FIX: Remove user fields when anonymizing user

2018-09-07 00:02:47 +02:00 · 2018-09-07 00:02:47 +02:00 · 797cbf8653
parent ea2f13c71b
commit 797cbf8653
5 changed files with 33 additions and 4 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -117,7 +117,7 @@ class UsersController < ApplicationController
        val = val[0...UserField.max_length] if val

        return render_json_error(I18n.t("login.missing_user_field")) if val.blank? && f.required?
-        attributes[:custom_fields]["user_field_#{f.id}"] = val
+        attributes[:custom_fields]["#{User::USER_FIELD_PREFIX}#{f.id}"] = val
      end
    end

@ -352,7 +352,7 @@ class UsersController < ApplicationController
        if field_val.blank?
          return fail_with("login.missing_user_field") if f.required?
        else
-          fields["user_field_#{f.id}"] = field_val[0...UserField.max_length]
+          fields["#{User::USER_FIELD_PREFIX}#{f.id}"] = field_val[0...UserField.max_length]
        end
      end

--- a/app/jobs/regular/anonymize_user.rb
+++ b/app/jobs/regular/anonymize_user.rb
@ -23,6 +23,8 @@ module Jobs
        .where(user_id: @user_id)
        .where.not(raw_email: nil)
        .update_all(raw_email: nil)
+
+      anonymize_user_fields
    end

    def ip_where(column = 'user_id')
@ -46,5 +48,15 @@ module Jobs
      ).update_all(ip_address: new_ip)
    end

+    def anonymize_user_fields
+      user_field_ids = UserField.pluck(:id)
+      user = User.find(@user_id)
+      return if user_field_ids.blank? || user.blank?
+
+      user_field_ids.each do |field_id|
+        user.custom_fields.delete("#{User::USER_FIELD_PREFIX}#{field_id}")
+      end
+      user.save!
+    end
  end
 end
--- a/app/models/invite_redeemer.rb
+++ b/app/models/invite_redeemer.rb
@ -44,7 +44,7 @@ InviteRedeemer = Struct.new(:invite, :username, :name, :password, :user_custom_f

      user_fields.each do |f|
        field_val = field_params[f.id.to_s]
-        fields["user_field_#{f.id}"] = field_val[0...UserField.max_length] unless field_val.blank?
+        fields["#{User::USER_FIELD_PREFIX}#{f.id}"] = field_val[0...UserField.max_length] unless field_val.blank?
      end
      user.custom_fields = fields
    end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -984,13 +984,15 @@ class User < ActiveRecord::Base
    result
  end

+  USER_FIELD_PREFIX ||= "user_field_"
+
  def user_fields
    return @user_fields if @user_fields
    user_field_ids = UserField.pluck(:id)
    if user_field_ids.present?
      @user_fields = {}
      user_field_ids.each do |fid|
-        @user_fields[fid.to_s] = custom_fields["user_field_#{fid}"]
+        @user_fields[fid.to_s] = custom_fields["#{USER_FIELD_PREFIX}#{fid}"]
      end
    end
    @user_fields
--- a/spec/services/user_anonymizer_spec.rb
+++ b/spec/services/user_anonymizer_spec.rb
@ -256,6 +256,21 @@ describe UserAnonymizer do
        UserProfileView.add(user.id, '127.0.0.1', another_user.id, Time.now, true)
        expect { make_anonymous }.to_not change { UserProfileView.count }
      end
+
+      it "removes user field values" do
+        field1 = Fabricate(:user_field)
+        field2 = Fabricate(:user_field)
+
+        user.custom_fields = {
+          "some_field": "123",
+          "user_field_#{field1.id}": "foo",
+          "user_field_#{field2.id}": "bar",
+          "another_field": "456"
+        }
+
+        expect { make_anonymous }.to change { user.custom_fields }
+        expect(user.reload.custom_fields).to eq("some_field" => "123", "another_field" => "456")
+      end
    end
  end