remove cert fingerprints for disabled users, so that they cannot send email anymore. closes #7690

6 files changed, 46 insertions, 3 deletions

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 446b726..ec52cff 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -47,8 +47,7 @@ class UsersController < ApplicationController
   end
 
   def deactivate
-    @user.enabled = false
-    @user.save
+    @user.account.disable
     flash[:notice] = I18n.t("actions.user_disabled_message", username: @user.username)
     redirect_to :back
   end
diff --git a/app/controllers/v1/certs_controller.rb b/app/controllers/v1/certs_controller.rb
index 99aec16..ffa6e35 100644
--- a/app/controllers/v1/certs_controller.rb
+++ b/app/controllers/v1/certs_controller.rb
@@ -1,6 +1,7 @@
 class V1::CertsController < ApiController
 
   before_filter :require_login, :unless => :anonymous_access_allowed?
+  before_filter :require_enabled
 
   # GET /cert
   # deprecated - we actually create a new cert and that can
@@ -18,6 +19,12 @@ class V1::CertsController < ApiController
 
   protected
 
+  def require_enabled
+    if !current_user.is_anonymous? && !current_user.enabled?
+      access_denied
+    end
+  end
+
   def service_level
     current_user.effective_service_level
   end
diff --git a/app/controllers/v1/smtp_certs_controller.rb b/app/controllers/v1/smtp_certs_controller.rb
index 75f524c..5760645 100644
--- a/app/controllers/v1/smtp_certs_controller.rb
+++ b/app/controllers/v1/smtp_certs_controller.rb
@@ -3,6 +3,7 @@ class V1::SmtpCertsController < ApiController
   before_filter :require_login
   before_filter :require_email_account
   before_filter :fetch_identity
+  before_filter :require_enabled
 
   # POST /1/smtp_cert
   def create
@@ -22,6 +23,10 @@ class V1::SmtpCertsController < ApiController
     access_denied unless service_level.provides? 'email'
   end
 
+  def require_enabled
+    access_denied unless current_user.enabled?
+  end
+
   def fetch_identity
     @identity = current_user.identity
   end
diff --git a/app/models/account.rb b/app/models/account.rb
index a5cd833..46e5446 100644
--- a/app/models/account.rb
+++ b/app/models/account.rb
@@ -69,6 +69,17 @@ class Account
     @user.destroy
   end
 
+  # when a user is disable, all their data and associations remain
+  # in place, but the user should not be able to send email or
+  # create new authentication certificates.
+  def disable
+    if @user && !@user.tmp?
+      @user.enabled = false
+      @user.save
+      Identity.remove_cert_fingerprints_for(@user)
+    end
+  end
+
   protected
 
   def update_login(login)
diff --git a/app/models/anonymous_user.rb b/app/models/anonymous_user.rb
index 73e95e5..5745316 100644
--- a/app/models/anonymous_user.rb
+++ b/app/models/anonymous_user.rb
@@ -12,7 +12,7 @@ class AnonymousUser < Object
   def id
     nil
   end
-  
+
   def has_payment_info?
     false
   end
@@ -37,4 +37,7 @@ class AnonymousUser < Object
     true
   end
 
+  def enabled?
+    false
+  end
 end
diff --git a/app/models/identity.rb b/app/models/identity.rb
index 9dc9c7a..e4162c8 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -1,3 +1,11 @@
+#
+# NOTE: there is some confusing terminology between User and Identity:
+# If a user is disabled, the user still exists but has been marked as disabled
+# and this condition can be easily reversed. If an identity is disabled, then
+# it loses any association with the user and exists only to reserve that username
+# and prevent anyone else from registering it.
+#
+
 class Identity < CouchRest::Model::Base
   include LoginFormatValidation
 
@@ -59,6 +67,16 @@ class Identity < CouchRest::Model::Base
     end
   end
 
+  # if an identity is disabled, it loses contact
+  # with its former user. but sometimes we want to keep the association
+  # and remove the fingerprints that allow the user to send email.
+  def self.remove_cert_fingerprints_for(user)
+    Identity.by_user_id.key(user.id).each do |identity|
+      identity.write_attribute(:cert_fingerprints, {})
+      identity.save
+    end
+  end
+
   def self.destroy_all_for(user)
     Identity.by_user_id.key(user.id).each do |identity|
       identity.destroy