Merge pull request #9 from sander3/data-retention-feature

Data retention feature

Author: sander3

config/gdpr.php

@@ -29,4 +29,34 @@
         'auth',
     ],
 
+    /*
+    |--------------------------------------------------------------------------
+    | Cleanup Strategy
+    |--------------------------------------------------------------------------
+    |
+    | This strategy will be used to clean up inactive users. Do not forget to
+    | mention these thresholds in your terms and conditions.
+    |
+    */
+
+    'cleanup' => [
+
+        'strategy' => 'Soved\Laravel\Gdpr\Jobs\Cleanup\Strategies\DefaultStrategy',
+
+        'defaultStrategy' => [
+
+            /*
+             * The number of months for which inactive users must be kept.
+             */
+            'keepInactiveUsersForMonths' => 6,
+
+            /*
+             * The number of days before deletion at which inactive users will be notified.
+             */
+            'notifyUsersDaysBeforeDeletion' => 14,
+
+        ],
+
+    ],
+
 ];

readme.md

@@ -1,11 +1,11 @@
-# GDPR compliant data portability with ease
+# GDPR compliance with ease
 
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/sander3/laravel-gdpr/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/sander3/laravel-gdpr/?branch=master)
 [![Latest Stable Version](https://poser.pugx.org/soved/laravel-gdpr/v/stable)](https://packagist.org/packages/soved/laravel-gdpr)
 [![Monthly Downloads](https://poser.pugx.org/soved/laravel-gdpr/d/monthly)](https://packagist.org/packages/soved/laravel-gdpr)
 [![License](https://poser.pugx.org/soved/laravel-gdpr/license)](https://packagist.org/packages/soved/laravel-gdpr)
 
-This package exposes an endpoint where authenticated users can download their data as required by GDPR article 20.
+This package exposes an endpoint where authenticated users can download their data as required by GDPR article 20. This package also provides you with a trait to easily [encrypt personal data](#encryption) and a strategy to [clean up inactive users](#data-retention) as required by GDPR article 5e.
 
 ## Requirements
 
@@ -195,9 +195,34 @@ class User extends Authenticatable
 
 ```
 
+### Data Retention
+
+You may clean up inactive users using the `gdpr:cleanup` command. Schedule the command to run every day at midnight, or run it yourself. In order for this to work, add the `Soved\Laravel\Gdpr\Retentionable` trait to the `App\User` model:
+
+```php
+<?php
+
+namespace App;
+
+use Soved\Laravel\Gdpr\Portable;
+use Soved\Laravel\Gdpr\Retentionable;
+use Illuminate\Notifications\Notifiable;
+use Illuminate\Foundation\Auth\User as Authenticatable;
+
+class User extends Authenticatable
+{
+    use Retentionable, Portable, Notifiable;
+}
+
+```
+
+You may listen for the `Soved\Laravel\Gdpr\Events\GdprInactiveUser` event to notify your users about their inactivity, which will be dispatched two weeks before deletion. The `Soved\Laravel\Gdpr\Events\GdprInactiveUserDeleted` event will be dispatched upon deletion.
+
+Feel free to customize what happens to inactive users by creating your own cleanup strategy.
+
 ## Roadmap
 
-- Data retention
+- Tests
 
 ## Security Vulnerabilities
 

src/Console/Commands/Cleanup.php

@@ -0,0 +1,52 @@
+<?php
+
+namespace Soved\Laravel\Gdpr\Console\Commands;
+
+use App\User;
+use Illuminate\Console\Command;
+use Soved\Laravel\Gdpr\Jobs\Cleanup\CleanupJob;
+
+class Cleanup extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'gdpr:cleanup';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Cleanup inactive users';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        $config = config('gdpr');
+
+        $users = User::all();
+
+        $strategy = app($config['cleanup']['strategy']);
+
+        CleanupJob::dispatch($users, $strategy);
+
+        $this->info('CleanupJob dispatched');
+    }
+}

src/Events/GdprInactiveUser.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Soved\Laravel\Gdpr\Events;
+
+use App\User;
+use Illuminate\Queue\SerializesModels;
+
+class GdprInactiveUser
+{
+    use SerializesModels;
+
+    /**
+     * @var \App\User
+     */
+    public $user;
+
+    /**
+     * Create a new event instance.
+     *
+     * @param  \App\User  $user
+     * @return void
+     */
+    public function __construct(User $user)
+    {
+        $this->user = $user;
+    }
+}

src/Events/GdprInactiveUserDeleted.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Soved\Laravel\Gdpr\Events;
+
+use App\User;
+use Illuminate\Queue\SerializesModels;
+
+class GdprInactiveUserDeleted
+{
+    use SerializesModels;
+
+    /**
+     * @var \App\User
+     */
+    public $user;
+
+    /**
+     * Create a new event instance.
+     *
+     * @param  \App\User  $user
+     * @return void
+     */
+    public function __construct(User $user)
+    {
+        $this->user = $user;
+    }
+}

src/GdprServiceProvider.php

@@ -4,6 +4,7 @@
 
 use Illuminate\Support\Facades\Route;
 use Illuminate\Support\ServiceProvider;
+use Soved\Laravel\Gdpr\Console\Commands\Cleanup;
 
 class GdprServiceProvider extends ServiceProvider
 {
@@ -15,6 +16,7 @@ class GdprServiceProvider extends ServiceProvider
     public function boot()
     {
         $this->registerRoutes();
+        $this->registerCommands();
     }
 
     /**
@@ -33,6 +35,20 @@ protected function registerRoutes()
         });
     }
 
+    /**
+     * Register the GDPR commands.
+     *
+     * @return void
+     */
+    protected function registerCommands()
+    {
+        if ($this->app->runningInConsole()) {
+            $this->commands([
+                Cleanup::class,
+            ]);
+        }
+    }
+
     /**
      * Register the application services.
      *

src/Jobs/Cleanup/CleanupJob.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace Soved\Laravel\Gdpr\Jobs\Cleanup;
+
+use Illuminate\Bus\Queueable;
+use Illuminate\Queue\SerializesModels;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Database\Eloquent\Collection;
+
+class CleanupJob implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+    /**
+     * @var \Illuminate\Database\Eloquent\Collection
+     */
+    public $users;
+
+    /**
+     * @var
+     */
+    public $strategy;
+
+    /**
+     * Create a new job instance.
+     *
+     * @param  \Illuminate\Database\Eloquent\Collection  $users
+     * @param  \Soved\Laravel\Gdpr\Jobs\Cleanup\CleanupStrategy  $strategy
+     * @return void
+     */
+    public function __construct(
+        Collection $users,
+        CleanupStrategy $strategy
+    ) {
+        $this->users = $users;
+        $this->strategy = $strategy;
+    }
+
+    /**
+     * Execute the job.
+     *
+     * @return void
+     */
+    public function handle()
+    {
+        $this->strategy->execute($this->users);
+    }
+}

src/Jobs/Cleanup/CleanupStrategy.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace Soved\Laravel\Gdpr\Jobs\Cleanup;
+
+use Illuminate\Contracts\Config\Repository;
+use Illuminate\Database\Eloquent\Collection;
+
+abstract class CleanupStrategy
+{
+    /**
+     * @var \Illuminate\Contracts\Config\Repository
+     */
+    protected $config;
+
+    /**
+     * Create a new cleanup strategy instance.
+     *
+     * @param  \Illuminate\Contracts\Config\Repository  $config
+     * @return void
+     */
+    public function __construct(Repository $config)
+    {
+        $this->config = $config;
+    }
+
+    /**
+     * Execute cleanup strategy.
+     *
+     * @param  \Illuminate\Database\Eloquent\Collection  $users
+     * @return void
+     */
+    abstract public function execute(Collection $users);
+}

src/Jobs/Cleanup/Strategies/DefaultStrategy.php

@@ -0,0 +1,79 @@
+<?php
+
+namespace Soved\Laravel\Gdpr\Jobs\Cleanup\Strategies;
+
+use App\User;
+use Carbon\Carbon;
+use Illuminate\Database\Eloquent\Collection;
+use Soved\Laravel\Gdpr\Events\GdprInactiveUser;
+use Soved\Laravel\Gdpr\Jobs\Cleanup\CleanupStrategy;
+use Soved\Laravel\Gdpr\Events\GdprInactiveUserDeleted;
+
+class DefaultStrategy extends CleanupStrategy
+{
+    /**
+     * Execute cleanup strategy.
+     *
+     * @param  \Illuminate\Database\Eloquent\Collection  $users
+     * @return void
+     */
+    public function execute(Collection $users)
+    {
+        $config = $this->config->get('gdpr.cleanup.defaultStrategy');
+
+        // Users are considered inactive if their last activity is older than this timestamp
+        $inactivity = Carbon::now()
+            ->subMonths($config['keepInactiveUsersForMonths']);
+
+        $this->notifyInactiveUsers(
+            $inactivity,
+            $config['notifyUsersDaysBeforeDeletion'],
+            $users
+        );
+
+        $this->deleteInactiveUsers($inactivity, $users);
+    }
+
+    /**
+     * Notify inactive users about their deletion.
+     *
+     * @param  \Carbon\Carbon  $inactivity
+     * @param  int  $notificationThreshold
+     * @param  \Illuminate\Database\Eloquent\Collection  $users
+     * @return void
+     */
+    private function notifyInactiveUsers(
+        Carbon $inactivity,
+        int $notificationThreshold,
+        Collection $users
+    ) {
+        $users->filter(
+            function (User $user) use ($inactivity, $notificationThreshold) {
+                return $user->last_activity->diffInDays($inactivity)
+                    === $notificationThreshold;
+            }
+        )->each(function (User $user) {
+            event(new GdprInactiveUser($user));
+        });
+    }
+
+    /**
+     * Delete inactive users.
+     *
+     * @param  \Carbon\Carbon  $inactivity
+     * @param  \Illuminate\Database\Eloquent\Collection  $users
+     * @return void
+     */
+    private function deleteInactiveUsers(
+        Carbon $inactivity,
+        Collection $users
+    ) {
+        $users->filter(function (User $user) use ($inactivity) {
+            return $user->last_activity < $inactivity;
+        })->each(function (User $user) {
+            $user->delete();
+
+            event(new GdprInactiveUserDeleted($user));
+        });
+    }
+}