xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Commit 2a2338aca850737f16febc056c1d248daf935736

Allow users to delete their account
Author: Catalin(ux) M. BOIE
Author date (UTC): 2016-12-30 12:49
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2017-01-05 16:10
Parent(s): 00f1ad9bffc47d0cd786e6caa6f9777fae27b2ff
Signing key:
Tree: be2f8dab467a39dc5665ae9f18fa4e58d73d1510
File Lines added Lines deleted
inc/struct.inc.php 5 0
inc/user.inc.php 91 12
inc/user/settings.php 4 0
root/themes/default/hints/user/delete_account.html 5 0
root/themes/default/user/settings/delete/done.html 3 0
root/themes/default/user/settings/delete/no.html 0 0
root/themes/default/user/settings/delete/sure.html 6 4
root/themes/default/user/settings/menu.html 1 0
File inc/struct.inc.php changed (mode: 100644) (index a30d3e5..5c1e042)
... ... $rg_sql_struct[41]['other'] = array(
588 588 . " ON workers(fingerprint_sha256)" . " ON workers(fingerprint_sha256)"
589 589 ); );
590 590
591 $rg_sql_struct[42]['other'] = array(
592 'deleted for users' =>
593 "ALTER TABLE users ADD deleted INTEGER NOT NULL DEFAULT 0"
594 );
595
591 596 // Do not forget to add the new tables to statistics // Do not forget to add the new tables to statistics
592 597 // This must be the last line // This must be the last line
593 598 $rg_sql_schema_ver = count($rg_sql_struct); $rg_sql_schema_ver = count($rg_sql_struct);
File inc/user.inc.php changed (mode: 100644) (index 6c7719b..ed27197)
... ... function rg_user_edit($db, $d)
531 531 break; break;
532 532
533 533 $d['suspended'] = 0; $d['suspended'] = 0;
534 $d['deleted'] = 0;
534 535 $d['last_seen'] = 0; $d['last_seen'] = 0;
535 536 $d['disk_used_mb'] = 0; $d['disk_used_mb'] = 0;
536 537 $sql = "INSERT INTO users (username, realname, salt" $sql = "INSERT INTO users (username, realname, salt"
537 538 . ", pass, email, itime" . ", pass, email, itime"
538 539 . ", is_admin, rights, session_time" . ", is_admin, rights, session_time"
539 540 . ", confirmed, confirm_token, plan_id" . ", confirmed, confirm_token, plan_id"
540 . ", suspended, last_seen, disk_used_mb)"
541 . ", suspended, last_seen, disk_used_mb"
542 . ", deleted)"
541 543 . " VALUES (@@username@@, @@realname@@, @@salt@@" . " VALUES (@@username@@, @@realname@@, @@salt@@"
542 544 . ", @@pass_crypted@@, @@email@@, @@itime@@" . ", @@pass_crypted@@, @@email@@, @@itime@@"
543 545 . ", @@is_admin@@, @@rights@@, @@session_time@@" . ", @@is_admin@@, @@rights@@, @@session_time@@"
544 546 . ", @@confirmed@@, @@confirm_token@@, @@plan_id@@" . ", @@confirmed@@, @@confirm_token@@, @@plan_id@@"
545 547 . ", @@suspended@@, @@last_seen@@" . ", @@suspended@@, @@last_seen@@"
546 . ", @@disk_used_mb@@)"
548 . ", @@disk_used_mb@@, @@deleted@@)"
547 549 . " RETURNING uid"; . " RETURNING uid";
548 550 } else { // edit } else { // edit
549 551 $salt_pass_add = ""; $salt_pass_add = "";
 
... ... function rg_user_edit($db, $d)
625 627
626 628 /* /*
627 629 * Delete a user * Delete a user
630 * @uid - the uid of the user to be removed
631 * This function only marks the user to be removed.
628 632 */ */
629 633 function rg_user_remove($db, $rg, $uid) function rg_user_remove($db, $rg, $uid)
630 634 { {
631 rg_prof_start("user_remove");
632 rg_log_enter("user_remove: uid=$uid");
635 rg_prof_start('user_remove');
636 rg_log_enter('user_remove: uid=$uid');
633 637
634 638 $ret = FALSE; $ret = FALSE;
635 639 while (1) { while (1) {
 
... ... function rg_user_remove($db, $rg, $uid)
641 645 $x['username'] = $rg['login_ui']['username']; $x['username'] = $rg['login_ui']['username'];
642 646 $x['needed_rights'] = 'R'; $x['needed_rights'] = 'R';
643 647 $x['ip'] = $rg['ip']; $x['ip'] = $rg['ip'];
644 $x['misc'] = "";
648 $x['misc'] = '';
645 649 if (rg_rights_allow($db, $x) !== TRUE) if (rg_rights_allow($db, $x) !== TRUE)
646 650 break; break;
647 651
648 $params = array("uid" => $uid);
649 $sql = "DELETE FROM users WHERE uid = @@uid@@";
652 $now = time();
653 $params = array(
654 'now' => $now,
655 'uid' => $uid
656 );
657 $sql = 'UPDATE users SET deleted = @@now@@'
658 . ' WHERE uid = @@uid@@';
650 659 $res = rg_sql_query_params($db, $sql, $params); $res = rg_sql_query_params($db, $sql, $params);
651 660 if ($res === FALSE) { if ($res === FALSE) {
652 rg_user_set_error("cannot remove user $uid (" . rg_sql_error() . ")");
661 rg_user_set_error('cannot remove user');
653 662 break; break;
654 663 } }
655 664 rg_sql_free_result($res); rg_sql_free_result($res);
656 665
657 // invalidate cache
658 rg_cache_unset('user' . '::' . $uid, RG_SOCKET_NO_WAIT);
666 // update cache
667 rg_cache_set('user' . '::' . $uid . '::' . 'info'
668 . '::' . 'deleted', $now, RG_SOCKET_NO_WAIT);
669
670 // invalidate session
671 rg_sess_destroy($db, $rg['sid'], $rg['login_ui']);
659 672
660 673 $ret = TRUE; $ret = TRUE;
661 674 break; break;
662 675 } }
663 676
664 677 rg_log_exit(); rg_log_exit();
665 rg_prof_end("user_remove");
678 rg_prof_end('user_remove');
666 679 return $ret; return $ret;
667 680 } }
668 681
 
... ... function rg_user_login_by_user_pass($db, $user, $pass, $login_token, $lock_ip,
954 967 break; break;
955 968 } }
956 969
970 if ($ui0['deleted'] > 0) {
971 rg_user_set_error('invalid user, pass or login token');
972 rg_log('account is deleted');
973 break;
974 }
975
957 976 if ($ui0['suspended'] > 0) { if ($ui0['suspended'] > 0) {
958 977 rg_user_set_error("invalid user, pass or login token"); rg_user_set_error("invalid user, pass or login token");
959 978 rg_log("account is suspended"); rg_log("account is suspended");
 
... ... function rg_user_list($db)
1117 1136
1118 1137 $ret = FALSE; $ret = FALSE;
1119 1138 while (1) { while (1) {
1120 $sql = "SELECT * FROM users ORDER BY username";
1139 $sql = 'SELECT * FROM users ORDER BY username'
1140 . ' WHERE deleted = 0';
1121 1141 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
1122 1142 if ($res === FALSE) { if ($res === FALSE) {
1123 1143 rg_user_set_error("cannot get info (" . rg_sql_error() . ")!"); rg_user_set_error("cannot get info (" . rg_sql_error() . ")!");
 
... ... function rg_user_http_git($db, $rg, $paras)
2054 2074 return $ret; return $ret;
2055 2075 } }
2056 2076
2077 /*
2078 * Delete account high level function
2079 */
2080 function rg_user_delete_account_high_level($db, $rg, $paras)
2081 {
2082 $ret = '';
2083
2084 $are_you_sure = rg_var_uint('are_you_sure');
2085 $errmsg = array();
2086 $show_form = TRUE;
2087 while (1) {
2088 if ($rg['doit'] != 1)
2089 break;
2090
2091 if ($are_you_sure == 0) {
2092 $ret .= rg_template('user/settings/delete/no.html',
2093 $rg, TRUE/*xss*/);
2094 $show_form = FALSE;
2095 break;
2096 }
2097
2098 if (!rg_valid_referer()) {
2099 $errmsg[] = 'invalid referer; try again';
2100 break;
2101 }
2102
2103 if (!rg_token_valid($db, $rg, 'delete_account', FALSE)) {
2104 $errmsg[] = 'invalid token; try again';
2105 break;
2106 }
2107
2108 $r = rg_user_remove($db, $rg, $rg['login_ui']['uid']);
2109 if ($r !== TRUE) {
2110 $errmsg[] = rg_user_error();
2111 break;
2112 }
2113
2114 $ret .= rg_template('user/settings/delete/done.html',
2115 $rg, TRUE/*xss*/);
2116 $show_form = FALSE;
2117 break;
2118 }
2119
2120 if ($show_form) {
2121 // hints
2122 $hints = array();
2123 $hints[]['HTML:hint'] = rg_template('hints/user/delete_account.html',
2124 $rg, TRUE /*xss*/);
2125 $rg['HTML:hints'] = rg_template_table('hints/list', $hints, $rg);
2126
2127 $rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
2128 $rg['rg_form_token'] = rg_token_get($db, $rg, 'delete_account');
2129 $ret .= rg_template('user/settings/delete/sure.html',
2130 $rg, TRUE/*xss*/);
2131 }
2132
2133 return $ret;
2134 }
2135
2057 2136 ?> ?>
File inc/user/settings.php changed (mode: 100644) (index 7c2d3af..faabd82)
... ... case 'workers':
45 45 $_settings_body = rg_worker_high_level($db, $rg, $paras); $_settings_body = rg_worker_high_level($db, $rg, $paras);
46 46 break; break;
47 47
48 case 'delete_account':
49 $_settings_body = rg_user_delete_account_high_level($db, $rg, $paras);
50 break;
51
48 52 default: default:
49 53 $rg['ask_for_pass'] = 0; $rg['ask_for_pass'] = 0;
50 54 $rg['no_tos'] = 1; // we ask for only for account creation $rg['no_tos'] = 1; // we ask for only for account creation
File root/themes/default/hints/user/delete_account.html added (mode: 100644) (index 0000000..b8e3692)
1 <br />
2 <span style="color: red">Warning!</span> This operation will delete all
3 stuff created by your account: repositories (both public and private),
4 bugs, rights granted by you, web hooks, login tokens and scratch codes
5 etc. and cannot be undone.
File root/themes/default/user/settings/delete/done.html added (mode: 100644) (index 0000000..6add69b)
1 <div class="mess ok">
2 The user account has been deleted.
3 </div>
File root/themes/default/user/settings/delete/no.html copied from file root/themes/default/user/repo/delete/no.html (similarity 100%)
File root/themes/default/user/settings/delete/sure.html copied from file root/themes/default/user/repo/delete/sure.html (similarity 61%) (mode: 100644) (index 3cb4923..b72316b)
1 1 <div class="formarea"> <div class="formarea">
2 2
3 <div class="formarea_title">Delete repository</div>
3 <div class="formarea_title">Delete account</div>
4 4
5 <form method="post" action="@@url_repo@@/admin/delete">
5 <form method="post" action="@@url@@">
6 6 <input type="hidden" name="doit" value="1" /> <input type="hidden" name="doit" value="1" />
7 7 <input type="hidden" name="token" value="@@rg_form_token@@" /> <input type="hidden" name="token" value="@@rg_form_token@@" />
8 8
9 9 <p> <p>
10 10 <label for="are_you_sure">Are you sure?</label><br /> <label for="are_you_sure">Are you sure?</label><br />
11 11 <select name="are_you_sure" id="are_you_sure"> <select name="are_you_sure" id="are_you_sure">
12 <option value="0">No</option>
13 <option value="1">Yes</option>
12 <option value="0">No, just kidding</option>
13 <option value="1">Yes, I want to delete everything</option>
14 14 </select> </select>
15 15 </p> </p>
16 16
 
19 19 </form> </form>
20 20
21 21 </div> </div>
22
23 @@hints@@
File root/themes/default/user/settings/menu.html changed (mode: 100644) (index 88cd49a..c3ba768)
9 9 <li@@if(@@set_menu::totp@@ == 1){{ class="selected"}}{{}}><a href="/op/settings/totp">Login tokens</a></li> <li@@if(@@set_menu::totp@@ == 1){{ class="selected"}}{{}}><a href="/op/settings/totp">Login tokens</a></li>
10 10 <li@@if(@@set_menu::wh@@ == 1){{ class="selected"}}{{}}><a href="/op/settings/wh">Webhooks</a></li> <li@@if(@@set_menu::wh@@ == 1){{ class="selected"}}{{}}><a href="/op/settings/wh">Webhooks</a></li>
11 11 <li@@if(@@set_menu::workers@@ == 1){{ class="selected"}}{{}}><a href="/op/settings/workers">Workers</a></li> <li@@if(@@set_menu::workers@@ == 1){{ class="selected"}}{{}}><a href="/op/settings/workers">Workers</a></li>
12 <li@@if(@@set_menu::delete_account@@ == 1){{ class="selected"}}{{}}><a href="/op/settings/delete_account">Delete account</a></li>
12 13 </ul> </ul>
13 14 </div> </div>
14 15 @@menu_level2@@ @@menu_level2@@
Hints

Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master