Changes between Version 2 and Version 3 of RightToErasure


Ignore:
Timestamp:
Apr 4, 2018, 2:30:59 PM (7 years ago)
Author:
Kevin Reed
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • RightToErasure

    v2 v3  
    1313- You will receive an email which contains a link.  Please click on that link.
    1414- On the page displayed, you will need to re-enter your password and then click “Delete my Account”
     15- At this point the account is scheduled to be deleted.  The actual deletion will occur within 48 hours. 
    1516
    16 At this point all information about your account will be immediately deleted.”
     17At any point before the delete occurs you can return to this page and cancel the scheduled deletion.
    1718}}}
    1819Once the user provides their password, an email is sent to the user with a link that is similar to:
     
    2122<base_url>/confirm_delete_account.php?userid=<userid>&token=<token>
    2223}}}
    23 When they click on the link they will be taken to a page that asks them if they are sure that they want to delete their account.  They must re-enter their password and click the button that says "delete account" in order to have there account deleted.  The account will be immediately deleted at this point and the user will be redirected to the project's home page.
     24When they click on the link they will be taken to a page that asks them if they are sure that they want to delete their account.  They must re-enter their password and click the button that says "delete account" in order to have there account deleted.  They will be informed that their account has been scheduled to be deleted within the next 48 hours.
    2425
    2526If the user returns to the request_delete_account.php while they have an active token, the page will ask them to check their email for the email that was sent and then provide them with an option to generate a new email if they cannot find the first one.  This will again require the user to enter their password to generate the email.
     27
     28If the user returns to the request_delete_account.php while the delete is scheduled they will see a message that states that there account is scheduled to be deleted but that they can cancel the deletion by clicking a button.
    2629
    2730== Technical Implementation ==
     
    4649 * public_cross_project_id varchar(254) not null
    4750 * delete_time not null default unix_timestamp()
     51
     52=== Altered Tables ===
     53user
     54 * delete_request_time int nullable
    4855
    4956=== Token Generation ===
     
    95102}}}
    96103
    97 We are proposing this is changed to
     104We are proposing this is changed to so that users that remain continue to be exported in users.xml as before.  However, users who have been deleted will no longer be exported in this file.
    98105
    99106{{{
     
    109116 <teamid>118</teamid>
    110117</user>
     118}}}
     119However, there will also be a new file created called user_deleted.xml that contains a list of users who have been deleted.
     120{{{
    111121<user>
    112122 <id>13384</id>
    113123 <cpid>a09031094836310f043f0ff8bcfca355</cpid>
    114  <deleted/>
    115124</user>
    116125}}}
    117126
    118 The deleted tag being used to signify those records that must be deleted from the downstream system.  The db_dump utility would first export records from the user table and then export records from the user_deleted table to generate these records.
     127The user_deleted file indicates those users that must be deleted from the downstream system.  The db_dump utility would first export records from the user table and then export records from the user_deleted table to generate these two files.
    119128
    120 The host.xml will be changed similarly so that a record for a host that has been deleted would look like:
     129Hosts would be handled similarly where the existing host.xml would only contain those hosts that still exist on the host table and that host_deleted.xml would contain those that were deleted and would look like:
    121130
    122131{{{
     
    124133    <id>884</id>
    125134    <host_cpid>36e9d265f8fe553bedbbef1cd21a6182</host_cpid>
    126     <deleted/>
    127135</host>
    128136}}}
    129137
    130 This portion of db_dump would pull from host and then from host_deleted to collect the data.
     138This portion of db_dump would pull from host and then from host_deleted to create the files.
     139
     140=== confirm_delete_account_action.php ===
     141On the confirm_delete_account.php page, then token should be included as a hidden field. The confirm_delete_account_action.php page that receives the request should validate both the users password and the users token before processing. Only if both are valid should this occur.  If they are both valid, then the user.delete_request_time will be set to unix_timestamp().
     142
    131143
    132144=== delete_account.php ===
    133 The delete of the account is final and is not recoverable in anyway.  On the confirm_delete_account.php page, then token should be included as a hidden field.  The delete_account.php page that receives the request should validate both the users password and the users token before allowing the delete to proceed.  Only if both are valid should this occur.
     145The delete of the account is final and is not recoverable in anyway.  The delete_account.php script would be a script that runs once a day that seeks user records that have a value of delete_request_time < unix_timestamp() - 24*3600 and delete_request_time > 0 (in case for some reason a 0 gets inserted instead of null).
    134146
    135 The delete will consist of the following actions:
     147For each user identified, the delete_account.php will consist of the following actions:
    136148 * An entry will be inserted into the user_deleted table
    137  * An entry will be inserted into the host_deleted table for each host record the user has
     149 * An entry will be inserted into the host_deleted table for each host record the user has.
    138150 * All entries  for the user will be deleted from the following tables:
    139151   * badge_user