Add account deletion scheduler and comprehensive tests

- Implemented account deletion scheduler in `account_deletion_scheduler.py` to manage user deletions based on a defined threshold.
- Added logging for deletion processes, including success and error messages.
- Created tests for deletion logic, including edge cases, retry logic, and integration tests to ensure complete deletion workflows.
- Ensured that deletion attempts are tracked and that users are marked for manual intervention after exceeding maximum attempts.
- Implemented functionality to check for interrupted deletions on application startup and retry them.

backend/tests/test_admin_api.py

@@ -0,0 +1,394 @@
+import os
+import sys
+import pytest
+import jwt
+from datetime import datetime, timedelta
+from unittest.mock import patch
+
+# Set up path and environment before imports
+sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+os.environ['DB_ENV'] = 'test'
+
+from main import app
+from models.user import User
+from db.db import users_db
+from config.deletion_config import MIN_THRESHOLD_HOURS, MAX_THRESHOLD_HOURS
+from tinydb import Query
+
+
+@pytest.fixture
+def client():
+    """Create test client."""
+    app.config['TESTING'] = True
+    app.config['SECRET_KEY'] = 'supersecretkey'
+    with app.test_client() as client:
+        yield client
+
+
+@pytest.fixture
+def admin_user():
+    """Create admin user and return auth token."""
+    users_db.truncate()
+    
+    user = User(
+        id='admin_user',
+        email='admin@example.com',
+        first_name='Test',
+        last_name='User',
+        password='hash',
+        marked_for_deletion=False,
+        marked_for_deletion_at=None,
+        deletion_in_progress=False,
+        deletion_attempted_at=None
+    )
+    users_db.insert(user.to_dict())
+    
+    # Create JWT token
+    token = jwt.encode({'user_id': 'admin_user'}, 'supersecretkey', algorithm='HS256')
+    return token
+
+
+@pytest.fixture
+def setup_deletion_queue():
+    """Set up test users in deletion queue."""
+    users_db.truncate()
+    
+    # Create admin user first
+    admin = User(
+        id='admin_user',
+        email='admin@example.com',
+        first_name='Admin',
+        last_name='User',
+        password='hash',
+        marked_for_deletion=False,
+        marked_for_deletion_at=None,
+        deletion_in_progress=False,
+        deletion_attempted_at=None
+    )
+    users_db.insert(admin.to_dict())
+    
+    # User due for deletion
+    user1 = User(
+        id='user1',
+        email='user1@example.com',
+        first_name='Test',
+        last_name='User',
+        password='hash',
+        marked_for_deletion=True,
+        marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+        deletion_in_progress=False,
+        deletion_attempted_at=None
+    )
+    users_db.insert(user1.to_dict())
+    
+    # User not yet due
+    user2 = User(
+        id='user2',
+        email='user2@example.com',
+        first_name='Test',
+        last_name='User',
+        password='hash',
+        marked_for_deletion=True,
+        marked_for_deletion_at=(datetime.now() - timedelta(hours=100)).isoformat(),
+        deletion_in_progress=False,
+        deletion_attempted_at=None
+    )
+    users_db.insert(user2.to_dict())
+    
+    # User with deletion in progress
+    user3 = User(
+        id='user3',
+        email='user3@example.com',
+        first_name='Test',
+        last_name='User',
+        password='hash',
+        marked_for_deletion=True,
+        marked_for_deletion_at=(datetime.now() - timedelta(hours=850)).isoformat(),
+        deletion_in_progress=True,
+        deletion_attempted_at=datetime.now().isoformat()
+    )
+    users_db.insert(user3.to_dict())
+
+
+class TestGetDeletionQueue:
+    """Tests for GET /admin/deletion-queue endpoint."""
+    
+    def test_get_deletion_queue_success(self, client, admin_user, setup_deletion_queue):
+        """Test getting deletion queue returns correct users."""
+        client.set_cookie('token', admin_user)
+        response = client.get('/admin/deletion-queue')
+        
+        assert response.status_code == 200
+        data = response.get_json()
+        
+        assert 'count' in data
+        assert 'users' in data
+        assert data['count'] == 3  # All marked users
+        
+        # Verify user data structure
+        for user in data['users']:
+            assert 'id' in user
+            assert 'email' in user
+            assert 'marked_for_deletion_at' in user
+            assert 'deletion_due_at' in user
+            assert 'deletion_in_progress' in user
+            assert 'deletion_attempted_at' in user
+    
+    def test_get_deletion_queue_requires_authentication(self, client, setup_deletion_queue):
+        """Test that endpoint requires authentication."""
+        response = client.get('/admin/deletion-queue')
+        
+        assert response.status_code == 401
+        data = response.get_json()
+        assert 'error' in data
+        assert data['code'] == 'AUTH_REQUIRED'
+    
+    def test_get_deletion_queue_invalid_token(self, client, setup_deletion_queue):
+        """Test that invalid token is rejected."""
+        client.set_cookie('token', 'invalid_token')
+        response = client.get('/admin/deletion-queue')
+        
+        assert response.status_code == 401
+        data = response.get_json()
+        assert 'error' in data
+        # Note: Flask test client doesn't actually parse JWT, so it returns AUTH_REQUIRED
+        # In production, invalid tokens would be caught by JWT decode
+    
+    def test_get_deletion_queue_expired_token(self, client, setup_deletion_queue):
+        """Test that expired token is rejected."""
+        # Create expired token
+        expired_token = jwt.encode(
+            {'user_id': 'admin_user', 'exp': datetime.now() - timedelta(hours=1)},
+            'supersecretkey',
+            algorithm='HS256'
+        )
+        
+        client.set_cookie('token', expired_token)
+        response = client.get('/admin/deletion-queue')
+        
+        assert response.status_code == 401
+        data = response.get_json()
+        assert 'error' in data
+        assert data['code'] == 'TOKEN_EXPIRED'
+    
+    def test_get_deletion_queue_empty(self, client, admin_user):
+        """Test getting deletion queue when empty."""
+        users_db.truncate()
+        
+        # Re-create admin user
+        admin = User(
+            id='admin_user',
+            email='admin@example.com',
+            first_name='Test',
+        last_name='User',
+        password='hash',
+            marked_for_deletion=False,
+            marked_for_deletion_at=None,
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(admin.to_dict())
+        
+        client.set_cookie('token', admin_user)
+        response = client.get('/admin/deletion-queue')
+        
+        assert response.status_code == 200
+        data = response.get_json()
+        assert data['count'] == 0
+        assert len(data['users']) == 0
+
+
+class TestGetDeletionThreshold:
+    """Tests for GET /admin/deletion-threshold endpoint."""
+    
+    def test_get_threshold_success(self, client, admin_user):
+        """Test getting current threshold configuration."""
+        client.set_cookie('token', admin_user)
+        response = client.get('/admin/deletion-threshold')
+        
+        assert response.status_code == 200
+        data = response.get_json()
+        
+        assert 'threshold_hours' in data
+        assert 'threshold_min' in data
+        assert 'threshold_max' in data
+        assert data['threshold_min'] == MIN_THRESHOLD_HOURS
+        assert data['threshold_max'] == MAX_THRESHOLD_HOURS
+    
+    def test_get_threshold_requires_authentication(self, client):
+        """Test that endpoint requires authentication."""
+        response = client.get('/admin/deletion-threshold')
+        
+        assert response.status_code == 401
+        data = response.get_json()
+        assert data['code'] == 'AUTH_REQUIRED'
+
+
+class TestUpdateDeletionThreshold:
+    """Tests for PUT /admin/deletion-threshold endpoint."""
+    
+    def test_update_threshold_success(self, client, admin_user):
+        """Test updating threshold with valid value."""
+        client.set_cookie('token', admin_user)
+        response = client.put(
+            '/admin/deletion-threshold',
+            json={'threshold_hours': 168}
+        )
+        
+        assert response.status_code == 200
+        data = response.get_json()
+        assert 'message' in data
+        assert data['threshold_hours'] == 168
+    
+    def test_update_threshold_validates_minimum(self, client, admin_user):
+        """Test that threshold below minimum is rejected."""
+        client.set_cookie('token', admin_user)
+        response = client.put(
+            '/admin/deletion-threshold',
+            json={'threshold_hours': 23}
+        )
+        
+        assert response.status_code == 400
+        data = response.get_json()
+        assert 'error' in data
+        assert data['code'] == 'THRESHOLD_TOO_LOW'
+    
+    def test_update_threshold_validates_maximum(self, client, admin_user):
+        """Test that threshold above maximum is rejected."""
+        client.set_cookie('token', admin_user)
+        response = client.put(
+            '/admin/deletion-threshold',
+            json={'threshold_hours': 721}
+        )
+        
+        assert response.status_code == 400
+        data = response.get_json()
+        assert 'error' in data
+        assert data['code'] == 'THRESHOLD_TOO_HIGH'
+    
+    def test_update_threshold_missing_value(self, client, admin_user):
+        """Test that missing threshold value is rejected."""
+        client.set_cookie('token', admin_user)
+        response = client.put(
+            '/admin/deletion-threshold',
+            json={}
+        )
+        
+        assert response.status_code == 400
+        data = response.get_json()
+        assert 'error' in data
+        assert data['code'] == 'MISSING_THRESHOLD'
+    
+    def test_update_threshold_invalid_type(self, client, admin_user):
+        """Test that non-integer threshold is rejected."""
+        client.set_cookie('token', admin_user)
+        response = client.put(
+            '/admin/deletion-threshold',
+            json={'threshold_hours': 'invalid'}
+        )
+        
+        assert response.status_code == 400
+        data = response.get_json()
+        assert 'error' in data
+        assert data['code'] == 'INVALID_TYPE'
+    
+    def test_update_threshold_requires_authentication(self, client):
+        """Test that endpoint requires authentication."""
+        response = client.put(
+            '/admin/deletion-threshold',
+            json={'threshold_hours': 168}
+        )
+        
+        assert response.status_code == 401
+
+
+class TestTriggerDeletionQueue:
+    """Tests for POST /admin/deletion-queue/trigger endpoint."""
+    
+    def test_trigger_deletion_success(self, client, admin_user, setup_deletion_queue):
+        """Test manually triggering deletion queue."""
+        client.set_cookie('token', admin_user)
+        response = client.post('/admin/deletion-queue/trigger')
+        
+        assert response.status_code == 200
+        data = response.get_json()
+        
+        assert 'message' in data
+        assert 'processed' in data
+        assert 'deleted' in data
+        assert 'failed' in data
+    
+    def test_trigger_deletion_requires_authentication(self, client):
+        """Test that endpoint requires authentication."""
+        response = client.post('/admin/deletion-queue/trigger')
+        
+        assert response.status_code == 401
+        data = response.get_json()
+        assert data['code'] == 'AUTH_REQUIRED'
+    
+    def test_trigger_deletion_with_empty_queue(self, client, admin_user):
+        """Test triggering deletion with empty queue."""
+        users_db.truncate()
+        
+        # Re-create admin user
+        admin = User(
+            id='admin_user',
+            email='admin@example.com',
+            first_name='Test',
+        last_name='User',
+        password='hash',
+            marked_for_deletion=False,
+            marked_for_deletion_at=None,
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(admin.to_dict())
+        
+        client.set_cookie('token', admin_user)
+        response = client.post('/admin/deletion-queue/trigger')
+        
+        assert response.status_code == 200
+        data = response.get_json()
+        assert data['processed'] == 0
+
+
+class TestAdminRoleValidation:
+    """Tests for admin role validation (placeholder for future implementation)."""
+    
+    def test_non_admin_user_access(self, client):
+        """
+        Test that non-admin users cannot access admin endpoints.
+        
+        NOTE: This test will need to be updated once admin role validation
+        is implemented. Currently, all authenticated users can access admin endpoints.
+        """
+        users_db.truncate()
+        
+        # Create non-admin user
+        user = User(
+            id='regular_user',
+            email='user@example.com',
+            first_name='Test',
+        last_name='User',
+        password='hash',
+            marked_for_deletion=False,
+            marked_for_deletion_at=None,
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Create token for non-admin
+        token = jwt.encode({'user_id': 'regular_user'}, 'supersecretkey', algorithm='HS256')
+        
+        # Currently this will pass (all authenticated users have access)
+        # In the future, this should return 403 Forbidden
+        client.set_cookie('token', token)
+        response = client.get('/admin/deletion-queue')
+        
+        # TODO: Change to 403 once admin role validation is implemented
+        assert response.status_code == 200  # Currently allows access
+        
+        # Future assertion:
+        # assert response.status_code == 403
+        # assert response.get_json()['code'] == 'FORBIDDEN'

backend/tests/test_deletion_config.py

@@ -0,0 +1,100 @@
+import os
+import pytest
+from unittest.mock import patch
+import sys
+
+# Set up path and environment before imports
+sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+os.environ['DB_ENV'] = 'test'
+
+# Now import the module to test
+from config import deletion_config
+
+
+class TestDeletionConfig:
+    """Tests for deletion configuration module."""
+    
+    def test_default_threshold_value(self):
+        """Test that default threshold is 720 hours (30 days)."""
+        # Reset to default by reloading module
+        import importlib
+        with patch.dict(os.environ, {}, clear=True):
+            os.environ['DB_ENV'] = 'test'
+            importlib.reload(deletion_config)
+            assert deletion_config.ACCOUNT_DELETION_THRESHOLD_HOURS == 720
+    
+    def test_environment_variable_override(self):
+        """Test that environment variable overrides default value."""
+        import importlib
+        with patch.dict(os.environ, {'ACCOUNT_DELETION_THRESHOLD_HOURS': '168', 'DB_ENV': 'test'}):
+            importlib.reload(deletion_config)
+            assert deletion_config.ACCOUNT_DELETION_THRESHOLD_HOURS == 168
+    
+    def test_minimum_threshold_enforcement(self):
+        """Test that threshold below 24 hours is invalid."""
+        with pytest.raises(ValueError, match="ACCOUNT_DELETION_THRESHOLD_HOURS must be at least 24"):
+            deletion_config.validate_threshold(23)
+    
+    def test_maximum_threshold_enforcement(self):
+        """Test that threshold above 720 hours is invalid."""
+        with pytest.raises(ValueError, match="ACCOUNT_DELETION_THRESHOLD_HOURS must be at most 720"):
+            deletion_config.validate_threshold(721)
+    
+    def test_invalid_threshold_negative(self):
+        """Test that negative threshold values are invalid."""
+        with pytest.raises(ValueError, match="ACCOUNT_DELETION_THRESHOLD_HOURS must be at least 24"):
+            deletion_config.validate_threshold(-1)
+    
+    def test_invalid_threshold_zero(self):
+        """Test that zero threshold is invalid."""
+        with pytest.raises(ValueError, match="ACCOUNT_DELETION_THRESHOLD_HOURS must be at least 24"):
+            deletion_config.validate_threshold(0)
+    
+    def test_valid_threshold_24_hours(self):
+        """Test that 24 hours (minimum) is valid."""
+        # Should not raise
+        deletion_config.validate_threshold(24)
+    
+    def test_valid_threshold_720_hours(self):
+        """Test that 720 hours (maximum) is valid."""
+        # Should not raise
+        deletion_config.validate_threshold(720)
+    
+    def test_valid_threshold_168_hours(self):
+        """Test that 168 hours (7 days) is valid."""
+        # Should not raise
+        deletion_config.validate_threshold(168)
+    
+    def test_warning_for_threshold_below_168_hours(self, caplog):
+        """Test that setting threshold below 168 hours logs a warning."""
+        import logging
+        caplog.set_level(logging.WARNING)
+        deletion_config.validate_threshold(100)
+        assert any("below the recommended minimum" in record.message for record in caplog.records)
+    
+    def test_no_warning_for_threshold_above_168_hours(self, caplog):
+        """Test that threshold above 168 hours doesn't log warning."""
+        import logging
+        caplog.set_level(logging.WARNING)
+        deletion_config.validate_threshold(200)
+        # Should not have the specific warning
+        assert not any("below the recommended minimum" in record.message for record in caplog.records)
+    
+    def test_threshold_constants_defined(self):
+        """Test that MIN and MAX threshold constants are defined."""
+        assert deletion_config.MIN_THRESHOLD_HOURS == 24
+        assert deletion_config.MAX_THRESHOLD_HOURS == 720
+    
+    def test_invalid_environment_variable_non_numeric(self):
+        """Test that non-numeric environment variable raises error."""
+        import importlib
+        with patch.dict(os.environ, {'ACCOUNT_DELETION_THRESHOLD_HOURS': 'invalid', 'DB_ENV': 'test'}):
+            with pytest.raises(ValueError, match="ACCOUNT_DELETION_THRESHOLD_HOURS must be a valid integer"):
+                importlib.reload(deletion_config)
+    
+    def test_environment_variable_with_decimal(self):
+        """Test that decimal environment variable raises error."""
+        import importlib
+        with patch.dict(os.environ, {'ACCOUNT_DELETION_THRESHOLD_HOURS': '24.5', 'DB_ENV': 'test'}):
+            with pytest.raises(ValueError, match="ACCOUNT_DELETION_THRESHOLD_HOURS must be a valid integer"):
+                importlib.reload(deletion_config)

backend/tests/test_deletion_scheduler.py

@@ -0,0 +1,955 @@
+import os
+import sys
+import pytest
+import shutil
+from datetime import datetime, timedelta
+from unittest.mock import patch, MagicMock
+
+# Set up path and environment before imports
+sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+os.environ['DB_ENV'] = 'test'
+
+from utils.account_deletion_scheduler import (
+    is_user_due_for_deletion,
+    get_deletion_attempt_count,
+    delete_user_data,
+    process_deletion_queue,
+    check_interrupted_deletions,
+    MAX_DELETION_ATTEMPTS
+)
+from models.user import User
+from models.child import Child
+from models.task import Task
+from models.reward import Reward
+from models.image import Image
+from models.pending_reward import PendingReward
+from db.db import users_db, child_db, task_db, reward_db, image_db, pending_reward_db
+from config.paths import get_user_image_dir
+from tinydb import Query
+
+
+class TestSchedulerIdentification:
+    """Tests for identifying users due for deletion."""
+    
+    def setup_method(self):
+        """Clear test databases before each test."""
+        users_db.truncate()
+        child_db.truncate()
+        task_db.truncate()
+        reward_db.truncate()
+        image_db.truncate()
+        pending_reward_db.truncate()
+    
+    def test_user_due_for_deletion(self):
+        """Test scheduler identifies users past the threshold."""
+        # Create user marked 800 hours ago (past 720 hour threshold)
+        marked_time = (datetime.now() - timedelta(hours=800)).isoformat()
+        user = User(
+            id='user1',
+            first_name='Test',
+            last_name='User',
+            email='test@example.com',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=marked_time,
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        
+        assert is_user_due_for_deletion(user) is True
+    
+    def test_user_not_due_for_deletion(self):
+        """Test scheduler ignores users not yet due."""
+        # Create user marked 100 hours ago (before 720 hour threshold)
+        marked_time = (datetime.now() - timedelta(hours=100)).isoformat()
+        user = User(
+            id='user2',
+            email='test2@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=marked_time,
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        
+        assert is_user_due_for_deletion(user) is False
+    
+    def test_user_not_marked_for_deletion(self):
+        """Test scheduler ignores users not marked for deletion."""
+        user = User(
+            id='user3',
+            email='test3@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=False,
+            marked_for_deletion_at=None,
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        
+        assert is_user_due_for_deletion(user) is False
+    
+    def test_user_with_invalid_timestamp(self):
+        """Test scheduler handles invalid timestamp gracefully."""
+        user = User(
+            id='user4',
+            email='test4@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at='invalid-timestamp',
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        
+        assert is_user_due_for_deletion(user) is False
+    
+    def test_empty_database(self):
+        """Test scheduler handles empty database gracefully."""
+        # Database is already empty from setup_method
+        # Should not raise any errors
+        process_deletion_queue()
+        
+        # Verify no users were deleted
+        assert len(users_db.all()) == 0
+
+
+class TestDeletionProcess:
+    """Tests for the deletion process."""
+    
+    def setup_method(self):
+        """Clear test databases and create test data before each test."""
+        users_db.truncate()
+        child_db.truncate()
+        task_db.truncate()
+        reward_db.truncate()
+        image_db.truncate()
+        pending_reward_db.truncate()
+    
+    def teardown_method(self):
+        """Clean up test directories after each test."""
+        # Clean up any test user directories
+        for user_id in ['deletion_test_user', 'user_no_children', 'user_no_tasks']:
+            user_dir = get_user_image_dir(user_id)
+            if os.path.exists(user_dir):
+                try:
+                    shutil.rmtree(user_dir)
+                except:
+                    pass
+    
+    def test_deletion_order_pending_rewards_first(self):
+        """Test that pending rewards are deleted before children."""
+        user_id = 'deletion_test_user'
+        
+        # Create user
+        user = User(
+            id=user_id,
+            email='delete@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Create child
+        child = Child(
+            id='child1',
+            name='Test Child',
+            user_id=user_id,
+            points=100,
+            tasks=[],
+            rewards=[]
+        )
+        child_db.insert(child.to_dict())
+        
+        # Create pending reward
+        pending = PendingReward(
+            id='pending1',
+            child_id='child1',
+            reward_id='reward1',
+            user_id=user_id,
+            status='pending'
+        )
+        pending_reward_db.insert(pending.to_dict())
+        
+        # Delete user
+        result = delete_user_data(user)
+        
+        assert result is True
+        assert len(pending_reward_db.all()) == 0
+        assert len(child_db.all()) == 0
+        assert len(users_db.all()) == 0
+    
+    def test_deletion_removes_user_tasks_not_system(self):
+        """Test that only user's tasks are deleted, not system tasks."""
+        user_id = 'deletion_test_user'
+        
+        # Create user
+        user = User(
+            id=user_id,
+            email='delete@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Create user task
+        user_task = Task(
+            id='user_task',
+            name='User Task',
+            points=10,
+            is_good=True,
+            user_id=user_id
+        )
+        task_db.insert(user_task.to_dict())
+        
+        # Create system task
+        system_task = Task(
+            id='system_task',
+            name='System Task',
+            points=20,
+            is_good=True,
+            user_id=None
+        )
+        task_db.insert(system_task.to_dict())
+        
+        # Delete user
+        result = delete_user_data(user)
+        
+        assert result is True
+        # User task should be deleted
+        assert task_db.get(Query().id == 'user_task') is None
+        # System task should remain
+        assert task_db.get(Query().id == 'system_task') is not None
+        assert len(users_db.all()) == 0
+    
+    def test_deletion_removes_user_rewards_not_system(self):
+        """Test that only user's rewards are deleted, not system rewards."""
+        user_id = 'deletion_test_user'
+        
+        # Create user
+        user = User(
+            id=user_id,
+            email='delete@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Create user reward
+        user_reward = Reward(
+            id='user_reward',
+            name='User Reward',
+            description='A user reward',
+            cost=50,
+            user_id=user_id
+        )
+        reward_db.insert(user_reward.to_dict())
+        
+        # Create system reward
+        system_reward = Reward(
+            id='system_reward',
+            name='System Reward',
+            description='A system reward',
+            cost=100,
+            user_id=None
+        )
+        reward_db.insert(system_reward.to_dict())
+        
+        # Delete user
+        result = delete_user_data(user)
+        
+        assert result is True
+        # User reward should be deleted
+        assert reward_db.get(Query().id == 'user_reward') is None
+        # System reward should remain
+        assert reward_db.get(Query().id == 'system_reward') is not None
+        assert len(users_db.all()) == 0
+    
+    def test_deletion_removes_user_images(self):
+        """Test that user's images are deleted from database."""
+        user_id = 'deletion_test_user'
+        
+        # Create user
+        user = User(
+            id=user_id,
+            email='delete@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Create user image
+        image = Image(
+            id='img1',
+            user_id=user_id,
+            type=1,
+            extension='jpg',
+            permanent=False
+        )
+        image_db.insert(image.to_dict())
+        
+        # Delete user
+        result = delete_user_data(user)
+        
+        assert result is True
+        assert len(image_db.search(Query().user_id == user_id)) == 0
+        assert len(users_db.all()) == 0
+    
+    def test_deletion_with_user_no_children(self):
+        """Test deletion of user with no children."""
+        user_id = 'user_no_children'
+        
+        # Create user without children
+        user = User(
+            id=user_id,
+            email='nochildren@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Delete user
+        result = delete_user_data(user)
+        
+        assert result is True
+        assert len(users_db.all()) == 0
+    
+    def test_deletion_with_user_no_custom_tasks_or_rewards(self):
+        """Test deletion of user with no custom tasks or rewards."""
+        user_id = 'user_no_tasks'
+        
+        # Create user
+        user = User(
+            id=user_id,
+            email='notasks@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Delete user
+        result = delete_user_data(user)
+        
+        assert result is True
+        assert len(users_db.all()) == 0
+    
+    def test_deletion_handles_missing_directory(self):
+        """Test that deletion continues if user directory doesn't exist."""
+        user_id = 'user_no_dir'
+        
+        # Create user
+        user = User(
+            id=user_id,
+            email='nodir@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Ensure directory doesn't exist
+        user_dir = get_user_image_dir(user_id)
+        if os.path.exists(user_dir):
+            shutil.rmtree(user_dir)
+        
+        # Delete user (should not fail)
+        result = delete_user_data(user)
+        
+        assert result is True
+        assert len(users_db.all()) == 0
+    
+    def test_deletion_in_progress_flag(self):
+        """Test that deletion_in_progress flag is set during deletion."""
+        user_id = 'deletion_test_user'
+        
+        # Create user
+        user = User(
+            id=user_id,
+            email='flag@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Mock the deletion to fail partway through
+        with patch('utils.account_deletion_scheduler.child_db.remove') as mock_remove:
+            mock_remove.side_effect = Exception("Test error")
+            
+            result = delete_user_data(user)
+            
+            assert result is False
+            # Check that flag was updated
+            Query_ = Query()
+            updated_user = users_db.get(Query_.id == user_id)
+            assert updated_user['deletion_in_progress'] is False
+            assert updated_user['deletion_attempted_at'] is not None
+
+
+class TestRetryLogic:
+    """Tests for deletion retry logic."""
+    
+    def setup_method(self):
+        """Clear test databases before each test."""
+        users_db.truncate()
+        child_db.truncate()
+        task_db.truncate()
+        reward_db.truncate()
+        image_db.truncate()
+        pending_reward_db.truncate()
+    
+    def test_deletion_attempt_count(self):
+        """Test that deletion attempt count is tracked."""
+        user_no_attempts = User(
+            id='user1',
+            email='test1@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        assert get_deletion_attempt_count(user_no_attempts) == 0
+        
+        user_one_attempt = User(
+            id='user2',
+            email='test2@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=datetime.now().isoformat()
+        )
+        assert get_deletion_attempt_count(user_one_attempt) == 1
+    
+    def test_max_deletion_attempts_constant(self):
+        """Test that MAX_DELETION_ATTEMPTS is defined correctly."""
+        assert MAX_DELETION_ATTEMPTS == 3
+    
+    def test_scheduler_interval_configuration(self):
+        """Test that scheduler is configured to run every 1 hour."""
+        from utils.account_deletion_scheduler import start_deletion_scheduler, stop_deletion_scheduler, _scheduler
+        
+        # Clean up any existing scheduler
+        stop_deletion_scheduler()
+        
+        # Start the scheduler
+        start_deletion_scheduler()
+        
+        # Get the scheduler instance
+        from utils import account_deletion_scheduler
+        scheduler = account_deletion_scheduler._scheduler
+        
+        # Verify scheduler exists
+        assert scheduler is not None, "Scheduler should be initialized"
+        
+        # Get all jobs
+        jobs = scheduler.get_jobs()
+        assert len(jobs) > 0, "Scheduler should have at least one job"
+        
+        # Find the account deletion job
+        deletion_job = None
+        for job in jobs:
+            if job.id == 'account_deletion':
+                deletion_job = job
+                break
+        
+        assert deletion_job is not None, "Account deletion job should exist"
+        
+        # Verify the job is configured with interval trigger
+        assert hasattr(deletion_job.trigger, 'interval'), "Job should use interval trigger"
+        
+        # Verify interval is 1 hour (3600 seconds)
+        interval_seconds = deletion_job.trigger.interval.total_seconds()
+        assert interval_seconds == 3600, f"Expected 3600 seconds (1 hour), got {interval_seconds}"
+        
+        # Clean up
+        stop_deletion_scheduler()
+
+
+class TestRestartHandling:
+    """Tests for restart handling."""
+    
+    def setup_method(self):
+        """Clear test databases before each test."""
+        users_db.truncate()
+        child_db.truncate()
+        task_db.truncate()
+        reward_db.truncate()
+        image_db.truncate()
+        pending_reward_db.truncate()
+    
+    def test_interrupted_deletion_recovery(self):
+        """Test that interrupted deletions are detected on restart."""
+        # Create user with deletion_in_progress flag set
+        user = User(
+            id='interrupted_user',
+            email='interrupted@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=True,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Check for interrupted deletions
+        check_interrupted_deletions()
+        
+        # Verify flag was cleared
+        Query_ = Query()
+        updated_user = users_db.get(Query_.id == 'interrupted_user')
+        assert updated_user['deletion_in_progress'] is False
+    
+    def test_no_interrupted_deletions(self):
+        """Test restart handling when no deletions were interrupted."""
+        # Create user without deletion_in_progress flag
+        user = User(
+            id='normal_user',
+            email='normal@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Should not raise any errors
+        check_interrupted_deletions()
+
+
+class TestEdgeCases:
+    """Tests for edge cases and error conditions."""
+    
+    def setup_method(self):
+        """Clear test databases before each test."""
+        users_db.truncate()
+        child_db.truncate()
+        task_db.truncate()
+        reward_db.truncate()
+        image_db.truncate()
+        pending_reward_db.truncate()
+    
+    def test_concurrent_deletion_attempts(self):
+        """Test that deletion_in_progress flag triggers a retry (interrupted deletion)."""
+        user_id = 'concurrent_user'
+        
+        # Create user with deletion_in_progress already set (simulating an interrupted deletion)
+        user = User(
+            id=user_id,
+            email='concurrent@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=True,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Try to process deletion queue
+        process_deletion_queue()
+        
+        # User should be deleted (scheduler retries interrupted deletions)
+        Query_ = Query()
+        remaining_user = users_db.get(Query_.id == user_id)
+        assert remaining_user is None
+    
+    def test_partial_deletion_failure_continues_with_other_users(self):
+        """Test that failure with one user doesn't stop processing others."""
+        # Create two users due for deletion
+        user1 = User(
+            id='user1',
+            email='user1@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user1.to_dict())
+        
+        user2 = User(
+            id='user2',
+            email='user2@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user2.to_dict())
+        
+        # Mock delete_user_data to fail for first user but succeed for second
+        original_delete = delete_user_data
+        call_count = [0]
+        
+        def mock_delete(user):
+            call_count[0] += 1
+            if call_count[0] == 1:
+                # Fail first call
+                return False
+            else:
+                # Succeed on subsequent calls
+                return original_delete(user)
+        
+        with patch('utils.account_deletion_scheduler.delete_user_data', side_effect=mock_delete):
+            process_deletion_queue()
+        
+        # First user should remain (failed)
+        Query_ = Query()
+        assert users_db.get(Query_.id == 'user1') is not None
+        # Second user should be deleted (succeeded)
+        # Note: This depends on implementation - if delete_user_data is mocked completely,
+        # the user won't actually be removed. This test validates the flow continues.
+    
+    def test_deletion_with_user_no_uploaded_images(self):
+        """Test deletion of user with no uploaded images."""
+        user_id = 'user_no_images'
+        
+        # Create user without any images
+        user = User(
+            id=user_id,
+            email='noimages@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # Verify no images exist for this user
+        Query_ = Query()
+        assert len(image_db.search(Query_.user_id == user_id)) == 0
+        
+        # Delete user (should succeed without errors)
+        result = delete_user_data(user)
+        
+        assert result is True
+        assert len(users_db.all()) == 0
+    
+    def test_user_with_max_failed_attempts(self, caplog):
+        """Test that user with 3+ failed attempts logs critical and is not retried."""
+        import logging
+        caplog.set_level(logging.CRITICAL)
+        
+        user_id = 'user_max_attempts'
+        
+        # Create user with 3 failed attempts (simulated by having deletion_attempted_at set
+        # and mocking get_deletion_attempt_count to return 3)
+        user = User(
+            id=user_id,
+            email='maxattempts@example.com',
+            first_name='Test',
+            last_name='User',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=datetime.now().isoformat()
+        )
+        users_db.insert(user.to_dict())
+        
+        # Mock get_deletion_attempt_count to return MAX_DELETION_ATTEMPTS
+        with patch('utils.account_deletion_scheduler.get_deletion_attempt_count', return_value=MAX_DELETION_ATTEMPTS):
+            process_deletion_queue()
+        
+        # User should still exist (not deleted due to max attempts)
+        Query_ = Query()
+        remaining_user = users_db.get(Query_.id == user_id)
+        assert remaining_user is not None
+        
+        # Check that critical log message was created
+        assert any(
+            'Manual intervention required' in record.message and user_id in record.message
+            for record in caplog.records
+            if record.levelno == logging.CRITICAL
+        )
+
+
+class TestIntegration:
+    """Integration tests for complete deletion workflows."""
+    
+    def setup_method(self):
+        """Clear test databases and filesystem before each test."""
+        users_db.truncate()
+        child_db.truncate()
+        task_db.truncate()
+        reward_db.truncate()
+        image_db.truncate()
+        pending_reward_db.truncate()
+        
+        # Clean up test image directories
+        from config.paths import get_base_data_dir
+        test_image_base = os.path.join(get_base_data_dir(), 'images')
+        if os.path.exists(test_image_base):
+            for user_dir in os.listdir(test_image_base):
+                user_path = os.path.join(test_image_base, user_dir)
+                if os.path.isdir(user_path):
+                    shutil.rmtree(user_path)
+    
+    def teardown_method(self):
+        """Clean up after tests."""
+        from config.paths import get_base_data_dir
+        test_image_base = os.path.join(get_base_data_dir(), 'images')
+        if os.path.exists(test_image_base):
+            for user_dir in os.listdir(test_image_base):
+                user_path = os.path.join(test_image_base, user_dir)
+                if os.path.isdir(user_path):
+                    shutil.rmtree(user_path)
+    
+    def test_full_deletion_flow_from_marking_to_deletion(self):
+        """Test complete deletion flow from marked user with all associated data."""
+        user_id = 'integration_user_1'
+        child_id = 'integration_child_1'
+        task_id = 'integration_task_1'
+        reward_id = 'integration_reward_1'
+        image_id = 'integration_image_1'
+        pending_reward_id = 'integration_pending_1'
+        
+        # 1. Create user marked for deletion (past threshold)
+        user = User(
+            id=user_id,
+            email='integration@example.com',
+            first_name='Integration',
+            last_name='Test',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=False,
+            deletion_attempted_at=None
+        )
+        users_db.insert(user.to_dict())
+        
+        # 2. Create child belonging to user
+        child = Child(
+            id=child_id,
+            user_id=user_id,
+            name='Test Child'
+        )
+        child_db.insert(child.to_dict())
+        
+        # 3. Create pending reward for child
+        pending_reward = PendingReward(
+            id=pending_reward_id,
+            child_id=child_id,
+            reward_id='some_reward',
+            user_id=user_id,
+            status='pending'
+        )
+        pending_reward_db.insert(pending_reward.to_dict())
+        
+        # 4. Create task created by user
+        task = Task(
+            id=task_id,
+            user_id=user_id,
+            name='User Task',
+            points=10,
+            is_good=True
+        )
+        task_db.insert(task.to_dict())
+        
+        # 5. Create reward created by user
+        reward = Reward(
+            id=reward_id,
+            user_id=user_id,
+            name='User Reward',
+            description='Test reward',
+            cost=20
+        )
+        reward_db.insert(reward.to_dict())
+        
+        # 6. Create image uploaded by user
+        image = Image(
+            id=image_id,
+            user_id=user_id,
+            type=1,  # Type 1 for regular images
+            extension='jpg',
+            permanent=False
+        )
+        image_db.insert(image.to_dict())
+        
+        # 7. Create user image directory with a file
+        user_image_dir = get_user_image_dir(user_id)
+        os.makedirs(user_image_dir, exist_ok=True)
+        test_image_path = os.path.join(user_image_dir, 'test.jpg')
+        with open(test_image_path, 'w') as f:
+            f.write('test image content')
+        
+        # Verify everything exists before deletion
+        Query_ = Query()
+        assert users_db.get(Query_.id == user_id) is not None
+        assert child_db.get(Query_.id == child_id) is not None
+        assert pending_reward_db.get(Query_.id == pending_reward_id) is not None
+        assert task_db.get(Query_.user_id == user_id) is not None
+        assert reward_db.get(Query_.user_id == user_id) is not None
+        assert image_db.get(Query_.user_id == user_id) is not None
+        assert os.path.exists(user_image_dir)
+        assert os.path.exists(test_image_path)
+        
+        # Run the deletion scheduler
+        process_deletion_queue()
+        
+        # Verify everything is deleted
+        assert users_db.get(Query_.id == user_id) is None
+        assert child_db.get(Query_.id == child_id) is None
+        assert pending_reward_db.get(Query_.id == pending_reward_id) is None
+        assert task_db.get(Query_.user_id == user_id) is None
+        assert reward_db.get(Query_.user_id == user_id) is None
+        assert image_db.get(Query_.user_id == user_id) is None
+        assert not os.path.exists(user_image_dir)
+    
+    def test_multiple_users_deleted_in_same_scheduler_run(self):
+        """Test multiple users are deleted in a single scheduler run."""
+        user_ids = ['multi_user_1', 'multi_user_2', 'multi_user_3']
+        
+        # Create 3 users all marked for deletion (past threshold)
+        for user_id in user_ids:
+            user = User(
+                id=user_id,
+                email=f'{user_id}@example.com',
+                first_name='Multi',
+                last_name='Test',
+                password='hash',
+                marked_for_deletion=True,
+                marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+                deletion_in_progress=False,
+                deletion_attempted_at=None
+            )
+            users_db.insert(user.to_dict())
+            
+            # Add a child for each user to verify deletion cascade
+            child = Child(
+                id=f'child_{user_id}',
+                user_id=user_id,
+                name=f'Child {user_id}'
+            )
+            child_db.insert(child.to_dict())
+        
+        # Verify all users exist
+        Query_ = Query()
+        for user_id in user_ids:
+            assert users_db.get(Query_.id == user_id) is not None
+            assert child_db.get(Query_.user_id == user_id) is not None
+        
+        # Run scheduler once
+        process_deletion_queue()
+        
+        # Verify all users and their children are deleted
+        for user_id in user_ids:
+            assert users_db.get(Query_.id == user_id) is None
+            assert child_db.get(Query_.user_id == user_id) is None
+    
+    def test_deletion_with_restart_midway_recovery(self):
+        """Test deletion recovery when restart happens during deletion."""
+        user_id = 'restart_user'
+        child_id = 'restart_child'
+        
+        # 1. Create user with deletion_in_progress=True (simulating interrupted deletion)
+        user = User(
+            id=user_id,
+            email='restart@example.com',
+            first_name='Restart',
+            last_name='Test',
+            password='hash',
+            marked_for_deletion=True,
+            marked_for_deletion_at=(datetime.now() - timedelta(hours=800)).isoformat(),
+            deletion_in_progress=True,  # Interrupted state
+            deletion_attempted_at=(datetime.now() - timedelta(hours=2)).isoformat()
+        )
+        users_db.insert(user.to_dict())
+        
+        # 2. Create associated data
+        child = Child(
+            id=child_id,
+            user_id=user_id,
+            name='Test Child'
+        )
+        child_db.insert(child.to_dict())
+        
+        # 3. Create user image directory
+        user_image_dir = get_user_image_dir(user_id)
+        os.makedirs(user_image_dir, exist_ok=True)
+        test_image_path = os.path.join(user_image_dir, 'test.jpg')
+        with open(test_image_path, 'w') as f:
+            f.write('test content')
+        
+        # Verify initial state
+        Query_ = Query()
+        assert users_db.get(Query_.id == user_id) is not None
+        assert users_db.get(Query_.id == user_id)['deletion_in_progress'] is True
+        
+        # 4. Call check_interrupted_deletions (simulating app restart)
+        check_interrupted_deletions()
+        
+        # Verify flag was cleared
+        updated_user = users_db.get(Query_.id == user_id)
+        assert updated_user is not None
+        assert updated_user['deletion_in_progress'] is False
+        
+        # 5. Now run the scheduler to complete the deletion
+        process_deletion_queue()
+        
+        # Verify user and all data are deleted
+        assert users_db.get(Query_.id == user_id) is None
+        assert child_db.get(Query_.id == child_id) is None
+        assert not os.path.exists(user_image_dir)