impr: better handling of ghost accounts (fehmer) (#5159)

* impr: better handling of ghost accounts * move deletion to server * wording
2025-10-28 17:56:09 +08:00 · 2024-03-04 14:23:33 +01:00 · 2024-03-04 14:23:33 +01:00 · f7fe0e3f01
commit f7fe0e3f01
parent d2d7b3e109
4 changed files with 20 additions and 42 deletions
--- a/backend/src/api/controllers/user.ts
+++ b/backend/src/api/controllers/user.ts
@ -26,7 +26,10 @@ import { ObjectId } from "mongodb";
 import * as ReportDAL from "../../dal/report";
 import emailQueue from "../../queues/email-queue";
 import FirebaseAdmin from "../../init/firebase-admin";
-import { removeTokensFromCacheByUid } from "../../utils/auth";
+import {
+  removeTokensFromCacheByUid,
+  deleteUser as firebaseDeleteUser,
+} from "../../utils/auth";

 async function verifyCaptcha(captcha: string): Promise<void> {
  if (!(await verify(captcha))) {
@ -44,7 +47,7 @@ export async function createNewUser(
    await verifyCaptcha(captcha);
  } catch (e) {
    try {
-      await FirebaseAdmin().auth().deleteUser(uid);
+      await firebaseDeleteUser(uid);
    } catch (e) {
      // user might be deleted on the frontend
    }
@ -176,17 +179,23 @@ export async function deleteUser(
  const { uid } = req.ctx.decodedToken;

  const userInfo = await UserDAL.getUser(uid, "delete user");
+
+  //cleanup database
  await Promise.all([
    UserDAL.deleteUser(uid),
    deleteAllApeKeys(uid),
    deleteAllPresets(uid),
    deleteConfig(uid),
+    deleteAllResults(uid),
    purgeUserFromDailyLeaderboards(
      uid,
      req.ctx.configuration.dailyLeaderboards
    ),
  ]);

+  //delete user from
+  await firebaseDeleteUser(uid);
+
  void Logger.logToDb(
    "user_deleted",
    `${userInfo.email} ${userInfo.name}`,
@ -345,7 +354,7 @@ export async function getUser(
      //since there is no data in the database anyway, we can just delete the user from the auth system
      //and ask them to sign up again
      try {
-        await FirebaseAdmin().auth().deleteUser(uid);
+        await firebaseDeleteUser(uid);
        throw new MonkeyError(
          404,
          "User not found in the database, but found in the auth system. We have deleted the ghost user from the auth system. Please sign up again.",
--- a/backend/src/utils/auth.ts
+++ b/backend/src/utils/auth.ts
@ -59,6 +59,11 @@ export async function updateUserEmail(
  });
 }

+export async function deleteUser(uid: string): Promise<void> {
+  await FirebaseAdmin().auth().deleteUser(uid);
+  removeTokensFromCacheByUid(uid);
+}
+
 export function removeTokensFromCacheByUid(uid: string): void {
  for (const entry of tokenCache.entries()) {
    if (entry[1].uid === uid) {
--- a/frontend/src/ts/controllers/account-controller.ts
+++ b/frontend/src/ts/controllers/account-controller.ts
@ -548,9 +548,8 @@ async function signUp(): Promise<void> {

  authListener();

-  let createdAuthUser;
  try {
-    createdAuthUser = await createUserWithEmailAndPassword(
+    const createdAuthUser = await createUserWithEmailAndPassword(
      Auth,
      email,
      password
@ -590,20 +589,6 @@ async function signUp(): Promise<void> {
    }
    Notifications.add("Account created", 1);
  } catch (e) {
-    //make sure to do clean up here
-    if (createdAuthUser) {
-      try {
-        await Ape.users.delete();
-      } catch (e) {
-        // account might already be deleted
-      }
-      try {
-        await createdAuthUser.user.delete();
-      } catch (e) {
-        // account might already be deleted
-      }
-    }
-    console.log(e);
    const message = Misc.createErrorMessage(e, "Failed to create account");
    Notifications.add(message, -1);
    LoginPage.hidePreloader();
--- a/frontend/src/ts/popups/simple-popups.ts
+++ b/frontend/src/ts/popups/simple-popups.ts
@ -880,34 +880,13 @@ list.deleteAccount = new SimplePopup(
      };
    }

-    Notifications.add("Deleting stats...", 0);
+    Notifications.add("Deleting all data...", 0);
    const usersResponse = await Ape.users.delete();

    if (usersResponse.status !== 200) {
      return {
        status: -1,
-        message: "Failed to delete user stats: " + usersResponse.message,
-      };
-    }
-
-    Notifications.add("Deleting results...", 0);
-    const resultsResponse = await Ape.results.deleteAll();
-
-    if (resultsResponse.status !== 200) {
-      return {
-        status: -1,
-        message: "Failed to delete results: " + resultsResponse.message,
-      };
-    }
-
-    Notifications.add("Deleting login information...", 0);
-    try {
-      await reauth.user.delete();
-    } catch (e) {
-      const message = createErrorMessage(e, "Failed to delete auth user");
-      return {
-        status: -1,
-        message,
+        message: "Failed to delete user data: " + usersResponse.message,
      };
    }