momentum-mod · tsa96 · Oct 2, 2023 · Sep 30, 2023 · Sep 30, 2023
diff --git a/apps/backend-e2e/src/admin.e2e-spec.ts b/apps/backend-e2e/src/admin.e2e-spec.ts
@@ -509,7 +509,16 @@ describe('Admin', () => {
 
       afterEach(() => prisma.user.deleteMany());
 
-      afterAll(() => db.cleanup('mMap', 'rank', 'run', 'report', 'activity'));
+      afterAll(() =>
+        db.cleanup(
+          'mMap',
+          'rank',
+          'run',
+          'report',
+          'activity',
+          'deletedSteamID'
+        )
+      );
 
       it('should delete user data. leaving user with Role.DELETED', async () => {
         const followeeUser = await db.createUser();
@@ -657,6 +666,10 @@ describe('Admin', () => {
           }
         });
 
+        const deletedSteamIDEntry = await prisma.deletedSteamID.findUnique({
+          where: { steamID: userBeforeDeletion.steamID }
+        });
+
         expect(deletedUser).toMatchObject({
           roles: Role.DELETED,
           bans: userBeforeDeletion.bans,
@@ -683,6 +696,8 @@ describe('Admin', () => {
           reportSubmitted: userBeforeDeletion.reportSubmitted,
           reportResolved: userBeforeDeletion.reportResolved
         });
+
+        expect(deletedSteamIDEntry).toBeTruthy();
       });
 
       it('should 403 when the user requesting only is a moderator', () =>

diff --git a/apps/backend-e2e/src/auth.e2e-spec.ts b/apps/backend-e2e/src/auth.e2e-spec.ts
@@ -178,7 +178,7 @@ describe('Auth', () => {
           response = await request();
         });
 
-        afterAll(() => db.cleanup('user'));
+        afterAll(() => db.cleanup('user', 'deletedSteamID'));
 
         it('should succeed and redirect to dashboard', () => {
           expect(response.statusCode).toBe(302);
@@ -228,6 +228,19 @@ describe('Auth', () => {
         expect(res.statusCode).toBe(403);
       });
 
+      it('should throw a ForbiddenException if account with this steamID was deleted', async () => {
+        await prisma.deletedSteamID.create({
+          data: { steamID: BigInt(steamID) }
+        });
+
+        const res = await request();
+        expect(res.statusCode).toBe(403);
+
+        await prisma.deletedSteamID.delete({
+          where: { steamID: BigInt(steamID) }
+        });
+      });
+
       it('should throw a ForbiddenException if the user is a limited account and preventLimited is true', async () => {
         steamIsLimitedSpy.mockResolvedValueOnce(true);
 

diff --git a/apps/backend-e2e/src/user.e2e-spec.ts b/apps/backend-e2e/src/user.e2e-spec.ts
@@ -334,6 +334,17 @@ describe('User', () => {
     });
 
     describe('DELETE', () => {
+      afterAll(() =>
+        db.cleanup(
+          'mMap',
+          'rank',
+          'run',
+          'report',
+          'activity',
+          'deletedSteamID'
+        )
+      );
+
       it('should delete user data, leaving user with Role.DELETED', async () => {
         const followeeUser = await db.createUser();
         const map = await db.createMap();
@@ -481,6 +492,10 @@ describe('User', () => {
           }
         });
 
+        const deletedSteamIDEntry = await prisma.deletedSteamID.findUnique({
+          where: { steamID: userBeforeDeletion.steamID }
+        });
+
         expect(deletedUser).toMatchObject({
           roles: Role.DELETED,
           bans: userBeforeDeletion.bans,
@@ -507,6 +522,8 @@ describe('User', () => {
           reportSubmitted: userBeforeDeletion.reportSubmitted,
           reportResolved: userBeforeDeletion.reportResolved
         });
+
+        expect(deletedSteamIDEntry).toBeTruthy();
       });
 
       it('should 401 when no access token is provided', () =>

diff --git a/apps/backend/src/app/modules/users/users.service.ts b/apps/backend/src/app/modules/users/users.service.ts
@@ -183,6 +183,13 @@ export class UsersService {
         'We do not authenticate Steam accounts without a profile. Set up your community profile on Steam!'
       );
 
+    const deletedSteamID = await this.db.deletedSteamID.findUnique({
+      where: { steamID: BigInt(profile.steamid) }
+    });
+
+    if (deletedSteamID)
+      throw new ForbiddenException('Account with this SteamID was deleted.');
+
     const user = await this.findOrCreateUser({
       steamID: BigInt(profile.steamid),
       alias: profile.personaname,
@@ -335,6 +342,11 @@ export class UsersService {
         where: {
           userID
         }
+      }),
+      this.db.deletedSteamID.create({
+        data: {
+          steamID: user.steamID
+        }
       })
     ]);
   }

diff --git a/apps/frontend/src/app/components/delete-user-dialog/delete-user-dialog.component.html b/apps/frontend/src/app/components/delete-user-dialog/delete-user-dialog.component.html
@@ -4,8 +4,15 @@ <h5 class="text-danger">Delete user?</h5>
   </nb-card-header>
   <nb-card-body>
     <p>
-      This will <b>permanently</b> delete this account and all runs and statistics associated with it.<br />
-      You will <b><i>NOT</i></b> be able to recover this data.
+      This will <b>permanently</b> and <b>irrevocably</b> delete your account. If you do so, you will <b><i>never</i></b> be able to sign up
+      from the same Steam account.
+    </p>
+    <p>
+      This feature only exists for privacy reasons, to give users the ability to delete all data identifiable to them from our systems.
+      Unless you really want to do that, don't use this feature!
+    </p>
+    <p>
+      Again, we are <b><i>not</i></b> going to help you recover your account if you do this.
     </p>
     <p>
       To confirm, please enter the following code: <b class="random-code">{{ randomCode }}</b>

diff --git a/libs/db/src/prisma/schema.prisma b/libs/db/src/prisma/schema.prisma
@@ -658,3 +658,7 @@ model XpSystems {
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
 }
+
+model DeletedSteamID {
+  steamID BigInt @id @unique @db.BigInt
+}