[native] add back password input for account deletion
ClosedPublic
Actions

Authored by varun on Wed, Jun 5, 9:55 PM.

Details

Reviewers

ashoat
tomek
inka

Commits

rCOMM32894cf32ae3: [native] add back password input for account deletion

Summary

as per the white paper, we will require password users to enter their password in order to delete their account.

Depends on D12325

Test Plan

usingCommServicesAccessToken = false; no change to the UI
usingCommServicesAccessToken = true, password user; prompted for password, if incorrect, identity account deletion fails and alert is displayed, but user is not logged out. if correct, account successfully deleted and user is logged out
usingCommServicesAccessToken = true, wallet user; no change to the UI, account deletion successful
usingCommServicesAccessToken = true, password user, keyserver offline; prompted for password, if correct identity account deletion succeeds but keyserver account deletion fails. user is logged out and deleteAccountActionTypes.success is dispatched

Simulator Screenshot - iPhone 15 Pro Max - 2024-06-06 at 01.01.02.png (2×1 px, 234 KB)

Simulator Screenshot - iPhone 15 Pro Max - 2024-06-06 at 01.00.48.png (2×1 px, 144 KB)

Diff Detail

Repository

rCOMM Comm

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

varun created this revision.Wed, Jun 5, 9:55 PM

varun edited the test plan for this revision. (Show Details)Wed, Jun 5, 10:03 PM

varun attached a referenced file: F1957873: Simulator Screenshot - iPhone 15 Pro Max - 2024-06-06 at 01.00.48.png. (Show Details)

varun attached a referenced file: F1957874: Simulator Screenshot - iPhone 15 Pro Max - 2024-06-06 at 01.01.02.png. (Show Details)

varun attached a referenced file: F1957876: Simulator Screenshot - iPhone 15 Pro Max - 2024-06-06 at 01.01.22.png. (Show Details)

improve UX if identity account deletion fails

Harbormaster completed remote builds in B29467: Diff 41002.Wed, Jun 5, 10:12 PM

fix error handling and ordering in useDeleteAccount

fix regression when usingCSAT is false

Harbormaster completed remote builds in B29497: Diff 41070.Thu, Jun 6, 12:49 PM

adding @inka as a blocking reviewer

referenced this commit for the UI changes: https://github.com/CommE2E/comm/commit/ba9a43c03a7c0f95ba7c71963452b2c98c0e9e8c?diff=split&w=0

lib/actions/user-actions.js
335 ↗	(On Diff #41071)	we await this promise first to make sure that the user isn't logged out if identity account deletion fails. `callKeyserverDeleteAccount` below calls `setNewSession` if it succeeds, which logs the user out
336–356 ↗	(On Diff #41071)	if usingCSAT and keyserver account deletion fails, we should still dispatch `deleteAccountActionTypes.success`. otherwise, the user would be visibly logged in but unable to connect to a keyserver since they wouldn't have any keys in DynamoDB keyservers will have "zombie" accounts if keyserver account deletion fails but identity account deletion succeeds. we'll need some way to clean them up. this might be handled by ENG-7838 or ENG-5918 (cc @kamil )
349–351 ↗	(On Diff #41071)	in the pre-usingCSAT world, we don't want to dispatch `deleteAccountActionTypes.success` if keyserver account deletion fails

Harbormaster completed remote builds in B29498: Diff 41071.Thu, Jun 6, 1:01 PM

varun added inline comments.Thu, Jun 6, 1:08 PM

lib/actions/user-actions.js
357–363 ↗	(On Diff #41071)	it seems like the only reducer that checks the payload on `deleteAccountActionTypes.success` is `reduceCurrentUserInfo`, which sets `currentUserInfo` in `redux` to the value of `currentUserInfo` in the payload if it's different than the existing state. i think setting it to null is correct, but want to double check (cc @tomek, @inka )

varun edited the test plan for this revision. (Show Details)Thu, Jun 6, 1:10 PM

varun added 1 blocking reviewer(s): ashoat.Thu, Jun 6, 1:17 PM

varun added a child revision: D12335: [identity] reintroduce check to make sure only wallet users can call deleteWalletUser RPC.Thu, Jun 6, 1:20 PM

ashoat accepted this revision.Thu, Jun 6, 1:41 PM

ashoat added inline comments.

lib/actions/user-actions.js
317–335 ↗	(On Diff #41071)	There's really no point to declaring this IIFE
358 ↗	(On Diff #41071)	This changed but I think it's okay
native/profile/delete-account.react.js
92 ↗	(On Diff #41071)	We never capitalize like this. It should always be "Password required". But separately, can we make the error cases and language match what we had previously?

inka accepted this revision.Fri, Jun 7, 6:36 AM

inka added inline comments.

lib/actions/user-actions.js
317–335 ↗	(On Diff #41071)	@ashoat in your code we call both `await identityClient.deletePasswordUser(password);` and `await identityClient.deleteWalletUser();` in case of a password user, I don't think that's right.

This revision is now accepted and ready to land.Fri, Jun 7, 6:36 AM

ashoat added inline comments.Fri, Jun 7, 8:07 AM

lib/actions/user-actions.js
317–335 ↗	(On Diff #41071)	Right, I missed a `return` after the `await identityClient.deletePasswordUser(password)`

varun added inline comments.Fri, Jun 7, 10:58 AM

lib/actions/user-actions.js
317–335 ↗	(On Diff #41071)	I don't think we want to `return` after the `await identityClient.deletePasswordUser(password)`, but I think I understand your general feedback about not using an IIFE