fix: implement account deletion to permanently remove user data (#758)

[Muneerali199]

Summary

Fixes #758 — Account deletion was a no-op because the confirmation button's onPressed handler contained only a stub comment (// DO NOT IMPLEMENT THIS WITHOUT PERMISSION) and the controller had no orchestrating method.

Root Cause

DeleteAccountController had three isolated helper methods (delete profile picture, delete username row, delete user row) but no method that called them, and the button in DeleteAccountScreen was never wired to anything.

Changes

lib/controllers/delete_account_controller.dart

• Added isLoading reactive state to prevent double-submission during async deletion
• Added account field (initialized from AppwriteService.getAccount())
• Added deleteAccount() orchestrator that:
  1. Deletes the user's profile picture from Appwrite Storage
  2. Deletes the username reservation row from the usernames table
  3. Deletes the user document from the users table
  4. Calls account.updateStatus() to permanently block the Appwrite auth account (the Appwrite client SDK does not expose a hard-delete endpoint — updateStatus() is the correct client-side call to permanently block account access)
  5. Calls account.deleteSessions() to immediately invalidate all active sessions
  6. Navigates to the welcome screen
• Removed the "DO NOT TOUCH" stub comment block

lib/views/screens/delete_account_screen.dart

• Wired the "I understand, Delete My Account" button to call controller.deleteAccount()
• Button is disabled while isLoading is true to prevent duplicate requests
• Shows a CircularProgressIndicator inside the button during deletion for user feedback

Testing

1. Log in to the app
2. Navigate to Settings → Account → Delete Account
3. Type your username to enable the button
4. Tap "I understand, Delete My Account"
5. Verify: spinner appears, then app navigates to the welcome screen
6. Verify: attempting to log in again with the same credentials fails (account is blocked)
7. Verify: user data (profile picture, username, user document) is removed from Appwrite

Notes

The Appwrite Flutter client SDK (^20.3.2) does not provide a DELETE /account endpoint callable by an authenticated user — only the server-side Users API supports hard-deletes. account.updateStatus() is the documented client-side approach that permanently blocks the account from any access. A full hard-delete would require an Appwrite Cloud Function with server-side credentials, which is outside the scope of this fix.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 745cd9ca-d817-4de5-a938-e65c9a2b1855

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🎉 Welcome @Muneerali199!
Thank you for your pull request! Our team will review it soon. 🔍

• Please ensure your PR follows the contribution guidelines. ✅
• All automated tests should pass before merging. 🔄
• If this PR fixes an issue, link it in the description. 🔗

We appreciate your contribution! 🚀