/* * Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net> * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation files * (the "Software"), to deal in the Software without restriction, * including without limitation the rights to use, copy, modify, merge, * publish, distribute, sublicense, and/or sell copies of the Software, * and to permit persons to whom the Software is furnished to do so, * subject to the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ #include #include #include #include #include ROUTE_IMPL(RouteAdminDeactivate, path, argp) { RouteArgs *args = argp; HashMap *request = NULL; HashMap *response = NULL; JsonValue *val; char *reason = "Deactivated by admin"; char *removedLocalpart = ArrayGet(path, 0); char *token; Db *db = args->matrixArgs->db; User *user = NULL; User *removed = NULL; HttpRequestMethod method = HttpRequestMethodGet(args->context); if ((method != HTTP_DELETE) && (method != HTTP_PUT)) { char * msg = "Route only supports DELETE and PUT as for now."; HttpResponseStatus(args->context, HTTP_BAD_REQUEST); return MatrixErrorCreate(M_UNRECOGNIZED, msg); } if (method == HTTP_DELETE) { request = JsonDecode(HttpServerStream(args->context)); if (!request) { HttpResponseStatus(args->context, HTTP_BAD_REQUEST); return MatrixErrorCreate(M_NOT_JSON, NULL); } val = HashMapGet(request, "reason"); if (val && JsonValueType(val) == JSON_STRING) { reason = JsonValueAsString(val); } } response = MatrixGetAccessToken(args->context, &token); if (response) { goto finish; } user = UserAuthenticate(db, token); removed = UserLock(db, removedLocalpart); if (!user || !removed) { HttpResponseStatus(args->context, HTTP_BAD_REQUEST); response = MatrixErrorCreate(M_UNKNOWN_TOKEN, NULL); goto finish; } if (!(UserGetPrivileges(user) & USER_DEACTIVATE)) { char * msg = "User doesn't have the DEACTIVATE privilege."; HttpResponseStatus(args->context, HTTP_FORBIDDEN); response = MatrixErrorCreate(M_FORBIDDEN, msg); goto finish; } if (method == HTTP_DELETE) { UserDeactivate(removed, UserGetName(user), reason); response = HashMapCreate(); JsonSet(response, JsonValueString(removedLocalpart), 1, "user"); JsonSet(response, JsonValueString(reason), 1, "reason"); JsonSet(response, JsonValueString(UserGetName(user)), 1, "banned_by"); } else { UserReactivate(removed); HttpResponseStatus(args->context, HTTP_NO_CONTENT); } finish: UserUnlock(user); UserUnlock(removed); JsonFree(request); return response; }