Implement account deletion handling and improve user feedback
Some checks failed
Chore App Build and Push Docker Images / build-and-push (push) Has been cancelled
Some checks failed
Chore App Build and Push Docker Images / build-and-push (push) Has been cancelled
- Added checks for accounts marked for deletion in signup, verification, and password reset processes. - Updated reward and task listing to sort user-created items first. - Enhanced user API to clear verification and reset tokens when marking accounts for deletion. - Introduced tests for marked accounts to ensure proper handling in various scenarios. - Updated profile and reward edit components to reflect changes in validation and data handling.
This commit is contained in:
@@ -138,11 +138,12 @@ def test_login_succeeds_for_unmarked_user(client):
|
||||
assert 'message' in data
|
||||
|
||||
def test_password_reset_ignored_for_marked_user(client):
|
||||
"""Test that password reset requests are silently ignored for marked users."""
|
||||
"""Test that password reset requests return 403 for marked users."""
|
||||
response = client.post('/request-password-reset', json={"email": MARKED_EMAIL})
|
||||
assert response.status_code == 200
|
||||
assert response.status_code == 403
|
||||
data = response.get_json()
|
||||
assert 'message' in data
|
||||
assert 'error' in data
|
||||
assert data['code'] == 'ACCOUNT_MARKED_FOR_DELETION'
|
||||
|
||||
def test_password_reset_works_for_unmarked_user(client):
|
||||
"""Test that password reset works normally for unmarked users."""
|
||||
@@ -167,6 +168,35 @@ def test_mark_for_deletion_updates_timestamp(authenticated_client):
|
||||
|
||||
assert before_time <= marked_at <= after_time
|
||||
|
||||
|
||||
def test_mark_for_deletion_clears_tokens(authenticated_client):
|
||||
"""When an account is marked for deletion, verify/reset tokens must be cleared."""
|
||||
# Seed verify/reset tokens for the user
|
||||
UserQuery = Query()
|
||||
now_iso = datetime.utcnow().isoformat()
|
||||
users_db.update({
|
||||
'verify_token': 'verify-abc',
|
||||
'verify_token_created': now_iso,
|
||||
'reset_token': 'reset-xyz',
|
||||
'reset_token_created': now_iso
|
||||
}, UserQuery.email == TEST_EMAIL)
|
||||
|
||||
# Ensure tokens are present before marking
|
||||
user_before = users_db.search(UserQuery.email == TEST_EMAIL)[0]
|
||||
assert user_before['verify_token'] is not None
|
||||
assert user_before['reset_token'] is not None
|
||||
|
||||
# Mark account for deletion
|
||||
response = authenticated_client.post('/user/mark-for-deletion', json={"email": TEST_EMAIL})
|
||||
assert response.status_code == 200
|
||||
|
||||
# Verify tokens were cleared in the DB
|
||||
user_after = users_db.search(UserQuery.email == TEST_EMAIL)[0]
|
||||
assert user_after.get('verify_token') is None
|
||||
assert user_after.get('verify_token_created') is None
|
||||
assert user_after.get('reset_token') is None
|
||||
assert user_after.get('reset_token_created') is None
|
||||
|
||||
def test_mark_for_deletion_with_invalid_jwt(client):
|
||||
"""Test marking for deletion with invalid JWT token."""
|
||||
# Set invalid cookie manually
|
||||
|
||||
Reference in New Issue
Block a user