Merge branch '1944-admin-remove-account'

7 files changed, 92 insertions, 7 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5606a3c0e..118b93e3d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,8 @@
         - Fix error sending `requires_inspection` reports. #1961
     - Admin improvements:
         - Admin can anonymize/hide all a user's reports. #1942 #1943
+        - Admin can log a user out. #1975
+        - Admin can remove a user's account details. #1944
     - UK:
         - Lazy load images in the footer.
 
diff --git a/perllib/Catalyst/Plugin/FixMyStreet/Session/StoreSessions.pm b/perllib/Catalyst/Plugin/FixMyStreet/Session/StoreSessions.pm
new file mode 100644
index 000000000..5e7a3cede
--- /dev/null
+++ b/perllib/Catalyst/Plugin/FixMyStreet/Session/StoreSessions.pm
@@ -0,0 +1,23 @@
+package Catalyst::Plugin::FixMyStreet::Session::StoreSessions;
+use Moose::Role;
+use namespace::autoclean;
+
+after set_authenticated => sub {
+    my $c = shift;
+    my $sessions = $c->user->get_extra_metadata('sessions');
+    push @$sessions, $c->sessionid;
+    $c->user->set_extra_metadata('sessions', $sessions);
+    $c->user->update;
+};
+
+before logout => sub {
+    my $c = shift;
+    if (my $user = $c->user) {
+        my $sessions = $user->get_extra_metadata('sessions');
+        $sessions = [ grep { $_ ne $c->sessionid } @$sessions ];
+        @$sessions ? $user->set_extra_metadata('sessions', $sessions) : $user->unset_extra_metadata('sessions');
+        $user->update;
+    }
+};
+
+__PACKAGE__;
diff --git a/perllib/FixMyStreet/App.pm b/perllib/FixMyStreet/App.pm
index e47336b7c..a3331d32a 100644
--- a/perllib/FixMyStreet/App.pm
+++ b/perllib/FixMyStreet/App.pm
@@ -18,13 +18,14 @@ use URI;
 use URI::QueryParam;
 
 use Catalyst (
-    'Static::Simple',    #
+    'Static::Simple',
     'Unicode::Encoding',
     'Session',
     'Session::Store::DBIC',
     'Session::State::Cookie',    # FIXME - we're using our own override atm
     'Authentication',
     'SmartURI',
+    'FixMyStreet::Session::StoreSessions',
 );
 
 extends 'Catalyst';
diff --git a/perllib/FixMyStreet/App/Controller/Admin.pm b/perllib/FixMyStreet/App/Controller/Admin.pm
index a1d301249..85b6204fc 100644
--- a/perllib/FixMyStreet/App/Controller/Admin.pm
+++ b/perllib/FixMyStreet/App/Controller/Admin.pm
@@ -1423,10 +1423,14 @@ sub user_edit : Path('user_edit') : Args(1) {
 
     if ( $c->get_param('submit') and $c->get_param('unban') ) {
         $c->forward('unban_user', [ $user ]);
+    } elsif ( $c->get_param('submit') and $c->get_param('logout_everywhere') ) {
+        $c->forward('user_logout_everywhere', [ $user ]);
     } elsif ( $c->get_param('submit') and $c->get_param('anon_everywhere') ) {
         $c->forward('user_anon_everywhere', [ $user ]);
     } elsif ( $c->get_param('submit') and $c->get_param('hide_everywhere') ) {
         $c->forward('user_hide_everywhere', [ $user ]);
+    } elsif ( $c->get_param('submit') and $c->get_param('remove_account') ) {
+        $c->forward('user_remove_account', [ $user ]);
     } elsif ( $c->get_param('submit') ) {
 
         my $edited = 0;
@@ -1756,6 +1760,15 @@ sub ban_user : Private {
     return 1;
 }
 
+sub user_logout_everywhere : Private {
+    my ( $self, $c, $user ) = @_;
+    my $sessions = $user->get_extra_metadata('sessions');
+    foreach (grep { $_ ne $c->sessionid } @$sessions) {
+        $c->delete_session_data("session:$_");
+    }
+    $c->stash->{status_message} = _('That user has been logged out.');
+}
+
 sub user_anon_everywhere : Private {
     my ( $self, $c, $user ) = @_;
     $user->problems->update({anonymous => 1});
@@ -1777,6 +1790,28 @@ sub user_hide_everywhere : Private {
     $c->stash->{status_message} = _('That user’s reports and updates have been hidden.');
 }
 
+# Anonymize and remove name from all problems/updates, disable all alerts.
+# Remove their account's email address, phone number, password, etc.
+sub user_remove_account : Private {
+    my ( $self, $c, $user ) = @_;
+    $c->forward('user_logout_everywhere', [ $user ]);
+    $user->problems->update({ anonymous => 1, name => '', send_questionnaire => 0 });
+    $user->comments->update({ anonymous => 1, name => '' });
+    $user->alerts->update({ whendisabled => \'current_timestamp' });
+    $user->password('', 1);
+    $user->update({
+        email => 'removed-' . $user->id . '@' . FixMyStreet->config('EMAIL_DOMAIN'),
+        email_verified => 0,
+        name => '',
+        phone => '',
+        phone_verified => 0,
+        title => undef,
+        twitter_id => undef,
+        facebook_id => undef,
+    });
+    $c->stash->{status_message} = _('That user’s personal details have been removed.');
+}
+
 sub unban_user : Private {
     my ( $self, $c, $user ) = @_;
 
diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t
index e6cf51449..63295e26d 100644
--- a/t/app/controller/admin/users.t
+++ b/t/app/controller/admin/users.t
@@ -410,4 +410,30 @@ subtest "Hiding user's reports from admin" => sub {
     is $c, $count_u;
 };
 
+subtest "Logging user out" => sub {
+    my $mech2 = FixMyStreet::TestMech->new;
+    $mech2->log_in_ok($user->email);
+    $mech2->logged_in_ok;
+
+    $mech->get_ok( '/admin/user_edit/' . $user->id );
+    $mech->submit_form_ok({ button => 'logout_everywhere' }, 'Logging user out');
+    $mech2->not_logged_in_ok;
+};
+
+subtest "Removing account from admin" => sub {
+    $mech->create_problems_for_body(4, 2237, 'Title');
+    my $count_p = FixMyStreet::DB->resultset('Problem')->search({ user_id => $user->id })->count;
+    my $count_u = FixMyStreet::DB->resultset('Comment')->search({ user_id => $user->id })->count;
+    $mech->get_ok( '/admin/user_edit/' . $user->id );
+    $mech->submit_form_ok({ button => 'remove_account' }, 'Removing account');
+    my $c = FixMyStreet::DB->resultset('Problem')->search({ user_id => $user->id, anonymous => 1, name => '' })->count;
+    is $c, $count_p, 'All reports anon/nameless';
+    $c = FixMyStreet::DB->resultset('Comment')->search({ user_id => $user->id, anonymous => 1, name => '' })->count;
+    is $c, $count_u, 'All updates anon/nameless';
+    $user->discard_changes;
+    is $user->name, '', 'Name gone';
+    is $user->password, '', 'Password gone';
+    is $user->email, 'removed-' . $user->id . '@example.org', 'Email gone'
+};
+
 done_testing();
diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t
index e0fe205bd..95461fa8f 100644
--- a/t/app/controller/report_new.t
+++ b/t/app/controller/report_new.t
@@ -1236,9 +1236,7 @@ for my $test (
         is $user->title, $test->{'user_title'}, 'user title correct';
         is_deeply $extras, $test->{extra}, 'extra contains correct values';
 
-        $user->problems->delete;
-        $user->alerts->delete;
-        $user->delete;
+        $mech->delete_user($user);
     };
 }
 
@@ -1705,9 +1703,7 @@ subtest "extra google analytics code displayed on email confirmation problem cre
 
         $mech->content_contains( "'id': 'report/" . $report->id . "'", 'extra google code present' );
 
-        $user->problems->delete;
-        $user->alerts->delete;
-        $user->delete;
+        $mech->delete_user($user);
     };
 };
 
diff --git a/templates/web/base/admin/user-form.html b/templates/web/base/admin/user-form.html
index 63d4858ab..9dc14c98d 100644
--- a/templates/web/base/admin/user-form.html
+++ b/templates/web/base/admin/user-form.html
@@ -200,8 +200,10 @@
     </p>
   [% IF user AND NOT user.from_body %]
     <ul class="no-bullets danger-zone">
+      <li><input class="btn-danger" type="submit" name="logout_everywhere" value="[% loc('Log out of all sessions') %]">
       <li><input class="btn-danger" type="submit" name="anon_everywhere" value="[% loc('Make anonymous on all reports and updates') %]">
       <li><input class="btn-danger" type="submit" name="hide_everywhere" value="[% loc('Hide all reports and updates') %]">
+      <li><input class="btn-danger" type="submit" name="remove_account" value="[% loc('Remove account details') %]">
     </ul>
   [% END %]