feat(api): send notification email for route DELETE /api/users/me

lego-technix · lego-technix · commit 11a297dc57cb · 2024-12-05T13:49:51.000+01:00
diff --git a/api/src/identity-access-management/application/user/user.controller.js b/api/src/identity-access-management/application/user/user.controller.js
@@ -203,10 +203,11 @@ const rememberUserHasSeenLastDataProtectionPolicyInformation = async function (
   return dependencies.userSerializer.serialize(updatedUser);
 };
 
-const selfDeleteUserAccount = async function (request, h) {
+const selfDeleteUserAccount = async function (request, h, dependencies = { requestResponseUtils }) {
   const authenticatedUserId = request.auth.credentials.userId;
+  const localeFromHeader = dependencies.requestResponseUtils.extractLocaleFromRequest(request);
 
-  await usecases.selfDeleteUserAccount({ userId: authenticatedUserId });
+  await usecases.selfDeleteUserAccount({ userId: authenticatedUserId, localeFromHeader });
 
   return h.response().code(204);
 };
diff --git a/api/src/identity-access-management/domain/usecases/self-delete-user-account.usecase.js b/api/src/identity-access-management/domain/usecases/self-delete-user-account.usecase.js
@@ -1,4 +1,5 @@
 import { ForbiddenAccess } from '../../../shared/domain/errors.js';
+import { createSelfDeleteUserAccountEmail } from '../emails/create-self-delete-user-account.email.js';
 
 /**
  * @typedef {import('../../infrastructure/repositories/privacy-users-api.repository.js')} PrivacyUsersApiRepository
@@ -10,15 +11,33 @@ import { ForbiddenAccess } from '../../../shared/domain/errors.js';
  * @param{PrivacyUsersApiRepository} privacyUsersApiRepository
  * @returns {Promise<boolean>}
  */
-export const selfDeleteUserAccount = async function ({ userId, privacyUsersApiRepository }) {
+export const selfDeleteUserAccount = async function ({
+  userId,
+  localeFromHeader,
+  userRepository,
+  privacyUsersApiRepository,
+  emailRepository,
+}) {
   const canSelfDeleteAccount = await privacyUsersApiRepository.canSelfDeleteAccount({ userId });
 
   if (!canSelfDeleteAccount) {
     throw new ForbiddenAccess();
   }
 
+  const user = await userRepository.get(userId);
+
   const anonymizedByUserId = userId;
   const anonymizedByUserRole = 'USER';
   const client = 'PIX_APP';
   await privacyUsersApiRepository.anonymizeUser({ userId, anonymizedByUserId, anonymizedByUserRole, client });
+
+  if (user.email) {
+    await emailRepository.sendEmailAsync(
+      createSelfDeleteUserAccountEmail({
+        locale: localeFromHeader,
+        email: user.email,
+        firstName: user.firstName,
+      }),
+    );
+  }
 };
diff --git a/api/tests/identity-access-management/integration/domain/usecases/self-delete-user-account.usecase.test.js b/api/tests/identity-access-management/integration/domain/usecases/self-delete-user-account.usecase.test.js
@@ -5,15 +5,34 @@ import { databaseBuilder, expect, sinon } from '../../../../test-helper.js';
 
 describe('Integration | Identity Access Management | Domain | UseCase | self-delete-user-account', function () {
   context('when user can self delete their account', function () {
-    it('doesn’t throw ForbiddenError', async function () {
-      // given
-      const userId = databaseBuilder.factory.buildUser().id;
-      await databaseBuilder.commit();
+    context('when user has an email', function () {
+      it('doesn’t throw ForbiddenError and creates a SendEmailJob', async function () {
+        // given
+        const userId = databaseBuilder.factory.buildUser().id;
+        await databaseBuilder.commit();
 
-      sinon.stub(config.featureToggles, 'isSelfAccountDeletionEnabled').value(true);
+        sinon.stub(config.featureToggles, 'isSelfAccountDeletionEnabled').value(true);
 
-      // when & then
-      await expect(usecases.selfDeleteUserAccount({ userId })).to.not.be.rejectedWith(ForbiddenAccess);
+        // when & then
+        await expect(usecases.selfDeleteUserAccount({ userId })).to.not.be.rejectedWith(ForbiddenAccess);
+
+        await expect('SendEmailJob').to.have.been.performed.withJobsCount(1);
+      });
+    });
+
+    context('when user doesn’t have an email', function () {
+      it('doesn’t throw ForbiddenError and doesn’t create a SendEmailJob', async function () {
+        // given
+        const userId = databaseBuilder.factory.buildUser.withoutPixAuthenticationMethod().id;
+        await databaseBuilder.commit();
+
+        sinon.stub(config.featureToggles, 'isSelfAccountDeletionEnabled').value(true);
+
+        // when & then
+        await expect(usecases.selfDeleteUserAccount({ userId })).to.not.be.rejectedWith(ForbiddenAccess);
+
+        await expect('SendEmailJob').to.have.been.performed.withJobsCount(0);
+      });
     });
   });
 
