler)
|
||||
|
||||
|
@@ -19,7 +19,6 @@ import (
|
||||
"github.com/superseriousbusiness/gotosocial/internal/media"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/oauth"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/processing"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/typeutils"
|
||||
"github.com/superseriousbusiness/gotosocial/testrig"
|
||||
)
|
||||
|
||||
@@ -27,7 +26,6 @@ type AccountStandardTestSuite struct {
|
||||
// standard suite interfaces
|
||||
suite.Suite
|
||||
db db.DB
|
||||
tc typeutils.TypeConverter
|
||||
storage *kv.KVStore
|
||||
mediaManager media.Manager
|
||||
federator federation.Federator
|
||||
|
90
internal/api/client/account/accountdelete.go
Normal file
90
internal/api/client/account/accountdelete.go
Normal file
@@ -0,0 +1,90 @@
|
||||
/*
|
||||
GoToSocial
|
||||
Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package account
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/sirupsen/logrus"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/api/model"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/oauth"
|
||||
)
|
||||
|
||||
// AccountDeletePOSTHandler swagger:operation POST /api/v1/accounts/delete accountDelete
|
||||
//
|
||||
// Delete your account.
|
||||
//
|
||||
// ---
|
||||
// tags:
|
||||
// - accounts
|
||||
//
|
||||
// consumes:
|
||||
// - multipart/form-data
|
||||
//
|
||||
// parameters:
|
||||
// - name: password
|
||||
// in: formData
|
||||
// description: Password of the account user, for confirmation.
|
||||
// type: string
|
||||
// required: true
|
||||
//
|
||||
// security:
|
||||
// - OAuth2 Bearer:
|
||||
// - write:accounts
|
||||
//
|
||||
// responses:
|
||||
// '202':
|
||||
// description: "The account deletion has been accepted and the account will be deleted."
|
||||
// '400':
|
||||
// description: bad request
|
||||
// '401':
|
||||
// description: unauthorized
|
||||
func (m *Module) AccountDeletePOSTHandler(c *gin.Context) {
|
||||
l := logrus.WithField("func", "AccountDeletePOSTHandler")
|
||||
authed, err := oauth.Authed(c, true, true, true, true)
|
||||
if err != nil {
|
||||
l.Debugf("couldn't auth: %s", err)
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
l.Tracef("retrieved account %+v", authed.Account.ID)
|
||||
|
||||
form := &model.AccountDeleteRequest{}
|
||||
if err := c.ShouldBind(&form); err != nil {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
if form.Password == "" {
|
||||
c.JSON(http.StatusBadRequest, gin.H{"error": "no password provided in account delete request"})
|
||||
return
|
||||
}
|
||||
|
||||
form.DeleteOriginID = authed.Account.ID
|
||||
|
||||
if errWithCode := m.processor.AccountDeleteLocal(c.Request.Context(), authed, form); errWithCode != nil {
|
||||
l.Debugf("could not delete account: %s", errWithCode.Error())
|
||||
c.JSON(errWithCode.Code(), gin.H{"error": errWithCode.Safe()})
|
||||
return
|
||||
}
|
||||
|
||||
c.JSON(http.StatusAccepted, gin.H{"message": "accepted"})
|
||||
}
|
101
internal/api/client/account/accountdelete_test.go
Normal file
101
internal/api/client/account/accountdelete_test.go
Normal file
@@ -0,0 +1,101 @@
|
||||
/*
|
||||
GoToSocial
|
||||
Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package account_test
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
"github.com/superseriousbusiness/gotosocial/internal/api/client/account"
|
||||
"github.com/superseriousbusiness/gotosocial/testrig"
|
||||
)
|
||||
|
||||
type AccountDeleteTestSuite struct {
|
||||
AccountStandardTestSuite
|
||||
}
|
||||
|
||||
func (suite *AccountDeleteTestSuite) TestAccountDeletePOSTHandler() {
|
||||
// set up the request
|
||||
// we're deleting zork
|
||||
requestBody, w, err := testrig.CreateMultipartFormData(
|
||||
"", "",
|
||||
map[string]string{
|
||||
"password": "password",
|
||||
})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
bodyBytes := requestBody.Bytes()
|
||||
recorder := httptest.NewRecorder()
|
||||
ctx := suite.newContext(recorder, http.MethodPost, bodyBytes, account.DeleteAccountPath, w.FormDataContentType())
|
||||
|
||||
// call the handler
|
||||
suite.accountModule.AccountDeletePOSTHandler(ctx)
|
||||
|
||||
// 1. we should have Accepted because our request was valid
|
||||
suite.Equal(http.StatusAccepted, recorder.Code)
|
||||
}
|
||||
|
||||
func (suite *AccountDeleteTestSuite) TestAccountDeletePOSTHandlerWrongPassword() {
|
||||
// set up the request
|
||||
// we're deleting zork
|
||||
requestBody, w, err := testrig.CreateMultipartFormData(
|
||||
"", "",
|
||||
map[string]string{
|
||||
"password": "aaaaaaaaaaaaaaaaaaaaaaaaaaaa",
|
||||
})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
bodyBytes := requestBody.Bytes()
|
||||
recorder := httptest.NewRecorder()
|
||||
ctx := suite.newContext(recorder, http.MethodPost, bodyBytes, account.DeleteAccountPath, w.FormDataContentType())
|
||||
|
||||
// call the handler
|
||||
suite.accountModule.AccountDeletePOSTHandler(ctx)
|
||||
|
||||
// 1. we should have Forbidden because we supplied the wrong password
|
||||
suite.Equal(http.StatusForbidden, recorder.Code)
|
||||
}
|
||||
|
||||
func (suite *AccountDeleteTestSuite) TestAccountDeletePOSTHandlerNoPassword() {
|
||||
// set up the request
|
||||
// we're deleting zork
|
||||
requestBody, w, err := testrig.CreateMultipartFormData(
|
||||
"", "",
|
||||
map[string]string{})
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
bodyBytes := requestBody.Bytes()
|
||||
recorder := httptest.NewRecorder()
|
||||
ctx := suite.newContext(recorder, http.MethodPost, bodyBytes, account.DeleteAccountPath, w.FormDataContentType())
|
||||
|
||||
// call the handler
|
||||
suite.accountModule.AccountDeletePOSTHandler(ctx)
|
||||
|
||||
// 1. we should have StatusBadRequest because our request was invalid
|
||||
suite.Equal(http.StatusBadRequest, recorder.Code)
|
||||
}
|
||||
|
||||
func TestAccountDeleteTestSuite(t *testing.T) {
|
||||
suite.Run(t, new(AccountDeleteTestSuite))
|
||||
}
|
Reference in New Issue
Block a user