Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(api): delete the authenticated user #20410

Closed
wants to merge 13 commits into from

Conversation

dhruvmanila
Copy link
Contributor

Delete the authenticated user.

Endpoint: DELETE /user

resolves: #19439

@dhruvmanila dhruvmanila marked this pull request as ready for review July 20, 2022 16:20
@dhruvmanila dhruvmanila changed the title [WIP] feat(api): delete the authenticated user feat(api): delete the authenticated user Jul 20, 2022
@dhruvmanila dhruvmanila force-pushed the feat/delete-user-api branch from 39dc73e to e86b42d Compare July 21, 2022 03:03
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jul 21, 2022
@6543 6543 added this to the 1.18.0 milestone Jul 21, 2022
@6543 6543 added type/feature Completely new functionality. Can only be merged if feature freeze is not active. modifies/api This PR adds API routes or modifies them labels Jul 21, 2022
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jul 21, 2022
@6543
Copy link
Member

6543 commented Jul 21, 2022

thanks

@dhruvmanila dhruvmanila force-pushed the feat/delete-user-api branch 2 times, most recently from 8295fbb to 86ea6a9 Compare July 22, 2022 04:11
@zeripath
Copy link
Contributor

ARGH!

I am completely unconvinced that this should be an API call. At the very least this needs to be wrapped in some kind of ARE YOU SURE?! check likely through email confirmation.

Can you imagine the griefing potentials for self user deletion through API let alone purging?!

This API could be a serious problem.

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Jul 22, 2022

I do not have a good feel about this API either. What's the real use case / real user story for such API?

@dhruvmanila
Copy link
Contributor Author

Hey @zeripath @wxiaoguang, I get where you're coming from and the problems this API might create. As per the discussions in the linked issue (#19439), it seemed clear that for this API there's no point in having the "confirmation" part. That part should be taken care by the frontend.

As per my limited knowledge of gitea (this is my first PR), I think before this only an admin can delete a user but given this API, a frontend component could be added to delete yourself and the frontend part will take care of the confirmation part.

@wxiaoguang

This comment was marked as outdated.

routers/api/v1/api.go Outdated Show resolved Hide resolved
@6543
Copy link
Member

6543 commented Sep 27, 2022

This API could be a serious problem.

agree but:

@wxiaoguang
Copy link
Contributor

I have strong objection about making it as a /api/ API before there is a clear design, quote comment #19439 (comment)

So, if a user can only delete themself from the web UI, then function can be written in the web backend code.

If a user can delete themself by API, then I think there need more details: why they need to do so, what's the real use case?

@6543
Copy link
Member

6543 commented Sep 29, 2022

@dhruvmanila would be nice if you merge main, like so ☝️

as each force push do mess up reviewing

@dhruvmanila
Copy link
Contributor Author

Oh sorry, will keep that in mind from next time 👍

@hello-smile6
Copy link

Oh sorry, will keep that in mind from next time 👍

Is this ready?

@6543
Copy link
Member

6543 commented Sep 29, 2022

did add an smal code-format to make it more redable

Copy link
Contributor

@wxiaoguang wxiaoguang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still have the question why it should be an API, what's the real use case, why a user would call an API to delete themself.

outdated

@wxiaoguang

This comment was marked as outdated.

@wxiaoguang
Copy link
Contributor

wxiaoguang commented Sep 29, 2022

Hmm, just saw the latest reqBasicOrRevProxyAuth change. It should be fine? I will dismiss my request change and hide out-dated comments.

Will the reqBasicOrRevProxyAuth enforce users to re-enter their password?

return
}

if err := user_service.DeleteUser(ctx, ctx.Doer, ctx.FormBool("purge")); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should ensure only site administrator could do it.

@lunny
Copy link
Member

lunny commented Oct 23, 2022

Please move the api under /api/v1/admin/users.

@wxiaoguang
Copy link
Contributor

When this PR mixes with

When the instance is running behind reverse-proxy auth, other users with access token (without password/otp auth) can delete the token's user.

@lunny lunny modified the milestones: 1.18.0, 1.19.0 Oct 26, 2022
@lunny lunny modified the milestones: 1.19.0, 1.20.0 Feb 3, 2023
@wxiaoguang wxiaoguang removed this from the 1.20.0 milestone May 27, 2023
@denyskon
Copy link
Member

What is the state of this PR? Are you still working on it?

@denyskon denyskon added the issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail label Sep 10, 2023
@wxiaoguang
Copy link
Contributor

What is the state of this PR? Are you still working on it?

My opinion is:

  1. I do not think Gitea has a good and safe auth system design. That's the root problem.
  2. The account deletion should have extra confirmation, but some features made the situation more complex (eg: the reverse-proxy header auth).
  3. The account deletion API doesn't seem bring enough benefit but it might cause security & design problem if some cases are missing.

I would suggest to clarify the details before continuing. eg: various edge cases, what's the correct approach for auth and account deletion.


That's just my opinion, if most maintainers think this is right, I won't block.

@denyskon
Copy link
Member

I think I'd agree with you on this. If it brings security risks, I don't think this feature is that much of a benefit that we could ignore this issue. Besides the fact that I don't even really see a reason for such an API endpoint 😆

@dhruvmanila
Copy link
Contributor Author

What is the state of this PR? Are you still working on it?

Hey, no I'm currently not working on this. But from all the discussion around this, I think it might be useful to take a step back and see if this is actually beneficial. It's been a while so I've lost context around this 😅

That said, I'm totally fine in closing the PR for the time being and someone can pick it up if we decide to go forward.

@denyskon
Copy link
Member

Okay, so let's close this and move the discussion back to the issue

@denyskon denyskon closed this Sep 10, 2023
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Dec 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail lgtm/need 1 This PR needs approval from one additional maintainer to be merged. modifies/api This PR adds API routes or modifies them type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[API] Delete Yourself
8 participants