backend: /orgs/<id>/remove: return 404 if org user doesn't exist, fix… (#561)

* backend: /orgs/<id>/remove: return 404 if org user doesn't exist, fixes issue in #535 Co-authored-by: Tessa Walsh <tessa@bitarchivist.net>
2023-02-08 13:22:36 -08:00 · 2023-02-08 13:22:36 -08:00 · 40fb04b385
commit 40fb04b385
parent a7a18b9db0
2 changed files with 17 additions and 1 deletions
--- a/backend/btrixcloud/orgs.py
+++ b/backend/btrixcloud/orgs.py
@ -500,8 +500,12 @@ def init_orgs_api(app, mdb, user_manager, invites, user_dep: User):
                raise HTTPException(
                    status_code=400, detail="Can't remove only owner from org"
                )
+        try:
+            del org.users[str(other_user.id)]
+        except KeyError:
+            # pylint: disable=raise-missing-from
+            raise HTTPException(status_code=404, detail="no_such_org_user")

-        del org.users[str(other_user.id)]
        await ops.update(org)
        return {"removed": True}

--- a/backend/test/test_org.py
+++ b/backend/test/test_org.py
@ -116,6 +116,18 @@ def test_remove_user_from_org(admin_auth_headers, default_org_id):
    assert data["removed"]


+def test_remove_non_existent_user(admin_auth_headers, default_org_id):
+    # Remove user
+    r = requests.post(
+        f"{API_PREFIX}/orgs/{default_org_id}/remove",
+        json={"email": "toremove@example.com"},
+        headers=admin_auth_headers,
+    )
+    assert r.status_code == 404
+    data = r.json()
+    assert data["detail"] == "no_such_org_user"
+
+
 def test_get_pending_org_invites(
    admin_auth_headers, default_org_id, non_default_org_id
 ):