AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat(HomeController): Rollenprüfung für 2FA hinzugefügt

Browse Source 
- wenn der Benutzer keine PreAuth Rolle hat, wird Status401Unauthorized zurückgegeben
This commit is contained in:
Developer 02 2025-02-10 11:18:54 +01:00
parent c5b508d274
commit 20825aa3ea
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
EnvelopeGenerator.Web/Controllers/HomeController.cs
View File

@ -19,6 +19,7 @@ using Ganss.Xss;
using Newtonsoft.Json;
using EnvelopeGenerator.Application.DTOs;
using DigitalData.Core.Client;
using OtpNet;
namespace EnvelopeGenerator.Web.Controllers;
@ -215,7 +216,7 @@ public class HomeController : ViewControllerBase
if (er_secret.Receiver!.TotpSecretkey is null)
throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
if (_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
if (!User.IsInRole(ReceiverRole.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
{
Response.StatusCode = StatusCodes.Status401Unauthorized;
ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value;
@ -229,6 +230,9 @@ public class HomeController : ViewControllerBase
private async Task<IActionResult?> HandleAuthenticatorAsync(Auth auth, EnvelopeReceiverSecretDto er_secret, string envelopeReceiverId)
{
if (er_secret.Receiver!.TotpSecretkey is null)
throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
if (!User.IsInRole(ReceiverRole.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
{
Response.StatusCode = StatusCodes.Status401Unauthorized;
ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value;
@ -277,14 +281,20 @@ public class HomeController : ViewControllerBase
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
}
else if (auth.HasAccessCode)
if(await HandleAccessCodeAsync(auth, er_secret, envelopeReceiverId) is IActionResult acView)
{
if (await HandleAccessCodeAsync(auth, er_secret, envelopeReceiverId) is IActionResult acView)
return acView;
}
else if (auth.HasSmsCode)
if(await HandleSmsAsync(auth, er_secret, envelopeReceiverId) is IActionResult smsView)
{
if (await HandleSmsAsync(auth, er_secret, envelopeReceiverId) is IActionResult smsView)
return smsView;
}
else if (auth.HasAuthenticatorCode)
{
if(await HandleAuthenticatorAsync(auth, er_secret, envelopeReceiverId) is IActionResult aView)
return aView;
}
else
{
Response.StatusCode = StatusCodes.Status401Unauthorized;