Merge pull request #683 from maykinmedia/fix/1548-profile-deletion

[#1548] Refactor profile deletion flow
maykinmedia · Jun 23, 2023 · 867bce2 · 867bce2
2 parents b830898 + 63d23fa
commit 867bce2
Show file tree

Hide file tree

Showing 9 changed files with 141 additions and 184 deletions.
diff --git a/src/open_inwoner/accounts/management/commands/deleteinactiveusers.py b/src/open_inwoner/accounts/management/commands/deleteinactiveusers.py
diff --git a/src/open_inwoner/accounts/migrations/0062_alter_user_deactivated_on.py b/src/open_inwoner/accounts/migrations/0062_alter_user_deactivated_on.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.2.15 on 2023-06-23 08:35
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0061_auto_20230612_1428"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="user",
+            name="deactivated_on",
+            field=models.DateField(
+                blank=True,
+                help_text="This is the date the user decided to deactivate their account. This field is deprecated since user profiles are now immediately deleted.",
+                null=True,
+                verbose_name="Deactivated on",
+            ),
+        ),
+    ]
diff --git a/src/open_inwoner/accounts/models.py b/src/open_inwoner/accounts/models.py
@@ -144,7 +144,11 @@ class User(AbstractBaseUser, PermissionsMixin):
         verbose_name=_("Deactivated on"),
         null=True,
         blank=True,
-        help_text=_("This is the date the user decided to deactivate their account."),
+        help_text=_(
+            "This is the date the user decided to deactivate their account. "
+            "This field is deprecated since user profiles are now immediately "
+            "deleted."
+        ),
     )
     is_prepopulated = models.BooleanField(
         verbose_name=_("Prepopulated"),
@@ -250,11 +254,6 @@ def get_address(self):
             return f"{self.street} {self.housenumber}, {self.city}"
         return ""
 
-    def deactivate(self):
-        self.is_active = False
-        self.deactivated_on = date.today()
-        self.save()
-
     def get_new_messages_total(self) -> int:
         return self.received_messages.filter(seen=False).count()
 

diff --git a/src/open_inwoner/accounts/tests/test_deleteinactiveusers.py b/src/open_inwoner/accounts/tests/test_deleteinactiveusers.py
diff --git a/src/open_inwoner/accounts/tests/test_logging.py b/src/open_inwoner/accounts/tests/test_logging.py
@@ -205,21 +205,20 @@ def test_logout_is_logged(self):
             },
         )
 
-    def test_users_deactivation_is_logged(self):
+    def test_users_deletion_is_logged(self):
         form = self.app.get(reverse("profile:detail"), user=self.user).forms[
-            "deactivate-form"
+            "delete-form"
         ]
         form.submit()
         log_entry = TimelineLog.objects.last()
 
         self.assertEqual(
             log_entry.timestamp.strftime("%m/%d/%Y, %H:%M:%S"), "10/18/2021, 13:00:00"
         )
-        self.assertEqual(log_entry.content_object.id, self.user.id)
         self.assertEqual(
             log_entry.extra_data,
             {
-                "message": _("user was deactivated via frontend"),
+                "message": _("user was deleted via frontend"),
                 "action_flag": list(LOG_ACTIONS[4]),
                 "content_object_repr": self.user.email,
             },

diff --git a/src/open_inwoner/accounts/tests/test_profile_views.py b/src/open_inwoner/accounts/tests/test_profile_views.py
@@ -12,6 +12,7 @@
 from open_inwoner.cms.profile.cms_appconfig import ProfileConfig
 from open_inwoner.haalcentraal.tests.mixins import HaalCentraalMixin
 from open_inwoner.pdc.tests.factories import CategoryFactory
+from open_inwoner.plans.tests.factories import PlanFactory
 from open_inwoner.utils.logentry import LOG_ACTIONS
 from open_inwoner.utils.tests.helpers import AssertTimelineLogMixin, create_image_bytes
 
@@ -21,6 +22,7 @@
 from ...questionnaire.tests.factories import QuestionnaireStepFactory
 from ..choices import ContactTypeChoices, LoginTypeChoices
 from ..forms import BrpUserForm, UserForm
+from ..models import User
 from .factories import ActionFactory, DigidUserFactory, DocumentFactory, UserFactory
 
 
@@ -92,49 +94,6 @@ def test_only_open_actions(self):
         self.assertEquals(response.status_code, 200)
         self.assertContains(response, "0 acties staan open.")
 
-    def test_deactivate_account(self):
-        response = self.app.get(self.url, user=self.user)
-        self.assertEquals(response.status_code, 200)
-        form = response.forms["deactivate-form"]
-        base_response = form.submit()
-        self.assertEquals(base_response.url, self.return_url)
-        followed_response = base_response.follow().follow()
-        self.assertEquals(followed_response.status_code, 200)
-        self.user.refresh_from_db()
-        self.assertFalse(self.user.is_active)
-        self.assertIsNotNone(self.user.deactivated_on)
-
-    def test_deactivate_account_staff(self):
-        self.user.is_staff = True
-        self.user.save()
-        response = self.app.get(self.url, user=self.user)
-        self.assertEquals(response.status_code, 200)
-        form = response.forms["deactivate-form"]
-        base_response = form.submit()
-        self.assertEquals(base_response.url, self.url)
-        followed_response = base_response.follow()
-        self.assertEquals(followed_response.status_code, 200)
-        self.user.refresh_from_db()
-        self.assertTrue(self.user.is_active)
-        self.assertIsNone(self.user.deactivated_on)
-
-    def test_deactivate_account_digid(self):
-        """
-        check that user is redirected to digid:logout
-        """
-        user = UserFactory.create(
-            login_type=LoginTypeChoices.digid, email="[email protected]"
-        )
-
-        response = self.app.get(self.url, user=user)
-        self.assertEquals(response.status_code, 200)
-        form = response.forms["deactivate-form"]
-
-        response = form.submit()
-
-        self.assertEquals(response.status_code, 302)
-        self.assertEquals(response.url, reverse("digid:logout"))
-
     def test_get_documents_sorted(self):
         """
         check that the new document is shown first
@@ -560,6 +519,92 @@ def test_modify_phone_updates_klant_api_but_skip_unchanged_phone(self, m):
         )
 
 
+@override_settings(ROOT_URLCONF="open_inwoner.cms.tests.urls")
+class ProfileDeleteTest(WebTest):
+    csrf_checks = False
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.url = reverse("profile:detail")
+
+    def test_delete_regular_user_success(self):
+        user = UserFactory()
+
+        # get profile page
+        response = self.app.get(self.url, user=user)
+
+        # check delete
+        response = response.forms["delete-form"].submit()
+        self.assertIsNone(User.objects.first())
+
+        # check redirect
+        self.assertRedirects(
+            self.app.get(response.url),
+            reverse("pages-root"),
+            status_code=302,
+            target_status_code=200,
+            fetch_redirect_response=True,
+        )
+
+    def test_delete_user_with_digid_login_success(self):
+        user = DigidUserFactory()
+
+        # get profile page
+        response = self.app.get(self.url, user=user)
+
+        # check user deleted
+        response = response.forms["delete-form"].submit()
+        self.assertIsNone(User.objects.first())
+
+        # check redirect
+        self.assertRedirects(
+            self.app.get(response.url),
+            reverse("pages-root"),
+            status_code=302,
+            target_status_code=200,
+            fetch_redirect_response=True,
+        )
+
+    def test_delete_regular_user_as_plan_contact_fail(self):
+        user = UserFactory()
+        PlanFactory.create(plan_contacts=[user])
+
+        # get profile page
+        response = self.app.get(self.url, user=user)
+
+        # check user not deleted
+        response = response.forms["delete-form"].submit()
+        self.assertEqual(User.objects.first(), user)
+
+        # check redirect
+        self.assertRedirects(
+            response,
+            reverse("profile:detail"),
+            status_code=302,
+            target_status_code=200,
+            fetch_redirect_response=True,
+        )
+
+    def test_delete_staff_user_via_frontend_does_not_work(self):
+        user = UserFactory(is_staff=True)
+
+        # get profile page
+        response = self.app.get(self.url, user=user)
+
+        # check staff user not deleted
+        response = response.forms["delete-form"].submit()
+        self.assertEqual(User.objects.first(), user)
+
+        # check redirect
+        self.assertRedirects(
+            response,
+            reverse("profile:detail"),
+            status_code=302,
+            target_status_code=200,
+            fetch_redirect_response=True,
+        )
+
+
 @requests_mock.Mocker()
 @override_settings(ROOT_URLCONF="open_inwoner.cms.tests.urls")
 class MyDataTests(HaalCentraalMixin, WebTest):