From 5ae39c85c66fed6773b0f94f6e8498e9509312f9 Mon Sep 17 00:00:00 2001
From: Son NK <>
Date: Sat, 23 May 2020 16:18:12 +0200
Subject: [PATCH] Add DELETE /api/mailboxes/:mailbox_id

---
 README.md                 | 12 ++++++++++++
 app/api/views/mailbox.py  | 27 +++++++++++++++++++++++++++
 tests/api/test_mailbox.py | 39 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 78 insertions(+)

diff --git a/README.md b/README.md
index a0520e13..60d2f958 100644
--- a/README.md
+++ b/README.md
@@ -1177,6 +1177,18 @@ Output:
     - default: whether is the default mailbox. User cannot delete the default mailbox
 - 400 with error message otherwise. The error message can be displayed to user.
 
+#### DELETE /api/mailboxes/:mailbox_id
+
+Delete a mailbox. User cannot delete the default mailbox
+
+Input:
+- `Authentication` header that contains the api key
+- `mailbox_id`: in url
+
+Output:
+- 200 if deleted successfully
+- 400 if error
+
 
 ### Contact endpoints
 
diff --git a/app/api/views/mailbox.py b/app/api/views/mailbox.py
index faa68604..81d25828 100644
--- a/app/api/views/mailbox.py
+++ b/app/api/views/mailbox.py
@@ -56,3 +56,30 @@ def create_mailbox():
             ),
             201,
         )
+
+
+@api_bp.route("/mailboxes/<mailbox_id>", methods=["DELETE"])
+@cross_origin()
+@require_api_auth
+def delete_mailbox(mailbox_id):
+    """
+    Delete mailbox
+    Input:
+        mailbox_id: in url
+    Output:
+        200 if deleted successfully
+
+    """
+    user = g.user
+    mailbox = Mailbox.get(mailbox_id)
+
+    if not mailbox or mailbox.user_id != user.id:
+        return jsonify(error="Forbidden"), 403
+
+    if mailbox.id == user.default_mailbox_id:
+        return jsonify(error="You cannot delete the default mailbox"), 400
+
+    Mailbox.delete(mailbox_id)
+    db.session.commit()
+
+    return jsonify(deleted=True), 200
diff --git a/tests/api/test_mailbox.py b/tests/api/test_mailbox.py
index 5751c65b..06733092 100644
--- a/tests/api/test_mailbox.py
+++ b/tests/api/test_mailbox.py
@@ -29,3 +29,42 @@ def test_create_mailbox(flask_client):
     assert r.json["default"] is False
 
 
+def test_delete_mailbox(flask_client):
+    user = User.create(
+        email="a@b.c", password="password", name="Test User", activated=True
+    )
+    db.session.commit()
+
+    # create api_key
+    api_key = ApiKey.create(user.id, "for test")
+    db.session.commit()
+
+    # create a mailbox
+    mb = Mailbox.create(user_id=user.id, email="mb@gmail.com")
+    db.session.commit()
+
+    r = flask_client.delete(
+        url_for("api.delete_mailbox", mailbox_id=mb.id),
+        headers={"Authentication": api_key.code},
+    )
+
+    assert r.status_code == 200
+
+
+def test_delete_default_mailbox(flask_client):
+    user = User.create(
+        email="a@b.c", password="password", name="Test User", activated=True
+    )
+    db.session.commit()
+
+    # create api_key
+    api_key = ApiKey.create(user.id, "for test")
+    db.session.commit()
+
+    # assert user cannot delete the default mailbox
+    r = flask_client.delete(
+        url_for("api.delete_mailbox", mailbox_id=user.default_mailbox_id),
+        headers={"Authentication": api_key.code},
+    )
+
+    assert r.status_code == 400