User Account Deletion

[allan1m]

Story Description: User Account Deletion SRS: 1.1.2. User Account Management SDD: Back-End Design Story: As a user of the community board mobile application, I want to have the ability to delete my account if I no longer wish to be part of the community or if I want to deactivate my account temporarily.

Acceptance Criteria:

1. Delete Account Functionality:

• Implement a user-friendly mechanism within the application to allow users to initiate the account deletion process.
• Provide clear instructions and options for users to confirm their decision to delete their account.

2. Backend Integration:

• Develop backend API endpoints to handle user account deletion requests securely.
• Ensure that the backend verifies the authenticity of the user initiating the deletion process to prevent unauthorized account deletions.

3. Data Removal:

• Delete all user-related data associated with the account from the backend database upon successful account deletion.
• Remove any references or associations of the user account from the system to ensure data privacy and compliance with regulations.

4. Confirmation and Feedback:

• Prompt users to confirm their decision before proceeding with the account deletion process.
• Provide informative feedback to users upon successful deletion of their account, confirming the completion of the process.

5. Graceful Handling of Deletion Errors:

• Handle potential errors or exceptions that may occur during the account deletion process gracefully.
• Provide informative error messages to users in case of deletion failures or unexpected issues.

6. Account Deactivation (Optional):

• Optionally, implement functionality to allow users to deactivate their accounts temporarily instead of permanently deleting them.
• Provide users with the option to reactivate their accounts later if they decide to return to the community.

7. Testing and Quality Assurance:

• Develop comprehensive unit tests to validate the functionality of the user account deletion feature.
• Write integration tests to ensure seamless interaction between the frontend and backend components.
• Conduct end-to-end testing to simulate user account deletion scenarios and validate the user experience.

8. Documentation and Support:

• Document the account deletion process and associated API endpoints for future reference and maintenance.
• Provide user support and documentation to assist users with the account deletion process if needed.
• Ensure that the account deletion feature aligns with user expectations and usability standards.

Additional Considerations:

• Implement logging and auditing mechanisms to track account deletion requests and ensure accountability.
• Provide users with the option to download their data or export content before initiating the account deletion process.
• Comply with relevant data protection regulations (e.g., GDPR) regarding user data deletion and retention policies.

[allan1m]

By implementing the user account deletion feature according to the outlined requirements and considerations, users will have the flexibility to manage their accounts and data according to their preferences within the community board mobile application.

[awarbler]

@allan1m I am unclear about the first comment.

I added this to the teams file. Was this not necessary?

Story Description Objective:To verify that the backend system correctly deletes an existing user's account upon request.

Preconditions:

The backend server is up and running.

The user to be deleted exists in the system.

The user requesting deletion is authenticated and authorized to delete the account.

Test Steps:

Start with: The authenticated user has requested account deletion.

Actions:

a. Send a DELETE request to the backend API endpoint designated for account deletion.

b. Include the user's unique identifier (userId or username) in the request.

c. Ensure the Backend validates the requestor's permissions to perform account deletion.

d. Backend processes the deletion request and removes the user's data from the database.

e. Backend should revoke any active sessions or tokens associated with the user account.

f. Backend sends a confirmation response to the client upon successful deletion.

Ends with: The user account is no longer present in the system.

Expected Results:

1. The Backend returns a successful response indicating the account has been deleted.

2. The user's account is no longer retrievable from the database.

3. The user cannot log in or recover the account post-deletion.

4. Any subsequent API requests referencing the deleted user should be invalid.

Postconditions:

Verify that the user's data does not exist in any part of the system.

Ensure that any personal data is purged in compliance with data protection regulations.

Notes:

Ensure that deletion is permanent and meets all regulatory compliance requirements.

Test for potential cascading effects on related data, such as posts or comments made by the user.

Check for proper error handling and messaging when deletion is impossible (e.g., due to pending operations).

Test Data:

Use an account earmarked for deletion with no dependencies that would prevent its removal.

Test Environment:

A test environment that mimics the production environment but does not affect live user data.

A backend environment that is configured for testing with mock data for deletion.

References:

API documentation for the account deletion endpoint.

Backend logic implementation for the delete operation.

Data retention and deletion policies

[awarbler]

Unit Test Cases

• [ ] Unit Test Case 1: Delete Account API Endpoint Objective: Test the deleteAccount API endpoint to ensure it correctly processes deletion requests.

Input:

• Valid user credentials and deletion request.

Expected Output:

• Successful deletion response, user data removed from database.

Test Steps:

1. Mock a valid user deletion request.
2. Invoke the deleteAccount endpoint with the mocked request.
3. Verify the response is successful.
4. Check the database to ensure the user's data is removed.

---

• [ ] Unit Test Case 2: Authentication Verification for Deletion Objective: Verify that the deletion process checks for user authentication.

Input:

• Deletion request with invalid or no authentication token.

Expected Output:

• Authentication error, account remains intact.

Test Steps:

1. Mock a deletion request without an authentication token.
2. Invoke the deleteAccount endpoint.
3. Expect an authentication error.
4. Verify that the user's account is still present in the database.

---

• [ ] Unit Test Case 3: User Confirmation for Account Deletion Objective: Ensure that the system requires user confirmation before deletion.

Input:

• Deletion request without user confirmation.

Expected Output:

• Account deletion is aborted, account remains intact.

Test Steps:

1. Mock a deletion request that bypasses user confirmation.
2. Invoke the deleteAccount endpoint.
3. Verify that the system aborts the deletion.
4. Confirm the user's account still exists in the database.

---

• [ ] Unit Test Case 4: Data Privacy Compliance on Deletion Objective: Confirm that all user-related data is removed upon account deletion.

Input:

• Valid deletion request with user confirmation.

Expected Output:

• All user-related data is purged from the system.

Test Steps:

1. Mock a valid deletion request with user confirmation.
2. Invoke the deleteAccount endpoint.
3. Verify the response indicates a successful deletion.
4. Check all databases and storage to confirm all user data is purged.

---

• [ ] Unit Test Case 5: Error Handling in Account Deletion Objective: Test the system's ability to handle errors during the deletion process.

Input:

• Deletion request that triggers a known error (e.g., database timeout).

Expected Output:

• Deletion process is halted, informative error message is returned.

Test Steps:

1. Mock a deletion request that will cause a database timeout.
2. Invoke the deleteAccount endpoint.
3. Verify that the deletion process is halted.
4. Check for an informative error message in the response.

---

• [ ] Unit Test Case 6: Account Deactivation Option Objective: Test the optional account deactivation feature.

Input:

• Request for account deactivation.

Expected Output:

• Account is deactivated, not deleted, and can be reactivated.

Test Steps: Mock a request for account deactivation. Invoke the relevant endpoint for account deactivation. Verify the account is deactivated but not deleted. Confirm that reactivation is possible.

• [ ] Unit Test Case 7: Logging Account Deletion Requests Objective: Ensure that deletion requests are properly logged for auditing.

Input:

Valid deletion request. Expected Output:

Deletion request is logged with sufficient details. Test Steps:

Mock a valid deletion request. Invoke the deleteAccount endpoint. Verify that the request, along with details like timestamp and user ID, is logged. Unit Test Case 8 Data Download Before Deletion Objective: Test the functionality that allows users to download their data before deletion.

Input:

Request for data download prior to account deletion. Expected Output:

Data is packaged and made available for download. Test Steps:

Mock a request for user data download. Invoke the data download functionality. Verify that the user's data is correctly packaged for download.

[awarbler]

Test Cases Code .java import static org.junit.Assert.*;

import java.util.Date; import org.junit.Test;

public class DeleteUserTest { / testValidDeletion: Tests if a user account can be successfully deleted with valid deletion credentials and confirms that the deletion date is set. /

@Test public void testValidDeletion() { // Arrange long userId = 123; String username = "testUser"; String email = "test@example.com"; String password = "password123"; String confirmationPassword = "password123"; String deletionReason = "Account closure";

// Act
DeleteUser deleteUser =
    new DeleteUser(userId, username, email, password, confirmationPassword,
                   deletionReason);
deleteUser.confirmDeletion();

// Assert
assertEquals(deletionReason, deleteUser.getDeletionReason());
assertNotNull(deleteUser.getDeletionDate());

}

/ testInvalidPassword: Tests if deletion fails when the confirmation password doesn't match the user's password. /

@Test public void testInvalidPassword() { // Arrange long userId = 123; String username = "testUser"; String email = "test@example.com"; String password = "password123"; String confirmationPassword = "invalidPassword"; String deletionReason = "Account closure";

// Act
DeleteUser deleteUser =
    new DeleteUser(userId, username, email, password, confirmationPassword,
                   deletionReason);

// Assert
assertFalse(deleteUser.validateCredentials());

}

/ testEmptyDeletionReason: Tests if deletion fails when the deletion reason is empty. /

@Test public void testEmptyDeletionReason() { // Arrange long userId = 123; String username = "testUser"; String email = "test@example.com"; String password = "password123"; String confirmationPassword = "password123"; String deletionReason = "";

// Act
DeleteUser deleteUser =
    new DeleteUser(userId, username, email, password, confirmationPassword,
                   deletionReason);

// Assert
assertFalse(deleteUser.validateCredentials());

}

/ testNullDeletionDateBeforeConfirmation: Tests if the deletion date is null before the deletion is confirmed. /

@Test public void testNullDeletionDateBeforeConfirmation() { // Arrange long userId = 123; String username = "testUser"; String email = "test@example.com"; String password = "password123"; String confirmationPassword = "password123"; String deletionReason = "Account closure";

// Act
DeleteUser deleteUser =
    new DeleteUser(userId, username, email, password, confirmationPassword,
                   deletionReason);

// Assert
assertNull(deleteUser.getDeletionDate());

}

/ testDeletionDateAfterConfirmation: Tests if the deletion date is set after the deletion is confirmed. /

@Test public void testDeletionDateAfterConfirmation() { // Arrange long userId = 123; String username = "testUser"; String email = "test@example.com"; String password = "password123"; String confirmationPassword = "password123"; String deletionReason = "Account closure";

// Act
DeleteUser deleteUser =
    new DeleteUser(userId, username, email, password, confirmationPassword,
                   deletionReason);
deleteUser.confirmDeletion();
Date deletionDate = deleteUser.getDeletionDate();

// Assert
assertNotNull(deletionDate);

} }

[awarbler]

Examples

import java.sql.Connection; import java.sql.DriverManager; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException;

abstract class DBTest { public void runTest(Connection connection) { try { if (test(connection)) { System.out.println(getClass().getSimpleName() + " passed."); } else { System.out.println(getClass().getSimpleName() + " failed."); } } catch (Exception e) { System.out.println(getClass().getSimpleName() + " raised an exception: " + e); } }

protected abstract boolean test(Connection connection); }

class TestDeleteAccount extends DBTest { @Override protected boolean test(Connection connection) { int userId = 1; return deleteAccount(userId, connection); }

private boolean deleteAccount(int userId, Connection connection) { try (PreparedStatement statement = connection.prepareStatement( "DELETE FROM accounts WHERE user_id = ?")) { statement.setInt(1, userId); int rowsAffected = statement.executeUpdate(); return rowsAffected > 0; } catch (SQLException e) { System.out.println("Error deleting account: " + e); return false; } } }

class TestAuthenticationVerification extends DBTest { @Override protected boolean test(Connection connection) { String invalidToken = "invalid_token"; return !verifyAuthentication(invalidToken); }

private boolean verifyAuthentication(String token) { // Simulate token verification return token.equals("valid_token"); } }

// Similarly, define other test classes following the same pattern

public class Main { public static void main(String[] args) { try { Connection connection = DriverManager.getConnection( "jdbc:mysql://localhost:3306/database_name", "username", "password"); new TestDeleteAccount().runTest(connection); // Run other tests similarly connection.close(); } catch (SQLException e) { e.printStackTrace(); } } }