SUSI.AI has an api to handle all account related services called accounts.susi.ai. This API provides services like change password and delete account. the main goal of accounts.susi.ai is to centralise the accounts’ related settings from web, android and iOS clients into a single place like other accounting services. In this post we will discuss one of these features which is the delete user account from SUSI.AI.
The api accounts.susi.ai has a react file DeleteAccount.react.js. This file handle the delete account service and interacts with the LoginServce.java api, which is the core file for authentication. I will discuss in details how these two interact with each other and with other files.
When a user selects the option to delete account this file first check whether the user is loggedIn or not. From the code below we can see that after that it makes a call to the account-permissions api to get the permissions of the users and verifies if the current user has the minimum user role to delete an account.
If the user is not logged in or don’t have the minimal user role it sends error ‘Not logged In!’
Once the permissions are verified the user is again requested to enter their password to confirm once again if they really want to delete their account also to verify the users as a security check.
The above code is responsible for sending a password confirmation request to the server to confirm the password entered by the user. If the password is encorrect it will throw an error of not logged In.
If the user is successfully verified by the server the actual process of deletion starts. First of all the cookies of the users are expired with the help of the following code
We can see here that the expiry date of cookie is set to Thu, 01 Jan 1970 00:00:01 GMT which is a long time back and hence implies that lifetime of these cookies are over and its time for the cookies to expire.
Once the cookies are deleted, a request to server is send to delete the account of the user along with verifying the user id (email) and password of the user. The api request is an ajax request send by the following code:
The request is send to the server and after the process is executed on the server side, the server sends the response object with the information whether the deletion is successful or not. This is checked by our ajax request and displays the message of Account deletion successful or failed.
The request send to the server from the above ajax request to delete the user account is handled by the LoginService.java file.
The following snippet of code is responsible for both logout and delete account calls made to the server.
The boolean variable logout and delete are set to true if respective call is made and are by default false otherwise.
Once the value of either of them is set to true two functions are executed post.getRequest().getSession().invalidate(); and deleteLoginCookie(response); The former function, as the name suggests Invalidate the currect session of the user and the latter function delete the cookies, if applicable.
If the call is a delete account call and value of delete is true the following DAO code is executed.
The DAO methods hasAuthentication and hasAuthorization verified the credentials of the user and return a bool value. In the value is true DAO.deleteAuthorization and deleteAuthentication are executed which finally delete the data and credientials of the given user identity. After successful account deletion a new json file is created with an accepted value and response message. This json response is finally send to respective client as a confirmation message and also to delete their cookies and logging then out of the system.
- Ajax request – https://www.w3schools.com/xml/ajax_xmlhttprequest_send.asp
- DeleteAccount.react.js – https://github.com/fossasia/accounts.susi.ai/blob/master/src/components/Auth/DeleteAccount/DeleteAccount.react.js
- LoginService.java – https://github.com/fossasia/susi_server/blob/fda809b43f0c77699dbc6e9d8153d0395252ee44/src/ai/susi/server/api/aaa/LoginService.java