mirror of
https://mau.dev/maunium/synapse.git
synced 2024-11-17 23:42:33 +01:00
Merge pull request #3448 from matrix-org/matthew/gdpr-deactivate-admin-api
add GDPR erase param to deactivate API
This commit is contained in:
commit
c7f6b420ae
3 changed files with 28 additions and 3 deletions
|
@ -44,13 +44,26 @@ Deactivate Account
|
||||||
|
|
||||||
This API deactivates an account. It removes active access tokens, resets the
|
This API deactivates an account. It removes active access tokens, resets the
|
||||||
password, and deletes third-party IDs (to prevent the user requesting a
|
password, and deletes third-party IDs (to prevent the user requesting a
|
||||||
password reset).
|
password reset). It can also mark the user as GDPR-erased (stopping their data
|
||||||
|
from distributed further, and deleting it entirely if there are no other
|
||||||
|
references to it).
|
||||||
|
|
||||||
The api is::
|
The api is::
|
||||||
|
|
||||||
POST /_matrix/client/r0/admin/deactivate/<user_id>
|
POST /_matrix/client/r0/admin/deactivate/<user_id>
|
||||||
|
|
||||||
including an ``access_token`` of a server admin, and an empty request body.
|
with a body of:
|
||||||
|
|
||||||
|
.. code:: json
|
||||||
|
|
||||||
|
{
|
||||||
|
"erase": true
|
||||||
|
}
|
||||||
|
|
||||||
|
including an ``access_token`` of a server admin.
|
||||||
|
|
||||||
|
The erase parameter is optional and defaults to 'false'.
|
||||||
|
An empty body may be passed for backwards compatibility.
|
||||||
|
|
||||||
|
|
||||||
Reset password
|
Reset password
|
||||||
|
|
|
@ -47,6 +47,7 @@ class DeactivateAccountHandler(BaseHandler):
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
user_id (str): ID of user to be deactivated
|
user_id (str): ID of user to be deactivated
|
||||||
|
erase_data (bool): whether to GDPR-erase the user's data
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
Deferred
|
Deferred
|
||||||
|
|
|
@ -16,6 +16,8 @@
|
||||||
|
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
|
from six.moves import http_client
|
||||||
|
|
||||||
from synapse.api.constants import Membership
|
from synapse.api.constants import Membership
|
||||||
from synapse.api.errors import AuthError, SynapseError, Codes, NotFoundError
|
from synapse.api.errors import AuthError, SynapseError, Codes, NotFoundError
|
||||||
from synapse.types import UserID, create_requester
|
from synapse.types import UserID, create_requester
|
||||||
|
@ -247,6 +249,15 @@ class DeactivateAccountRestServlet(ClientV1RestServlet):
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def on_POST(self, request, target_user_id):
|
def on_POST(self, request, target_user_id):
|
||||||
|
body = parse_json_object_from_request(request, allow_empty_body=True)
|
||||||
|
erase = body.get("erase", False)
|
||||||
|
if not isinstance(erase, bool):
|
||||||
|
raise SynapseError(
|
||||||
|
http_client.BAD_REQUEST,
|
||||||
|
"Param 'erase' must be a boolean, if given",
|
||||||
|
Codes.BAD_JSON,
|
||||||
|
)
|
||||||
|
|
||||||
UserID.from_string(target_user_id)
|
UserID.from_string(target_user_id)
|
||||||
requester = yield self.auth.get_user_by_req(request)
|
requester = yield self.auth.get_user_by_req(request)
|
||||||
is_admin = yield self.auth.is_server_admin(requester.user)
|
is_admin = yield self.auth.is_server_admin(requester.user)
|
||||||
|
@ -255,7 +266,7 @@ class DeactivateAccountRestServlet(ClientV1RestServlet):
|
||||||
raise AuthError(403, "You are not a server admin")
|
raise AuthError(403, "You are not a server admin")
|
||||||
|
|
||||||
yield self._deactivate_account_handler.deactivate_account(
|
yield self._deactivate_account_handler.deactivate_account(
|
||||||
target_user_id, False,
|
target_user_id, erase,
|
||||||
)
|
)
|
||||||
defer.returnValue((200, {}))
|
defer.returnValue((200, {}))
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue