From 7013ec368b0e7a598828a6a733fb02aa29dc220e Mon Sep 17 00:00:00 2001
From: Edward Ly <contact@edward.ly>
Date: Wed, 9 Oct 2024 22:32:43 -0700
Subject: [PATCH 1/2] feat(ApiController): add endpoint to de-provision user

Signed-off-by: Edward Ly <contact@edward.ly>
---
 appinfo/routes.php               |  1 +
 lib/Controller/ApiController.php | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/appinfo/routes.php b/appinfo/routes.php
index 16a08d94..d58f751d 100644
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@@ -31,6 +31,7 @@
 		['name' => 'login#backChannelLogout', 'url' => '/backchannel-logout/{providerIdentifier}', 'verb' => 'POST'],
 
 		['name' => 'api#createUser', 'url' => '/user', 'verb' => 'POST'],
+		['name' => 'api#deleteUser', 'url' => '/user/{userId}', 'verb' => 'DELETE'],
 
 		['name' => 'id4me#showLogin', 'url' => '/id4me', 'verb' => 'GET'],
 		['name' => 'id4me#login', 'url' => '/id4me', 'verb' => 'POST'],
diff --git a/lib/Controller/ApiController.php b/lib/Controller/ApiController.php
index 5b74d6d5..efade9c8 100644
--- a/lib/Controller/ApiController.php
+++ b/lib/Controller/ApiController.php
@@ -28,6 +28,7 @@
 use OCA\UserOIDC\AppInfo\Application;
 use OCA\UserOIDC\Db\UserMapper;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\Files\IRootFolder;
 use OCP\Files\NotPermittedException;
@@ -97,4 +98,20 @@ public function createUser(int $providerId, string $userId, ?string $displayName
 
 		return new DataResponse(['user_id' => $user->getUID()]);
 	}
+
+	/**
+	 * @param string $userId
+	 * @return DataResponse
+	 */
+	public function deleteUser(string $userId): DataResponse {
+		$status = Http::STATUS_NOT_FOUND;
+		$user = $this->userManager->get($userId);
+
+		if (!is_null($user) && $user->getBackendClassName() === 'user_oidc') {
+			$user->delete();
+			$status = Http::STATUS_OK;
+		}
+
+		return new DataResponse(['user_id' => $userId], $status);
+	}
 }

From 8872b548c5e2d12d1c3bc70f250a8278158cfece Mon Sep 17 00:00:00 2001
From: Edward Ly <contact@edward.ly>
Date: Fri, 11 Oct 2024 09:49:21 -0700
Subject: [PATCH 2/2] fix(deleteUser): update error message and attributes

Signed-off-by: Edward Ly <contact@edward.ly>
---
 lib/Controller/ApiController.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/Controller/ApiController.php b/lib/Controller/ApiController.php
index efade9c8..2f50f9c7 100644
--- a/lib/Controller/ApiController.php
+++ b/lib/Controller/ApiController.php
@@ -100,18 +100,18 @@ public function createUser(int $providerId, string $userId, ?string $displayName
 	}
 
 	/**
+	 * @NoCSRFRequired
+	 *
 	 * @param string $userId
 	 * @return DataResponse
 	 */
 	public function deleteUser(string $userId): DataResponse {
-		$status = Http::STATUS_NOT_FOUND;
 		$user = $this->userManager->get($userId);
-
-		if (!is_null($user) && $user->getBackendClassName() === 'user_oidc') {
-			$user->delete();
-			$status = Http::STATUS_OK;
+		if (is_null($user) || $user->getBackendClassName() !== 'user_oidc') {
+			return new DataResponse(['message' => 'User not found'], Http::STATUS_NOT_FOUND);
 		}
 
-		return new DataResponse(['user_id' => $userId], $status);
+		$user->delete();
+		return new DataResponse(['user_id' => $userId], Http::STATUS_OK);
 	}
 }