users: asyncify and merge userdb.del

src/users.js

@@ -11,7 +11,7 @@ exports = module.exports = {
     verify,
     verifyWithUsername,
     verifyWithEmail,
-    remove,
+    del,
     get,
     getByResetToken,
     getByUsername,
@@ -314,20 +314,24 @@ function verifyWithEmail(email, password, identifier, callback) {
     });
 }
 
-function remove(user, auditSource, callback) {
+async function del(user, auditSource) {
     assert.strictEqual(typeof user, 'object');
     assert(auditSource && typeof auditSource === 'object');
-    assert.strictEqual(typeof callback, 'function');
 
-    if (settings.isDemo() && user.username === constants.DEMO_USERNAME) return callback(new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode'));
+    if (settings.isDemo() && user.username === constants.DEMO_USERNAME) throw new BoxError(BoxError.BAD_FIELD, 'Not allowed in demo mode');
 
-    userdb.del(user.id, function (error) {
-        if (error) return callback(error);
+    const queries = [];
+    queries.push({ query: 'DELETE FROM groupMembers WHERE userId = ?', args: [ user.id ] });
+    queries.push({ query: 'DELETE FROM tokens WHERE identifier = ?', args: [ user.id ] });
+    queries.push({ query: 'DELETE FROM appPasswords WHERE userId = ?', args: [ user.id ] });
+    queries.push({ query: 'DELETE FROM users WHERE id = ?', args: [ user.id ] });
 
-        eventlog.add(eventlog.ACTION_USER_REMOVE, auditSource, { userId: user.id, user: removePrivateFields(user) });
+    const [error, result] = await safe(database.transaction(queries));
+    if (error && error.code === 'ER_NO_REFERENCED_ROW_2') throw new BoxError(BoxError.NOT_FOUND, error);
+    if (error) throw error;
+    if (result[3].affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'User not found');
 
-        callback();
-    });
+    await safe(eventlog.add(eventlog.ACTION_USER_REMOVE, auditSource, { userId: user.id, user: removePrivateFields(user) }));
 }
 
 function getAll(callback) {