{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CognitoIdentityProvider.AdminDisableProviderForUser
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Prevents the user from signing in with the specified external (SAML or
-- social) identity provider (IdP). If the user that you want to deactivate
-- is a Amazon Cognito user pools native username + password user, they
-- can\'t use their password to sign in. If the user to deactivate is a
-- linked external IdP user, any link between that user and an existing
-- user is removed. When the external user signs in again, and the user is
-- no longer attached to the previously linked @DestinationUser@, the user
-- must create a new user account. See
-- <https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html AdminLinkProviderForUser>.
--
-- This action is enabled only for admin access and requires developer
-- credentials.
--
-- The @ProviderName@ must match the value specified when creating an IdP
-- for the pool.
--
-- To deactivate a native username + password user, the @ProviderName@
-- value must be @Cognito@ and the @ProviderAttributeName@ must be
-- @Cognito_Subject@. The @ProviderAttributeValue@ must be the name that is
-- used in the user pool for the user.
--
-- The @ProviderAttributeName@ must always be @Cognito_Subject@ for social
-- IdPs. The @ProviderAttributeValue@ must always be the exact subject that
-- was used when the user was originally linked as a source user.
--
-- For de-linking a SAML identity, there are two scenarios. If the linked
-- identity has not yet been used to sign in, the @ProviderAttributeName@
-- and @ProviderAttributeValue@ must be the same values that were used for
-- the @SourceUser@ when the identities were originally linked using
-- @ AdminLinkProviderForUser@ call. (If the linking was done with
-- @ProviderAttributeName@ set to @Cognito_Subject@, the same applies
-- here). However, if the user has already signed in, the
-- @ProviderAttributeName@ must be @Cognito_Subject@ and
-- @ProviderAttributeValue@ must be the subject of the SAML assertion.
module Amazonka.CognitoIdentityProvider.AdminDisableProviderForUser
  ( -- * Creating a Request
    AdminDisableProviderForUser (..),
    newAdminDisableProviderForUser,

    -- * Request Lenses
    adminDisableProviderForUser_userPoolId,
    adminDisableProviderForUser_user,

    -- * Destructuring the Response
    AdminDisableProviderForUserResponse (..),
    newAdminDisableProviderForUserResponse,

    -- * Response Lenses
    adminDisableProviderForUserResponse_httpStatus,
  )
where

import Amazonka.CognitoIdentityProvider.Types
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response

-- | /See:/ 'newAdminDisableProviderForUser' smart constructor.
data AdminDisableProviderForUser = AdminDisableProviderForUser'
  { -- | The user pool ID for the user pool.
    AdminDisableProviderForUser -> Text
userPoolId :: Prelude.Text,
    -- | The user to be disabled.
    AdminDisableProviderForUser -> ProviderUserIdentifierType
user :: ProviderUserIdentifierType
  }
  deriving (AdminDisableProviderForUser -> AdminDisableProviderForUser -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: AdminDisableProviderForUser -> AdminDisableProviderForUser -> Bool
$c/= :: AdminDisableProviderForUser -> AdminDisableProviderForUser -> Bool
== :: AdminDisableProviderForUser -> AdminDisableProviderForUser -> Bool
$c== :: AdminDisableProviderForUser -> AdminDisableProviderForUser -> Bool
Prelude.Eq, ReadPrec [AdminDisableProviderForUser]
ReadPrec AdminDisableProviderForUser
Int -> ReadS AdminDisableProviderForUser
ReadS [AdminDisableProviderForUser]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [AdminDisableProviderForUser]
$creadListPrec :: ReadPrec [AdminDisableProviderForUser]
readPrec :: ReadPrec AdminDisableProviderForUser
$creadPrec :: ReadPrec AdminDisableProviderForUser
readList :: ReadS [AdminDisableProviderForUser]
$creadList :: ReadS [AdminDisableProviderForUser]
readsPrec :: Int -> ReadS AdminDisableProviderForUser
$creadsPrec :: Int -> ReadS AdminDisableProviderForUser
Prelude.Read, Int -> AdminDisableProviderForUser -> ShowS
[AdminDisableProviderForUser] -> ShowS
AdminDisableProviderForUser -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [AdminDisableProviderForUser] -> ShowS
$cshowList :: [AdminDisableProviderForUser] -> ShowS
show :: AdminDisableProviderForUser -> String
$cshow :: AdminDisableProviderForUser -> String
showsPrec :: Int -> AdminDisableProviderForUser -> ShowS
$cshowsPrec :: Int -> AdminDisableProviderForUser -> ShowS
Prelude.Show, forall x.
Rep AdminDisableProviderForUser x -> AdminDisableProviderForUser
forall x.
AdminDisableProviderForUser -> Rep AdminDisableProviderForUser x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep AdminDisableProviderForUser x -> AdminDisableProviderForUser
$cfrom :: forall x.
AdminDisableProviderForUser -> Rep AdminDisableProviderForUser x
Prelude.Generic)

-- |
-- Create a value of 'AdminDisableProviderForUser' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'userPoolId', 'adminDisableProviderForUser_userPoolId' - The user pool ID for the user pool.
--
-- 'user', 'adminDisableProviderForUser_user' - The user to be disabled.
newAdminDisableProviderForUser ::
  -- | 'userPoolId'
  Prelude.Text ->
  -- | 'user'
  ProviderUserIdentifierType ->
  AdminDisableProviderForUser
newAdminDisableProviderForUser :: Text -> ProviderUserIdentifierType -> AdminDisableProviderForUser
newAdminDisableProviderForUser Text
pUserPoolId_ ProviderUserIdentifierType
pUser_ =
  AdminDisableProviderForUser'
    { $sel:userPoolId:AdminDisableProviderForUser' :: Text
userPoolId =
        Text
pUserPoolId_,
      $sel:user:AdminDisableProviderForUser' :: ProviderUserIdentifierType
user = ProviderUserIdentifierType
pUser_
    }

-- | The user pool ID for the user pool.
adminDisableProviderForUser_userPoolId :: Lens.Lens' AdminDisableProviderForUser Prelude.Text
adminDisableProviderForUser_userPoolId :: Lens' AdminDisableProviderForUser Text
adminDisableProviderForUser_userPoolId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminDisableProviderForUser' {Text
userPoolId :: Text
$sel:userPoolId:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> Text
userPoolId} -> Text
userPoolId) (\s :: AdminDisableProviderForUser
s@AdminDisableProviderForUser' {} Text
a -> AdminDisableProviderForUser
s {$sel:userPoolId:AdminDisableProviderForUser' :: Text
userPoolId = Text
a} :: AdminDisableProviderForUser)

-- | The user to be disabled.
adminDisableProviderForUser_user :: Lens.Lens' AdminDisableProviderForUser ProviderUserIdentifierType
adminDisableProviderForUser_user :: Lens' AdminDisableProviderForUser ProviderUserIdentifierType
adminDisableProviderForUser_user = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminDisableProviderForUser' {ProviderUserIdentifierType
user :: ProviderUserIdentifierType
$sel:user:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> ProviderUserIdentifierType
user} -> ProviderUserIdentifierType
user) (\s :: AdminDisableProviderForUser
s@AdminDisableProviderForUser' {} ProviderUserIdentifierType
a -> AdminDisableProviderForUser
s {$sel:user:AdminDisableProviderForUser' :: ProviderUserIdentifierType
user = ProviderUserIdentifierType
a} :: AdminDisableProviderForUser)

instance Core.AWSRequest AdminDisableProviderForUser where
  type
    AWSResponse AdminDisableProviderForUser =
      AdminDisableProviderForUserResponse
  request :: (Service -> Service)
-> AdminDisableProviderForUser
-> Request AdminDisableProviderForUser
request Service -> Service
overrides =
    forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a
Request.postJSON (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy AdminDisableProviderForUser
-> ClientResponse ClientBody
-> m (Either
        Error (ClientResponse (AWSResponse AdminDisableProviderForUser)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
(Int -> ResponseHeaders -> () -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveEmpty
      ( \Int
s ResponseHeaders
h ()
x ->
          Int -> AdminDisableProviderForUserResponse
AdminDisableProviderForUserResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable AdminDisableProviderForUser where
  hashWithSalt :: Int -> AdminDisableProviderForUser -> Int
hashWithSalt Int
_salt AdminDisableProviderForUser' {Text
ProviderUserIdentifierType
user :: ProviderUserIdentifierType
userPoolId :: Text
$sel:user:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> ProviderUserIdentifierType
$sel:userPoolId:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
userPoolId
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` ProviderUserIdentifierType
user

instance Prelude.NFData AdminDisableProviderForUser where
  rnf :: AdminDisableProviderForUser -> ()
rnf AdminDisableProviderForUser' {Text
ProviderUserIdentifierType
user :: ProviderUserIdentifierType
userPoolId :: Text
$sel:user:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> ProviderUserIdentifierType
$sel:userPoolId:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Text
userPoolId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf ProviderUserIdentifierType
user

instance Data.ToHeaders AdminDisableProviderForUser where
  toHeaders :: AdminDisableProviderForUser -> ResponseHeaders
toHeaders =
    forall a b. a -> b -> a
Prelude.const
      ( forall a. Monoid a => [a] -> a
Prelude.mconcat
          [ HeaderName
"X-Amz-Target"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"AWSCognitoIdentityProviderService.AdminDisableProviderForUser" ::
                          Prelude.ByteString
                      ),
            HeaderName
"Content-Type"
              forall a. ToHeader a => HeaderName -> a -> ResponseHeaders
Data.=# ( ByteString
"application/x-amz-json-1.1" ::
                          Prelude.ByteString
                      )
          ]
      )

instance Data.ToJSON AdminDisableProviderForUser where
  toJSON :: AdminDisableProviderForUser -> Value
toJSON AdminDisableProviderForUser' {Text
ProviderUserIdentifierType
user :: ProviderUserIdentifierType
userPoolId :: Text
$sel:user:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> ProviderUserIdentifierType
$sel:userPoolId:AdminDisableProviderForUser' :: AdminDisableProviderForUser -> Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ forall a. a -> Maybe a
Prelude.Just (Key
"UserPoolId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= Text
userPoolId),
            forall a. a -> Maybe a
Prelude.Just (Key
"User" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..= ProviderUserIdentifierType
user)
          ]
      )

instance Data.ToPath AdminDisableProviderForUser where
  toPath :: AdminDisableProviderForUser -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery AdminDisableProviderForUser where
  toQuery :: AdminDisableProviderForUser -> QueryString
toQuery = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

-- | /See:/ 'newAdminDisableProviderForUserResponse' smart constructor.
data AdminDisableProviderForUserResponse = AdminDisableProviderForUserResponse'
  { -- | The response's http status code.
    AdminDisableProviderForUserResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (AdminDisableProviderForUserResponse
-> AdminDisableProviderForUserResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: AdminDisableProviderForUserResponse
-> AdminDisableProviderForUserResponse -> Bool
$c/= :: AdminDisableProviderForUserResponse
-> AdminDisableProviderForUserResponse -> Bool
== :: AdminDisableProviderForUserResponse
-> AdminDisableProviderForUserResponse -> Bool
$c== :: AdminDisableProviderForUserResponse
-> AdminDisableProviderForUserResponse -> Bool
Prelude.Eq, ReadPrec [AdminDisableProviderForUserResponse]
ReadPrec AdminDisableProviderForUserResponse
Int -> ReadS AdminDisableProviderForUserResponse
ReadS [AdminDisableProviderForUserResponse]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [AdminDisableProviderForUserResponse]
$creadListPrec :: ReadPrec [AdminDisableProviderForUserResponse]
readPrec :: ReadPrec AdminDisableProviderForUserResponse
$creadPrec :: ReadPrec AdminDisableProviderForUserResponse
readList :: ReadS [AdminDisableProviderForUserResponse]
$creadList :: ReadS [AdminDisableProviderForUserResponse]
readsPrec :: Int -> ReadS AdminDisableProviderForUserResponse
$creadsPrec :: Int -> ReadS AdminDisableProviderForUserResponse
Prelude.Read, Int -> AdminDisableProviderForUserResponse -> ShowS
[AdminDisableProviderForUserResponse] -> ShowS
AdminDisableProviderForUserResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [AdminDisableProviderForUserResponse] -> ShowS
$cshowList :: [AdminDisableProviderForUserResponse] -> ShowS
show :: AdminDisableProviderForUserResponse -> String
$cshow :: AdminDisableProviderForUserResponse -> String
showsPrec :: Int -> AdminDisableProviderForUserResponse -> ShowS
$cshowsPrec :: Int -> AdminDisableProviderForUserResponse -> ShowS
Prelude.Show, forall x.
Rep AdminDisableProviderForUserResponse x
-> AdminDisableProviderForUserResponse
forall x.
AdminDisableProviderForUserResponse
-> Rep AdminDisableProviderForUserResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep AdminDisableProviderForUserResponse x
-> AdminDisableProviderForUserResponse
$cfrom :: forall x.
AdminDisableProviderForUserResponse
-> Rep AdminDisableProviderForUserResponse x
Prelude.Generic)

-- |
-- Create a value of 'AdminDisableProviderForUserResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'httpStatus', 'adminDisableProviderForUserResponse_httpStatus' - The response's http status code.
newAdminDisableProviderForUserResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  AdminDisableProviderForUserResponse
newAdminDisableProviderForUserResponse :: Int -> AdminDisableProviderForUserResponse
newAdminDisableProviderForUserResponse Int
pHttpStatus_ =
  AdminDisableProviderForUserResponse'
    { $sel:httpStatus:AdminDisableProviderForUserResponse' :: Int
httpStatus =
        Int
pHttpStatus_
    }

-- | The response's http status code.
adminDisableProviderForUserResponse_httpStatus :: Lens.Lens' AdminDisableProviderForUserResponse Prelude.Int
adminDisableProviderForUserResponse_httpStatus :: Lens' AdminDisableProviderForUserResponse Int
adminDisableProviderForUserResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AdminDisableProviderForUserResponse' {Int
httpStatus :: Int
$sel:httpStatus:AdminDisableProviderForUserResponse' :: AdminDisableProviderForUserResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: AdminDisableProviderForUserResponse
s@AdminDisableProviderForUserResponse' {} Int
a -> AdminDisableProviderForUserResponse
s {$sel:httpStatus:AdminDisableProviderForUserResponse' :: Int
httpStatus = Int
a} :: AdminDisableProviderForUserResponse)

instance
  Prelude.NFData
    AdminDisableProviderForUserResponse
  where
  rnf :: AdminDisableProviderForUserResponse -> ()
rnf AdminDisableProviderForUserResponse' {Int
httpStatus :: Int
$sel:httpStatus:AdminDisableProviderForUserResponse' :: AdminDisableProviderForUserResponse -> Int
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus