added user deletion

[bauerem]

Added user deletion feature.

[miguelgrinberg]

Thanks, but I can't accept this feature. Deleting a user is not as simple as you have implemented here. The user may have followers and blog posts and those need to be handled in some way, they cannot be left in the database pointing to a user that does not exist (most database would not even allow you to delete it).

There is also the fact that immediately after deleting yourself you will lose access to the API, which is strange. In general user deletions are not handled in this way. Normally such a complex operation needs to be carried out manually by a support person.

[bauerem]

Hi Miguel, thank you for your helpful explanation. However, as a user I expect to be able to delete my account and my data to be removed from the server. (This is also apparently a requirement for iOS apps: https://developer.apple.com/support/offering-account-deletion-in-your-app/) It is not feasible to automate this? And how else if not by an API route? Can we not solve this with cascades, i.e. automatically delete all tokens, posts, and follow relationships?

[miguelgrinberg]

Yes, you can solve this with cascades, or some other methods, none of which you implemented here. But in general deleting an account is done after a review by a human, not automatically via endpoint. There is an endpoint to make a request, then an admin reviews and executes the request.