Add check that user no longer exists in MediaWiki when approving DPA

Universal-Omega · web-flow · commit 1a6942315731 · 2026-03-25T20:03:22.000-06:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -19,6 +19,7 @@ The main reasoning behind this choice is the software is not built to be extende
 - Added a user event when investigation is created from a report, rather than only when it is manually created separately.
 - Added validation to require supplying evidence to reports.
 - Added the `barryvdh/laravel-dompdf` library for generating PDFs from investigations.
+- Added check that a user no longer exists in MediaWiki when approving a DPA.
 
 ### Fixed
 
diff --git a/app/Http/Controllers/DPAController.php b/app/Http/Controllers/DPAController.php
@@ -13,6 +13,7 @@
 use Illuminate\Contracts\View\View;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Http;
 use function back;
 use function now;
 use function redirect;
@@ -99,6 +100,19 @@ public function create(): View
 	public function update( DPA $dpa, Request $request ): RedirectResponse
 	{
 		if ( $request->boolean( 'approve' ) ) {
+			$response = Http::get( 'https://login.miraheze.org/w/api.php', [
+				'format' => 'json',
+				'action' => 'query',
+				'meta' => 'globaluserinfo',
+				'guiuser' => $dpa->user->username,
+			] );
+
+			if ( isset( $response['query']['globaluserinfo']['id'] ) ) {
+				// Username still exists
+				$request->session()->flash( 'errorFlash', __( 'username-still-exists' ) );
+				return back();
+			}
+
 			$dpa->update( [ 'completed' => now() ] );
 			$dpa->user->update( [
 				'username' => 'MirahezeGDPR ' . $dpa->id,
diff --git a/resources/lang/en.json b/resources/lang/en.json
@@ -244,6 +244,7 @@
 	"username": "Username",
 	"username-exist": "The username must be a valid Miraheze username.",
 	"username-not-same": "You are not currently logged in as this user account.",
+	"username-still-exists": "This user still exists in MediaWiki. It must be processed in MediaWiki before you can approve this request.",
 	"users": "Users",
 	"users-list": "List All Users",
 	"wiki": "Wiki",
diff --git a/resources/views/dpa/view.blade.php b/resources/views/dpa/view.blade.php
@@ -4,6 +4,11 @@
 	</x-slot>
 	<x-slot name="content">
 		<h3 class="text-dark mb-4 fw-semibold">{{ __( 'dpa-new' ) }}</h3>
+		@if ( session( 'errorFlash' ) )
+			<div class="alert alert-danger text-center shadow-sm border-0">
+				{{ session( 'errorFlash' ) }}
+			</div>
+		@endif
 		<div class="row mb-3">
 			@if ( $dpa->reject )
 				<div role="alert" class="alert alert-danger text-center shadow-sm border-0">
