Add canceling a user deletion

2021-08-09 20:31:12 +02:00 · 2021-08-09 20:31:12 +02:00 · 272977c102
parent 1cf420b835
commit 272977c102
3 changed files with 90 additions and 0 deletions
--- a/pkg/routes/api/v1/user_deletion.go
+++ b/pkg/routes/api/v1/user_deletion.go
@ -54,18 +54,32 @@ func UserRequestDeletion(c echo.Context) error {
 	s := db.NewSession()
 	defer s.Close()

+	err := s.Begin()
+	if err != nil {
+		return handler.HandleHTTPError(err, c)
+	}
+
 	u, err := user.GetCurrentUser(c)
 	if err != nil {
+		_ = s.Rollback()
 		return handler.HandleHTTPError(err, c)
 	}

 	err = user.CheckUserPassword(u, deletionRequest.Password)
 	if err != nil {
+		_ = s.Rollback()
 		return handler.HandleHTTPError(err, c)
 	}

 	err = user.RequestDeletion(s, u)
 	if err != nil {
+		_ = s.Rollback()
+		return handler.HandleHTTPError(err, c)
+	}
+
+	err = s.Commit()
+	if err != nil {
+		_ = s.Rollback()
 		return handler.HandleHTTPError(err, c)
 	}

@ -92,13 +106,78 @@ func UserConfirmDeletion(c echo.Context) error {
 	s := db.NewSession()
 	defer s.Close()

+	err := s.Begin()
+	if err != nil {
+		return handler.HandleHTTPError(err, c)
+	}
+
 	u, err := user.GetCurrentUser(c)
 	if err != nil {
+		_ = s.Rollback()
 		return handler.HandleHTTPError(err, c)
 	}

 	err = user.ConfirmDeletion(s, u, deleteConfirmation.Token)
 	if err != nil {
+		_ = s.Rollback()
+		return handler.HandleHTTPError(err, c)
+	}
+
+	err = s.Commit()
+	if err != nil {
+		_ = s.Rollback()
+		return handler.HandleHTTPError(err, c)
+	}
+
+	return c.JSON(http.StatusNoContent, models.Message{Message: "Successfully confirmed the deletion request."})
+}
+
+// UserCancelDeletion is the handler to abort a user deletion process
+// @Summary Abort a user deletion request
+// @Description Aborts an in-progress user deletion.
+// @tags user
+// @Accept json
+// @Produce json
+// @Param credentials body v1.UserDeletionRequest true "The user password to confirm."
+// @Success 200 {object} models.Message
+// @Failure 412 {object} web.HTTPError "Bad password providede"
+// @Failure 500 {object} models.Message "Internal error"
+// @Router /user/deletion/cancel [post]
+func UserCancelDeletion(c echo.Context) error {
+	var deletionRequest UserDeletionRequest
+	if err := c.Bind(&deletionRequest); err != nil {
+		return echo.NewHTTPError(http.StatusBadRequest, "No password provided.")
+	}
+
+	s := db.NewSession()
+	defer s.Close()
+
+	err := s.Begin()
+	if err != nil {
+		return handler.HandleHTTPError(err, c)
+	}
+
+	u, err := user.GetCurrentUser(c)
+	if err != nil {
+		_ = s.Rollback()
+		return handler.HandleHTTPError(err, c)
+	}
+
+	err = user.CheckUserPassword(u, deletionRequest.Password)
+	if err != nil {
+		_ = s.Rollback()
+		return handler.HandleHTTPError(err, c)
+	}
+
+	err = user.CancelDeletion(s, u)
+	if err != nil {
+		_ = s.Rollback()
+		return handler.HandleHTTPError(err, c)
+	}
+
+	err = s.Commit()
+	if err != nil {
+		_ = s.Rollback()
 		return handler.HandleHTTPError(err, c)
 	}

--- a/pkg/routes/routes.go
+++ b/pkg/routes/routes.go
@ -316,6 +316,7 @@ func registerAPIRoutes(a *echo.Group) {
 	if config.ServiceEnableUserDeletion.GetBool() {
 		u.POST("/deletion/request", apiv1.UserRequestDeletion)
 		u.POST("/deletion/confirm", apiv1.UserConfirmDeletion)
+		u.POST("/deletion/cancel", apiv1.UserCancelDeletion)
 	}

 	listHandler := &handler.WebHandler{
--- a/pkg/user/delete.go
+++ b/pkg/user/delete.go
@ -119,3 +119,13 @@ func ConfirmDeletion(s *xorm.Session, user *User, token string) (err error) {
 		Update(user)
 	return err
 }
+
+// CancelDeletion cancels the deletion of a user
+func CancelDeletion(s *xorm.Session, user *User) (err error) {
+	user.DeletionScheduledAt = time.Time{}
+	user.DeletionLastReminderSent = time.Time{}
+	_, err = s.Where("id = ?", user.ID).
+		Cols("deletion_scheduled_at", "deletion_last_reminder_sent").
+		Update(user)
+	return
+}