onDeleteAccount.js

const { cozyClient, log } = require('cozy-konnector-libs')
const getAccountId = require('./helpers/getAccountId')
const getAccountRev = require('./helpers/getAccountRev')
const getAccountSecret = require('./helpers/getAccountSecret')
const moment = require('moment')
require('moment-timezone')
moment.locale('fr') // set the language
moment.tz.setDefault('Europe/Paris') // set the timezone

async function onDeleteAccount(accountId) {
  const accountRev = getAccountRev()
  if (accountRev) {
    try {
      let body = ''
      let access_token = ''
      body = await cozyClient.fetchJSON(
        'GET',
        `/data/io.cozy.accounts/${accountId}?rev=${accountRev}`
      )
      if (body.oauth.access_token) {
        access_token = body.oauth.access_token
      } else {
        throw new Error(
          'cozyClient.fetchJson account_rev has encountered an error'
        )
      }
      if (moment().diff(body.oauth.expires_at) > 0) {
        // token is expired, need a new one. grdf does not provide a refresh token
        // so we request a new one from a client_credentials query
        // first we fetch credentials secrets from account-type
        const accountSecret = getAccountSecret()
        if (accountSecret) {
          var myTokenHeaders = new Headers()
          myTokenHeaders.append(
            'Content-Type',
            'application/x-www-form-urlencoded'
          )
          var urlencoded = new URLSearchParams()
          urlencoded.append('grant_type', 'client_credentials')
          urlencoded.append('client_id', accountSecret.client_id)
          urlencoded.append('client_secret', accountSecret.client_secret)
          urlencoded.append('scope', '/adict/v1')

          var requestOptionsToken = {
            method: 'POST',
            headers: myTokenHeaders,
            body: urlencoded,
            redirect: 'follow'
          }

          access_token = await fetch(
            'https://sofit-sso-oidc.grdf.fr/openam/oauth2/realms/externeGrdf/access_token',
            requestOptionsToken
          )
            .then(async response => {
              if (response.status !== 200) {
                throw new Error(response.status + ' - ' + response.statusText)
              }
              return response.text()
            })
            .then(result => {
              return result.match(/.+/g).map(s => {
                result = JSON.parse(s)
                if (result.access_token) {
                  return result.access_token
                }
              })
            })
            .catch(error => {
              log('debug', 'Error from get access_token [onDeleteAccount]')
              throw error
            })
        } else {
          throw new Error(
            'Access Token is expired and konnector failed to get a new one'
          )
        }
      }

      var myHeaders = new Headers()
      myHeaders.append('Content-Type', 'application/json')
      myHeaders.append('Accept', 'application/x-ndjson')
      myHeaders.append('Authorization', 'Bearer ' + access_token)
      var raw = JSON.stringify({
        role_tiers: ['AUTORISE_CONTRAT_FOURNITURE'],
        etat_droit_acces: ['Active'],
        id_pce: [body.oauth_callback_results.pce]
      })
      var requestOptions = {
        method: 'POST',
        headers: myHeaders,
        body: raw,
        redirect: 'follow'
      }

      let accessRights = await fetch(
        'https://api.grdf.fr/adict/v1/droits_acces',
        requestOptions
      )
        .then(async response => {
          if (response.status !== 200) {
            throw new Error(response.status + ' - ' + response.statusText)
          }
          return response.text()
        })
        .then(result => {
          return result.match(/.+/g).map(s => {
            result = JSON.parse(s)
            if (result.id_droit_acces !== null) {
              return result.id_droit_acces
            }
          })
        })
        .catch(error => {
          log('debug', 'Error from get droits_access')
          throw error
        })

      // remove unwanted commas
      accessRights = accessRights.toString().replace(/,\s*$/, '')
      if (accessRights) {
        var myDeleteHeaders = new Headers()
        myDeleteHeaders.append('Cache-Control', 'no-cache')
        myDeleteHeaders.append('Content-Type', 'application/json')
        myDeleteHeaders.append('Authorization', 'Bearer ' + access_token)

        var deleteRaw = JSON.stringify({})

        var deleteRequestOptions = {
          method: 'PATCH',
          headers: myDeleteHeaders,
          body: deleteRaw,
          redirect: 'follow'
        }

        var url = 'https://api.grdf.fr/adict/v1/droit_acces/' + accessRights

        await fetch(url, deleteRequestOptions)
          .then(async response => {
            if (response.status !== 200) {
              throw new Error(response.status + ' - ' + response.statusText)
            }
            return response.text()
          })
          .catch(error => {
            log('debug', 'Error from delete droits_access')
            throw error
          })

        log('debug', 'Active consent was successfully removed')
      } else {
        log('debug', 'No active consent')
        throw new Error('No active access right was found for given user')
      }
    } catch (err) {
      log(
        'warn',
        `Error while trying to remove grdf consent (for ${accountRev}): ${err.message}`
      )
    }
  } else {
    throw new Error(
      'No account revision was found, something went wrong during the deletion of said account'
    )
  }
}

const accountId = getAccountId()
onDeleteAccount(accountId).then(
  () => {
    log(
      'info',
      `onDeleteAccount: Successfully retrieved grdf account from account doctype.`
    )
  },
  err => {
    log(
      'error',
      `onDeleteAccount: An error occured during getGrdfAccountInfos script: ${err.message}`
    )
  }
)

module.exports = { onDeleteAccount }