Merge branch '23068-ability-to-delete-identities-for-user' into 'master'

Add delete identity API endpoint to users API Closes #23068 See merge request gitlab-org/gitlab!24122

Merge branch '23068-ability-to-delete-identities-for-user' into 'master'
Add delete identity API endpoint to users API Closes #23068 See merge request gitlab-org/gitlab!24122
ee6c6fd0 · Imre Farkas · 30b55047 · e7d362bd · ee6c6fd0 · ee6c6fd0
Commit ee6c6fd0 authored Feb 14, 2020 by Imre Farkas
4 changed files
--- a/changelogs/unreleased/23068-ability-to-delete-identities-for-user.yml
+++ b/changelogs/unreleased/23068-ability-to-delete-identities-for-user.yml
+---
+title: Add delete identity endpoint on the users API
+merge_request: 24122
+author:
+type: added
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -437,6 +437,19 @@ Note, at the moment this method does only return a `404` error,
 even in cases where a `409` (Conflict) would be more appropriate,
 e.g. when renaming the email address to some existing one.

+## Delete authentication identity from user
+
+Deletes a user's authentication identity using the provider name associated with that identity. Available only for administrators.
+
+```
+DELETE /users/:id/identities/:provider
+```
+
+Parameters:
+
+- `id` (required) - The ID of the user
+- `provider` (required) - External provider name
+
 ## User deletion

 Deletes a user. Available only for administrators.

--- a/lib/api/users.rb
+++ b/lib/api/users.rb
@@ -225,6 +225,27 @@ module API
      end
      # rubocop: enable CodeReuse/ActiveRecord

+      desc "Delete a user's identity. Available only for admins" do
+        success Entities::UserWithAdmin
+      end
+      params do
+        requires :id, type: Integer, desc: 'The ID of the user'
+        requires :provider, type: String, desc: 'The external provider'
+      end
+      # rubocop: disable CodeReuse/ActiveRecord
+      delete ":id/identities/:provider" do
+        authenticated_as_admin!
+
+        user = User.find_by(id: params[:id])
+        not_found!('User') unless user
+
+        identity = user.identities.find_by(provider: params[:provider])
+        not_found!('Identity') unless identity
+
+        destroy_conditionally!(identity)
+      end
+      # rubocop: enable CodeReuse/ActiveRecord
+
      desc 'Add an SSH key to a specified user. Available only for admins.' do
        success Entities::SSHKey
      end

--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -949,6 +949,45 @@ describe API::Users do
    end
  end

+  describe "DELETE /users/:id/identities/:provider" do
+    let(:test_user) { create(:omniauth_user, provider: 'ldapmain') }
+
+    context 'when unauthenticated' do
+      it 'returns authentication error' do
+        delete api("/users/#{test_user.id}/identities/ldapmain")
+
+        expect(response).to have_gitlab_http_status(:unauthorized)
+      end
+    end
+
+    context 'when authenticated' do
+      it 'deletes identity of given provider' do
+        expect do
+          delete api("/users/#{test_user.id}/identities/ldapmain", admin)
+        end.to change { test_user.identities.count }.by(-1)
+        expect(response).to have_gitlab_http_status(:no_content)
+      end
+
+      it_behaves_like '412 response' do
+        let(:request) { api("/users/#{test_user.id}/identities/ldapmain", admin) }
+      end
+
+      it 'returns 404 error if user not found' do
+        delete api("/users/0/identities/ldapmain", admin)
+
+        expect(response).to have_gitlab_http_status(:not_found)
+        expect(json_response['message']).to eq('404 User Not Found')
+      end
+
+      it 'returns 404 error if identity not found' do
+        delete api("/users/#{test_user.id}/identities/saml", admin)
+
+        expect(response).to have_gitlab_http_status(:not_found)
+        expect(json_response['message']).to eq('404 Identity Not Found')
+      end
+    end
+  end
+
  describe "POST /users/:id/keys" do
    before do
      admin