コード例 #1
0
        public async Task <IActionResult> Run(
            [HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req,
            ILogger log)
        {
            log.LogInformation("C# HTTP trigger function processed a request.");
            // validate client token
            string clientToken = req.Query["client_token"];

            if (string.IsNullOrWhiteSpace(clientToken))
            {
                return(CreateErrorResponse("client_token is missing", StatusCodes.Status401Unauthorized));
            }
            var(validateResult, clientTokenMessage, payload) = TokenService.ValidateClientToken(clientToken, Configurations.JWTToken.TokenClientSecret,
                                                                                                Configurations.JWTToken.TokenIssuer, Configurations.JWTToken.TokenSubject);
            if (!validateResult)
            {
                return(CreateErrorResponse(clientTokenMessage, StatusCodes.Status401Unauthorized));
            }

            // then validate refresh token
            string refreshToken = req.Query["refresh_token"];

            if (string.IsNullOrWhiteSpace(refreshToken))
            {
                return(CreateErrorResponse("refresh_token is missing"));
            }

            string source = req.Query["source"];
            string userId;

            if (source == "cognito")
            {
                var adToken = await CognitoService.Instance.GetAccessToken(refreshToken);

                if (adToken == null || string.IsNullOrWhiteSpace(adToken.AccessToken))
                {
                    return(CreateErrorResponse($"refresh_token is invalid: {refreshToken} ", StatusCodes.Status401Unauthorized));
                }

                // Validate the access token, then get id and group name
                var(result, message, id, _) = await CognitoService.Instance.ValidateAccessToken(adToken.AccessToken);

                if (!result)
                {
                    log.LogError($"can not get access token from refresh token {refreshToken}");
                    return(CreateErrorResponse(message, StatusCodes.Status403Forbidden));
                }

                var customUserId = await CognitoService.Instance.GetCustomUserId(id);

                if (string.IsNullOrWhiteSpace(customUserId))
                {
                    return(CreateErrorResponse($"user {id} does not have custom id", StatusCodes.Status500InternalServerError));
                }

                userId = customUserId;
                var adUser = await ADUser.FindById(customUserId);

                if (adUser != null)
                {
                    await adUser.SetEnable(false);
                }

                await CognitoService.Instance.SetAccountEable(id, false);
            }
            else
            {
                // get access token by refresh token
                var adToken = await ADAccess.Instance.RefreshToken(refreshToken);

                if (adToken == null || string.IsNullOrWhiteSpace(adToken.AccessToken))
                {
                    return(CreateErrorResponse($"refresh_token is invalid: {refreshToken} ", StatusCodes.Status401Unauthorized));
                }

                string email = req.Query["email"];
                // validate email address
                if (string.IsNullOrWhiteSpace(email))
                {
                    return(CreateErrorResponse($"Email is empty"));
                }

                if (!email.IsValidEmailAddress())
                {
                    return(CreateErrorResponse($"Email {email} is invalid"));
                }

                email = email.NormalizeEmail();

                var adUser = await ADUser.FindByEmail(email);

                if (adUser == null)
                {
                    return(CreateErrorResponse($"Can not find user {email}"));
                }

                userId = adUser.ObjectId;
                log.LogInformation($"Delete user {userId}, {email}");

                await adUser.SetEnable(false);
            }


            // delete cosmos user
            var dataService = new DataService();

            await DeleteUserRecords(dataService, "User", null,
                                    new QueryDefinition("select * from c where c.id = @id").WithParameter("@id", userId));

            foreach (var table in Configurations.Cosmos.UserTablesToClear)
            {
                await DeleteUserRecords(dataService, table, userId);
            }

            return(CreateSuccessResponse());
        }