From f7fe0e3f015149f6af5d75e68edffe289b68f476 Mon Sep 17 00:00:00 2001
From: Christian Fehmer <fehmer@users.noreply.github.com>
Date: Mon, 4 Mar 2024 14:23:33 +0100
Subject: [PATCH] impr: better handling of ghost accounts (fehmer) (#5159)

* impr: better handling of ghost accounts

* move deletion to server

* wording
---
 backend/src/api/controllers/user.ts           | 15 ++++++++---
 backend/src/utils/auth.ts                     |  5 ++++
 .../src/ts/controllers/account-controller.ts  | 17 +------------
 frontend/src/ts/popups/simple-popups.ts       | 25 ++-----------------
 4 files changed, 20 insertions(+), 42 deletions(-)

diff --git a/backend/src/api/controllers/user.ts b/backend/src/api/controllers/user.ts
index 797a86150..54f5dba8a 100644
--- a/backend/src/api/controllers/user.ts
+++ b/backend/src/api/controllers/user.ts
@@ -26,7 +26,10 @@ import { ObjectId } from "mongodb";
 import * as ReportDAL from "../../dal/report";
 import emailQueue from "../../queues/email-queue";
 import FirebaseAdmin from "../../init/firebase-admin";
-import { removeTokensFromCacheByUid } from "../../utils/auth";
+import {
+  removeTokensFromCacheByUid,
+  deleteUser as firebaseDeleteUser,
+} from "../../utils/auth";
 
 async function verifyCaptcha(captcha: string): Promise<void> {
   if (!(await verify(captcha))) {
@@ -44,7 +47,7 @@ export async function createNewUser(
     await verifyCaptcha(captcha);
   } catch (e) {
     try {
-      await FirebaseAdmin().auth().deleteUser(uid);
+      await firebaseDeleteUser(uid);
     } catch (e) {
       // user might be deleted on the frontend
     }
@@ -176,17 +179,23 @@ export async function deleteUser(
   const { uid } = req.ctx.decodedToken;
 
   const userInfo = await UserDAL.getUser(uid, "delete user");
+
+  //cleanup database
   await Promise.all([
     UserDAL.deleteUser(uid),
     deleteAllApeKeys(uid),
     deleteAllPresets(uid),
     deleteConfig(uid),
+    deleteAllResults(uid),
     purgeUserFromDailyLeaderboards(
       uid,
       req.ctx.configuration.dailyLeaderboards
     ),
   ]);
 
+  //delete user from
+  await firebaseDeleteUser(uid);
+
   void Logger.logToDb(
     "user_deleted",
     `${userInfo.email} ${userInfo.name}`,
@@ -345,7 +354,7 @@ export async function getUser(
       //since there is no data in the database anyway, we can just delete the user from the auth system
       //and ask them to sign up again
       try {
-        await FirebaseAdmin().auth().deleteUser(uid);
+        await firebaseDeleteUser(uid);
         throw new MonkeyError(
           404,
           "User not found in the database, but found in the auth system. We have deleted the ghost user from the auth system. Please sign up again.",
diff --git a/backend/src/utils/auth.ts b/backend/src/utils/auth.ts
index 697874485..84959ac33 100644
--- a/backend/src/utils/auth.ts
+++ b/backend/src/utils/auth.ts
@@ -59,6 +59,11 @@ export async function updateUserEmail(
   });
 }
 
+export async function deleteUser(uid: string): Promise<void> {
+  await FirebaseAdmin().auth().deleteUser(uid);
+  removeTokensFromCacheByUid(uid);
+}
+
 export function removeTokensFromCacheByUid(uid: string): void {
   for (const entry of tokenCache.entries()) {
     if (entry[1].uid === uid) {
diff --git a/frontend/src/ts/controllers/account-controller.ts b/frontend/src/ts/controllers/account-controller.ts
index 547e40d31..def059093 100644
--- a/frontend/src/ts/controllers/account-controller.ts
+++ b/frontend/src/ts/controllers/account-controller.ts
@@ -548,9 +548,8 @@ async function signUp(): Promise<void> {
 
   authListener();
 
-  let createdAuthUser;
   try {
-    createdAuthUser = await createUserWithEmailAndPassword(
+    const createdAuthUser = await createUserWithEmailAndPassword(
       Auth,
       email,
       password
@@ -590,20 +589,6 @@ async function signUp(): Promise<void> {
     }
     Notifications.add("Account created", 1);
   } catch (e) {
-    //make sure to do clean up here
-    if (createdAuthUser) {
-      try {
-        await Ape.users.delete();
-      } catch (e) {
-        // account might already be deleted
-      }
-      try {
-        await createdAuthUser.user.delete();
-      } catch (e) {
-        // account might already be deleted
-      }
-    }
-    console.log(e);
     const message = Misc.createErrorMessage(e, "Failed to create account");
     Notifications.add(message, -1);
     LoginPage.hidePreloader();
diff --git a/frontend/src/ts/popups/simple-popups.ts b/frontend/src/ts/popups/simple-popups.ts
index fcbb1723f..57e5cb8a9 100644
--- a/frontend/src/ts/popups/simple-popups.ts
+++ b/frontend/src/ts/popups/simple-popups.ts
@@ -880,34 +880,13 @@ list.deleteAccount = new SimplePopup(
       };
     }
 
-    Notifications.add("Deleting stats...", 0);
+    Notifications.add("Deleting all data...", 0);
     const usersResponse = await Ape.users.delete();
 
     if (usersResponse.status !== 200) {
       return {
         status: -1,
-        message: "Failed to delete user stats: " + usersResponse.message,
-      };
-    }
-
-    Notifications.add("Deleting results...", 0);
-    const resultsResponse = await Ape.results.deleteAll();
-
-    if (resultsResponse.status !== 200) {
-      return {
-        status: -1,
-        message: "Failed to delete results: " + resultsResponse.message,
-      };
-    }
-
-    Notifications.add("Deleting login information...", 0);
-    try {
-      await reauth.user.delete();
-    } catch (e) {
-      const message = createErrorMessage(e, "Failed to delete auth user");
-      return {
-        status: -1,
-        message,
+        message: "Failed to delete user data: " + usersResponse.message,
       };
     }