Warn users and delete user accounts after period of inactivity

[Anuj-Gupta4]

What type of PR is this? (check all applicable)

• 🍕 Feature
• 🐛 Bug Fix
• 📝 Documentation
• 🧑‍💻 Refactor
• ✅ Test
• 🤖 Build or CI
• ❓ Other (please specify)

Related Issue

• Related to: GDPR Compliance: warn users their account will be deleted after two years inactivity #1999

Describe this PR

added a new field to track users last active date based on login in users table
added a task endpoint to warn users before deletion and delete users if the inactivity threshold has been met.

Checklist before requesting a review

• 📖 Read the FMTM Contributing Guide: https://github.com/hotosm/fmtm/blob/main/CONTRIBUTING.md
• 📖 Read the HOT Code of Conduct: https://docs.hotosm.org/code-of-conduct
• 👷‍♀️ Create small PRs. In most cases, this will be possible.
• ✅ Provide tests for your changes.
• 📝 Use descriptive commit messages.
• 📗 Update any related documentation and include any relevant screenshots.

[optional] What gif best describes this PR or how it makes you feel?

[Anuj-Gupta4]

We will probably need a scheduler to be able to periodically warn and delete inactive users.

[spwoodcock]

If we add a db connection on each login_required call, I think this means the update is done for every single endpoint called.

Instead, would it be better to add this logic to the /me endpoint only, when the login details are retreived (on first page load)?

Could you simply add to the select SQL .one logic something like UPDATE users SET last_login_at = NOW() WHERE id = %(user_id)s;

[spwoodcock]

You could probably merge this into the existing logic, adding a RETURNING clause to get the user after update

[Sujanadh]

add migration in fmtm_base_schema as well

[spwoodcock]

Excellent work! 🎉

Note to self: needs a cron to run this as a final step, but for now the admin calling the endpoint periodically also works