public async Task <IActionResult> DeleteUser([FromQuery] string username)
{
var normalizedUsername = UsernameNormalizer.Normalize(username);
// Authroize
var loggedInUsername = UsernameNormalizer.Normalize(HttpContext.User.Identity.Name);
var authorizationResult = await authorizationModule.AuthorizeAsync(
new ManageUserResourceDescription(normalizedUsername, UserManagementActionType.Delete),
loggedInUsername);
if (!authorizationResult.IsAuthorized)
{
return(StatusCode((int)HttpStatusCode.Unauthorized, "Not authorized"));
}
var wasDeleted = await authenticationModule.DeleteUserAsync(normalizedUsername);
if (wasDeleted)
{
apiEventLogger.Log(LogLevel.Warning, $"User '{normalizedUsername}' has been deleted");
return(Ok());
}
var userExists = await authenticationModule.FindUserAsync(normalizedUsername) != null;
if (userExists)
{
return(StatusCode((int)HttpStatusCode.InternalServerError, "User exists but could not be deleted"));
}
return(Ok());
}
