Mfancher/remove inactive users (#1022)

* Fixes and change model and migration for user to add column

* set last login whenever logins or password resets occur

* Remove Inactive accounts

This sets up a job that runs every 12 hours to delete user accounts that are over 180 days since last login

* clarify messaging

* Fix Messaging and Remove Admin email since workflow is no longer required

* rename function to clarify

Author: FancMa01

Tombolo/server/config/monitorings.js

@@ -12,12 +12,16 @@ const cluster_reachability_monitoring = {
   passwordExpiryAlertDaysForCluster: [10, 5, 4, 3, 2, 1],
 };
 
-// password expiry alert days for user, we send an email on each day, limited to 3 for now, need to be in descending order to function
+// password expiry alert days for user, we send an email on each day, limited to 3 for now, need to be in descending order to function properly
 const passwordExpiryAlertDaysForUser = [10, 3, 1];
 
+// account lock alert days for user, we send an email on eahc day, limited to 3 for now, need to be in descending order to function properly
+const accountDeleteAlertDaysForUser = [10, 3, 1];
+
 // Export
 module.exports = {
   ...jobMonitoringConfig,
   ...cluster_reachability_monitoring,
   passwordExpiryAlertDaysForUser,
+  accountDeleteAlertDaysForUser,
 };

Tombolo/server/controllers/authController.js

@@ -12,6 +12,7 @@ const {
   setTokenCookie,
   trimURL,
   setPasswordExpiry,
+  setLastLoginAndReturn,
   sendPasswordExpiredEmail,
   checkPasswordSecurityViolations,
   generateAndSetCSRFToken,
@@ -85,6 +86,7 @@ const createApplicationOwner = async (req, res) => {
     payload.hash = bcrypt.hashSync(req.body.password, salt);
     setPasswordExpiry(payload);
     setPreviousPasswords(payload);
+    setLastLoginAndReturn(payload);
 
     // Save user to DB
     const user = await User.create(payload);
@@ -171,6 +173,7 @@ const createBasicUser = async (req, res) => {
     payload.hash = bcrypt.hashSync(req.body.password, salt);
     setPasswordExpiry(payload);
     setPreviousPasswords(payload);
+    setLastLoginAndReturn(payload);
 
     // Save user to DB
     const user = await User.create(payload);
@@ -381,6 +384,7 @@ const resetPasswordWithToken = async (req, res) => {
     user.forcePasswordReset = false;
     setPasswordExpiry(user);
     setPreviousPasswords(user);
+    setLastLoginAndReturn(user);
 
     // Save user with updated details
     await User.update(
@@ -389,6 +393,7 @@ const resetPasswordWithToken = async (req, res) => {
         metaData: user.metaData,
         passwordExpiresAt: user.passwordExpiresAt,
         forcePasswordReset: user.forcePasswordReset,
+        lastLoginAt: user.lastLoginAt,
       },
       {
         where: { id: user.id },
@@ -511,6 +516,7 @@ const resetTempPassword = async (req, res) => {
     user.forcePasswordReset = false;
     setPasswordExpiry(user);
     setPreviousPasswords(user);
+    setLastLoginAndReturn(user);
 
     // Save user with updated details
     await User.update(
@@ -519,6 +525,7 @@ const resetTempPassword = async (req, res) => {
         metaData: user.metaData,
         passwordExpiresAt: user.passwordExpiresAt,
         forcePasswordReset: user.forcePasswordReset,
+        lastLoginAt: user.lastLoginAt,
       },
       {
         where: { id: user.id },

Tombolo/server/controllers/userController.js

@@ -437,6 +437,12 @@ const createUser = async (req, res) => {
           third: false,
           final: false,
         },
+        accountDeleteEmailSent: {
+          first: false,
+          second: false,
+          third: false,
+          final: false,
+        },
       },
     });
 

Tombolo/server/controllers/wizardController.js

@@ -204,6 +204,12 @@ const createUser = async (
           third: false,
           final: false,
         },
+        accountDeleteEmailSent: {
+          first: false,
+          second: false,
+          third: false,
+          final: false,
+        },
         previousPasswords: [hash],
       },
     },

Tombolo/server/jobSchedular/job-scheduler.js

@@ -60,6 +60,7 @@ const {
 const {
   removeUnverifiedUser,
   sendPasswordExpiryEmails,
+  sendAccountDeleteEmails,
 } = require("../jobSchedularMethods/userManagementJobs.js");
 
 class JobScheduler {
@@ -142,6 +143,7 @@ class JobScheduler {
       await this.checkClusterReachability();
       await removeUnverifiedUser.call(this);
       await sendPasswordExpiryEmails.call(this);
+      await sendAccountDeleteEmails.call(this);
       logger.info("-----------------------------");
       logger.info("Server is finished intializing, and is now running");
       logger.info("-----------------------------");

Tombolo/server/jobSchedularMethods/userManagementJobs.js

@@ -59,7 +59,36 @@ async function sendPasswordExpiryEmails() {
   }
 }
 
+async function sendAccountDeleteEmails() {
+  try {
+    let jobName = "account-delete-" + new Date().getTime();
+    this.bree.add({
+      name: jobName,
+      interval: "12h",
+      path: path.join(
+        __dirname,
+        "..",
+        "jobs",
+        "userManagement",
+        "accountDelete.js"
+      ),
+      worker: {
+        workerData: {
+          jobName: jobName,
+          WORKER_CREATED_AT: Date.now(),
+        },
+      },
+    });
+
+    this.bree.start(jobName);
+    logger.info("User management (account inactivity emails) initialized ...");
+  } catch (err) {
+    logger.error(err);
+  }
+}
+
 module.exports = {
   removeUnverifiedUser,
   sendPasswordExpiryEmails,
+  sendAccountDeleteEmails,
 };

Tombolo/server/jobs/userManagement/accountDelete.js

@@ -0,0 +1,218 @@
+// imports from node modules
+const { parentPort } = require("worker_threads");
+const { Op } = require("sequelize");
+const { v4: uuidv4 } = require("uuid");
+
+//Local Imports
+const models = require("../../models");
+const { trimURL, getSupportContactEmails } = require("../../utils/authUtil");
+const { trim } = require("lodash");
+
+// Constants
+const User = models.user;
+const UserRoles = models.UserRoles;
+const RoleTypes = models.RoleTypes;
+const NotificationQueue = models.notification_queue;
+const accountUnlockLink = `${trimURL(process.env.WEB_URL)}`;
+
+const accountDeleteAlertDaysForUser =
+  require("../../config/monitorings.js").accountDeleteAlertDaysForUser;
+
+const updateUserAndSendNotification = async (user, daysToExpiry, version) => {
+  const expiryDate = new Date(
+    Date.now() + 1000 * 60 * 60 * 24 * daysToExpiry
+  ).toDateString();
+
+  // Queue notification
+  await NotificationQueue.create({
+    type: "email",
+    templateName: "accountDeleteWarning",
+    notificationOrigin: "Account Delete Warning",
+    deliveryType: "immediate",
+    createdBy: "System",
+    updatedBy: "System",
+    metaData: {
+      notificationId: uuidv4(),
+      recipientName: `${user.dataValues.firstName}`,
+      notificationOrigin: "Account Delete Warning",
+      subject: "Account Deletion Warning",
+      mainRecipients: [user.dataValues.email],
+      notificationDescription: "Account Delete Warning",
+      daysToExpiry: daysToExpiry,
+      expiryDate: expiryDate,
+      accountUnlockLink: accountUnlockLink,
+    },
+  });
+
+  await user.update({
+    metaData: {
+      ...user.metaData,
+      accountDeleteEmailSent: {
+        ...user.metaData.accountDeleteEmailSent,
+        [version]: true,
+      },
+    },
+  });
+};
+
+(async () => {
+  try {
+    parentPort &&
+      parentPort.postMessage({
+        level: "info",
+        text: "Account Deletion Job started ...",
+      });
+
+    //get all relevant dates in easy to understand variables
+    const now = Date.now();
+    const deletionDate = now - 1000 * 60 * 60 * 24 * 180; // 180 days
+    const firstDeleteWarningDate =
+      deletionDate + 1000 * 60 * 60 * 24 * accountDeleteAlertDaysForUser[0]; // first accountDeleteAlertDaysForUser[0] days
+
+    //get all users where lastLoginAt is older than firstDeleteWarningDate
+    const users = await User.findAll({
+      where: {
+        lastLoginAt: {
+          [Op.lt]: firstDeleteWarningDate,
+        },
+      },
+      include: [
+        {
+          model: UserRoles,
+          attributes: ["id"],
+          as: "roles",
+          include: [
+            {
+              model: RoleTypes,
+              as: "role_details",
+              attributes: ["id", "roleName"],
+            },
+          ],
+        },
+      ],
+    });
+
+    //filter out admins and owners
+    const filteredUsers = users.filter((user) => {
+      return !user.roles.some((role) => {
+        return (
+          role?.role_details?.roleName === "administrator" ||
+          role?.role_details?.roleName === "owner"
+        );
+      });
+    });
+
+    for (const user of filteredUsers) {
+      //pull out the internal user object for easier use below
+      let userInternal = user.dataValues;
+      const lastLoginAt = userInternal.lastLoginAt;
+      const daysToExpiry =
+        Math.floor((lastLoginAt - deletionDate) / (1000 * 60 * 60 * 24)) + 1;
+
+      if (
+        daysToExpiry <= accountDeleteAlertDaysForUser[0] &&
+        daysToExpiry > accountDeleteAlertDaysForUser[1] &&
+        !userInternal.metaData?.accountDeleteEmailSent?.first
+      ) {
+        parentPort &&
+          parentPort.postMessage({
+            level: "verbose",
+            text:
+              "User with email " +
+              userInternal.email +
+              " is within " +
+              daysToExpiry +
+              " days of account deletion due to inactivity.",
+          });
+
+        let version = "first";
+        await updateUserAndSendNotification(user, daysToExpiry, version);
+      }
+
+      if (
+        daysToExpiry <= accountDeleteAlertDaysForUser[1] &&
+        daysToExpiry > accountDeleteAlertDaysForUser[2] &&
+        !userInternal.metaData?.accountDeleteEmailSent?.second
+      ) {
+        parentPort &&
+          parentPort.postMessage({
+            level: "verbose",
+            text:
+              "User with email " +
+              userInternal.email +
+              " is within " +
+              daysToExpiry +
+              " days of account deletion due to inactivity.",
+          });
+        let version = "second";
+        await updateUserAndSendNotification(user, daysToExpiry, version);
+      }
+      if (
+        daysToExpiry <= accountDeleteAlertDaysForUser[2] &&
+        daysToExpiry > 0 &&
+        !userInternal.metaData?.accountDeleteEmailSent?.third
+      ) {
+        parentPort &&
+          parentPort.postMessage({
+            level: "verbose",
+            text:
+              "User with email " +
+              userInternal.email +
+              " is within " +
+              daysToExpiry +
+              " days of account deletion due to inactivity",
+          });
+
+        let version = "third";
+        await updateUserAndSendNotification(user, daysToExpiry, version);
+      }
+
+      if (
+        daysToExpiry <= 0 &&
+        !userInternal.metaData?.accountDeleteEmailSent?.final
+      ) {
+        parentPort &&
+          parentPort.postMessage({
+            level: "verbose",
+            text:
+              "User with email " +
+              userInternal.email +
+              " has been removed due to inactivity.",
+          });
+
+        const accountUnlockLink = `${trimURL(process.env.WEB_URL)}/register`;
+        // Queue notification
+        await NotificationQueue.create({
+          type: "email",
+          templateName: "accountDeleted",
+          notificationOrigin: "Account Deleted",
+          deliveryType: "immediate",
+          createdBy: "System",
+          updatedBy: "System",
+          metaData: {
+            notificationId: uuidv4(),
+            recipientName: `${userInternal.firstName}`,
+            notificationOrigin: "Account Deleted",
+            subject: "Account Deleted",
+            mainRecipients: [userInternal.email],
+            notificationDescription: "Account Deleted",
+            accountUnlockLink: accountUnlockLink,
+          },
+        });
+
+        // delete user account
+        // TODO -- Move user to archive table
+        await user.destroy();
+      }
+    }
+
+    parentPort &&
+      parentPort.postMessage({
+        level: "info",
+        text: "Account lock check job completed ...",
+      });
+  } catch (error) {
+    parentPort &&
+      parentPort.postMessage({ level: "error", text: error.message });
+  }
+})();

Tombolo/server/jobs/userManagement/passwordExpiry.js

@@ -5,14 +5,14 @@ const { v4: uuidv4 } = require("uuid");
 
 //Local Imports
 const models = require("../../models");
-const logger = require("../../config/logger");
 const { trimURL, getSupportContactEmails } = require("../../utils/authUtil");
 
 // Constants
 const user = models.user;
 const NotificationQueue = models.notification_queue;
 const passwordResetLink = `${trimURL(process.env.WEB_URL)}/myaccount`;
-const passwordExpiryAlertDaysForUser = require("../../config/monitorings.js").passwordExpiryAlertDaysForUser;
+const passwordExpiryAlertDaysForUser =
+  require("../../config/monitorings.js").passwordExpiryAlertDaysForUser;
 
 const updateUserAndSendNotification = async (user, daysToExpiry, version) => {
   // Queue notification