Merge remote-tracking branch 'upstream/develop' into develop

This commit is contained in:
FloatingGhost 2021-12-16 16:10:08 +00:00
commit 0c0ea169d4
3 changed files with 49 additions and 5 deletions

View file

@ -191,6 +191,7 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
parameters: [
Operation.parameter(:password, :query, :string, "Password")
],
requestBody: request_body("Parameters", delete_account_request(), required: false),
responses: %{
200 =>
Operation.response("Success", "application/json", %Schema{
@ -237,4 +238,22 @@ defmodule Pleroma.Web.ApiSpec.TwitterUtilOperation do
responses: %{200 => Operation.response("Web Page", "test/html", %Schema{type: :string})}
}
end
defp delete_account_request do
%Schema{
title: "AccountDeleteRequest",
description: "POST body for deleting one's own account",
type: :object,
properties: %{
password: %Schema{
type: :string,
description: "The user's own password for confirmation.",
format: :password
}
},
example: %{
"password" => "prettyp0ony1313"
}
}
end
end

View file

@ -123,8 +123,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
end
end
def delete_account(%{assigns: %{user: user}} = conn, params) do
password = params[:password] || ""
def delete_account(%{assigns: %{user: user}, body_params: body_params} = conn, params) do
# This endpoint can accept a query param or JSON body for backwards-compatibility.
# Submitting a JSON body is recommended, so passwords don't end up in server logs.
password = body_params[:password] || params[:password] || ""
case CommonAPI.Utils.confirm_current_password(user, password) do
{:ok, user} ->

View file

@ -473,7 +473,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
test "with proper permissions and wrong or missing password", %{conn: conn} do
for params <- [%{"password" => "hi"}, %{}] do
ret_conn = post(conn, "/api/pleroma/delete_account", params)
ret_conn =
conn
|> put_req_header("content-type", "application/json")
|> post("/api/pleroma/delete_account", params)
assert json_response_and_validate_schema(ret_conn, 200) == %{
"error" => "Invalid password."
@ -481,8 +484,28 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do
end
end
test "with proper permissions and valid password", %{conn: conn, user: user} do
conn = post(conn, "/api/pleroma/delete_account?password=test")
test "with proper permissions and valid password (URL query)", %{conn: conn, user: user} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> post("/api/pleroma/delete_account?password=test")
ObanHelpers.perform_all()
assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}
user = User.get_by_id(user.id)
refute user.is_active
assert user.name == nil
assert user.bio == ""
assert user.password_hash == nil
end
test "with proper permissions and valid password (JSON body)", %{conn: conn, user: user} do
conn =
conn
|> put_req_header("content-type", "application/json")
|> post("/api/pleroma/delete_account", %{password: "test"})
ObanHelpers.perform_all()
assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"}