summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
Diffstat (limited to 'application')
-rw-r--r--application/libraries/Duser/drivers/Duser_db.php1
-rw-r--r--application/models/mfile.php12
-rw-r--r--application/models/mmultipaste.php12
-rw-r--r--application/models/muser.php54
-rw-r--r--application/test/tests/test_models_muser.php57
5 files changed, 136 insertions, 0 deletions
diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php
index 1144f40f2..062da9e54 100644
--- a/application/libraries/Duser/drivers/Duser_db.php
+++ b/application/libraries/Duser/drivers/Duser_db.php
@@ -17,6 +17,7 @@ class Duser_db extends Duser_Driver {
'can_reset_password',
'can_register_new_users',
'can_change_email',
+ 'can_delete_account',
);
public function login($username, $password)
diff --git a/application/models/mfile.php b/application/models/mfile.php
index 6b7b38d41..748d187a3 100644
--- a/application/models/mfile.php
+++ b/application/models/mfile.php
@@ -202,6 +202,18 @@ class Mfile extends CI_Model {
}
}
+ public function delete_by_user($userid)
+ {
+ $query = $this->db->select("id")
+ ->where("user", $userid)
+ ->get("files")->result_array();
+ $ids = array_map(function ($a) {return $a['id'];}, $query);
+
+ foreach ($ids as $id) {
+ $this->delete_id($id);
+ }
+ }
+
public function delete_id($id)
{
$filedata = $this->get_filedata($id);
diff --git a/application/models/mmultipaste.php b/application/models/mmultipaste.php
index deb01978e..d44454f52 100644
--- a/application/models/mmultipaste.php
+++ b/application/models/mmultipaste.php
@@ -108,6 +108,18 @@ class Mmultipaste extends CI_Model {
return $this->config->item("upload_path")."/special/multipaste-tarballs/".substr(md5($id), 0, 3)."/$id.tar.gz";
}
+ public function delete_by_user($userid)
+ {
+ $query = $this->db->select("url_id")
+ ->where("user_id", $userid)
+ ->get("multipaste")->result_array();
+ $ids = array_map(function ($a) {return $a['url_id'];}, $query);
+
+ foreach ($ids as $id) {
+ $this->delete_id($id);
+ }
+ }
+
public function delete_id($id)
{
$this->db->where('url_id', $id)
diff --git a/application/models/muser.php b/application/models/muser.php
index 7a4b65e4b..48e618fb1 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -182,6 +182,47 @@ class Muser extends CI_Model {
->insert('users');
}
+ /**
+ * Delete a user.
+ *
+ * @param username
+ * @param password
+ * @return true on sucess, false otherwise
+ */
+ public function delete_user($username, $password)
+ {
+ $this->duser->require_implemented("can_delete_account");
+
+ if ($this->duser->test_login_credentials($username, $password)) {
+ $userid = $this->get_userid_by_name($username);
+ assert($userid !== null);
+
+ $this->db->delete('profiles', array('user' => $userid));
+
+ $this->load->model("mfile");
+ $this->load->model("mmultipaste");
+ $this->mfile->delete_by_user($userid);
+ $this->mmultipaste->delete_by_user($userid);
+
+ # null out user data to keep referer information traceable
+ # If referer information was relinked, one user could create many
+ # accounts, delete the account that was used to invite them and
+ # then cause trouble so that the account that invited him gets
+ # banned because the admin thinks that account invited abusers
+ $this->db->set(array(
+ 'username' => null,
+ 'password' => null,
+ 'email' => null,
+ ))
+ ->where(array('username' => $username))
+ ->update('users');
+
+ return true;
+ }
+
+ return false;
+ }
+
function get_userid()
{
if (!$this->logged_in()) {
@@ -191,6 +232,19 @@ class Muser extends CI_Model {
return $this->session->userdata("userid");
}
+ public function get_userid_by_name($username)
+ {
+ $query = $this->db->select('id')
+ ->from('users')
+ ->where('username', $username)
+ ->get()->row_array();
+ if ($query) {
+ return $query['id'];
+ }
+
+ return null;
+ }
+
function get_email($userid)
{
return $this->duser->get_email($userid);
diff --git a/application/test/tests/test_models_muser.php b/application/test/tests/test_models_muser.php
index 1c5dc98b6..af0e58834 100644
--- a/application/test/tests/test_models_muser.php
+++ b/application/test/tests/test_models_muser.php
@@ -52,5 +52,62 @@ class test_models_muser extends \test\Test {
$this->t->is($CI->muser->valid_email("joebob.com"), false, "missing @");
}
+ public function test_delete_user()
+ {
+ $CI =& get_instance();
+ $CI->muser->add_user("userdeltest1", "supersecret", "tester@localhost.lan", null);
+ $this->t->is($CI->muser->username_exists("userdeltest1"), true, "User should exist after creation");
+
+ $ret = $CI->muser->delete_user("userdeltest1", "wrongpassword");
+ $this->t->is($ret, false, "Deletion should fail with incorrect password");
+
+ $ret = $CI->muser->delete_user("userdeltest1", "");
+ $this->t->is($ret, false, "Deletion should fail with empty password");
+
+ $this->t->is($CI->muser->username_exists("userdeltest1"), true, "User should exist after failed deletions");
+
+ $ret = $CI->muser->delete_user("userdeltest1", "supersecret");
+ $this->t->is($ret, true, "Deletion should succeed with correct data");
+ $this->t->is($CI->muser->username_exists("userdeltest1"), false, "User should not exist after deletion");
+ }
+
+ public function test_delete_user_verifyFilesDeleted()
+ {
+ $CI =& get_instance();
+
+ $id = "testid1";
+ $id2 = "testid2";
+ $content = "test content";
+ $filename = "some cool name";
+ $username = "testuser1";
+ $password = "testpass";
+
+ $CI->muser->add_user($username, $password, "tester@localhost.lan", null);
+ $userid = $CI->muser->get_userid_by_name($username);
+
+ $CI->muser->add_user("joe", "joeisawesome", "tester2@localhost.lan", null);
+ $userid2 = $CI->muser->get_userid_by_name("joe");
+
+ \service\files::add_file_data($userid, $id, $content, $filename);
+ \service\files::add_file_data($userid2, $id2, $content, $filename);
+
+ $mid = \service\files::create_multipaste([$id], $userid, [3,6])['url_id'];
+ $mid2 = \service\files::create_multipaste([$id2], $userid2, [3,6])['url_id'];
+
+ $this->t->is($CI->mfile->id_exists($id), true, "File exists after being added");
+ $this->t->is($CI->mmultipaste->id_exists($mid), true, "Multipaste exists after creation");
+ $this->t->is($CI->mfile->id_exists($id2), true, "File2 exists after being added");
+ $this->t->is($CI->mmultipaste->id_exists($mid2), true, "Multipaste2 exists after creation");
+
+ $ret = $CI->muser->delete_user($username, $password);
+ $this->t->is($ret, true, "Delete user");
+
+ $this->t->is($CI->mfile->id_exists($id), false, "File should be gone after deletion of user");
+ $this->t->is($CI->mmultipaste->id_exists($mid), false, "Multipaste should be gone after deletion of user");
+ $this->t->is($CI->mfile->id_exists($id2), true, "File2 owned by different user should still exist after deletion from other user");
+ $this->t->is($CI->mmultipaste->id_exists($mid2), true, "Multipaste2 owned by different user should still exist after deletion from other user");
+ }
+
+
}