Merge pull request #399 from authorizerdev/feat/deativate-account

Add api to deactivate user account

Author: lakhansamani

dashboard/src/constants.ts

@@ -222,6 +222,7 @@ export const webhookEventNames = {
 	'User deleted': 'user.deleted',
 	'User access enabled': 'user.access_enabled',
 	'User access revoked': 'user.access_revoked',
+	'User deactivated': 'user.deactivated',
 };
 
 export const emailTemplateEventNames = {

server/constants/webhook_event.go

@@ -15,4 +15,6 @@ const (
 	UserAccessEnabledWebhookEvent = `user.access_enabled`
 	// UserDeletedWebhookEvent name for user deleted event
 	UserDeletedWebhookEvent = `user.deleted`
+	// UserDeactivatedWebhookEvent name for user deactivated event
+	UserDeactivatedWebhookEvent = `user.deactivated`
 )

server/graph/generated/generated.go

@@ -587,6 +587,7 @@ type Mutation {
   revoke(params: OAuthRevokeInput!): Response!
   verify_otp(params: VerifyOTPRequest!): AuthResponse!
   resend_otp(params: ResendOTPRequest!): Response!
+  deactivate_account: Response!
   # admin only apis
   _delete_user(params: DeleteUserInput!): Response!
   _update_user(params: UpdateUserInput!): User!

server/graph/schema.graphqls

@@ -5,6 +5,7 @@ package graph
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/authorizerdev/authorizer/server/graph/generated"
 	"github.com/authorizerdev/authorizer/server/graph/model"
@@ -81,6 +82,11 @@ func (r *mutationResolver) ResendOtp(ctx context.Context, params model.ResendOTP
 	return resolvers.ResendOTPResolver(ctx, params)
 }
 
+// DeactivateAccount is the resolver for the deactivate_account field.
+func (r *mutationResolver) DeactivateAccount(ctx context.Context) (*model.Response, error) {
+	panic(fmt.Errorf("not implemented: DeactivateAccount - deactivate_account"))
+}
+
 // DeleteUser is the resolver for the _delete_user field.
 func (r *mutationResolver) DeleteUser(ctx context.Context, params model.DeleteUserInput) (*model.Response, error) {
 	return resolvers.DeleteUserResolver(ctx, params)

server/graph/schema.resolvers.go

@@ -0,0 +1,58 @@
+package resolvers
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/token"
+	"github.com/authorizerdev/authorizer/server/utils"
+	log "github.com/sirupsen/logrus"
+)
+
+// DeactivateAccountResolver is the resolver for the deactivate_account field.
+func DeactivateAccountResolver(ctx context.Context) (*model.Response, error) {
+	var res *model.Response
+	gc, err := utils.GinContextFromContext(ctx)
+	if err != nil {
+		log.Debug("Failed to get GinContext: ", err)
+		return res, err
+	}
+	accessToken, err := token.GetAccessToken(gc)
+	if err != nil {
+		log.Debug("Failed to get access token: ", err)
+		return res, err
+	}
+	claims, err := token.ValidateAccessToken(gc, accessToken)
+	if err != nil {
+		log.Debug("Failed to validate access token: ", err)
+		return res, err
+	}
+	userID := claims["sub"].(string)
+	log := log.WithFields(log.Fields{
+		"user_id": userID,
+	})
+	user, err := db.Provider.GetUserByID(ctx, userID)
+	if err != nil {
+		log.Debug("Failed to get user by id: ", err)
+		return res, err
+	}
+	now := time.Now().Unix()
+	user.RevokedTimestamp = &now
+	user, err = db.Provider.UpdateUser(ctx, user)
+	if err != nil {
+		log.Debug("Failed to update user: ", err)
+		return res, err
+	}
+	go func() {
+		memorystore.Provider.DeleteAllUserSessions(user.ID)
+		utils.RegisterEvent(ctx, constants.UserDeactivatedWebhookEvent, "", user)
+	}()
+	res = &model.Response{
+		Message: `user account deactivated successfully`,
+	}
+	return res, nil
+}

server/resolvers/deactivate_account.go

@@ -0,0 +1,45 @@
+package test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func deactivateAccountTests(t *testing.T, s TestSetup) {
+	t.Helper()
+	t.Run(`should deactiavte the user account with access token only`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "deactiavte_account." + s.TestInfo.Email
+
+		resolvers.SignupResolver(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+		_, err := resolvers.DeactivateAccountResolver(ctx)
+		assert.NotNil(t, err, "unauthorized")
+		verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, email, constants.VerificationTypeBasicAuthSignup)
+		assert.NoError(t, err)
+		assert.NotNil(t, verificationRequest)
+		verifyRes, err := resolvers.VerifyEmailResolver(ctx, model.VerifyEmailInput{
+			Token: verificationRequest.Token,
+		})
+		assert.NoError(t, err)
+		assert.NotNil(t, verifyRes)
+		s.GinContext.Request.Header.Set("Authorization", "Bearer "+*verifyRes.AccessToken)
+		ctx = context.WithValue(req.Context(), "GinContextKey", s.GinContext)
+		_, err = resolvers.DeactivateAccountResolver(ctx)
+		assert.NoError(t, err)
+		s.GinContext.Request.Header.Set("Authorization", "")
+		assert.Nil(t, err)
+		_, err = resolvers.ProfileResolver(ctx)
+		assert.NotNil(t, err, "unauthorized")
+		cleanData(email)
+	})
+}

server/test/deactivate_account_test.go

@@ -143,6 +143,7 @@ func TestResolvers(t *testing.T) {
 			verifyOTPTest(t, s)
 			resendOTPTest(t, s)
 			validateSessionTests(t, s)
+			deactivateAccountTests(t, s)
 
 			updateAllUsersTest(t, s)
 			webhookLogsTest(t, s)   // get logs after above resolver tests are done

server/test/integration_test.go

@@ -103,7 +103,7 @@ func testSetup() TestSetup {
 		Email:                       fmt.Sprintf("%[email protected]", time.Now().Unix()),
 		Password:                    "Test@123",
 		WebhookEndpoint:             "https://62f93101e05644803533cf36.mockapi.io/authorizer/webhook",
-		TestWebhookEventTypes:       []string{constants.UserAccessEnabledWebhookEvent, constants.UserAccessRevokedWebhookEvent, constants.UserCreatedWebhookEvent, constants.UserDeletedWebhookEvent, constants.UserLoginWebhookEvent, constants.UserSignUpWebhookEvent},
+		TestWebhookEventTypes:       []string{constants.UserAccessEnabledWebhookEvent, constants.UserAccessRevokedWebhookEvent, constants.UserCreatedWebhookEvent, constants.UserDeletedWebhookEvent, constants.UserLoginWebhookEvent, constants.UserSignUpWebhookEvent, constants.UserDeactivatedWebhookEvent},
 		TestEmailTemplateEventTypes: []string{constants.VerificationTypeBasicAuthSignup, constants.VerificationTypeForgotPassword, constants.VerificationTypeMagicLinkLogin, constants.VerificationTypeUpdateEmail},
 	}
 

server/test/test.go

@@ -4,7 +4,7 @@ import "github.com/authorizerdev/authorizer/server/constants"
 
 // IsValidWebhookEventName to validate webhook event name
 func IsValidWebhookEventName(eventName string) bool {
-	if eventName != constants.UserCreatedWebhookEvent && eventName != constants.UserLoginWebhookEvent && eventName != constants.UserSignUpWebhookEvent && eventName != constants.UserDeletedWebhookEvent && eventName != constants.UserAccessEnabledWebhookEvent && eventName != constants.UserAccessRevokedWebhookEvent {
+	if eventName != constants.UserCreatedWebhookEvent && eventName != constants.UserLoginWebhookEvent && eventName != constants.UserSignUpWebhookEvent && eventName != constants.UserDeletedWebhookEvent && eventName != constants.UserAccessEnabledWebhookEvent && eventName != constants.UserAccessRevokedWebhookEvent && eventName != constants.UserDeactivatedWebhookEvent {
 		return false
 	}