fix: user could not delete their own account

* This was due to a the `DELETE /auth/me/` should be `DELETE /auth/me`. This worked in dev, but not in APIG. * When failing it also still logged the user out making this a bit confusing as it appeared to delete the user. Now the user is only logged out if that API request suceeds.
activescott · Mar 4, 2021 · 7fb76e1 · 7fb76e1
1 parent d27729b
commit 7fb76e1
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/client/src/components/auth/UserProvider.tsx b/client/src/components/auth/UserProvider.tsx
@@ -115,7 +115,7 @@ export const UserProvider = (props: Props): JSX.Element => {
         },
         deleteUser: async (): Promise<void> => {
           const response = await fetchWithCsrf(
-            `${process.env.PUBLIC_URL}/auth/me/`,
+            `${process.env.PUBLIC_URL}/auth/me`,
             {
               method: "DELETE",
             }
@@ -127,8 +127,9 @@ export const UserProvider = (props: Props): JSX.Element => {
               response.status,
               response.statusText
             )
+          } else {
+            DefaultUserContext.logout()
           }
-          DefaultUserContext.logout()
         },
       }}
     >

diff --git a/client/src/lib/useApiHooks.ts b/client/src/lib/useApiHooks.ts
@@ -194,6 +194,11 @@ const useCsrfToken = (requestRealToken = true): Promise<string> => {
       }
     }
     getToken()
-  }, [tokenState.rejectToken, tokenState.resolveToken, requestRealToken])
+  }, [
+    tokenState,
+    tokenState.rejectToken,
+    tokenState.resolveToken,
+    requestRealToken,
+  ])
   return tokenState.promisedToken
 }
diff --git a/server/src/shared/lambda/oauth/handlers/me.ts b/server/src/shared/lambda/oauth/handlers/me.ts
@@ -39,15 +39,24 @@ export default function meHandlerFactory(
     }
   }
 
+  // eslint-disable-next-line no-console
+  const logInfo = console.log
+
   async function handleDelete(
     req: AuthenticatedLambdaHttpRequest
   ): Promise<LambdaHttpResponse> {
     const user = req.authenticUser
+    logInfo(`Deleting identities for user '${user.id}'...`)
     const identities = await identityRepository.listForUser(user.id)
     for (const ident of identities) {
+      logInfo(
+        `Deleting identity '${ident.subject}@${ident.provider}' for user '${user.id}'...`
+      )
       await identityRepository.delete(ident.id)
     }
+    logInfo(`Deleting user '${user.id}'...`)
     await userRepository.delete(user.id)
+    logInfo(`Deleting user '${user.id}' complete.`)
     return jsonResponse(STATUS.OK)
   }