From 5deea90fa3a5cab8f8dd968241d13c53406bcf40 Mon Sep 17 00:00:00 2001 From: Oliver Eyton-Williams Date: Fri, 24 Jan 2025 15:20:31 +0100 Subject: [PATCH] fix(api): delete exam auth tokens with user (#58284) --- api/__mocks__/env-exam.ts | 6 +++++ api/prisma/schema.prisma | 2 +- api/src/routes/protected/user.test.ts | 38 ++++++++++++++++++--------- api/src/routes/protected/user.ts | 3 --- 4 files changed, 33 insertions(+), 16 deletions(-) diff --git a/api/__mocks__/env-exam.ts b/api/__mocks__/env-exam.ts index e56d7b05122..b30c24b0fbd 100644 --- a/api/__mocks__/env-exam.ts +++ b/api/__mocks__/env-exam.ts @@ -379,3 +379,9 @@ export async function seedEnvExamAttempt() { data: examAttempt }); } + +export async function seedExamEnvExamAuthToken() { + return fastifyTestInstance.prisma.examEnvironmentAuthorizationToken.create({ + data: { userId: defaultUserId, expireAt: new Date(Date.now() + 60000) } + }); +} diff --git a/api/prisma/schema.prisma b/api/prisma/schema.prisma index f606d142de5..79800993ecc 100644 --- a/api/prisma/schema.prisma +++ b/api/prisma/schema.prisma @@ -382,7 +382,7 @@ model ExamEnvironmentAuthorizationToken { userId String @unique @db.ObjectId // Relations - user user @relation(fields: [userId], references: [id]) + user user @relation(fields: [userId], references: [id], onDelete: Cascade) } model sessions { diff --git a/api/src/routes/protected/user.test.ts b/api/src/routes/protected/user.test.ts index e8f068ae65d..02ba3bf62f3 100644 --- a/api/src/routes/protected/user.test.ts +++ b/api/src/routes/protected/user.test.ts @@ -19,7 +19,8 @@ import { JWT_SECRET } from '../../utils/env'; import { clearEnvExam, seedEnvExam, - seedEnvExamAttempt + seedEnvExamAttempt, + seedExamEnvExamAuthToken } from '../../../__mocks__/env-exam'; import { getMsTranscriptApiUrl } from './user'; @@ -349,10 +350,6 @@ describe('userRoutes', () => { }); describe('/account/delete', () => { - beforeEach(async () => { - await seedEnvExam(); - await seedEnvExamAttempt(); - }); afterEach(async () => { await fastifyTestInstance.prisma.userToken.deleteMany({ where: { OR: [{ userId: defaultUserId }, { userId: otherUserId }] } @@ -418,15 +415,32 @@ describe('userRoutes', () => { }); test("POST deletes all the user's exam attempts", async () => { - const examAttempts = - await fastifyTestInstance.prisma.envExamAttempt.findMany(); - expect(examAttempts).toHaveLength(1); + await seedEnvExam(); + await seedEnvExamAttempt(); + const countBefore = + await fastifyTestInstance.prisma.envExamAttempt.count(); + expect(countBefore).toBe(1); - await superPost('/account/delete'); + const res = await superPost('/account/delete'); - const examAttemptsAfter = - await fastifyTestInstance.prisma.envExamAttempt.findMany(); - expect(examAttemptsAfter).toHaveLength(0); + const countAfter = + await fastifyTestInstance.prisma.envExamAttempt.count(); + expect(countAfter).toBe(0); + expect(res.status).toBe(200); + }); + + test("POST deletes all the user's exam tokens", async () => { + await seedExamEnvExamAuthToken(); + const countBefore = + await fastifyTestInstance.prisma.examEnvironmentAuthorizationToken.count(); + expect(countBefore).toBe(1); + + const res = await superPost('/account/delete'); + + const countAfter = + await fastifyTestInstance.prisma.examEnvironmentAuthorizationToken.count(); + expect(countAfter).toBe(0); + expect(res.status).toBe(200); }); }); diff --git a/api/src/routes/protected/user.ts b/api/src/routes/protected/user.ts index adb063d97eb..6741c320369 100644 --- a/api/src/routes/protected/user.ts +++ b/api/src/routes/protected/user.ts @@ -76,9 +76,6 @@ export const userRoutes: FastifyPluginCallbackTypebox = ( await fastify.prisma.user.delete({ where: { id: req.user!.id } }); - await fastify.prisma.examEnvironmentAuthorizationToken.deleteMany({ - where: { userId: req.user!.id } - }); reply.clearOurCookies(); return {};