From 21da519c0cd6e243888ebe573e3496e4eda01f10 Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Sun, 17 Jan 2021 21:48:38 +0100 Subject: [PATCH] Implement ghost comment mitigation (#14349) * Implement ghost comment mitigation Adds a config option USER_DELETE_WITH_COMMENTS_MAX_DAYS to the [service] section. See https://codeberg.org/Codeberg/Discussion/issues/24 for the underlying issue. * cleanup * use setting module correctly * add to docs Co-authored-by: Moritz Marquardt --- custom/conf/app.example.ini | 3 +++ .../content/doc/advanced/config-cheat-sheet.en-us.md | 1 + models/user.go | 12 +++++++++++- modules/setting/service.go | 2 ++ options/locale/locale_en-US.ini | 1 + routers/user/setting/account.go | 6 ++++++ templates/user/settings/account.tmpl | 3 +++ 7 files changed, 27 insertions(+), 1 deletion(-) diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index e68727eb8..3920f5112 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -688,6 +688,9 @@ AUTO_WATCH_NEW_REPOS = true ; Default value for AutoWatchOnChanges ; Make the user watch a repository When they commit for the first time AUTO_WATCH_ON_CHANGES = false +; Default value for the minimum age a user has to exist before deletion to keep issue comments. +; If a user deletes his account before that amount of days, his comments will be deleted as well. +USER_DELETE_WITH_COMMENTS_MAX_DAYS = 0 [webhook] ; Hook task queue length, increase if webhook shooting starts hanging diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 17d349b58..5b86cadd4 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -474,6 +474,7 @@ relation to port exhaustion. - `ALLOW_ONLY_EXTERNAL_REGISTRATION`: **false** Set to true to force registration only using third-party services. - `NO_REPLY_ADDRESS`: **DOMAIN** Default value for the domain part of the user's email address in the git log if he has set KeepEmailPrivate to true. The user's email will be replaced with a concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS. +- `USER_DELETE_WITH_COMMENTS_MAX_DAYS`: **0** If a user deletes his account before that amount of days, his comments will be deleted as well. ## SSH Minimum Key Sizes (`ssh.minimum_key_sizes`) diff --git a/models/user.go b/models/user.go index de12b804f..584c9d032 100644 --- a/models/user.go +++ b/models/user.go @@ -1151,6 +1151,15 @@ func deleteUser(e *xorm.Session, u *User) error { return fmt.Errorf("deleteBeans: %v", err) } + if setting.Service.UserDeleteWithCommentsMaxDays != 0 && + u.CreatedUnix.AsTime().Add(time.Duration(setting.Service.UserDeleteWithCommentsMaxDays)*24*time.Hour).After(time.Now()) { + if err = deleteBeans(e, + &Comment{PosterID: u.ID}, + ); err != nil { + return fmt.Errorf("deleteBeans: %v", err) + } + } + // ***** START: PublicKey ***** if _, err = e.Delete(&PublicKey{OwnerID: u.ID}); err != nil { return fmt.Errorf("deletePublicKeys: %v", err) @@ -1205,7 +1214,8 @@ func deleteUser(e *xorm.Session, u *User) error { } // DeleteUser completely and permanently deletes everything of a user, -// but issues/comments/pulls will be kept and shown as someone has been deleted. +// but issues/comments/pulls will be kept and shown as someone has been deleted, +// unless the user is younger than USER_DELETE_WITH_COMMENTS_MAX_DAYS. func DeleteUser(u *User) (err error) { if u.IsOrganization() { return fmt.Errorf("%s is an organization not a user", u.Name) diff --git a/modules/setting/service.go b/modules/setting/service.go index 5e74641d2..86f46898a 100644 --- a/modules/setting/service.go +++ b/modules/setting/service.go @@ -50,6 +50,7 @@ var Service struct { AutoWatchNewRepos bool AutoWatchOnChanges bool DefaultOrgMemberVisible bool + UserDeleteWithCommentsMaxDays int // OpenID settings EnableOpenIDSignIn bool @@ -102,6 +103,7 @@ func newService() { Service.DefaultOrgVisibility = sec.Key("DEFAULT_ORG_VISIBILITY").In("public", structs.ExtractKeysFromMapString(structs.VisibilityModes)) Service.DefaultOrgVisibilityMode = structs.VisibilityModes[Service.DefaultOrgVisibility] Service.DefaultOrgMemberVisible = sec.Key("DEFAULT_ORG_MEMBER_VISIBLE").MustBool() + Service.UserDeleteWithCommentsMaxDays = sec.Key("USER_DELETE_WITH_COMMENTS_MAX_DAYS").MustInt(0) sec = Cfg.Section("openid") Service.EnableOpenIDSignIn = sec.Key("ENABLE_OPENID_SIGNIN").MustBool(!InstallLock) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 73451eeeb..5e5363726 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -646,6 +646,7 @@ repos_none = You do not own any repositories delete_account = Delete Your Account delete_prompt = This operation will permanently delete your user account. It CAN NOT be undone. +delete_with_all_comments = Your account is younger than %d days. To avoid ghost comments, all issue/PR comments will be deleted with it. confirm_delete_account = Confirm Deletion delete_account_title = Delete User Account delete_account_desc = Are you sure you want to permanently delete this user account? diff --git a/routers/user/setting/account.go b/routers/user/setting/account.go index ca9b5b3c3..3b4191f0b 100644 --- a/routers/user/setting/account.go +++ b/routers/user/setting/account.go @@ -7,6 +7,7 @@ package setting import ( "errors" + "time" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/auth" @@ -300,4 +301,9 @@ func loadAccountData(ctx *context.Context) { ctx.Data["EmailNotificationsPreference"] = ctx.User.EmailNotifications() ctx.Data["ActivationsPending"] = pendingActivation ctx.Data["CanAddEmails"] = !pendingActivation || !setting.Service.RegisterEmailConfirm + + if setting.Service.UserDeleteWithCommentsMaxDays != 0 { + ctx.Data["UserDeleteWithCommentsMaxDays"] = setting.Service.UserDeleteWithCommentsMaxDays + ctx.Data["UserDeleteWithComments"] = ctx.User.CreatedUnix.AsTime().Add(time.Duration(setting.Service.UserDeleteWithCommentsMaxDays) * 24 * time.Hour).After(time.Now()) + } } diff --git a/templates/user/settings/account.tmpl b/templates/user/settings/account.tmpl index d753f9082..4f7d8a50c 100644 --- a/templates/user/settings/account.tmpl +++ b/templates/user/settings/account.tmpl @@ -173,6 +173,9 @@

{{svg "octicon-alert"}} {{.i18n.Tr "settings.delete_prompt" | Str2html}}

+ {{ if .UserDeleteWithComments }} +

{{.i18n.Tr "settings.delete_with_all_comments" .UserDeleteWithCommentsMaxDays | Str2html}}

+ {{ end }}
{{.CsrfTokenHtml}}