ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Implemented account deletion. Not all cases covered with tests [skip ci]

Browse Source
This commit is contained in:
ErickSkrauch
2020-06-12 00:27:02 +03:00
parent c86817a93d
commit 0183e54442
56 changed files with 1041 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
api/modules/accounts/actions/DeleteAccountAction.php Normal file
View File

@ -0,0 +1,14 @@
<?php
declare(strict_types=1);
namespace api\modules\accounts\actions;
use api\modules\accounts\models\DeleteAccountForm;
final class DeleteAccountAction extends BaseAccountAction {
protected function getFormClassName(): string {
return DeleteAccountForm::class;
}
}

14
api/modules/accounts/actions/RestoreAccountAction.php Normal file
View File

@ -0,0 +1,14 @@
<?php
declare(strict_types=1);
namespace api\modules\accounts\actions;
use api\modules\accounts\models\RestoreAccountForm;
final class RestoreAccountAction extends BaseAccountAction {
protected function getFormClassName(): string {
return RestoreAccountForm::class;
}
}

95
api/modules/accounts/controllers/DefaultController.php
View File

@ -1,4 +1,6 @@
<?php
declare(strict_types=1);
namespace api\modules\accounts\controllers;
use api\controllers\Controller;
@ -9,29 +11,13 @@ use api\rbac\Permissions as P;
use common\models\Account;
use Yii;
use yii\filters\AccessControl;
use yii\filters\VerbFilter;
use yii\helpers\ArrayHelper;
use yii\web\NotFoundHttpException;
class DefaultController extends Controller {
public function behaviors(): array {
$paramsCallback = function(): array {
$id = (int)Yii::$app->request->get('id');
if ($id === 0) {
$identity = Yii::$app->user->getIdentity();
if ($identity !== null) {
$account = $identity->getAccount();
if ($account !== null) {
$id = $account->id;
}
}
}
return [
'accountId' => $id,
];
};
return ArrayHelper::merge(parent::behaviors(), [
'access' => [
'class' => AccessControl::class,
@ -40,29 +26,28 @@ class DefaultController extends Controller {
'allow' => true,
'actions' => ['get'],
'roles' => [P::OBTAIN_ACCOUNT_INFO],
'roleParams' => function() use ($paramsCallback) {
return array_merge($paramsCallback(), [
'optionalRules' => true,
]);
},
'roleParams' => $this->createParams([
'optionalRules' => true,
'allowDeleted' => true,
]),
],
[
'allow' => true,
'actions' => ['username'],
'roles' => [P::CHANGE_ACCOUNT_USERNAME],
'roleParams' => $paramsCallback,
'roleParams' => $this->createParams(),
],
[
'allow' => true,
'actions' => ['password'],
'roles' => [P::CHANGE_ACCOUNT_PASSWORD],
'roleParams' => $paramsCallback,
'roleParams' => $this->createParams(),
],
[
'allow' => true,
'actions' => ['language'],
'roles' => [P::CHANGE_ACCOUNT_LANGUAGE],
'roleParams' => $paramsCallback,
'roleParams' => $this->createParams(),
],
[
'allow' => true,
@ -72,17 +57,15 @@ class DefaultController extends Controller {
'new-email-verification',
],
'roles' => [P::CHANGE_ACCOUNT_EMAIL],
'roleParams' => $paramsCallback,
'roleParams' => $this->createParams(),
],
[
'allow' => true,
'actions' => ['rules'],
'roles' => [P::ACCEPT_NEW_PROJECT_RULES],
'roleParams' => function() use ($paramsCallback) {
return array_merge($paramsCallback(), [
'optionalRules' => true,
]);
},
'roleParams' => $this->createParams([
'optionalRules' => true,
]),
],
[
'allow' => true,
@ -92,7 +75,7 @@ class DefaultController extends Controller {
'disable-two-factor-auth',
],
'roles' => [P::MANAGE_TWO_FACTOR_AUTH],
'roleParams' => $paramsCallback,
'roleParams' => $this->createParams(),
],
[
'allow' => true,
@ -101,8 +84,33 @@ class DefaultController extends Controller {
'pardon',
],
'roles' => [P::BLOCK_ACCOUNT],
'roleParams' => $paramsCallback,
'roleParams' => $this->createParams(),
],
[
'allow' => true,
'actions' => ['delete'],
'roles' => [P::DELETE_ACCOUNT],
'roleParams' => $this->createParams([
'optionalRules' => true,
'allowDeleted' => true, // This case will be validated by route handler
]),
],
[
'allow' => true,
'actions' => ['restore'],
'roles' => [P::RESTORE_ACCOUNT],
'roleParams' => $this->createParams([
'optionalRules' => true,
'allowDeleted' => true,
]),
],
],
],
'verb' => [
'class' => VerbFilter::class,
'actions' => [
'delete' => ['DELETE'],
'restore' => ['POST'],
],
],
]);
@ -121,6 +129,8 @@ class DefaultController extends Controller {
'disable-two-factor-auth' => actions\DisableTwoFactorAuthAction::class,
'ban' => actions\BanAccountAction::class,
'pardon' => actions\PardonAccountAction::class,
'delete' => actions\DeleteAccountAction::class,
'restore' => actions\RestoreAccountAction::class,
];
}
@ -144,6 +154,25 @@ class DefaultController extends Controller {
return parent::bindActionParams($action, $params);
}
private function createParams(array $options = []): callable {
return function() use ($options): array {
$id = (int)Yii::$app->request->get('id');
if ($id === 0) {
$identity = Yii::$app->user->getIdentity();
if ($identity !== null) {
$account = $identity->getAccount();
if ($account !== null) {
$id = $account->id;
}
}
}
return array_merge([
'accountId' => $id,
], $options);
};
}
private function findAccount(int $id): Account {
if ($id === 0) {
/** @noinspection NullPointerExceptionInspection */

8
api/modules/accounts/models/AccountInfo.php
View File

@ -1,4 +1,6 @@
<?php
declare(strict_types=1);
namespace api\modules\accounts\models;
use api\models\base\BaseAccountForm;
@ -14,7 +16,7 @@ class AccountInfo extends BaseAccountForm {
*/
public $user = 'user';
public function init() {
public function init(): void {
parent::init();
$this->user = Instance::ensure($this->user, User::class);
}
@ -35,6 +37,7 @@ class AccountInfo extends BaseAccountForm {
$authManagerParams = [
'accountId' => $account->id,
'optionalRules' => true,
'allowDeleted' => true,
];
if ($this->user->can(P::OBTAIN_ACCOUNT_EMAIL, $authManagerParams)) {
@ -42,7 +45,8 @@ class AccountInfo extends BaseAccountForm {
}
if ($this->user->can(P::OBTAIN_EXTENDED_ACCOUNT_INFO, $authManagerParams)) {
$response['isActive'] = $account->status === Account::STATUS_ACTIVE;
$response['isActive'] = !in_array($account->status, [Account::STATUS_REGISTERED, Account::STATUS_BANNED]);
$response['isDeleted'] = $account->status === Account::STATUS_DELETED;
$response['passwordChangedAt'] = $account->password_changed_at;
$response['hasMojangUsernameCollision'] = $account->hasMojangUsernameCollision();
$response['shouldAcceptRules'] = !$account->isAgreedWithActualRules();

2
api/modules/accounts/models/BanAccountForm.php
View File

@ -52,7 +52,7 @@ class BanAccountForm extends AccountActionForm {
$account->status = Account::STATUS_BANNED;
Assert::true($account->save(), 'Cannot ban account');
Yii::$app->queue->push(ClearAccountSessions::createFromAccount($account));
Yii::$app->queue->push(new ClearAccountSessions($account->id));
$transaction->commit();

50
api/modules/accounts/models/DeleteAccountForm.php Normal file
View File

@ -0,0 +1,50 @@
<?php
declare(strict_types=1);
namespace api\modules\accounts\models;
use api\modules\internal\helpers\Error as E;
use api\validators\PasswordRequiredValidator;
use common\models\Account;
use common\tasks\DeleteAccount;
use Webmozart\Assert\Assert;
use Yii;
final class DeleteAccountForm extends AccountActionForm {
public $password;
public function rules(): array {
return [
[['password'], PasswordRequiredValidator::class, 'account' => $this->getAccount()],
[['account'], 'validateAccountActivity'],
];
}
public function validateAccountActivity(): void {
if ($this->getAccount()->status === Account::STATUS_DELETED) {
$this->addError('account', E::ACCOUNT_ALREADY_DELETED);
}
}
public function performAction(): bool {
if (!$this->validate()) {
return false;
}
$transaction = Yii::$app->db->beginTransaction();
$account = $this->getAccount();
$account->status = Account::STATUS_DELETED;
$account->deleted_at = time();
Assert::true($account->save(), 'Cannot delete account');
// Schedule complete account erasing
Yii::$app->queue->delay($account->getDeleteAt()->diffInRealSeconds())->push(new DeleteAccount($account->id));
$transaction->commit();
return true;
}
}

42
api/modules/accounts/models/RestoreAccountForm.php Normal file
View File

@ -0,0 +1,42 @@
<?php
declare(strict_types=1);
namespace api\modules\accounts\models;
use api\modules\internal\helpers\Error as E;
use common\models\Account;
use Webmozart\Assert\Assert;
use Yii;
final class RestoreAccountForm extends AccountActionForm {
public function rules(): array {
return [
[['account'], 'validateAccountActivity'],
];
}
public function validateAccountActivity(): void {
if ($this->getAccount()->status !== Account::STATUS_DELETED) {
$this->addError('account', E::ACCOUNT_NOT_DELETED);
}
}
public function performAction(): bool {
if (!$this->validate()) {
return false;
}
$transaction = Yii::$app->db->beginTransaction();
$account = $this->getAccount();
$account->status = Account::STATUS_ACTIVE;
$account->deleted_at = null;
Assert::true($account->save(), 'Cannot restore account');
$transaction->commit();
return true;
}
}

10
api/modules/authserver/models/AuthenticationForm.php
View File

@ -52,10 +52,14 @@ class AuthenticationForm extends ApiForm {
Authserver::info("Trying to authenticate user by login = '{$this->username}'.");
// The previous authorization server implementation used the nickname field instead of username,
// so we keep such behavior
$attribute = strpos($this->username, '@') === false ? 'nickname' : 'email';
$loginForm = new LoginForm();
$loginForm->login = $this->username;
$loginForm->password = $this->password;
if (!$loginForm->validate()) {
if (!$loginForm->validate() || $loginForm->getAccount()->status === Account::STATUS_DELETED) {
$errors = $loginForm->getFirstErrors();
if (isset($errors['totp'])) {
Authserver::error("User with login = '{$this->username}' protected by two factor auth.");
@ -73,10 +77,6 @@ class AuthenticationForm extends ApiForm {
Authserver::error("User with login = '{$this->username}' passed wrong password.");
}
// The previous authorization server implementation used the nickname field instead of username,
// so we keep such behavior
$attribute = strpos($this->username, '@') === false ? 'nickname' : 'email';
// TODO: эта логика дублируется с логикой в SignoutForm
throw new ForbiddenOperationException("Invalid credentials. Invalid {$attribute} or password.");

2
api/modules/authserver/models/RefreshTokenForm.php
View File

@ -62,7 +62,7 @@ class RefreshTokenForm extends ApiForm {
$account = Account::findOne(['id' => $tokenReader->getAccountId()]);
}
if ($account === null) {
if ($account === null || $account->status === Account::STATUS_DELETED) {
throw new ForbiddenOperationException('Invalid token.');
}

5
api/modules/authserver/validators/AccessTokenValidator.php
View File

@ -13,10 +13,7 @@ use yii\validators\Validator;
class AccessTokenValidator extends Validator {
/**
* @var bool
*/
public $verifyExpiration = true;
public bool $verifyExpiration = true;
/**
* @param string $value

3
api/modules/internal/helpers/Error.php
View File

@ -6,4 +6,7 @@ final class Error {
public const ACCOUNT_ALREADY_BANNED = 'error.account_already_banned';
public const ACCOUNT_NOT_BANNED = 'error.account_not_banned';
public const ACCOUNT_ALREADY_DELETED = 'error.account_already_deleted';
public const ACCOUNT_NOT_DELETED = 'error.account_not_deleted';
}

7
api/modules/mojang/controllers/ApiController.php
View File

@ -32,7 +32,7 @@ class ApiController extends Controller {
// who used the nickname has not changed it to something else
$account = null;
if ($record !== null) {
if ($record->account->username === $record->username || $record->findNext($at) !== null) {
if ($record->account->username === $record->username || $record->findNextOwnerUsername($at) !== null) {
$account = $record->account;
}
}
@ -41,7 +41,7 @@ class ApiController extends Controller {
$account = Account::findOne(['username' => $username]);
}
if ($account === null) {
if ($account === null || $account->status === Account::STATUS_DELETED) {
return $this->noContentResponse();
}
@ -58,7 +58,7 @@ class ApiController extends Controller {
return $this->illegalArgumentResponse('Invalid uuid format.');
}
$account = Account::findOne(['uuid' => $uuid]);
$account = Account::find()->excludeDeleted()->andWhere(['uuid' => $uuid])->one();
if ($account === null) {
return $this->noContentResponse();
}
@ -103,6 +103,7 @@ class ApiController extends Controller {
/** @var Account[] $accounts */
$accounts = Account::find()
->andWhere(['username' => $usernames])
->excludeDeleted()
->orderBy(['username' => $usernames])
->limit(count($usernames))
->all();

3
api/modules/session/controllers/SessionController.php
View File

@ -121,7 +121,8 @@ class SessionController extends Controller {
throw new IllegalArgumentException('Invalid uuid format.');
}
$account = Account::findOne(['uuid' => $uuid]);
/** @var Account|null $account */
$account = Account::find()->excludeDeleted()->andWhere(['uuid' => $uuid])->one();
if ($account === null) {
throw new ForbiddenOperationException('Invalid uuid.');
}

4
api/modules/session/models/JoinForm.php
View File

@ -165,6 +165,10 @@ class JoinForm extends Model {
throw new ForbiddenOperationException('Invalid credentials');
}
if ($account->status === Account::STATUS_DELETED) {
throw new ForbiddenOperationException('Invalid credentials');
}
$this->account = $account;
}