Fix account deletion flow

2025-12-22 21:31:14 -05:00 · 2025-10-29 22:46:49 +00:00
parent 2918f9d280
commit a2cb037410
8 changed files with 143 additions and 28 deletions
--- a/supabase/functions/cancel-account-deletion/index.ts
+++ b/supabase/functions/cancel-account-deletion/index.ts
@@ -39,16 +39,27 @@ serve(async (req) => {

    edgeLogger.info('Cancelling deletion request', { action: 'cancel_deletion', userId: user.id, requestId: tracking.requestId });

-    // Find pending deletion request
+    // Find pending or confirmed deletion request
    const { data: deletionRequest, error: requestError } = await supabaseClient
      .from('account_deletion_requests')
      .select('*')
      .eq('user_id', user.id)
-      .eq('status', 'pending')
+      .in('status', ['pending', 'confirmed'])
      .maybeSingle();

    if (requestError || !deletionRequest) {
-      throw new Error('No pending deletion request found');
+      throw new Error('No active deletion request found');
+    }
+
+    // Validate that deletion hasn't already been processed
+    if (deletionRequest.status === 'completed') {
+      throw new Error('This deletion request has already been completed');
+    }
+
+    // Validate scheduled deletion hasn't passed
+    const scheduledDate = new Date(deletionRequest.scheduled_deletion_at);
+    if (scheduledDate < new Date()) {
+      throw new Error('Cannot cancel - deletion has already been processed');
    }

    // Cancel deletion request
@@ -99,6 +110,7 @@ serve(async (req) => {
              <h2>Account Deletion Cancelled</h2>
              <p>Your account deletion request has been cancelled on ${new Date().toLocaleDateString()}.</p>
              <p>Your account has been reactivated and you can continue using all features.</p>
+              <p>If you did not cancel this request, please contact support immediately.</p>
              <p>Welcome back!</p>
            `,
          }),
--- a/supabase/functions/confirm-account-deletion/index.ts
+++ b/supabase/functions/confirm-account-deletion/index.ts
@@ -70,6 +70,18 @@ serve(async (req) => {
      throw new Error('No pending deletion request found');
    }

+    // Check if there's already a confirmed request
+    const { data: confirmedRequest } = await supabaseClient
+      .from('account_deletion_requests')
+      .select('*')
+      .eq('user_id', user.id)
+      .eq('status', 'confirmed')
+      .maybeSingle();
+
+    if (confirmedRequest) {
+      throw new Error('You already have a confirmed deletion request. Your account is scheduled for deletion.');
+    }
+
    // Verify confirmation code
    if (deletionRequest.confirmation_code !== confirmation_code) {
      throw new Error('Invalid confirmation code');
@@ -141,7 +153,10 @@ serve(async (req) => {
                <li>✓ To cancel, log in and visit your account settings</li>
              </ul>
              
-              <p>If you take no action, your account will be automatically deleted after the 14-day waiting period.</p>
+              <h3>Changed Your Mind?</h3>
+              <p>You can cancel at any time during the 14-day waiting period by logging in and clicking "Cancel Deletion" in your account settings.</p>
+              
+              <p><strong>If you take no action</strong>, your account will be automatically deleted after the 14-day waiting period.</p>
            `,
          }),
        });
--- a/supabase/functions/request-account-deletion/index.ts
+++ b/supabase/functions/request-account-deletion/index.ts
@@ -52,23 +52,31 @@ serve(async (req) => {
      userId: user.id 
    });

-    // Check for existing pending deletion request
+    // Check for existing active deletion request (pending or confirmed)
    const { data: existingRequest } = await supabaseClient
      .from('account_deletion_requests')
      .select('*')
      .eq('user_id', user.id)
-      .eq('status', 'pending')
+      .in('status', ['pending', 'confirmed'])
      .maybeSingle();

    if (existingRequest) {
+      const errorMsg = existingRequest.status === 'confirmed' 
+        ? 'Your account is already scheduled for deletion. You can cancel it from your account settings.'
+        : 'You already have a pending deletion request. Check your email for the confirmation code.';
+      
      return new Response(
        JSON.stringify({
-          error: 'You already have a pending deletion request',
+          error: errorMsg,
          request: existingRequest,
        }),
        {
          status: 400,
-          headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+          headers: { 
+            ...corsHeaders, 
+            'Content-Type': 'application/json',
+            'X-Request-ID': tracking.requestId 
+          },
        }
      );
    }
@@ -131,7 +139,9 @@ serve(async (req) => {
        <h3>CONFIRMATION CODE: <strong>${confirmationCode}</strong></h3>
        <p><strong>IMPORTANT:</strong> You have 24 hours to enter this code to confirm the deletion. After entering the code, your account will be deactivated and you'll have 14 days to cancel before permanent deletion.</p>
        
-        <p><strong>Need to cancel?</strong> You can cancel at any time during the 14-day period after confirming.</p>
+        <p><strong>Need to cancel?</strong> You can cancel at any time - before OR after confirming - during the 14-day period.</p>
+        
+        <p><strong>Changed your mind?</strong> Simply log in to your account settings and click "Cancel Deletion".</p>
      `,
    };