api, frontend: add account deletion

Closes https://gitlab.com/commento/commento/issues/120
2020-01-02 13:41:07 -08:00
parent 80dc91ca05
commit dc24a40a37
11 changed files with 249 additions and 5 deletions
--- a/api/errors.go
+++ b/api/errors.go
@@ -47,3 +47,5 @@ var errorNoSuchUnsubscribeSecretHex = errors.New("Invalid unsubscribe link.")
 var errorEmptyPaths = errors.New("Empty paths field.")
 var errorInvalidDomain = errors.New("Invalid domain name. Do not include the URL path after the forward slash.")
 var errorInvalidEntity = errors.New("That entity does not exist.")
+var errorCannotDeleteOwnerWithActiveDomains = errors.New("You cannot delete your account until all domains associated with your account are deleted.")
+var errorNoSuchOwner = errors.New("No such owner.")
--- a/api/owner_delete.go
+++ b/api/owner_delete.go
@@ -0,0 +1,79 @@
+package main
+
+import (
+	"net/http"
+)
+
+func ownerDelete(ownerHex string, deleteDomains bool) error {
+	domains, err := domainList(ownerHex)
+	if err != nil {
+		return err
+	}
+
+	if len(domains) > 0 {
+		if !deleteDomains {
+			return errorCannotDeleteOwnerWithActiveDomains
+		}
+		for _, d := range domains {
+			if err := domainDelete(d.Domain); err != nil {
+				return err
+			}
+		}
+	}
+
+	statement := `
+		DELETE FROM owners
+		WHERE ownerHex = $1;
+	`
+	_, err = db.Exec(statement, ownerHex)
+	if err != nil {
+		return errorNoSuchOwner
+	}
+
+	statement = `
+		DELETE FROM ownersessions
+		WHERE ownerHex = $1;
+	`
+	_, err = db.Exec(statement, ownerHex)
+	if err != nil {
+		logger.Errorf("cannot delete from ownersessions: %v", err)
+		return errorInternal
+	}
+
+	statement = `
+		DELETE FROM resethexes
+		WHERE hex = $1;
+	`
+	_, err = db.Exec(statement, ownerHex)
+	if err != nil {
+		logger.Errorf("cannot delete from resethexes: %v", err)
+		return errorInternal
+	}
+
+	return nil
+}
+
+func ownerDeleteHandler(w http.ResponseWriter, r *http.Request) {
+	type request struct {
+		OwnerToken *string `json:"ownerToken"`
+	}
+
+	var x request
+	if err := bodyUnmarshal(r, &x); err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	o, err := ownerGetByOwnerToken(*x.OwnerToken)
+	if err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	if err = ownerDelete(o.OwnerHex, false); err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	bodyMarshal(w, response{"success": true})
+}
--- a/api/owner_new.go
+++ b/api/owner_new.go
@@ -92,10 +92,8 @@ func ownerNewHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if _, err := commenterNew(*x.Email, *x.Name, "undefined", "undefined", "commento", *x.Password); err != nil {
-		bodyMarshal(w, response{"success": false, "message": err.Error()})
-		return
-	}
+	// Errors in creating a commenter account should not hold this up.
+	_, _ = commenterNew(*x.Email, *x.Name, "undefined", "undefined", "commento", *x.Password)

 	bodyMarshal(w, response{"success": true, "confirmEmail": smtpConfigured})
 }
--- a/api/router_api.go
+++ b/api/router_api.go
@@ -9,6 +9,7 @@ func apiRouterInit(router *mux.Router) error {
 	router.HandleFunc("/api/owner/confirm-hex", ownerConfirmHexHandler).Methods("GET")
 	router.HandleFunc("/api/owner/login", ownerLoginHandler).Methods("POST")
 	router.HandleFunc("/api/owner/self", ownerSelfHandler).Methods("POST")
+	router.HandleFunc("/api/owner/delete", ownerDeleteHandler).Methods("POST")

 	router.HandleFunc("/api/domain/new", domainNewHandler).Methods("POST")
 	router.HandleFunc("/api/domain/delete", domainDeleteHandler).Methods("POST")
--- a/api/router_static.go
+++ b/api/router_static.go
@@ -101,6 +101,7 @@ func staticRouterInit(router *mux.Router) error {
 		"/confirm-email",
 		"/unsubscribe",
 		"/dashboard",
+		"/settings",
 		"/logout",
 		"/profile",
 	}