public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
// validate client token
string clientToken = req.Query["client_token"];
if (string.IsNullOrWhiteSpace(clientToken))
{
return(CreateErrorResponse("client_token is missing", StatusCodes.Status401Unauthorized));
}
var(validateResult, clientTokenMessage, payload) = TokenService.ValidateClientToken(clientToken, Configurations.JWTToken.TokenClientSecret,
Configurations.JWTToken.TokenIssuer, Configurations.JWTToken.TokenSubject);
if (!validateResult)
{
return(CreateErrorResponse(clientTokenMessage, StatusCodes.Status401Unauthorized));
}
// then validate refresh token
string refreshToken = req.Query["refresh_token"];
if (string.IsNullOrWhiteSpace(refreshToken))
{
return(CreateErrorResponse("refresh_token is missing"));
}
string source = req.Query["source"];
string userId;
if (source == "cognito")
{
var adToken = await CognitoService.Instance.GetAccessToken(refreshToken);
if (adToken == null || string.IsNullOrWhiteSpace(adToken.AccessToken))
{
return(CreateErrorResponse($"refresh_token is invalid: {refreshToken} ", StatusCodes.Status401Unauthorized));
}
// Validate the access token, then get id and group name
var(result, message, id, _) = await CognitoService.Instance.ValidateAccessToken(adToken.AccessToken);
if (!result)
{
log.LogError($"can not get access token from refresh token {refreshToken}");
return(CreateErrorResponse(message, StatusCodes.Status403Forbidden));
}
var customUserId = await CognitoService.Instance.GetCustomUserId(id);
if (string.IsNullOrWhiteSpace(customUserId))
{
return(CreateErrorResponse($"user {id} does not have custom id", StatusCodes.Status500InternalServerError));
}
userId = customUserId;
var adUser = await ADUser.FindById(customUserId);
if (adUser != null)
{
await adUser.SetEnable(false);
}
await CognitoService.Instance.SetAccountEable(id, false);
}
else
{
// get access token by refresh token
var adToken = await ADAccess.Instance.RefreshToken(refreshToken);
if (adToken == null || string.IsNullOrWhiteSpace(adToken.AccessToken))
{
return(CreateErrorResponse($"refresh_token is invalid: {refreshToken} ", StatusCodes.Status401Unauthorized));
}
string email = req.Query["email"];
// validate email address
if (string.IsNullOrWhiteSpace(email))
{
return(CreateErrorResponse($"Email is empty"));
}
if (!email.IsValidEmailAddress())
{
return(CreateErrorResponse($"Email {email} is invalid"));
}
email = email.NormalizeEmail();
var adUser = await ADUser.FindByEmail(email);
if (adUser == null)
{
return(CreateErrorResponse($"Can not find user {email}"));
}
userId = adUser.ObjectId;
log.LogInformation($"Delete user {userId}, {email}");
await adUser.SetEnable(false);
}
// delete cosmos user
var dataService = new DataService();
await DeleteUserRecords(dataService, "User", null,
new QueryDefinition("select * from c where c.id = @id").WithParameter("@id", userId));
foreach (var table in Configurations.Cosmos.UserTablesToClear)
{
await DeleteUserRecords(dataService, table, userId);
}
return(CreateSuccessResponse());
}
