Commit 566749f7 authored by lain's avatar lain
Browse files

Merge branch 'purge-user' into 'develop'

Purge a local user upon deletion, fixes #2062

Closes #2062

See merge request !2898
parents 42ce7a4b a0f5eb1a
Pipeline #29899 failed with stages
in 23 minutes and 19 seconds
......@@ -1583,6 +1583,49 @@ def update_notification_settings(%User{} = user, settings) do
|> update_and_set_cache()
end
@spec purge_user_changeset(User.t()) :: Changeset.t()
def purge_user_changeset(user) do
# "Right to be forgotten"
# https://gdpr.eu/right-to-be-forgotten/
change(user, %{
bio: nil,
raw_bio: nil,
email: nil,
name: nil,
password_hash: nil,
keys: nil,
public_key: nil,
avatar: %{},
tags: [],
last_refreshed_at: nil,
last_digest_emailed_at: nil,
banner: %{},
background: %{},
note_count: 0,
follower_count: 0,
following_count: 0,
locked: false,
confirmation_pending: false,
password_reset_pending: false,
approval_pending: false,
registration_reason: nil,
confirmation_token: nil,
domain_blocks: [],
deactivated: true,
ap_enabled: false,
is_moderator: false,
is_admin: false,
mastofe_settings: nil,
mascot: nil,
emoji: %{},
pleroma_settings_store: %{},
fields: [],
raw_fields: [],
discoverable: false,
also_known_as: []
})
end
def delete(users) when is_list(users) do
for user <- users, do: delete(user)
end
......@@ -1610,7 +1653,7 @@ defp delete_or_deactivate(%User{local: true} = user) do
_ ->
user
|> change(%{deactivated: true, email: nil})
|> purge_user_changeset()
|> update_and_set_cache()
end
end
......
......@@ -1417,7 +1417,6 @@ test "deactivates user when activation is not required", %{user: user} do
test "delete/1 when approval is pending deletes the user" do
user = insert(:user, approval_pending: true)
{:ok, user: user}
{:ok, job} = User.delete(user)
{:ok, _} = ObanHelpers.perform(job)
......@@ -1426,6 +1425,85 @@ test "delete/1 when approval is pending deletes the user" do
refute User.get_by_id(user.id)
end
test "delete/1 purges a user when they wouldn't be fully deleted" do
user =
insert(:user, %{
bio: "eyy lmao",
name: "qqqqqqq",
password_hash: "pdfk2$1b3n159001",
keys: "RSA begin buplic key",
public_key: "--PRIVATE KEYE--",
avatar: %{"a" => "b"},
tags: ["qqqqq"],
banner: %{"a" => "b"},
background: %{"a" => "b"},
note_count: 9,
follower_count: 9,
following_count: 9001,
locked: true,
confirmation_pending: true,
password_reset_pending: true,
approval_pending: true,
registration_reason: "ahhhhh",
confirmation_token: "qqqq",
domain_blocks: ["lain.com"],
deactivated: true,
ap_enabled: true,
is_moderator: true,
is_admin: true,
mastofe_settings: %{"a" => "b"},
mascot: %{"a" => "b"},
emoji: %{"a" => "b"},
pleroma_settings_store: %{"q" => "x"},
fields: [%{"gg" => "qq"}],
raw_fields: [%{"gg" => "qq"}],
discoverable: true,
also_known_as: ["https://lol.olo/users/loll"]
})
{:ok, job} = User.delete(user)
{:ok, _} = ObanHelpers.perform(job)
user = User.get_by_id(user.id)
assert %User{
bio: nil,
raw_bio: nil,
email: nil,
name: nil,
password_hash: nil,
keys: nil,
public_key: nil,
avatar: %{},
tags: [],
last_refreshed_at: nil,
last_digest_emailed_at: nil,
banner: %{},
background: %{},
note_count: 0,
follower_count: 0,
following_count: 0,
locked: false,
confirmation_pending: false,
password_reset_pending: false,
approval_pending: false,
registration_reason: nil,
confirmation_token: nil,
domain_blocks: [],
deactivated: true,
ap_enabled: false,
is_moderator: false,
is_admin: false,
mastofe_settings: nil,
mascot: nil,
emoji: %{},
pleroma_settings_store: %{},
fields: [],
raw_fields: [],
discoverable: false,
also_known_as: []
} = user
end
test "get_public_key_for_ap_id fetches a user that's not in the db" do
assert {:ok, _key} = User.get_public_key_for_ap_id("http://mastodon.example.org/users/admin")
end
......
......@@ -155,13 +155,30 @@ test "GET /api/pleroma/admin/users/:nickname requires " <>
describe "DELETE /api/pleroma/admin/users" do
test "single user", %{admin: admin, conn: conn} do
user = insert(:user)
clear_config([:instance, :federating], true)
user =
insert(:user,
avatar: %{"url" => [%{"href" => "https://someurl"}]},
banner: %{"url" => [%{"href" => "https://somebanner"}]},
bio: "Hello world!",
name: "A guy"
)
# Create some activities to check they got deleted later
follower = insert(:user)
{:ok, _} = CommonAPI.post(user, %{status: "test"})
{:ok, _, _, _} = CommonAPI.follow(user, follower)
{:ok, _, _, _} = CommonAPI.follow(follower, user)
user = Repo.get(User, user.id)
assert user.note_count == 1
assert user.follower_count == 1
assert user.following_count == 1
refute user.deactivated
with_mock Pleroma.Web.Federator,
publish: fn _ -> nil end do
publish: fn _ -> nil end,
perform: fn _, _ -> nil end do
conn =
conn
|> put_req_header("accept", "application/json")
......@@ -181,6 +198,14 @@ test "single user", %{admin: admin, conn: conn} do
user = Repo.get(User, user.id)
assert user.deactivated
assert user.avatar == %{}
assert user.banner == %{}
assert user.note_count == 0
assert user.follower_count == 0
assert user.following_count == 0
assert user.bio == nil
assert user.name == nil
assert called(Pleroma.Web.Federator.publish(:_))
end
end
......
......@@ -586,10 +586,16 @@ test "with proper permissions and wrong or missing password", %{conn: conn} do
end
end
test "with proper permissions and valid password", %{conn: conn} do
test "with proper permissions and valid password", %{conn: conn, user: user} do
conn = post(conn, "/api/pleroma/delete_account", %{"password" => "test"})
ObanHelpers.perform_all()
assert json_response(conn, 200) == %{"status" => "success"}
user = User.get_by_id(user.id)
assert user.deactivated == true
assert user.name == nil
assert user.bio == nil
assert user.password_hash == nil
end
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment