overleaf/services/web/app/src/Features/User/UserDeleter.js

const { callbackify } = require('util')
const logger = require('logger-sharelatex')
const moment = require('moment')
const { User } = require('../../models/User')
const { DeletedUser } = require('../../models/DeletedUser')
const NewsletterManager = require('../Newsletter/NewsletterManager')
const ProjectDeleter = require('../Project/ProjectDeleter')
const SubscriptionHandler = require('../Subscription/SubscriptionHandler')
const SubscriptionUpdater = require('../Subscription/SubscriptionUpdater')
const SubscriptionLocator = require('../Subscription/SubscriptionLocator')
const UserMembershipsHandler = require('../UserMembership/UserMembershipsHandler')
const UserSessionsManager = require('./UserSessionsManager')
const InstitutionsAPI = require('../Institutions/InstitutionsAPI')
const Errors = require('../Errors/Errors')

module.exports = {
  deleteUser: callbackify(deleteUser),
  expireDeletedUser: callbackify(expireDeletedUser),
  ensureCanDeleteUser: callbackify(ensureCanDeleteUser),
  expireDeletedUsersAfterDuration: callbackify(expireDeletedUsersAfterDuration),

  promises: {
    deleteUser: deleteUser,
    expireDeletedUser: expireDeletedUser,
    ensureCanDeleteUser: ensureCanDeleteUser,
    expireDeletedUsersAfterDuration: expireDeletedUsersAfterDuration
  }
}

async function deleteUser(userId, options = {}) {
  if (!userId) {
    logger.warn('user_id is null when trying to delete user')
    throw new Error('no user_id')
  }

  try {
    let user = await User.findById(userId).exec()
    logger.log({ user }, 'deleting user')

    await ensureCanDeleteUser(user)
    await _cleanupUser(user)
    await _createDeletedUser(user, options)
    await ProjectDeleter.promises.deleteUsersProjects(user._id)
    await User.deleteOne({ _id: userId }).exec()
  } catch (error) {
    logger.warn({ error, userId }, 'something went wrong deleting the user')
    throw error
  }
}

async function expireDeletedUser(userId) {
  let deletedUser = await DeletedUser.findOne({
    'deleterData.deletedUserId': userId
  }).exec()

  deletedUser.user = undefined
  deletedUser.deleterData.deleterIpAddress = undefined
  await deletedUser.save()
}

async function expireDeletedUsersAfterDuration() {
  const DURATION = 90
  let deletedUsers = await DeletedUser.find({
    'deleterData.deletedAt': {
      $lt: new Date(moment().subtract(DURATION, 'days'))
    },
    user: {
      $ne: null
    }
  }).exec()

  if (deletedUsers.length === 0) {
    return
  }

  for (let i = 0; i < deletedUsers.length; i++) {
    await expireDeletedUser(deletedUsers[i].deleterData.deletedUserId)
  }
}

async function ensureCanDeleteUser(user) {
  const subscription = await SubscriptionLocator.promises.getUsersSubscription(
    user
  )
  if (subscription) {
    throw new Errors.SubscriptionAdminDeletionError({})
  }
}

async function _createDeletedUser(user, options) {
  await DeletedUser.create({
    user: user,
    deleterData: {
      deletedAt: new Date(),
      deleterId: options.deleterUser ? options.deleterUser._id : undefined,
      deleterIpAddress: options.ipAddress,
      deletedUserId: user._id,
      deletedUserLastLoggedIn: user.lastLoggedIn,
      deletedUserSignUpDate: user.signUpDate,
      deletedUserLoginCount: user.loginCount,
      deletedUserReferralId: user.referal_id,
      deletedUserReferredUsers: user.refered_users,
      deletedUserReferredUserCount: user.refered_user_count,
      deletedUserOverleafId: user.overleaf ? user.overleaf.id : undefined
    }
  })
}

async function _cleanupUser(user) {
  await UserSessionsManager.promises.revokeAllUserSessions(user._id, [])
  await NewsletterManager.promises.unsubscribe(user, { delete: true })
  await SubscriptionHandler.promises.cancelSubscription(user)
  await InstitutionsAPI.promises.deleteAffiliations(user._id)
  await SubscriptionUpdater.promises.removeUserFromAllGroups(user._id)
  await UserMembershipsHandler.promises.removeUserFromAllEntities(user._id)
}