discourse/app/services/user_anonymizer.rb

class UserAnonymizer

  attr_reader :user_history

  # opts:
  #   anonymize_ip  - an optional new IP to update their logs with
  def initialize(user, actor = nil, opts = nil)
    @user = user
    @actor = actor
    @user_history = nil
    @opts = opts || {}
  end

  def self.make_anonymous(user, actor = nil, opts = nil)
    self.new(user, actor, opts).make_anonymous
  end

  def make_anonymous
    User.transaction do
      @prev_email = @user.email
      @prev_username = @user.username

      @user.update_attribute(:uploaded_avatar_id, nil)
      raise "Failed to change username" unless UsernameChanger.change(@user, make_anon_username)

      @user.reload
      @user.password = SecureRandom.hex
      @user.email = "#{@user.username}@example.com"
      @user.name = SiteSetting.full_name_required ? @user.username : nil
      @user.date_of_birth = nil
      @user.title = nil

      anonymize_ips(@opts[:anonymize_ip]) if @opts.has_key?(:anonymize_ip)

      @user.save

      options = @user.user_option
      options.email_always = false
      options.mailing_list_mode = false
      options.email_digests = false
      options.email_private_messages = false
      options.email_direct = false
      options.save

      profile = @user.user_profile
      profile.destroy if profile
      @user.create_user_profile

      @user.user_avatar.try(:destroy)
      @user.twitter_user_info.try(:destroy)
      @user.google_user_info.try(:destroy)
      @user.github_user_info.try(:destroy)
      @user.facebook_user_info.try(:destroy)
      @user.single_sign_on_record.try(:destroy)
      @user.oauth2_user_info.try(:destroy)
      @user.instagram_user_info.try(:destroy)
      @user.user_open_ids.find_each { |x| x.destroy }
      @user.api_key.try(:destroy)

      history_details = {
        action: UserHistory.actions[:anonymize_user],
        target_user_id: @user.id,
        acting_user_id: @actor ? @actor.id : @user.id,
      }

      if SiteSetting.log_anonymizer_details?
        history_details[:email] = @prev_email
        history_details[:details] = "username: #{@prev_username}"
      end

      @user_history = UserHistory.create(history_details)
    end

    DiscourseEvent.trigger(:user_anonymized, user: @user, opts: @opts)
    @user
  end

  private

    def make_anon_username
      100.times do
        new_username = "anon#{(SecureRandom.random_number * 100000000).to_i}"
        return new_username unless User.where(username_lower: new_username).exists?
      end
      raise "Failed to generate an anon username"
    end

  def ip_where(column = 'user_id')
    ["#{column} = :user_id AND ip_address IS NOT NULL", user_id: @user.id]
  end

  def anonymize_ips(new_ip)
    @user.ip_address = new_ip
    @user.registration_ip_address = new_ip

    IncomingLink.where(ip_where('current_user_id')).update_all(ip_address: new_ip)
    ScreenedEmail.where(email: @prev_email).update_all(ip_address: new_ip)
    SearchLog.where(ip_where).update_all(ip_address: new_ip)
    TopicLinkClick.where(ip_where).update_all(ip_address: new_ip)
    TopicViewItem.where(ip_where).update_all(ip_address: new_ip)
    UserHistory.where(ip_where('acting_user_id')).update_all(ip_address: new_ip)
    UserProfileView.where(ip_where).update_all(ip_address: new_ip)

    # UserHistory for delete_user logs the user's IP. Note this is quite ugly but we don't
    # have a better way of querying on details right now.
    UserHistory.where(
      "action = :action AND details LIKE 'id: #{@user.id}\n%'",
      action: UserHistory.actions[:delete_user]
    ).update_all(ip_address: new_ip)

  end

end
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`class UserAnonymizer`
Setting to prevent logging details when anonymizing 2018-03-05 14:38:18 -05:00
			`attr_reader :user_history`

FEATURE: Support anonymizing a user's IP addresses 2018-04-30 13:42:51 -04:00			`# opts:`
			`# anonymize_ip - an optional new IP to update their logs with`
			`def initialize(user, actor = nil, opts = nil)`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`@user = user`
			`@actor = actor`
Setting to prevent logging details when anonymizing 2018-03-05 14:38:18 -05:00			`@user_history = nil`
FEATURE: Support anonymizing a user's IP addresses 2018-04-30 13:42:51 -04:00			`@opts = opts \|\| {}`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`end`

FEATURE: Support anonymizing a user's IP addresses 2018-04-30 13:42:51 -04:00			`def self.make_anonymous(user, actor = nil, opts = nil)`
			`self.new(user, actor, opts).make_anonymous`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`end`

			`def make_anonymous`
			`User.transaction do`
FEATURE: Support anonymizing a user's IP addresses 2018-04-30 13:42:51 -04:00			`@prev_email = @user.email`
			`@prev_username = @user.username`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00
FIX: Anonymizing user didn't replace uploaded avatar in posts 2018-05-13 10:25:56 -04:00			`@user.update_attribute(:uploaded_avatar_id, nil)`
FEATURE: Rename user in mentions and quotes Co-authored-by: Robin Ward <robin.ward@gmail.com> 2018-04-30 19:54:36 -04:00			`raise "Failed to change username" unless UsernameChanger.change(@user, make_anon_username)`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00
			`@user.reload`
			`@user.password = SecureRandom.hex`
			`@user.email = "#{@user.username}@example.com"`
Fixed anonymizer when 'full name required' setting is on When the setting 'full name required' is on the anonymizer was trying to set the user name to nil and this caused the user name and email to remain not anonymized. Now in this scenario the user name is set to the anonimized username and the email is anonymized correctly. 2016-03-17 02:43:21 -04:00			`@user.name = SiteSetting.full_name_required ? @user.username : nil`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`@user.date_of_birth = nil`
			`@user.title = nil`
FEATURE: Support anonymizing a user's IP addresses 2018-04-30 13:42:51 -04:00
FEATURE: Rename user in mentions and quotes Co-authored-by: Robin Ward <robin.ward@gmail.com> 2018-04-30 19:54:36 -04:00			`anonymize_ips(@opts[:anonymize_ip]) if @opts.has_key?(:anonymize_ip)`
FEATURE: Support anonymizing a user's IP addresses 2018-04-30 13:42:51 -04:00
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`@user.save`

PERF: shift most user options out of the user table As it stands we load up user records quite frequently on the topic pages, this in turn pulls all the columns for the users being selected, just to discard them after they are loaded New structure keeps all options in a discrete table, this is better organised and allows us to easily add more column without worrying about bloating the user table 2016-02-16 23:46:19 -05:00			`options = @user.user_option`
			`options.email_always = false`
			`options.mailing_list_mode = false`
			`options.email_digests = false`
			`options.email_private_messages = false`
			`options.email_direct = false`
			`options.save`

FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`profile = @user.user_profile`
			`profile.destroy if profile`
			`@user.create_user_profile`

			`@user.user_avatar.try(:destroy)`
			`@user.twitter_user_info.try(:destroy)`
			`@user.google_user_info.try(:destroy)`
			`@user.github_user_info.try(:destroy)`
			`@user.facebook_user_info.try(:destroy)`
			`@user.single_sign_on_record.try(:destroy)`
			`@user.oauth2_user_info.try(:destroy)`
FIX: Associated Instagram account was missing at some places 2018-03-01 06:10:27 -05:00			`@user.instagram_user_info.try(:destroy)`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`@user.user_open_ids.find_each { \|x\| x.destroy }`
			`@user.api_key.try(:destroy)`

Setting to prevent logging details when anonymizing 2018-03-05 14:38:18 -05:00			`history_details = {`
			`action: UserHistory.actions[:anonymize_user],`
			`target_user_id: @user.id,`
			`acting_user_id: @actor ? @actor.id : @user.id,`
			`}`

			`if SiteSetting.log_anonymizer_details?`
FEATURE: Support anonymizing a user's IP addresses 2018-04-30 13:42:51 -04:00			`history_details[:email] = @prev_email`
			`history_details[:details] = "username: #{@prev_username}"`
Setting to prevent logging details when anonymizing 2018-03-05 14:38:18 -05:00			`end`

			`@user_history = UserHistory.create(history_details)`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`end`
Add an event that is triggered when a user is anonymized 2018-05-02 12:25:06 -04:00
			`DiscourseEvent.trigger(:user_anonymized, user: @user, opts: @opts)`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`@user`
			`end`

FEATURE: Support anonymizing a user's IP addresses 2018-04-30 13:42:51 -04:00			`private`

			`def make_anon_username`
			`100.times do`
			`new_username = "anon#{(SecureRandom.random_number * 100000000).to_i}"`
			`return new_username unless User.where(username_lower: new_username).exists?`
			`end`
			`raise "Failed to generate an anon username"`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`end`
FEATURE: Support anonymizing a user's IP addresses 2018-04-30 13:42:51 -04:00
			`def ip_where(column = 'user_id')`
			`["#{column} = :user_id AND ip_address IS NOT NULL", user_id: @user.id]`
FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`end`
FEATURE: Support anonymizing a user's IP addresses 2018-04-30 13:42:51 -04:00
			`def anonymize_ips(new_ip)`
			`@user.ip_address = new_ip`
			`@user.registration_ip_address = new_ip`

			`IncomingLink.where(ip_where('current_user_id')).update_all(ip_address: new_ip)`
			`ScreenedEmail.where(email: @prev_email).update_all(ip_address: new_ip)`
			`SearchLog.where(ip_where).update_all(ip_address: new_ip)`
			`TopicLinkClick.where(ip_where).update_all(ip_address: new_ip)`
			`TopicViewItem.where(ip_where).update_all(ip_address: new_ip)`
			`UserHistory.where(ip_where('acting_user_id')).update_all(ip_address: new_ip)`
			`UserProfileView.where(ip_where).update_all(ip_address: new_ip)`

			`# UserHistory for delete_user logs the user's IP. Note this is quite ugly but we don't`
			`# have a better way of querying on details right now.`
			`UserHistory.where(`
			`"action = :action AND details LIKE 'id: #{@user.id}\n%'",`
			`action: UserHistory.actions[:delete_user]`
			`).update_all(ip_address: new_ip)`

			`end`

FEATURE: Anonymize User. A way to remove a user but keep their topics and posts. 2015-03-06 16:44:54 -05:00			`end`