[Security] Sync security improvements: Delete account

[AlexeyBarabash]

A user who wants to stop using Sync should have the ability to delete their encrypted data from our server. Next to the “Leave Sync chain” button at the bottom of the page, we should have a “Delete Sync account” button. It would trigger the following confirmation dialog:

   Deleting your account will remove your encrypted data from Brave servers and 
   disable Sync on all of your connected devices. 
   It will not however delete the data that is stored locally on those devices.
   This deletion is permanent and there is no way to recover the data. Should you decide to 
   start using Sync again, you will need to create a new account and re-add each device one by one.
         [ Permanently delete account ] [ Cancel ]

Spec: https://docs.google.com/document/d/1X7glDHmeIjgipcPWn__S9rSxrI39P9rNw0RmuEuC3BI/edit#heading=h.f9zbg4b885l

[stephendonner]

Verification PASSED using

Brave	1.48.125 Chromium: 109.0.5414.87 (Official Build) beta (x86_64)
Revision	2dc18eb511c56e012081b4abc9e38c81c885f7d4-refs/branch-heads/5414@{#1241}
OS	macOS Version 11.7.2 (Build 20G1020)

Case A: Initial case - PASSED

1. installed 1.48.125
2. launched Brave
3. created the sync chain between desktop deviceA (macOS) and deviceB (Win 10)
4. kept the Sync settings page opened on both A and B
5. on deviceA, pressed the Delete Sync account button
6. confirmed deviceB's sync state was also reset
7. confirmed I did not see the informer

deviceA	deviceB	deviceA	deviceA	deviceB

Case B: Infobar on 2nd device - PASSED

1. new profile
2. create the sync chain
3. on deviceB: close tab brave://settings/braveSync/setup, close browser app
4. on deviceA, pressed Delete Sync account, agreed with warning
5. opened browser on deviceB

Confirmed I saw the info bar on deviceB

Confirmed re-create the account opened brave://settings/BraveSync/setup in a new tab

Confirmed OK dismissed the infobar

Confirmed Sync data/state on deviceB was wiped/reset

deviceA	deviceB	deviceA	deviceA	deviceB	deviceB

Case C: Deny entry to deleted sync chains - PASSED

1. new profile
2. created a sync chain
3. copied the sync code to the clipboard
4. deleted the sync account
5. tried to re-enter the chain with the copied sync words

Confirmed I saw the Could not join this sync chain. Account was deleted. error message

example	example	example	example	example	example	example

Case D: Upgrade Delete Sync Account - PASSED

1. install 1.47.177 on deviceA
2. create a sync chain for desktop deviceA () and deviceB ()
3. close Brave for deviceA
4. launch Brave with 1.48.137 for deviceA
5. click Delete Sync Account
6. clicked Permanently delete account
7. confirmed deviceB's sync state was also reset
8. confirmed no message is shown on deviceB

deviceA	deviceB	deviceA (1.47.177)	deviceA (1.48.137)	deviceA	deviceB

Case E: Upgrade infobar on 2nd device - PASSED

(continued from Case D)

9. launched Brave on deviceB
10. confirmed the re-create the account link and messaging on the Sync infobar

[MadhaviSeelam]

Verification PASSED using

Brave | 1.48.131 Chromium: 109.0.5414.87 (Official Build) beta (64-bit)
-- | --
Revision | 2dc18eb511c56e012081b4abc9e38c81c885f7d4-refs/branch-heads/5414@{#1241}
OS | Windows 11 Version 21H2 (Build 22000.1455)

New Install

Case 1: Initial case - Delete Sync account - PASSED

1. installed 1.48.131
2. launched Brave
3. created the sync chain between desktop deviceA (Win 11 x64) and deviceB (Win 11 ARM)
4. kept the Sync settings page opened on both A and B
5. on deviceA, pressed the Delete Sync account button at the bottom of the page
6. click Permanently delete account button
7. Account deletion is in progress.. modal is displayed
8. confirmed deviceB's sync state was also reset
9. confirmed I did not see the informer on device B

deviceA	deviceB	deviceA	deviceA	deviceA	deviceB

Case 2: Infobar on 2nd device - re-create the account - PASSED

1. new profile
2. create the sync chain
3. on deviceB: close tab brave://settings/braveSync/setup, close browser app
4. on deviceA, pressed Delete Sync account, agreed with warning
5. opened browser on deviceB

Confirmed I saw the info bar on deviceB

Confirmed re-create the account opened brave://settings/BraveSync/setup in a new tab

Confirmed OK dismissed the infobar

Confirmed Sync data/state on deviceB was wiped/reset

deviceA	deviceB	deviceA	deviceA	deviceB	deviceB

Case 3: Deny entry to deleted sync chains - Could not join this sync chain message - PASSED

1. new profile
2. created a sync chain
3. copied the sync code to the clipboard
4. deleted the sync account
5. tried to re-enter the chain with the copied sync words

Confirmed I saw the Could not join this sync chain. Account was deleted. error message

example	example	example	example	example	example

Case 5: Windows Desktop --> Android - Delete Sync account - PASSED

1. New profile
2. create the sync chain between Win desktop and Android 12 device
3. kept the Sync settings page opened on both Win desktop and Android
4. on Win desktop, pressed the Delete Sync account button at the bottom of the page
5. click Permanently delete account button
6. Account deletion is in progress.. modal is displayed
7. confirmed `Android's sync state was also reset
8. confirmed I did not see the informer on Android

ex1	ex2	ex3	ex4	ex5	ex6

Upgrade

Case 1: Upgrade - Delete Sync Account - PASSED

1. Install 1.47.177 for device A
2. create a sync chain for desktop deviceA (Win 11 x64) and deviceB (Win 11 xARM)
3. close Brave for device A
4. launch Brave with 1.48.132 for device A
5. click Delete Sync Account
6. clicked Permanently delete account
7. confirmed deviceB's sync state was also reset
8. confirmed no message is shown on device B

step 1	step 2	step 4	step 5	step 7	step 8

Case 2: Upgrade Infobar on 2nd device - re-create the account - PASSED

1. Install 1.47.177 for device A
2. install 1.48.132fordevice B`
3. create a sync chain for desktop deviceA (Win 11 x64) and deviceB (Win ARM)
4. on deviceA: close tab brave://settings/braveSync/setup, close browser app
5. click Delete Sync Account on device B
6. clicked Permanently delete account
7. confirmed deviceB's sync state was reset
8. re-launch Brave with 1.48.132 for device A

• Confirmed I saw the info bar on deviceA

• Confirmed re-create the account opened brave://settings/BraveSync/setup in a new tab

• Confirmed OK dismissed the infobar

• Confirmed Sync data/state on deviceA was wiped/reset

step 1	step 2	step 3a	step 3b	step 6	step 7	step 8	result

[MadhaviSeelam]

Verification PASSED using

Brave | 1.48.132 Chromium: 109.0.5414.87 (Official Build) beta (64-bit)
-- | --
Revision | 2dc18eb511c56e012081b4abc9e38c81c885f7d4-refs/branch-heads/5414@{#1241}
OS | Linux

New Install

Case 1: Initial case - Delete Sync account - PASSED

1. installed 1.48.131
2. launched Brave
3. created the sync chain between desktop deviceA (Linux) and deviceB (Win 11 x64)
4. kept the Sync settings page opened on both A and B
5. on deviceA, pressed the Delete Sync account button at the bottom of the page
6. click Permanently delete account button
7. Account deletion is in progress.. modal is displayed
8. confirmed deviceB's sync state was also reset
9. confirmed I did not see the informer message on device B

deviceA	deviceB	deviceA	deviceA	deviceA	deviceB

Case 2: Infobar on 2nd device - re-create the account - PASSED

1. new profile
2. create a sync chain in deviceA (Linux) and deviceB (Win 11 x64)
3. on deviceA: close tab brave://settings/braveSync/setup, close browser app
4. click Delete Sync Account on device B
5. clicked Permanently delete account
6. opened browser on deviceA

• Confirmed I saw the info bar on deviceA

• Confirmed re-create the account opened brave://settings/BraveSync/setup in a new tab

• Confirmed OK dismissed the infobar

• Confirmed Sync data/state on deviceA was wiped/reset

deviceA	deviceB	deviceB	deviceB	deviceA	deviceA

Case 3: Deny entry to deleted sync chains - Could not join this sync chain message - PASSED

1. new profile
2. created a sync chain Profile 1 and Profile 2
3. copied the sync code to the clipboard
4. deleted the sync account
5. tried to re-enter the chain with the copied sync words

Confirmed I saw the Could not join this sync chain. Account was deleted. error message

Profile 1	Profile 2	example	example	example	example

Upgrade

Case 1: Upgrade - Delete Sync Account - PASSED

1. Install 1.47.177 for device A
2. install 1.48.132fordevice B`
3. create a sync chain for desktop deviceA (Linux) and deviceB (Win 11 x64)
4. on device A: close tab brave://settings/braveSync/setup, close browser app
5. re-launch Brave with 1.48.132 for device A
6. kept the Sync settings page opened on both A and B
7. click Delete Sync Account
8. clicked Permanently delete account
9. confirmed deviceB's sync state was also reset
10. confirmed no message is shown on device B

step 1	step 2	step 3a	step3b	step 5	step 8	step 9	step 10

Case 2: Infobar on 2nd device - re-create the account - PASSED

1. Install 1.47.177 for device A
2. install 1.48.132fordevice B`
3. create a sync chain for desktop deviceA (Linux) and deviceB (Win 11 x64)
4. on deviceA: close tab brave://settings/braveSync/setup, close browser app
5. click Delete Sync Account on device B
6. clicked Permanently delete account
7. confirmed deviceB's sync state was reset
8. re-launch Brave with 1.48.132 for device A

• Confirmed I saw the info bar on deviceA

• Confirmed re-create the account opened brave://settings/BraveSync/setup in a new tab

• Confirmed OK dismissed the infobar

• Confirmed Sync data/state on deviceA was wiped/reset

step 1	step 2	step 3a	step 3b	step 6	step 7	step 8	result

[stephendonner]

Verification PASSED using Brave 1.48.141 Chromium 109.0.5414.119 on a Google Pixel XL (arm64) running Android 9

Android <-----> Desktop

Case A - Initial case for delete Sync account on Android - PASSED

1. created the sync chain on macOS
2. connected the Android device with a QR code
3. tapped Delete Sync Account

Confirmed on Android I was returned to the Sync Setup screen

Confirmed on Desktop I was also not in the sync chain

example	example	example	example	example	example

Case B - Android can't enter deleted sync chain with code words - PASSED

1. created the sync chain on Android
2. copied sync words
3. tapped Delete Sync account and confirmed
4. tried to Join the sync chain with the code words step 2

Confirmed error message: Could not join this sync chain. Account was deleted.

example	example	example	example	example	example

Case C - Android can't enter deleted sync account with QR code - PASSED

1. created the sync chain on Desktop
2. displayed the QR code and took a screenshot
3. deleted the sync chain from Desktop
4. on Android, tried to enter the sync chain by scanning the QR code in the screenshot

Confirmed error message: Could not join this sync chain. Account was deleted.

example	example	example	example	example	example	example

Case D - Android shows informer when its sync chain is deleted from another device - PASSED

1. created the sync chain on Desktop
2. Joined the sync chain from Android
3. quit browser app on Android
4. deleted the sync chain from Desktop browser
5. launched browser on Android
6. expected to see the informer: This Brave Sync account was deleted from other device. If you didn't mean to remove the Sync, re-create the account
7. tapped re-create the account - expected to be on Sync Setup screen

Confirmed re-create the account informer appears and goes Brave Sync setup screen

Confirmed tapping OK dismisses the dialog

Desktop

example	example	example	example	example	example	example

Android

example	example	example	example	example

[ghazayel]

I tried that option a couple of times (because problem with syncing devices), and I keep on getting stuck at "Account deletion is in progress"