public async Task <IActionResult> RemoveAccount([FromBody] RemovalRequest request) { try { var issuedAt = AuthService.TokenIssueDateTime(Request.Headers["Authorization"]); //Tries to remove an user entry and revoke any related token. var response = await _authService.RemoveAccount(request, issuedAt); return(StatusCode(response.Code ?? 200, response)); } catch (Exception) { return(BadRequest(new GenericResponse { Code = (int)HttpStatusCode.BadRequest, Status = (int)Model.Transient.StatusCode.UnknowException, Message = "Generic error in request." })); } }
public async Task <IResponse> RemoveAccount(RemovalRequest request, DateTime issuedAt) { if (string.IsNullOrEmpty(request.Email) || string.IsNullOrEmpty(request.Password)) { return new GenericResponse { Code = (int)HttpStatusCode.BadRequest, Status = (int)StatusCode.EmailPasswordMissing } } ; var email = await _context.Users.SingleOrDefaultAsync(x => x.Email == request.Email); //Check if email exists. if (email == null) { return new GenericResponse { Code = (int)HttpStatusCode.BadRequest, Status = (int)StatusCode.UserMissing } } ; //Invalidates any access tokens that were created before the password was last changed. if (email.PasswordLastUpdatedUtc > issuedAt) { return new GenericResponse { Code = (int)HttpStatusCode.BadRequest, Status = (int)StatusCode.AccessTokenInvalid } } ; //Password must match with current one before the user is able to delete the user. if (!IsPasswordHashValid(request.Password, email.PasswordHash, email.PasswordSalt)) { return new GenericResponse { Code = (int)HttpStatusCode.BadRequest, Status = (int)StatusCode.EmailPasswordInvalid } } ; //Forces the expiration of all still valid refresh tokens. await RevokeAllTokensFrom(email); //Removes or deactivates the user. if (request.Deactivate) { email.WasDeactivated = true; email.DeactivationDate = DateTime.UtcNow; } else { _context.Users.Remove(email); } await _context.SaveChangesAsync(); return(new GenericResponse { Code = (int)HttpStatusCode.OK, Status = (int)StatusCode.OkWithNoContent }); }