fix(api): delete exam auth tokens with user (#58284)

2026-03-26 17:02:27 -04:00 · 2025-01-24 15:20:31 +01:00
parent 3c236df7f6
commit 5deea90fa3
4 changed files with 33 additions and 16 deletions
--- a/api/mocks/env-exam.ts
+++ b/api/mocks/env-exam.ts
@@ -379,3 +379,9 @@ export async function seedEnvExamAttempt() {
    data: examAttempt
  });
 }
+
+export async function seedExamEnvExamAuthToken() {
+  return fastifyTestInstance.prisma.examEnvironmentAuthorizationToken.create({
+    data: { userId: defaultUserId, expireAt: new Date(Date.now() + 60000) }
+  });
+}
--- a/api/prisma/schema.prisma
+++ b/api/prisma/schema.prisma
@@ -382,7 +382,7 @@ model ExamEnvironmentAuthorizationToken {
  userId   String   @unique @db.ObjectId

  // Relations
-  user user @relation(fields: [userId], references: [id])
+  user user @relation(fields: [userId], references: [id], onDelete: Cascade)
 }

 model sessions {
--- a/api/src/routes/protected/user.test.ts
+++ b/api/src/routes/protected/user.test.ts
@@ -19,7 +19,8 @@ import { JWT_SECRET } from '../../utils/env';
 import {
  clearEnvExam,
  seedEnvExam,
-  seedEnvExamAttempt
+  seedEnvExamAttempt,
+  seedExamEnvExamAuthToken
 } from '../../../__mocks__/env-exam';
 import { getMsTranscriptApiUrl } from './user';

@@ -349,10 +350,6 @@ describe('userRoutes', () => {
    });

    describe('/account/delete', () => {
-      beforeEach(async () => {
-        await seedEnvExam();
-        await seedEnvExamAttempt();
-      });
      afterEach(async () => {
        await fastifyTestInstance.prisma.userToken.deleteMany({
          where: { OR: [{ userId: defaultUserId }, { userId: otherUserId }] }
@@ -418,15 +415,32 @@ describe('userRoutes', () => {
      });

      test("POST deletes all the user's exam attempts", async () => {
-        const examAttempts =
-          await fastifyTestInstance.prisma.envExamAttempt.findMany();
-        expect(examAttempts).toHaveLength(1);
+        await seedEnvExam();
+        await seedEnvExamAttempt();
+        const countBefore =
+          await fastifyTestInstance.prisma.envExamAttempt.count();
+        expect(countBefore).toBe(1);

-        await superPost('/account/delete');
+        const res = await superPost('/account/delete');

-        const examAttemptsAfter =
-          await fastifyTestInstance.prisma.envExamAttempt.findMany();
-        expect(examAttemptsAfter).toHaveLength(0);
+        const countAfter =
+          await fastifyTestInstance.prisma.envExamAttempt.count();
+        expect(countAfter).toBe(0);
+        expect(res.status).toBe(200);
+      });
+
+      test("POST deletes all the user's exam tokens", async () => {
+        await seedExamEnvExamAuthToken();
+        const countBefore =
+          await fastifyTestInstance.prisma.examEnvironmentAuthorizationToken.count();
+        expect(countBefore).toBe(1);
+
+        const res = await superPost('/account/delete');
+
+        const countAfter =
+          await fastifyTestInstance.prisma.examEnvironmentAuthorizationToken.count();
+        expect(countAfter).toBe(0);
+        expect(res.status).toBe(200);
      });
    });

--- a/api/src/routes/protected/user.ts
+++ b/api/src/routes/protected/user.ts
@@ -76,9 +76,6 @@ export const userRoutes: FastifyPluginCallbackTypebox = (
      await fastify.prisma.user.delete({
        where: { id: req.user!.id }
      });
-      await fastify.prisma.examEnvironmentAuthorizationToken.deleteMany({
-        where: { userId: req.user!.id }
-      });
      reply.clearOurCookies();

      return {};