Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Feature: Add an /account/deactivate endpoint #921

Merged
merged 3 commits into from
Jul 14, 2016
Merged

Feature: Add an /account/deactivate endpoint #921

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d543b72
Add an /account/deactivate endpoint
erikjohnston Jul 14, 2016
b55c770
Only accept password auth
erikjohnston Jul 14, 2016
848d3bf
Add hs object
erikjohnston Jul 14, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 44 additions & 0 deletions synapse/rest/client/v2_alpha/account.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,49 @@ def on_OPTIONS(self, _):
return 200, {}


class DeactivateAccountRestServlet(RestServlet):
PATTERNS = client_v2_patterns("/account/deactivate$")

def __init__(self, hs):
self.hs = hs
self.store = hs.get_datastore()
self.auth = hs.get_auth()
self.auth_handler = hs.get_auth_handler()
super(DeactivateAccountRestServlet, self).__init__()

@defer.inlineCallbacks
def on_POST(self, request):
body = parse_json_object_from_request(request)

authed, result, params, _ = yield self.auth_handler.check_auth([
[LoginType.PASSWORD],
], body, self.hs.get_ip_from_request(request))

if not authed:
defer.returnValue((401, result))

user_id = None
requester = None

if LoginType.PASSWORD in result:
# if using password, they should also be logged in
requester = yield self.auth.get_user_by_req(request)
user_id = requester.user.to_string()
if user_id != result[LoginType.PASSWORD]:
raise LoginError(400, "", Codes.UNKNOWN)
else:
logger.error("Auth succeeded but no known type!", result.keys())
raise SynapseError(500, "", Codes.UNKNOWN)

# FIXME: Theoretically there is a race here wherein user resets password
# using threepid.
yield self.store.user_delete_access_tokens(user_id)
yield self.store.user_delete_threepids(user_id)
yield self.store.user_set_password_hash(user_id, None)

defer.returnValue((200, {}))


class ThreepidRequestTokenRestServlet(RestServlet):
PATTERNS = client_v2_patterns("/account/3pid/email/requestToken$")

Expand Down Expand Up @@ -223,5 +266,6 @@ def on_POST(self, request):
def register_servlets(hs, http_server):
PasswordRequestTokenRestServlet(hs).register(http_server)
PasswordRestServlet(hs).register(http_server)
DeactivateAccountRestServlet(hs).register(http_server)
ThreepidRequestTokenRestServlet(hs).register(http_server)
ThreepidRestServlet(hs).register(http_server)