Create an API endpoint to handle the deactivation of invitation links. This endpoint will validate the invitation link and deactivate it to prevent any further use, ensuring the user deactivating the link has proper authorization.
Acceptance Criteria
API Endpoint Implementation:
The endpoint should be accessible at /api/v1/invite/deactivate.
The endpoint should accept HTTP PATCH requests.
User deactivating the invite link must be authenticated with a JWT Auth token and authorized to do so.
Data Validation and Sanitization:
The API should validate the request payload to ensure the invitation link is present and valid.
The invitation link should be checked for correctness and validity (e.g., it hasn't already been deactivated and belongs to a valid organization).
Authorization:
Ensure the user deactivating the invitation link has the proper authorization to do so.
Deactivating the Invitation Link:
Upon successful validation and authorization, the invitation link should be deactivated to prevent further use.
Response:
On success, the API should return a 200 OK status code with a success message.
On failure, the API should return a 400 Bad Request status code with appropriate error messages.
If the user is not authorized, the API should return a 403 Forbidden status code with an appropriate error message.
Request Example
[PATCH]/api/v1/invite/deactivate
invitation_link (string, required): The invitation link must follow the format invite_[invitation_id].
Example Request
{
"invitation_link": "invite_12345"
}
Successful Response:
{
"message": "Invitation link has been deactivated",
"status_code": 200
}
{
"message": "Forbidden",
"error": "User is not authorized to deactivate this invitation link",
"status_code": 403
}
Purpose
Provides a backend service to handle the deactivation of invitation links, ensuring the link cannot be used again once deactivated and that only authorized users can perform this action.
Requirements
Develop server-side logic to handle invitation link deactivation.
Validate and sanitize incoming invitation link data.
Ensure proper authorization for deactivating the invitation link.
Deactivate the invitation link upon successful validation and authorization.
Expected Outcome
The API endpoint allows authorized users to deactivate invitation links via the provided link and ensures they cannot be used again.
Status Codes
200: Invitation link was successfully deactivated.
400:
Invalid invitation link format
Expired invitation link
Organization not found
403: User is not authorized to deactivate the invitation link.
500: A server error occurred
Testing
[ ] Write unit tests to ensure the invitation link deactivation endpoint validates input correctly, checks authorization, and deactivates the link.
[ ] Perform load testing to ensure the endpoint can handle multiple requests.
[ ] Test various scenarios for deactivating the invitation link (e.g., valid link, expired link, malformed link, unauthorized user, etc.).
Arnthorny
commented
4 months ago
Description
Create an API endpoint to handle the deactivation of invitation links. This endpoint will validate the invitation link and deactivate it to prevent any further use, ensuring the user deactivating the link has proper authorization.
Acceptance Criteria
API Endpoint Implementation:
/api/v1/invite/deactivate.Data Validation and Sanitization:
Authorization:
Deactivating the Invitation Link:
Response:
Request Example
[PATCH]
/api/v1/invite/deactivateinvitation_link(string, required): The invitation link must follow the formatinvite_[invitation_id].Example Request
Successful Response:
Error Response:
Purpose
Provides a backend service to handle the deactivation of invitation links, ensuring the link cannot be used again once deactivated and that only authorized users can perform this action.
Requirements
Expected Outcome
The API endpoint allows authorized users to deactivate invitation links via the provided link and ensures they cannot be used again.
Status Codes
Testing