public async Task <IActionResult> Get(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "tasks/{taskId:guid}")] HttpRequest req,
Guid taskId,
ILogger log)
{
if (!req.IsValidUser())
{
return(new UnauthorizedResult());
}
log.LogInformation("Preview Actions for Task ID {0}.", taskId);
return(new OkObjectResult(GetViewModel((await RekeyingTasks.GetAsync(taskId)))));
}
public async Task <IActionResult> Approve(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "tasks/{taskId:guid}/approve")] HttpRequest req,
Guid taskId,
ClaimsPrincipal claimsPrincipal,
ILogger log)
{
if (!req.IsValidUser(AuthJanitorRoles.ServiceOperator, AuthJanitorRoles.GlobalAdmin))
{
return(new UnauthorizedResult());
}
log.LogInformation("Administrator approved Task ID {0}", taskId);
var task = await RekeyingTasks.GetAsync(taskId);
log.LogInformation("Registering incoming user credential...");
try { await RegisterUserCredential(req); }
catch (Exception ex)
{
var logger = new RekeyingAttemptLogger();
logger.LogCritical(ex, "Error registering user credential!");
task.Attempts.Add(logger);
await RekeyingTasks.UpdateAsync(task);
return(new BadRequestErrorMessageResult(ex.Message));
}
if (task.ConfirmationType == TaskConfirmationStrategies.AdminCachesSignOff)
{
var credential = CredentialProvider.Get(MultiCredentialProvider.CredentialType.UserCredential);
var persisted = await SecureStorageProvider.Persist <Azure.Core.AccessToken>(
credential.Expiry,
new Azure.Core.AccessToken(credential.AccessToken, credential.Expiry));
task.PersistedCredentialId = persisted;
task.PersistedCredentialUser = credential.Username;
await RekeyingTasks.UpdateAsync(task);
return(new OkResult());
}
else if (task.ConfirmationType == TaskConfirmationStrategies.AdminSignsOffJustInTime)
{
task.RekeyingInProgress = true;
await RekeyingTasks.UpdateAsync(task);
var aggregatedStringLogger = new RekeyingAttemptLogger(log)
{
UserDisplayName =
claimsPrincipal.FindFirst(ClaimTypes.GivenName)?.Value +
" " +
claimsPrincipal.FindFirst(ClaimTypes.Surname)?.Value,
UserEmail = claimsPrincipal.FindFirst(ClaimTypes.Email)?.Value
};
try
{
await ExecuteRekeyingWorkflow(task, aggregatedStringLogger);
task.RekeyingInProgress = false;
task.RekeyingCompleted = aggregatedStringLogger.IsSuccessfulAttempt;
task.RekeyingFailed = !aggregatedStringLogger.IsSuccessfulAttempt;
}
catch (Exception ex)
{
task.RekeyingInProgress = false;
task.RekeyingCompleted = false;
task.RekeyingFailed = true;
if (aggregatedStringLogger.OuterException == null)
{
aggregatedStringLogger.OuterException = JsonConvert.SerializeObject(ex, Formatting.Indented);
}
}
task.Attempts.Add(aggregatedStringLogger);
await RekeyingTasks.UpdateAsync(task);
if (task.RekeyingFailed)
{
return(new BadRequestErrorMessageResult(aggregatedStringLogger.OuterException));
}
else
{
return(new OkResult());
}
}
else
{
log.LogError("Task does not support an Administrator's approval!");
return(new BadRequestErrorMessageResult("Task does not support an Administrator's approval!"));
}
}