feat: implement user deletion
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
surtur 2023-08-07 21:29:30 +02:00
parent 52dfe44080
commit 1c67191c09
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
6 changed files with 291 additions and 1 deletions

@ -62,7 +62,9 @@ func (a *App) SetupRoutes() error {
e.POST("/manage/users/create", handlers.CreateUser(), handlers.MiddlewareSession) e.POST("/manage/users/create", handlers.CreateUser(), handlers.MiddlewareSession)
e.GET("/manage/users/:id", handlers.ViewUser(), handlers.MiddlewareSession) e.GET("/manage/users/:id", handlers.ViewUser(), handlers.MiddlewareSession)
e.GET("/manage/users/:id/edit", handlers.EditUser(), handlers.MiddlewareSession, handlers.MiddlewareCache, compress) e.GET("/manage/users/:id/edit", handlers.EditUser(), handlers.MiddlewareSession, handlers.MiddlewareCache, compress)
e.GET("/manage/users/:id/delete", handlers.DeleteUserConfirmation(), handlers.MiddlewareSession)
e.POST("/manage/users/:id/update", handlers.UpdateUser(), handlers.MiddlewareSession) e.POST("/manage/users/:id/update", handlers.UpdateUser(), handlers.MiddlewareSession)
e.POST("/manage/users/:id/delete", handlers.DeleteUser(), handlers.MiddlewareSession)
e.GET("/logout", handlers.Logout(), compress) e.GET("/logout", handlers.Logout(), compress)
e.POST("/logout", handlers.Logout(), handlers.MiddlewareSession) e.POST("/logout", handlers.Logout(), handlers.MiddlewareSession)

@ -663,3 +663,198 @@ func UpdateUser() echo.HandlerFunc { //nolint:gocognit
return c.Redirect(http.StatusSeeOther, fmt.Sprintf("/manage/users/%s/edit", usr.ID)) return c.Redirect(http.StatusSeeOther, fmt.Sprintf("/manage/users/%s/edit", usr.ID))
} }
} }
// DeleteUserConfirmation displays user deletion confirmation confirmation page.
func DeleteUserConfirmation() echo.HandlerFunc {
return func(c echo.Context) error {
addHeaders(c)
u, ok := c.Get("sessUsr").(moduser.User)
if !ok {
return renderErrorPage(
c,
http.StatusUnauthorized,
http.StatusText(http.StatusUnauthorized),
"username was nil",
)
} else if !u.IsAdmin {
status := http.StatusUnauthorized
msg := http.StatusText(status)
return renderErrorPage(
c, status, msg+": You should not be here", "Restricted endpoint",
)
}
ctx, ok := c.Get("sloggerCtx").(context.Context)
if !ok {
ctx = context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
}
csrf := c.Get("csrf").(string)
p := page{
AppName: setting.AppName(),
AppVer: appver,
Title: "Manage Users - Delete User",
CSRF: csrf,
DevelMode: setting.IsDevel(),
Current: "manage-users-delete-user",
User: u,
}
tmpl := "manage/user-delete.tmpl"
data := make(map[string]any)
id := strings.TrimPrefix(strings.TrimSuffix(c.Request().URL.Path, "/delete"), "/manage/users/")
usr, err := getUserByID(ctx, dbclient, id)
if err != nil { // nolint:dupl
switch {
case errors.Is(err, moduser.ErrUserNotFound):
c.Logger().Errorf("user not found by ID: '%s'", id)
data["flash"] = fmt.Sprintf("No user found with the UUID: %q", id)
p.Data = data
return c.Render(
http.StatusNotFound,
tmpl,
p,
)
case errors.Is(err, moduser.ErrFailedToQueryUser):
c.Logger().Errorf("failed to query user by ID: '%s'", id)
data["flash"] = fmt.Sprintf("failed to query user by UUID %q", id)
p.Data = data
return c.Render(
http.StatusInternalServerError,
tmpl,
p,
)
case errors.Is(err, moduser.ErrBadUUID):
c.Logger().Errorf("Invalid UUID '%s': %q", id, err)
data["flash"] = fmt.Sprintf("invalid UUID %q", id)
p.Data = data
return c.Render(
http.StatusBadRequest,
"manage/user-details.tmpl",
p,
)
}
c.Logger().Errorf("UUID-related issue for UUID '%s': %q", id, err)
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError),
err.Error(),
)
}
data["user"] = usr
p.Data = data
return c.Render(
http.StatusOK,
tmpl,
p,
)
}
}
// DeleteUser handles user deletion POST requests.
func DeleteUser() echo.HandlerFunc {
return func(c echo.Context) error {
addHeaders(c)
u, ok := c.Get("sessUsr").(moduser.User)
if !ok {
return renderErrorPage(
c,
http.StatusUnauthorized,
http.StatusText(http.StatusUnauthorized),
"username was nil",
)
} else if !u.IsAdmin {
status := http.StatusUnauthorized
msg := http.StatusText(status)
return renderErrorPage(
c, status, msg+": You should not be here", "Restricted endpoint",
)
}
ctx, ok := c.Get("sloggerCtx").(context.Context)
if !ok {
ctx = context.WithValue(context.Background(), moduser.CtxKey{}, slogger)
}
id := strings.TrimPrefix(strings.TrimSuffix(c.Request().URL.Path, "/delete"), "/manage/users/")
usr, err := getUserByID(ctx, dbclient, id)
if err != nil {
switch {
case errors.Is(err, moduser.ErrUserNotFound):
c.Logger().Errorf("user not found by ID: '%s'", id)
if sess, ok := c.Get("sess").(*sessions.Session); ok {
sess.Values["flash"] = fmt.Sprintf("Error: Could not delete user - no user found with UUID %q", id)
_ = sess.Save(c.Request(), c.Response())
}
return c.Redirect(http.StatusSeeOther, "/manage/users")
case errors.Is(err, moduser.ErrFailedToQueryUser):
c.Logger().Errorf("failed to query user by ID: '%s'", id)
if sess, ok := c.Get("sess").(*sessions.Session); ok {
sess.Values["flash"] = fmt.Sprintf("failed to query user by UUID %q", id)
_ = sess.Save(c.Request(), c.Response())
}
return c.Redirect(http.StatusSeeOther, "/manage/users")
case errors.Is(err, moduser.ErrBadUUID):
c.Logger().Errorf("Invalid UUID '%s': %q", id, err)
if sess, ok := c.Get("sess").(*sessions.Session); ok {
sess.Values["flash"] = fmt.Sprintf("invalid UUID %q", id)
_ = sess.Save(c.Request(), c.Response())
}
return c.Redirect(http.StatusSeeOther, c.Request().URL.String())
}
c.Logger().Errorf("Encountered a UUID-related issue for UUID '%s': %q", id, err)
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError),
err.Error(),
)
}
if err = moduser.DeleteUserByID(ctx, dbclient, usr.ID.String()); err != nil {
c.Logger().Errorf("Could not delete user (id: %q), error: %q", id, err)
return renderErrorPage(
c,
http.StatusInternalServerError,
http.StatusText(http.StatusInternalServerError),
err.Error(),
)
}
if sess, ok := c.Get("sess").(*sessions.Session); ok {
sess.Values["flash"] = fmt.Sprintf("Successfully deleted user %q!", usr.Username)
_ = sess.Save(c.Request(), c.Response())
}
return c.Redirect(http.StatusSeeOther, "/manage/users")
}
}

@ -139,6 +139,36 @@ func QueryUserByID(ctx context.Context, client *ent.Client, strID string) (*ent.
return u, nil return u, nil
} }
// DeleteUserByID returns nil on successful deletion, err otherwise.
func DeleteUserByID(ctx context.Context, client *ent.Client, strID string) error {
slogger := ctx.Value(CtxKey{}).(*slogging.Slogger)
log := *slogger
log.Logger = log.Logger.With(
slog.Group("pcmt extra", slog.String("module", "modules/user")),
)
id, err := uuid.Parse(strID)
if err != nil {
return ErrBadUUID
}
err = client.User.
DeleteOneID(id).Exec(ctx)
switch {
case ent.IsNotFound(err):
log.Warnf("user not found by ID: %q", err)
return ErrUserNotFound
case err != nil:
log.Warn("failed to query user by ID", "error", err, "uuid requested", id)
return ErrFailedToQueryUser
}
return nil
}
// Exists determines whether the username OR email in question was previously // Exists determines whether the username OR email in question was previously
// used to register a user. // used to register a user.
func Exists(ctx context.Context, client *ent.Client, username, email string) (bool, error) { func Exists(ctx context.Context, client *ent.Client, username, email string) (bool, error) {

@ -0,0 +1,60 @@
{{ template "head.tmpl" . }}
<body class="min-h-screen flex flex-col justify-between bg-white dark:bg-gray-900">
{{ template "navbar.tmpl" . }}
<main class="grow mb-auto">
<div class="container mx-auto place-items-center px-8 md:px-12 lg:px-14">
{{if and .Data .Data.user -}}
<div class="flex justify-between place-items-center">
<h1 class="text-xl font-bold text-fuchsia-600 dark:text-fuchsia-400 py-2 ring-fuchsia-300">
Deleting user "{{ .Data.user.Username }}"
</h1>
<a href="/manage/users" class="w-auto py-1 mt-2 text-center text-blue-500 md:mt-0 md:mx-6 lg:mx-4 hover:underline dark:text-blue-400">
⏎ All users
</a>
</div>
<div class="flex justify-end gap-2 lg:gap-0 place-items-center">
<a href="/manage/users/{{- .Data.user.ID -}}" class="w-auto py-1 mt-0 text-center text-blue-500 dark:text-blue-400 md:mx-2 lg:mx-4 hover:underline hover:text-blue-600 dark:hover:text-blue-300">
Back to detail
</a>
</div>
<div class="flex justify-center place-items-center mt-8 lg:mx-auto">
<p class="text-xl text-pink-600 dark:text-pink-400 py-2 px-10">
<span class="italic">Are you sure</span> you want to <span class="underline non-italic">permanently</span> and irrevocably DELETE user <span class="font-mono font-bold">{{.Data.user.Username}}</span> along with all their data?
</p>
</div>
<div class="container flex justify-center place-items-center mt-4 px-11 mx-auto text-xl">
<a href="/manage/users/{{- .Data.user.ID -}}" class="w-auto mt-0 text-center text-blue-400 dark:text-blue-400 mx-2 lg:mx-4 hover:underline hover:text-blue-500 dark:hover:text-blue-300">
Cancel
</a>
<form method="post" action="/manage/users/{{- .Data.user.ID -}}/delete" class="w-auto">
<input type="hidden" name="_csrf" value="{{- .CSRF -}}">
<button class="w-auto py-1 px-2 text-center text-pink-600 dark:text-pink-600 md:ml-6 lg:ml-4 hover:underline hover:text-pink-700 dark:hover:text-pink-400 border-2 border-pink-300 rounded-md hover:shadow-lg">
Confirm permanent deletion
</button>
</form>
</div>
{{- else -}}
<div class="flex justify-between place-items-center">
<h1 class="text-xl font-bold text-fuchsia-600 dark:text-fuchsia-400 py-2">
Delete user
</h1>
<a href="/manage/users" class="w-auto py-1 mt-2 text-center text-blue-500 md:mt-0 md:mx-6 lg:mx-4 hover:underline dark:text-blue-400">
⏎ All users
</a>
</div>
<div class="items-center place-items-center">
<p class="text-pink-400 italic">
Encountered an issue loading the user for deletion.
</p>
</div>
{{- end -}}
{{- if and .Data .Data.flash -}}
<div class="place-items-center">
<h1 class="text-2xl text-pink-600 dark:text-pink-500 py-2">
{{ .Data.flash -}}
</h1>
</div>
{{- end}}
</div>
</main>
{{ template "footer.tmpl" . }}

@ -16,6 +16,9 @@
<a href="/manage/users/{{- .Data.user.ID -}}/edit" class="w-auto py-1 mt-0 text-center text-blue-500 dark:text-blue-400 md:mx-2 lg:mx-4 hover:underline hover:text-blue-600 dark:hover:text-blue-300"> <a href="/manage/users/{{- .Data.user.ID -}}/edit" class="w-auto py-1 mt-0 text-center text-blue-500 dark:text-blue-400 md:mx-2 lg:mx-4 hover:underline hover:text-blue-600 dark:hover:text-blue-300">
Edit Edit
</a> </a>
<a href="/manage/users/{{- .Data.user.ID -}}/delete" class="w-auto py-1 mt-0 text-center text-pink-600 dark:text-pink-600 md:mr-6 lg:mr-4 hover:underline hover:text-pink-700 dark:hover:text-pink-400">
Delete
</a>
</div> </div>
<div class="p-2 mt-3 lg:mx-auto border-2 dark:border-slate-500 rounded-sm space-y-0"> <div class="p-2 mt-3 lg:mx-auto border-2 dark:border-slate-500 rounded-sm space-y-0">
<div class="flex max-h-14 place-items-baseline justify-left lg:justify-between overflow-x-auto text-ellipsis hover:bg-gray-100 dark:hover:bg-gray-700"> <div class="flex max-h-14 place-items-baseline justify-left lg:justify-between overflow-x-auto text-ellipsis hover:bg-gray-100 dark:hover:bg-gray-700">

@ -25,7 +25,7 @@
</li> </li>
{{ if and .User .User.IsLoggedIn }} {{ if and .User .User.IsLoggedIn }}
<li> <li>
{{- if or (pageIs .Current "manage-users") (pageIs .Current "manage-users-new") (pageIs .Current "manage-users-user-details") (pageIs .Current "manage-users-edit-user") -}} {{- if or (pageIs .Current "manage-users") (pageIs .Current "manage-users-new") (pageIs .Current "manage-users-user-details") (pageIs .Current "manage-users-edit-user") (pageIs .Current "manage-users-delete-user") -}}
<a href="/manage/users" class="block py-2 pl-3 pr-4 text-white bg-blue-500 rounded md:bg-transparent md:text-blue-700 md:p-0 md:dark:text-blue-500 dark:bg-blue-500 md:dark:bg-transparent" aria-current="page"> <a href="/manage/users" class="block py-2 pl-3 pr-4 text-white bg-blue-500 rounded md:bg-transparent md:text-blue-700 md:p-0 md:dark:text-blue-500 dark:bg-blue-500 md:dark:bg-transparent" aria-current="page">
{{else}} {{else}}
<a href="/manage/users" class="block py-2 pl-3 pr-4 text-gray-900 rounded hover:bg-gray-300 md:hover:bg-transparent md:border-0 md:hover:text-blue-500 md:p-0 dark:text-white md:dark:hover:text-blue-500 dark:hover:bg-gray-700 dark:hover:text-white md:dark:hover:bg-transparent"> <a href="/manage/users" class="block py-2 pl-3 pr-4 text-gray-900 rounded hover:bg-gray-300 md:hover:bg-transparent md:border-0 md:hover:text-blue-500 md:p-0 dark:text-white md:dark:hover:text-blue-500 dark:hover:bg-gray-700 dark:hover:text-white md:dark:hover:bg-transparent">