From 1b10162c85874095c6222cb6b21c2661b761f055 Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Fri, 6 Feb 2026 13:23:08 +0100
Subject: [PATCH] Refactor AuthController policy checks and response types

Introduce IsUserInPolicyAsync for cleaner policy checks in AuthController and update Logout to use it. Adjust Logout's response type to void and improve documentation and formatting.
---
 .../Controllers/AuthController.cs              | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/EnvelopeGenerator.API/Controllers/AuthController.cs b/EnvelopeGenerator.API/Controllers/AuthController.cs
index cec9b1bd..2d39a880 100644
--- a/EnvelopeGenerator.API/Controllers/AuthController.cs
+++ b/EnvelopeGenerator.API/Controllers/AuthController.cs
@@ -1,4 +1,3 @@
-using EnvelopeGenerator.API.Extensions;
 using EnvelopeGenerator.API.Models;
 using EnvelopeGenerator.Domain.Constants;
 using Microsoft.AspNetCore.Authentication;
@@ -18,6 +17,17 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions,
 {
     private readonly AuthTokenKeys authTokenKeys = authTokenKeyOptions.Value;
 
+    /// <summary>
+    /// Überprüft, ob der Benutzer über die angegebene Berechtigung verfügt.
+    /// </summary>
+    /// <param name="policyName"></param>
+    /// <returns></returns>
+    protected async Task<bool> IsUserInPolicyAsync(string policyName)
+    {
+        var result = await authService.AuthorizeAsync(User, policyName);
+        return result.Succeeded;
+    }
+
     /// <summary>
     /// Entfernt das Authentifizierungs-Cookie des Benutzers (AuthCookie)
     /// </summary>
@@ -32,15 +42,15 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions,
     /// </remarks>
     /// <response code="200">Erfolgreich gelöscht, wenn der Benutzer ein berechtigtes Cookie hat.</response>
     /// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
-    [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
+    [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
     [Authorize(Policy = AuthPolicy.SenderOrReceiver)]
     [HttpPost("logout")]
     public async Task<IActionResult> Logout()
     {
-        if (await authService.AuthorizePolicyAsync(User, AuthPolicy.Sender))
+        if (await IsUserInPolicyAsync(AuthPolicy.Sender))
             Response.Cookies.Delete(authTokenKeys.Cookie);
-        else if (await authService.AuthorizePolicyAsync(User, AuthPolicy.ReceiverOrReceiverTFA))
+        else if (await IsUserInPolicyAsync(AuthPolicy.ReceiverOrReceiverTFA))
             await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
         else
             return Unauthorized();