Merge pull request #55 from blackjackkent/development

Deploy account deletion endpoint

Author: blackjackkent

README.md

@@ -36,7 +36,13 @@ You can run all unit tests using your preferred C# test runner. To generate a co
 
 This application communicates with the following external services:
 
-1. A SQL Server database for Tracker-specific account information. The connection string for this database is set in `./RPThreadTrackerV3.BackEnd/appsettings.json`. You can use the scripts in `./SQL/InitDatabase` to set up a local copy of the database tables for development purposes.
+
+1. A SQL Server database for Tracker-specific account information. The connection string for this database is set in `./RPThreadTrackerV3.BackEnd/appsettings.json`. You can use the following command to set up a local copy of the database tables for development purposes:
+
+```
+cd ./SQL/InitDatabase
+sh ./InitDatabase.sh "(localdb)\mssqllocaldb" # or other local SQL server info
+```
 2. A DocumentDB NoSQL database for maintaining information about customized public views. You can run a local DocumentDB server using the [Azure CosmosDB Emulator](https://docs.microsoft.com/en-us/azure/cosmos-db/local-emulator), and set the connection information for this server in the `./RPThreadTrackerV3.BackEnd/appsettings.secure.json` file that you created earlier.
 
 	Unfortunately, this portion of the service can only be run on Windows machines at this time.

RPThreadTrackerV3.BackEnd.Test/Controllers/UserControllerTests.cs

@@ -171,6 +171,51 @@ public async Task ReturnsOkWhenRequestSuccessful()
             }
         }
 
+        public class DeleteAccount : UserControllerTests
+        {
+            [Fact]
+            public async Task ReturnsServerErrorWhenUnexpectedErrorOccurs()
+            {
+                // Arrange
+                _mockAuthService.Setup(s => s.DeleteAccount(It.IsAny<ClaimsPrincipal>(), _mockUserManager.Object))
+                    .Throws<NullReferenceException>();
+
+                // Act
+                var result = await Controller.DeleteAccount();
+
+                // Assert
+                result.Should().BeOfType<ObjectResult>();
+                ((ObjectResult)result).StatusCode.Should().Be(500);
+            }
+
+            [Fact]
+            public async Task ReturnsBadRequestWhenRequestIsInvalid()
+            {
+                // Arrange
+                var exception = new InvalidAccountDeletionException(new List<string> { "error1", "error2" });
+                _mockAuthService.Setup(s => s.DeleteAccount(It.IsAny<ClaimsPrincipal>(), _mockUserManager.Object))
+                    .Throws(exception);
+
+                // Act
+                var result = await Controller.DeleteAccount();
+                var body = ((BadRequestObjectResult)result).Value as List<string>;
+
+                // Assert
+                result.Should().BeOfType<BadRequestObjectResult>();
+                body.Should().HaveCount(1);
+            }
+
+            [Fact]
+            public async Task ReturnsOkWhenRequestSuccessful()
+            {
+                // Act
+                var result = await Controller.DeleteAccount();
+
+                // Assert
+                result.Should().BeOfType<OkResult>();
+            }
+        }
+
         public class ChangeAccountInformation : UserControllerTests
         {
             [Fact]

RPThreadTrackerV3.BackEnd.Test/Infrastructure/Services/AuthServiceTests.cs

@@ -726,6 +726,50 @@ public void ThrowsExceptionIfAddingToRoleUnsuccessful()
             }
         }
 
+        public class DeleteAccount : AuthServiceTests
+        {
+            [Fact]
+            public async Task DeletesSuccessfully()
+            {
+                // Arrange
+                var user = new ClaimsPrincipal();
+                _mockUserManager.Setup(m => m.DeleteAsync(It.IsAny<IdentityUser>())).Returns(Task.FromResult(IdentityResult.Success));
+                _mockUserManager.Setup(m => m.GetUserAsync(It.Is<ClaimsPrincipal>(p => ReferenceEquals(p, user))))
+                    .Returns(Task.FromResult(new IdentityUser("my-username")));
+
+                // Act
+                await _authService.DeleteAccount(user, _mockUserManager.Object);
+
+                // Assert
+                _mockUserManager.Verify(m => m.DeleteAsync(It.Is<IdentityUser>(u => u.UserName == "my-username")), Times.Once);
+            }
+
+            [Fact]
+            public void ThrowsExceptionIfDeletionUnsuccessful()
+            {
+                // Arrange
+                var user = new ClaimsPrincipal();
+                _mockUserManager.Setup(m => m.GetUserAsync(It.Is<ClaimsPrincipal>(p => ReferenceEquals(p, user))))
+                    .Returns(Task.FromResult(new IdentityUser("my-username")));
+                var failureResult = IdentityResult.Failed(new List<IdentityError>
+                {
+                    new IdentityError { Description = "Test Error 1" },
+                    new IdentityError { Description = "Test Error 2" }
+                }.ToArray());
+                _mockUserManager.Setup(m => m.DeleteAsync(It.IsAny<IdentityUser>()))
+                    .Returns(Task.FromResult(failureResult));
+
+                // Act
+                Func<Task> action = async () => await _authService.DeleteAccount(user, _mockUserManager.Object);
+
+                // Assert
+                action.Should().Throw<InvalidAccountDeletionException>()
+                    .Which.Errors.Should().HaveCount(2)
+                    .And.Contain("Test Error 1")
+                    .And.Contain("Test Error 2");
+            }
+        }
+
         public class RevokeRefreshToken : AuthServiceTests
         {
             [Fact]

RPThreadTrackerV3.BackEnd/Controllers/UserController.cs

@@ -157,6 +157,42 @@ public async Task<IActionResult> ChangeAccountInformation([FromBody] ChangeAccou
 				_logger.LogError(e, $"Error requesting account information change for {User.Identity.Name}");
 			    return StatusCode(500, "An unexpected error occurred.");
 			}
-	    }
-	}
+        }
+
+        /// <summary>
+        /// Processes a request to delete the current user's account.
+        /// </summary>
+        /// <returns>
+        /// HTTP response containing the results of the request<para />
+        /// <list type="table"><item><term>200 OK</term><description>Response code for successful deletion of account information</description></item>
+        /// <item><term>400 Bad Request</term><description>Response code for invalid account information deletion request</description></item>
+        /// <item><term>500 Internal Server Error</term><description>Response code for unexpected errors</description></item></list>
+        /// </returns>
+        [HttpDelete]
+        [Route("")]
+        [ProducesResponseType(200)]
+        [ProducesResponseType(400, Type = typeof(List<string>))]
+        [ProducesResponseType(500)]
+        public async Task<IActionResult> DeleteAccount()
+        {
+            try
+            {
+                _logger.LogInformation($"Received request to delete account information for user {UserId}");
+                var claimsUser = User;
+                await _authService.DeleteAccount(claimsUser, _userManager);
+                _logger.LogInformation($"Processed request to delete user data for user {UserId}");
+                return Ok();
+            }
+            catch (InvalidAccountDeletionException e)
+            {
+                _logger.LogWarning(e, $"Error deleting account info for {User.Identity.Name}: {e.Errors}");
+                return BadRequest(new List<string> { "You do not have permission to delete this account." });
+            }
+            catch (Exception e)
+            {
+                _logger.LogError(e, $"Error deleting account information for {User.Identity.Name}");
+                return StatusCode(500, "An unexpected error occurred.");
+            }
+        }
+    }
 }

RPThreadTrackerV3.BackEnd/Infrastructure/Exceptions/Account/InvalidAccountDeletionException.cs

@@ -0,0 +1,35 @@
+// <copyright file="InvalidAccountDeletionException.cs" company="Rosalind Wills">
+// Copyright (c) Rosalind Wills. All rights reserved.
+// Licensed under the GPL v3 license. See LICENSE file in the project root for full license information.
+// </copyright>
+
+namespace RPThreadTrackerV3.BackEnd.Infrastructure.Exceptions.Account
+{
+    using System;
+    using System.Collections.Generic;
+
+    /// <summary>
+    /// The exception that is thrown when there was an error deleting a user's account information.
+    /// </summary>
+    /// <seealso cref="Exception" />
+    public class InvalidAccountDeletionException : Exception
+    {
+        /// <summary>
+        /// Gets or sets the errors resulting from the account deletion failure.
+        /// </summary>
+        /// <value>
+        /// The errors resulting from the account deletion failure.
+        /// </value>
+        public List<string> Errors { get; set; }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="InvalidAccountDeletionException"/> class.
+        /// </summary>
+        /// <param name="errors">The errors resulting from the account deletion failure.</param>
+        public InvalidAccountDeletionException(List<string> errors)
+            : base("There was an error deleting the users's account information.")
+        {
+            Errors = errors;
+        }
+    }
+}

RPThreadTrackerV3.BackEnd/Infrastructure/Services/AuthService.cs

@@ -253,6 +253,18 @@ public async Task AddUserToRole(IdentityUser user, string role, UserManager<Iden
             }
         }
 
+        /// <inheritdoc />
+        /// <exception cref="InvalidAccountDeletionException">Thrown if the account deletion could not be completed.</exception>
+        public async Task DeleteAccount(ClaimsPrincipal claimsUser, UserManager<IdentityUser> userManager)
+        {
+            var identityUser = await userManager.GetUserAsync(claimsUser);
+            var result = await userManager.DeleteAsync(identityUser);
+            if (!result.Succeeded)
+            {
+                throw new InvalidAccountDeletionException(result.Errors.Select(e => e.Description).ToList());
+            }
+        }
+
         /// <inheritdoc />
         public void RevokeRefreshToken(string refreshToken, IRepository<RefreshToken> refreshTokenRepository)
         {

RPThreadTrackerV3.BackEnd/Interfaces/Services/IAuthService.cs

@@ -171,6 +171,16 @@ public interface IAuthService
         /// </returns>
         Task AddUserToRole(IdentityUser user, string role, UserManager<IdentityUser> userManager);
 
+        /// <summary>
+        /// Deletes a user's account.
+        /// </summary>
+        /// <param name="claimsUser">The claims principal.</param>
+        /// <param name="userManager">The user manager.</param>
+        /// <returns>
+        /// A task that represents the asynchronous operation.
+        /// </returns>
+        Task DeleteAccount(ClaimsPrincipal claimsUser, UserManager<IdentityUser> userManager);
+
         /// <summary>
         /// Revokes the given refresh token.
         /// </summary>

appveyor.yml

@@ -17,7 +17,7 @@
     ps: |
       $env:PATH = 'C:\msys64\usr\bin;' + $env:PATH
       Invoke-WebRequest -Uri 'https://codecov.io/bash' -OutFile codecov.sh
-      bash codecov.sh -f "RPThreadTrackerV3.BackEnd.Test/coverage.opencover.xml"
+      bash codecov.sh -f "RPThreadTrackerV3.BackEnd.Test/coverage.opencover.xml" -U "-s" -A "-s"
   artifacts:
     - path: '\RPThreadTrackerV3.BackEnd\bin\Release\netcoreapp2.1\publish'
       name: WebSite
@@ -50,7 +50,7 @@
     ps: |
       $env:PATH = 'C:\msys64\usr\bin;' + $env:PATH
       Invoke-WebRequest -Uri 'https://codecov.io/bash' -OutFile codecov.sh
-      bash codecov.sh -f "RPThreadTrackerV3.BackEnd.Test/coverage.opencover.xml"
+      bash codecov.sh -f "RPThreadTrackerV3.BackEnd.Test/coverage.opencover.xml" -U "-s" -A "-s"
   artifacts:
     - path: '\RPThreadTrackerV3.BackEnd\bin\Release\netcoreapp2.1\publish'
       name: WebSite