[chore] Refactor account deleting/block logic, tidy up some other processing things (#1599)

* start refactoring account deletion * update to use state.DB * further messing about * some more tidying up * more tidying, cleaning, nice-making * further adventures in refactoring and the woes of technical debt * update fr accept/reject * poking + prodding * fix up deleting * create fave uri * don't log using requestingAccount.ID because it might be nil * move getBookmarks function * use exists query to check for status bookmark * use deletenotifications func * fiddle * delete follow request notif * split up some db functions * Fix possible nil pointer panic * fix more possible nil pointers * fix license headers * warn when follow missing (target) account * return wrapped err when bookmark/fave models can't be retrieved * simplify self account delete * warn log likely race condition * de-sillify status delete loop * move error check due north * warn when unfollowSideEffects has no target account * warn when no boost account is found * warn + dump follow when no account * more warnings * warn on fave account not set * move for loop inside anonymous function * fix funky logic * don't remove mutual account items on block; do make sure unfollow occurs in both directions!
2025-06-05 21:59:39 +02:00 · 2023-03-20 19:10:08 +01:00
parent 276d773438
commit e8595f0c64
53 changed files with 2472 additions and 1321 deletions
--- a/internal/api/activitypub/users/userget_test.go
+++ b/internal/api/activitypub/users/userget_test.go
@@ -30,7 +30,6 @@ import (
 	"github.com/superseriousbusiness/activity/streams"
 	"github.com/superseriousbusiness/activity/streams/vocab"
 	"github.com/superseriousbusiness/gotosocial/internal/api/activitypub/users"
-	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/testrig"
 )

@@ -98,10 +97,7 @@ func (suite *UserGetTestSuite) TestGetUserPublicKeyDeleted() {
 	userModule := users.New(suite.processor)
 	targetAccount := suite.testAccounts["local_account_1"]

-	suite.processor.Account().DeleteLocal(context.Background(), suite.testAccounts["local_account_1"], &apimodel.AccountDeleteRequest{
-		Password:       "password",
-		DeleteOriginID: targetAccount.ID,
-	})
+	suite.processor.Account().DeleteSelf(context.Background(), suite.testAccounts["local_account_1"])

 	// wait for the account delete to be processed
 	if !testrig.WaitFor(func() bool {
--- a/internal/api/client/accounts/accountdelete.go
+++ b/internal/api/client/accounts/accountdelete.go
@@ -26,6 +26,7 @@ import (
 	apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util"
 	"github.com/superseriousbusiness/gotosocial/internal/gtserror"
 	"github.com/superseriousbusiness/gotosocial/internal/oauth"
+	"golang.org/x/crypto/bcrypt"
 )

 // AccountDeletePOSTHandler swagger:operation POST /api/v1/accounts/delete accountDelete
@@ -77,15 +78,20 @@ func (m *Module) AccountDeletePOSTHandler(c *gin.Context) {
 		return
 	}

+	// Self account delete requires password to ensure it's for real.
 	if form.Password == "" {
 		err = errors.New("no password provided in account delete request")
 		apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
 		return
 	}

-	form.DeleteOriginID = authed.Account.ID
+	if err := bcrypt.CompareHashAndPassword([]byte(authed.User.EncryptedPassword), []byte(form.Password)); err != nil {
+		err = errors.New("invalid password provided in account delete request")
+		apiutil.ErrorHandler(c, gtserror.NewErrorForbidden(err, err.Error()), m.processor.InstanceGetV1)
+		return
+	}

-	if errWithCode := m.processor.Account().DeleteLocal(c.Request.Context(), authed.Account, form); errWithCode != nil {
+	if errWithCode := m.processor.Account().DeleteSelf(c.Request.Context(), authed.Account); errWithCode != nil {
 		apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
 		return
 	}
--- a/internal/api/client/bookmarks/bookmarks_test.go
+++ b/internal/api/client/bookmarks/bookmarks_test.go
@@ -275,7 +275,7 @@ func (suite *BookmarkTestSuite) TestGetBookmarksNone() {
 	testUser := suite.testUsers["local_account_1"]

 	// Remove all bookmarks for this account.
-	if err := suite.db.DeleteWhere(context.Background(), []db.Where{{Key: "account_id", Value: testAccount.ID}}, &[]*gtsmodel.StatusBookmark{}); err != nil {
+	if err := suite.db.DeleteStatusBookmarks(context.Background(), "", testAccount.ID); err != nil {
 		suite.FailNow(err.Error())
 	}

--- a/internal/api/client/statuses/statusfave_test.go
+++ b/internal/api/client/statuses/statusfave_test.go
@@ -123,7 +123,7 @@ func (suite *StatusFaveTestSuite) TestPostUnfaveable() {
 	defer result.Body.Close()
 	b, err := ioutil.ReadAll(result.Body)
 	assert.NoError(suite.T(), err)
-	assert.Equal(suite.T(), `{"error":"Forbidden"}`, string(b))
+	assert.Equal(suite.T(), `{"error":"Forbidden: status is not faveable"}`, string(b))
 }

 func TestStatusFaveTestSuite(t *testing.T) {
--- a/internal/api/model/account.go
+++ b/internal/api/model/account.go
@@ -206,9 +206,6 @@ type AccountFollowRequest struct {
 type AccountDeleteRequest struct {
 	// Password of the account's user, for confirmation.
 	Password string `form:"password" json:"password" xml:"password"`
-	// The origin of the delete account request.
-	// Can be the ID of the account owner, or the ID of an admin account.
-	DeleteOriginID string `form:"-" json:"-" xml:"-"`
 }

 // AccountRole models the role of an account.