Add ability to delete our account

author: Chocobozzz <me@florianbigard.com> 2018-08-08 10:55:27 +0200
committer: Chocobozzz <me@florianbigard.com> 2018-08-08 10:55:27 +0200
commit: 92b9d60c00432c58d6184f3683bdb14a0300a3c6 (patch)
tree: 4ef84e470e8289225c3987e48c458086b1883d67 /server
parent: a031ab0b9b2f06969f074622383a5c974666ba93 (diff)
download: PeerTube-92b9d60c00432c58d6184f3683bdb14a0300a3c6.tar.gz
PeerTube-92b9d60c00432c58d6184f3683bdb14a0300a3c6.tar.zst
PeerTube-92b9d60c00432c58d6184f3683bdb14a0300a3c6.zip
5 files changed, 65 insertions, 3 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index 36bf0e0fe..3d2586c3a 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -30,6 +30,7 @@ import {
  usersVideoRatingValidator
 } from '../../middlewares'
 import {
+  deleteMeValidator,
  usersAskResetPasswordValidator,
  usersResetPasswordValidator,
  videoImportsSortValidator,
@@ -62,6 +63,11 @@ usersRouter.get('/me',
  authenticate,
  asyncMiddleware(getUserInformation)
 )
+usersRouter.delete('/me',
+  authenticate,
+  asyncMiddleware(deleteMeValidator),
+  asyncMiddleware(deleteMe)
+)
 usersRouter.get('/me/video-quota-used',
  authenticate,
@@ -296,8 +302,18 @@ async function listUsers (req: express.Request, res: express.Response, next: exp
  return res.json(getFormattedObjects(resultList.data, resultList.total))
 }
+async function deleteMe (req: express.Request, res: express.Response) {
+  const user: UserModel = res.locals.oauth.token.User
+  await user.destroy()
+  auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
+  return res.sendStatus(204)
+}
 async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const user = await UserModel.loadById(req.params.id)
+  const user: UserModel = res.locals.user
  await user.destroy()
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 8ca9763a1..3c207c81f 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -74,6 +74,19 @@ const usersRemoveValidator = [
  }
 ]
+const deleteMeValidator = [
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const user: UserModel = res.locals.oauth.token.User
+    if (user.username === 'root') {
+      return res.status(400)
+                .send({ error: 'You cannot delete your root account.' })
+                .end()
+    }
+    return next()
+  }
+]
 const usersUpdateValidator = [
  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
  body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
@@ -215,6 +228,7 @@ const usersResetPasswordValidator = [
 export {
  usersAddValidator,
+  deleteMeValidator,
  usersRegisterValidator,
  usersRemoveValidator,
  usersUpdateValidator,
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index 62faabc54..60165ae22 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -8,7 +8,7 @@ import { UserRole, VideoImport, VideoImportState } from '../../../../shared'
 import {
  createUser, flushTests, getMyUserInformation, getMyUserVideoRating, getUsersList, immutableAssign, killallServers, makeGetRequest,
  makePostBodyRequest, makeUploadRequest, makePutBodyRequest, registerUser, removeUser, runServer, ServerInfo, setAccessTokensToServers,
-  updateUser, uploadVideo, userLogin
+  updateUser, uploadVideo, userLogin, deleteMe
 } from '../../utils'
 import { checkBadCountPagination, checkBadSortPagination, checkBadStartPagination } from '../../utils/requests/check-api-params'
 import { getMagnetURI, getMyVideoImports, getYoutubeVideoUrl, importVideo } from '../../utils/videos/video-imports'
@@ -469,6 +469,12 @@ describe('Test users API validators', function () {
    })
  })
+  describe('When deleting our account', function () {
+    it('Should fail with with the root account', async function () {
+      await deleteMe(server.url, server.accessToken, 400)
+    })
+  })
  describe('When register a new user', function () {
    const registrationPath = path + '/register'
    const baseCorrectParams = {
diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts
index 1ea599859..c9e8eb6f9 100644
--- a/server/tests/api/users/users.ts
+++ b/server/tests/api/users/users.ts
@@ -6,7 +6,8 @@ import { UserRole } from '../../../../shared/index'
 import {
  createUser, flushTests, getBlacklistedVideosList, getMyUserInformation, getMyUserVideoQuotaUsed, getMyUserVideoRating,
  getUserInformation, getUsersList, getUsersListPaginationAndSort, getVideosList, killallServers, login, makePutBodyRequest, rateVideo,
-  registerUser, removeUser, removeVideo, runServer, ServerInfo, testImage, updateMyAvatar, updateMyUser, updateUser, uploadVideo, userLogin
+  registerUser, removeUser, removeVideo, runServer, ServerInfo, testImage, updateMyAvatar, updateMyUser, updateUser, uploadVideo, userLogin,
+  deleteMe
 } from '../../utils/index'
 import { follow } from '../../utils/server/follows'
 import { setAccessTokensToServers } from '../../utils/users/login'
@@ -478,6 +479,20 @@ describe('Test users', function () {
    expect(user.videoQuota).to.equal(5 * 1024 * 1024)
  })
+  it('Should remove me', async function () {
+    {
+      const res = await getUsersList(server.url, server.accessToken)
+      expect(res.body.data.find(u => u.username === 'user_15')).to.not.be.undefined
+    }
+    await deleteMe(server.url, accessToken)
+    {
+      const res = await getUsersList(server.url, server.accessToken)
+      expect(res.body.data.find(u => u.username === 'user_15')).to.be.undefined
+    }
+  })
  after(async function () {
    killallServers([ server ])
diff --git a/server/tests/utils/users/users.ts b/server/tests/utils/users/users.ts
index 37b15f64a..e24e721bd 100644
--- a/server/tests/utils/users/users.ts
+++ b/server/tests/utils/users/users.ts
@@ -56,6 +56,16 @@ function getMyUserInformation (url: string, accessToken: string, specialStatus =
          .expect('Content-Type', /json/)
 }
+function deleteMe (url: string, accessToken: string, specialStatus = 204) {
+  const path = '/api/v1/users/me'
+  return request(url)
+    .delete(path)
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer ' + accessToken)
+    .expect(specialStatus)
+}
 function getMyUserVideoQuotaUsed (url: string, accessToken: string, specialStatus = 200) {
  const path = '/api/v1/users/me/video-quota-used'
@@ -216,6 +226,7 @@ export {
  registerUser,
  getMyUserInformation,
  getMyUserVideoRating,
+  deleteMe,
  getMyUserVideoQuotaUsed,
  getUsersList,
  getUsersListPaginationAndSort,
author	Chocobozzz <me@florianbigard.com>	2018-08-08 10:55:27 +0200
committer	Chocobozzz <me@florianbigard.com>	2018-08-08 10:55:27 +0200
commit	92b9d60c00432c58d6184f3683bdb14a0300a3c6 (patch)
tree	4ef84e470e8289225c3987e48c458086b1883d67 /server
parent	a031ab0b9b2f06969f074622383a5c974666ba93 (diff)
download	PeerTube-92b9d60c00432c58d6184f3683bdb14a0300a3c6.tar.gz PeerTube-92b9d60c00432c58d6184f3683bdb14a0300a3c6.tar.zst PeerTube-92b9d60c00432c58d6184f3683bdb14a0300a3c6.zip