Bulk delete users

Author: rsgowman

src/main/java/com/google/firebase/auth/DeleteUsersResult.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import com.google.common.collect.ImmutableList;
+import com.google.firebase.auth.internal.BatchDeleteResponse;
+import com.google.firebase.internal.NonNull;
+import java.util.List;
+
+/**
+ * Represents the result of the {@link FirebaseAuth#deleteUsersAsync(List)} API.
+ */
+public final class DeleteUsersResult {
+
+  private int successCount;
+  private int failureCount;
+  private List<ErrorInfo> errors;
+
+  DeleteUsersResult(int users, BatchDeleteResponse response) {
+    ImmutableList.Builder<ErrorInfo> errorsBuilder = ImmutableList.builder();
+    List<BatchDeleteResponse.ErrorInfo> responseErrors = response.getErrors();
+    if (responseErrors != null) {
+      checkArgument(users >= responseErrors.size());
+      for (BatchDeleteResponse.ErrorInfo error : responseErrors) {
+        errorsBuilder.add(new ErrorInfo(error.getIndex(), error.getMessage()));
+      }
+    }
+    errors = errorsBuilder.build();
+    failureCount = errors.size();
+    successCount = users - errors.size();
+  }
+
+  /**
+   * Returns the number of users that were deleted successfully (possibly zero). Users that did
+   * not exist prior to calling deleteUsersAsync() will be considered to be successfully
+   * deleted.
+   */ 
+  public int getSuccessCount() {
+    return successCount;
+  }
+
+  /**
+   * Returns the number of users that failed to be deleted (possibly zero).
+   */
+  public int getFailureCount() {
+    return failureCount;
+  }
+
+  /**
+   * A list of {@link ErrorInfo} instances describing the errors that were encountered during
+   * the deletion. Length of this list is equal to the return value of 
+   * {@link #getFailureCount()}.
+   *
+   * @return A non-null list (possibly empty).
+   */
+  @NonNull
+  public List<ErrorInfo> getErrors() {
+    return errors;
+  }
+}

src/main/java/com/google/firebase/auth/FirebaseAuth.java

@@ -919,6 +919,59 @@ protected Void execute() throws FirebaseAuthException {
     };
   }
 
+  /**
+   * Deletes the users specified by the given identifiers.
+   *
+   * <p>Deleting a non-existing user won't generate an error. (i.e. this method is idempotent.)
+   * Non-existing users will be considered to be successfully deleted, and will therefore be counted
+   * in the DeleteUsersResult.getSuccessCount() value.
+   *
+   * <p>Only a maximum of 1000 identifiers may be supplied. If more than 1000 identifiers are
+   * supplied, this method will immediately throw an IllegalArgumentException.
+   *
+   * <p>This API is currently rate limited at the server to 1 QPS. If you exceed this, you may get a
+   * quota exceeded error. Therefore, if you want to delete more than 1000 users, you may need to
+   * add a delay to ensure you don't go over this limit.
+   *
+   * @param uids The uids of the users to be deleted. Must have <= 1000 entries.
+   * @return The total number of successful/failed deletions, as well as the array of errors that
+   *     correspond to the failed deletions.
+   * @throw IllegalArgumentException If any of the identifiers are invalid or if more than 1000
+   *     identifiers are specified.
+   * @throws FirebaseAuthException If an error occurs while deleting users.
+   */
+  public DeleteUsersResult deleteUsers(List<String> uids) throws FirebaseAuthException {
+    return deleteUsersOp(uids).call();
+  }
+
+  /**
+   * Similar to {@link #deleteUsers(List)} but performs the operation asynchronously.
+   *
+   * @param uids The uids of the users to be deleted. Must have <= 1000 entries.
+   * @return An {@code ApiFuture} that resolves to the total number of successful/failed
+   *     deletions, as well as the array of errors that correspond to the failed deletions. If an
+   *     error occurs while deleting the user account, the future throws a
+   *     {@link FirebaseAuthException}.
+   * @throw IllegalArgumentException If any of the identifiers are invalid or if more than 1000
+   *     identifiers are specified.
+   */
+  public ApiFuture<DeleteUsersResult> deleteUsersAsync(List<String> uids) {
+    return deleteUsersOp(uids).callAsync(firebaseApp);
+  }
+
+  private CallableOperation<DeleteUsersResult, FirebaseAuthException> deleteUsersOp(
+      final List<String> uids) {
+    checkNotDestroyed();
+    checkNotNull(uids, "uids must not be null");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<DeleteUsersResult, FirebaseAuthException>() {
+      @Override
+      protected DeleteUsersResult execute() throws FirebaseAuthException {
+        return userManager.deleteUsers(uids);
+      }
+    };
+  }
+
   /**
    * Imports the provided list of users into Firebase Auth. At most 1000 users can be imported at a
    * time. This operation is optimized for bulk imports and will ignore checks on identifier

src/main/java/com/google/firebase/auth/FirebaseUserManager.java

@@ -39,10 +39,10 @@
 import com.google.firebase.ImplFirebaseTrampolines;
 import com.google.firebase.auth.UserRecord.CreateRequest;
 import com.google.firebase.auth.UserRecord.UpdateRequest;
+import com.google.firebase.auth.internal.BatchDeleteResponse;
 import com.google.firebase.auth.internal.DownloadAccountResponse;
 import com.google.firebase.auth.internal.GetAccountInfoRequest;
 import com.google.firebase.auth.internal.GetAccountInfoResponse;
-
 import com.google.firebase.auth.internal.HttpErrorResponse;
 import com.google.firebase.auth.internal.UploadAccountResponse;
 import com.google.firebase.internal.ApiClientUtils;
@@ -237,6 +237,19 @@ void deleteUser(String uid) throws FirebaseAuthException {
     }
   }
 
+  DeleteUsersResult deleteUsers(List<String> uids) throws FirebaseAuthException {
+    final Map<String, Object> payload = ImmutableMap.<String, Object>of(
+        "localIds", uids,
+        "force", true);
+    BatchDeleteResponse response = post(
+        "/accounts:batchDelete", payload, BatchDeleteResponse.class);
+    if (response == null) {
+      throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to delete users");
+    }
+
+    return new DeleteUsersResult(uids.size(), response);
+  }
+
   DownloadAccountResponse listUsers(int maxResults, String pageToken) throws FirebaseAuthException {
     ImmutableMap.Builder<String, Object> builder = ImmutableMap.<String, Object>builder()
         .put("maxResults", maxResults);

src/main/java/com/google/firebase/auth/internal/BatchDeleteResponse.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2020 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.google.firebase.auth.internal;
+
+import com.google.api.client.util.Key;
+import java.util.List;
+
+/**
+ * Represents the response from identity toolkit for a batch delete request.
+ */
+public class BatchDeleteResponse {
+
+  @Key("errors")
+  private List<ErrorInfo> errors;
+
+  public List<ErrorInfo> getErrors() {
+    return errors;
+  }
+
+  public static class ErrorInfo {
+    @Key("index")
+    private int index;
+
+    @Key("message")
+    private String message;
+
+    // A 'localId' field also exists here, but is not currently exposed in the admin sdk.
+
+    public int getIndex() {
+      return index;
+    }
+
+    public String getMessage() {
+      return message;
+    }
+  }
+}

src/test/java/com/google/firebase/auth/FirebaseAuthIT.java

@@ -137,6 +137,83 @@ public void testDeleteNonExistingUser() throws Exception {
     }
   }
 
+  @Test
+  public void testDeleteUsers() throws Exception {
+    UserRecord user1 = newUserWithParams();
+    UserRecord user2 = newUserWithParams();
+    UserRecord user3 = newUserWithParams();
+
+    DeleteUsersResult deleteUsersResult = slowDeleteUsersAsync(
+        ImmutableList.of(user1.getUid(), user2.getUid(), user3.getUid())
+        ).get();
+
+    assertEquals(3, deleteUsersResult.getSuccessCount());
+    assertEquals(0, deleteUsersResult.getFailureCount());
+    assertTrue(deleteUsersResult.getErrors().isEmpty());
+
+    GetUsersResult getUsersResult = auth.getUsersAsync(ImmutableList.<UserIdentifier>of(
+          new UidIdentifier(user1.getUid()),
+          new UidIdentifier(user2.getUid()),
+          new UidIdentifier(user3.getUid())
+          )).get();
+
+    assertTrue(getUsersResult.getUsers().isEmpty());
+    assertEquals(3, getUsersResult.getNotFound().size());
+  }
+
+  @Test
+  public void testDeleteExistingAndNonExistingUsers() throws Exception {
+    UserRecord user1 = newUserWithParams();
+
+    DeleteUsersResult deleteUsersResult = slowDeleteUsersAsync(
+        ImmutableList.of(user1.getUid(), "uid-that-doesnt-exist")
+        ).get();
+
+    assertEquals(2, deleteUsersResult.getSuccessCount());
+    assertEquals(0, deleteUsersResult.getFailureCount());
+    assertTrue(deleteUsersResult.getErrors().isEmpty());
+
+    GetUsersResult getUsersResult = auth.getUsersAsync(ImmutableList.<UserIdentifier>of(
+          new UidIdentifier(user1.getUid()),
+          new UidIdentifier("uid-that-doesnt-exist")
+          )).get();
+
+    assertTrue(getUsersResult.getUsers().isEmpty());
+    assertEquals(2, getUsersResult.getNotFound().size());
+  }
+
+  @Test
+  public void testDeleteUsersIsIdempotent() throws Exception {
+    UserRecord user1 = newUserWithParams();
+
+    DeleteUsersResult result = slowDeleteUsersAsync(
+        ImmutableList.of(user1.getUid())
+        ).get();
+
+    assertEquals(1, result.getSuccessCount());
+    assertEquals(0, result.getFailureCount());
+    assertTrue(result.getErrors().isEmpty());
+
+    // Delete the user again, ensuring that everything still counts as a success.
+    result = slowDeleteUsersAsync(
+        ImmutableList.of(user1.getUid())
+        ).get();
+
+    assertEquals(1, result.getSuccessCount());
+    assertEquals(0, result.getFailureCount());
+    assertTrue(result.getErrors().isEmpty());
+  }
+
+  /**
+   * The batchDelete endpoint is currently rate limited to 1qps. Use this test helper to ensure we
+   * don't run into quota exceeded errors.
+   */
+  // TODO(rsgowman): When/if the rate limit is relaxed, eliminate this helper.
+  private ApiFuture<DeleteUsersResult> slowDeleteUsersAsync(List<String> uids) throws Exception {
+    TimeUnit.SECONDS.sleep(1);
+    return auth.deleteUsersAsync(uids);
+  }
+
   @Test
   public void testCreateUserWithParams() throws Exception {
     RandomUser randomUser = RandomUser.create();
@@ -742,6 +819,10 @@ static RandomUser create() {
     }
   }
 
+  static UserRecord newUserWithParams() throws Exception {
+    return newUserWithParams(auth);
+  }
+
   static UserRecord newUserWithParams(FirebaseAuth auth) throws Exception {
     // TODO(rsgowman): This function could be used throughout this file (similar to the other
     // ports).

src/test/java/com/google/firebase/auth/FirebaseUserManagerTest.java

@@ -422,6 +422,75 @@ public void testDeleteUser() throws Exception {
     checkRequestHeaders(interceptor);
   }
 
+  @Test
+  public void testDeleteUsersExceeds1000() throws Exception {
+    FirebaseApp.initializeApp();
+    List<String> ids = new ArrayList<>();
+    for (int i = 0; i < 1001; i++) {
+      ids.add("id" + i);
+    }
+    try {
+      FirebaseAuth.getInstance().deleteUsersAsync(ids);
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testDeleteUsersInvalidId() throws Exception {
+    FirebaseApp.initializeApp();
+    try {
+      FirebaseAuth.getInstance().deleteUsersAsync(
+          ImmutableList.of("too long " + Strings.repeat(".", 128)));
+    } catch (IllegalArgumentException expected) {
+      // expected
+    }
+  }
+
+  @Test
+  public void testDeleteUsersIndexesErrorsCorrectly() throws Exception {
+    initializeAppForUserManagement((""
+        + "{ "
+        + "    'errors': [{ "
+        + "        'index': 0, "
+        + "        'localId': 'uid1', "
+        + "        'message': 'NOT_DISABLED : Disable the account before batch deletion.' "
+        + "    }, { "
+        + "        'index': 2, "
+        + "        'localId': 'uid3', "
+        + "        'message': 'something awful' "
+        + "    }] "
+        + "} "
+        ).replace("'", "\""));
+
+    DeleteUsersResult result = FirebaseAuth.getInstance().deleteUsersAsync(ImmutableList.of(
+          "uid1", "uid2", "uid3", "uid4"
+          )).get();
+
+    assertEquals(2, result.getSuccessCount());
+    assertEquals(2, result.getFailureCount());
+    assertEquals(2, result.getErrors().size());
+    assertEquals(0, result.getErrors().get(0).getIndex());
+    assertEquals(
+        "NOT_DISABLED : Disable the account before batch deletion.",
+        result.getErrors().get(0).getReason());
+    assertEquals(2, result.getErrors().get(1).getIndex());
+    assertEquals("something awful", result.getErrors().get(1).getReason());
+  }
+
+  @Test
+  public void testDeleteUsersSuccess() throws Exception {
+    initializeAppForUserManagement("{}");
+
+    DeleteUsersResult result = FirebaseAuth.getInstance().deleteUsersAsync(ImmutableList.of(
+          "uid1", "uid2", "uid3"
+          )).get();
+
+    assertEquals(3, result.getSuccessCount());
+    assertEquals(0, result.getFailureCount());
+    assertTrue(result.getErrors().isEmpty());
+  }
+
   @Test
   public void testImportUsers() throws Exception {
     TestResponseInterceptor interceptor = initializeAppForUserManagement("{}");