fix: unable to cancel erasure request after confirmation

extend.php

@@ -11,8 +11,10 @@
 
 namespace Flarum\Gdpr;
 
+use Flarum\Api\Controller\ShowForumController;
 use Flarum\Api\Controller\ShowUserController;
 use Flarum\Api\Serializer\BasicUserSerializer;
+use Flarum\Api\Serializer\CurrentUserSerializer;
 use Flarum\Api\Serializer\ForumSerializer;
 use Flarum\Api\Serializer\UserSerializer;
 use Flarum\Extend;
@@ -60,6 +62,9 @@
     (new Extend\ApiController(ShowUserController::class))
         ->addInclude('erasureRequest'),
 
+    (new Extend\ApiController(ShowForumController::class))
+        ->addInclude('actor.erasureRequest'),
+
     (new Extend\ApiSerializer(ForumSerializer::class))
         ->attributes(AddForumAttributes::class),
 

js/src/forum/components/RequestErasureModal.js → js/src/forum/components/RequestErasureModal.tsx

@@ -4,13 +4,22 @@ import Button from 'flarum/common/components/Button';
 import extractText from 'flarum/common/utils/extractText';
 import ItemList from 'flarum/common/utils/ItemList';
 import Stream from 'flarum/common/utils/Stream';
+import Mithril from 'mithril';
+import type User from 'flarum/common/models/User';
+import type ErasureRequest from '../../common/models/ErasureRequest';
 
 export default class RequestErasureModal extends Modal {
-  oninit(vnode) {
+  reason: Stream<string>;
+  password: Stream<string>;
+  user!: User | null;
+
+  oninit(vnode: Mithril.Vnode) {
     super.oninit(vnode);
 
     this.reason = Stream('');
     this.password = Stream('');
+
+    this.user = app.session.user;
   }
 
   className() {
@@ -30,11 +39,11 @@ export default class RequestErasureModal extends Modal {
   }
 
   fields() {
-    const items = new ItemList();
+    const items = new ItemList<Mithril.Children>();
 
-    const currRequest = app.session.user.erasureRequest();
+    const currRequest = this.user?.erasureRequest() as ErasureRequest | null;
 
-    if (currRequest) {
+    if (currRequest && currRequest.status() !== 'cancelled') {
       items.add(
         'status',
         <div className="Form-group">
@@ -87,7 +96,12 @@ export default class RequestErasureModal extends Modal {
           <textarea
             className="FormControl"
             value={this.reason()}
-            oninput={(e) => this.reason(e.target.value)}
+            oninput={(e: Event) => {
+              const target = e.target as HTMLTextAreaElement | null;
+              if (target) {
+                this.reason(target.value);
+              }
+            }}
             placeholder={extractText(app.translator.trans('flarum-gdpr.forum.request_erasure.reason_label'))}
           ></textarea>
         </div>
@@ -111,17 +125,19 @@ export default class RequestErasureModal extends Modal {
     return items;
   }
 
-  oncancel(e) {
+  oncancel(e: Event) {
     this.loading = true;
     m.redraw();
 
-    app.session.user
-      .erasureRequest()
-      .delete()
-      .then(() => {
-        this.loading = false;
-        m.redraw();
-      });
+    if (this.user) {
+      this.user
+        .erasureRequest()
+        .delete()
+        .then(() => {
+          this.loading = false;
+          m.redraw();
+        });
+    }
   }
 
   data() {
@@ -133,16 +149,18 @@ export default class RequestErasureModal extends Modal {
     };
   }
 
-  onsubmit(e) {
+  onsubmit(e: Event) {
     e.preventDefault();
 
     this.loading = true;
 
     app.store
-      .createRecord('user-erasure-requests')
+      .createRecord<ErasureRequest>('user-erasure-requests')
       .save(this.data(), { meta: { password: this.password() } })
       .then((erasureRequest) => {
-        app.session.user.pushData({ relationships: { erasureRequest } });
+        if (this.user) {
+          this.user.pushData({ relationships: { erasureRequest } });
+        }
         this.loading = false;
         m.redraw();
       })

migrations/2024_11_03_000002_modify_erasure_table_set_verification_token_nullable.php

@@ -0,0 +1,18 @@
+<?php
+
+use Flarum\Database\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Schema\Builder;
+
+return [
+    'up' => function (Builder $schema) {
+        $schema->table('gdpr_erasure', function (Blueprint $table) {
+            $table->string('verification_token')->nullable()->change();
+        });
+    },
+    'down' => function (Builder $schema) {
+        $schema->table('gdpr_erasure', function (Blueprint $table) {
+            $table->string('verification_token')->nullable(false)->change();
+        });
+    },
+];

src/Api/Controller/DeleteErasureRequestController.php

@@ -43,6 +43,7 @@ public function delete(ServerRequestInterface $request)
 
         $erasureRequest->status = ErasureRequest::STATUS_CANCELLED;
         $erasureRequest->cancelled_at = Carbon::now();
+        $erasureRequest->verification_token = null;
 
         $erasureRequest->save();
 

src/Http/Controller/ConfirmErasureController.php

@@ -46,6 +46,7 @@ public function handle(Request $request): ResponseInterface
 
         $erasureRequest->user_confirmed_at = Carbon::now();
         $erasureRequest->status = ErasureRequest::STATUS_USER_CONFIRMED;
+        $erasureRequest->cancelled_at = null;
         $erasureRequest->save();
 
         return new RedirectResponse($this->url->to('forum')->base().'?erasureRequestConfirmed=1');

tests/integration/api/CancelErasureTest.php

@@ -97,6 +97,7 @@ public function user_can_cancel_own_unconfirmed_erasure_request()
         $erasureRequest = ErasureRequest::query()->find(1);
 
         $this->assertEquals(ErasureRequest::STATUS_CANCELLED, $erasureRequest->status);
+        $this->assertNull($erasureRequest->verification_token);
 
         $notification = Notification::query()->where('user_id', 4)->where('type', 'gdpr_erasure_cancelled')->first();
 
@@ -119,6 +120,7 @@ public function user_can_cancel_own_confirmed_erasure_request()
         $erasureRequest = ErasureRequest::query()->find(2);
 
         $this->assertEquals(ErasureRequest::STATUS_CANCELLED, $erasureRequest->status);
+        $this->assertNull($erasureRequest->verification_token);
 
         $notification = Notification::query()->where('user_id', 5)->where('type', 'gdpr_erasure_cancelled')->first();
 
@@ -155,6 +157,7 @@ public function moderator_can_cancel_others_erasure_request()
         $erasureRequest = ErasureRequest::query()->find(1);
 
         $this->assertEquals(ErasureRequest::STATUS_CANCELLED, $erasureRequest->status);
+        $this->assertNull($erasureRequest->verification_token);
 
         $notification = Notification::query()->where('user_id', 4)->where('type', 'gdpr_erasure_cancelled')->first();