From 6bc0e964e7663758b7e3e1bf333c5f8c6edb7196 Mon Sep 17 00:00:00 2001
From: xmok <30526133+xmok@users.noreply.github.com>
Date: Mon, 8 Jul 2024 19:22:31 +0500
Subject: [PATCH 1/3] feat(api): dELETE [ur]/api/v1/aliases/:address can be
 used to delete Alias via the API

close #68
---
 .../api/v1/email_alias_controller.ex           | 18 ++++++++++++++++++
 lib/shroud_web/router.ex                       |  1 +
 2 files changed, 19 insertions(+)

diff --git a/lib/shroud_web/controllers/api/v1/email_alias_controller.ex b/lib/shroud_web/controllers/api/v1/email_alias_controller.ex
index c69bd65..a67c7bd 100644
--- a/lib/shroud_web/controllers/api/v1/email_alias_controller.ex
+++ b/lib/shroud_web/controllers/api/v1/email_alias_controller.ex
@@ -61,4 +61,22 @@ defmodule ShroudWeb.Api.V1.EmailAliasController do
         |> render("error.json", error: "Unable to create email alias")
     end
   end
+
+  def delete(conn, %{"address" => address}) do
+    alias =
+      EmailAlias
+      |> where([ea], is_nil(ea.deleted_at))
+      |> Repo.get_by(address: address)
+
+    if is_nil(alias) do
+      conn
+      |> put_status(422)
+      |> put_view(ShroudWeb.ErrorView)
+      |> render("error.json", error: "Alias not found")
+    else
+      Aliases.delete_email_alias(alias.id)
+      conn
+      |> send_resp(:no_content, "")
+    end
+  end
 end
diff --git a/lib/shroud_web/router.ex b/lib/shroud_web/router.ex
index 641ef0d..1fd52cf 100644
--- a/lib/shroud_web/router.ex
+++ b/lib/shroud_web/router.ex
@@ -50,6 +50,7 @@ defmodule ShroudWeb.Router do
     pipe_through([:api, :require_confirmed_api_user])
 
     resources("/aliases", EmailAliasController, only: [:index, :create])
+    delete("/aliases/:address", EmailAliasController, :delete)
     resources("/domains", DomainController, only: [:index])
   end
 

From b9cafbceef16414f39844b3086cca87ef3318d5c Mon Sep 17 00:00:00 2001
From: xmok <30526133+xmok@users.noreply.github.com>
Date: Mon, 8 Jul 2024 19:37:03 +0500
Subject: [PATCH 2/3] fix(emailaliascontroller): check that user owns alias

---
 lib/shroud_web/controllers/api/v1/email_alias_controller.ex | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/shroud_web/controllers/api/v1/email_alias_controller.ex b/lib/shroud_web/controllers/api/v1/email_alias_controller.ex
index a67c7bd..906bd9d 100644
--- a/lib/shroud_web/controllers/api/v1/email_alias_controller.ex
+++ b/lib/shroud_web/controllers/api/v1/email_alias_controller.ex
@@ -66,6 +66,7 @@ defmodule ShroudWeb.Api.V1.EmailAliasController do
     alias =
       EmailAlias
       |> where([ea], is_nil(ea.deleted_at))
+      |> where([ea], ea.user_id == ^conn.assigns.current_user.id)
       |> Repo.get_by(address: address)
 
     if is_nil(alias) do

From bc6650723173179411749a5aa5340c84bc2966cb Mon Sep 17 00:00:00 2001
From: xmok <30526133+xmok@users.noreply.github.com>
Date: Tue, 6 Aug 2024 01:55:22 +0500
Subject: [PATCH 3/3] test(email_alias_controller_test): add 2 tests for the
 new DELETE alias api endpoint

---
 .../api/v1/email_alias_controller.ex          |  1 +
 .../api/v1/email_alias_controller_test.exs    | 41 +++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/lib/shroud_web/controllers/api/v1/email_alias_controller.ex b/lib/shroud_web/controllers/api/v1/email_alias_controller.ex
index 906bd9d..28d8cd4 100644
--- a/lib/shroud_web/controllers/api/v1/email_alias_controller.ex
+++ b/lib/shroud_web/controllers/api/v1/email_alias_controller.ex
@@ -76,6 +76,7 @@ defmodule ShroudWeb.Api.V1.EmailAliasController do
       |> render("error.json", error: "Alias not found")
     else
       Aliases.delete_email_alias(alias.id)
+
       conn
       |> send_resp(:no_content, "")
     end
diff --git a/test/shroud_web/controllers/api/v1/email_alias_controller_test.exs b/test/shroud_web/controllers/api/v1/email_alias_controller_test.exs
index 86e779d..489cbc4 100644
--- a/test/shroud_web/controllers/api/v1/email_alias_controller_test.exs
+++ b/test/shroud_web/controllers/api/v1/email_alias_controller_test.exs
@@ -171,6 +171,39 @@ defmodule ShroudWeb.Api.V1.EmailAliasControllerTest do
     end
   end
 
+  describe "delete/2" do
+    setup do
+      conn = build_conn()
+      user = user_fixture()
+
+      user =
+        user
+        |> Accounts.User.confirm_changeset()
+        |> Repo.update!(returning: true)
+
+      email_alias = alias_fixture(%{user_id: user.id})
+
+      %{conn: conn, user: user, address: email_alias.address}
+    end
+
+    test "deletes an email alias", %{conn: conn, user: user, address: address} do
+
+      conn = authorized_delete(conn, user, Routes.email_alias_path(conn, :delete, address))
+      assert response(conn, 204)
+    end
+
+    test "prevents deleting an email alias if user does not own it", %{conn: conn, user: user} do
+      other_user = user_fixture()
+      other_alias = alias_fixture(%{user_id: other_user.id})
+      conn =
+        authorized_delete(conn, user, Routes.email_alias_path(conn, :delete, other_alias.address))
+
+        assert json_response(conn, 422) == %{
+          "error" => "Alias not found"
+        }
+    end
+  end
+
   defp authorized_get(conn, user, path, params \\ nil) do
     token = Accounts.generate_user_session_token(user)
 
@@ -186,4 +219,12 @@ defmodule ShroudWeb.Api.V1.EmailAliasControllerTest do
     |> put_req_header("authorization", "Bearer #{Base.encode64(token)}")
     |> post(path, params)
   end
+
+  defp authorized_delete(conn, user, path, params \\ nil) do
+    token = Accounts.generate_user_session_token(user)
+
+    conn
+    |> put_req_header("authorization", "Bearer #{Base.encode64(token)}")
+    |> delete(path, params)
+  end
 end