Fix capability of serviceuser owners to delete auth tokens

Change-Id: I8d17ec694fca8dcd24b0a3087f85a5b3aae01ce9

src/main/java/com/googlesource/gerrit/plugins/serviceuser/DeleteToken.java

diff --git a/src/main/java/com/googlesource/gerrit/plugins/serviceuser/DeleteToken.java b/src/main/java/com/googlesource/gerrit/plugins/serviceuser/DeleteToken.java
index 8662fa3..89a4df7 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/serviceuser/DeleteToken.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/serviceuser/DeleteToken.java
@@ -21,6 +21,7 @@
 import com.google.gerrit.extensions.restapi.RestApiException;
 import com.google.gerrit.extensions.restapi.RestModifyView;
 import com.google.gerrit.server.CurrentUser;
+import com.google.gerrit.server.account.AuthTokenAccessor;
 import com.google.gerrit.server.account.InvalidAuthTokenException;
 import com.google.gerrit.server.config.PluginConfig;
 import com.google.gerrit.server.config.PluginConfigFactory;
@@ -30,14 +31,13 @@
 import com.google.inject.Provider;
 import com.google.inject.Singleton;
 import com.googlesource.gerrit.plugins.serviceuser.email.ServiceUserOutgoingEmail;
-import com.googlesource.gerrit.plugins.serviceuser.email.ServiceUserUpdatedEmailDecorator.Operation;
 import java.io.IOException;
 import org.eclipse.jgit.errors.ConfigInvalidException;
 
 @Singleton
 public class DeleteToken implements RestModifyView<ServiceUserResource.Token, Input> {
   private final PluginConfig config;
-  private final com.google.gerrit.server.restapi.account.DeleteToken deleteToken;
+  private final AuthTokenAccessor tokenAccessor;
   private final Provider<CurrentUser> self;
   private final PermissionBackend permissionBackend;
   private final ServiceUserOutgoingEmail.Factory outgoingEmailFactory;
@@ -46,12 +46,12 @@
   DeleteToken(
       @PluginName String pluginName,
       PluginConfigFactory pluginConfigFactory,
-      com.google.gerrit.server.restapi.account.DeleteToken deleteToken,
+      AuthTokenAccessor tokenAccessor,
       Provider<CurrentUser> self,
       PermissionBackend permissionBackend,
       ServiceUserOutgoingEmail.Factory outgoingEmailFactory) {
     this.config = pluginConfigFactory.getFromGerritConfig(pluginName);
-    this.deleteToken = deleteToken;
+    this.tokenAccessor = tokenAccessor;
     this.self = self;
     this.permissionBackend = permissionBackend;
     this.outgoingEmailFactory = outgoingEmailFactory;
@@ -69,10 +69,7 @@
       permissionBackend.user(self.get()).check(ADMINISTRATE_SERVER);
     }
 
-    Response<String> resp = deleteToken.apply(rsrc.getUser(), rsrc.getToken().id(), false);
-    if (resp.statusCode() == Response.none().statusCode()) {
-      outgoingEmailFactory.create(rsrc, Operation.DELETE_TOKEN).send();
-    }
-    return resp;
+    tokenAccessor.deleteToken(rsrc.getUser().getAccountId(), rsrc.getToken().id());
+    return Response.none();
   }
 }

src/test/java/com/googlesource/gerrit/plugins/serviceuser/DeleteTokenIT.java

diff --git a/src/test/java/com/googlesource/gerrit/plugins/serviceuser/DeleteTokenIT.java b/src/test/java/com/googlesource/gerrit/plugins/serviceuser/DeleteTokenIT.java
new file mode 100644
index 0000000..92354d5
--- /dev/null
+++ b/src/test/java/com/googlesource/gerrit/plugins/serviceuser/DeleteTokenIT.java
@@ -0,0 +1,63 @@
+// Copyright (C) 2025 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package com.googlesource.gerrit.plugins.serviceuser;
+
+import com.google.gerrit.acceptance.LightweightPluginDaemonTest;
+import com.google.gerrit.acceptance.TestPlugin;
+import com.google.gerrit.acceptance.UseSsh;
+import com.google.gerrit.acceptance.config.GerritConfig;
+import org.junit.Before;
+import org.junit.Test;
+
+@UseSsh
+@TestPlugin(
+    name = "serviceuser",
+    sysModule = "com.googlesource.gerrit.plugins.serviceuser.Module",
+    sshModule = "com.googlesource.gerrit.plugins.serviceuser.SshModule",
+    httpModule = "com.googlesource.gerrit.plugins.serviceuser.HttpModule")
+public class DeleteTokenIT extends LightweightPluginDaemonTest {
+  private static final String SERVICEUSER_NAME = "testServiceuser";
+  private static final String OWNER_GROUP_NAME = "testGroup";
+  private static final String SERVICEUSER_TOKEN_ID = "token";
+  private static final String SERVICEUSER_BASE_URL = "/config/server/serviceuser~serviceusers/";
+
+  @Before
+  public void setUp() throws Exception {
+    adminRestSession.put(SERVICEUSER_BASE_URL + SERVICEUSER_NAME).assertCreated();
+    adminRestSession.put("/groups/" + OWNER_GROUP_NAME).assertCreated();
+
+    PutOwner.Input ownerInput = new PutOwner.Input();
+    ownerInput.group = OWNER_GROUP_NAME;
+    adminRestSession
+        .put(SERVICEUSER_BASE_URL + SERVICEUSER_NAME + "/owner", ownerInput)
+        .assertCreated();
+
+    adminRestSession
+        .put(SERVICEUSER_BASE_URL + SERVICEUSER_NAME + "/tokens/" + SERVICEUSER_TOKEN_ID)
+        .assertCreated();
+  }
+
+  @Test
+  @GerritConfig(name = "plugin.serviceuser.allowHttpPassword", value = "true")
+  public void testDeleteToken() throws Exception {
+    userRestSession
+        .delete(SERVICEUSER_BASE_URL + SERVICEUSER_NAME + "/tokens/" + SERVICEUSER_TOKEN_ID)
+        .assertNotFound();
+    adminRestSession.put("/groups/" + OWNER_GROUP_NAME + "/members/" + user.id());
+    userRestSession
+        .delete(SERVICEUSER_BASE_URL + SERVICEUSER_NAME + "/tokens/" + SERVICEUSER_TOKEN_ID)
+        .assertNoContent();
+  }
+}