PublicisSapient · kunalaski · Mar 24, 2026 · Mar 24, 2026 · Mar 24, 2026
@@ -43,6 +43,15 @@ public interface AuthenticationRepository
 	 */
 	Authentication findByUsername(String username);
 
+	/**
+	 * Find by username authentication.
+	 *
+	 * @param username the username
+	 * @param email the email
+	 * @return the authentication
+	 */
+	Authentication findByUsernameAndEmail(String username, String email);
+
 	/**
 	 * Find by email list.
 	 *

@@ -71,7 +71,7 @@ org.springframework.security.core.Authentication create(
 	void delete(ObjectId id);
 
 	/** Deletes an existing authentication instance */
-	void delete(String username);
+	void delete(String username, String email);
 
 	/**
 	 * @param username

@@ -147,8 +147,9 @@ public void delete(ObjectId id) {
 
 	/** {@inheritDoc} */
 	@Override
-	public void delete(String username) {
-		Authentication authentication = authenticationRepository.findByUsername(username);
+	public void delete(String username, String email) {
+		Authentication authentication =
+				authenticationRepository.findByUsernameAndEmail(username, email);
 		if (authentication != null) {
 			authenticationRepository.delete(authentication);
 		}

@@ -118,7 +118,7 @@ public interface UserInfoService {
 	 *
 	 * @param username username
 	 */
-	ServiceResponse deleteUser(String username, boolean centralAuthService);
+	ServiceResponse deleteUser(String username, String email, boolean centralAuthService);
 
 	List<UserInfo> getUserInfoByAuthType(String userType);
 

@@ -158,7 +158,7 @@ public Collection<UserInfoDTO> getUsers() {
 				userInfo -> {
 					Authentication auth = authMap.get(userInfo.getUsername());
 					if (auth != null) {
-						userInfo.setEmailAddress(auth.getEmail().toLowerCase());
+						// userInfo.setEmailAddress(auth.getEmail().toLowerCase());
 						if (!auth.isApproved()) {
 							nonApprovedUserList.add(userInfo);
 						}
@@ -401,10 +401,10 @@ private void addEmailForStandardAuthType(UserInfo userInfo) {
 	 * @param username username
 	 */
 	@Override
-	public ServiceResponse deleteUser(String username, boolean centralAuthService) {
+	public ServiceResponse deleteUser(String username, String email, boolean centralAuthService) {
 		try {
-			userInfoRepository.deleteByUsername(username);
-			authenticationService.delete(username);
+			userInfoRepository.deleteByUsernameAndEmailAddress(username, email);
+			authenticationService.delete(username, email);
 			userTokenDeletionService.invalidateSession(username);
 			userBoardConfigService.deleteUser(username);
 			if (centralAuthService) {

@@ -106,12 +106,13 @@ public ResponseEntity<ServiceResponse> deleteUser(
 			@Valid @RequestBody UserNameRequest userNameRequest) {
 		log.info("Inside deleteUser() method of UserInfoController ");
 		String userEmail = userNameRequest.getUserEmail();
+		String username = userNameRequest.getUsername();
 		String loggedUserName = authenticationService.getLoggedInUser();
-		UserInfo userInfo = userInfoRepository.findByEmailAddress(userEmail);
-		if ((!loggedUserName.equals(userEmail)
+		UserInfo userInfo = userInfoRepository.findByUsernameAndEmailAddress(username, userEmail);
+		if ((!loggedUserName.equals(username)
 				&& !userInfo.getAuthorities().contains(Constant.ROLE_SUPERADMIN))) {
-			accessRequestsRepository.deleteByUsername(userEmail);
-			ServiceResponse response = userInfoService.deleteUser(userEmail, false);
+			accessRequestsRepository.deleteByUsername(username);
+			ServiceResponse response = userInfoService.deleteUser(username, userEmail, false);
 			return ResponseEntity.status(HttpStatus.OK).body(response);
 		} else {
 			log.info("Unauthorized to perform deletion of user " + userEmail);
@@ -128,12 +129,13 @@ public ResponseEntity<ServiceResponse> deleteUserFromCentral(
 			@Valid @RequestBody UserNameRequest userNameRequest) {
 		log.info("Inside deleteUser() method of UserInfoController ");
 		String userName = userNameRequest.getUsername();
+		String email = userNameRequest.getUserEmail();
 		String loggedUserName = authenticationService.getLoggedInUser();
-		UserInfo userInfo = userInfoRepository.findByUsername(userName);
+		UserInfo userInfo = userInfoRepository.findByUsernameAndEmailAddress(userName, email);
 		if ((!loggedUserName.equals(userName)
 				&& !userInfo.getAuthorities().contains(Constant.ROLE_SUPERADMIN))) {
 			accessRequestsRepository.deleteByUsername(userName);
-			ServiceResponse response = userInfoService.deleteUser(userName, true);
+			ServiceResponse response = userInfoService.deleteUser(userName, email, true);
 			return ResponseEntity.status(HttpStatus.OK).body(response);
 		} else {
 			log.info("Unauthorized to perform deletion of user " + userName);

@@ -141,8 +141,8 @@ public void deleteAuthByIdTest() {
 
 	@Test
 	public void deleteAuthByUsernameTest() {
-		when(authRepo.findByUsername("Test")).thenReturn(authentication);
-		authService.delete("Test");
+		when(authRepo.findByUsernameAndEmail("Test", "test@mail")).thenReturn(authentication);
+		authService.delete("Test", "test@mail");
 		Assertions.assertNotNull(authentication);
 	}
 

@@ -385,7 +385,7 @@ public void validateUpdateUserRole_UserNotFound() {
 	 */
 	@Test
 	public void deleteUserTest() {
-		ServiceResponse result = service.deleteUser("testuser", false);
+		ServiceResponse result = service.deleteUser("testuser", "testUser", false);
 		assertTrue(result.getSuccess());
 	}
 

@@ -161,13 +161,15 @@ public void testupdateUserRole() throws Exception {
 	 */
 	@Test
 	public void testdeleteUser() throws Exception {
+		when(userNameRequest.getUsername()).thenReturn("testuser");
 		when(userNameRequest.getUserEmail()).thenReturn("testuser@abc.com");
 		when(authenticationService.getLoggedInUser()).thenReturn("SUPERADMIN");
-		when(userInfoRepository.findByEmailAddress("testuser@abc.com")).thenReturn(userInfo);
+		when(userInfoRepository.findByUsernameAndEmailAddress("testuser", "testuser@abc.com"))
+				.thenReturn(userInfo);
 		when(userInfo.getAuthorities()).thenReturn(authorities);
 		doReturn(new ServiceResponse(true, "Deleted Successfully", "Ok"))
 				.when(userInfoService)
-				.deleteUser("testuser@abc.com", false);
+				.deleteUser("testuser", "testuser@abc.com", false);
 		ServiceResponse response = userInfoController.deleteUser(userNameRequest).getBody();
 		assert response != null;
 		assertEquals(true, response.getSuccess());
@@ -180,9 +182,11 @@ public void testdeleteUser() throws Exception {
 	 */
 	@Test
 	public void testdeleteSuperAdminUser() {
+		when(userNameRequest.getUsername()).thenReturn("testuser");
 		when(userNameRequest.getUserEmail()).thenReturn("testuser@abc.com");
-		when(authenticationService.getLoggedInUser()).thenReturn("testuser@abc.com");
-		when(userInfoRepository.findByEmailAddress("testuser@abc.com")).thenReturn(userInfo);
+		when(authenticationService.getLoggedInUser()).thenReturn("testuser");
+		when(userInfoRepository.findByUsernameAndEmailAddress("testuser", "testuser@abc.com"))
+				.thenReturn(userInfo);
 		ServiceResponse response = userInfoController.deleteUser(userNameRequest).getBody();
 		assert response != null;
 		assertEquals(false, response.getSuccess());
@@ -212,9 +216,11 @@ public void testDelete_UserFromCentral() {
 	@Test
 	public void testDelete_UserFromCentralForSuperAdmin() {
 		when(userNameRequest.getUsername()).thenReturn("testuser");
+		when(userNameRequest.getUserEmail()).thenReturn("test@mail");
 		when(authenticationService.getLoggedInUser()).thenReturn("SUPERADMIN");
-		when(userInfoRepository.findByUsername("testuser")).thenReturn(userInfo);
-		when(userInfoService.deleteUser("testuser", true))
+		when(userInfoRepository.findByUsernameAndEmailAddress("testuser", "test@mail"))
+				.thenReturn(userInfo);
+		when(userInfoService.deleteUser("testuser", "test@mail", true))
 				.thenReturn(new ServiceResponse(true, "Deleted Successfully", "Ok"));
 		ServiceResponse response = userInfoController.deleteUserFromCentral(userNameRequest).getBody();
 		assert response != null;