happy path for user deletion

fablabbcn · Nov 22, 2024 · ccee137 · ccee137
1 parent 8a506df
commit ccee137
Show file tree

Hide file tree

Showing 11 changed files with 90 additions and 10 deletions.
diff --git a/app/assets/stylesheets/global.scss b/app/assets/stylesheets/global.scss
@@ -43,6 +43,11 @@ body > .container {
     border: 3px solid $black !important;
     outline: none !important;
     box-shadow: none !important;
+    &.btn-danger {
+      background-color: $white !important;
+      color: $red !important;
+      border-color: $red !important;
+    }
   }
 }
 
@@ -100,3 +105,7 @@ input:checked[type="checkbox"] {
 .invalid-feedback {
   margin-left: 1rem;
 }
+
+.danger {
+  color: $red;
+}
diff --git a/app/controllers/ui/users_controller.rb b/app/controllers/ui/users_controller.rb
@@ -15,6 +15,22 @@ def new
       @user = User.new
     end
 
+    def delete
+      @title = I18n.t(:delete_user_title)
+      @user = User.find(params[:id])
+    end
+
+    def destroy
+      @user = User.find(params[:id])
+      @user.archive!
+      session[:user_id] = nil
+      redirect_to post_delete_ui_users_path
+    end
+
+    def post_delete
+      @title = I18n.t(:post_delete_user_title)
+    end
+
     def create
       if current_user
         flash[:alert] = I18n.t(:new_user_not_allowed_for_logged_in_users)

diff --git a/app/views/ui/sessions/password_reset_landing.html.erb b/app/views/ui/sessions/password_reset_landing.html.erb
@@ -1,8 +1,8 @@
 <%= bootstrap_form_tag url: ui_change_password_path do |f| %>
   <%= f.hidden_field :token, value: @token %>
   <%= f.password_field :password %>
-  <%= f.password_field :password_confirmation, label: "Confirm new password" %>
+  <%= f.password_field :password_confirmation, label: t(:users_password_reset_landing_confirmation_label) %>
   <div class="mt-4">
-    <%= f.primary "Change my password", name: 'change_password', class: "btn btn-primary w-100 w-md-auto" %>
+    <%= f.primary t(:users_password_reset_landing_submit), name: 'change_password', class: "btn btn-primary w-100 w-md-auto" %>
   </div>
 <% end %>
diff --git a/app/views/ui/users/delete.html.erb b/app/views/ui/users/delete.html.erb
@@ -0,0 +1,8 @@
+<%= bootstrap_form_tag url: ui_user_path(@user.id), method: :delete do |f| %>
+  <%= f.hidden_field :token, value: @token %>
+  <p><%= t(:delete_user_warning_html, username: current_user.username) %></p>
+  <%= f.text_field :username, label: t(:delete_user_username_label)  %>
+  <div class="mt-4">
+    <%= f.primary t(:delete_user_submit), class: "btn btn-danger w-100 w-md-auto" %>
+  </div>
+<% end %>
diff --git a/app/views/ui/users/index.html.erb b/app/views/ui/users/index.html.erb
@@ -3,6 +3,7 @@
   <p><%= t :users_index_access_token_label  %>
   <br /><code><%= current_user.access_token.token %></code></p>
   <p><%= link_to t(:users_index_log_out_submit), logout_path, class: "btn btn-secondary w-100 w-md-auto" %></p>
+  <p><%= link_to t(:users_index_delete_account_submit), delete_ui_user_path(current_user.id), class: "danger w-100 w-md-auto" %></p>
 <% else %>
   <p><%= t :users_index_not_logged_in_message %></p>
   <a class="btn btn-secondary w-100 w-md-auto" href="<%= new_ui_session_path %>"><%= t :users_index_log_in_link %></a>

diff --git a/app/views/ui/users/post_delete.html.erb b/app/views/ui/users/post_delete.html.erb
@@ -0,0 +1,4 @@
+<p><%= t(:post_delete_user_blurb_html)%></p>
+<div class="mt-4">
+  <a href="<%= t(:post_delete_user_cta_link) %>" class="btn btn-primary w-100 w-md-auto"><%= t(:post_delete_user_cta) %></a>
+</div>
diff --git a/config/locales/controllers/en.yml b/config/locales/controllers/en.yml
@@ -11,4 +11,5 @@ en:
     destroy_session_success: "Logged out!"
     users_index_title: "User information"
     new_user_title: "Sign up"
-
+    delete_user_title: "Delete your account"
+    post_delete_user_title: "We are sorry to see you go!"
diff --git a/config/locales/users/en.yml b/config/locales/users/en.yml
diff --git a/config/locales/views/users/en.yml b/config/locales/views/users/en.yml
@@ -6,3 +6,17 @@ en:
   new_user_login_heading: "Already have an account?"
   new_user_login_link: "Log in"
   new_user_not_allowed_for_logged_in_users: "Sorry, logged in users can't create new accounts. Please log out and try again."
+  delete_user_warning_html: "🚨<strong>Warning!</strong> This will permanently delete the account <strong>%{username}</strong> and all of its devices.🚨"
+  delete_user_username_label: "To confirm, type your username below:"
+  delete_user_submit: "I understand, delete my account"
+  users_index_logged_in_message: "Logged in as %{username}."
+  users_index_access_token_label: "Your access token:"
+  users_index_log_out_submit: "Log out"
+  users_index_delete_account_submit: "Permanently delete your account"
+  users_index_not_logged_in_message: "Not logged in!"
+  users_index_log_in_link: "Go back"
+  users_password_reset_landing_confirmation_label: "Confirm new password"
+  users_password_reset_landing_submit: "Change my password"
+  post_delete_user_blurb_html: "If you have deleted your account in error, please contact <a href='mailto:support@smartcitizen.me'>Smart Citizen support<a> as soon as possible. After 24 hours, your account and all devices will be deleted permanently."
+  post_delete_user_cta: "Return to the homepage"
+  post_delete_user_cta_link: "https://smartcitizen.me"
diff --git a/config/routes.rb b/config/routes.rb
@@ -14,7 +14,14 @@
   get "password_reset/:token", to: redirect("/ui/password_reset/%{token}")
 
   namespace "ui" do
-    resources :users, as: "users"
+    resources :users, as: "users" do
+      member do
+        get :delete
+      end
+      collection do
+        get :post_delete
+      end
+    end
     get "sessions/destroy", to: "sessions#destroy"
     resources :sessions, as: "sessions"
     post 'change_password', to: 'sessions#change_password', as: 'change_password'

diff --git a/spec/features/user_management_spec.rb b/spec/features/user_management_spec.rb
@@ -118,4 +118,30 @@
     expect(page).to have_css("#user_ts_and_cs.is-invalid")
     expect(User.count).to eq(user_count_before)
   end
+
+  scenario "User deletes their account" do
+    password = "password123"
+    username = "username"
+    user = create(:user, username: username, password: password, password_confirmation: password)
+    devices = 2.times.map { create(:device, owner: user) }
+    visit "/login"
+    fill_in "Username or email", with: user.email
+    fill_in "Password", with: password
+    click_on "Sign into your account"
+    expect(page).to have_current_path(ui_users_path)
+    click_on "Permanently delete your account"
+    expect(page).to have_current_path(delete_ui_user_path(user.id))
+    fill_in "To confirm, type your username below:", with: username
+    click_on "I understand, delete my account"
+    expect(page).to have_current_path(post_delete_ui_users_path)
+    expect(page).to have_content("We are sorry to see you go!")
+    expect(user.reload).to be_archived
+    devices.each do |device|
+      expect(device.reload).to be_archived
+    end
+  end
+
+  scenario "An unauthorized user tries to delete an account that isn't theirs"
+  scenario "A user tries to delete their own account but fails to confirm their username"
+
 end