range-of-motion · range-of-motion · Aug 22, 2020 · Aug 23, 2020 · Aug 24, 2020 · Aug 24, 2020
diff --git a/app/Actions/DeleteUserAction.php b/app/Actions/DeleteUserAction.php
@@ -0,0 +1,64 @@
+<?php
+
+namespace App\Actions;
+
+use App\Exceptions\PossibleSpaceAbandonmentException;
+use App\Exceptions\UserActiveStripeSubscriptionException;
+use App\Exceptions\UserNotFoundException;
+use App\Helper;
+use App\Models\User;
+use Illuminate\Support\Facades\Storage;
+use Stripe\StripeClient;
+
+class DeleteUserAction
+{
+    public function execute(int $id): void
+    {
+        $user = User::find($id);
+
+        if (!$user) {
+            throw new UserNotFoundException();
+        }
+
+        // Checks before deleting
+        if (Helper::arePlansEnabled() && $user->stripe_customer_id) {
+            $stripe = new StripeClient(config('stripe.secret'));
+
+            $stripeSubscriptions = $stripe->subscriptions->all([
+                'customer' => $user->stripe_customer_id,
+                'status' => 'active'
+            ]);
+
+            $activeStripeSubscriptions = 0;
+
+            foreach ($stripeSubscriptions as $subscription) {
+                // Determine whether or not subscription is active by looking at "ended_at"
+                if (!$subscription->ended_at) {
+                    $activeStripeSubscriptions++;
+                }
+            }
+
+            if ($activeStripeSubscriptions > 0) {
+                throw new UserActiveStripeSubscriptionException();
+            }
+        }
+
+        // Commit to deleting
+        if ($user->avatar) {
+            Storage::delete('public/avatars/' . $user->avatar);
+        }
+
+        if (Helper::arePlansEnabled() && $user->stripe_customer_id) {
+            $stripe = new StripeClient(config('stripe.secret'));
+
+            $stripe->customers->delete($user->stripe_customer_id);
+        }
+
+        $user->fill([
+            'avatar' => null,
+            'name' => null,
+            'email' => null,
+            'stripe_customer_id' => null
+        ])->save();
+    }
+}
diff --git a/app/Exceptions/UserActiveStripeSubscriptionException.php b/app/Exceptions/UserActiveStripeSubscriptionException.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Exceptions;
+
+use Exception;
+
+class UserActiveStripeSubscriptionException extends Exception
+{
+    //
+}
diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
@@ -4,7 +4,9 @@
 
 use App\Actions\CreateStripeCheckoutAction;
 use App\Actions\CreateStripeCustomerAction;
+use App\Actions\DeleteUserAction;
 use App\Actions\FetchStripeSubscriptionAction;
+use App\Exceptions\UserActiveStripeSubscriptionException;
 use App\Exceptions\UserStripelessException;
 use Illuminate\Http\Request;
 use App\Mail\PasswordChanged;
@@ -104,6 +106,21 @@ public function getAccount()
         return view('settings.account');
     }
 
+    public function postAccountDelete(Request $request)
+    {
+        try {
+            (new DeleteUserAction())->execute(Auth::id());
+        } catch (UserActiveStripeSubscriptionException $e) {
+            $request->session()->flash('delete_user_error', 'active_stripe_subscription');
+
+            return redirect()->route('settings.account');
+        }
+
+        Auth::logout();
+
+        return redirect()->route('login');
+    }
+
     public function getSpaces()
     {
         return view('settings.spaces.index', [

diff --git a/app/Jobs/SendWeeklyReports.php b/app/Jobs/SendWeeklyReports.php
@@ -49,6 +49,10 @@ public function handle()
                 ORDER BY spendings.amount DESC LIMIT 1', [$space->id, $lastWeekDate, $currentDate]);
 
             foreach ($space->users as $user) {
+                if (!$user->email) {
+                    continue;
+                }
+
                 // Only send if user wants to receive report
                 if ($user->weekly_report) {
                     Mail::to($user->email)->queue(new WeeklyReport(

diff --git a/app/Models/User.php b/app/Models/User.php
@@ -28,7 +28,7 @@ class User extends Authenticatable
     ];
 
     // Accessors
-    public function getAvatarAttribute($avatar)
+    public function getAvatarPathAttribute($avatar)
     {
         return $avatar ? '/storage/avatars/' . $avatar : 'https://via.placeholder.com/250';
     }

diff --git a/database/migrations/2020_08_22_232957_support_anonymization_of_users_table.php b/database/migrations/2020_08_22_232957_support_anonymization_of_users_table.php
@@ -0,0 +1,24 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class SupportAnonymizationOfUsersTable extends Migration
+{
+    public function up(): void
+    {
+        Schema::table('users', function ($table) {
+            $table->string('name')->nullable()->change();
+            $table->string('email')->nullable()->change();
+        });
+    }
+
+    public function down(): void
+    {
+        Schema::table('users', function ($table) {
+            $table->string('name')->nullable(false)->change();
+            $table->string('email')->nullable(false)->change();
+        });
+    }
+}
diff --git a/resources/assets/js/app.js b/resources/assets/js/app.js
@@ -6,6 +6,7 @@ import { Chrome } from 'vue-color';
 import ButtonDropdown from './components/ButtonDropdown.vue';
 import DatePicker from './components/DatePicker.vue';
 import BarChart from './components/BarChart.vue';
+import DeleteUserButton from './components/DeleteUserButton.vue';
 import Dropdown from './components/Dropdown.vue';
 import TransactionWizard from './components/TransactionWizard.vue';
 import ValidationError from './components/ValidationError.vue';
@@ -21,6 +22,7 @@ Vue.component('button-dropdown', ButtonDropdown);
 Vue.component('datepicker', DatePicker); // TODO DEPRECATE
 Vue.component('date-picker', DatePicker);
 Vue.component('barchart', BarChart);
+Vue.component('delete-user-button', DeleteUserButton);
 Vue.component('dropdown', Dropdown);
 Vue.component('transaction-wizard', TransactionWizard);
 Vue.component('validation-error', ValidationError);

diff --git a/resources/assets/js/components/DeleteUserButton.vue b/resources/assets/js/components/DeleteUserButton.vue
@@ -0,0 +1,55 @@
+<template>
+    <div>
+        <button
+            class="button link button--link-danger"
+            @click.prevent="showWarning">Delete</button>
+        <div
+            v-if="warningShown"
+            style="position: fixed; top: 0; left: 0; right: 0; bottom: 0; background: rgba(0, 0, 0, 0.50); box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.1), 0 4px 6px -2px rgba(0, 0, 0, 0.05);"
+            @click.self="hideWarning">
+            <div style="margin: 50px auto; max-width: 500px; padding: 20px; background: #FFF; border-radius: 5px;">
+                <div>Are you sure you want to delete your user? This is irreversible.</div>
+                <div class="row mt-2">
+                    <form method="POST" action="/settings/account/delete">
+                        <input
+                            type="hidden"
+                            name="_token"
+                            :value="csrfToken" />
+                        <button class="button button--danger mr-2">Yes, I am sure</button>
+                    </form>
+                    <button
+                        class="button button--light"
+                        @click="hideWarning">No</button>
+                </div>
+            </div>
+        </div>
+    </div>
+</template>
+
+<script>
+export default {
+    props: [
+        'csrfToken'
+    ],
+
+    data() {
+        return {
+            warningShown: false
+        };
+    },
+
+    methods: {
+        showWarning() {
+            this.warningShown = true;
+        },
+
+        hideWarning() {
+            this.warningShown = false;
+        },
+
+        doIt() {
+            // axios.
+        }
+    }
+};
+</script>
diff --git a/resources/assets/sass/components/input.scss b/resources/assets/sass/components/input.scss
@@ -140,10 +140,26 @@ button.button {
         background: none;
     }
 
+    &.button--link-danger {
+        padding: 0;
+        font-size: 16px;
+        color: $colors-red;
+        background: none;
+    }
+
     &.button--wide {
         padding: 12.5px 20px;
         width: 100%;
     }
+
+    &.button--light {
+        background: #EEE;
+        color: #000;
+    }
+
+    &.button--danger {
+        background: $colors-red;
+    }
 }
 
 .button, .button-dropdown {

diff --git a/resources/views/activities/index.blade.php b/resources/views/activities/index.blade.php
@@ -10,7 +10,7 @@
                 <div class="box__section row">
                     <div class="row__column row__column--compact mr-2" style="width: 25px;">
                         @if ($activity->user)
-                            <img class="avatar" src="{{ $activity->user->avatar }}" />
+                            <img class="avatar" src="{{ $activity->user->avatar_path }}" />
                         @endif
                     </div>
                     <div class="row__column row__column--middle">{{ __('activities.' . $activity->action) }} <a href="/{{ $activity->entity_type }}s/{{ $activity->entity_id }}">#{{ $activity->entity_id }}</a></div>

diff --git a/resources/views/layout.blade.php b/resources/views/layout.blade.php
@@ -100,7 +100,7 @@
                             <li>
                                 <dropdown>
                                     <span slot="button">
-                                        <img src="{{ Auth::user()->avatar }}" class="avatar mr-05" /> <i class="fas fa-caret-down fa-sm"></i>
+                                        <img src="{{ Auth::user()->avatar_path }}" class="avatar mr-05" /> <i class="fas fa-caret-down fa-sm"></i>
                                     </span>
                                     <ul slot="menu" v-cloak>
                                         <li>

diff --git a/resources/views/settings/account.blade.php b/resources/views/settings/account.blade.php
@@ -27,3 +27,12 @@
         </div>
     </div>
 @endsection
+
+@section('settings_body_formless')
+    <div class="mt-2">
+        @if (session('delete_user_error') === 'active_stripe_subscription')
+            <div class="color-red mb-1">Unable to delete user, you still have a premium plan (and would continue to be billed otherwise)</div>
+        @endif
+        <delete-user-button csrf-token="{{ csrf_token() }}"></delete-user-button>
+    </div>
+@endsection
diff --git a/resources/views/settings/profile.blade.php b/resources/views/settings/profile.blade.php
@@ -9,7 +9,7 @@
         <div class="box__section">
             <div class="input input--small">
                 <label>{{ __('fields.avatar') }}</label>
-                <img src="{{ Auth::user()->avatar }}" style="width: 200px; height: 200px; border-radius: 5px; object-fit: cover;" />
+                <img src="{{ Auth::user()->avatar_path }}" style="width: 200px; height: 200px; border-radius: 5px; object-fit: cover;" />
                 <input type="file" name="avatar" />
                 @include('partials.validation_error', ['payload' => 'avatar'])
             </div>

diff --git a/routes/web.php b/routes/web.php
@@ -120,6 +120,7 @@
         Route::post('/settings', [SettingsController::class, 'postIndex']);
         Route::get('/settings/profile', [SettingsController::class, 'getProfile'])->name('profile');
         Route::get('/settings/account', [SettingsController::class, 'getAccount'])->name('account');
+        Route::post('/settings/account/delete', [SettingsController::class, 'postAccountDelete'])->name('account.delete');
         Route::get('/settings/preferences', [SettingsController::class, 'getPreferences'])->name('preferences');
         Route::get('/settings/billing', [SettingsController::class, 'getBilling'])->name('billing')->middleware('stripe');
         Route::post('/settings/billing/upgrade', [SettingsController::class, 'postUpgrade'])->name('billing.upgrade')->middleware('stripe');

diff --git a/tests/Unit/Actions/DeleteUserTest.php b/tests/Unit/Actions/DeleteUserTest.php
@@ -0,0 +1,54 @@
+<?php
+
+namespace Tests\Unit\Actions;
+
+use App\Actions\DeleteUserAction;
+use App\Exceptions\UserNotFoundException;
+use App\Models\User;
+use Illuminate\Support\Facades\Storage;
+use Tests\TestCase;
+
+class DeleteUserTest extends TestCase
+{
+    public function testUserNotFound(): void
+    {
+        $this->expectException(UserNotFoundException::class);
+
+        (new DeleteUserAction())->execute(999);
+    }
+
+    public function testSuccessfulAvatarCleared(): void
+    {
+        $image = \Image::canvas(500, 500, '#CCC');
+
+        Storage::put('public/avatars/yabadabadoo.png', (string) $image->encode());
+
+        $user = factory(User::class)->create([
+            'avatar' => 'yabadabadoo.png'
+        ]);
+
+        $this->assertFileExists(storage_path() . '/app/public/avatars/yabadabadoo.png');
+
+        (new DeleteUserAction())->execute($user->id);
+
+        $this->assertFileNotExists(storage_path() . '/app/public/avatars/yabadabadoo.png');
+    }
+
+    public function testSuccessfulColumnsCleared(): void
+    {
+        $user = factory(User::class)->create([
+            'name' => 'John Doe',
+            'email' => '[email protected]'
+        ]);
+
+        $this->assertNotNull($user->name);
+        $this->assertNotNull($user->email);
+
+        (new DeleteUserAction())->execute($user->id);
+
+        $user->refresh();
+
+        $this->assertNull($user->name);
+        $this->assertNull($user->email);
+    }
+}