Skip to content

πŸ”’ GDPR Vue β€” async export UI + hardened delete-account (password/OAuth branch)Β #4331

Description

@PierreBrisorgueil

Front-end for the two data-subject rights (async export + hardened erasure).

Scope β€” src/modules/users/views/user.profile.view.vue (+ small store/api touches if needed)

  • Export: "Request my data" β†’ POST /users/me/data/exports (202) β†’ status list (GET /users/me/data/exports, poll while pending/processing) β†’ "Download" when ready (GET /users/me/data/exports/:id, authenticated blob download). Show expiry.
  • Delete account: repoint from DELETE /users (route removed server-side) to DELETE /users/me/data. Confirm dialog branches by account type: password account β†’ password re-entry field; OAuth-only account β†’ "send confirmation code" flow (short-lived token from the confirm endpoint). Surface the erasure receipt (what was removed / what is retained and why) on success.
  • Nudge export-before-erase in the delete dialog (access-before-erasure best practice).
  • Optional: export/erasure-rights copy in the legal privacy template (incl. backup-retention window sentence).

DoD

  • /verify + build green.
  • /dev:verify-qa visual smoke of both flows against the running Node API (runtime-verify the real contract shape, not a self-authored mock).

Depends on: export+erasure controller, re-auth hardening, async export pipeline (the backend contract).

Created via /dev:issue Β· contract v2 2026-07-03

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions