Merge pull request #1668 from codidact/art/self-serve-deletion

ArtOfCode- · web-flow · commit b3be377783b0 · 2025-07-11T20:02:50.000+01:00
Self-serve account deletion
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -406,4 +406,12 @@ def storable_location?
   def store_user_location!
     store_location_for(:user, request.fullpath)
   end
+
+  def require_sudo
+    unless user_signed_in? && session[:sudo].present? &&
+           DateTime.iso8601(session[:sudo]) >= AppConfig.server_settings['user_sudo_duration'].minutes.ago
+      session[:sudo_return] = request.fullpath
+      redirect_to user_sudo_path
+    end
+  end
 end
diff --git a/app/controllers/sudo_controller.rb b/app/controllers/sudo_controller.rb
@@ -0,0 +1,15 @@
+class SudoController < ApplicationController
+  before_action :authenticate_user!
+
+  def sudo; end
+
+  def enter_sudo
+    if current_user.valid_password? params[:password]
+      session[:sudo] = DateTime.now.iso8601
+      redirect_to session[:sudo_return]
+    else
+      flash[:danger] = 'The password you entered was incorrect.'
+      render :sudo
+    end
+  end
+end
diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb
@@ -1,4 +1,10 @@
 class Users::RegistrationsController < Devise::RegistrationsController
+  layout 'without_sidebar', only: :edit
+
+  before_action :check_sso, only: :update
+  before_action :authenticate_user!, only: [:delete, :do_delete]
+  before_action :require_sudo, only: [:delete, :do_delete]
+
   def create
     super do |user|
       unless user.errors.any?
@@ -19,11 +25,29 @@ def create
     end
   end
 
-  protected
+  def delete
+    @user = current_user
+  end
 
-  layout 'without_sidebar', only: :edit
+  def do_delete
+    @user = current_user
+    if @user.admin?
+      @user.errors.add(:base, I18n.t('users.errors.no_admin_self_delete'))
+      render :delete
+    elsif @user.moderator?
+      @user.errors.add(:base, I18n.t('users.errors.no_mod_self_delete'))
+      render :delete
+    elsif params[:username] != @user.username
+      @user.errors.add(:base, I18n.t('users.errors.self_delete_wrong_username'))
+      render :delete
+    else
+      @user.do_soft_delete(@user)
+      flash[:info] = 'Sorry to see you go!'
+      redirect_to root_path
+    end
+  end
 
-  before_action :check_sso, only: :update
+  protected
 
   def after_update_path_for(resource)
     edit_user_registration_path(resource)
diff --git a/app/helpers/sudo_helper.rb b/app/helpers/sudo_helper.rb
@@ -0,0 +1,2 @@
+module SudoHelper
+end
diff --git a/app/views/devise/registrations/edit.html.erb b/app/views/devise/registrations/edit.html.erb
@@ -58,3 +58,16 @@
 
   <%= f.submit "Update", class: 'button is-filled is-very-large', disabled: sso %>
 <% end %><br/>
+
+<% if current_user.at_least_moderator? %>
+  <%= link_to 'javascript:void(0)', class: 'button is-outlined is-danger', disabled: true do %>
+    Delete my account &raquo;
+  <% end %>
+  <p class="has-color-red has-font-size-caption">
+    Moderators and admins cannot be self-deleted. Contact support if you wish to delete your account.
+  </p>
+<% else %>
+  <%= link_to delete_account_path, class: 'button is-outlined is-danger' do %>
+    Delete my account &raquo;
+  <% end %>
+<% end %>
diff --git a/app/views/sudo/sudo.html.erb b/app/views/sudo/sudo.html.erb
@@ -0,0 +1,16 @@
+<h1>Re-enter your password</h1>
+
+<div class="notice is-info has-font-size-caption has-color-teal-900 flex-row-always jc-sb ai-c">
+  <i class="fas fa-info-circle"></i>
+  <p>
+    You are entering <strong>sudo mode</strong>, where you are required to verify your password to take certain
+    security-sensitive actions. This mode will last for <%= AppConfig.server_settings['user_sudo_duration'] %>
+    minutes, during which time you will not be asked for your password again.
+  </p>
+</div>
+
+<%= form_tag enter_sudo_path, method: :post do %>
+  <%= label_tag :password, 'Re-enter your password', class: 'form-element' %>
+  <%= password_field_tag :password, nil, class: 'form-element' %>
+  <%= submit_tag 'Verify', class: 'button is-primary is-filled' %>
+<% end %>
diff --git a/app/views/users/_deleted.html.erb b/app/views/users/_deleted.html.erb
@@ -11,6 +11,10 @@
   <p class="has-font-size-caption">
     <%= deletion_type.capitalize %> deleted
     <span title="<%= deleted_object.deleted_at %>"><%= time_ago_in_words(deleted_object.deleted_at) %> ago</span>
-    by <%= link_to deleted_object.deleted_by.username, user_path(deleted_object.deleted_by) %>.
+    <% if deleted_object.deleted_by == user %>
+      (self-deleted).
+    <% else %>
+      by <%= link_to deleted_object.deleted_by.username, user_path(deleted_object.deleted_by) %>.
+    <% end %>
   </p>
 </div>
diff --git a/app/views/users/registrations/delete.html.erb b/app/views/users/registrations/delete.html.erb
@@ -0,0 +1,38 @@
+<h1 class="has-color-red">Delete my account</h1>
+<p>
+  If you no longer want to use our network of communities, you can delete your account. This means:
+</p>
+<ul>
+  <li>Your profiles will be deleted on <strong>every community</strong> in the network.
+  <li>Your user account will be deleted and anonymized.</li>
+  <li>
+    The content of your posts and comments will remain, under the licenses you set for them. Your username will no
+    longer be shown alongside them.
+  </li>
+</ul>
+
+<div class="notice is-danger has-color-red-900 flex-row-always jc-sb ai-c">
+  <i class="fas fa-exclamation-triangle"></i>
+  <p>
+    This will take effect immediately and <strong>cannot be undone</strong>. If you're sure, type your username below to
+    confirm.
+  </p>
+</div>
+
+<% if @user.errors.any? %>
+  <div class="notice is-danger has-color-red-900">
+    <p>Couldn't delete your account:</p>
+    <ul>
+      <% @user.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+    </ul>
+  </div>
+<% end %>
+
+<%= form_tag do_delete_account_path, method: :post do %>
+  <%= label_tag :username, 'Type your username', class: 'form-element' %>
+  <%= text_field_tag :username, params[:username], class: 'form-element' %>
+
+  <%= submit_tag 'Delete my account', class: 'button is-danger is-filled' %>
+<% end %>
diff --git a/config/config/server_settings.yml b/config/config/server_settings.yml
@@ -1 +1,2 @@
 registration_rate_limit: 300
+user_sudo_duration: 30
diff --git a/config/locales/strings/en.users.yml b/config/locales/strings/en.users.yml
@@ -0,0 +1,9 @@
+en:
+  users:
+    errors:
+      no_admin_self_delete: >
+        Admin accounts cannot be self-deleted. Contact support.
+      no_mod_self_delete: >
+        Moderator accounts cannot be self-deleted. Contact support.
+      self_delete_wrong_username: >
+        The username you entered was incorrect.
diff --git a/config/routes.rb b/config/routes.rb
@@ -15,6 +15,8 @@
     get  'users/saml/sign_in_request_from_other/:id', to: 'users/saml_sessions#sign_in_request_from_other', as: :sign_in_request_from_other
     get  'users/saml/sign_in_return_from_base',       to: 'users/saml_sessions#sign_in_return_from_base', as: :sign_in_return_from_base
     get  'users/saml/after_sign_in_check',            to: 'users/saml_sessions#after_sign_in_check', as: :after_sign_in_check
+    get  'users/delete',                   to: 'users/registrations#delete', as: :delete_account
+    post 'users/delete',                   to: 'users/registrations#do_delete', as: :do_delete_account
   end
 
   root                                     to: 'categories#homepage'
@@ -204,6 +206,8 @@
     get    '/avatar/:letter/:color/:size', to: 'users#specific_avatar', as: :specific_auto_avatar
     get    '/disconnect-sso',           to: 'users#disconnect_sso', as: :user_disconnect_sso
     post   '/disconnect-sso',           to: 'users#confirm_disconnect_sso', as: :user_confirm_disconnect_sso
+    get    '/sudo',                     to: 'sudo#sudo', as: :user_sudo
+    post   '/sudo',                     to: 'sudo#enter_sudo', as: :enter_sudo
     get    '/:id',                      to: 'users#show', as: :user
     get    '/:id/flags',                to: 'flags#history', as: :flag_history
     get    '/:id/activity',             to: 'users#activity', as: :user_activity
diff --git a/test/controllers/sudo_controller_test.rb b/test/controllers/sudo_controller_test.rb
@@ -0,0 +1,53 @@
+require 'test_helper'
+
+class SudoControllerTest < ActionController::TestCase
+  include Devise::Test::ControllerHelpers
+
+  test 'should require auth before sudo mode' do
+    get :sudo
+    assert_response(:found)
+    assert_redirected_to new_user_session_path
+  end
+
+  test 'should show sudo mode page' do
+    sign_in users(:standard_user)
+    get :sudo
+    assert_response(:success)
+  end
+
+  test 'should fail sudo mode with wrong password' do
+    sign_in users(:standard_user)
+    try_enter_sudo('wrong')
+
+    assert_response(:success)
+    assert_equal 'The password you entered was incorrect.', flash[:danger]
+  end
+
+  test 'should enter sudo mode' do
+    set_password(users(:standard_user), 'test1234')
+    sign_in users(:standard_user)
+    session[:sudo_return] = users_me_path
+    try_enter_sudo('test1234')
+
+    assert_response(:found)
+    assert_redirected_to users_me_path
+    assert_not_nil session[:sudo]
+    assert_nothing_raised do
+      DateTime.iso8601(session[:sudo])
+    end
+  end
+
+  private
+
+  # Attempts to enter sudo mode for the current user
+  # @param password [String] password of the user entering sudo mode
+  def try_enter_sudo(password)
+    post :enter_sudo, params: { password: password }
+  end
+
+  def set_password(user, password)
+    user.password = password
+    user.skip_reconfirmation!
+    user.save!
+  end
+end
diff --git a/test/controllers/users/registrations_controller_test.rb b/test/controllers/users/registrations_controller_test.rb
@@ -4,35 +4,121 @@ class Users::RegistrationsControllerTest < ActionController::TestCase
   include Devise::Test::ControllerHelpers
   include ApplicationHelper
 
+  setup :devise_setup
+
   test 'should register user' do
-    @request.env['devise.mapping'] = Devise.mappings[:user]
     try_register_user('test', 'test@example.com', 'testtest')
+
     assert_response(:found)
     assert_not_nil assigns(:user).id
     assert_redirected_to root_path
   end
 
   test 'should prevent rapid registrations from same IP' do
-    @request.env['devise.mapping'] = Devise.mappings[:user]
     User.create(username: 'test', email: 'test2@example.com', password: 'testtest', current_sign_in_ip: '0.0.0.0')
     try_register_user('test', 'test@example.com', 'testtest')
+
     assert_response(:found)
     assert_redirected_to users_path
     assert_not_nil flash[:danger]
   end
 
   test 'ensure Devise errors are handled properly' do
-    @request.env['devise.mapping'] = Devise.mappings[:user]
     existing_user = users(:standard_user)
     try_register_user(existing_user.username, existing_user.email, 'testtest')
+
     assert_response(:success)
     assert_not_empty assigns(:user).errors
   end
 
+  test 'should show deletion information page' do
+    sign_in users(:standard_user)
+    session[:sudo] = DateTime.now.iso8601
+    get :delete
+    assert_response(:success)
+  end
+
+  test 'should require authentication for deletion information' do
+    get :delete
+    assert_response(:found)
+    assert_redirected_to new_user_session_path
+  end
+
+  test 'should require sudo for deletion information' do
+    sign_in users(:standard_user)
+    get :delete
+    assert_response(:found)
+    assert_redirected_to user_sudo_path
+  end
+
+  test 'should delete user account' do
+    sign_in users(:standard_user)
+    session[:sudo] = DateTime.now.iso8601
+    try_do_delete_user(users(:standard_user))
+
+    assert_response(:found)
+    assert_redirected_to root_path
+    assert_equal 'Sorry to see you go!', flash[:info]
+    assert assigns(:user).deleted
+  end
+
+  test 'should require authentication to delete user account' do
+    post :do_delete, params: { username: 'anything' }
+
+    assert_response(:found)
+    assert_redirected_to new_user_session_path
+  end
+
+  test 'should require sudo to delete user account' do
+    sign_in users(:standard_user)
+    post :do_delete, params: { username: 'anything' }
+
+    assert_response(:found)
+    assert_redirected_to user_sudo_path
+  end
+
+  test 'should prevent deletion if username is incorrect' do
+    sign_in users(:standard_user)
+    session[:sudo] = DateTime.now.iso8601
+    post :do_delete, params: { username: 'wrong' }
+
+    assert_response(:success)
+    assert_equal [I18n.t('users.errors.self_delete_wrong_username')], assigns(:user).errors.full_messages
+    assert_not assigns(:user).deleted
+  end
+
+  test 'should prevent self-deletion if the user is at least a moderator' do
+    locale_string_map = {
+      moderator: 'users.errors.no_mod_self_delete',
+      admin: 'users.errors.no_admin_self_delete'
+    }
+
+    [:moderator, :admin].each do |name|
+      sign_in users(name)
+      session[:sudo] = DateTime.now.iso8601
+
+      try_do_delete_user(users(name))
+
+      assert_response(:success)
+      assert_equal [I18n.t(locale_string_map[name])], assigns(:user).errors.full_messages
+      assert_not assigns(:user).deleted
+    end
+  end
+
   private
 
+  # Attempts to sudo delete a given user
+  # @param user [User] user to delete
+  def try_do_delete_user(user)
+    post :do_delete, params: { username: user.username }
+  end
+
   def try_register_user(username, email, password)
     post :create, params: { user: { username: username, email: email, password: password,
                                     password_confirmation: password } }
   end
+
+  def devise_setup
+    @request.env['devise.mapping'] = Devise.mappings[:user]
+  end
 end

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`	`1`	`registration_rate_limit: 300`
	`2`	`+user_sudo_duration: 30`