feat(inactive accts): prevent deletion if account is active

Author: chenba

packages/fxa-auth-server/bin/key_server.js

@@ -272,6 +272,10 @@ async function run(config) {
     config,
     push,
     pushbox,
+    mailer: senders.email,
+    statsd,
+    glean,
+    log,
   });
   Container.set(AccountDeleteManager, accountDeleteManager);
 

packages/fxa-auth-server/lib/account-delete.ts

@@ -7,6 +7,8 @@ import {
   getAllPayPalBAByUid,
 } from 'fxa-shared/db/models/auth';
 import { Container } from 'typedi';
+import { Logger } from 'mozlog';
+import { StatsD } from 'hot-shots';
 
 import * as Sentry from '@sentry/node';
 
@@ -24,8 +26,15 @@ import pushboxApi from './pushbox';
 import { AppConfig, AuthLogger, AuthRequest } from './types';
 import { DB } from './db';
 import { reportSentryError } from './sentry';
+import { GleanMetricsType } from './metrics/glean';
+import {
+  InactiveAccountsManager,
+  InactiveStatusOAuthDb,
+  requestForGlean,
+} from './inactive-accounts';
 
-type OAuthDbDeleteAccount = Pick<typeof OAuthDb, 'removeTokensAndCodes'>;
+type OAuthDbDeleteAccount = Pick<typeof OAuthDb, 'removeTokensAndCodes'> &
+  InactiveStatusOAuthDb;
 type PushboxDeleteAccount = Pick<
   ReturnType<typeof pushboxApi>,
   'deleteAccount'
@@ -47,25 +56,38 @@ export class AccountDeleteManager {
   private playBilling?: PlayBilling;
   private log: Log;
   private config: ConfigType;
+  private glean: GleanMetricsType;
+  private statsd: StatsD;
+  private inactiveAccountsManager: InactiveAccountsManager;
 
   constructor({
     fxaDb,
     oauthDb,
     config,
     push,
     pushbox,
+    mailer,
+    statsd,
+    glean,
+    log,
   }: {
     fxaDb: DB;
     oauthDb: OAuthDbDeleteAccount;
     config: ConfigType;
     push: PushForDeleteAccount;
     pushbox: PushboxDeleteAccount;
+    mailer: any;
+    statsd: StatsD;
+    glean: GleanMetricsType;
+    log: Logger;
   }) {
     this.fxaDb = fxaDb;
     this.oauthDb = oauthDb;
     this.config = config;
     this.push = push;
     this.pushbox = pushbox;
+    this.glean = glean;
+    this.statsd = statsd;
 
     if (Container.has(StripeHelper)) {
       this.stripeHelper = Container.get(StripeHelper);
@@ -84,6 +106,16 @@ export class AccountDeleteManager {
 
     // Is this intentional? Config is passed in the constructor
     this.config = Container.get(AppConfig);
+
+    this.inactiveAccountsManager = new InactiveAccountsManager({
+      fxaDb,
+      oauthDb,
+      mailer,
+      config,
+      statsd,
+      glean,
+      log,
+    });
   }
 
   /**
@@ -99,6 +131,20 @@ export class AccountDeleteManager {
     reason: ReasonForDeletion,
     customerId?: string
   ) {
+    // there's a day's time between shceduling and deletion so we need to check
+    // if the account has became active in the meantime
+    if (
+      reason === ReasonForDeletion.InactiveAccountScheduled &&
+      (await this.inactiveAccountsManager.isActive(uid))
+    ) {
+      this.glean.inactiveAccountDeletion.deletionSkipped(requestForGlean, {
+        uid,
+        reason: 'active_account',
+      });
+      this.statsd.increment('account.inactive.deletion.skipped.active');
+      return;
+    }
+
     await this.deleteAccountFromDb(uid);
     await this.deleteOAuthTokens(uid);
     // see comment in the function on why we are not awaiting

packages/fxa-auth-server/lib/inactive-accounts/index.ts

@@ -15,7 +15,7 @@ import {
   ReasonForDeletion,
   DeleteAccountTasks,
 } from '@fxa/shared/cloud-tasks';
-import { ConnectedServicesDb } from 'fxa-shared/connected-services';
+import OAuthDb from '../oauth/db';
 
 import { ConfigType } from '../../config';
 import { AccountEventsManager } from '../account-events';
@@ -65,6 +65,10 @@ export const requestForGlean = {
 export const isCloudTaskAlreadyExistsError = (error) =>
   error.code === 10 && error.message.includes('entity already exists');
 
+export type InactiveStatusOAuthDb = Pick<
+  typeof OAuthDb,
+  'getAccessTokensByUid' | 'getRefreshTokensByUid'
+>;
 export type NotificationAttempt = 'first' | 'second' | 'final';
 export type GleanEmailSkippedEvent = `${NotificationAttempt}EmailSkipped`;
 export type GleanEmailTaskRequestEvent =
@@ -136,7 +140,7 @@ export const emailTypeToHandlerVals: Record<
 
 export class InactiveAccountsManager {
   fxaDb: DB;
-  oauthDb: ConnectedServicesDb;
+  oauthDb: InactiveStatusOAuthDb;
   accountEventsManager: AccountEventsManager;
   accountTasks: DeleteAccountTasks;
   mailer: any;
@@ -155,7 +159,7 @@ export class InactiveAccountsManager {
     log,
   }: {
     fxaDb: DB;
-    oauthDb: ConnectedServicesDb;
+    oauthDb: InactiveStatusOAuthDb;
     mailer: any;
     config: ConfigType;
     statsd: StatsD;

packages/fxa-auth-server/lib/metrics/glean/index.ts

@@ -350,7 +350,10 @@ export function gleanMetrics(config: ConfigType) {
         }
       ),
       secondEmailSkipped: createEventFn(
-        'inactive_account_deletion_second_email_skipped'
+        'inactive_account_deletion_second_email_skipped',
+        {
+          additionalMetrics: extraKeyReasonCb,
+        }
       ),
 
       finalEmailTaskRequest: createEventFn(
@@ -368,7 +371,16 @@ export function gleanMetrics(config: ConfigType) {
         }
       ),
       finalEmailSkipped: createEventFn(
-        'inactive_account_deletion_final_email_skipped'
+        'inactive_account_deletion_final_email_skipped',
+        {
+          additionalMetrics: extraKeyReasonCb,
+        }
+      ),
+      deletionSkipped: createEventFn(
+        'inactive_account_deletion_deletion_skipped',
+        {
+          additionalMetrics: extraKeyReasonCb,
+        }
       ),
       deletionScheduled: createEventFn(
         'inactive_account_deletion_deletion_scheduled'

packages/fxa-auth-server/lib/metrics/glean/server_events.ts

@@ -720,6 +720,94 @@ class EventsServerEventLogger {
       event,
     });
   }
+  /**
+   * Record and submit a inactive_account_deletion_deletion_skipped event:
+   * The scheduled deletion of an inactive account was skipped.
+   * Event is logged using internal mozlog logger.
+   *
+   * @param {string} user_agent - The user agent.
+   * @param {string} ip_address - The IP address. Will be used to decode Geo
+   *                              information and scrubbed at ingestion.
+   * @param {string} account_user_id - The firefox/mozilla account id.
+   * @param {string} account_user_id_sha256 - A hex string of a sha256 hash of the account's uid.
+   * @param {string} relying_party_oauth_client_id - The client id of the relying party.
+   * @param {string} relying_party_service - The service name of the relying party.
+   * @param {string} session_device_type - one of 'mobile', 'tablet', or ''.
+   * @param {string} session_entrypoint - Entrypoint to the service.
+   * @param {string} session_entrypoint_experiment - Identifier for the experiment the user is part of at the entrypoint.
+   * @param {string} session_entrypoint_variation - Identifier for the experiment variation the user is part of at the entrypoint.
+   * @param {string} session_flow_id - an ID generated by FxA for its flow metrics.
+   * @param {string} utm_campaign - A marketing campaign.  For example, if a user signs into FxA from selecting a Mozilla VPN plan on Mozilla VPN's product site, then the value of this metric could be 'vpn-product-page'.  The value has a max length of 128 characters with the alphanumeric characters, _ (underscore), forward slash (/), . (period), % (percentage sign), and - (hyphen) in the allowed set of characters.  The special value of 'page+referral+-+not+part+of+a+campaign' is also allowed..
+   * @param {string} utm_content - The content on which the user acted.  For example, if the user clicked on the (previously available) "Get started here" link in "Looking for Firefox Sync? Get started here", then the value for this metric would be 'fx-sync-get-started'. The value has a max length of 128 characters with the alphanumeric characters, _ (underscore), forward slash (/), . (period), % (percentage sign), and - (hyphen) in the allowed set of characters..
+   * @param {string} utm_medium - The "medium" on which the user acted.  For example, if the user clicked on a link in an email, then the value of this metric would be 'email'.  The value has a max length of 128 characters with the alphanumeric characters, _ (underscore), forward slash (/), . (period), % (percentage sign), and - (hyphen) in the allowed set of characters..
+   * @param {string} utm_source - The source from where the user started.  For example, if the user clicked on a link on the Mozilla accounts web site, this value could be 'fx-website'.  The value has a max length of 128 characters with the alphanumeric characters, _ (underscore), forward slash (/), . (period), % (percentage sign), and - (hyphen) in the allowed set of characters..
+   * @param {string} utm_term - This metric is similar to the `utm.source`; it is used in the Firefox browser.  For example, if the user started from about:welcome, then the value could be 'aboutwelcome-default-screen'.  The value has a max length of 128 characters with the alphanumeric characters, _ (underscore), forward slash (/), . (period), % (percentage sign), and - (hyphen) in the allowed set of characters..
+   * @param {string} reason - The reason the deletion was skipped..
+   */
+  recordInactiveAccountDeletionDeletionSkipped({
+    user_agent,
+    ip_address,
+    account_user_id,
+    account_user_id_sha256,
+    relying_party_oauth_client_id,
+    relying_party_service,
+    session_device_type,
+    session_entrypoint,
+    session_entrypoint_experiment,
+    session_entrypoint_variation,
+    session_flow_id,
+    utm_campaign,
+    utm_content,
+    utm_medium,
+    utm_source,
+    utm_term,
+    reason,
+  }: {
+    user_agent: string;
+    ip_address: string;
+    account_user_id: string;
+    account_user_id_sha256: string;
+    relying_party_oauth_client_id: string;
+    relying_party_service: string;
+    session_device_type: string;
+    session_entrypoint: string;
+    session_entrypoint_experiment: string;
+    session_entrypoint_variation: string;
+    session_flow_id: string;
+    utm_campaign: string;
+    utm_content: string;
+    utm_medium: string;
+    utm_source: string;
+    utm_term: string;
+    reason: string;
+  }) {
+    const event = {
+      category: 'inactive_account_deletion',
+      name: 'deletion_skipped',
+      extra: {
+        reason: String(reason),
+      },
+    };
+    this.#record({
+      user_agent,
+      ip_address,
+      account_user_id,
+      account_user_id_sha256,
+      relying_party_oauth_client_id,
+      relying_party_service,
+      session_device_type,
+      session_entrypoint,
+      session_entrypoint_experiment,
+      session_entrypoint_variation,
+      session_flow_id,
+      utm_campaign,
+      utm_content,
+      utm_medium,
+      utm_source,
+      utm_term,
+      event,
+    });
+  }
   /**
    * Record and submit a inactive_account_deletion_final_email_skipped event:
    * The final email notification was skipped.

packages/fxa-auth-server/scripts/delete-account.ts

@@ -35,6 +35,7 @@ import {
   DeleteAccountTasksFactory,
 } from '@fxa/shared/cloud-tasks';
 import { ProfileClient } from '@fxa/profile/client';
+const { gleanMetrics } = require('../lib/metrics/glean');
 
 const config = configProperties.getProperties();
 const mailer = null;
@@ -43,13 +44,14 @@ const statsd = {
   increment: () => {},
   timing: () => {},
   close: () => {},
-};
+} as unknown as StatsD;
 const log = require('../lib/log')(config.log.level, 'delete-account-script', {
   statsd,
 });
 const Token = require('../lib/tokens')(log, config);
 const { createDB } = require('../lib/db');
 const DB = createDB(config, log, Token);
+const glean = gleanMetrics(config);
 
 Container.set(StatsD, statsd);
 Container.set(AppConfig, config);
@@ -132,6 +134,10 @@ DB.connect(config).then(async (db: any) => {
     config,
     push,
     pushbox,
+    mailer,
+    statsd,
+    glean,
+    log,
   });
   Container.set(AccountDeleteManager, accountDeleteManager);