[FEAT] User Deactivation

[joboy-dev]

Description

This endpoint allows an authenticated user to deactivate their account.

Acceptance Criteria

AUTHENTICATION

• The endpoint must only be accessible to authenticated users.
• Requests without a valid JWT token should return a 401 Unauthorized error.

{
    "Authorization": "Bearer <jwt_token>"
}

HTTP METHOD AND URL

• The endpoint must accept only PATCH requests.
• The URL endpoint should be /api/v1/accounts/deactivate

EMAIL

• Users should receive an email that their account has been successfully deactivated if the response is a success response.

REQUEST BODY

• The request body contains a JSON object with:
  • reason (optional): A string indicating the reason for deactivation.
  • confirmation (required): A boolean that must be true to confirm the deactivation request.

Purpose

The purpose of the user deactivation endpoint is to allow users to deactivate their accounts, enhancing user control and data privacy.

Requirements

• Ensure the user is authenticated with a valid JWT token
• The endpoint should accept only PATCH requests
• The user status on the database should change to deactivated
• Users should receive an email that the account has been deactivated.

Expected Outcome

A user should be deactivated and should receive an email confirming that the account has been successfully deactivated.

Example

[PATCH] /api/v1/accounts/deactivate

Success

Request Body

{
    "reason": "No longer need the account",
    "confirmation": true
}

Response

{
    "status_code": 200,
    "message": "Account Deactivated Successfully" 
}

Errors

Request Body

Missing data

{
    "reason": "No longer need the account",
}

Response

{
    "status_code": 422, 
    "error": "Invalid input",
    "detail": [
        {
            "confirmation": "Deactivation confirmation is required"
        }   
    ] 
}

Request Body

Confirmation set to false

{
    "reason": "No longer need the account",
    "confirmation": "false"
}

Response

{
    "status_code": 400 ,
    "error":  "Confirmation needs to be true for deactivation"
}

Request Body

If the user has already been deactivated and they try to deactivate their account again.

{
    "reason": "No longer need the account",
    "confirmation": "true"
}

Response

{
    "status_code": 400 ,
    "error":  "User has been deactivated"
}

Request Body

Invalid or expired access token.

{
    "reason": "No longer need the account",
    "confirmation": "true"
}

Response

{
    "status_code":  401,
    "error":  "Could not validate user credentials"
}

Request Body

Unexpected error or server error

{
    "reason": "No longer need the account",
    "confirmation": "true"
}

Response

{
    "status_code":  500,
    "error":  "An unexpected error occured"
}

TEST

Unit Test

• Test 200 status code and success message for successful deactivation
• Test missing or invalid confirmation field
• Test for unauthorized access (No JWT token)
• Test email is sent to the user upon deactivation

End To End Test

• Test the full flow of the deactivation process.

[joboy-dev]

This issue is linked to the approved issue here

[joboy-dev]

Slack id: @joboy-dev