psiphon

Merge lp:~nurlan0000/psiphon/sprint3-610547 into lp:psiphon

  1. sprint3-610547
  2. Merge into trunk
Proposed by Nurlan Turdaliev
Status: Merged
Approved by: Rod
Approved revision: 123
Merged at revision: 135
Proposed branch: lp:~nurlan0000/psiphon/sprint3-610547
Merge into: lp:psiphon
Diff against target: 268 lines (+159/-7)
5 files modified
trunk/www/config.php (+10/-5)
trunk/www/delete_account.php (+77/-0)
trunk/www/includes/database_helpers.php (+36/-1)
trunk/www/includes/lang.php (+26/-0)
trunk/www/profile.php (+10/-1)
To merge this branch: bzr merge lp:~nurlan0000/psiphon/sprint3-610547
Reviewer Review Type Date Requested Status
Nurlan Turdaliev (community) Needs Resubmitting
Adam Kruger group review Needs Fixing
Rod Needs Fixing
Review via email: mp+34186@code.launchpad.net

Description of the change

Fixes commited.

To post a comment you must log in.
Revision history for this message
Rod (rod-psiphon) wrote :

This was a team review. Here are our comments:

- Lack of comments makes review harder (and future maintenance).

- Our pattern is to add a permission (see config.php) and check permissions instead of checking user class when accessing functionality. In this branch, this should be done in profile.php and in delete_account.php.

- Please update the copyright notice year to the current year when a file is edited.

- Include 403 exits automatically. The exit statement is redundant.

- The prompt looks odd: "Delete account Delete account [X]". One "Delete account" as a link is sufficient.

- Why escape (using htmlentities) a msg value? This isn't user input, so escape is unnecessary and we don't do that elsewhere.

- DELETE FROM USER after the other tables to to minimize consistency problems. See the related comment in https://code.launchpad.net/~vasilev/psiphon/sprint3-457431/+merge/34185.

- Both this branch and "https://code.launchpad.net/~vasilev/psiphon/sprint3-457431/+merge/34185" delete from a bunch of related tables when deleting a user. Could refactor both to use a central config list of dependencies. Otherwise, every time someone adds a table that references user ids, they will have to know to go to these two places and add extra DELETEs.

- The new file user.php seems a bit random. Suggest either refactor all user helper functions to this file or add user table helpers to the existing database helper.

- Do not need header_link_prefix in "href="<?php echo $header_link_prefix; ?>delete_account.php">" in profile.php. Also "header('Location: '.$header_link_prefix.'profile.php');" in delete_account.php. $header_link_prefix is for other code that's added in separately and doesn't apply to anything on Launchpad.

- This is a bug: after a delete, the logout redirect isn't correct. The user ends up at e.g., "<proxy>/logout.php?lu=/001". They should end up at "<proxy>/001". As a result of this, the user can't immediately re-login to a different account; instead another redirect occurs.

review: Needs Fixing
Revision history for this message
e.fryntov (e-fryntov) wrote :

Regarding the "...<proxy>/logout.php?lu=/001". They should end up at "<proxy>/001"...." problem:

The last GET logout.php returns HTTP 200 instead of 302.

I suggest to add the 30x HTTP code implicitly to all redirects.

The following code is taken from php.net user comments on header function:

<?php
// 301 Moved Permanently
header("Location: /foo.php",TRUE,301);

// 302 Found
header("Location: /foo.php",TRUE,302);
header("Location: /foo.php");

// 303 See Other
header("Location: /foo.php",TRUE,303);

// 307 Temporary Redirect
header("Location: /foo.php",TRUE,307);
?>

lp:~nurlan0000/psiphon/sprint3-610547 updated
122. By Nurlan <ubuntu@ubuntu-desktop>

Implemented Rod's and Eugene's recomendations

Revision history for this message
Nurlan Turdaliev (nurlan0000) :
review: Needs Resubmitting
Revision history for this message
Adam Kruger (adam-kruger) wrote :

Code review comments:

- Diff line 112: header('Location: /001', true, 302);
"/001" should not be hard-coded. This should be retrieved from the database.
You might be able to use something like: $proxy_record = lookup_proxy($config, $record_user['current_proxy']);

Or see logout.php:

$query = "SELECT * FROM proxy WHERE hostname = :hostname";
$result = db_query_execute($config, $query, convert_null_array(array(":hostname" => $_SERVER[HTTP_HOST])));
$proxy_record = db_fetch_result($config, $result);

if (!$proxy_record || $proxy_record['login_url'] != $_GET[lu])
{
    include($_SERVER[DOCUMENT_ROOT]."/http-errors/404.php");
}

$login_url = $proxy_record['login_url'];

Your original code was using this style, but our objection was to the redirect part:
header('Location: logout.php?lu='.$login_url);
We want something like:
header('Location: logout.php?lu='.$login_url, true, 302);
exit;

review: Needs Fixing (group review)
lp:~nurlan0000/psiphon/sprint3-610547 updated
123. By Nurlan Turdaliev <ubuntu@ubuntu-desktop>

Hardcoded redirect removed

Revision history for this message
Nurlan Turdaliev (nurlan0000) :
review: Needs Resubmitting

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'trunk/www/config.php'
2--- trunk/www/config.php 2010-06-28 20:44:20 +0000
3+++ trunk/www/config.php 2010-10-25 09:04:03 +0000
4@@ -1,7 +1,7 @@
5 <?
6 /*
7 Psiphon Circumvention Platform
8- Copyright (C) 2009 Psiphon Inc.
9+ Copyright (C) 2010 Psiphon Inc.
10
11 This program is free software: you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13@@ -99,6 +99,7 @@
14 'view_propagator_info' => 1<<19,
15 'multi_proxy' => 1<20,
16 'custom_user_agents' => 1<<21,
17+ 'delete_account' => 1 << 22,
18 );
19
20 // This defines the order in which the user groups/classes should be displayed. Generally, least-to-highest privilege.
21@@ -140,7 +141,8 @@
22 | $config['perm']['send_ticket']
23 | $config['perm']['bookmarks']
24 | $config['perm']['logout']
25- | $config['perm']['can_grant_grp_3'],
26+ | $config['perm']['can_grant_grp_3']
27+ | $config['perm']['delete_account'],
28
29 // User
30 // NOTE: '3' is the grp default in the invitation table. So if the 3 changes here, it'll have to change there.
31@@ -150,7 +152,8 @@
32 | $config['perm']['send_ticket']
33 | $config['perm']['bookmarks']
34 | $config['perm']['logout']
35- | $config['perm']['can_grant_grp_3'],
36+ | $config['perm']['can_grant_grp_3']
37+ | $config['perm']['delete_account'],
38
39 // Anonymous User
40
41@@ -166,14 +169,16 @@
42 | $config['perm']['can_grant_grp_3']
43 | $config['perm']['invite']
44 | $config['perm']['view_propagator_info']
45- | $config['perm']['multi_proxy'],
46+ | $config['perm']['multi_proxy']
47+ | $config['perm']['delete_account'],
48
49 // Reporter
50
51 7 => $config['perm']['profile']
52 | $config['perm']['logout']
53 | $config['perm']['reports']
54- | $config['perm']['other_nodes'],
55+ | $config['perm']['other_nodes']
56+ | $config['perm']['delete_account'],
57 );
58
59 /*
60
61=== added file 'trunk/www/delete_account.php'
62--- trunk/www/delete_account.php 1970-01-01 00:00:00 +0000
63+++ trunk/www/delete_account.php 2010-10-25 09:04:03 +0000
64@@ -0,0 +1,77 @@
65+<?php
66+/*
67+ Psiphon Circumvention Platform
68+ Copyright (C) 2010 Psiphon Inc.
69+
70+ This program is free software: you can redistribute it and/or modify
71+ it under the terms of the GNU General Public License as published by
72+ the Free Software Foundation, either version 3 of the License, or
73+ (at your option) any later version.
74+
75+ This program is distributed in the hope that it will be useful,
76+ but WITHOUT ANY WARRANTY; without even the implied warranty of
77+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
78+ GNU General Public License for more details.
79+
80+ You should have received a copy of the GNU General Public License
81+ along with this program. If not, see <http://www.gnu.org/licenses/>.
82+*/
83+
84+
85+
86+include_once($_SERVER[DOCUMENT_ROOT]."/includes/common_includes.php");
87+include($_SERVER[DOCUMENT_ROOT]."/check_user.php");
88+include($_SERVER[DOCUMENT_ROOT]."/includes/lang_set.php");
89+
90+// check whether user can delete his own account
91+$user_can_delete = user_has_permission($config, $record_user, 'delete_account');
92+
93+if ( ! $user_can_delete )
94+{
95+ include($_SERVER[DOCUMENT_ROOT]."/http-errors/403.php");
96+}
97+
98+$user_deleted = false;
99+
100+
101+if ($_POST['submit_btn'])
102+{
103+ if ( ! $_POST['delete'] )
104+ {
105+ header('Location: /profile.php', true, 302);
106+ die;
107+ }
108+
109+ // Delete user and related data
110+ $res = delete_user_and_related_data($config, ' FROM user WHERE id = :userid', array(':userid' => $record_user['id']));
111+
112+ // Redirect back to proxy
113+ $query = "SELECT * FROM proxy WHERE hostname = :hostname";
114+ $result = db_query_execute($config, $query, convert_null_array(array(":hostname" => $_SERVER[HTTP_HOST])));
115+ $proxy_record = db_fetch_result($config, $result);
116+
117+ header("Location: ".$config["ret"].$proxy_record['login_url'], true, 302);
118+ exit;
119+}
120+
121+
122+include($_SERVER[DOCUMENT_ROOT]."/header.php");
123+
124+?>
125+ <h3><?php echo msg('delete_account'); ?></h3>
126+
127+ <div>
128+ <?php echo msg('confirm_delete'); ?>
129+ </div>
130+ <form action="<?=getenv("SCRIPT_NAME")?>" method="post">
131+ <label for="delete"><?php echo msg('yes'); ?></label>
132+ <input type="radio" id="delete" name="delete" value="1" />
133+
134+ <label for="dont_delete"><?php echo msg('no'); ?></label>
135+ <input type="radio" id="dont_delete" name="delete" value="0" checked="checked" /><br />
136+
137+ <input name="submit_btn" type="submit" value="<?php echo msg('submit'); ?>" />
138+ <input name="csrf_token" value="<?=$record_user['csrf_token']?>" type="hidden" />
139+ </form>
140+
141+<? include($_SERVER[DOCUMENT_ROOT]."/footer.php"); ?>
142
143=== modified file 'trunk/www/includes/database_helpers.php'
144--- trunk/www/includes/database_helpers.php 2010-06-23 19:21:47 +0000
145+++ trunk/www/includes/database_helpers.php 2010-10-25 09:04:03 +0000
146@@ -1,7 +1,7 @@
147 <?php
148 /*
149 Psiphon Circumvention Platform
150- Copyright (C) 2009 Psiphon Inc.
151+ Copyright (C) 2010 Psiphon Inc.
152
153 This program is free software: you can redistribute it and/or modify
154 it under the terms of the GNU General Public License as published by
155@@ -173,6 +173,41 @@
156 return $user_record;
157 }
158
159+/**
160+ * Deletes users and all related data
161+ *
162+ * @param $config
163+ * @param $query_inactive_user_ids_from_part SQL conditions to select affected user ids with placeholders
164+ * @param $param_array placeholder values
165+ * @return bool true on success, false on error
166+ */
167+function delete_user_and_related_data($config, $query_inactive_user_ids_from_part, Array $param_array) {
168+ // We don't know how big the user id list could be; So, we will use subselect here (Rod's recommendation)
169+ $query_affected_user_ids = 'SELECT user.id ' . $query_inactive_user_ids_from_part;
170+
171+ $query_delete_bookmark = "DELETE FROM bookmark WHERE user IN (" . $query_affected_user_ids . ")";
172+ $query_delete_cookie = "DELETE FROM cookie WHERE user IN (" . $query_affected_user_ids . ")";
173+ $query_delete_invitation = "DELETE FROM invitation WHERE user IN (" . $query_affected_user_ids . ")";
174+ $query_delete_ticket = "DELETE FROM ticket WHERE user IN (" . $query_affected_user_ids . ")";
175+ $query_delete_userproxy = "DELETE FROM userproxy WHERE userid IN (" . $query_affected_user_ids . ")";
176+ // Delete from user table only after deleting all other data
177+ $query_delete_user = "DELETE " . $query_inactive_user_ids_from_part;
178+
179+ if (
180+ !db_query_execute($config, $query_delete_bookmark, convert_null_array($param_array), true) ||
181+ !db_query_execute($config, $query_delete_cookie, convert_null_array($param_array), true) ||
182+ !db_query_execute($config, $query_delete_invitation, convert_null_array($param_array), true) ||
183+ !db_query_execute($config, $query_delete_ticket, convert_null_array($param_array), true) ||
184+ !db_query_execute($config, $query_delete_userproxy, convert_null_array($param_array), true) ||
185+ !db_query_execute($config, $query_delete_user, convert_null_array($param_array), true)
186+ )
187+ {
188+ return false;
189+ }
190+
191+ return true;
192+}
193+
194 /* Turns a (comma-separated, usually) list of values into a values that can be used in a
195 * parameterized SQL query.
196 *
197
198=== modified file 'trunk/www/includes/lang.php'
199--- trunk/www/includes/lang.php 2010-10-14 16:26:29 +0000
200+++ trunk/www/includes/lang.php 2010-10-25 09:04:03 +0000
201@@ -371,6 +371,32 @@
202 'be' => "Регистрация",
203 ),
204
205+ 'delete_account' => array(
206+ 'en' => "Delete account",
207+ 'fa' => "Delete account",
208+ 'ru' => "Delete account",
209+ 'uz' => "Delete account",
210+ 'tk' => "Delete account",
211+ 'cn' => "Delete account",
212+ 'ar' => "Delete account",
213+ 'vt' => "Delete account",
214+ 'fr' => "Delete account",
215+ 'es' => "Delete account",
216+ ),
217+
218+ 'confirm_delete' => array(
219+ 'en' => 'Are you sure that you want to completely delete your account? This action cannot be undone.',
220+ 'fa' => 'Are you sure that you want to completely delete your account? This action cannot be undone.',
221+ 'ru' => 'Are you sure that you want to completely delete your account? This action cannot be undone.',
222+ 'uz' => 'Are you sure that you want to completely delete your account? This action cannot be undone.',
223+ 'tk' => 'Are you sure that you want to completely delete your account? This action cannot be undone.',
224+ 'cn' => 'Are you sure that you want to completely delete your account? This action cannot be undone.',
225+ 'ar' => 'Are you sure that you want to completely delete your account? This action cannot be undone.',
226+ 'vt' => 'Are you sure that you want to completely delete your account? This action cannot be undone.',
227+ 'fr' => 'Are you sure that you want to completely delete your account? This action cannot be undone.',
228+ 'es' => 'Are you sure that you want to completely delete your account? This action cannot be undone.',
229+ ),
230+
231 'invalid_uname_format' => array(
232 'en' => "Error: Invalid username format",
233 'fa' => "اشتباه: اسم کاربر درست نیست",
234
235=== modified file 'trunk/www/profile.php'
236--- trunk/www/profile.php 2010-07-16 17:53:05 +0000
237+++ trunk/www/profile.php 2010-10-25 09:04:03 +0000
238@@ -1,7 +1,7 @@
239 <?
240 /*
241 Psiphon Circumvention Platform
242- Copyright (C) 2009 Psiphon Inc.
243+ Copyright (C) 2010 Psiphon Inc.
244
245 This program is free software: you can redistribute it and/or modify
246 it under the terms of the GNU General Public License as published by
247@@ -245,6 +245,10 @@
248 break;
249 }
250
251+// check whether user can delete his own account
252+$user_can_delete = user_has_permission($config, $record_user, 'delete_account');
253+
254+
255 include($_SERVER[DOCUMENT_ROOT]."/header.php");
256
257 ?>
258@@ -313,5 +317,10 @@
259 </table>
260
261 </form>
262+<?php if ($user_can_delete) : ?>
263+<br />
264+
265+&nbsp;&nbsp;<a id="delete_href" href="/delete_account.php"><?php echo msg('delete_account');?> [X]</a>
266
267+<?php endif; ?>
268 <? include($_SERVER[DOCUMENT_ROOT]."/footer.php"); ?>

Subscribers

People subscribed via source and target branches