Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix user account deletion not working #26212

Closed
wants to merge 0 commits into from
Closed

Fix user account deletion not working #26212

wants to merge 0 commits into from

Conversation

puni9869
Copy link
Member

as title:
Fixes: #26210

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jul 28, 2023
@pull-request-size pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 28, 2023
@puni9869
Copy link
Member Author

@techknowlogick Need your feedback on this approach.

@puni9869 puni9869 added the lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged label Jul 28, 2023
@puni9869
Copy link
Member Author

I think we should limit the use of ctx.ServerError("<namespace>", err)

@lunny
Copy link
Member

lunny commented Jul 29, 2023

No, I don't think it's right. We need to enumerate all possible errors.

@GiteaBot GiteaBot removed the lgtm/blocked A maintainer has reservations with the PR and thus it cannot be merged label Jul 29, 2023
@puni9869
Copy link
Member Author

puni9869 commented Jul 29, 2023
edited
Loading

No, I don't think it's right. We need to enumerate all possible errors.

But it is limited to password check and do you want the whole user_model should be checked before proceeding to delete the account.

Could you suggest something in one or two liner the approach. It will be easy for me to understand.

@lunny
Copy link
Member

lunny commented Jul 29, 2023

No, I don't think it's right. We need to enumerate all possible errors.

But it is limited to password check and do you want the whole user_model should be checked before proceeding to delete the account.

Could you suggest something in one or two liner the approach. It will be easy for me to understand.

At least, to resolve #26210, you could catch paswrod is invalid error and display it in the UI and let other errors return 500.

Some errors are affected by wrong user's input, some are from system problems. We need to diff these two kinds of errors.

@puni9869
Copy link
Member Author

ed to diff these two kinds of errors.

Ohh, I got it now. Sending the fix in a few

@puni9869
Copy link
Member Author

puni9869 commented Jul 29, 2023
edited
Loading

image 
passwd := ctx.FormString("password")
if len(passwd) == 0 || !ctx.Doer.ValidatePassword(passwd) {
    ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsAccount, nil)
    return
}

@lunny
Copy link
Member

lunny commented Jul 30, 2023

see #26210 (comment)

@puni9869
Copy link
Member Author

puni9869 commented Jul 31, 2023
edited
Loading

see #26210 (comment)

I will share couple samples of implementation in the followups. Apologies for this,

_, _, err := auth.UserSignIn(ctx.Doer.Name, ctx.FormString("password"))
if err != nil {
    if user_model.IsErrUserNotExist(err) {
	    loadAccountData(ctx)
	    ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsAccount, nil)
    } else if errors.Is(err, err.(db.ErrUserPasswordNotSet)) {
	    ctx.RenderWithErr(ctx.Tr("form.password_not_set_on_user_account"), tplSettingsAccount, nil)
    } else if errors.Is(err, err.(db.ErrUserPasswordInvalid)) {
	    ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsAccount, nil)
    } else if user_model.IsErrUserProhibitLogin(err) {
	    ctx.RenderWithErr(ctx.Tr("auth.prohibit_login"), tplSettingsAccount, nil)
    } else {
	    ctx.ServerError("UserSignIn", err)
    }
    return
}

this is the approach I was thinging about

@puni9869 puni9869 added the pr/wip This PR is not ready for review label Aug 16, 2023
@yp05327
Copy link
Contributor

yp05327 commented Aug 17, 2023

Is it possible to reuse handleSignInError?
And this is strange:
image

@puni9869
Copy link
Member Author

Is it possible to reuse handleSignInError? And this is strange: image

Yes, I have used it. If you see the commits but the error scope is large. I am getting panic in below snipped.

_, _, err := auth.UserSignIn(ctx.Doer.Name, ctx.FormString("password"))
if err != nil {
    if user_model.IsErrUserNotExist(err) {
	    loadAccountData(ctx)
	    ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsAccount, nil)
    } else if errors.Is(err, err.(db.ErrUserPasswordNotSet)) {
	    ctx.RenderWithErr(ctx.Tr("form.password_not_set_on_user_account"), tplSettingsAccount, nil)
    } else if errors.Is(err, err.(db.ErrUserPasswordInvalid)) {
	    ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsAccount, nil)
    } else if user_model.IsErrUserProhibitLogin(err) {
	    ctx.RenderWithErr(ctx.Tr("auth.prohibit_login"), tplSettingsAccount, nil)
    } else {
	    ctx.ServerError("UserSignIn", err)
    }
    return
}

techknowlogick
techknowlogick reviewed Aug 17, 2023
View reviewed changes
routers/web/user/setting/account.go Outdated
@@ -234,7 +234,11 @@ func DeleteEmail(ctx *context.Context) {
func DeleteAccount(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("settings")
ctx.Data["PageIsSettingsAccount"] = true

passwd := ctx.FormString("password")
if len(passwd) == 0 || !ctx.Doer.ValidatePassword(passwd) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making this change. auth.UserSignIn below should return ErrUserPasswordInvalid if the password is invalid, so perhaps that could be checked in an if conditional instead (pseudocode err == ErrUserPasswordInvalid)?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will add this check too. But lil bit confused with the error stack that I have create in above comments are right way of doing it? Need a bit of help there.
The committed solution will just works as fine. But there are other errors thats may occurs that needs to be covered.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Aug 22, 2023
@delvh delvh added the type/bug label Aug 22, 2023
@delvh delvh changed the title Delete useraccount 500 error Fix user account deletion not working Aug 22, 2023
wxiaoguang
wxiaoguang reviewed Aug 23, 2023
View reviewed changes
routers/web/user/setting/account.go Outdated
Comment on lines 237 to 241
passwd := ctx.FormString("password")
if len(passwd) == 0 || !ctx.Doer.ValidatePassword(passwd) {
ctx.RenderWithErr(ctx.Tr("form.enterred_invalid_password"), tplSettingsAccount, nil)
return
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How does it work with external auth sources? eg: LDAP, the passwd field is empty.

(the first question is: should Gitea support deleting LDAP accounts?)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lunny Need your help on this.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we need to check whether password is set before check popup the password dialog.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You mean we need an api call from frontend that will check the password is set on the account?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking that, there are still some edge cases remaining before we implement the solution around this 500 error.
I'm keeping this PR open for the further discussion and will raise a complete new PR.

@puni9869 puni9869 mentioned this pull request Aug 26, 2023
Closed
@puni9869 puni9869 closed this Sep 16, 2023
@puni9869 puni9869 force-pushed the punit/fix-delete-useraccount-500-error branch from 6637886 to efecbba Compare September 16, 2023 09:25
@puni9869 puni9869 mentioned this pull request Sep 18, 2023
Closed
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Dec 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wxiaoguang wxiaoguang wxiaoguang left review comments

@techknowlogick techknowlogick techknowlogick left review comments

@lunny lunny lunny left review comments

@delvh delvh delvh approved these changes

Assignees
No one assigned
Labels
lgtm/need 1 This PR needs approval from one additional maintainer to be merged. pr/wip This PR is not ready for review size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. type/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Delete user account functionality broken.
7 participants
@puni9869 @lunny @yp05327 @techknowlogick @wxiaoguang @delvh @GiteaBot