dendrite/clientapi/routing/deactivate.go
kegsay a22ab3eee6
Read the right username field when performing account deactivation (#1954)
`Login` has 2 username fields, and we were always checking the
deprecated one. Instead, check both.
2021-08-02 13:11:23 +01:00

55 lines
1.5 KiB
Go

package routing
import (
"io/ioutil"
"net/http"
"github.com/matrix-org/dendrite/clientapi/auth"
"github.com/matrix-org/dendrite/clientapi/jsonerror"
"github.com/matrix-org/dendrite/userapi/api"
"github.com/matrix-org/gomatrixserverlib"
"github.com/matrix-org/util"
)
// Deactivate handles POST requests to /account/deactivate
func Deactivate(
req *http.Request,
userInteractiveAuth *auth.UserInteractive,
userAPI api.UserInternalAPI,
deviceAPI *api.Device,
) util.JSONResponse {
ctx := req.Context()
defer req.Body.Close() // nolint:errcheck
bodyBytes, err := ioutil.ReadAll(req.Body)
if err != nil {
return util.JSONResponse{
Code: http.StatusBadRequest,
JSON: jsonerror.BadJSON("The request body could not be read: " + err.Error()),
}
}
login, errRes := userInteractiveAuth.Verify(ctx, bodyBytes, deviceAPI)
if errRes != nil {
return *errRes
}
localpart, _, err := gomatrixserverlib.SplitID('@', login.Username())
if err != nil {
util.GetLogger(req.Context()).WithError(err).Error("gomatrixserverlib.SplitID failed")
return jsonerror.InternalServerError()
}
var res api.PerformAccountDeactivationResponse
err = userAPI.PerformAccountDeactivation(ctx, &api.PerformAccountDeactivationRequest{
Localpart: localpart,
}, &res)
if err != nil {
util.GetLogger(ctx).WithError(err).Error("userAPI.PerformAccountDeactivation failed")
return jsonerror.InternalServerError()
}
return util.JSONResponse{
Code: http.StatusOK,
JSON: struct{}{},
}
}