Merge pull request #79 from jonathanjma/delete_account

Delete account bug fix
jonathanjma · Feb 14, 2024 · f31008d · f31008d
2 parents d47f999 + 3e07f95
commit f31008d
Show file tree

Hide file tree

Showing 3 changed files with 150 additions and 7 deletions.
diff --git a/happiness-backend/api/models/schema.py b/happiness-backend/api/models/schema.py
@@ -246,3 +246,7 @@ class CountSchema(ma.Schema):
 
 class AmountSchema(ma.Schema):
     user_id = ma.Int()
+
+
+class UserDeleteSchema(ma.Schema):
+    password = ma.Str(required=True)
diff --git a/happiness-backend/api/routes/user.py b/happiness-backend/api/routes/user.py
@@ -7,15 +7,16 @@
 from apifairy import authenticate, response, body, other_responses, arguments
 from flask import Blueprint
 from flask import current_app
+from pip._internal import req
 
 from api.app import db
 from api.authentication.auth import token_current_user
 from api.util.jwt_methods import verify_token
 from api.dao import users_dao, happiness_dao
-from api.models.models import User, Setting
+from api.models.models import User, Setting, Happiness, Journal
 from api.models.schema import UserSchema, CreateUserSchema, SettingsSchema, SettingInfoSchema, \
     UserInfoSchema, PasswordResetReqSchema, SimpleUserSchema, EmptySchema, PasswordResetSchema, \
-    FileUploadSchema, NumberSchema, AmountSchema, CountSchema
+    FileUploadSchema, NumberSchema, AmountSchema, CountSchema, UserDeleteSchema
 from api.routes.token import token_auth
 from api.util import email_methods
 from api.util.errors import failure_response
@@ -89,16 +90,29 @@ def get_user_by_username(username):
 
 
 @user.delete('/')
+@body(UserDeleteSchema)
 @authenticate(token_auth)
-def delete_user():
+def delete_user(req):
     """
     Delete User
     Deletes the user that is currently logged in, including all user data.
+    Requires that the user inputs their password before deleting their account.
     """
+    if not token_current_user().verify_password(req.get("password")):
+        return failure_response("Incorrect Password", 401)
+
     current_user = token_current_user()
+
+    happiness_records = db.session.query(Happiness).filter_by(user_id=current_user.id).all()
+    for happiness_record in happiness_records:
+        db.session.delete(happiness_record)
+
+    journal_records = db.session.query(Journal).filter_by(user_id=current_user.id).all()
+    for journal_record in journal_records:
+        db.session.delete(journal_record)
+
     db.session.delete(current_user)
     db.session.commit()
-
     return '', 204
 
 

diff --git a/happiness-backend/tests/test_auth.py b/happiness-backend/tests/test_auth.py
@@ -4,12 +4,16 @@
 
 import pytest
 from flask import json
+from sqlalchemy.sql.functions import current_user
 
 from api import create_app
 from api.app import db
+from api.dao.groups_dao import get_group_by_id
 from api.dao.users_dao import *
+from api.models.models import Happiness
 from config import TestConfig
-from tests.test_groups import auth_header
+from tests.test_groups import auth_header, invite_in_group_json_model, group_in_user_modal, invite_in_user_modal, \
+    user_in_group_json_model
 
 
 @pytest.fixture
@@ -246,13 +250,134 @@ def test_delete_user(client):
     bearer_token = json.loads(login_response.get_data()).get("session_token")
     assert bearer_token is not None
 
-    delete_res = client.delete(
-        '/api/user/', headers={"Authorization": f"Bearer {bearer_token}"})
+    delete_res = client.delete('/api/user/', json={
+            'password': 'test',
+        }, headers={"Authorization": f"Bearer {bearer_token}"})
     assert delete_res.status_code == 204
     assert (get_user_by_email("[email protected]") is None and get_user_by_username("test") is None
             and get_user_by_id(1) is None)
 
 
+def test_delete_user_2(init_client):
+    client, tokens = init_client
+    init_test_data(client, tokens)
+    assert (get_user_by_email("[email protected]") is not None and get_user_by_username("user1") is not None and
+            get_user_by_id(1) is not None)
+
+    # having user make happiness entry
+
+    happiness_create_response0 = client.post('/api/happiness/', json={
+        'value': 2,
+        'comment': 'not great day',
+        'timestamp': '2024-01-11'
+    }, headers={"Authorization": f"Bearer {tokens[0]}"})
+    assert happiness_create_response0.status_code == 201
+
+    # creating a big group
+
+    client.post('/api/group/', json={'name': 'test'}, headers=auth_header(tokens[0]))
+
+    invite_users = client.put('/api/group/1', json={
+        'invite_users': ['user2', 'user3']
+    }, headers=auth_header(tokens[0]))
+    assert invite_users.status_code == 200
+    assert len(invite_users.json['invited_users']) == len(get_group_by_id(1).invited_users) == 2
+    assert invite_in_group_json_model('user2', invite_users.json, get_group_by_id(1))
+    assert invite_in_group_json_model('user3', invite_users.json, get_group_by_id(1))
+    assert not group_in_user_modal(1, get_user_by_id(2))
+    assert invite_in_user_modal(1, get_user_by_id(2))
+
+    unauthorized_edit = client.put('/api/group/1', json={'name': 'sus'},
+                                   headers=auth_header(tokens[1]))
+    assert unauthorized_edit.status_code == 403
+
+    bad_accept_invite = client.post('/api/group/accept_invite/5', headers=auth_header(tokens[1]))
+    assert bad_accept_invite.status_code == 404
+
+    accept_invite = client.post('/api/group/accept_invite/1', headers=auth_header(tokens[1]))
+    assert accept_invite.status_code == 204
+    get_group = client.get('/api/group/1', headers=auth_header(tokens[1]))
+    assert user_in_group_json_model('user2', get_group.json, get_group_by_id(1))
+    assert group_in_user_modal(1, get_user_by_id(2))
+
+    # deleting random member of group
+
+    assert (get_user_by_email("[email protected]") is not None and get_user_by_username("user3") is not None
+            and get_user_by_id(3) is not None)
+
+    delete_res = client.delete(
+        '/api/user/', json={
+            'password': 'test',
+        }, headers={"Authorization": f"Bearer {tokens[2]}"})
+    assert delete_res.status_code == 204
+    assert (get_user_by_email("[email protected]") is None and get_user_by_username("user3") is None
+            and get_user_by_id(3) is None)
+
+    # deleting creator of group
+
+    delete_res = client.delete(
+        '/api/user/', json={
+            'password': 'test',
+        }, headers={"Authorization": f"Bearer {tokens[0]}"})
+    assert delete_res.status_code == 204
+    assert (get_user_by_email("[email protected]") is None and get_user_by_username("user1") is None
+                and get_user_by_id(1) is None)
+
+    # dealing with a different user, who makes entries and has their own group
+
+    assert (get_user_by_email("[email protected]") is not None and get_user_by_username("user2") is not None and
+            get_user_by_id(2) is not None)
+
+    count_group11 = client.get('/api/user/count/', query_string={
+    }, headers=auth_header(tokens[1]))
+    assert count_group11.status_code == 200
+    assert count_group11.json.get("groups") == 1
+
+    group_create = client.post('/api/group/', json={'name': 'test2'}, headers=auth_header(tokens[1]))
+    assert group_create.status_code == 201
+
+    count_group11 = client.get('/api/user/count/', query_string={
+    }, headers=auth_header(tokens[1]))
+    assert count_group11.status_code == 200
+    assert count_group11.json.get("groups") == 2
+    assert count_group11.json.get("entries") == 0
+
+    #count numb of happiness entries of user 2 in the database (before making happiness entry)
+
+    happiness_records = db.session.query(Happiness).filter_by(user_id=2).all()
+    assert len(happiness_records) == 0
+
+    happiness_create_response0 = client.post('/api/happiness/', json={
+        'value': 3,
+        'comment': 'not great day',
+        'timestamp': '2024-01-11'
+    }, headers={"Authorization": f"Bearer {tokens[1]}"})
+    assert happiness_create_response0.status_code == 201
+
+    count_group12 = client.get('/api/user/count/', query_string={
+    }, headers=auth_header(tokens[1]))
+    assert count_group12.status_code == 200
+    assert count_group12.json.get("entries") == 1
+
+    # count numb of happiness entries of user 2 in the database (after making happiness entry)
+
+    happiness_records2 = db.session.query(Happiness).filter_by(user_id=2).all()
+    assert len(happiness_records2) == 1
+
+    delete_res = client.delete(
+        '/api/user/', json={
+            'password': 'test',
+        }, headers={"Authorization": f"Bearer {tokens[1]}"})
+    assert delete_res.status_code == 204
+    assert (get_user_by_email("[email protected]") is None and get_user_by_username("user2") is None
+            and get_user_by_id(2) is None)
+
+    # count numb of happiness entries of user 2 in the database (after deleting account)
+
+    happiness_records3 = db.session.query(Happiness).filter_by(user_id=2).all()
+    assert len(happiness_records3) == 0
+
+
 def test_add_user_setting(client):
     """
     Tests adding two settings to a single user in an instance of the backend.