User data retention/collision following SSO account deletion
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Software Center Agent |
New
|
Undecided
|
Unassigned | ||
Bug Description
Steps I performed to cause this:
1. Create an account on SSO with <email address hidden> and username pete-woods-buydemo
2. Add payment details on my.ubuntu.com
3. Buy app busybox
4. Delete SSO account
5. Create SSO account with email <email address hidden> and username pete-woods-buydemo2
* SSO claimed the username pete-woods-buydemo was already registered
6. Add payment details on my.ubuntu.com
7. Attempt to buy app busybox
* POST to /orders endpoint claimed the purchase was successful
* GET from /orders doesn't include busybox
8. Buying busybox2, however succeeds.
* This implies that both user account information from my first identity is not deleted
* And also that the second user account shared the same identity as the first account
For the things I think are problems I have put a * at the front. I would say that either the second user's account sharing the same email should either:
A. Start completely fresh, and be allowed to buy the same snaps again
B. Retain the same purchases
