Merge pull request #70 from trynoice/refactor/remove-redundant-soft-deletes

Remove soft deletes

Author: ashutoshgngwr

src/integrationTest/java/com/trynoice/api/identity/AccountControllerTest.java

@@ -2,6 +2,7 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.trynoice.api.identity.entities.AuthUser;
+import com.trynoice.api.identity.entities.RefreshToken;
 import com.trynoice.api.identity.exceptions.SignInTokenDispatchException;
 import com.trynoice.api.identity.payload.AuthCredentialsResponse;
 import com.trynoice.api.identity.payload.SignInParams;
@@ -357,11 +358,18 @@ void deleteAccount() throws Exception {
             .andExpect(status().is(HttpStatus.NO_CONTENT.value()));
 
         // validate that all existing refresh tokens have been revoked.
-        assertTrue(refreshTokens.stream().noneMatch(t -> t.getDeletedAt() != null));
+        refreshTokens.stream()
+            .map(t -> entityManager.find(RefreshToken.class, t.getId()))
+            .forEach(t -> assertTrue(t.getExpiresAt().isBefore(OffsetDateTime.now())));
 
-        // perform the request again to ensure access token no longer works
+        // validate that account has been deactivated.'
+        Stream.of(user)
+            .map(u -> entityManager.find(AuthUser.class, u.getId()))
+            .forEach(u -> assertNotNull(u.getDeactivatedAt()));
+
+        // perform a request to ensure access token no longer works
         mockMvc.perform(
-                delete(urlFmt, anotherUser.getId())
+                get("/v1/accounts/profile")
                     .header("Authorization", "Bearer " + accessToken))
             .andExpect(status().is(HttpStatus.UNAUTHORIZED.value()));
     }

src/integrationTest/java/com/trynoice/api/identity/entities/RefreshTokenRepositoryTest.java

@@ -7,6 +7,7 @@
 import org.springframework.transaction.annotation.Transactional;
 
 import javax.persistence.EntityManager;
+import java.time.OffsetDateTime;
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
 
@@ -25,7 +26,7 @@ public class RefreshTokenRepositoryTest {
     private RefreshTokenRepository refreshTokenRepository;
 
     @Test
-    void deleteAllByOwnerId() {
+    void updateExpiresAtOfAllByOwnerId() {
         val user = createAuthUser(entityManager);
 
         val ownedRefreshTokens = IntStream.range(0, 5)
@@ -36,13 +37,13 @@ void deleteAllByOwnerId() {
             .mapToObj(i -> createRefreshToken(entityManager, createAuthUser(entityManager)))
             .collect(Collectors.toUnmodifiableList());
 
-        refreshTokenRepository.deleteAllByOwnerId(user.getId());
-        assertTrue(
-            ownedRefreshTokens.stream()
-                .noneMatch(t -> refreshTokenRepository.existsById(t.getId())));
+        refreshTokenRepository.updateExpiresAtOfAllByOwnerId(OffsetDateTime.now(), user.getId());
+        ownedRefreshTokens.stream()
+            .map(t -> entityManager.find(RefreshToken.class, t.getId()))
+            .forEach(t -> assertTrue(t.getExpiresAt().isBefore(OffsetDateTime.now())));
 
-        assertTrue(
-            unownedRefreshTokens.stream()
-                .allMatch(t -> refreshTokenRepository.existsById(t.getId())));
+        unownedRefreshTokens.stream()
+            .map(t -> entityManager.find(RefreshToken.class, t.getId()))
+            .forEach(t -> assertTrue(t.getExpiresAt().isAfter(OffsetDateTime.now())));
     }
 }

src/integrationTest/java/com/trynoice/api/platform/BasicEntityRepositoryTest.java

@@ -66,11 +66,13 @@ public static Subscription buildSubscription(
 
     @NonNull
     static Customer buildCustomer(@NonNull EntityManager entityManager, @NonNull AuthUser user) {
-        val customer = Customer.builder()
-            .userId(user.getId())
-            .stripeId(UUID.randomUUID().toString())
-            .build();
+        val customer = Optional.ofNullable(entityManager.find(Customer.class, user.getId()))
+            .orElse(
+                Customer.builder()
+                    .userId(user.getId())
+                    .build());
 
+        customer.setStripeId(UUID.randomUUID().toString());
         return entityManager.merge(customer);
     }
 

src/integrationTest/java/com/trynoice/api/platform/TestConfig.java

@@ -92,20 +92,18 @@ public static String createSignedRefreshJwt(
 
         val jwtSigningAlgorithm = Algorithm.HMAC256(hmacSecret);
         if (type != JwtType.REUSED) {
-            return refreshToken.getJwt(jwtSigningAlgorithm);
+            return refreshToken.toSignedJwt(jwtSigningAlgorithm);
         }
 
         // create a separate entity that is not attached to the entity manager.
-        val usedRefreshToken = RefreshToken.builder()
+        return RefreshToken.builder()
+            .id(refreshToken.getId())
+            .createdAt(refreshToken.getCreatedAt())
             .owner(owner)
             .expiresAt(refreshToken.getExpiresAt())
             .ordinal(refreshToken.getOrdinal() + 1)
-            .build();
-
-        usedRefreshToken.setId(refreshToken.getId());
-        usedRefreshToken.setCreatedAt(refreshToken.getCreatedAt());
-
-        return usedRefreshToken.getJwt(jwtSigningAlgorithm);
+            .build()
+            .toSignedJwt(jwtSigningAlgorithm);
     }
 
     /**

src/integrationTest/java/com/trynoice/api/platform/TestEntity.java

@@ -271,12 +271,18 @@ ResponseEntity<Void> updateProfile(
     }
 
     /**
-     * Deletes the account of an authenticated user. If the account with the given {@literal
-     * accountId} does not belong to the authenticated user, it returns {@literal HTTP 400}.
+     * <p>
+     * Schedules an account for deletion. If the account with the given {@literal accountId} does
+     * not belong to the authenticated user, it returns {@literal HTTP 400}.</p>
+     *
+     * <p>
+     * Users will immediately lose access to their accounts and their account will be deactivated.
+     * Deactivated accounts are permanently deleted after some time. Users can restore their
+     * deactivated accounts before permanent deletion by completing a successful sign-in.</p>
      *
      * @param accountId must be the account id of the authenticated user.
      */
-    @Operation(summary = "Delete account of the auth user")
+    @Operation(summary = "Schedule the account of the auth user for deletion")
     @ApiResponses({
         @ApiResponse(responseCode = "204", description = "account deleted successfully"),
         @ApiResponse(responseCode = "400", description = "request is not valid"),