Mfancher/archive users (#1025)

* Fixes and change model and migration for user to add column

* set last login whenever logins or password resets occur

* Remove Inactive accounts

This sets up a job that runs every 12 hours to delete user accounts that are over 180 days since last login

* clarify messaging

* Fix Messaging and Remove Admin email since workflow is no longer required

* rename function to clarify

* Create user archive table

Created user archive table with all of the same columns of User, without Hash, adding in removed By and removed At. This table will be used to hold deleted users

* Update user_archive.js

* remove user method created and introduced

* remove unique email constraint on archive

* Finish archive user

* used delete user util function to clean up unverified user'

---------

Co-authored-by: yadhap Dahal <yadhap.dahal@lexisnexisrisk.com>

Author: FancMa01

Tombolo/client-reactjs/src/components/admin/userManagement/ActionButton.jsx

@@ -44,7 +44,7 @@ const UserManagementActionButton = ({
           </Menu.Item>
           <Menu.Item key="3" disabled={selectedRows.length < 2}>
             <Popconfirm
-              title={`Are you sure you want to delete  selected ${selectedRows.length} users?. `}
+              title={`Are you sure you want to delete  selected ${selectedRows.length} users? `}
               okButtonProps={{ type: 'primary', danger: true }}
               okText="Delete"
               onConfirm={deleteSelected}>

Tombolo/server/controllers/authController.js

@@ -575,8 +575,7 @@ const resetTempPassword = async (req, res) => {
     await generateAndSetCSRFToken(req, res, accessToken);
 
     //set last login
-
-    await setLastLogin(newUser);
+    await setLastLogin(user);
 
     // User data obj to send to the client
     const userObj = {
@@ -1129,7 +1128,6 @@ const requestAccess = async (req, res) => {
 
 // Resend verification code - user provides email
 const resendVerificationCode = async (req, res) => {
-  t;
   try {
     const { email } = req.body;
 

Tombolo/server/controllers/userController.js

@@ -14,6 +14,7 @@ const {
   checkPasswordSecurityViolations,
   setPreviousPasswords,
   generatePassword,
+  deleteUser: deleteUserUtil,
 } = require("../utils/authUtil");
 
 // Constants
@@ -29,11 +30,11 @@ const deleteUser = async (req, res) => {
   try {
     const { id } = req.params;
 
-    const deletedCount = await User.destroy({ where: { id } });
+    const deleted = await deleteUserUtil(id, "Admin Removal");
 
     // If deleted count is 0, user not found
-    if (deletedCount === 0) {
-      throw { status: 404, message: "User not found" };
+    if (!deleted) {
+      throw { status: 404, message: "Error Removing User." };
     }
 
     // User successfully deleted
@@ -225,14 +226,32 @@ const changePassword = async (req, res) => {
 const bulkDeleteUsers = async (req, res) => {
   try {
     const { ids } = req.body;
-    const deletedCount = await User.destroy({ where: { id: ids } });
 
-    // If deleted count is 0, user not found
-    if (deletedCount === 0) {
-      throw { status: 404, message: "Users not found" };
+    let deletedCount = 0;
+    let idsCount = ids.length;
+    // Loop through each user and delete
+    for (let id of ids) {
+      const deleted = await deleteUserUtil(id, "Admin Removal");
+      if (deleted) {
+        deletedCount++;
+      }
     }
+
+    if (deletedCount !== idsCount) {
+      res.status(207).json({
+        success: false,
+        message: "Some users could not be deleted",
+        data: { deletedCount, idsCount },
+      });
+    }
+
+    res.status(200).json({
+      success: true,
+      message: "Users deleted successfully",
+      data: { deletedCount },
+    });
   } catch (err) {
-    logger.error(`Update user applications: ${err.message}`);
+    logger.error(`Bulk Delete Users: ${err.message}`);
     res
       .status(err.status || 500)
       .json({ success: false, message: err.message });

Tombolo/server/jobs/userManagement/accountDelete.js

@@ -5,8 +5,7 @@ const { v4: uuidv4 } = require("uuid");
 
 //Local Imports
 const models = require("../../models");
-const { trimURL, getSupportContactEmails } = require("../../utils/authUtil");
-const { trim } = require("lodash");
+const { trimURL, deleteUser } = require("../../utils/authUtil");
 
 // Constants
 const User = models.user;
@@ -201,15 +200,24 @@ const updateUserAndSendNotification = async (user, daysToExpiry, version) => {
         });
 
         // delete user account
-        // TODO -- Move user to archive table
-        await user.destroy();
+        const deleted = await deleteUser(userInternal.id, "Inactivity");
+        if (!deleted) {
+          parentPort &&
+            parentPort.postMessage({
+              level: "error",
+              text:
+                "Failed to delete userwith email " +
+                userInternal.email +
+                ", due to inactivity.",
+            });
+        }
       }
     }
 
     parentPort &&
       parentPort.postMessage({
         level: "info",
-        text: "Account lock check job completed ...",
+        text: "Account Delete check job completed ...",
       });
   } catch (error) {
     parentPort &&

Tombolo/server/jobs/userManagement/removeUnverifiedUsers.js

@@ -1,6 +1,7 @@
 // imports
 const { parentPort } = require("worker_threads");
 const { Op } = require("sequelize");
+const { deleteUser } = require("../../utils/authUtil");
 
 
 //Local Imports
@@ -27,7 +28,7 @@ const { user} = models;
     parentPort && parentPort.postMessage({level: "info", text : `Number of unverified users to be removed: ${unverifiedUsers.length}`});
 
     for (const user of unverifiedUsers) {
-      await user.destroy();
+      await deleteUser(user.id, "unverified user deleted by system");
     }
 
     parentPort && parentPort.postMessage({level: "info", text : "Job to remove unverified user completed ..."});

Tombolo/server/utils/authUtil.js

@@ -13,6 +13,7 @@ const bcrypt = require("bcryptjs");
 const User = model.user;
 const UserRoles = model.UserRoles;
 const RoleTypes = model.RoleTypes;
+const userArchive = model.userArchive;
 const user_application = model.user_application;
 const Application = model.application;
 const InstanceSettings = model.instance_settings;
@@ -408,6 +409,50 @@ const setLastLogin = async (user) => {
   return;
 };
 
+const deleteUser = async (id, reason) => {
+  try {
+    if (!reason || reason === "") {
+      throw new Error("Reason for deletion is required");
+    }
+
+    //get user
+    const user = await User.findByPk(id);
+
+    if (!user) {
+      throw new Error("User not found");
+    }
+
+    const removedAt = Date.now();
+    const removedBy = reason;
+
+    //remove hash from user
+    user.dataValues.hash = null;
+
+    const archivedUser = await userArchive.create({
+      ...user.dataValues,
+      removedAt,
+      removedBy,
+    });
+
+    if (!archivedUser) {
+      throw new Error("Failed to archive user");
+    }
+
+    //hard delete without paranoid
+    await User.destroy({
+      where: {
+        id: id,
+      },
+      force: true,
+    });
+
+    return true;
+  } catch (e) {
+    logger.error("Error while deleting user:" + e);
+    return false;
+  }
+};
+
 //Exports
 module.exports = {
   generateAccessToken,
@@ -427,4 +472,5 @@ module.exports = {
   generatePassword,
   setLastLogin,
   setLastLoginAndReturn,
+  deleteUser,
 };