add POST /api/aliases/:alias_id/toggle endpoint

README.md

@@ -793,6 +793,23 @@ If success, 200.
 }
 ```
 
+#### POST /api/aliases/:alias_id/toggle
+
+Enable/disable alias
+
+Input:
+- `Authentication` header that contains the api key
+- `alias_id` in url. 
+
+Output:
+If success, 200 along with the new alias status:
+
+```json
+{
+    "enabled": false
+}
+```
+
 
 ### Database migration
 

app/api/views/alias.py

@@ -77,3 +77,29 @@ def delete_alias(alias_id):
     db.session.commit()
 
     return jsonify(deleted=True), 200
+
+
+@api_bp.route("/aliases/<int:alias_id>/toggle", methods=["POST"])
+@cross_origin()
+@verify_api_key
+def toggle_alias(alias_id):
+    """
+    Enable/disable alias
+    Input:
+        alias_id: in url
+    Output:
+        200 along with new status:
+        - enabled
+
+
+    """
+    user = g.user
+    gen_email: GenEmail = GenEmail.get(alias_id)
+
+    if gen_email.user_id != user.id:
+        return jsonify(error="Forbidden"), 403
+
+    gen_email.enabled = not gen_email.enabled
+    db.session.commit()
+
+    return jsonify(enabled=gen_email.enabled), 200

tests/api/test_alias.py

@@ -76,3 +76,25 @@ def test_delete_alias(flask_client):
 
     assert r.status_code == 200
     assert r.json == {"deleted": True}
+
+
+def test_toggle_alias(flask_client):
+    user = User.create(
+        email="a@b.c", password="password", name="Test User", activated=True
+    )
+    db.session.commit()
+
+    # create api_key
+    api_key = ApiKey.create(user.id, "for test")
+    db.session.commit()
+
+    gen_email = GenEmail.create_new_random(user.id)
+    db.session.commit()
+
+    r = flask_client.post(
+        url_for("api.toggle_alias", alias_id=gen_email.id),
+        headers={"Authentication": api_key.code},
+    )
+
+    assert r.status_code == 200
+    assert r.json == {"enabled": False}