Allow deletion of unconfirmed users and orgs (#7948)

Fix minor styling issue on the delete account page when an exception bubbles out.
Fix bug in the account delete handler which would not delete users when notifications were turned off.
Address NuGet/Engineering#3099

Author: joelverhagen

src/AccountDeleter/AccountDeleteMessageHandler.cs

@@ -63,31 +63,42 @@ public async Task<bool> HandleAsync(AccountDeleteMessage command)
                     throw new UserNotFoundException();
                 }
 
-                if (_accountDeleteConfigurationAccessor.Value.RespectEmailContactSetting && !user.EmailAllowed)
-                {
-                    throw new EmailContactNotAllowedException();
-                }
-
                 var recipientEmail = user.EmailAddress;
+                var emailAllowed = user.EmailAllowed;
                 var deleteSuccess = await _accountManager.DeleteAccount(user, source);
                 _telemetryService.TrackDeleteResult(source, deleteSuccess);
 
-                var baseEmailBuilder = _emailBuilderFactory.GetEmailBuilder(source, deleteSuccess);
-                if (baseEmailBuilder != null)
+                if (recipientEmail == null)
+                {
+                    _logger.LogWarning("User has no confirmed email address. The user has been deleted but no email was sent.");
+                    _telemetryService.TrackUnconfirmedUser(source);
+                    messageProcessed = true;
+                }
+                else if (_accountDeleteConfigurationAccessor.Value.RespectEmailContactSetting && !emailAllowed)
                 {
-                    var toEmail = new List<MailAddress>();
+                    _logger.LogWarning("User did not allow Email Contact. The user has been deleted but no email was sent.");
+                    _telemetryService.TrackEmailBlocked(source);
+                    messageProcessed = true;
+                }
+                else
+                {
+                    var baseEmailBuilder = _emailBuilderFactory.GetEmailBuilder(source, deleteSuccess);
+                    if (baseEmailBuilder != null)
+                    {
+                        var toEmail = new List<MailAddress>();
 
-                    var configuration = _accountDeleteConfigurationAccessor.Value;
-                    var senderAddress = configuration.EmailConfiguration.GalleryOwner;
-                    var ccEmail = new List<MailAddress>();
-                    toEmail.Add(new MailAddress(recipientEmail));
-                    ccEmail.Add(new MailAddress(senderAddress));
+                        var configuration = _accountDeleteConfigurationAccessor.Value;
+                        var senderAddress = configuration.EmailConfiguration.GalleryOwner;
+                        var ccEmail = new List<MailAddress>();
+                        toEmail.Add(new MailAddress(recipientEmail));
+                        ccEmail.Add(new MailAddress(senderAddress));
 
-                    var recipients = new EmailRecipients(toEmail, ccEmail);
-                    var emailBuilder = new DisposableEmailBuilder(baseEmailBuilder, recipients, username);
-                    await _messenger.SendMessageAsync(emailBuilder);
-                    _telemetryService.TrackEmailSent(source, user.EmailAllowed);
-                    messageProcessed = true;
+                        var recipients = new EmailRecipients(toEmail, ccEmail);
+                        var emailBuilder = new DisposableEmailBuilder(baseEmailBuilder, recipients, username);
+                        await _messenger.SendMessageAsync(emailBuilder);
+                        _telemetryService.TrackEmailSent(source, emailAllowed);
+                        messageProcessed = true;
+                    }
                 }
             }
             catch (UnknownSourceException)
@@ -98,12 +109,6 @@ public async Task<bool> HandleAsync(AccountDeleteMessage command)
                 _telemetryService.TrackUnknownSource(source);
                 messageProcessed = false;
             }
-            catch (EmailContactNotAllowedException)
-            {
-                // Should we not send? or should we ignore the setting.
-                _logger.LogWarning("User did not allow Email Contact.");
-                _telemetryService.TrackEmailBlocked(source);
-            }
             catch (UserNotFoundException)
             {
                 _logger.LogWarning("User was not found. They may have already been deleted.");
@@ -112,8 +117,8 @@ public async Task<bool> HandleAsync(AccountDeleteMessage command)
             }
             catch (Exception e)
             {
-                _logger.LogError(0, e, "An unknown exception occured: {ExceptionMessage}");
-                throw e;
+                _logger.LogError(e, "An unknown exception occurred.");
+                throw;
             }
 
             return messageProcessed;

src/AccountDeleter/AccountDeleter.csproj

@@ -64,7 +64,6 @@
     <Compile Include="Evaluators\IUserEvaluatorFactory.cs" />
     <Compile Include="Evaluators\UserEvaluatorComparer.cs" />
     <Compile Include="Evaluators\UserEvaluatorFactory.cs" />
-    <Compile Include="Exceptions\EmailContactNotAllowedException.cs" />
     <Compile Include="Exceptions\UnknownEvaluatorException.cs" />
     <Compile Include="Exceptions\UnknownSourceException.cs" />
     <Compile Include="Exceptions\UserNotFoundException.cs" />

src/AccountDeleter/Exceptions/EmailContactNotAllowedException.cs

@@ -1,7 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-
 using System;
 
 namespace NuGetGallery.AccountDeleter

src/AccountDeleter/Exceptions/UserNotFoundException.cs

@@ -17,6 +17,7 @@ public class AccountDeleteTelemetryService : IAccountDeleteTelemetryService, ISu
         private const string EmailBlockedEventName = TelemetryPrefix + "EmailBlocked";
         private const string UnknownSourceEventName = TelemetryPrefix + "UnknownSource";
         private const string UserNotFoundEventName = TelemetryPrefix + "UserNotFound";
+        private const string UnconfirmedUserEventName = TelemetryPrefix + "UnconfirmedUser";
 
         private const string CallGuidDimensionName = "CallGuid";
         private const string ContactAllowedDimensionName = "ContactAllowed";
@@ -130,5 +131,14 @@ public void TrackMessageLockLost<TMessage>(Guid callGuid)
                     { CallGuidDimensionName, callGuid.ToString() }
                    });
         }
+
+        public void TrackUnconfirmedUser(string source)
+        {
+            _telemetryClient.TrackEvent(UnconfirmedUserEventName,
+                new Dictionary<string, string>
+                {
+                    { SourceDimensionName, source }
+                });
+        }
     }
 }

src/AccountDeleter/Telemetry/AccountDeleteTelemetryService.cs

@@ -1,12 +1,12 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-
 namespace NuGetGallery.AccountDeleter
 {
     public interface IAccountDeleteTelemetryService
     {
+        void TrackUnconfirmedUser(string source);
+
         void TrackUserNotFound(string source);
 
         void TrackDeleteResult(string source, bool deleteSuccess);

src/AccountDeleter/Telemetry/IAccountDeleteTelemetryService.cs

@@ -21,6 +21,8 @@ public class SupportRequestService
         private readonly string _siteRoot;
         private const string _unassignedAdmin = "unassigned";
         private const string _deletedAccount = "_deletedaccount";
+        private const string _unconfirmedEmailAddress = "_unconfirmed";
+        private const string _deletedEmailAddress = "deletedaccount";
         private const string _NuGetDSRAccount = "_NuGetDSR";
 
         public SupportRequestService(
@@ -221,7 +223,7 @@ public async Task<bool> TryAddDeleteSupportRequestAsync(User user)
             var requestSent = await AddNewSupportRequestAsync(
                 ServicesStrings.AccountDelete_SupportRequestTitle,
                 ServicesStrings.AccountDelete_SupportRequestTitle,
-                user.EmailAddress,
+                user.EmailAddress ?? _unconfirmedEmailAddress,
                 "The user requested to have the account deleted.",
                 user) != null;
             var status = requestSent ? DeleteAccountAuditRecord.ActionStatus.Success : DeleteAccountAuditRecord.ActionStatus.Failure;
@@ -303,7 +305,7 @@ public async Task DeleteSupportRequestsAsync(User user)
             }
             foreach (var accountDeletedIssue in userIssues.Where(i => string.Equals(i.IssueTitle, ServicesStrings.AccountDelete_SupportRequestTitle)))
             {
-                accountDeletedIssue.OwnerEmail = "deletedaccount";
+                accountDeletedIssue.OwnerEmail = _deletedEmailAddress;
                 if(!accountDeletedIssue.CreatedBy.Equals(_NuGetDSRAccount, StringComparison.OrdinalIgnoreCase))
                 {
                     accountDeletedIssue.CreatedBy = _deletedAccount;

src/NuGetGallery.Services/SupportRequest/SupportRequestService.cs

@@ -12,7 +12,7 @@
             @if ((TempData["RequestFailedMessage"] != null))
             {
                 var message = (string)TempData["RequestFailedMessage"];
-                @ViewHelpers.AlertDanger(@<p><b class="keywords">@message</b> <br /></p>)
+                @ViewHelpers.AlertDanger(@<b class="keywords">@message</b>)
             }
             else
             {

src/NuGetGallery/Views/Users/DeleteAccount.cshtml

@@ -0,0 +1,146 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Moq;
+using NuGet.Services.Entities;
+using NuGet.Services.Messaging.Email;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace NuGetGallery.AccountDeleter.Facts
+{
+    public class AccountDeleteMessageHandlerFacts
+    {
+        [Fact]
+        public async Task IgnoresMissingUser()
+        {
+            User = null;
+
+            var processed = await Target.HandleAsync(Message);
+
+            Assert.True(processed);
+            TelemetryService.Verify(x => x.TrackUserNotFound(Message.Source), Times.Once);
+        }
+
+        [Theory]
+        [InlineData(false, false)]
+        [InlineData(false, true)]
+        [InlineData(true, true)]
+        [InlineData(true, false)]
+        public async Task DeletesUserAndAlwaysSendsEmailWhenIgnoringContactSetting(bool emailAllowed, bool deleteSuccess)
+        {
+            Config.RespectEmailContactSetting = false;
+            User.EmailAllowed = emailAllowed;
+            AccountManager.Setup(x => x.DeleteAccount(It.IsAny<User>(), It.IsAny<string>())).ReturnsAsync(deleteSuccess);
+
+            var processed = await Target.HandleAsync(Message);
+
+            Assert.True(processed);
+            TelemetryService.Verify(x => x.TrackDeleteResult(Message.Source, deleteSuccess), Times.Once);
+            MessageService.Verify(x => x.SendMessageAsync(It.IsAny<IEmailBuilder>(), false, false), Times.Once);
+            TelemetryService.Verify(x => x.TrackEmailSent(Message.Source, emailAllowed), Times.Once);
+        }
+
+        [Theory]
+        [InlineData(false, false)]
+        [InlineData(false, true)]
+        [InlineData(true, true)]
+        [InlineData(true, false)]
+        public async Task DeletesUserAndAndCanRespsectEmailAllowedSetting(bool emailAllowed, bool deleteSuccess)
+        {
+            Config.RespectEmailContactSetting = true;
+            User.EmailAllowed = emailAllowed;
+            AccountManager.Setup(x => x.DeleteAccount(It.IsAny<User>(), It.IsAny<string>())).ReturnsAsync(deleteSuccess);
+
+            var processed = await Target.HandleAsync(Message);
+
+            Assert.True(processed);
+            TelemetryService.Verify(x => x.TrackDeleteResult(Message.Source, deleteSuccess), Times.Once);
+            MessageService.Verify(
+                x => x.SendMessageAsync(It.IsAny<IEmailBuilder>(), It.IsAny<bool>(), It.IsAny<bool>()),
+                Times.Exactly(emailAllowed ? 1 : 0));
+            TelemetryService.Verify(x => x.TrackEmailSent(It.IsAny<string>(), It.IsAny<bool>()), Times.Exactly(emailAllowed ? 1 : 0));
+            TelemetryService.Verify(x => x.TrackEmailBlocked(It.IsAny<string>()), Times.Exactly(emailAllowed ? 0 : 1));
+        }
+
+        [Fact]
+        public async Task DoesNotSendEmailWhenUserHasNoConfirmedEmailAddress()
+        {
+            User.EmailAddress = null;
+
+            var processed = await Target.HandleAsync(Message);
+
+            Assert.True(processed);
+            TelemetryService.Verify(x => x.TrackDeleteResult(Message.Source, true), Times.Once);
+            TelemetryService.Verify(x => x.TrackUnconfirmedUser(Message.Source), Times.Once);
+            MessageService.Verify(x => x.SendMessageAsync(It.IsAny<IEmailBuilder>(), It.IsAny<bool>(), It.IsAny<bool>()), Times.Never);
+            TelemetryService.Verify(x => x.TrackEmailSent(It.IsAny<string>(), It.IsAny<bool>()), Times.Never);
+        }
+
+        public AccountDeleteMessageHandlerFacts(ITestOutputHelper output)
+        {
+            Options = new Mock<IOptionsSnapshot<AccountDeleteConfiguration>>();
+            AccountManager = new Mock<IAccountManager>();
+            UserService = new Mock<IUserService>();
+            MessageService = new Mock<IMessageService>();
+            EmailBuilderFactory = new Mock<IEmailBuilderFactory>();
+            TelemetryService = new Mock<IAccountDeleteTelemetryService>();
+
+            Message = new AccountDeleteMessage("frank", "TheMoon");
+            Config = new AccountDeleteConfiguration
+            {
+                RespectEmailContactSetting = false,
+                EmailConfiguration = new EmailConfiguration
+                {
+                    GalleryOwner = "gallery@example",
+                },
+                SourceConfigurations = new List<SourceConfiguration>
+                {
+                    new SourceConfiguration
+                    {
+                        SourceName = Message.Source,
+                    },
+                },
+            };
+            User = new User
+            {
+                Username = Message.Username,
+                EmailAddress = "frank@example",
+                EmailAllowed = true,
+            };
+            BaseEmailBuilder = new Mock<IEmailBuilder>();
+
+            Options.Setup(x => x.Value).Returns(() => Config);
+            UserService.Setup(x => x.FindByUsername(It.IsAny<string>(), It.IsAny<bool>())).Returns(() => User);
+            AccountManager.Setup(x => x.DeleteAccount(It.IsAny<User>(), It.IsAny<string>())).ReturnsAsync(true);
+            EmailBuilderFactory.Setup(x => x.GetEmailBuilder(It.IsAny<string>(), It.IsAny<bool>())).Returns(() => BaseEmailBuilder.Object);
+
+            var loggerFactory = new LoggerFactory().AddXunit(output);
+
+            Target = new AccountDeleteMessageHandler(
+                Options.Object,
+                AccountManager.Object,
+                UserService.Object,
+                MessageService.Object,
+                EmailBuilderFactory.Object,
+                TelemetryService.Object,
+                loggerFactory.CreateLogger<AccountDeleteMessageHandler>());
+        }
+
+        public Mock<IOptionsSnapshot<AccountDeleteConfiguration>> Options { get; }
+        public Mock<IAccountManager> AccountManager { get; }
+        public Mock<IUserService> UserService { get; }
+        public Mock<IMessageService> MessageService { get; }
+        public Mock<IEmailBuilderFactory> EmailBuilderFactory { get; }
+        public Mock<IAccountDeleteTelemetryService> TelemetryService { get; }
+        public AccountDeleteConfiguration Config { get; }
+        public AccountDeleteMessageHandler Target { get; }
+        public AccountDeleteMessage Message { get; }
+        public User User { get; set; }
+        public Mock<IEmailBuilder> BaseEmailBuilder { get; }
+    }
+}

tests/AccountDeleter.Facts/AccountDeleteMessageHandlerFacts.cs

@@ -7,7 +7,7 @@
     <ProjectGuid>{98765110-844D-41BE-8083-22E064136E05}</ProjectGuid>
     <OutputType>Library</OutputType>
     <AppDesignerFolder>Properties</AppDesignerFolder>
-    <RootNamespace>AccountDeleter.Facts</RootNamespace>
+    <RootNamespace>NuGet.AccountDeleter.Facts</RootNamespace>
     <AssemblyName>AccountDeleter.Facts</AssemblyName>
     <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
@@ -40,6 +40,7 @@
     <Reference Include="System.Xml" />
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="AccountDeleteMessageHandlerFacts.cs" />
     <Compile Include="EmailBuilderFacts.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="EvaluatorFacts.cs" />