Remove unused response bodies from a number of API endpoints.

This removes the response body from the following methods:

* `POST /api/setup`
* `POST /api/auth/login`
* `POST /api/invite/:id`
* `POST /api/password`

The bodies returned from these methods were something of a rough guess as to what might be useful. Actual client development has shown that we don't use _any_ of the data from any of these API responses, so let's not tie ourselves to future compatibility by continuing to send them. We can add a body to a bodyless method a _lot_ more easily than we can change the body of a method that already returns one, after all.

These changes are not backwards compatible for clients which care about the existing bodies. To my knowledge, there are no such clients; the included client definitely doesn't care.

## Internals

Not only does this change stop returning bodies at the API surface, but it also stops retrieving and returning values used internally to construct those responses, simplifying the code a bit in the process.

One side effect of this is that tests that need to log in a user now need to manually verify the returned token secret, to convert it back into a user, whereas the previous versions returned both a token secret and a user during password login. I don't love the increase in the size of the tests, but I think it's the right tradeoff (and this change is code net-negative anyways).

Merges no-content into main.

2 files changed, 7 insertions, 12 deletions

diff --git a/src/user/handlers/logout/mod.rs b/src/user/handlers/logout/mod.rs
index 45a376a..4450e4c 100644
--- a/src/user/handlers/logout/mod.rs
+++ b/src/user/handlers/logout/mod.rs
@@ -1,12 +1,12 @@
 use axum::{
     extract::{Json, State},
-    http::StatusCode,
     response::{IntoResponse, Response},
 };
 
 use crate::{
     app::App,
     clock::RequestedAt,
+    empty::Empty,
     error::{Internal, Unauthorized},
     token::{app, extract::IdentityCookie},
 };
@@ -19,14 +19,14 @@ pub async fn handler(
     RequestedAt(now): RequestedAt,
     identity: IdentityCookie,
     Json(_): Json<Request>,
-) -> Result<(IdentityCookie, StatusCode), Error> {
+) -> Result<(IdentityCookie, Empty), Error> {
     if let Some(secret) = identity.secret() {
         let (token, _) = app.tokens().validate(&secret, &now).await?;
         app.tokens().logout(&token).await?;
     }
 
     let identity = identity.clear();
-    Ok((identity, StatusCode::NO_CONTENT))
+    Ok((identity, Empty))
 }
 
 // This forces the only valid request to be `{}`, and not the infinite
diff --git a/src/user/handlers/logout/test.rs b/src/user/handlers/logout/test.rs
index 8dc4636..7151ddf 100644
--- a/src/user/handlers/logout/test.rs
+++ b/src/user/handlers/logout/test.rs
@@ -1,9 +1,6 @@
-use axum::{
-    extract::{Json, State},
-    http::StatusCode,
-};
+use axum::extract::{Json, State};
 
-use crate::{test::fixtures, token::app};
+use crate::{empty::Empty, test::fixtures, token::app};
 
 #[tokio::test]
 async fn successful() {
@@ -17,7 +14,7 @@ async fn successful() {
 
     // Call the endpoint
 
-    let (response_identity, response_status) = super::handler(
+    let (response_identity, Empty) = super::handler(
         State(app.clone()),
         fixtures::now(),
         identity.clone(),
@@ -29,7 +26,6 @@ async fn successful() {
     // Verify the return value's basic structure
 
     assert!(response_identity.secret().is_none());
-    assert_eq!(StatusCode::NO_CONTENT, response_status);
 
     // Verify the semantics
     let error = app
@@ -49,14 +45,13 @@ async fn no_identity() {
     // Call the endpoint
 
     let identity = fixtures::cookie::not_logged_in();
-    let (identity, status) = super::handler(State(app), fixtures::now(), identity, Json::default())
+    let (identity, Empty) = super::handler(State(app), fixtures::now(), identity, Json::default())
         .await
         .expect("logged out with no token succeeds");
 
     // Verify the return value's basic structure
 
     assert!(identity.secret().is_none());
-    assert_eq!(StatusCode::NO_CONTENT, status);
 }
 
 #[tokio::test]