Clear unsubscribe token on user deactivation (#4328)

* update user info scrubber to nil out unsubscribe_token

* add rake task to scrub unsubscribe token of already deactivated users

app/models/user.rb

@@ -50,7 +50,7 @@ class User < ApplicationRecord
   validates :login, presence: true, format: { with: USER_LOGIN_REGEX }
   validates_uniqueness_of :login, case_sensitive: false
   validates :display_name, presence: true
-  validates :unsubscribe_token, presence: true, uniqueness: true
+  validates :unsubscribe_token, presence: true, uniqueness: true, on: :create
   validates_inclusion_of :valid_email, in: [true, false], message: "must be true or false"
 
   validates_with IdentityGroupNameValidator

lib/tasks/user.rake

@@ -11,6 +11,14 @@ namespace :user do
     end
   end
 
+  desc 'Scrub unsubscribe_token of deactivated users'
+  task scrub_inactive_user_unsubscribe_token: :environment do
+    User.where(activated_state: 'inactive').select(:id).find_in_batches do |users|
+      ids = users.map(&:id)
+      User.where(id: ids).update_all(unsubscribe_token: nil)
+    end
+  end
+
   desc 'Backfill UX testing emails comms field in batches'
   task backfill_ux_testing_email_field: :environment do
     User.select(:id).find_in_batches do |users|

lib/user_info_scrubber.rb

@@ -29,6 +29,7 @@ def self.scrub_details(user)
     user.valid_email = false
     user.private_profile = true
     user.api_key = nil
+    user.unsubscribe_token = nil
     user.tsv = nil
     user.save!
     user

spec/lib/user_info_scrubber_spec.rb

@@ -33,6 +33,10 @@ def scrub_user_details(user)(user)
         expect { described_class.scrub_personal_info!(user) }.to change(user, :credited_name).to(nil)
       end
 
+      it 'scrubs the unsubscribe_token' do
+        expect { described_class.scrub_personal_info!(user) }.to change(user, :unsubscribe_token).to(nil)
+      end
+
       it 'scrubs the encrypted_password' do
         expect { described_class.scrub_personal_info!(user) }.to change(user, :encrypted_password)
       end