Consumer API: Reject identity deletion process (#535)

* feat: implement rejection of deletion process before approval

* chore: fix a typo

* feat: add reject identity deletion endpoint

* feat: add RejectedAt and RejectedByDevice properties

* chore: fix formatting

* chore: remove IdentityAddress from RejectDeletionProcessResponse

* chore: remove unused directives

* chore: line endings

* chore: remove unused directives

* refactor: use SystemTime.UtcNow

* refactor: use SystemTime

* refactor: extract into separate method

* chore: rename variable

* chore: rename variable

* refactor: remove ctor input parameter

* chore: remove redundant status update

* chore: rename input parameter

* chore: change the method order in code

* feat: add EnsureIdentityOwnsDevice method

* test: check CreatedAt value

* chore: reorganize lines

* test: update condition

* chore: reorganize lines

* refactor: remove redundant date variable

* chore: renamed mock repository variable to fake

* test: use identity's own device in test

* chore: rename class to plural

* test: add reject deletion process test case when device is not owned by identity

* test: use own device in test

* test: update acting to start deletion process with own device

* test: simplify method call

* refactor: use hardcoded date

* chore: rename variable

* refactor: attempt to start deletion process with own device

* test: change assertion

* refactor: remove redundant handler tests as they are covered by the domain ones

* chore: remove unused directives

* refactor: reorganize class so that ctors are on top and private methods below their public ones

* refactor: remove redundant assertion

* feat: ensure deletion process is approved by device owned by identity

* chore: move private Approve method beneath its first use

* refactor: use device owned by identity and make code uniform in similar tests

* refactor: use own device to approve deletion process

* test: update assertions

* test: add test when process is started by "not owned" device

* refactor: remove handler tests covered by domain tests

* feat: use RejectedAt instead of CreatedAt in dto

* refactor: rename method and update exception thrown

* test: update tests

* chore: remove redundant call

* test: add additional assertion

* test: update tests with additional assertions

* test: update assertions

* refactor: extract method

* test: update assertions

* fix: fix missing usings

* test: avoid having two acting statements

* chore: change error code, method name and error message

* feat: bring back RejectedAt and RejectedBy properties

* refactor: remove two actings

* Merge branch 'main' into nmshdb-44-rejection-of-deletion-process

* test: fix broken test

* chore: formatting

* test: fix tests

* test: fix tests

---------

Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>

Author: NikolaVetnic

Modules/Devices/src/Devices.Application/Identities/Commands/RejectDeletionProcess/Handler.cs

@@ -0,0 +1,36 @@
+using Backbone.BuildingBlocks.Application.Abstractions.Exceptions;
+using Backbone.BuildingBlocks.Application.Abstractions.Infrastructure.UserContext;
+using Backbone.BuildingBlocks.Domain;
+using Backbone.Modules.Devices.Application.Infrastructure.Persistence.Repository;
+using Backbone.Modules.Devices.Domain.Entities.Identities;
+using MediatR;
+
+namespace Backbone.Modules.Devices.Application.Identities.Commands.RejectDeletionProcess;
+public class Handler : IRequestHandler<RejectDeletionProcessCommand, RejectDeletionProcessResponse>
+{
+    private readonly IIdentitiesRepository _identitiesRepository;
+    private readonly IUserContext _userContext;
+
+    public Handler(IIdentitiesRepository identitiesRepository, IUserContext userContext)
+    {
+        _identitiesRepository = identitiesRepository;
+        _userContext = userContext;
+    }
+
+    public async Task<RejectDeletionProcessResponse> Handle(RejectDeletionProcessCommand request, CancellationToken cancellationToken)
+    {
+        var identity = await _identitiesRepository.FindByAddress(_userContext.GetAddress(), cancellationToken, track: true) ?? throw new NotFoundException(nameof(Identity));
+        var deviceId = _userContext.GetDeviceId();
+
+        var deletionProcessIdResult = IdentityDeletionProcessId.Create(request.DeletionProcessId);
+
+        if (deletionProcessIdResult.IsFailure)
+            throw new DomainException(deletionProcessIdResult.Error);
+
+        var deletionProcessId = deletionProcessIdResult.Value;
+        var deletionProcess = identity.RejectDeletionProcess(deletionProcessId, deviceId);
+        await _identitiesRepository.Update(identity, cancellationToken);
+
+        return new RejectDeletionProcessResponse(deletionProcess);
+    }
+}

Modules/Devices/src/Devices.Application/Identities/Commands/RejectDeletionProcess/RejectDeletionProcessCommand.cs

@@ -0,0 +1,12 @@
+using MediatR;
+
+namespace Backbone.Modules.Devices.Application.Identities.Commands.RejectDeletionProcess;
+public class RejectDeletionProcessCommand : IRequest<RejectDeletionProcessResponse>
+{
+    public RejectDeletionProcessCommand(string deletionProcessId)
+    {
+        DeletionProcessId = deletionProcessId;
+    }
+
+    public string DeletionProcessId { get; set; }
+}

Modules/Devices/src/Devices.Application/Identities/Commands/RejectDeletionProcess/RejectDeletionProcessResponse.cs

@@ -0,0 +1,18 @@
+using Backbone.Modules.Devices.Domain.Entities.Identities;
+
+namespace Backbone.Modules.Devices.Application.Identities.Commands.RejectDeletionProcess;
+public class RejectDeletionProcessResponse
+{
+    public RejectDeletionProcessResponse(IdentityDeletionProcess deletionProcess)
+    {
+        Id = deletionProcess.Id;
+        Status = deletionProcess.Status;
+        RejectedAt = deletionProcess.RejectedAt ?? throw new Exception($"The '{nameof(IdentityDeletionProcess.RejectedAt)}' property of the given deletion process must not be null.");
+        RejectedByDevice = deletionProcess.RejectedByDevice ?? throw new Exception($"The '{nameof(IdentityDeletionProcess.RejectedByDevice)}' property of the given deletion process must not be null.");
+    }
+
+    public string Id { get; }
+    public DeletionProcessStatus Status { get; }
+    public DateTime RejectedAt { get; }
+    public string RejectedByDevice { get; }
+}

Modules/Devices/src/Devices.ConsumerApi/Controllers/IdentitiesController.cs

@@ -6,6 +6,7 @@
 using Backbone.Modules.Devices.Application.Identities.Commands.ApproveDeletionProcess;
 using Backbone.Modules.Devices.Application.Identities.Commands.CancelDeletionProcess;
 using Backbone.Modules.Devices.Application.Identities.Commands.CreateIdentity;
+using Backbone.Modules.Devices.Application.Identities.Commands.RejectDeletionProcess;
 using Backbone.Modules.Devices.Application.Identities.Commands.StartDeletionProcessAsOwner;
 using Backbone.Modules.Devices.Application.Identities.Queries.GetDeletionProcess;
 using Backbone.Modules.Devices.Application.Identities.Queries.GetDeletionProcesses;
@@ -80,6 +81,16 @@ public async Task<IActionResult> ApproveDeletionProcess([FromRoute] string id, C
         return Ok(response);
     }
 
+    [HttpPut("Self/DeletionProcesses/{id}/Reject")]
+    [ProducesResponseType(StatusCodes.Status200OK)]
+    [ProducesError(StatusCodes.Status400BadRequest)]
+    [ProducesError(StatusCodes.Status404NotFound)]
+    public async Task<IActionResult> RejectDeletionProcess([FromRoute] string id, CancellationToken cancellationToken)
+    {
+        var response = await _mediator.Send(new RejectDeletionProcessCommand(id), cancellationToken);
+        return Ok(response);
+    }
+
     [HttpGet("Self/DeletionProcesses/{id}")]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesError(StatusCodes.Status404NotFound)]

Modules/Devices/src/Devices.Domain/DomainErrors.cs

@@ -1,4 +1,5 @@
 using Backbone.BuildingBlocks.Domain.Errors;
+using Backbone.Modules.Devices.Domain.Entities.Identities;
 
 namespace Backbone.Modules.Devices.Domain;
 
@@ -45,8 +46,8 @@ public static DomainError OnlyOneActiveDeletionProcessAllowed()
         return new DomainError("error.platform.validation.device.onlyOneActiveDeletionProcessAllowed", "Only one active deletion process is allowed.");
     }
 
-    public static DomainError NoDeletionProcessWithRequiredStatusExists()
+    public static DomainError DeletionProcessMustBeInStatus(DeletionProcessStatus deletionProcessStatus)
     {
-        return new DomainError("error.platform.validation.device.noDeletionProcessWithRequiredStatusExists", "The deletion process does not have the correct status to perform this action.");
+        return new DomainError($"error.platform.validation.device.deletionProcessMustBeInStatus{deletionProcessStatus}", $"The deletion process must be in status '{deletionProcessStatus}'.");
     }
 }

Modules/Devices/src/Devices.Domain/Entities/Identities/Identity.cs

@@ -85,12 +85,6 @@ public IdentityDeletionProcess StartDeletionProcessAsOwner(DeviceId asDevice)
         return deletionProcess;
     }
 
-    private void EnsureIdentityOwnsDevice(DeviceId currentDeviceId)
-    {
-        if (!Devices.Exists(device => device.Id == currentDeviceId))
-            throw new DomainException(GenericDomainErrors.NotFound(nameof(Device)));
-    }
-
     public void DeletionProcessApprovalReminder1Sent()
     {
         EnsureDeletionProcessInStatusExists(DeletionProcessStatus.WaitingForApproval);
@@ -117,7 +111,9 @@ public void DeletionProcessApprovalReminder3Sent()
 
     public IdentityDeletionProcess ApproveDeletionProcess(IdentityDeletionProcessId deletionProcessId, DeviceId deviceId)
     {
-        var deletionProcess = DeletionProcesses.FirstOrDefault(x => x.Id == deletionProcessId) ?? throw new DomainException(GenericDomainErrors.NotFound(nameof(IdentityDeletionProcess)));
+        EnsureIdentityOwnsDevice(deviceId);
+
+        var deletionProcess = GetDeletionProcess(deletionProcessId);
 
         deletionProcess.Approve(Address, deviceId);
 
@@ -128,12 +124,28 @@ public IdentityDeletionProcess ApproveDeletionProcess(IdentityDeletionProcessId
         return deletionProcess;
     }
 
+    private IdentityDeletionProcess GetDeletionProcess(IdentityDeletionProcessId deletionProcessId)
+    {
+        var deletionProcess = DeletionProcesses.FirstOrDefault(x => x.Id == deletionProcessId) ?? throw new DomainException(GenericDomainErrors.NotFound(nameof(IdentityDeletionProcess)));
+        return deletionProcess;
+    }
+
+    public IdentityDeletionProcess RejectDeletionProcess(IdentityDeletionProcessId deletionProcessId, DeviceId deviceId)
+    {
+        EnsureIdentityOwnsDevice(deviceId);
+
+        var deletionProcess = GetDeletionProcess(deletionProcessId);
+        deletionProcess.Reject(Address, deviceId);
+
+        return deletionProcess;
+    }
+
     private void EnsureDeletionProcessInStatusExists(DeletionProcessStatus status)
     {
         var deletionProcess = DeletionProcesses.Any(d => d.Status == status);
 
         if (!deletionProcess)
-            throw new DomainException(DomainErrors.NoDeletionProcessWithRequiredStatusExists());
+            throw new DomainException(DomainErrors.DeletionProcessMustBeInStatus(status));
     }
 
     private void EnsureNoActiveProcessExists()
@@ -144,6 +156,12 @@ private void EnsureNoActiveProcessExists()
             throw new DomainException(DomainErrors.OnlyOneActiveDeletionProcessAllowed());
     }
 
+    private void EnsureIdentityOwnsDevice(DeviceId currentDeviceId)
+    {
+        if (!Devices.Exists(device => device.Id == currentDeviceId))
+            throw new DomainException(GenericDomainErrors.NotFound(nameof(Device)));
+    }
+
     public void DeletionGracePeriodReminder1Sent()
     {
         EnsureDeletionProcessInStatusExists(DeletionProcessStatus.Approved);
@@ -193,7 +211,8 @@ public enum DeletionProcessStatus
 {
     WaitingForApproval = 0,
     Approved = 1,
-    Cancelled = 2
+    Cancelled = 2,
+    Rejected = 3
 }
 
 public enum IdentityStatus

Modules/Devices/src/Devices.Domain/Entities/Identities/IdentityDeletionProcess.cs

@@ -16,16 +16,6 @@ private IdentityDeletionProcess()
         Id = null!;
     }
 
-    public static IdentityDeletionProcess StartAsSupport(IdentityAddress createdBy)
-    {
-        return new IdentityDeletionProcess(createdBy, DeletionProcessStatus.WaitingForApproval);
-    }
-
-    public static IdentityDeletionProcess StartAsOwner(IdentityAddress createdBy, DeviceId createdByDeviceId)
-    {
-        return new IdentityDeletionProcess(createdBy, createdByDeviceId);
-    }
-
     private IdentityDeletionProcess(IdentityAddress createdBy, DeletionProcessStatus status)
     {
         Id = IdentityDeletionProcessId.Generate();
@@ -53,6 +43,16 @@ private void Approve(DeviceId createdByDevice)
         GracePeriodEndsAt = SystemTime.UtcNow.AddDays(IdentityDeletionConfiguration.LengthOfGracePeriod);
     }
 
+    public static IdentityDeletionProcess StartAsSupport(IdentityAddress createdBy)
+    {
+        return new IdentityDeletionProcess(createdBy, DeletionProcessStatus.WaitingForApproval);
+    }
+
+    public static IdentityDeletionProcess StartAsOwner(IdentityAddress createdBy, DeviceId createdByDeviceId)
+    {
+        return new IdentityDeletionProcess(createdBy, createdByDeviceId);
+    }
+
     public IdentityDeletionProcessId Id { get; }
     public IReadOnlyList<IdentityDeletionProcessAuditLogEntry> AuditLog => _auditLog;
     public DeletionProcessStatus Status { get; private set; }
@@ -65,6 +65,9 @@ private void Approve(DeviceId createdByDevice)
     public DateTime? ApprovedAt { get; private set; }
     public DeviceId? ApprovedByDevice { get; private set; }
 
+    public DateTime? RejectedAt { get; private set; }
+    public DeviceId? RejectedByDevice { get; private set; }
+
     public DateTime? CancelledAt { get; private set; }
     public DeviceId? CancelledByDevice { get; private set; }
 
@@ -74,7 +77,6 @@ private void Approve(DeviceId createdByDevice)
     public DateTime? GracePeriodReminder2SentAt { get; private set; }
     public DateTime? GracePeriodReminder3SentAt { get; private set; }
 
-
     public bool IsActive()
     {
         return Status is DeletionProcessStatus.Approved or DeletionProcessStatus.WaitingForApproval;
@@ -123,17 +125,37 @@ public void GracePeriodReminder3Sent(IdentityAddress address)
 
     public void Approve(IdentityAddress address, DeviceId approvedByDevice)
     {
-        if (Status != DeletionProcessStatus.WaitingForApproval)
-            throw new DomainException(DomainErrors.NoDeletionProcessWithRequiredStatusExists());
+        EnsureStatus(DeletionProcessStatus.WaitingForApproval);
 
         Approve(approvedByDevice);
         _auditLog.Add(IdentityDeletionProcessAuditLogEntry.ProcessApproved(Id, address, approvedByDevice));
     }
 
+    public void Reject(IdentityAddress address, DeviceId rejectedByDevice)
+    {
+        EnsureStatus(DeletionProcessStatus.WaitingForApproval);
+
+        Reject(rejectedByDevice);
+        _auditLog.Add(IdentityDeletionProcessAuditLogEntry.ProcessRejected(Id, address, rejectedByDevice));
+    }
+
+    private void EnsureStatus(DeletionProcessStatus deletionProcessStatus)
+    {
+        if (Status != deletionProcessStatus)
+            throw new DomainException(DomainErrors.DeletionProcessMustBeInStatus(deletionProcessStatus));
+    }
+
+    private void Reject(DeviceId rejectedByDevice)
+    {
+        Status = DeletionProcessStatus.Rejected;
+        RejectedAt = SystemTime.UtcNow;
+        RejectedByDevice = rejectedByDevice;
+    }
+
     public void Cancel(IdentityAddress address, DeviceId cancelledByDevice)
     {
         if (Status != DeletionProcessStatus.Approved)
-            throw new DomainException(DomainErrors.NoDeletionProcessWithRequiredStatusExists());
+            throw new DomainException(DomainErrors.DeletionProcessMustBeInStatus(DeletionProcessStatus.Approved));
 
         Status = DeletionProcessStatus.Cancelled;
         CancelledAt = SystemTime.UtcNow;

Modules/Devices/src/Devices.Domain/Entities/Identities/IdentityDeletionProcessAuditLogEntry.cs

@@ -20,6 +20,11 @@ public static IdentityDeletionProcessAuditLogEntry ProcessApproved(IdentityDelet
         return new IdentityDeletionProcessAuditLogEntry(processId, "The deletion process was approved.", Hasher.HashUtf8(identityAddress.StringValue), Hasher.HashUtf8(deviceId.StringValue), DeletionProcessStatus.WaitingForApproval, DeletionProcessStatus.Approved);
     }
 
+    public static IdentityDeletionProcessAuditLogEntry ProcessRejected(IdentityDeletionProcessId processId, IdentityAddress identityAddress, DeviceId deviceId)
+    {
+        return new IdentityDeletionProcessAuditLogEntry(processId, "The deletion process was rejected.", Hasher.HashUtf8(identityAddress.StringValue), Hasher.HashUtf8(deviceId.StringValue), DeletionProcessStatus.WaitingForApproval, DeletionProcessStatus.Rejected);
+    }
+
     public static IdentityDeletionProcessAuditLogEntry ProcessCancelled(IdentityDeletionProcessId processId, IdentityAddress identityAddress, DeviceId deviceId)
     {
         return new IdentityDeletionProcessAuditLogEntry(processId, "The deletion process was cancelled.", Hasher.HashUtf8(identityAddress.StringValue), Hasher.HashUtf8(deviceId.StringValue), DeletionProcessStatus.Approved, DeletionProcessStatus.Cancelled);