Setting to prevent logging details when anonymizing

app/services/user_anonymizer.rb

@@ -1,7 +1,11 @@
 class UserAnonymizer
+
+  attr_reader :user_history
+
   def initialize(user, actor = nil)
     @user = user
     @actor = actor
+    @user_history = nil
   end
 
   def self.make_anonymous(user, actor = nil)
@@ -49,11 +53,18 @@ class UserAnonymizer
       @user.user_open_ids.find_each { |x| x.destroy }
       @user.api_key.try(:destroy)
 
-      UserHistory.create(action: UserHistory.actions[:anonymize_user],
+      history_details = {
+        action: UserHistory.actions[:anonymize_user],
         target_user_id: @user.id,
         acting_user_id: @actor ? @actor.id : @user.id,
-                         email: prev_email,
+      }
-                         details: "username: #{prev_username}")
+
+      if SiteSetting.log_anonymizer_details?
+        history_details[:email] = prev_email
+        history_details[:details] = "username: #{prev_username}"
+      end
+
+      @user_history = UserHistory.create(history_details)
     end
     @user
   end

config/locales/server.en.yml

@@ -1384,6 +1384,7 @@ en:
     faq_url: "If you have a FAQ hosted elsewhere that you want to use, provide the full URL here."
     tos_url: "If you have a Terms of Service document hosted elsewhere that you want to use, provide the full URL here."
     privacy_policy_url: "If you have a Privacy Policy document hosted elsewhere that you want to use, provide the full URL here."
+    log_anonymizer_details: "Whether to keep a user's details in the log after being anonymized. When complying to GDPR you'll need to turn this off."
 
     newuser_spam_host_threshold: "How many times a new user can post a link to the same host within their `newuser_spam_host_threshold` posts before being considered spam."
 

config/site_settings.yml

@@ -1219,6 +1219,8 @@ legal:
   faq_url:
     client: true
     default: ''
+  log_anonymizer_details:
+    default: true
 
 backups:
   enable_backups:

spec/services/user_anonymizer_spec.rb

@@ -101,8 +101,30 @@ describe UserAnonymizer do
       expect(user.uploaded_avatar_id).to eq(nil)
     end
 
-    it "logs the action" do
+    it "logs the action with the original details" do
-      expect { make_anonymous }.to change { UserHistory.count }.by(1)
+      SiteSetting.log_anonymizer_details = true
+      helper = UserAnonymizer.new(user, admin)
+      orig_email = user.email
+      orig_username = user.username
+      helper.make_anonymous
+
+      history = helper.user_history
+      expect(history).to be_present
+      expect(history.email).to eq(orig_email)
+      expect(history.details).to match(orig_username)
+    end
+
+    it "logs the action without the original details" do
+      SiteSetting.log_anonymizer_details = false
+      helper = UserAnonymizer.new(user, admin)
+      orig_email = user.email
+      orig_username = user.username
+      helper.make_anonymous
+
+      history = helper.user_history
+      expect(history).to be_present
+      expect(history.email).not_to eq(orig_email)
+      expect(history.details).not_to match(orig_username)
     end
 
     it "removes external auth assocations" do