Unverified Commit 4ede76ba authored by Luc Didry's avatar Luc Didry
Browse files

Fix #300 — Allow to delete your own account

Only from web interface for now.
parent e949099f
......@@ -438,6 +438,9 @@
[%~ ELSIF report_entry == 'logout' ~%]
[%|loc%]You have logged out[%END%]
[%~ ELSIF report_entry == 'account_deleted' ~%]
[%|loc%]You have been unsubscribed from all your lists and your account has been deleted[%END%]
[%~ END ~%]
[%################~%]
......@@ -830,6 +833,9 @@ Warning: this message may already have been sent by one of the list's moderators
[%~ ELSIF report_entry == 'owner_domain_min' ~%]
[%|loc(report_param.value,report_param.owner_domain_min,report_param.owner_domain)%]Unable to reduce the number of list owners in required domains to %1. Domains that count toward the minimum requirement of %2: %3[%END%]
[%~ ELSIF report_entry == 'still_owner' ~%]
[%|loc(report_param.lists)%]You are the only owner of the following list(s): %1. Please give ownership to other people before deleting your account. You have been unsubscribed from all your lists though.[%END%]
[%~ END ~%]
[%~ END ~%]
......@@ -70,6 +70,22 @@
</form>
[% END %]
<h4>[%|loc%]Deleting your account[%END%]</h4>
<p>
[%|loc%]Deleting your account will unsubscribe you from all your lists, remove your ownership of your lists and permanently delete your account.[%END%]
<br />
[%|loc%]Please note that you will not be able to delete your account if you are the only owner of one or more list.[%END%]
</p>
<form action="[% path_cgi %]" method="post">
<fieldset>
<label for="password_for_account_deletion">[%|loc%]Enter your password:[%END%]</label>
<input type="password" name="passwd" id="password_for_account_deletion" size="25" />
<input type="checkbox" name="i_understand_the_consequences" id="i_understand_the_consequences" required><label for="i_understand_the_consequences">[%|loc%]I understand that I will be unsubscribed from all my lists and that my account will be permanently deleted[%END%]</label>
<br />
<input class="MainMenuLinks" type="submit" name="action_delete_account" value="[%|loc%]Submit[%END%]" />
</fieldset>
</form>
</div>
<!-- end pref.tt2 -->
......@@ -333,6 +333,7 @@ our %comm = (
'create_automatic_list' => 'do_create_automatic_list',
'create_automatic_list_request' => 'do_create_automatic_list_request',
'auth' => 'do_auth',
'delete_account' => 'do_delete_account',
);
 
my %comm_aliases = (
......@@ -568,6 +569,7 @@ our %required_args = (
'get_pending_lists' => ['param.user.email'],
'decl_del' => ['param.list', 'param.user.email'],
'decl_add' => ['param.list', 'param.user.email'],
'delete_account' => ['passwd', 'i_understand_the_consequences'],
'including_lists' => ['param.list', 'param.user.email'],
'info' => ['param.list'],
'install_pending_list' => ['param.user.email'],
......@@ -17152,6 +17154,109 @@ sub do_auth {
return $default_home;
}
 
sub do_delete_account {
wwslog('info', sprintf('Account deletion: %s asked for its account to be deleted', $param->{'user'}->{'email'}));
# Show form if HTTP POST method not used.
return 1 unless $ENV{'REQUEST_METHOD'} eq 'POST';
my $email = Sympa::Tools::Text::canonic_email($param->{'user'}->{'email'});
my $passwd = delete $in{'passwd'}; # Clear it.
unless ($email) {
Sympa::WWW::Report::reject_report_web('user', 'no_email', {},
$param->{'action'});
wwslog('info', 'No email');
web_db_log(
{ 'parameters' => $email,
'target_email' => $email,
'status' => 'error',
'error_type' => "no_email"
}
);
return 'pref';
}
unless ($passwd) {
Sympa::WWW::Report::reject_report_web('user', 'missing_arg',
{'argument' => 'passwd'},
$param->{'action'});
wwslog('info', 'Missing parameter passwd');
web_db_log(
{ 'parameters' => $email,
'target_email' => $email,
'status' => 'error',
'error_type' => "missing_parameter"
}
);
return 'pref';
}
my $data;
unless ($data = Sympa::WWW::Auth::check_auth($robot, $email, $passwd)) {
$log->syslog('notice', 'Authentication failed');
web_db_log(
{ 'parameters' => $email,
'target_email' => $email,
'status' => 'error',
'error_type' => 'authentication'
}
);
return 'pref';
}
$param->{'email'} = $email;
$param->{'user'} = $data->{'user'};
_set_my_lists_info();
my @only_owner;
for my $list (sort keys %{$param->{'which'}}) {
my $l = Sympa::List->new($list, $robot);
# Unsubscribe
$l->delete_list_member('users' => [$email]) if $param->{'which'}->{$list}->{'is_subscriber'};
# Remove from the editors
$l->delete_list_admin('editor', $email) if $param->{'which'}->{$list}->{'is_editor'};
# Remove from the owners
if ($param->{'which'}->{$list}->{'is_owner'}) {
my @admins = $l->get_admins('owner');
if (scalar(@admins) > 1) {
$l->delete_list_admin('owner', $email);
# Don't let a list without a privileged admin
my @privileged_admins = $l->get_admins('privileged_owner');
unless (scalar(@privileged_admins)) {
@admins = $l->get_admins('owner');
for my $admin (@admins) {
$l->update_list_admin($admin->{email}, 'owner', {profile => 'privileged'});
}
}
} else {
wwslog('info', sprintf('Account deletion: %s is the only owner of %s. The account will not be deleted.', $email, $list));
push @only_owner, $list;
}
}
}
if (@only_owner) {
Sympa::WWW::Report::reject_report_web('user', 'still_owner',
{ lists => join(', ', @only_owner) },
$param->{'action'});
return 'pref';
}
my $user = Sympa::User->new($email);
$user->expire;
wwslog('info', sprintf('Account deletion: the account of %s has been deleted', $email));
Sympa::WWW::Report::notice_report_web('account_deleted', {}, $param->{'action'});
do_logout();
}
sub prevent_visibility_bypass {
wwslog('debug2', 'Starting');
if (defined $list and ref $list eq 'Sympa::List') {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment