Merge pull request #3448 from matrix-org/matthew/gdpr-deactivate-admin-api

add GDPR erase param to deactivate API
2018-06-26 10:43:14 +01:00 · 2018-06-26 10:43:14 +01:00 · c7f6b420ae
parent 1d62c4a127 9570aa82eb
commit c7f6b420ae
3 changed files with 28 additions and 3 deletions
--- a/docs/admin_api/user_admin_api.rst
+++ b/docs/admin_api/user_admin_api.rst
@ -44,13 +44,26 @@ Deactivate Account

 This API deactivates an account. It removes active access tokens, resets the
 password, and deletes third-party IDs (to prevent the user requesting a
-password reset).
+password reset). It can also mark the user as GDPR-erased (stopping their data
+from distributed further, and deleting it entirely if there are no other
+references to it).

 The api is::

    POST /_matrix/client/r0/admin/deactivate/<user_id>

-including an ``access_token`` of a server admin, and an empty request body.
+with a body of:
+
+.. code:: json
+
+    {
+        "erase": true
+    }
+
+including an ``access_token`` of a server admin.
+
+The erase parameter is optional and defaults to 'false'.
+An empty body may be passed for backwards compatibility.


 Reset password
--- a/synapse/handlers/deactivate_account.py
+++ b/synapse/handlers/deactivate_account.py
@ -47,6 +47,7 @@ class DeactivateAccountHandler(BaseHandler):

        Args:
            user_id (str): ID of user to be deactivated
+            erase_data (bool): whether to GDPR-erase the user's data

        Returns:
            Deferred
--- a/synapse/rest/client/v1/admin.py
+++ b/synapse/rest/client/v1/admin.py
@ -16,6 +16,8 @@

 from twisted.internet import defer

+from six.moves import http_client
+
 from synapse.api.constants import Membership
 from synapse.api.errors import AuthError, SynapseError, Codes, NotFoundError
 from synapse.types import UserID, create_requester
@ -247,6 +249,15 @@ class DeactivateAccountRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def on_POST(self, request, target_user_id):
+        body = parse_json_object_from_request(request, allow_empty_body=True)
+        erase = body.get("erase", False)
+        if not isinstance(erase, bool):
+            raise SynapseError(
+                http_client.BAD_REQUEST,
+                "Param 'erase' must be a boolean, if given",
+                Codes.BAD_JSON,
+            )
+
        UserID.from_string(target_user_id)
        requester = yield self.auth.get_user_by_req(request)
        is_admin = yield self.auth.is_server_admin(requester.user)
@ -255,7 +266,7 @@ class DeactivateAccountRestServlet(ClientV1RestServlet):
            raise AuthError(403, "You are not a server admin")

        yield self._deactivate_account_handler.deactivate_account(
-            target_user_id, False,
+            target_user_id, erase,
        )
        defer.returnValue((200, {}))