feat(Reg.cshtml): Zeitüberschreitung hinzugefügt.

- TFARegController.Reg aktualisiert, um die Seite _Expired view zu senden, wenn receiver.TfaRegDeadline abläuft. - TFARegParams Klasse für TimeLimit Configuration erstellt und mit appsettings konfiguriert.
2025-02-06 17:59:19 +01:00 · 2025-02-06 17:59:19 +01:00 · 1720e137f9
commit 1720e137f9
parent 3e6e2078bb
8 changed files with 71 additions and 4 deletions
--- a/EnvelopeGenerator.Web/Controllers/HomeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs
@ -243,6 +243,7 @@ public class HomeController : ViewControllerBase
        try
        {
            ViewData["UserCulture"] = _cultures[UserLanguage];
+            ViewData["EnvelopeKey"] = envelopeReceiverId;

            envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
            (string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
@ -292,7 +293,6 @@ public class HomeController : ViewControllerBase
            //continue the process without important data to minimize security errors.
            EnvelopeReceiverDto er = er_secret;

-            ViewData["EnvelopeKey"] = envelopeReceiverId;
            //check rejection
            var rejRcvrs = await _historyService.ReadRejectingReceivers(er.Envelope!.Id);
            if(rejRcvrs.Any())
--- a/EnvelopeGenerator.Web/Controllers/TFARegController.cs
+++ b/EnvelopeGenerator.Web/Controllers/TFARegController.cs
@ -7,6 +7,7 @@ using Microsoft.Extensions.Localization;
 using EnvelopeGenerator.Application.Resources;
 using DigitalData.Core.DTO;
 using EnvelopeGenerator.Application.Extensions;
+using Microsoft.Extensions.Options;

 namespace EnvelopeGenerator.Web.Controllers;

@ -17,12 +18,14 @@ public class TFARegController : ViewControllerBase
    private readonly IEnvelopeReceiverService _envRcvService;
    private readonly IAuthenticator _authenticator;
    private readonly IReceiverService _rcvService;
+    private readonly TFARegParams _params;

-    public TFARegController(ILogger<TFARegController> logger, HtmlSanitizer sanitizer, Cultures cultures, IStringLocalizer<Resource> localizer, IEnvelopeReceiverService erService, IAuthenticator authenticator, IReceiverService receiverService) : base(logger, sanitizer, cultures, localizer)
+    public TFARegController(ILogger<TFARegController> logger, HtmlSanitizer sanitizer, Cultures cultures, IStringLocalizer<Resource> localizer, IEnvelopeReceiverService erService, IAuthenticator authenticator, IReceiverService receiverService, IOptions<TFARegParams> tfaRegParamsOptions) : base(logger, sanitizer, cultures, localizer)
    {
        _envRcvService = erService;
        _authenticator = authenticator;
        _rcvService = receiverService;
+        _params = tfaRegParamsOptions.Value;
    }

    [HttpGet("{envelopeReceiverId}")]
@ -56,6 +59,18 @@ public class TFARegController : ViewControllerBase
        rcv.TotpExpiration = DateTime.Now.AddMonths(1);
        await _rcvService.UpdateAsync(rcv);
        var totp_qr_64 = _authenticator.GenerateTotpQrCode(userEmail: rcv.EmailAddress, secretKey: rcv.TotpSecretkey).ToBase64String();
+
+        // Calculate RFA registiration deadline
+        if(rcv.TfaRegDeadline is null)
+        {
+            rcv.TfaRegDeadline = _params.Deadline;
+            await _rcvService.UpdateAsync(rcv);
+        }
+        else if(rcv.TfaRegDeadline <= DateTime.Now)
+            return View("_Expired");
+
+        ViewData["RegDeadline"] = rcv.TfaRegDeadline;
+
        ViewData["TotpQR64"] = totp_qr_64;

        return View();
--- a/EnvelopeGenerator.Web/Models/TFARegParams.cs
+++ b/EnvelopeGenerator.Web/Models/TFARegParams.cs
@ -0,0 +1,17 @@
+namespace EnvelopeGenerator.Web.Models;
+
+/// <summary>
+/// Represents the parameters for two-factor authentication (2FA) registration.
+/// </summary>
+public class TFARegParams
+{
+    /// <summary>
+    /// The maximum allowed time for completing the registration process.
+    /// </summary>
+    public TimeSpan TimeLimit { get; init; } = new(0, 30, 0);
+
+    /// <summary>
+    /// The deadline for registration, calculated as the current time plus the <see cref="TimeLimit"/>.
+    /// </summary>
+    public DateTime Deadline => DateTime.Now.AddTicks(TimeLimit.Ticks);
+}
--- a/EnvelopeGenerator.Web/Program.cs
+++ b/EnvelopeGenerator.Web/Program.cs
@ -49,6 +49,8 @@ try
    // Add higher order services
    builder.Services.AddScoped<EnvelopeOldService>();

+    builder.ConfigureBySection<TFARegParams>();
+
    // Add controllers and razor views
    builder.Services.AddControllersWithViews(options =>
    {
--- a/EnvelopeGenerator.Web/Views/Home/EnvelopeLocked.cshtml
+++ b/EnvelopeGenerator.Web/Views/Home/EnvelopeLocked.cshtml
@ -42,7 +42,7 @@
            </a>
             um Ihre Authenticator-App einzurichten.
        </p>
-        </section>
+    </section>
    }
    <section class="text-center">
        <p>@_localizer[WebKey.Formats.LockedBody.Format(codeKeyName)].Value.Format(qrCodeExpiration.ToString())</p>
--- a/EnvelopeGenerator.Web/Views/Shared/_Expired.cshtml
+++ b/EnvelopeGenerator.Web/Views/Shared/_Expired.cshtml
@ -0,0 +1,25 @@
+@{
+    ViewData["Title"] = "Abgelaufen";
+    var head = ViewData["Head"] as string ?? "Abgelaufen!";
+    var body = ViewData["Body"] as string ?? "Die Gültigkeitsdauer der Verbindung ist abgelaufen.";
+}
+<div class="page container p-5">
+    <header class="text-center">
+        <div class="icon expired">
+            <svg width="72" height="72" viewBox="0 0 48 48" version="1" xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 48 48">
+                <circle fill="#00ACC1" cx="17" cy="17" r="14" />
+                <circle fill="#eee" cx="17" cy="17" r="11" />
+                <rect x="16" y="8" width="2" height="9" />
+                <rect x="18.2" y="16" transform="matrix(-.707 .707 -.707 -.707 46.834 19.399)" width="2.4" height="6.8" />
+                <circle cx="17" cy="17" r="2" />
+                <circle fill="#00ACC1" cx="17" cy="17" r="1" />
+                <path fill="#FFC107" d="M11.9,42l14.4-24.1c0.8-1.3,2.7-1.3,3.4,0L44.1,42c0.8,1.3-0.2,3-1.7,3H13.6C12.1,45,11.1,43.3,11.9,42z" />
+                <path fill="#263238" d="M26.4,39.9c0-0.2,0-0.4,0.1-0.6s0.2-0.3,0.3-0.5s0.3-0.2,0.5-0.3s0.4-0.1,0.6-0.1s0.5,0,0.7,0.1 s0.4,0.2,0.5,0.3s0.2,0.3,0.3,0.5s0.1,0.4,0.1,0.6s0,0.4-0.1,0.6s-0.2,0.3-0.3,0.5s-0.3,0.2-0.5,0.3s-0.4,0.1-0.7,0.1 s-0.5,0-0.6-0.1s-0.4-0.2-0.5-0.3s-0.2-0.3-0.3-0.5S26.4,40.1,26.4,39.9z M29.2,36.8h-2.3L26.5,27h3L29.2,36.8z" />
+            </svg>
+        </div>
+        <h1>@head</h1>
+    </header>
+    <section class="text-center">
+        <p>@body</p>
+    </section>
+</div>
--- a/EnvelopeGenerator.Web/Views/TFAReg/Reg.cshtml
+++ b/EnvelopeGenerator.Web/Views/TFAReg/Reg.cshtml
@ -1,6 +1,8 @@
-@{
+@using System.Globalization
+@{
    ViewData["Title"] = "2FA Registrierung";
    var totpQR64 = ViewData["TotpQR64"] as string;
+    var regDeadline = ViewData["RegDeadline"] is DateTime _dateTime ? _dateTime : throw new InvalidOperationException("RegDeadline is not added to view in Reg.cshtml view.");
 }
 <div class="page container p-5">
    <header class="text-center">
@ -13,6 +15,9 @@
        <h2 class="mb-0">2-Factor Authentication (2FA)</h2>
        <h2>Registrierung</h2>
    </header>
+    <section class="text-center">
+        <p class="p-0 m-0"> @string.Format("Diese Seite ist bis {0} sichtbar.", regDeadline.ToString("d. MMM, HH:mm", new CultureInfo("de-DE")))</p>
+    </section>
    <section class="text-start mt-4">
        <div class="accordion" id="tfaRegStep">
            <div class="accordion-item">
--- a/EnvelopeGenerator.Web/appsettings.json
+++ b/EnvelopeGenerator.Web/appsettings.json
@ -128,5 +128,8 @@
    "QueryParams": {
      "from": "signFlow"
    }
+  },
+  "TFARegParams": {
+    "TimeLimit": "00:30:00"
  }
 }