diff --git a/changelog.d/+7865cde6.feature.md b/changelog.d/+7865cde6.feature.md new file mode 100644 index 000000000..03f6699a1 --- /dev/null +++ b/changelog.d/+7865cde6.feature.md @@ -0,0 +1 @@ +Users may now be forbidden from deactivating their own accounts with the new `allow_deactivation` config option. diff --git a/conduwuit-example.toml b/conduwuit-example.toml index c657fa8eb..993434f3c 100644 --- a/conduwuit-example.toml +++ b/conduwuit-example.toml @@ -521,6 +521,16 @@ # #recaptcha_private_site_key = +# Controls whether users are allowed to deactivate their own accounts +# through the account management panel or their Matrix clients. Server +# admins can always deactivate users using the relevant admin commands. +# +# Note that, in some jurisdictions, you may be legally required to honor +# users who request to deactivate their accounts if you set this option +# to `false`. +# +#allow_deactivation = true + # Controls whether encrypted rooms and events are allowed. # #allow_encryption = true diff --git a/src/api/client/account/mod.rs b/src/api/client/account/mod.rs index 8ecaa9ffd..b54ef029d 100644 --- a/src/api/client/account/mod.rs +++ b/src/api/client/account/mod.rs @@ -283,6 +283,13 @@ pub(crate) async fn deactivate_route( let sender_user = identity.sender_user(); + if !services.config.allow_deactivation { + return Err!(Request(Unauthorized( + "You may not deactivate your own account. Contact your server's administrator for \ + assistance." + ))); + } + // Prompt the user to confirm with their password using UIAA let _ = services .uiaa diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs index 080aaead4..cf298ecdb 100644 --- a/src/core/config/mod.rs +++ b/src/core/config/mod.rs @@ -663,6 +663,17 @@ pub struct Config { #[serde(default)] pub oauth: OauthConfig, + /// Controls whether users are allowed to deactivate their own accounts + /// through the account management panel or their Matrix clients. Server + /// admins can always deactivate users using the relevant admin commands. + /// + /// Note that, in some jurisdictions, you may be legally required to honor + /// users who request to deactivate their accounts if you set this option + /// to `false`. + /// + /// default: true + pub allow_deactivation: bool, + /// Controls whether encrypted rooms and events are allowed. #[serde(default = "true_fn")] pub allow_encryption: bool, diff --git a/src/web/pages/account/deactivate.rs b/src/web/pages/account/deactivate.rs index 01e6279f7..01640175c 100644 --- a/src/web/pages/account/deactivate.rs +++ b/src/web/pages/account/deactivate.rs @@ -30,6 +30,7 @@ template! { #[derive(Debug)] #[allow(clippy::large_enum_variant)] enum DeactivateBody { + Unavailable, Form { user_id: OwnedUserId, user_card: UserCard, @@ -67,7 +68,9 @@ async fn route_deactivate( let user_card = UserCard::for_local_user(&services, user_id.clone()).await; let body = { - if let Some(form) = form { + if !services.config.allow_deactivation { + DeactivateBody::Unavailable + } else if let Some(form) = form { if let Err(err) = validate_deactivate_form(&services, &user_id, form).await { DeactivateBody::Form { user_id, diff --git a/src/web/pages/templates/deactivate.html.j2 b/src/web/pages/templates/deactivate.html.j2 index f5867d8fa..93c7f4e20 100644 --- a/src/web/pages/templates/deactivate.html.j2 +++ b/src/web/pages/templates/deactivate.html.j2 @@ -5,9 +5,18 @@ Deactivate your account {%- endblock -%} {%- block content -%} +{% match body %} + {% when DeactivateBody::Form { .. } | DeactivateBody::Success %}
+ {% when DeactivateBody::Unavailable %} +
+{% endmatch %}

Deactivate your account Back

{% match body %} + {% when DeactivateBody::Unavailable %} +

+ To deactivate your account, contact your homeserver's administrator. +

{% when DeactivateBody::Form { user_id, user_card, form } %} {{ user_card }}