Personal information details removal form Initial form that displays the current information held in Gerrit and gives the action button to remove it and disable the account. Change-Id: I23e94f599e5f97ee408ff8ff51ff33ca363aca89
diff --git a/.gitignore b/.gitignore index 6143e53..25744ad 100644 --- a/.gitignore +++ b/.gitignore
@@ -20,3 +20,13 @@ # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml hs_err_pid* + +# Bower +bower_components + +# JS and CSS Deps +src/main/resources/static/js/jquery* +src/main/resources/static/js/angular* +src/main/resources/static/js/bootstrap* +src/main/resources/static/js/core* +src/main/resources/static/css/bootstrap*
diff --git a/bower.json b/bower.json new file mode 100644 index 0000000..e0e0ef5 --- /dev/null +++ b/bower.json
@@ -0,0 +1,22 @@ +{ + "name": "account", + "authors": [ + "Luca Milanesio <luca.milanesio@gmail.com>" + ], + "description": "", + "main": "", + "license": "APL 2.0", + "homepage": "", + "ignore": [ + "**/.*", + "node_modules", + "bower_components", + "test", + "tests" + ], + "dependencies": { + "bootstrap": "^4.1.1", + "jquery": "^3.3.1", + "angular": "^1.7.0" + } +}
diff --git a/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java b/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java index 25d3df1..e074c0e 100644 --- a/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java +++ b/src/main/java/com/gerritforge/gerrit/plugins/account/XAuthFilter.java
@@ -26,6 +26,7 @@ import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -53,6 +54,9 @@ String currentUser = session.getUser().getUserName(); log.info("REST API URI {} allowed for user {}", uri, currentUser); session.setAccessPathOk(AccessPath.REST_API, true); + } else { + ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN); + return; } }
diff --git a/src/main/resources/static/account.html b/src/main/resources/static/account.html new file mode 100644 index 0000000..1377a33 --- /dev/null +++ b/src/main/resources/static/account.html
@@ -0,0 +1,126 @@ +<!-- + Copyright (C) 2018 GerritForge Ltd + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<!DOCTYPE html> +<html ng-app="Account"> + +<head> +<link rel="stylesheet" href="css/account.css"> +<script src="js/angular.min.js"></script> +<script src="js/account.js"></script> +<link rel="stylesheet" href="css/bootstrap.min.css"> +<link rel="stylesheet" href="css/account.css"> +</head> + +<body ng-controller="AccountDeleteController"> + + <nav class="navbar navbar-light" style="background-color: #ffe6e8"> + <a class="navbar-brand" href="/">< Back to Gerrit</a> <span + class="navbar-text">Personal Information</span> + </nav> + + <div class="container-fluid"> + + <div class="jumbotron"> + <h1 class="display-5">Your Personal Information</h1> + <p class="lead">This is the full set of personal information + held in Gerrit Code Review and associated to your account and + shown in full detail to you for maximum transparency.</p> + <p>You have full control over it, amend, remove or even decide that + to completed wipe out your Gerrit Account.</p> + <hr class="my-4"> + <form> + <div class="form-group"> + <label for="username">Username</label> <input type="text" + class="form-control" id="username" + aria-describedby="emailHelp" value="{{account.username}}" + readonly="readonly"> + </div> + <div class="form-group"> + <label for="fullname">Full name</label> <input type="text" + class="form-control" id="fullname" + value="{{account.fullname}}" readonly="readonly"> + </div> + <div class="form-group"> + <label for="emails">E-mails addresses</label> <select multiple + class="form-control" id="emails"> + <option ng-repeat="email in account.emails">{{email}}</option> + </select> + </div> + </form> + <button type="button" class="btn btn-primary btn-danger" + data-toggle="modal" data-target="#confirmDeleteModal">Delete + Account</button> + + <div class="modal fade" tabindex="-1" role="dialog" + id="confirmDeleteModal" ng-blur="backToGerrit()"> + <div class="modal-dialog" role="document"> + <div class="modal-content"> + <div class="modal-header"> + <h5 class="modal-title">Confirm Account Removal</h5> + <button type="button" class="close" data-dismiss="modal" + aria-label="Close"> + <span aria-hidden="true">×</span> + </button> + </div> + <div class="modal-body"> + <p> + You are about to remove all your personal information + from Gerrit Code Review and deactivate your account. <strong>This + operation CANNOT BE UNDONE</strong> and your account and the + associated personal information will be completely + removed. + </p> + <p>If you sign-up again, you will be creating a + completely different Gerrit account.</p> + <hr /> + <p>If you do wish to continue, please enter again your + full name below to confirm that you have read and + understood the implications of your action and you woud + like to proceed.</p> + <form> + <div class="form-group"> + <label for="fullname" class="col-form-label">Full + name:</label> <input type="text" class="form-control" + id="fullname" aria-describedby="emailHelp" + required="required" + placeholder="Enter your full name to confirm your action" + ng-model="fullName"> + </div> + </form> + <div class="alert alert-warning" role="alert" ng-if="alert">{{alert}}</div> + <div class="alert alert-primary" role="alert" ng-if="deleted">{{deleted}}</div> + </div> + <div class="modal-footer" ng-if="!deleted"> + <button type="button" class="btn btn-secondary" + data-dismiss="modal" >Cancel</button> + <button type="button" class="btn btn-primary btn-danger" + ng-click="deleteAccount()">YES, DELETE MY + ACCOUNT</button> + </form> + </div> + </div> + </div> + </div> + </div> + </div> + + <!-- jQuery (necessary for Bootstrap's JavaScript plugins) --> + <script src="js/jquery.min.js"></script> + <!-- Include all compiled plugins (below), or include individual files as needed --> + <script src="js/bootstrap.min.js"></script> + +</body> +</html> \ No newline at end of file
diff --git a/src/main/resources/static/css/account.css b/src/main/resources/static/css/account.css new file mode 100644 index 0000000..a3e3b90 --- /dev/null +++ b/src/main/resources/static/css/account.css
@@ -0,0 +1,19 @@ +/* + Copyright (C) 2018 GerritForge Ltd + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + */ + +.jumbotron { + background-color: transparent; +} \ No newline at end of file
diff --git a/src/main/resources/static/js/account.js b/src/main/resources/static/js/account.js new file mode 100644 index 0000000..628305a --- /dev/null +++ b/src/main/resources/static/js/account.js
@@ -0,0 +1,72 @@ +// Copyright (C) 2018 GerritForge Ltd +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +var app = angular.module('Account', []) + +app.controller('AccountDeleteController', function AccountDeleteController($scope, $http, $window) { + + + $scope.account = { + "fullname" : "", + "username" : "", + "emails" : [ ] + }; + + $scope.fullName = ""; + + $scope.alert = ""; + + $scope.deleted = ""; + + $http.delete('/a/accounts/self', { + headers: {'X-Requested-With' : 'XMLHttpRequest'} + }).then(function(response) { + $scope.account = response.data.account_info; + }, function(error) { + $window.location.href = "/login"; + }); + + $scope.backToGerrit = function() { + if($scope.deleted) { + $window.location.href = "/"; + } + } + + $scope.deleteAccount = function() { + $scope.alert = ""; + $scope.deleted = ""; + + $http({ + method: 'DELETE', + url: '/a/accounts/self', + data: { + account_name: $scope.fullName + }, + headers: { + 'Content-type': 'application/json;charset=utf-8' + } + }) + .then(function(response) { + if(!response.data.deleted) { + $scope.alert = "Oops, something went wrong. Your full name does not match your profile (" + response.data.account_info.fullname + "). Please double-check and try again." + } else { + $http.get('/logout').then(function(response) { + $scope.deleted = "Your account has been deletedfuly removed and you have been logged out from Gerrit Code Review"; + }); + } + }, function(rejection) { + $scope.alert = "Request failed: " + rejection.data; + }); + } +}); \ No newline at end of file