Allow multiple Tombstone records for the same sub #421
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When this app was originally created it was *the* canonical place to store account data. The Tombstone records were to allow us to count deleted accounts and enforce uniqueness. Now however, that's not the case. The source for account data is Auth's OICD provider and Tombstones are less helpful to us now this app is only part of a relying party's account storage. Accounts on GOV.UK are only used for email notifications, so we plan to use email alert API's logic to delete accounts that have no subscriptions. This means it will be possible for someone to create an account, sign up for notifications, delete that subscription and then have that account deleted aoutmatically. We need to make sure that if that person comes back to GOV.UK and signs in, we can create a new `OidcUser` for them that behaves exactly as expected. In order for that to happen, we have to be able to create multiple Tombstones for the same sub.
alex9smith
added a commit
that referenced
this pull request
May 25, 2022
In [[1]] we allowed there to be multiple Tombstones with the same sub as this app is no longer the canonical place for account creation and deletion data. Since we're no longer checking for duplicates, we can also start deleting old records as they're now only really useful for debugging. We went with 30 days as that matches the time needed for an account to be marked 'inactive' by email alert API. We do lose the ability to count the number of accounts that has ever existed by adding this worker but, as mentioned before, this app isn't the right place to count this anyway so it's not a real loss. [1]: #421
huwd
approved these changes
May 25, 2022
alex9smith
added a commit
that referenced
this pull request
May 25, 2022
In [[1]] we allowed there to be multiple Tombstones with the same sub as this app is no longer the canonical place for account creation and deletion data. Since we're no longer checking for duplicates, we can also start deleting old records as they're now only really useful for debugging. We went with 30 days as that matches the time needed for an account to be marked 'inactive' by email alert API. We do lose the ability to count the number of accounts that has ever existed by adding this worker but, as mentioned before, this app isn't the right place to count this anyway so it's not a real loss. [1]: #421
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When this app was originally created it was the canonical place to
store account data. The Tombstone records were to allow us to count
deleted accounts and enforce uniqueness.
Now however, that's not the case. The source for account data is Auth's
OIDC provider and Tombstones are less helpful to us now this app is
only part of a relying party's account storage.
Accounts on GOV.UK are only used for email notifications, so we plan to
use email alert API's logic to delete accounts that have no subscriptions.
This means it will be possible for someone to create an account, sign up
for notifications, delete that subscription and then have that account
deleted automatically. We need to make sure that if that person comes
back to GOV.UK and signs in, we can create a new
OidcUserfor themthat behaves exactly as expected.
In order for that to happen, we have to be able to create multiple
Tombstones for the same sub.