Add user profile management and account deletion functionality (#8712)

* mws authentication * add more tests and permission checkers * add logic to ensure that only authenticated users' requests are handled * add custom login page * Implement user authentication as well as session handling * work on user operations authorization * add middleware to route handlers for bags & tiddlers routes * add feature that only returns the tiddlers and bags which the user has permission to access on index page * refactor auth routes & added user management page * fix Ci Test failure issue * fix users list page, add manage roles page * add commands and scripts to create new user & assign roles and permissions * resolved ci-test failure * add ACL permissions to bags & tiddlers on creation * fix comments and access control list bug * fix indentation issues * working on user profile edit * remove list users command & added support for database in server options * implement user profile update and password change feature * update plugin readme * implement command which triggers protected mode on the server * revert server-wide auth flag. Implement selective authorization * ACL management feature * Complete Access control list implementation * Added support to manage users' assigned role by admin * fix comments * fix comment * Add user profile management and account deletion functionality
2026-04-29 10:56:46 +00:00 · 2024-10-30 19:38:21 +01:00
parent 6a7612ddf8
commit c7531e53ab
13 changed files with 304 additions and 54 deletions
--- a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/delete-user-account.js
+++ b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/delete-user-account.js
@@ -0,0 +1,58 @@
+/*\
+title: $:/plugins/tiddlywiki/multiwikiserver/routes/handlers/delete-user-account.js
+type: application/javascript
+module-type: mws-route
+
+POST /delete-user-account
+
+\*/
+(function () {
+
+	/*jslint node: true, browser: true */
+	/*global $tw: false */
+	"use strict";
+
+	exports.method = "POST";
+
+	exports.path = /^\/delete-user-account\/?$/;
+
+	exports.bodyFormat = "www-form-urlencoded";
+
+	exports.csrfDisable = true;
+
+	exports.handler = function (request, response, state) {
+		var sqlTiddlerDatabase = state.server.sqlTiddlerDatabase;
+		var userId = state.data.userId;
+
+		// Check if user is admin
+		if(!state.authenticatedUser || !state.authenticatedUser.isAdmin) {
+			response.writeHead(403, "Forbidden");
+			response.end();
+			return;
+		}
+
+		// Prevent admin from deleting their own account
+		if(state.authenticatedUser.user_id === userId) {
+			response.writeHead(400, "Bad Request");
+			response.end("Cannot delete your own account");
+			return;
+		}
+
+		// Check if the user exists
+		var user = sqlTiddlerDatabase.getUser(userId);
+		if(!user) {
+			response.writeHead(404, "Not Found");
+			response.end("User not found");
+			return;
+		}
+    
+		sqlTiddlerDatabase.deleteUserRolesByUserId(userId);
+		sqlTiddlerDatabase.deleteUserSessions(userId);
+		sqlTiddlerDatabase.deleteUser(userId);
+
+		// Redirect back to the users management page
+		response.writeHead(302, { "Location": "/admin/users" });
+		response.end();
+	};
+
+}());