Account deletion (#3728)
* Add form for account deletion * If avatar or header are gone from source, remove them * Add option to have SuspendAccountService remove user record, add tests * Exclude suspended accounts from searchth-downstream
parent
caa23159ae
commit
1c7e2ddd65
@ -0,0 +1,27 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class Settings::DeletesController < ApplicationController
|
||||
layout 'admin'
|
||||
|
||||
before_action :authenticate_user!
|
||||
|
||||
def show
|
||||
@confirmation = Form::DeleteConfirmation.new
|
||||
end
|
||||
|
||||
def destroy
|
||||
if current_user.valid_password?(delete_params[:password])
|
||||
Admin::SuspensionWorker.perform_async(current_user.account_id, true)
|
||||
sign_out
|
||||
redirect_to new_user_session_path, notice: I18n.t('deletes.success_msg')
|
||||
else
|
||||
redirect_to settings_delete_path, alert: I18n.t('deletes.bad_password_msg')
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def delete_params
|
||||
params.permit(:password)
|
||||
end
|
||||
end
|
@ -0,0 +1,7 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
class Form::DeleteConfirmation
|
||||
include ActiveModel::Model
|
||||
|
||||
attr_accessor :password
|
||||
end
|
@ -0,0 +1,16 @@
|
||||
- content_for :page_title do
|
||||
= t('settings.delete')
|
||||
|
||||
= simple_form_for @confirmation, url: settings_delete_path, method: :delete do |f|
|
||||
.warning
|
||||
%strong
|
||||
= fa_icon('warning')
|
||||
= t('deletes.warning_title')
|
||||
= t('deletes.warning_html')
|
||||
|
||||
%p.hint= t('deletes.description_html')
|
||||
|
||||
= f.input :password, autocomplete: 'off', placeholder: t('simple_form.labels.defaults.current_password'), input_html: { 'aria-label' => t('simple_form.labels.defaults.current_password') }, hint: t('deletes.confirm_password')
|
||||
|
||||
.actions
|
||||
= f.button :button, t('deletes.proceed'), type: :submit, class: 'negative'
|
@ -0,0 +1,72 @@
|
||||
require 'rails_helper'
|
||||
|
||||
describe Settings::DeletesController do
|
||||
render_views
|
||||
|
||||
describe 'GET #show' do
|
||||
context 'when signed in' do
|
||||
let(:user) { Fabricate(:user) }
|
||||
|
||||
before do
|
||||
sign_in user, scope: :user
|
||||
end
|
||||
|
||||
it 'renders confirmation page' do
|
||||
get :show
|
||||
expect(response).to have_http_status(:success)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when not signed in' do
|
||||
it 'redirects' do
|
||||
get :show
|
||||
expect(response).to redirect_to '/auth/sign_in'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'DELETE #destroy' do
|
||||
context 'when signed in' do
|
||||
let(:user) { Fabricate(:user, password: 'petsmoldoggos') }
|
||||
|
||||
before do
|
||||
sign_in user, scope: :user
|
||||
end
|
||||
|
||||
context 'with correct password' do
|
||||
before do
|
||||
delete :destroy, params: { password: 'petsmoldoggos' }
|
||||
end
|
||||
|
||||
it 'redirects to sign in page' do
|
||||
expect(response).to redirect_to '/auth/sign_in'
|
||||
end
|
||||
|
||||
it 'removes user record' do
|
||||
expect(User.find_by(id: user.id)).to be_nil
|
||||
end
|
||||
|
||||
it 'marks account as suspended' do
|
||||
expect(user.account.reload).to be_suspended
|
||||
end
|
||||
end
|
||||
|
||||
context 'with incorrect password' do
|
||||
before do
|
||||
delete :destroy, params: { password: 'blaze420' }
|
||||
end
|
||||
|
||||
it 'redirects back to confirmation page' do
|
||||
expect(response).to redirect_to settings_delete_path
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when not signed in' do
|
||||
it 'redirects' do
|
||||
delete :destroy
|
||||
expect(response).to redirect_to '/auth/sign_in'
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in new issue