public async Task <IActionResult> AcceptOrganisationInvite( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "OrganisationInvite/{OrganisationInviteId}")] HttpRequest req, ILogger log) { log.LogInformation("C# HTTP trigger function(AcceptOrganisationInvite) processed a request."); try { var accessTokenResult = _tokenProvider.ValidateToken(req); if (accessTokenResult.Status != AccessTokenStatus.Valid) { return(new UnauthorizedResult()); } string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); var organisationInvite = JsonConvert.DeserializeObject <OrganisationInvite>(requestBody); Guid userAccountId = new Guid(accessTokenResult.Principal.Claims.First(c => c.Type == "UserAccount").Value); var organisationInviteRepo = new OrganisationInviteRepository(); organisationInvite = organisationInviteRepo.GetOrganisationInviteById(organisationInvite.OrganisationInviteId); if (userAccountId != organisationInvite.InviteeId) { return(new BadRequestObjectResult("User sending request is not the invitee")); } var organisationMembership = new OrganisationMembership() { OrganisationId = organisationInvite.OrganisationId, UserAccountId = organisationInvite.InviteeId, OrganisationInviteId = organisationInvite.OrganisationInviteId, UserType = organisationInvite.InviteUserType }; var organisationMembershipRepo = new OrganisationMembershipRepository(); if (organisationMembershipRepo.AlreadyHasAMembershipInOrganisation(userAccountId, organisationInvite.OrganisationId)) { return(new BadRequestObjectResult("User already a member of this Organisation.")); } organisationMembershipRepo.CreateOrganisationMembership(organisationMembership); organisationInviteRepo.UseOrganisationInvite(organisationInvite.OrganisationInviteId); // return JWT with the newly joined Organisation's Id var jwt = _tokenCreator.CreateToken(userAccountId, organisationInvite.OrganisationId); return(new OkObjectResult(jwt)); } catch (Exception exception) { return(new BadRequestObjectResult(exception.Message)); } }
public async Task <IActionResult> CreateOrganisation( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "Organisation/CreateOrganisation")] HttpRequest req, ILogger log) { log.LogInformation("C# HTTP trigger function(CreateOrganisation) processed a request."); try { var accessTokenResult = _tokenProvider.ValidateToken(req); if (accessTokenResult.Status == AccessTokenStatus.Valid) { Guid userAccountId = new Guid(accessTokenResult.Principal.Claims.First(c => c.Type == "UserAccount").Value); log.LogInformation($"JWT validated for UserAccount: {userAccountId}."); string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); var organisationCreateModel = JsonConvert.DeserializeObject <OrganisationCreateModel>(requestBody); var organisation = new Organisation() { OrganisationName = organisationCreateModel.OrganisationName, CreatedById = userAccountId }; var organisationRepo = new OrganisationRepository(); var organisationId = organisationRepo.CreateOrganisation(organisation); var organisationMembership = new OrganisationMembership() { OrganisationId = organisationId, UserAccountId = userAccountId, UserType = UserType.OrganisationOwner, OrganisationInviteId = null }; // store the OrganisationMembership var organisationMembershipRepo = new OrganisationMembershipRepository(); organisationMembershipRepo.CreateOrganisationMembership(organisationMembership); // create JWT with the OrganisationId as var jwt = _tokenCreator.CreateToken(userAccountId, organisationId); return(new OkObjectResult(jwt)); } else { return(new UnauthorizedResult()); } } catch (Exception exception) { return(new BadRequestObjectResult(exception.Message)); } }
public async Task <IActionResult> DeleteOrganisation( [HttpTrigger(AuthorizationLevel.Anonymous, "delete", Route = "Organisation/DeleteOrganisation")] HttpRequest req, ILogger log) { log.LogInformation("C# HTTP trigger function(DeleteOrganisation) processed a request."); try { // Validate JWT var accessTokenResult = _tokenProvider.ValidateToken(req); if (accessTokenResult.Status != AccessTokenStatus.Valid) { return(new UnauthorizedResult()); } string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); var userAccountCreateModel = JsonConvert.DeserializeObject <UserAccountCreateModel>(requestBody); // Validate Email/Password var loginManager = new LoginManager(); var loginResult = loginManager.AttemptLogin(userAccountCreateModel.EmailAddress, userAccountCreateModel.Password); if (loginResult.Status != LoginStatus.Success) { return(new BadRequestObjectResult(loginResult.FailureReason)); } Guid userAccountId = new Guid(accessTokenResult.Principal.Claims.First(c => c.Type == "UserAccount").Value); Guid organisationId = new Guid(accessTokenResult.Principal.Claims.First(c => c.Type == "Organisation").Value); // Make sure this UserAccount is the Organisation Owner var organisationMembershipRepository = new OrganisationMembershipRepository(); var organisationMembership = organisationMembershipRepository.GetOrganisationMembership(userAccountId, organisationId); if (organisationMembership.UserType == UserType.OrganisationOwner) { var organisationRepo = new OrganisationRepository(); bool deleted = organisationRepo.DeleteOrganisation(organisationId); return(new OkObjectResult(deleted)); } else { return(new UnauthorizedResult()); } } catch (Exception exception) { return(new BadRequestObjectResult(exception.Message)); } }
public async Task <IActionResult> ChangeActiveOrganisation([HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "Organisation/ChangeActiveOrganisation")] HttpRequest req, ILogger log) { log.LogInformation("C# HTTP trigger function(ChangeActiveOrganisation) processed a request."); try { // Validate JWT var accessTokenResult = _tokenProvider.ValidateToken(req); if (accessTokenResult.Status != AccessTokenStatus.Valid) { return(new UnauthorizedResult()); } string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); // not sure if I should check if this organisation exists first? var targetOrganisation = JsonConvert.DeserializeObject <Organisation>(requestBody); Guid userAccountId = new Guid(accessTokenResult.Principal.Claims.First(c => c.Type == "UserAccount").Value); Guid organisationId = new Guid(accessTokenResult.Principal.Claims.First(c => c.Type == "Organisation").Value); // Make sure this user is a member of the organisation var organisationMembershipRepository = new OrganisationMembershipRepository(); var organisationMembership = organisationMembershipRepository.GetOrganisationMembership(userAccountId, organisationId); if (organisationMembership != null) { // return JWT with UserAccountId var jwt = _tokenCreator.CreateToken(userAccountId, targetOrganisation.OrganisationId); return(new OkObjectResult(jwt)); } else { return(new ConflictObjectResult("User is not a member of this Organisation. Please contact support.")); } } catch (Exception exception) { return(new BadRequestObjectResult(exception.Message)); } }