Admin API to delete user emails

Author: sandhose

crates/handlers/src/admin/v1/mod.rs

@@ -86,7 +86,8 @@ where
         )
         .api_route(
             "/user-emails/{id}",
-            get_with(self::user_emails::get, self::user_emails::get_doc),
+            get_with(self::user_emails::get, self::user_emails::get_doc)
+                .delete_with(self::user_emails::delete, self::user_emails::delete_doc),
         )
         .api_route(
             "/user-sessions",

crates/handlers/src/admin/v1/user_emails/delete.rs

@@ -0,0 +1,141 @@
+// Copyright 2025 New Vector Ltd.
+//
+// SPDX-License-Identifier: AGPL-3.0-only
+// Please see LICENSE in the repository root for full details.
+
+use aide::{transform::TransformOperation, NoApi, OperationIo};
+use axum::{response::IntoResponse, Json};
+use hyper::StatusCode;
+use mas_storage::{
+    queue::{ProvisionUserJob, QueueJobRepositoryExt as _},
+    BoxRng,
+};
+use ulid::Ulid;
+
+use crate::{
+    admin::{call_context::CallContext, params::UlidPathParam, response::ErrorResponse},
+    impl_from_error_for_route,
+};
+
+#[derive(Debug, thiserror::Error, OperationIo)]
+#[aide(output_with = "Json<ErrorResponse>")]
+pub enum RouteError {
+    #[error(transparent)]
+    Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
+
+    #[error("User email ID {0} not found")]
+    NotFound(Ulid),
+}
+
+impl_from_error_for_route!(mas_storage::RepositoryError);
+
+impl IntoResponse for RouteError {
+    fn into_response(self) -> axum::response::Response {
+        let error = ErrorResponse::from_error(&self);
+        let status = match self {
+            Self::Internal(_) => StatusCode::INTERNAL_SERVER_ERROR,
+            Self::NotFound(_) => StatusCode::NOT_FOUND,
+        };
+        (status, Json(error)).into_response()
+    }
+}
+
+pub fn doc(operation: TransformOperation) -> TransformOperation {
+    operation
+        .id("deleteUserEmail")
+        .summary("Delete a user email")
+        .tag("user-email")
+        .response_with::<204, (), _>(|t| t.description("User email was found"))
+        .response_with::<404, RouteError, _>(|t| {
+            let response = ErrorResponse::from_error(&RouteError::NotFound(Ulid::nil()));
+            t.description("User email was not found").example(response)
+        })
+}
+
+#[tracing::instrument(name = "handler.admin.v1.user_emails.delete", skip_all, err)]
+pub async fn handler(
+    CallContext {
+        mut repo, clock, ..
+    }: CallContext,
+    NoApi(mut rng): NoApi<BoxRng>,
+    id: UlidPathParam,
+) -> Result<StatusCode, RouteError> {
+    let email = repo
+        .user_email()
+        .lookup(*id)
+        .await?
+        .ok_or(RouteError::NotFound(*id))?;
+
+    let job = ProvisionUserJob::new_for_id(email.user_id);
+    repo.user_email().remove(email).await?;
+
+    // Schedule a job to update the user
+    repo.queue_job().schedule_job(&mut rng, &clock, job).await?;
+
+    repo.save().await?;
+
+    Ok(StatusCode::NO_CONTENT)
+}
+
+#[cfg(test)]
+mod tests {
+    use hyper::{Request, StatusCode};
+    use sqlx::PgPool;
+    use ulid::Ulid;
+
+    use crate::test_utils::{setup, RequestBuilderExt, ResponseExt, TestState};
+    #[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
+    async fn test_delete(pool: PgPool) {
+        setup();
+        let mut state = TestState::from_pool(pool).await.unwrap();
+        let token = state.token_with_scope("urn:mas:admin").await;
+        let mut rng = state.rng();
+
+        // Provision a user and an email
+        let mut repo = state.repository().await.unwrap();
+        let alice = repo
+            .user()
+            .add(&mut rng, &state.clock, "alice".to_owned())
+            .await
+            .unwrap();
+        let mas_data_model::UserEmail { id, .. } = repo
+            .user_email()
+            .add(
+                &mut rng,
+                &state.clock,
+                &alice,
+                "[email protected]".to_owned(),
+            )
+            .await
+            .unwrap();
+
+        repo.save().await.unwrap();
+
+        let request = Request::delete(format!("/api/admin/v1/user-emails/{id}"))
+            .bearer(&token)
+            .empty();
+        let response = state.request(request).await;
+        response.assert_status(StatusCode::NO_CONTENT);
+
+        // Verify that the email was deleted
+        let request = Request::get(format!("/api/admin/v1/user-emails/{id}"))
+            .bearer(&token)
+            .empty();
+        let response = state.request(request).await;
+        response.assert_status(StatusCode::NOT_FOUND);
+    }
+
+    #[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]
+    async fn test_not_found(pool: PgPool) {
+        setup();
+        let mut state = TestState::from_pool(pool).await.unwrap();
+        let token = state.token_with_scope("urn:mas:admin").await;
+
+        let email_id = Ulid::nil();
+        let request = Request::delete(format!("/api/admin/v1/user-emails/{email_id}"))
+            .bearer(&token)
+            .empty();
+        let response = state.request(request).await;
+        response.assert_status(StatusCode::NOT_FOUND);
+    }
+}

crates/handlers/src/admin/v1/user_emails/get.rs

@@ -24,7 +24,7 @@ pub enum RouteError {
     #[error(transparent)]
     Internal(Box<dyn std::error::Error + Send + Sync + 'static>),
 
-    #[error("OAuth 2.0 session ID {0} not found")]
+    #[error("User email ID {0} not found")]
     NotFound(Ulid),
 }
 
@@ -62,15 +62,13 @@ pub async fn handler(
     CallContext { mut repo, .. }: CallContext,
     id: UlidPathParam,
 ) -> Result<Json<SingleResponse<UserEmail>>, RouteError> {
-    let session = repo
+    let email = repo
         .user_email()
         .lookup(*id)
         .await?
         .ok_or(RouteError::NotFound(*id))?;
 
-    Ok(Json(SingleResponse::new_canonical(UserEmail::from(
-        session,
-    ))))
+    Ok(Json(SingleResponse::new_canonical(UserEmail::from(email))))
 }
 
 #[cfg(test)]
@@ -142,8 +140,8 @@ mod tests {
         let mut state = TestState::from_pool(pool).await.unwrap();
         let token = state.token_with_scope("urn:mas:admin").await;
 
-        let session_id = Ulid::nil();
-        let request = Request::get(format!("/api/admin/v1/user-emails/{session_id}"))
+        let email_id = Ulid::nil();
+        let request = Request::get(format!("/api/admin/v1/user-emails/{email_id}"))
             .bearer(&token)
             .empty();
         let response = state.request(request).await;

crates/handlers/src/admin/v1/user_emails/mod.rs

@@ -3,10 +3,12 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 // Please see LICENSE in the repository root for full details.
 
+mod delete;
 mod get;
 mod list;
 
 pub use self::{
+    delete::{doc as delete_doc, handler as delete},
     get::{doc as get_doc, handler as get},
     list::{doc as list_doc, handler as list},
 };

docs/api/spec.json

@@ -1521,7 +1521,48 @@
                 "example": {
                   "errors": [
                     {
-                      "title": "OAuth 2.0 session ID 00000000000000000000000000 not found"
+                      "title": "User email ID 00000000000000000000000000 not found"
+                    }
+                  ]
+                }
+              }
+            }
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "user-email"
+        ],
+        "summary": "Delete a user email",
+        "operationId": "deleteUserEmail",
+        "parameters": [
+          {
+            "in": "path",
+            "name": "id",
+            "required": true,
+            "schema": {
+              "title": "The ID of the resource",
+              "$ref": "#/components/schemas/ULID"
+            },
+            "style": "simple"
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "User email was found"
+          },
+          "404": {
+            "description": "User email was not found",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/ErrorResponse"
+                },
+                "example": {
+                  "errors": [
+                    {
+                      "title": "User email ID 00000000000000000000000000 not found"
                     }
                   ]
                 }