Merge pull request #18248 from mozilla/FXA-10573-implement-first-email-notification

feat(cloud tasks): send first inactive deletion email

Author: chenba

libs/shared/cloud-tasks/src/lib/send-email-tasks.ts

@@ -14,6 +14,7 @@ import { CloudTaskOptions } from './cloud-tasks.types';
 
 export enum EmailTypes {
   INACTIVE_DELETE_FIRST_NOTIFICATION = 'inactiveDeleteFirstNotification',
+  INACTIVE_DELETE_SECOND_NOTIFICATION = 'inactiveDeleteSecondNotification',
 }
 export type CloudTaskEmailType = (typeof EmailTypes)[keyof typeof EmailTypes];
 

packages/fxa-auth-server/bin/key_server.js

@@ -249,6 +249,16 @@ async function run(config) {
   );
   Container.set(RecoveryPhoneService, recoveryPhoneService);
 
+  const profile = new ProfileClient(log, {
+    ...config.profileServer,
+    serviceName: 'subhub',
+  });
+  Container.set(ProfileClient, profile);
+
+  const bounces = require('../lib/bounces')(config, database);
+  const senders = await require('../lib/senders')(log, config, bounces, statsd);
+  const glean = gleanMetrics(config);
+
   // The AccountDeleteManager is dependent on some of the object set into
   // Container above.
   const accountTasks = DeleteAccountTasksFactory(config, statsd);
@@ -263,16 +273,16 @@ async function run(config) {
   });
   Container.set(AccountDeleteManager, accountDeleteManager);
 
-  const emailCloudTaskManager = new EmailCloudTaskManager({ config, statsd });
-  Container.set(EmailCloudTaskManager, emailCloudTaskManager);
-
-  const profile = new ProfileClient(log, {
-    ...config.profileServer,
-    serviceName: 'subhub',
+  const emailCloudTaskManager = new EmailCloudTaskManager({
+    fxaDb: database,
+    oauthDb,
+    mailer: senders.email,
+    config,
+    statsd,
+    glean,
+    log,
   });
-  Container.set(ProfileClient, profile);
-  const bounces = require('../lib/bounces')(config, database);
-  const senders = await require('../lib/senders')(log, config, bounces, statsd);
+  Container.set(EmailCloudTaskManager, emailCloudTaskManager);
 
   const serverPublicKeys = {
     primary: JWTool.JWK.fromFile(config.publicKeyFile, {
@@ -297,7 +307,6 @@ async function run(config) {
   const zendeskClient = require('../lib/zendesk-client').createZendeskClient(
     config
   );
-  const glean = gleanMetrics(config);
   const routes = require('../lib/routes')(
     log,
     serverPublicKeys,

packages/fxa-auth-server/config/index.ts

@@ -495,6 +495,13 @@ const convictConf = convict({
       env: 'SUBSCRIPTION_TERMS_URL',
       format: String,
     },
+    unsubscribeUrl: {
+      doc: 'URL to unsubscribe from MoCo and MoFo emails',
+      format: String,
+      env: 'UNSUBSCRIBE_EMAIL_LISTS_URL',
+      default:
+        'https://privacyportal.onetrust.com/webform/1350748f-7139-405c-8188-22740b3b5587/4ba08202-2ede-4934-a89e-f0b0870f95f0',
+    },
     sesConfigurationSet: {
       doc:
         'AWS SES Configuration Set for SES Event Publishing. If defined, ' +

packages/fxa-auth-server/lib/account-events.ts

@@ -33,6 +33,12 @@ type AuthDatabase = {
   securityEvent: (arg: SecurityEvent) => void;
 };
 
+type EmailEventName =
+  | 'emailSent'
+  | 'emailDelivered'
+  | 'emailBounced'
+  | 'emailComplaint';
+
 export class AccountEventsManager {
   private firestore?: Firestore;
   private usersDbRef?;
@@ -64,7 +70,7 @@ export class AccountEventsManager {
   public async recordEmailEvent(
     uid: string,
     message: EmailEvent,
-    name: 'emailSent' | 'emailDelivered' | 'emailBounced' | 'emailComplaint'
+    name: EmailEventName
   ) {
     try {
       const { template, deviceId, flowId, service } = message;
@@ -93,6 +99,26 @@ export class AccountEventsManager {
     }
   }
 
+  public async findEmailEvents(
+    uid: string,
+    eventName: EmailEventName,
+    template: string,
+    startDate: number,
+    endDate: number
+  ) {
+    const query = this.usersDbRef
+      ?.doc(uid)
+      .collection('events')
+      .where('eventType', '==', 'emailEvent')
+      .where('name', '==', eventName)
+      .where('template', '==', template)
+      .where('createdAt', '>=', startDate)
+      .where('createdAt', '<=', endDate);
+
+    const snapshot = await query?.get();
+    return snapshot?.docs.map((doc) => doc.data());
+  }
+
   /**
    * Record a security event for the user. This is based on our security events
    * that are stored in MySQL.

packages/fxa-auth-server/lib/email-cloud-tasks.ts

@@ -5,6 +5,7 @@
 import { StatsD } from 'hot-shots';
 
 import {
+  EmailTypes,
   SendEmailTaskPayload,
   SendEmailTasks,
   SendEmailTasksFactory,
@@ -13,6 +14,12 @@ import {
 import { ConfigType } from '../config';
 import { AuthRequest } from './types';
 import { IncomingHttpHeaders } from 'http';
+import AppError from './error';
+import { InactiveAccountsManager } from './inactive-accounts';
+import { DB } from './db';
+import { ConnectedServicesDb } from 'fxa-shared/connected-services';
+import { GleanMetricsType } from './metrics/glean';
+import { Logger } from 'mozlog';
 
 const fxaCloudTaskDeliveryTimeHeaderName = 'fxa-cloud-task-delivery-time';
 
@@ -51,12 +58,38 @@ export class EmailCloudTaskManager {
   private config: ConfigType;
   private statsd: StatsD;
   private emailCloudTasks: SendEmailTasks;
-
-  constructor({ config, statsd }) {
+  private inactiveAccountsManager: InactiveAccountsManager;
+
+  constructor({
+    config,
+    statsd,
+    mailer,
+    fxaDb,
+    oauthDb,
+    glean,
+    log,
+  }: {
+    config: ConfigType;
+    statsd: StatsD;
+    mailer: any;
+    fxaDb: DB;
+    oauthDb: ConnectedServicesDb;
+    glean: GleanMetricsType;
+    log: Logger;
+  }) {
     this.config = config;
     this.statsd = statsd;
 
     this.emailCloudTasks = SendEmailTasksFactory(config, statsd);
+    this.inactiveAccountsManager = new InactiveAccountsManager({
+      fxaDb,
+      oauthDb,
+      mailer,
+      config,
+      statsd,
+      glean,
+      log,
+    });
   }
 
   async handleInactiveAccountNotification(request: AuthRequest) {
@@ -87,6 +120,18 @@ export class EmailCloudTaskManager {
       return;
     }
 
-    // @TODO FXA-10573, FXA-10574, FXA-10942
+    // @TODO FXA-10574, FXA-10942
+    switch ((request.payload as SendEmailTaskPayload).emailType) {
+      case EmailTypes.INACTIVE_DELETE_FIRST_NOTIFICATION:
+        await this.inactiveAccountsManager.handleFirstNotificationTask(
+          request.payload as SendEmailTaskPayload
+        );
+        break;
+      default:
+        // the payload is validated before it reaches the handler, so in the
+        // normal course of handling a cloud task, this should not happen.  but
+        // this code can also be called from outside of the request handler.
+        throw AppError.invalidCloudTaskEmailType();
+    }
   }
 }

packages/fxa-auth-server/lib/error.js

@@ -1574,6 +1574,15 @@ AppError.subscriptionPromotionCodeNotApplied = (error, message) => {
   );
 };
 
+AppError.invalidCloudTaskEmailType = function () {
+  return new AppError({
+    code: 400,
+    error: 'Bad Request',
+    errno: ERRNO.INVALID_CLOUDTASK_EMAILTYPE,
+    message: 'Invalid email type',
+  });
+};
+
 function decorateErrorWithRequest(error, request) {
   if (request) {
     error.output.payload.request = {

packages/fxa-auth-server/lib/inactive-accounts/active-status.ts

@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+import { SessionToken } from 'fxa-shared/connected-services/models/SessionToken';
+import { Email, SecurityEvent } from 'fxa-shared/db/models/auth';
+import { EVENT_NAMES } from 'fxa-shared/db/models/auth/security-event';
+
+export type GetTokensFn<T> = (uid: string) => Promise<T[]>;
+export type ActiveConditionFn = (
+  uid: string,
+  activeByDateTimestamp: number
+) => Promise<boolean> | Promise<Promise<boolean>>;
+export type NoTimestampActiveConditionFn = (
+  uid: string
+) => Promise<boolean> | Promise<Promise<boolean>>;
+
+// this includes the agumented last access time from redis
+export const hasActiveSessionToken = async (
+  tokensFn: GetTokensFn<SessionToken>,
+  uid: string,
+  activeByDateTimestamp: number
+) => {
+  const sessionTokens = await tokensFn(uid);
+  return sessionTokens.some(
+    (token) =>
+      token.lastAccessTime && token.lastAccessTime >= activeByDateTimestamp
+  );
+};
+export const hasActiveRefreshToken = async (
+  tokensFn: GetTokensFn<{ lastUsedAt: number }>,
+  uid: string,
+  activeByDateTimestamp: number
+) => {
+  const refreshTokens = await tokensFn(uid);
+  return refreshTokens.some((t) => t.lastUsedAt >= activeByDateTimestamp);
+};
+export const hasAccessToken = async (
+  tokensFn: GetTokensFn<{ lastUsedAt: number }>,
+  uid: string
+) => {
+  const accessTokens = await tokensFn(uid);
+  return accessTokens.length > 0;
+};
+
+export const emailVerificationQuery = (uid, activeByDateTimestamp) =>
+  Email.query()
+    .select('uid')
+    .where('uid', uid)
+    .andWhere('verifiedAt', '>=', activeByDateTimestamp)
+    .limit(1)
+    .first();
+
+export const securityEventsQuery = (uid, activeByDateTimestamp) =>
+  SecurityEvent.query()
+    .select('uid')
+    .where('uid', uid)
+    .andWhere('createdAt', '>=', activeByDateTimestamp)
+    .whereIn('nameId', [
+      EVENT_NAMES['account.login'],
+      EVENT_NAMES['account.password_reset_success'],
+      EVENT_NAMES['account.password_changed'],
+    ])
+    .limit(1)
+    .first();