Added unlink identity to AccountManager

This adds functionality to remove identities, we remove the
identity from AccountExternalIds and we make sure the preferred
email is in sync with it. We also flush the caches.

We need this function for issue 1095, which adds setting account
details that includes deleting email(s).

Change-Id: Ia2bc785258f475a66befaa0e79893b26ca526c54

gerrit-server/src/main/java/com/google/gerrit/server/account/AccountManager.java

@@ -426,6 +426,56 @@ public class AccountManager {
     }
   }
 
+  /**
+   * Unlink an authentication identity from an existing account.
+   *
+   * @param from account to unlink the identity from.
+   * @param who the identity to delete
+   * @return the result of unlinking the identity from the user.
+   * @throws AccountException the identity belongs to a different account, or it
+   *         cannot be unlinked at this time.
+   */
+  public AuthResult unlink(final Account.Id from, AuthRequest who)
+      throws AccountException {
+    try {
+      final ReviewDb db = schema.open();
+      try {
+        who = realm.unlink(db, from, who);
+
+        final AccountExternalId.Key key = id(who);
+        AccountExternalId extId = db.accountExternalIds().get(key);
+        if (extId != null) {
+          if (!extId.getAccountId().equals(from)) {
+            throw new AccountException("Identity in use by another account");
+          }
+          db.accountExternalIds().delete(Collections.singleton(extId));
+
+          if (who.getEmailAddress() != null) {
+            final Account a = db.accounts().get(from);
+            if (a.getPreferredEmail() != null
+                && a.getPreferredEmail().equals(who.getEmailAddress())) {
+              a.setPreferredEmail(null);
+              db.accounts().update(Collections.singleton(a));
+            }
+            byEmailCache.evict(who.getEmailAddress());
+            byIdCache.evict(from);
+          }
+
+        } else {
+          throw new AccountException("Identity not found");
+        }
+
+        return new AuthResult(from, key, false);
+
+      } finally {
+        db.close();
+      }
+    } catch (OrmException e) {
+      throw new AccountException("Cannot unlink identity", e);
+    }
+  }
+
+
   private static AccountExternalId.Key id(final AuthRequest who) {
     return new AccountExternalId.Key(who.getExternalId());
   }

gerrit-server/src/main/java/com/google/gerrit/server/account/DefaultRealm.java

@@ -20,7 +20,6 @@ import com.google.gerrit.reviewdb.server.ReviewDb;
 import com.google.inject.Inject;
 
 import java.util.Collections;
-import java.util.List;
 import java.util.Set;
 
 public class DefaultRealm implements Realm {
@@ -56,6 +55,11 @@ public class DefaultRealm implements Realm {
     return who;
   }
 
+  @Override
+  public AuthRequest unlink(ReviewDb db, Account.Id from, AuthRequest who) {
+    return who;
+  }
+
   @Override
   public void onCreateAccount(final AuthRequest who, final Account account) {
   }

gerrit-server/src/main/java/com/google/gerrit/server/account/Realm.java

@@ -29,6 +29,9 @@ public interface Realm {
   public AuthRequest link(ReviewDb db, Account.Id to, AuthRequest who)
       throws AccountException;
 
+  public AuthRequest unlink(ReviewDb db, Account.Id to, AuthRequest who)
+      throws AccountException;
+
   public void onCreateAccount(AuthRequest who, Account account);
 
   public GroupMembership groups(AccountState who);

gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapRealm.java

@@ -254,6 +254,11 @@ class LdapRealm implements Realm {
     return who;
   }
 
+  @Override
+  public AuthRequest unlink(ReviewDb db, Account.Id from, AuthRequest who) {
+    return who;
+  }
+
   @Override
   public void onCreateAccount(final AuthRequest who, final Account account) {
     usernameCache.put(who.getLocalUser(), account.getId());