Personal information details removal form
Initial form that displays the current information held in Gerrit
and gives the action button to remove it and disable the account.
Change-Id: I23e94f599e5f97ee408ff8ff51ff33ca363aca89
diff --git a/.gitignore b/.gitignore
index 6143e53..25744ad 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,13 @@
# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
hs_err_pid*
+
+# Bower
+bower_components
+
+# JS and CSS Deps
+src/main/resources/static/js/jquery*
+src/main/resources/static/js/angular*
+src/main/resources/static/js/bootstrap*
+src/main/resources/static/js/core*
+src/main/resources/static/css/bootstrap*
diff --git a/bower.json b/bower.json
new file mode 100644
index 0000000..e0e0ef5
--- /dev/null
+++ b/bower.json
@@ -0,0 +1,22 @@
+{
+ "name": "account",
+ "authors": [
+ "Luca Milanesio <luca.milanesio@gmail.com>"
+ ],
+ "description": "",
+ "main": "",
+ "license": "APL 2.0",
+ "homepage": "",
+ "ignore": [
+ "**/.*",
+ "node_modules",
+ "bower_components",
+ "test",
+ "tests"
+ ],
+ "dependencies": {
+ "bootstrap": "^4.1.1",
+ "jquery": "^3.3.1",
+ "angular": "^1.7.0"
+ }
+}
diff --git a/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java b/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java
index 25d3df1..e074c0e 100644
--- a/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java
+++ b/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java
@@ -26,6 +26,7 @@
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -53,6 +54,9 @@
String currentUser = session.getUser().getUserName();
log.info("REST API URI {} allowed for user {}", uri, currentUser);
session.setAccessPathOk(AccessPath.REST_API, true);
+ } else {
+ ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN);
+ return;
}
}
diff --git a/src/main/resources/static/account.html b/src/main/resources/static/account.html
new file mode 100644
index 0000000..1377a33
--- /dev/null
+++ b/src/main/resources/static/account.html
@@ -0,0 +1,126 @@
+<!--
+ Copyright (C) 2018 GerritForge Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<!DOCTYPE html>
+<html ng-app="Account">
+
+<head>
+<link rel="stylesheet" href="css/account.css">
+<script src="js/angular.min.js"></script>
+<script src="js/account.js"></script>
+<link rel="stylesheet" href="css/bootstrap.min.css">
+<link rel="stylesheet" href="css/account.css">
+</head>
+
+<body ng-controller="AccountDeleteController">
+
+ <nav class="navbar navbar-light" style="background-color: #ffe6e8">
+ <a class="navbar-brand" href="/">< Back to Gerrit</a> <span
+ class="navbar-text">Personal Information</span>
+ </nav>
+
+ <div class="container-fluid">
+
+ <div class="jumbotron">
+ <h1 class="display-5">Your Personal Information</h1>
+ <p class="lead">This is the full set of personal information
+ held in Gerrit Code Review and associated to your account and
+ shown in full detail to you for maximum transparency.</p>
+ <p>You have full control over it, amend, remove or even decide that
+ to completed wipe out your Gerrit Account.</p>
+ <hr class="my-4">
+ <form>
+ <div class="form-group">
+ <label for="username">Username</label> <input type="text"
+ class="form-control" id="username"
+ aria-describedby="emailHelp" value="{{account.username}}"
+ readonly="readonly">
+ </div>
+ <div class="form-group">
+ <label for="fullname">Full name</label> <input type="text"
+ class="form-control" id="fullname"
+ value="{{account.fullname}}" readonly="readonly">
+ </div>
+ <div class="form-group">
+ <label for="emails">E-mails addresses</label> <select multiple
+ class="form-control" id="emails">
+ <option ng-repeat="email in account.emails">{{email}}</option>
+ </select>
+ </div>
+ </form>
+ <button type="button" class="btn btn-primary btn-danger"
+ data-toggle="modal" data-target="#confirmDeleteModal">Delete
+ Account</button>
+
+ <div class="modal fade" tabindex="-1" role="dialog"
+ id="confirmDeleteModal" ng-blur="backToGerrit()">
+ <div class="modal-dialog" role="document">
+ <div class="modal-content">
+ <div class="modal-header">
+ <h5 class="modal-title">Confirm Account Removal</h5>
+ <button type="button" class="close" data-dismiss="modal"
+ aria-label="Close">
+ <span aria-hidden="true">×</span>
+ </button>
+ </div>
+ <div class="modal-body">
+ <p>
+ You are about to remove all your personal information
+ from Gerrit Code Review and deactivate your account. <strong>This
+ operation CANNOT BE UNDONE</strong> and your account and the
+ associated personal information will be completely
+ removed.
+ </p>
+ <p>If you sign-up again, you will be creating a
+ completely different Gerrit account.</p>
+ <hr />
+ <p>If you do wish to continue, please enter again your
+ full name below to confirm that you have read and
+ understood the implications of your action and you woud
+ like to proceed.</p>
+ <form>
+ <div class="form-group">
+ <label for="fullname" class="col-form-label">Full
+ name:</label> <input type="text" class="form-control"
+ id="fullname" aria-describedby="emailHelp"
+ required="required"
+ placeholder="Enter your full name to confirm your action"
+ ng-model="fullName">
+ </div>
+ </form>
+ <div class="alert alert-warning" role="alert" ng-if="alert">{{alert}}</div>
+ <div class="alert alert-primary" role="alert" ng-if="deleted">{{deleted}}</div>
+ </div>
+ <div class="modal-footer" ng-if="!deleted">
+ <button type="button" class="btn btn-secondary"
+ data-dismiss="modal" >Cancel</button>
+ <button type="button" class="btn btn-primary btn-danger"
+ ng-click="deleteAccount()">YES, DELETE MY
+ ACCOUNT</button>
+ </form>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+
+ <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
+ <script src="js/jquery.min.js"></script>
+ <!-- Include all compiled plugins (below), or include individual files as needed -->
+ <script src="js/bootstrap.min.js"></script>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/src/main/resources/static/css/account.css b/src/main/resources/static/css/account.css
new file mode 100644
index 0000000..a3e3b90
--- /dev/null
+++ b/src/main/resources/static/css/account.css
@@ -0,0 +1,19 @@
+/*
+ Copyright (C) 2018 GerritForge Ltd
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+.jumbotron {
+ background-color: transparent;
+}
\ No newline at end of file
diff --git a/src/main/resources/static/js/account.js b/src/main/resources/static/js/account.js
new file mode 100644
index 0000000..628305a
--- /dev/null
+++ b/src/main/resources/static/js/account.js
@@ -0,0 +1,72 @@
+// Copyright (C) 2018 GerritForge Ltd
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+var app = angular.module('Account', [])
+
+app.controller('AccountDeleteController', function AccountDeleteController($scope, $http, $window) {
+
+
+ $scope.account = {
+ "fullname" : "",
+ "username" : "",
+ "emails" : [ ]
+ };
+
+ $scope.fullName = "";
+
+ $scope.alert = "";
+
+ $scope.deleted = "";
+
+ $http.delete('/a/accounts/self', {
+ headers: {'X-Requested-With' : 'XMLHttpRequest'}
+ }).then(function(response) {
+ $scope.account = response.data.account_info;
+ }, function(error) {
+ $window.location.href = "/login";
+ });
+
+ $scope.backToGerrit = function() {
+ if($scope.deleted) {
+ $window.location.href = "/";
+ }
+ }
+
+ $scope.deleteAccount = function() {
+ $scope.alert = "";
+ $scope.deleted = "";
+
+ $http({
+ method: 'DELETE',
+ url: '/a/accounts/self',
+ data: {
+ account_name: $scope.fullName
+ },
+ headers: {
+ 'Content-type': 'application/json;charset=utf-8'
+ }
+ })
+ .then(function(response) {
+ if(!response.data.deleted) {
+ $scope.alert = "Oops, something went wrong. Your full name does not match your profile (" + response.data.account_info.fullname + "). Please double-check and try again."
+ } else {
+ $http.get('/logout').then(function(response) {
+ $scope.deleted = "Your account has been deletedfuly removed and you have been logged out from Gerrit Code Review";
+ });
+ }
+ }, function(rejection) {
+ $scope.alert = "Request failed: " + rejection.data;
+ });
+ }
+});
\ No newline at end of file
