AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refactor AuthController policy checks and response types

Browse Source 
Introduce IsUserInPolicyAsync for cleaner policy checks in AuthController and update Logout to use it. Adjust Logout's response type to void and improve documentation and formatting.
This commit is contained in:
tekh
2026-02-06 13:23:08 +01:00
parent bd0426dbee
commit 1b10162c85
1 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
EnvelopeGenerator.API/Controllers/AuthController.cs
View File

@@ -1,4 +1,3 @@
using EnvelopeGenerator.API.Extensions;
using EnvelopeGenerator.API.Models;
using EnvelopeGenerator.Domain.Constants;
using Microsoft.AspNetCore.Authentication;
@@ -18,6 +17,17 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions,
{
private readonly AuthTokenKeys authTokenKeys = authTokenKeyOptions.Value;
/// <summary>
/// Überprüft, ob der Benutzer über die angegebene Berechtigung verfügt.
/// </summary>
/// <param name="policyName"></param>
/// <returns></returns>
protected async Task<bool> IsUserInPolicyAsync(string policyName)
{
var result = await authService.AuthorizeAsync(User, policyName);
return result.Succeeded;
}
/// <summary>
/// Entfernt das Authentifizierungs-Cookie des Benutzers (AuthCookie)
/// </summary>
@@ -32,15 +42,15 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions,
/// </remarks>
/// <response code="200">Erfolgreich gelöscht, wenn der Benutzer ein berechtigtes Cookie hat.</response>
/// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
[ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
[ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
[ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
[Authorize(Policy = AuthPolicy.SenderOrReceiver)]
[HttpPost("logout")]
public async Task<IActionResult> Logout()
{
if (await authService.AuthorizePolicyAsync(User, AuthPolicy.Sender))
if (await IsUserInPolicyAsync(AuthPolicy.Sender))
Response.Cookies.Delete(authTokenKeys.Cookie);
else if (await authService.AuthorizePolicyAsync(User, AuthPolicy.ReceiverOrReceiverTFA))
else if (await IsUserInPolicyAsync(AuthPolicy.ReceiverOrReceiverTFA))
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
else
return Unauthorized();