Add DELETE /api/contacts/:contact_id

README.md

@@ -978,6 +978,24 @@ Return 409 if contact is already added.
 }
 ```
 
+#### DELETE /api/contacts/:contact_id
+
+Delete a contact
+
+Input:
+- `Authentication` header that contains the api key
+- `contact_id` in url.
+
+Output:
+If success, 200.
+
+
+```json
+{
+    "deleted": true
+}
+```
+
 ### Database migration
 
 The database migration is handled by `alembic`

app/api/views/alias.py

@@ -320,3 +320,28 @@ def create_contact_route(alias_id):
     db.session.commit()
 
     return jsonify(**serialize_contact(contact)), 201
+
+
+@api_bp.route("/contacts/<int:contact_id>", methods=["DELETE"])
+@cross_origin()
+@verify_api_key
+def delete_contact(contact_id):
+    """
+    Delete contact
+    Input:
+        contact_id: in url
+    Output:
+        200
+
+
+    """
+    user = g.user
+    contact = Contact.get(contact_id)
+
+    if not contact or contact.alias.user_id != user.id:
+        return jsonify(error="Forbidden"), 403
+
+    Contact.delete(contact_id)
+    db.session.commit()
+
+    return jsonify(deleted=True), 200

tests/api/test_alias.py

@@ -267,3 +267,32 @@ def test_create_contact_route(flask_client):
         json={"contact": "First2 Last2 <first@example.com>"},
     )
     assert r.status_code == 409
+
+
+def test_delete_contact(flask_client):
+    user = User.create(
+        email="a@b.c", password="password", name="Test User", activated=True
+    )
+    db.session.commit()
+
+    # create api_key
+    api_key = ApiKey.create(user.id, "for test")
+    db.session.commit()
+
+    alias = Alias.create_new_random(user)
+    db.session.commit()
+
+    contact = Contact.create(
+        alias_id=alias.id,
+        website_email="contact@example.com",
+        reply_email="reply+random@sl.io",
+    )
+    db.session.commit()
+
+    r = flask_client.delete(
+        url_for("api.delete_contact", contact_id=contact.id),
+        headers={"Authentication": api_key.code},
+    )
+
+    assert r.status_code == 200
+    assert r.json == {"deleted": True}