Lock user: Improve return code and fix docs (#4377)

* Lock user: Improve return code and fix docs

The docs state that the `DELETE` method should be used, though the controller wants `POST`. The latter seems appropriate here, as the action can be used for locking and unlocking.

Also adapted the action to return a status code based on the actual outcome of the user toggle call.

Closes #4310.

* Update clients

BTCPayServer/Controllers/GreenField/GreenfieldUsersController.cs

@@ -76,18 +76,20 @@ namespace BTCPayServer.Controllers.Greenfield
             }
             return UserNotFound();
         }
+        
         [Authorize(Policy = Policies.CanModifyServerSettings, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]
         [HttpPost("~/api/v1/users/{idOrEmail}/lock")]
-        public async Task<IActionResult> LockUser(string idOrEmail, LockUserRequest request )
+        public async Task<IActionResult> LockUser(string idOrEmail, LockUserRequest request)
         {
-            var user = (await _userManager.FindByIdAsync(idOrEmail) ) ?? await _userManager.FindByEmailAsync(idOrEmail);
+            var user = await _userManager.FindByIdAsync(idOrEmail) ?? await _userManager.FindByEmailAsync(idOrEmail);
             if (user is null)
             {
                 return UserNotFound();
             }
 
-            await _userService.ToggleUser(user.Id, request.Locked ? DateTimeOffset.MaxValue : null);
-            return Ok();
+            var success = await _userService.ToggleUser(user.Id, request.Locked ? DateTimeOffset.MaxValue : null);
+            return success.HasValue && success.Value ? Ok() : this.CreateAPIError("invalid-state",
+                $"{(request.Locked ? "Locking" : "Unlocking")} user failed");
         }
         
         [Authorize(Policy = Policies.CanViewUsers, AuthenticationSchemes = AuthenticationSchemes.Greenfield)]