From cb548305673dbdcd25818f51b9412ce223939ca2 Mon Sep 17 00:00:00 2001
From: Dimitrie Stefanescu <didimitrie@gmail.com>
Date: Thu, 3 Jun 2021 08:36:34 +0100
Subject: [PATCH] feat(account deletion): adds extra private scope for profile
 deletion & adds gql resolver guards (#272)

* feat(account deletion): adds extra private scope for profile deletion & adds gql resolver guards

* feat(account deletion): paranoia warnings
---
 packages/server/modules/core/graph/resolvers/users.js   | 8 +++++++-
 packages/server/modules/core/graph/schemas/user.graphql | 2 ++
 packages/server/modules/core/scopes.js                  | 5 +++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/packages/server/modules/core/graph/resolvers/users.js b/packages/server/modules/core/graph/resolvers/users.js
index 0e1d46ba8..6e3c33b6d 100644
--- a/packages/server/modules/core/graph/resolvers/users.js
+++ b/packages/server/modules/core/graph/resolvers/users.js
@@ -89,9 +89,15 @@ module.exports = {
       let user = await getUser( context.userId )
 
       if ( args.userConfirmation.email !== user.email ) {
-        return false
+        throw new UserInputError( 'Malformed input: emails do not match.' )
       }
+
+      // The below are not really needed anymore as we've added the hasRole and hasScope
+      // directives in the graphql schema itself. 
+      // Since I am paranoid, I'll leave them here too. 
       await validateServerRole( context, 'server:user' )
+      await validateScopes( context.scopes, 'profile:delete' )
+
       await deleteUser( context.userId, args.user )
       return true
     }
diff --git a/packages/server/modules/core/graph/schemas/user.graphql b/packages/server/modules/core/graph/schemas/user.graphql
index 016880d63..b3d3985e7 100644
--- a/packages/server/modules/core/graph/schemas/user.graphql
+++ b/packages/server/modules/core/graph/schemas/user.graphql
@@ -51,6 +51,8 @@ extend type Mutation {
   Delete a user's account.
   """
   userDelete(userConfirmation: UserDeleteInput!): Boolean!
+    @hasRole(role: "server:user")
+    @hasScope(scope: "profile:delete")
 }
 
 input UserUpdateInput {
diff --git a/packages/server/modules/core/scopes.js b/packages/server/modules/core/scopes.js
index 90829ec1a..9525ee930 100644
--- a/packages/server/modules/core/scopes.js
+++ b/packages/server/modules/core/scopes.js
@@ -21,6 +21,11 @@ module.exports = [
     description: 'Grants access to the email address you registered with.',
     public: true
   },
+  {
+    name: 'profile:delete',
+    description: 'Allows a user to delete their account, with all associated data.',
+    public: false
+  },
   {
     name: 'users:read',
     description: 'Read other users\' profile on your behalf.',