RD: send mail notification when user delete his account (#634)

--------- Co-authored-by: Douglas DUTEIL <[email protected]>
numerique-gouv · Jul 30, 2024 · 6e4d30a · 6e4d30a
1 parent 8fb4432
commit 6e4d30a
Show file tree

Hide file tree

Showing 8 changed files with 110 additions and 1 deletion.
diff --git a/.github/workflows/end-to-end.yml b/.github/workflows/end-to-end.yml
@@ -63,6 +63,7 @@ jobs:
           - signin_with_totp
           - reauthenticate_on_admin_page
           - check_email_deliverability
+          - delete_account
     runs-on: ubuntu-22.04
     services:
       moncomptepro-standard-client:

diff --git a/cypress/e2e/delete_account.cy.js b/cypress/e2e/delete_account.cy.js
@@ -0,0 +1,48 @@
+//
+
+describe("delete account", () => {
+  before(() => {
+    cy.mailslurp().then((mailslurp) =>
+      mailslurp.inboxController.deleteAllInboxEmails({
+        inboxId: "4cec922b-ecbe-4a46-8511-fc9478c1efd0",
+      }),
+    );
+  });
+
+  it("should delete account", function () {
+    // Visit the signup page
+    cy.visit(`/users/start-sign-in`);
+
+    cy.get('[name="login"]').type(
+      "[email protected]",
+    );
+    cy.get('[type="submit"]').click();
+
+    cy.get('[name="password"]').type("password123");
+    cy.get('[action="/users/sign-in"]  [type="submit"]')
+      .contains("S’identifier")
+      .click();
+
+    cy.contains("Connexion et compte").click();
+
+    cy.contains("Suppression");
+
+    cy.contains("Supprimer mon compte").click();
+
+    cy.contains("Votre compte a bien été supprimé.");
+
+    cy.mailslurp()
+      // use inbox id and a timeout of 30 seconds
+      .then((mailslurp) =>
+        mailslurp.waitForLatestEmail(
+          "4cec922b-ecbe-4a46-8511-fc9478c1efd0",
+          60000,
+          true,
+        ),
+      )
+      // check subject of deletion email
+      .then((email) => {
+        expect(email.subject).to.include("Suppression de compte");
+      });
+  });
+});
diff --git a/cypress/env/delete_account.conf b/cypress/env/delete_account.conf
diff --git a/cypress/fixtures/delete_account.sql b/cypress/fixtures/delete_account.sql
@@ -0,0 +1,15 @@
+INSERT INTO users
+  (id, email, email_verified, email_verified_at, encrypted_password, created_at, updated_at, given_name, family_name,
+   phone_number, job)
+VALUES
+  (1, '[email protected]', true, CURRENT_TIMESTAMP, '$2a$10$kzY3LINL6..50Fy9shWCcuNlRfYq0ft5lS.KCcJ5PzrhlWfKK4NIO', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, 'Rebibi', 'Dumama', '0123456789', 'Sbirette');
+
+INSERT INTO organizations
+  (id, siret, verified_email_domains, authorized_email_domains, created_at, updated_at)
+VALUES
+  (1, '21340126800130', '{}', '{}', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP);
+
+INSERT INTO users_organizations
+  (user_id, organization_id, is_external, verification_type, authentication_by_peers_type, has_been_greeted)
+VALUES
+  (1, 1, false, 'verified_email_domain', 'all_members_notified', true);
diff --git a/src/connectors/brevo.ts b/src/connectors/brevo.ts
@@ -17,7 +17,8 @@ type LocalTemplateSlug =
   | "organization-welcome"
   | "unable-to-auto-join-organization"
   | "welcome"
-  | "moderation-processed";
+  | "moderation-processed"
+  | "delete-account";
 
 // active templates id are listed at https://app-smtp.brevo.com/templates
 const remoteTemplateSlugToBrevoTemplateId: {
@@ -35,6 +36,7 @@ const localTemplateSlugs: LocalTemplateSlug[] = [
   "unable-to-auto-join-organization",
   "welcome",
   "moderation-processed",
+  "delete-account",
 ];
 const defaultBrevoTemplateId = 7;
 

diff --git a/src/controllers/user/delete.ts b/src/controllers/user/delete.ts
@@ -5,6 +5,8 @@ import {
 } from "../../managers/session/authenticated";
 import { deleteUser } from "../../repositories/user";
 import { logger } from "../../services/log";
+import { sendMail } from "../../connectors/brevo";
+import { sendDeleteUserEmail } from "../../managers/user";
 
 export const postDeleteUserController = async (
   req: Request,
@@ -14,8 +16,11 @@ export const postDeleteUserController = async (
   try {
     const { id, email } = getUserFromAuthenticatedSession(req);
 
+    await sendDeleteUserEmail({ user_id: id });
+
     await deleteUser(id);
     logger.info(`user ${email} successfully deleted`);
+
     await destroyAuthenticatedSession(req);
 
     return res.redirect(

diff --git a/src/managers/user.ts b/src/managers/user.ts
@@ -26,6 +26,7 @@ import {
   findByEmail,
   findByMagicLinkToken,
   findByResetPasswordToken,
+  findById,
   update,
 } from "../repositories/user";
 import { getDidYouMeanSuggestion } from "../services/did-you-mean";
@@ -185,6 +186,21 @@ export const sendEmailAddressVerificationEmail = async ({
   return true;
 };
 
+export const sendDeleteUserEmail = async ({ user_id }: { user_id: number }) => {
+  const user = await findById(user_id);
+  if (isEmpty(user)) {
+    throw new UserNotFoundError();
+  }
+  const { given_name, family_name, email } = user;
+
+  return sendMail({
+    to: [email],
+    subject: "Suppression de compte",
+    template: "delete-account",
+    params: { given_name, family_name },
+  });
+};
+
 export const verifyEmail = async (
   email: string,
   token: string,

diff --git a/src/views/mails/delete-account.ejs b/src/views/mails/delete-account.ejs
@@ -0,0 +1,22 @@
+Bonjour <%= given_name %> <%= family_name %>,<br /><br />
+Nous vous confirmons que votre demande de suppression de compte a bien été prise
+en compte. Toutes vos données personnelles associées à ce compte ont été
+supprimées de notre système.
+<br /><br />
+<strong>
+  <a
+    href="mailto:[email protected]?subject=Erreur%20-%20Mon%20organisation"
+    style="text-decoration: underline; color: rgb(0, 0, 145)"
+  >
+    <u>
+      Si vous avez des questions ou des préoccupations, n'hésitez pas à nous
+      contacter.
+    </u>
+  </a>
+</strong>
+<br /><br />
+Merci d'avoir utilisé MonComptePro.
+<br /><br />
+Cordialement,
+<br /><br />
+L’équipe MonComptePro