diff --git a/keyserver/src/deleters/account-deleters.js b/keyserver/src/deleters/account-deleters.js --- a/keyserver/src/deleters/account-deleters.js +++ b/keyserver/src/deleters/account-deleters.js @@ -1,12 +1,8 @@ // @flow import { getRustAPI } from 'rust-node-addon'; -import bcrypt from 'twin-bcrypt'; -import type { - LogOutResponse, - DeleteAccountRequest, -} from 'lib/types/account-types.js'; +import type { LogOutResponse } from 'lib/types/account-types.js'; import type { ReservedUsernameMessage } from 'lib/types/crypto-types.js'; import { updateTypes } from 'lib/types/update-types-enum.js'; import type { UserInfo } from 'lib/types/user-types.js'; @@ -26,32 +22,11 @@ import type { Viewer } from '../session/viewer.js'; import { fetchOlmAccount } from '../updaters/olm-account-updater.js'; -async function deleteAccount( - viewer: Viewer, - request?: DeleteAccountRequest, -): Promise { - if (!viewer.loggedIn || (!request && !viewer.isScriptViewer)) { +async function deleteAccount(viewer: Viewer): Promise { + if (!viewer.loggedIn) { throw new ServerError('not_logged_in'); } - if (request) { - const hashQuery = SQL`SELECT hash FROM users WHERE id = ${viewer.userID}`; - const [result] = await dbQuery(hashQuery); - if (result.length === 0) { - throw new ServerError('internal_error'); - } - const row = result[0]; - const requestPasswordConsistentWithDB = !!row.hash === !!request.password; - const shouldValidatePassword = !!row.hash; - if ( - !requestPasswordConsistentWithDB || - (shouldValidatePassword && - !bcrypt.compareSync(request.password, row.hash)) - ) { - throw new ServerError('invalid_credentials'); - } - } - const deletedUserID = viewer.userID; await rescindPushNotifs(SQL`n.user = ${deletedUserID}`, SQL`NULL`); const knownUserInfos = await fetchKnownUserInfos(viewer); @@ -99,7 +74,7 @@ const promises = {}; promises.deletion = dbQuery(deletionQuery, { multipleStatements: true }); - if (request) { + if (!viewer.isScriptViewer) { promises.anonymousViewerData = createNewAnonymousCookie({ platformDetails: viewer.platformDetails, deviceToken: viewer.deviceToken, @@ -134,21 +109,21 @@ usersToUpdate, deletedUserID, ); - if (request) { - handleAsyncPromise(deletionUpdatesPromise); - } else { + if (viewer.isScriptViewer) { await deletionUpdatesPromise; + } else { + handleAsyncPromise(deletionUpdatesPromise); } - if (request) { - return { - currentUserInfo: { - id: viewer.id, - anonymous: true, - }, - }; + if (viewer.isScriptViewer) { + return null; } - return null; + return { + currentUserInfo: { + id: viewer.id, + anonymous: true, + }, + }; } async function createAccountDeletionUpdates( diff --git a/keyserver/src/endpoints.js b/keyserver/src/endpoints.js --- a/keyserver/src/endpoints.js +++ b/keyserver/src/endpoints.js @@ -170,7 +170,6 @@ updateUserAvatarResponder, registerRequestInputValidator, registerResponseValidator, - deleteAccountRequestInputValidator, logOutResponseValidator, logInRequestInputValidator, logInResponseValidator, @@ -284,7 +283,7 @@ ), delete_account: createJSONResponder( accountDeletionResponder, - deleteAccountRequestInputValidator, + ignoredArgumentValidator, logOutResponseValidator, [], ), diff --git a/keyserver/src/responders/user-responders.js b/keyserver/src/responders/user-responders.js --- a/keyserver/src/responders/user-responders.js +++ b/keyserver/src/responders/user-responders.js @@ -15,7 +15,6 @@ import type { ResetPasswordRequest, LogOutResponse, - DeleteAccountRequest, RegisterResponse, RegisterRequest, LogInResponse, @@ -222,16 +221,10 @@ }; } -export const deleteAccountRequestInputValidator: TInterface = - tShape({ - password: t.maybe(tPassword), - }); - async function accountDeletionResponder( viewer: Viewer, - request: DeleteAccountRequest, ): Promise { - const result = await deleteAccount(viewer, request); + const result = await deleteAccount(viewer); invariant(result, 'deleteAccount should return result if handed request'); return result; } diff --git a/lib/types/account-types.js b/lib/types/account-types.js --- a/lib/types/account-types.js +++ b/lib/types/account-types.js @@ -78,10 +78,6 @@ +calendarQuery: CalendarQuery, }; -export type DeleteAccountRequest = { - +password: ?string, -}; - export const logInActionSources = Object.freeze({ cookieInvalidationResolutionAttempt: 'COOKIE_INVALIDATION_RESOLUTION_ATTEMPT', appStartCookieLoggedInButInvalidRedux: