Add DELETE /api/mailboxes/:mailbox_id

2020-05-23 16:18:12 +02:00 · 2020-05-23 16:18:12 +02:00 · 5ae39c85c6
parent 722bff319e
commit 5ae39c85c6
3 changed files with 78 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1177,6 +1177,18 @@ Output:
    - default: whether is the default mailbox. User cannot delete the default mailbox
 - 400 with error message otherwise. The error message can be displayed to user.

+#### DELETE /api/mailboxes/:mailbox_id
+
+Delete a mailbox. User cannot delete the default mailbox
+
+Input:
+- `Authentication` header that contains the api key
+- `mailbox_id`: in url
+
+Output:
+- 200 if deleted successfully
+- 400 if error
+

 ### Contact endpoints

--- a/app/api/views/mailbox.py
+++ b/app/api/views/mailbox.py
@ -56,3 +56,30 @@ def create_mailbox():
            ),
            201,
        )
+
+
+@api_bp.route("/mailboxes/<mailbox_id>", methods=["DELETE"])
+@cross_origin()
+@require_api_auth
+def delete_mailbox(mailbox_id):
+    """
+    Delete mailbox
+    Input:
+        mailbox_id: in url
+    Output:
+        200 if deleted successfully
+
+    """
+    user = g.user
+    mailbox = Mailbox.get(mailbox_id)
+
+    if not mailbox or mailbox.user_id != user.id:
+        return jsonify(error="Forbidden"), 403
+
+    if mailbox.id == user.default_mailbox_id:
+        return jsonify(error="You cannot delete the default mailbox"), 400
+
+    Mailbox.delete(mailbox_id)
+    db.session.commit()
+
+    return jsonify(deleted=True), 200
--- a/tests/api/test_mailbox.py
+++ b/tests/api/test_mailbox.py
@ -29,3 +29,42 @@ def test_create_mailbox(flask_client):
    assert r.json["default"] is False


+def test_delete_mailbox(flask_client):
+    user = User.create(
+        email="a@b.c", password="password", name="Test User", activated=True
+    )
+    db.session.commit()
+
+    # create api_key
+    api_key = ApiKey.create(user.id, "for test")
+    db.session.commit()
+
+    # create a mailbox
+    mb = Mailbox.create(user_id=user.id, email="mb@gmail.com")
+    db.session.commit()
+
+    r = flask_client.delete(
+        url_for("api.delete_mailbox", mailbox_id=mb.id),
+        headers={"Authentication": api_key.code},
+    )
+
+    assert r.status_code == 200
+
+
+def test_delete_default_mailbox(flask_client):
+    user = User.create(
+        email="a@b.c", password="password", name="Test User", activated=True
+    )
+    db.session.commit()
+
+    # create api_key
+    api_key = ApiKey.create(user.id, "for test")
+    db.session.commit()
+
+    # assert user cannot delete the default mailbox
+    r = flask_client.delete(
+        url_for("api.delete_mailbox", mailbox_id=user.default_mailbox_id),
+        headers={"Authentication": api_key.code},
+    )
+
+    assert r.status_code == 400