fix: redacting user retirement data in lms

ktyagiapphelix2u · ktyagiapphelix2u · commit a7cdaa6c2933 · 2026-01-20T05:22:26.000Z
diff --git a/openedx/core/djangoapps/user_api/accounts/tests/test_retirement_views.py b/openedx/core/djangoapps/user_api/accounts/tests/test_retirement_views.py
@@ -1084,6 +1084,7 @@ def test_simple_success(self):
         retirements = UserRetirementStatus.objects.all()
         assert retirements.count() == len(self.usernames)
         for retirement in retirements:
+            # All three fields should have the same redacted value
             assert retirement.original_username == 'redacted'
             assert retirement.original_email == 'redacted'
             assert retirement.original_name == 'redacted'
diff --git a/openedx/core/djangoapps/user_api/accounts/views.py b/openedx/core/djangoapps/user_api/accounts/views.py
@@ -1025,20 +1025,15 @@ def cleanup(self, request):
         ```
         {
             'usernames': ['user1', 'user2', ...],
-            'redacted_username': 'Value to store in original_username',
-            'redacted_email': 'Value to store in original_email',
-            'redacted_name': 'Value to store in original_name'
+            'redacted_value': 'Value to store in PII'
         }
         ```
 
-        Deletes a batch of retirement requests by username.
+        Redacts a batch of retirement requests by redacting PII fields and username.
         """
         try:
             usernames = request.data["usernames"]
-            # Caller-provided redacted values; default to a safe constant if omitted
-            redacted_username = request.data.get("redacted_username", "redacted")
-            redacted_email = request.data.get("redacted_email", "redacted")
-            redacted_name = request.data.get("redacted_name", "redacted")
+            redacted_value = request.data.get("redacted_value", "redacted")
 
             if not isinstance(usernames, list):
                 raise TypeError("Usernames should be an array.")
@@ -1053,11 +1048,11 @@ def cleanup(self, request):
                 raise UserRetirementStatus.DoesNotExist("Not all usernames exist in the COMPLETE state.")
 
             # Redact PII fields instead of deleting records to prevent ETL tools
-            # from creating soft deletes with visible PII in downstream data warehouses.
+            # from creating soft deletes with visible PII in downstream data warehouses
             for retirement in retirements:
-                retirement.original_username = redacted_username
-                retirement.original_email = redacted_email
-                retirement.original_name = redacted_name
+                retirement.original_username = redacted_value
+                retirement.original_email = redacted_value
+                retirement.original_name = redacted_value
                 retirement.save()
 
             return Response(status=status.HTTP_204_NO_CONTENT)
