add account deletion; mark session and userinfo as not implemented

Author: ylebre

TODO

@@ -12,23 +12,23 @@
 	- [v] login
 	- [v] generated.html
 
-- [ ] Solid OIDC
+- [v] Solid OIDC
 	- [v] .well-known
 	- [v] authorize
 	- [v] jwks
 	- [v] logout
 	- [v] register
-	- [ ] session
+	- [v] session
 	- [v] token
-	- [ ] userinfo
+	- [v] userinfo
 
-- [ ] User account
-	- [ ] idp-api-account
-		- [ ] change-password
-		- [ ] delete-account-confirm
-		- [ ] delete-account-request
+- [v] User account
+	- [v] idp-api-account
+		- [v] change-password
+		- [v] delete-account-confirm
+		- [v] delete-account-request
 		- [v] new
-		- [ ] reset-password
+		- [v] reset-password
 		- [v] verify
 	- [v] idp-api
 		- [v] sharing
@@ -41,6 +41,7 @@
 - [v] jtiStore
 
 - [ ] Cleanup for expired verify tokens, password, deletion
+- [ ] Password requirements
 
 ----------------------
 

lib/User.php

@@ -280,5 +280,39 @@ public static function userEmailExists($email) {
 				return true;
 			}
 			return false;			
+		}
+
+		private static function deleteUser($email) {
+			self::connect();
+			$query = self::$pdo->prepare(
+				'DELETE FROM users WHERE email=:email'
+			);
+			$query->execute([
+				':email' => $email
+			]);
+		}
+
+		private static function deleteAllowedClients($email) {
+			$user = self::getUser($email);
+			if (!$user) {
+				return;
+			}
+
+			self::connect();
+			$query = self::$pdo->prepare(
+				'DELETE FROM allowedClients WHERE userId=:userId'
+			);
+			$query->execute([
+				':userId' => $user['userId']
+			]);
+		}
+
+		public static function deleteAccount($email) {
+			if (!self::userEmailExists($email)) {
+				return;
+			}
+			// FIXME: Delete storage;
+			self::deleteAllowedClients($email);
+			self::deleteUser($email);
 		}		
 	}		

www/idp/index.php

@@ -135,6 +135,10 @@
 				case "/reset-password/":
 				case "/change-password":
 				case "/change-password/":
+				case "/account/delete":
+				case "/account/delete/":
+				case "/account/delete/confirm":
+				case "/account/delete/confirm/":
 					include_once(FRONTENDDIR . "generated.html");
 				break;
 				case "/sharing":
@@ -146,6 +150,12 @@
 					}
 					include_once(FRONTENDDIR . "generated.html");
 				break;
+				case '/session':
+				case '/session/':
+				case '/userinfo':
+				case '/userinfo/':
+					header("HTTP/1.1 501 Not implemented");
+				break;
 				default:
 					header($_SERVER['SERVER_PROTOCOL'] . " 404 Not found");
 				break;
@@ -232,6 +242,36 @@
 					header("Content-type: application/json");
 					echo json_encode("OK");
 				break;
+				case "/api/accounts/delete":
+				case "/api/accounts/delete/":
+					if (!User::userEmailExists($_POST['email'])) {
+						header("HTTP/1.1 200 OK"); // Return OK even when user is not found;
+						header("Content-type: application/json");
+						echo json_encode("OK");
+						exit();
+					}
+					$verifyData = [
+						'email' => $_POST['email']
+					];
+
+					$verifyToken = User::saveVerifyToken('deleteAccount', $verifyData);
+					Mailer::sendDeleteAccount($verifyToken);
+					header("HTTP/1.1 200 OK");
+					header("Content-type: application/json");
+					echo json_encode("OK");
+				break;
+				case "/api/accounts/delete/confirm":
+				case "/api/accounts/delete/confirm/":
+					$verifyToken = User::getVerifyToken($_POST['token']);
+					if (!$verifyToken) {
+						header("HTTP/1.1 400 Bad Request");
+						exit();
+					}
+					User::deleteAccount($verifyToken['email']);
+					header("HTTP/1.1 200 OK");
+					header("Content-type: application/json");
+					echo json_encode("OK");
+				break;
 				case "/login/password":
 				case "/login/password/":
 					if (User::checkPassword($_POST['username'], $_POST['password'])) {