update doc for deactivate API

9570aa82 · Matthew Hodgson · 1e788db4 · 9570aa82 · 9570aa82
Commit 9570aa82 authored 6 years ago by Matthew Hodgson
--- a/docs/admin_api/user_admin_api.rst
+++ b/docs/admin_api/user_admin_api.rst
@@ -44,13 +44,26 @@ Deactivate Account

 This API deactivates an account. It removes active access tokens, resets the
 password, and deletes third-party IDs (to prevent the user requesting a
-password reset).
+password reset). It can also mark the user as GDPR-erased (stopping their data
+from distributed further, and deleting it entirely if there are no other
+references to it).

 The api is::

    POST /_matrix/client/r0/admin/deactivate/<user_id>

-including an ``access_token`` of a server admin, and an empty request body.
+with a body of:
+
+.. code:: json
+
+    {
+        "erase": true
+    }
+
+including an ``access_token`` of a server admin.
+
+The erase parameter is optional and defaults to 'false'.
+An empty body may be passed for backwards compatibility.


 Reset password

--- a/synapse/rest/client/v1/admin.py
+++ b/synapse/rest/client/v1/admin.py
@@ -249,7 +249,7 @@ class DeactivateAccountRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def on_POST(self, request, target_user_id):
-        body = parse_json_object_from_request(request)
+        body = parse_json_object_from_request(request, allow_empty_body=True)
        erase = body.get("erase", False)
        if not isinstance(erase, bool):
            raise SynapseError(