AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat(HomeController): Rollenprüfung für 2FA hinzugefügt

Browse Source 
- wenn der Benutzer keine PreAuth Rolle hat, wird Status401Unauthorized zurückgegeben
This commit is contained in:
Developer 02
2025-02-10 11:18:54 +01:00
parent c5b508d274
commit 20825aa3ea
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
EnvelopeGenerator.Web/Controllers/HomeController.cs
View File

@@ -19,6 +19,7 @@ using Ganss.Xss;
using Newtonsoft.Json; using Newtonsoft.Json;
using EnvelopeGenerator.Application.DTOs; using EnvelopeGenerator.Application.DTOs;
using DigitalData.Core.Client; using DigitalData.Core.Client;
using OtpNet;
namespace EnvelopeGenerator.Web.Controllers; namespace EnvelopeGenerator.Web.Controllers;
@@ -215,7 +216,7 @@ public class HomeController : ViewControllerBase
if (er_secret.Receiver!.TotpSecretkey is null) if (er_secret.Receiver!.TotpSecretkey is null)
throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}"); throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
if (_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey)) if (!User.IsInRole(ReceiverRole.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
{ {
Response.StatusCode = StatusCodes.Status401Unauthorized; Response.StatusCode = StatusCodes.Status401Unauthorized;
ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value; ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value;
@@ -229,6 +230,9 @@ public class HomeController : ViewControllerBase
private async Task<IActionResult?> HandleAuthenticatorAsync(Auth auth, EnvelopeReceiverSecretDto er_secret, string envelopeReceiverId) private async Task<IActionResult?> HandleAuthenticatorAsync(Auth auth, EnvelopeReceiverSecretDto er_secret, string envelopeReceiverId)
{ {
if (er_secret.Receiver!.TotpSecretkey is null) if (er_secret.Receiver!.TotpSecretkey is null)
throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
if (!User.IsInRole(ReceiverRole.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
{ {
Response.StatusCode = StatusCodes.Status401Unauthorized; Response.StatusCode = StatusCodes.Status401Unauthorized;
ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value; ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value;
@@ -277,14 +281,20 @@ public class HomeController : ViewControllerBase
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value); .WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
} }
else if (auth.HasAccessCode) else if (auth.HasAccessCode)
if(await HandleAccessCodeAsync(auth, er_secret, envelopeReceiverId) is IActionResult acView) {
if (await HandleAccessCodeAsync(auth, er_secret, envelopeReceiverId) is IActionResult acView)
return acView; return acView;
}
else if (auth.HasSmsCode) else if (auth.HasSmsCode)
if(await HandleSmsAsync(auth, er_secret, envelopeReceiverId) is IActionResult smsView) {
if (await HandleSmsAsync(auth, er_secret, envelopeReceiverId) is IActionResult smsView)
return smsView; return smsView;
}
else if (auth.HasAuthenticatorCode) else if (auth.HasAuthenticatorCode)
{
if(await HandleAuthenticatorAsync(auth, er_secret, envelopeReceiverId) is IActionResult aView) if(await HandleAuthenticatorAsync(auth, er_secret, envelopeReceiverId) is IActionResult aView)
return aView; return aView;
}
else else
{ {
Response.StatusCode = StatusCodes.Status401Unauthorized; Response.StatusCode = StatusCodes.Status401Unauthorized;