From 9da1137a786de39bf2025875e46fc327319eac8c Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Thu, 9 Mar 2023 15:29:15 -0500
Subject: [PATCH] soft delete support for account_requests (#262)

---
 controller/invite.go                | 2 +-
 controller/register.go              | 4 ++++
 controller/store/account_request.go | 8 ++++----
 controller/verify.go                | 6 +++++-
 4 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/controller/invite.go b/controller/invite.go
index 8f6623b1..aead8aa1 100644
--- a/controller/invite.go
+++ b/controller/invite.go
@@ -69,7 +69,7 @@ func (h *inviteHandler) Handle(params account.InviteParams) middleware.Responder
 		logrus.Infof("no account found for '%v': %v", params.Body.Email, err)
 	}
 
-	if oldAr, err := str.FindAccountRequestWithEmail(params.Body.Email, tx); err == nil {
+	if oldAr, err := str.FindAccountRequestWithEmail(params.Body.Email, tx); err == nil && !oldAr.Deleted {
 		logrus.Warnf("found previous account request for '%v', removing", params.Body.Email)
 		if err := str.DeleteAccountRequest(oldAr.Id, tx); err != nil {
 			logrus.Errorf("error deleteing previous account request for '%v': %v", params.Body.Email, err)
diff --git a/controller/register.go b/controller/register.go
index 6ffdf50b..be153f74 100644
--- a/controller/register.go
+++ b/controller/register.go
@@ -32,6 +32,10 @@ func (h *registerHandler) Handle(params account.RegisterParams) middleware.Respo
 		logrus.Errorf("error finding account request with token '%v': %v", params.Body.Token, err)
 		return account.NewRegisterNotFound()
 	}
+	if ar.Deleted {
+		logrus.Errorf("account request with token '%v' deleted", params.Body.Token)
+		return account.NewRegisterNotFound()
+	}
 
 	token, err := createToken()
 	if err != nil {
diff --git a/controller/store/account_request.go b/controller/store/account_request.go
index 23b0690e..44d7d40f 100644
--- a/controller/store/account_request.go
+++ b/controller/store/account_request.go
@@ -49,10 +49,10 @@ func (self *Store) FindExpiredAccountRequests(before time.Time, limit int, tx *s
 	var sql string
 	switch self.cfg.Type {
 	case "postgres":
-		sql = "select * from account_requests where created_at < $1 limit %d for update"
+		sql = "select * from account_requests where created_at < $1 and not deleted limit %d for update"
 
 	case "sqlite3":
-		sql = "select * from account_requests where created_at < $1 limit %d"
+		sql = "select * from account_requests where created_at < $1 and not deleted limit %d"
 
 	default:
 		return nil, errors.Errorf("unknown database type '%v'", self.cfg.Type)
@@ -82,7 +82,7 @@ func (self *Store) FindAccountRequestWithEmail(email string, tx *sqlx.Tx) (*Acco
 }
 
 func (self *Store) DeleteAccountRequest(id int, tx *sqlx.Tx) error {
-	stmt, err := tx.Prepare("delete from account_requests where id = $1")
+	stmt, err := tx.Prepare("update account_requests set deleted = true, updated_at = current_timestamp where id = $1")
 	if err != nil {
 		return errors.Wrap(err, "error preparing account_requests delete statement")
 	}
@@ -106,7 +106,7 @@ func (self *Store) DeleteMultipleAccountRequests(ids []int, tx *sqlx.Tx) error {
 		indexes[i] = fmt.Sprintf("$%d", i+1)
 	}
 
-	stmt, err := tx.Prepare(fmt.Sprintf("delete from account_requests where id in (%s)", strings.Join(indexes, ",")))
+	stmt, err := tx.Prepare(fmt.Sprintf("update account_requests set deleted = true, updated_at = current_timestamp where id in (%s)", strings.Join(indexes, ",")))
 	if err != nil {
 		return errors.Wrap(err, "error preparing account_requests delete multiple statement")
 	}
diff --git a/controller/verify.go b/controller/verify.go
index ae194fc5..016caec9 100644
--- a/controller/verify.go
+++ b/controller/verify.go
@@ -26,7 +26,11 @@ func (self *verifyHandler) Handle(params account.VerifyParams) middleware.Respon
 
 		ar, err := str.FindAccountRequestWithToken(params.Body.Token, tx)
 		if err != nil {
-			logrus.Errorf("error finding account with token '%v': %v", params.Body.Token, err)
+			logrus.Errorf("error finding account request with token '%v': %v", params.Body.Token, err)
+			return account.NewVerifyNotFound()
+		}
+		if ar.Deleted {
+			logrus.Errorf("account request for '%v' with token '%v' deleted", ar.Email, params.Body.Token)
 			return account.NewVerifyNotFound()
 		}