* Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from searchclosed-social-glitch-2
@ -0,0 +1,27 @@ | |||
# frozen_string_literal: true | |||
class Settings::DeletesController < ApplicationController | |||
layout 'admin' | |||
before_action :authenticate_user! | |||
def show | |||
@confirmation = Form::DeleteConfirmation.new | |||
end | |||
def destroy | |||
if current_user.valid_password?(delete_params[:password]) | |||
Admin::SuspensionWorker.perform_async(current_user.account_id, true) | |||
sign_out | |||
redirect_to new_user_session_path, notice: I18n.t('deletes.success_msg') | |||
else | |||
redirect_to settings_delete_path, alert: I18n.t('deletes.bad_password_msg') | |||
end | |||
end | |||
private | |||
def delete_params | |||
params.permit(:password) | |||
end | |||
end |
@ -0,0 +1,7 @@ | |||
# frozen_string_literal: true | |||
class Form::DeleteConfirmation | |||
include ActiveModel::Model | |||
attr_accessor :password | |||
end |
@ -0,0 +1,16 @@ | |||
- content_for :page_title do | |||
= t('settings.delete') | |||
= simple_form_for @confirmation, url: settings_delete_path, method: :delete do |f| | |||
.warning | |||
%strong | |||
= fa_icon('warning') | |||
= t('deletes.warning_title') | |||
= t('deletes.warning_html') | |||
%p.hint= t('deletes.description_html') | |||
= f.input :password, autocomplete: 'off', placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password') }, hint: t('deletes.confirm_password') | |||
.actions | |||
= f.button :button, t('deletes.proceed'), type: :submit, class: 'negative' |
@ -0,0 +1,72 @@ | |||
require 'rails_helper' | |||
describe Settings::DeletesController do | |||
render_views | |||
describe 'GET #show' do | |||
context 'when signed in' do | |||
let(:user) { Fabricate(:user) } | |||
before do | |||
sign_in user, scope: :user | |||
end | |||
it 'renders confirmation page' do | |||
get :show | |||
expect(response).to have_http_status(:success) | |||
end | |||
end | |||
context 'when not signed in' do | |||
it 'redirects' do | |||
get :show | |||
expect(response).to redirect_to '/auth/sign_in' | |||
end | |||
end | |||
end | |||
describe 'DELETE #destroy' do | |||
context 'when signed in' do | |||
let(:user) { Fabricate(:user, password: 'petsmoldoggos') } | |||
before do | |||
sign_in user, scope: :user | |||
end | |||
context 'with correct password' do | |||
before do | |||
delete :destroy, params: { password: 'petsmoldoggos' } | |||
end | |||
it 'redirects to sign in page' do | |||
expect(response).to redirect_to '/auth/sign_in' | |||
end | |||
it 'removes user record' do | |||
expect(User.find_by(id: user.id)).to be_nil | |||
end | |||
it 'marks account as suspended' do | |||
expect(user.account.reload).to be_suspended | |||
end | |||
end | |||
context 'with incorrect password' do | |||
before do | |||
delete :destroy, params: { password: 'blaze420' } | |||
end | |||
it 'redirects back to confirmation page' do | |||
expect(response).to redirect_to settings_delete_path | |||
end | |||
end | |||
end | |||
context 'when not signed in' do | |||
it 'redirects' do | |||
delete :destroy | |||
expect(response).to redirect_to '/auth/sign_in' | |||
end | |||
end | |||
end | |||
end |