SMQ-3062 - Update Domain Invitation Deletion Endpoint (#3110)

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

apidocs/openapi/domains.yaml

@@ -757,17 +757,18 @@ paths:
         "500":
           $ref: "#/components/responses/ServiceError"
 
-  /domains/{domainID}/invitations/{userID}:
     delete:
       operationId: deleteInvitation
       summary: Deletes a specific invitation
       description: |
-        Deletes a specific invitation that is identifier by the user ID and domain ID.
+        Deletes a specific invitation that is identified by the user ID and domain ID.
+        The user ID is provided in the request body.
       tags:
         - Invitations
       parameters:
         - $ref: "#/components/parameters/DomainID"
-        - $ref: "#/components/parameters/UserID"
+      requestBody:
+        $ref: "#/components/requestBodies/DeleteInvitationReq"
       security:
         - bearerAuth: []
       responses:
@@ -1289,6 +1290,21 @@ components:
                 description: Domain unique identifier.
             required:
               - domain_id
+    DeleteInvitationReq:
+      description: JSON-formatted document describing request for deleting invitation
+      required: true
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              user_id:
+                type: string
+                format: uuid
+                example: bb7edb32-2eac-4aad-aebe-ed96fe073879
+                description: User unique identifier.
+            required:
+              - user_id
 
   responses:
     ServiceError:

domains/api/http/decode.go

@@ -265,9 +265,12 @@ func decodeAcceptInvitationReq(_ context.Context, r *http.Request) (any, error)
 
 func decodeDeleteInvitationReq(_ context.Context, r *http.Request) (any, error) {
 	req := deleteInvitationReq{
-		userID:   chi.URLParam(r, "userID"),
 		domainID: chi.URLParam(r, "domainID"),
 	}
 
+	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
+		return nil, errors.Wrap(apiutil.ErrValidation, errors.Wrap(err, errors.ErrMalformedEntity))
+	}
+
 	return req, nil
 }

domains/api/http/endpoint.go

@@ -300,7 +300,7 @@ func deleteInvitationEndpoint(svc domains.Service) endpoint.Endpoint {
 		}
 		session.DomainID = req.domainID
 
-		if err := svc.DeleteInvitation(ctx, session, req.userID, req.domainID); err != nil {
+		if err := svc.DeleteInvitation(ctx, session, req.UserID, req.domainID); err != nil {
 			return nil, err
 		}
 

domains/api/http/endpoint_test.go

@@ -1503,7 +1503,7 @@ func TestDeleteInvitation(t *testing.T) {
 			token:       validToken,
 			userID:      "",
 			domainID:    domainID,
-			status:      http.StatusMethodNotAllowed,
+			status:      http.StatusBadRequest,
 			contentType: contentType,
 			svcErr:      nil,
 		},
@@ -1534,12 +1534,15 @@ func TestDeleteInvitation(t *testing.T) {
 			}
 			authnCall := auth.On("Authenticate", mock.Anything, tc.token).Return(tc.session, tc.authnErr)
 			repoCall := svc.On("DeleteInvitation", mock.Anything, tc.session, tc.userID, tc.domainID).Return(tc.svcErr)
+
+			data := fmt.Sprintf(`{"user_id": "%s"}`, tc.userID)
 			req := testRequest{
 				client:      is.Client(),
 				method:      http.MethodDelete,
-				url:         fmt.Sprintf("%s/domains/%s/invitations/%s", is.URL, tc.domainID, tc.userID),
+				url:         fmt.Sprintf("%s/domains/%s/invitations", is.URL, tc.domainID),
 				token:       tc.token,
 				contentType: tc.contentType,
+				body:        strings.NewReader(data),
 			}
 
 			res, err := req.make()

domains/api/http/requests.go

@@ -157,12 +157,12 @@ func (req *acceptInvitationReq) validate() error {
 }
 
 type deleteInvitationReq struct {
-	userID   string
+	UserID   string `json:"user_id"`
 	domainID string
 }
 
 func (req *deleteInvitationReq) validate() error {
-	if req.userID == "" {
+	if req.UserID == "" {
 		return apiutil.ErrMissingID
 	}
 	if req.domainID == "" {

domains/api/http/transport.go

@@ -101,14 +101,12 @@ func MakeHandler(svc domains.Service, authn authn.Authentication, mux *chi.Mux,
 				api.EncodeResponse,
 				opts...,
 			), "list_domain_invitations").ServeHTTP)
-			r.Route("/{userID}", func(r chi.Router) {
-				r.Delete("/", otelhttp.NewHandler(kithttp.NewServer(
-					deleteInvitationEndpoint(svc),
-					decodeDeleteInvitationReq,
-					api.EncodeResponse,
-					opts...,
-				), "delete_invitation").ServeHTTP)
-			})
+			r.Delete("/", otelhttp.NewHandler(kithttp.NewServer(
+				deleteInvitationEndpoint(svc),
+				decodeDeleteInvitationReq,
+				api.EncodeResponse,
+				opts...,
+			), "delete_invitation").ServeHTTP)
 		})
 	})
 

pkg/sdk/invitations.go

@@ -130,9 +130,19 @@ func (sdk mgSDK) RejectInvitation(ctx context.Context, domainID, token string) (
 }
 
 func (sdk mgSDK) DeleteInvitation(ctx context.Context, userID, domainID, token string) (err error) {
-	url := fmt.Sprintf("%s/%s/%s/%s/%s", sdk.domainsURL, domainsEndpoint, domainID, invitationsEndpoint, userID)
+	req := struct {
+		UserID string `json:"user_id"`
+	}{
+		UserID: userID,
+	}
+	data, err := json.Marshal(req)
+	if err != nil {
+		return errors.NewSDKError(err)
+	}
 
-	_, _, sdkErr := sdk.processRequest(ctx, http.MethodDelete, url, token, nil, nil, http.StatusNoContent)
+	url := fmt.Sprintf("%s/%s/%s/%s", sdk.domainsURL, domainsEndpoint, domainID, invitationsEndpoint)
+
+	_, _, sdkErr := sdk.processRequest(ctx, http.MethodDelete, url, token, data, nil, http.StatusNoContent)
 
 	return sdkErr
 }