implement 'delete account' feature

[qisforq]

Objective:

Implement a "Delete Account" feature that allows users to request the deletion of their account, including a manual verification process and a built-in delay.

Sub-tasks:

1. Design the Delete Account user flow

   • [ ] Create wireframes or mockups for the Delete Account feature, including the confirmation dialog and success message
   • [ ] Define the steps involved in the deletion process, such as requesting confirmation, initiating the manual verification, and applying the built-in delay
   • [ ] Obtain approval from stakeholders on the user flow and design

2. Implement the Delete Account UI

   • [ ] Create a new component or modify an existing one to display the Delete Account option in the user settings or profile page
   • [ ] Develop the confirmation dialog that appears when the user clicks on the Delete Account option
   • [ ] Include clear instructions and warnings about the consequences of account deletion

3. Handle the Delete Account request

   • [ ] Implement the necessary API endpoints in the backend to process the Delete Account request
   • [ ] Store the deletion request details, including the user ID, timestamp, and verification status
   • [ ] Send a confirmation email to the user's registered email address to verify the deletion request

4. Implement manual verification process

   • [ ] Create an admin interface or dashboard for manual verification of Delete Account requests
   • [ ] Provide the admin with the necessary information (e.g., user ID, deletion request timestamp) to review and approve/reject the requests
   • [ ] Implement a mechanism to notify the user about the status of their deletion request

5. Apply the built-in delay

   • [ ] Implement a configurable delay period (e.g., 30 days) before the actual deletion of the user's account
   • [ ] Store the scheduled deletion date in the database and associate it with the user's account
   • [ ] Create a background job or cron task to automatically delete the user's account once the delay period has passed

6. Implement account deletion

   • [ ] Develop the necessary database queries or API endpoints to permanently delete the user's account and associated data
   • [ ] Ensure all related records, such as user-generated content or references to the user's ID, are properly handled or anonymized
   • [ ] Send a final confirmation email to the user notifying them about the successful deletion of their account

7. Test and monitor

   • [ ] Conduct thorough testing of the Delete Account feature, including the manual verification process and built-in delay
   • [ ] Verify that the user's account and associated data are properly deleted after the delay period
   • [ ] Monitor the performance and reliability of the deletion process and make necessary optimizations

[qisforq]

Do not execute deletion right away, just create a deletion request which should be manually reviewed first

[chef-louis]

• Added purge_user_data_requests table to the postgres database to keep record of ongoing deletion requests along with their status
• Initial front-end button click will trigger an entry in the above table... an email will also be sent to an approved support email address
• The operator managing the deletion request should carefully purge all relevant data points in our AWS systems (incl. amplify) and update the status of the deletion request in the above table once everything is complete

[qisforq]

Perfect, this is a great approach. Eventually we can build an admin portal to handle the admin functions.

Regarding the approved support email address, what exactly has been implemented now, and what needs to be done in the future?

[chef-louis]

I didn't have a support email address in mind so I imagine we'd make one and have a Standard Operating Practice drafted to spell out the steps for someone to follow in deleting the relevant data for a given user. I can add this as a follow-on task potentially in the subsequent sprint.

In terms of this sprint, I think we can wrap it up with the following for now:

1. Connect the front-end button to trigger the previously mentioned lambda function
2. Add an Email (via SES) to be sent somewhere (TBD on finalized support email address)

[chef-louis]

• Added POST request handling to log user's amplify_id upon confirmation of delete request.
• TODO: limit user ability to use account features while account is under pending delete. Leave a support email contact info for further assistance in case of an issue.

[chef-louis]

Rethinking the need for a limited functionality. I've gone with a more simple approach for now that signals to the user that the account deletion is pending. Added screenshots below for clarity into the general flow. Once the deletion is completed, the user should receive an email confirmation of the data deletion.

[chef-louis]

@qisforq I've copied the send email logic from the referral invite lambda function but it doesn't seem to be working. I'll check in with you tomorrow to see if there is some SES configuration that I need to be adding to get the lambda function code to work properly.

[qisforq]

@chef-louis What issue are you running into? Are you getting an error?

[chef-louis]

@qisforq I am getting a fairly non-descript POST error in the console. So something fails on the email send logic as that's the last step in the lambda function.

[qisforq]

@chef-louis I fixed it! 👨‍🔧🦾👾🎯

[qisforq]

It was because deleteUserDataRequest was connected to a VPC, which counter-intuitively removes default internet access, in which case you would need to manually configure that access. I just removed access to the VPC, and now it works. One of those many quirks with AWS 🙃

[qisforq]

However, you'll also need to verify louis@athleti.fi in order to use that email address https://us-east-2.console.aws.amazon.com/ses/home?region=us-east-2#/identities

[chef-louis]

However, you'll also need to verify louis@athleti.fi in order to use that email address https://us-east-2.console.aws.amazon.com/ses/home?region=us-east-2#/identities

Gotcha, I was using my email as a placeholder test email. I'll add it to SES for now with the thinking that we'll update that once the we have something more official. Thanks for helping me debug and finding the solution!

[qisforq]

No problem! Yeah that reminds me of another production task we need to take care of - moving SES out of sandbox mode

[chef-louis]

Just tested on my end, works as expected. Making a PR for the rest of the code