ryan/chore
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects 5 Releases Wiki Activity

Compare commits

base: ryan:d600dde97f283d6e2f1249aff389401242a90e92
Branches Tags
ryan:master ryan:next
ryan:v1.0.5 ryan:1.0.4 ryan:1.0.4-rc1 ryan:1.0.3
...
compare: ryan:df832e223888e6f64c9067d73b8ba43ba03f3c24
Branches Tags
ryan:next ryan:master
ryan:v1.0.5 ryan:1.0.4 ryan:1.0.4-rc1 ryan:1.0.3

4 Commits
d600dde97f ... df832e2238

Author SHA1 Message Date
Ryan Kegel
df832e2238 wip 2026-02-16 23:30:37 -05:00
Ryan Kegel
3e1715e487 added universal launcher
All checks were successful
Chore App Build and Push Docker Images / build-and-push (push) Successful in 44s
Details
2026-02-16 16:20:04 -05:00
Ryan Kegel
11e7fda997 wip 2026-02-16 16:17:17 -05:00
Ryan Kegel
09d42b14c5 wip 2026-02-16 16:04:44 -05:00
2 changed files with 36 additions and 0 deletions
Expand all files Collapse all files

7
backend/api/user_api.py
View File

@@ -231,6 +231,13 @@ def mark_for_deletion():
# Mark for deletion
user.marked_for_deletion = True
user.marked_for_deletion_at = datetime.now(timezone.utc).isoformat()
# Invalidate any outstanding verification/reset tokens so they cannot be used after marking
user.verify_token = None
user.verify_token_created = None
user.reset_token = None
user.reset_token_created = None
users_db.update(user.to_dict(), UserQuery.id == user.id)
# Trigger SSE event

29
backend/tests/test_user_api.py
View File

@@ -168,6 +168,35 @@ def test_mark_for_deletion_updates_timestamp(authenticated_client):
assert before_time <= marked_at <= after_time
def test_mark_for_deletion_clears_tokens(authenticated_client):
"""When an account is marked for deletion, verify/reset tokens must be cleared."""
# Seed verify/reset tokens for the user
UserQuery = Query()
now_iso = datetime.utcnow().isoformat()
users_db.update({
'verify_token': 'verify-abc',
'verify_token_created': now_iso,
'reset_token': 'reset-xyz',
'reset_token_created': now_iso
}, UserQuery.email == TEST_EMAIL)
# Ensure tokens are present before marking
user_before = users_db.search(UserQuery.email == TEST_EMAIL)[0]
assert user_before['verify_token'] is not None
assert user_before['reset_token'] is not None
# Mark account for deletion
response = authenticated_client.post('/user/mark-for-deletion', json={"email": TEST_EMAIL})
assert response.status_code == 200
# Verify tokens were cleared in the DB
user_after = users_db.search(UserQuery.email == TEST_EMAIL)[0]
assert user_after.get('verify_token') is None
assert user_after.get('verify_token_created') is None
assert user_after.get('reset_token') is None
assert user_after.get('reset_token_created') is None
def test_mark_for_deletion_with_invalid_jwt(client):
"""Test marking for deletion with invalid JWT token."""
# Set invalid cookie manually