3 # deluser.cgi -- support for user deletion via web
4 # Copyright (c) 2013 Kyle J. McKay. All rights reserved.
5 # Portions (c) Petr Baudis <pasky@suse.cz> and (c) Jan Krueger <jk@jk.gs>
6 # License GPLv2+: GNU GPL version 2 or later.
7 # www.gnu.org/licenses/gpl-2.0.html
8 # This is free software: you are free to change and redistribute it.
9 # There is NO WARRANTY, to the extent permitted by law.
19 binmode STDOUT
, ':utf8';
21 my $gcgi = Girocco
::CGI
->new('User Removal');
24 unless ($Girocco::Config
::manage_users
) {
25 print "<p>I don't manage users.</p>";
29 if ($cgi->param('mail')) {
30 print "<p>Go away, bot.</p>";
35 my ($name, $submit) = @_;
37 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/deluser.cgi">
38 <input type="hidden" name="name" value="$name" />
39 <p>Authorization code: <input name="auth" size="50" /></p>
40 <p><input type="submit" name="y0" value="$submit" /></p>
45 my $y0 = $cgi->param('y0') || '';
46 if ($cgi->param('name') && $y0 && $cgi->request_method eq 'POST') {
47 # submitted, let's see
48 # FIXME: racy, do a lock
49 my $name = $gcgi->wparam('name');
50 (Girocco
::User
::valid_name
($name)
51 and Girocco
::User
::does_exist
($name))
52 or $gcgi->err("Username is not registered.");
54 $gcgi->err_check and exit;
57 ($user = Girocco
::User
->load($name)) && valid_email
($user->{email
})
58 or $gcgi->err("Username may not be removed.");
60 $gcgi->err_check and exit;
62 if (!$cgi->param('auth')) {
63 if ($y0 ne 'Send authorization code') {
64 print "<p>Invalid data. Go away, sorcerer.</p>\n";
68 valid_email
($user->{email
}) or die "Sorry, this user cannot be removed.";
70 my $auth = $user->gen_auth('DEL');
73 defined(my $MAIL = mailer_pipe
'-s', "[$Girocco::Config::name] Account removal authorization", $user->{email
}) or
74 die "Sorry, could not send authorization code: $!";
78 You have requested an authorization code be sent to you for removing
79 your account. If you don't want to actually remove your account, just
80 ignore this e-mail. Otherwise, use this code within 24 hours:
84 Should you run into any problems, please let us know.
90 print "<p>You should shortly receive an e-mail containing an authorization code.
91 Please enter this code below to remove your account.
92 The code will expire in 24 hours or after you have used it.</p>";
93 _auth_form
($name, "'Login'");
96 if ($y0 ne "'Login'" && $y0 ne "Remove user account") {
97 print "<p>Invalid data. Go away, sorcerer.</p>\n";
101 $user->{auth
} && $user->{authtype
} eq 'DEL' or do {
102 print "<p>There currently isn't any authorization code filed under your account. ".
103 "Please <a href=\"@{[url_path($Girocco::Config::webadmurl)]}/deluser.cgi\">generate one</a>.</p>";
107 my $auth = $gcgi->wparam('auth');
108 if ($auth ne $user->{auth
}) {
109 print "<p>Invalid authorization code, please re-enter or ".
110 "<a href=\"@{[url_path($Girocco::Config::webadmurl)]}/deluser.cgi\">generate a new one</a>.</p>";
111 _auth_form
($name, "'Login'");
115 my $conf = $gcgi->wparam('confirm') || '';
116 if ($y0 ne 'Remove user account' || $conf ne $user->{name
}) {
118 my $projectsinfo = '';
119 my @projects = $user->get_projects;
121 $projectsinfo = projects_html_list
({target
=>"_blank", typecol
=>1, changed
=>1}, @projects);
122 $blurb1 = ' and from the following projects:' if $projectsinfo;
125 my @ownedprojects = filedb_grep
(jailed_file
('/etc/gitweb.list'),
128 my ($proj, $owner) = split / /;
129 $owner = CGI
::Util
::unescape
($owner);
130 if ($owner eq $user->{email
}) {
131 $proj = CGI
::Util
::unescape
($proj);
132 $proj =~ s/[.]git$//;
137 if (@ownedprojects) {
139 <p>The following project(s) are owned by the same email address as user account '$user->{name}'
140 and <b>will NOT be removed</b>. If desired, they can be removed from their project admin
141 page(s) (the "edit" link on the project page).</p>
143 $ownedinfo .= projects_html_list
(
144 {target
=>"_blank", typecol
=>1, changed
=>1}, @ownedprojects);
147 <p>Please confirm that you are going to remove user account '$user->{name}'
148 from the site$blurb1</p>$projectsinfo$ownedinfo
149 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/deluser.cgi">
150 <input type="hidden" name="name" value="$name" />
151 <input type="hidden" name="auth" value="$auth" />
152 <input type="hidden" name="confirm" value="$name" />
153 <p><input type="submit" name="y0" value="Remove user account" /></p>
160 print "<p>User account successfully removed. Have a nice day.</p>\n";
166 <p>Here you can request an authorization code to remove your user account.</p>
168 <p>Please enter your username below;
169 we will send you an email with an authorization code
170 and further instructions.</p>
172 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/deluser.cgi">
174 <tr><td class="formlabel">Login:</td><td><input type="text" name="name" /></td></tr>
175 <tr style="display:none"><td class="formlabel">Anti-captcha (leave empty!):</td><td><input type="text" name="mail" /></td></tr>
176 <tr><td class="formlabel"></td><td><input type="submit" name="y0" value="Send authorization code" /></td></tr>