Merge changes I886a3844,I4b7661c1

* changes: Add test for deleting emails of other users Support deletion of emails in arbitrary external ID schemes
2017-02-10 08:45:00 +00:00 · 2017-02-10 08:45:00 +00:00 · 9204602888
commit 9204602888
parent 144a07d079 87a788d54b
2 changed files with 81 additions and 4 deletions
--- a/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/accounts/AccountIT.java
+++ b/gerrit-acceptance-tests/src/test/java/com/google/gerrit/acceptance/api/accounts/AccountIT.java
@ -441,6 +441,61 @@ public class AccountIT extends AbstractDaemonTest {
    assertThat(getEmails()).doesNotContain(email);
  }

+  @Test
+  public void deleteEmailFromCustomExternalIdSchemes() throws Exception {
+    String email = "foo.bar@example.com";
+    String extId1 = "foo:bar";
+    String extId2 = "foo:baz";
+    db.accountExternalIds()
+        .insert(
+            ImmutableList.of(
+                createExternalIdWithEmail(extId1, email),
+                createExternalIdWithEmail(extId2, email)));
+    accountCache.evict(admin.id);
+    assertThat(
+            gApi.accounts().self().getExternalIds().stream().map(e -> e.identity).collect(toSet()))
+        .containsAllOf(extId1, extId2);
+
+    // enforce a new request context so that emails that are cached in
+    // IdentifiedUser are reloaded
+    setApiUser(admin);
+    assertThat(getEmails()).contains(email);
+
+    gApi.accounts().self().deleteEmail(email);
+
+    // enforce a new request context so that emails that are cached in
+    // IdentifiedUser are reloaded
+    setApiUser(admin);
+    assertThat(getEmails()).doesNotContain(email);
+    assertThat(
+            gApi.accounts().self().getExternalIds().stream().map(e -> e.identity).collect(toSet()))
+        .containsNoneOf(extId1, extId2);
+  }
+
+  @Test
+  public void deleteEmailOfOtherUser() throws Exception {
+    String email = "foo.bar@example.com";
+    EmailInput input = new EmailInput();
+    input.email = email;
+    input.noConfirmation = true;
+    gApi.accounts().id(user.id.get()).addEmail(input);
+
+    setApiUser(user);
+    assertThat(getEmails()).contains(email);
+
+    // admin can delete email of user
+    setApiUser(admin);
+    gApi.accounts().id(user.id.get()).deleteEmail(email);
+
+    setApiUser(user);
+    assertThat(getEmails()).doesNotContain(email);
+
+    // user cannot delete email of admin
+    exception.expect(AuthException.class);
+    exception.expectMessage("not allowed to delete email address");
+    gApi.accounts().id(admin.id.get()).deleteEmail(admin.email);
+  }
+
  @Test
  public void putStatus() throws Exception {
    List<String> statuses = ImmutableList.of("OOO", "Busy");
@ -886,4 +941,10 @@ public class AccountIT extends AbstractDaemonTest {
  private Set<String> getEmails() throws RestApiException {
    return gApi.accounts().self().getEmails().stream().map(e -> e.email).collect(toSet());
  }
+
+  private AccountExternalId createExternalIdWithEmail(String id, String email) {
+    AccountExternalId extId = new AccountExternalId(admin.id, new AccountExternalId.Key(id));
+    extId.setEmailAddress(email);
+    return extId;
+  }
 }
--- a/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/DeleteEmail.java
@ -14,6 +14,8 @@

 package com.google.gerrit.server.account;

+import static java.util.stream.Collectors.toSet;
+
 import com.google.gerrit.extensions.client.AccountFieldName;
 import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.extensions.restapi.MethodNotAllowedException;
@ -31,6 +33,7 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import java.io.IOException;
+import java.util.Set;

@Singleton
 public class DeleteEmail implements RestModifyView<AccountResource.Email, Input> {
@ -69,13 +72,26 @@ public class DeleteEmail implements RestModifyView<AccountResource.Email, Input>
    if (!realm.allowsEdit(AccountFieldName.REGISTER_NEW_EMAIL)) {
      throw new MethodNotAllowedException("realm does not allow deleting emails");
    }
-    AccountExternalId.Key key = new AccountExternalId.Key(AccountExternalId.SCHEME_MAILTO, email);
-    AccountExternalId extId = dbProvider.get().accountExternalIds().get(key);
-    if (extId == null) {
+
+    Set<AccountExternalId> extIds =
+        dbProvider
+            .get()
+            .accountExternalIds()
+            .byAccount(user.getAccountId())
+            .toList()
+            .stream()
+            .filter(e -> email.equals(e.getEmailAddress()))
+            .collect(toSet());
+    if (extIds.isEmpty()) {
      throw new ResourceNotFoundException(email);
    }
+
    try {
-      accountManager.unlink(user.getAccountId(), AuthRequest.forEmail(email));
+      for (AccountExternalId extId : extIds) {
+        AuthRequest authRequest = new AuthRequest(extId.getKey().get());
+        authRequest.setEmailAddress(email);
+        accountManager.unlink(user.getAccountId(), authRequest);
+      }
    } catch (AccountException e) {
      throw new ResourceConflictException(e.getMessage());
    }