From 6c1d73a509a1ac2216a704f3dc5534d573e5d7ae Mon Sep 17 00:00:00 2001
From: Andy Allan <git@gravitystorm.co.uk>
Date: Thu, 9 Dec 2021 16:12:42 +0000
Subject: [PATCH 1/1] Allow users to delete their own accounts

This PR allows users to delete their own accounts. The logic implemented matches
that currently used by the admins when they manually close accounts, although
there is room to be more complex in future e.g. completely removing accounts
with no content.

The error handling has been slightly adapted for namespaced controllers, by
anchoring the controller name with a leading forward slash.
---
 app/abilities/ability.rb                      |  3 +-
 .../account/deletions_controller.rb           | 12 +++++
 app/controllers/accounts_controller.rb        | 10 +++++
 app/controllers/application_controller.rb     |  2 +-
 app/views/account/deletions/show.html.erb     | 38 ++++++++++++++++
 app/views/accounts/edit.html.erb              |  9 +++-
 app/views/application/_settings_menu.html.erb |  2 +-
 config/locales/en.yml                         | 21 +++++++++
 config/routes.rb                              |  6 ++-
 test/system/account_deletion_test.rb          | 44 +++++++++++++++++++
 10 files changed, 142 insertions(+), 5 deletions(-)
 create mode 100644 app/controllers/account/deletions_controller.rb
 create mode 100644 app/views/account/deletions/show.html.erb
 create mode 100644 test/system/account_deletion_test.rb

diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb
index b8e21b486..e9fd6f7bb 100644
--- a/app/abilities/ability.rb
+++ b/app/abilities/ability.rb
@@ -36,13 +36,14 @@ class Ability
     if user
       can :welcome, :site
       can [:revoke, :authorize], :oauth
+      can [:show], :deletion
 
       if Settings.status != "database_offline"
         can [:index, :new, :create, :show, :edit, :update, :destroy], ClientApplication
         can [:index, :new, :create, :show, :edit, :update, :destroy], :oauth2_application
         can [:index, :destroy], :oauth2_authorized_application
         can [:new, :show, :create, :destroy], :oauth2_authorization
-        can [:edit, :update], :account
+        can [:edit, :update, :destroy], :account
         can [:show], :dashboard
         can [:new, :create, :edit, :update, :comment, :subscribe, :unsubscribe], DiaryEntry
         can [:make_friend, :remove_friend], Friendship
diff --git a/app/controllers/account/deletions_controller.rb b/app/controllers/account/deletions_controller.rb
new file mode 100644
index 000000000..2e3c777fa
--- /dev/null
+++ b/app/controllers/account/deletions_controller.rb
@@ -0,0 +1,12 @@
+module Account
+  class DeletionsController < ApplicationController
+    layout "site"
+
+    before_action :authorize_web
+    before_action :set_locale
+
+    authorize_resource :class => false
+
+    def show; end
+  end
+end
diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb
index 06eb031c4..63da1293f 100644
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@@ -51,4 +51,14 @@ class AccountsController < ApplicationController
       redirect_to auth_url(params[:user][:auth_provider], params[:user][:auth_uid]), :status => :temporary_redirect
     end
   end
+
+  def destroy
+    current_user.soft_destroy!
+
+    session.delete(:user)
+    session_expires_automatically
+
+    flash[:notice] = t ".success"
+    redirect_to root_path
+  end
 end
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 07b23ce21..bb32e7e6e 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -349,7 +349,7 @@ class ApplicationController < ActionController::Base
     elsif current_user
       set_locale
       respond_to do |format|
-        format.html { redirect_to :controller => "errors", :action => "forbidden" }
+        format.html { redirect_to :controller => "/errors", :action => "forbidden" }
         format.any { report_error t("application.permission_denied"), :forbidden }
       end
     elsif request.get?
diff --git a/app/views/account/deletions/show.html.erb b/app/views/account/deletions/show.html.erb
new file mode 100644
index 000000000..99c1686d8
--- /dev/null
+++ b/app/views/account/deletions/show.html.erb
@@ -0,0 +1,38 @@
+<% content_for :heading do %>
+  <h1><%= t ".title" %></h1>
+<% end %>
+
+<%= render :partial => "settings_menu" %>
+
+<div class="alert alert-danger row mx-0 p-3 align-items-center">
+  <div class="col-auto">
+    <picture>
+      <source srcset="<%= image_path "notice.svg" %>" type="image/svg+xml"></source>
+      <%= image_tag("notice.png", :srcset => image_path("notice.svg")) %>
+    </picture>
+  </div>
+  <div class="col">
+    <p class="mb-0"><%= t ".warning" %></p>
+  </div>
+</div>
+
+<p><%= t ".delete_introduction" %></p>
+
+<ul>
+  <li><%= t ".delete_profile" %></li>
+  <li><%= t ".delete_display_name" %></li>
+</ul>
+
+<p><%= t ".retain_caveats" %></p>
+
+<ul>
+  <li><%= t ".retain_edits" %></li>
+  <li><%= t ".retain_traces" %></li>
+  <li><%= t ".retain_diary_entries" %></li>
+  <li><%= t ".retain_notes" %></li>
+  <li><%= t ".retain_changeset_discussions" %></li>
+  <li><%= t ".retain_email" %></li>
+</ul>
+
+<%= link_to t(".delete_account"), account_path, { :method => :delete, :class => "btn btn-danger", :data => { :confirm => t(".confirm_delete") } } %>
+<%= link_to t(".cancel"), edit_account_path, :class => "btn btn-link" %>
diff --git a/app/views/accounts/edit.html.erb b/app/views/accounts/edit.html.erb
index 0dcab17b0..eb977d094 100644
--- a/app/views/accounts/edit.html.erb
+++ b/app/views/accounts/edit.html.erb
@@ -54,7 +54,14 @@
     </span>
   </div>
 
-  <%= f.primary t(".save changes button") %>
+  <div class="row justify-content-between">
+    <div class="col-auto btn-wrapper">
+      <%= f.primary t(".save changes button") %>
+    </div>
+    <div class="col-auto btn-wrapper">
+      <%= link_to t(".delete_account"), account_deletion_path, :class => "btn btn-outline-danger" %>
+    </div>
+  </div>
 <% end %>
 
 <% unless current_user.data_public? %>
diff --git a/app/views/application/_settings_menu.html.erb b/app/views/application/_settings_menu.html.erb
index 05cee9185..9ce9755a2 100644
--- a/app/views/application/_settings_menu.html.erb
+++ b/app/views/application/_settings_menu.html.erb
@@ -3,7 +3,7 @@
 <% content_for :heading do %>
   <ul class="nav nav-tabs flex-column flex-sm-row">
     <li class="nav-item">
-      <%= link_to t(".account_settings"), edit_account_path, :class => "nav-link #{'active' if controller_name == 'accounts'}" %>
+      <%= link_to t(".account_settings"), edit_account_path, :class => "nav-link #{'active' if %w[accounts deletions].include?(controller_name)}" %>
     </li>
     <li class="nav-item">
       <%= link_to t(".oauth1_settings"), oauth_clients_path(current_user), :class => "nav-link #{'active' if controller_name == 'oauth_clients'}" %>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 2cbc80918..f04c3dd42 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -239,6 +239,24 @@ en:
       entry:
         comment: Comment
         full: Full note
+  account:
+    deletions:
+      show:
+        title: Delete My Account
+        warning: Warning! The account deletion process is final, and cannot be reversed.
+        delete_account: Delete Account
+        delete_introduction: "You can delete your OpenStreetMap account using the button below. Please note the following details:"
+        delete_profile: Your profile information, including your avatar, description and home location will be removed.
+        delete_display_name: Your display name will be removed, and can be reused by other accounts.
+        retain_caveats: "However, some information about you will be retained on OpenStreetMap, even after your account is deleted:"
+        retain_edits: Your edits to the map database, if any, will be retained.
+        retain_traces: Your uploaded traces, if any, will be retained.
+        retain_diary_entries: Your diary entries and diary comments, if any, will be retained but hidden from view.
+        retain_notes: Your map notes and note comments, if any, will be retained but hidden from view.
+        retain_changeset_discussions: Your changeset discussions, if any, will be retained.
+        retain_email: Your email address will be retained.
+        confirm_delete: Are you sure?
+        cancel: Cancel
   accounts:
     edit:
       title: "Edit account"
@@ -268,9 +286,12 @@ en:
         link text: "what is this?"
       save changes button: Save Changes
       make edits public button: Make all my edits public
+      delete_account: Delete Account...
     update:
       success_confirm_needed: "User information updated successfully. Check your email for a note to confirm your new email address."
       success: "User information updated successfully."
+    destroy:
+      success: "Account Deleted."
   browse:
     created: "Created"
     closed: "Closed"
diff --git a/config/routes.rb b/config/routes.rb
index ade101821..e45d56701 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -240,7 +240,11 @@ OpenStreetMap::Application.routes.draw do
   get "/user/:display_name/account", :to => redirect(:path => "/account/edit")
   post "/user/:display_name/set_status" => "users#set_status", :as => :set_status_user
 
-  resource :account, :only => [:edit, :update]
+  resource :account, :only => [:edit, :update, :destroy]
+
+  namespace :account do
+    resource :deletion, :only => [:show]
+  end
   resource :dashboard, :only => [:show]
   resource :preferences, :only => [:show, :edit, :update]
   resource :profile, :only => [:edit, :update]
diff --git a/test/system/account_deletion_test.rb b/test/system/account_deletion_test.rb
new file mode 100644
index 000000000..5a55c5838
--- /dev/null
+++ b/test/system/account_deletion_test.rb
@@ -0,0 +1,44 @@
+require "application_system_test_case"
+
+class AccountDeletionTest < ApplicationSystemTestCase
+  def setup
+    @user = create(:user, :display_name => "test user")
+    sign_in_as(@user)
+  end
+
+  test "the status is deleted and the personal data removed" do
+    visit edit_account_path
+
+    click_on "Delete Account..."
+    accept_confirm do
+      click_on "Delete Account"
+    end
+
+    assert_current_path root_path
+    @user.reload
+    assert_equal "deleted", @user.status
+    assert_equal "user_#{@user.id}", @user.display_name
+  end
+
+  test "the user is signed out after deletion" do
+    visit edit_account_path
+
+    click_on "Delete Account..."
+    accept_confirm do
+      click_on "Delete Account"
+    end
+
+    assert_content "Log In"
+  end
+
+  test "the user is shown a confirmation flash message" do
+    visit edit_account_path
+
+    click_on "Delete Account..."
+    accept_confirm do
+      click_on "Delete Account"
+    end
+
+    assert_content "Account Deleted"
+  end
+end
-- 
2.39.5