From 23609d2bd78711e7f9a7dc2e6e41a47311fa0cf3 Mon Sep 17 00:00:00 2001
From: Developer 02 <developer02@didaloghe.onmicrosoft.com>
Date: Tue, 16 Apr 2024 13:28:52 +0200
Subject: [PATCH] =?UTF-8?q?[Authorize]-Attribut=20zu=20DocumentController?=
 =?UTF-8?q?=20und=20EnvelopeController=20hinzugef=C3=BCgt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[Authorize]-Attribute wurden zum DocumentController und EnvelopeController hinzugefügt, um die Sicherheit zu erhöhen. [NonAction]-Attribute wurden zu den Methoden DocumentController.Get (api/document/{envelopeKey}) und EnvelopeController.Get (api/envelope/{envelopeKey}) hinzugefügt, um redundante Cookie-basierte Authentifizierung zu vermeiden, da der Datenzugriffscode korrekt gehandhabt wird, nachdem er im HomeController.LogInEnvelope (/EnvelopeKey/{envelopeReceiverId}/Locked) über die entsprechende Razor-Seite (.cshtml) eingegeben wurde.
---
 EnvelopeGenerator.Web/Controllers/ControllerBaseExtensions.cs | 1 -
 EnvelopeGenerator.Web/Controllers/DocumentController.cs       | 3 +++
 EnvelopeGenerator.Web/Controllers/EnvelopeController.cs       | 3 +++
 EnvelopeGenerator.Web/Views/Home/DebugEnvelopes.cshtml        | 4 +---
 EnvelopeGenerator.Web/wwwroot/cookie-consent-content/de.json  | 3 ++-
 5 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/EnvelopeGenerator.Web/Controllers/ControllerBaseExtensions.cs b/EnvelopeGenerator.Web/Controllers/ControllerBaseExtensions.cs
index 6a203195..3729af00 100644
--- a/EnvelopeGenerator.Web/Controllers/ControllerBaseExtensions.cs
+++ b/EnvelopeGenerator.Web/Controllers/ControllerBaseExtensions.cs
@@ -5,7 +5,6 @@ namespace EnvelopeGenerator.Web.Controllers
 {
     public static class ControllerBaseExtensions
     {
-
         public static (string EnvelopeUuid, string ReceiverSignature)? GetAuthenticatedEnvelopeDetails(this ControllerBase controller)
         {
             if(controller?.User?.Identity?.IsAuthenticated ?? false)
diff --git a/EnvelopeGenerator.Web/Controllers/DocumentController.cs b/EnvelopeGenerator.Web/Controllers/DocumentController.cs
index 16b69867..cd23da89 100644
--- a/EnvelopeGenerator.Web/Controllers/DocumentController.cs
+++ b/EnvelopeGenerator.Web/Controllers/DocumentController.cs
@@ -2,9 +2,11 @@
 using EnvelopeGenerator.Common;
 using EnvelopeGenerator.Web.Services;
 using EnvelopeGenerator.Application.Contracts;
+using Microsoft.AspNetCore.Authorization;
 
 namespace EnvelopeGenerator.Web.Controllers
 {
+    [Authorize]
     public class DocumentController : BaseController
     {
         private readonly EnvelopeOldService envelopeService;
@@ -18,6 +20,7 @@ namespace EnvelopeGenerator.Web.Controllers
             _envDocService = envDocService;
         }
 
+        [NonAction]
         [HttpGet]
         [Route("api/document/{envelopeKey}")]
         public async Task<IActionResult> Get([FromRoute] string envelopeKey, [FromQuery] int index)
diff --git a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
index 1b8d59f1..82e56d1e 100644
--- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
@@ -2,10 +2,12 @@
 using EnvelopeGenerator.Application.Contracts;
 using EnvelopeGenerator.Common;
 using EnvelopeGenerator.Web.Services;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace EnvelopeGenerator.Web.Controllers
 {
+    [Authorize]
     public class EnvelopeController : BaseController
     {
         private readonly EnvelopeOldService envelopeService;
@@ -19,6 +21,7 @@ namespace EnvelopeGenerator.Web.Controllers
             _envelopeService = envService;
         }
 
+        [NonAction]
         [HttpGet("api/envelope/{envelopeKey}")]
         public async Task<IActionResult> Get([FromRoute] string envelopeKey)
         {
diff --git a/EnvelopeGenerator.Web/Views/Home/DebugEnvelopes.cshtml b/EnvelopeGenerator.Web/Views/Home/DebugEnvelopes.cshtml
index 4a34b90a..8c6179fc 100644
--- a/EnvelopeGenerator.Web/Views/Home/DebugEnvelopes.cshtml
+++ b/EnvelopeGenerator.Web/Views/Home/DebugEnvelopes.cshtml
@@ -28,7 +28,6 @@
                     <summary>Show envelopes</summary>
                     @foreach (Envelope envelope in @group)
                     {
-
                         <section>
                             <article class="envelope">
                                 <strong><a href="/EnvelopeKey/@encodeEnvelopeKey(envelope)">@envelope.Title</a></strong>
@@ -44,5 +43,4 @@
             </section>
         }
     </section>
-</div>
-
+</div>
\ No newline at end of file
diff --git a/EnvelopeGenerator.Web/wwwroot/cookie-consent-content/de.json b/EnvelopeGenerator.Web/wwwroot/cookie-consent-content/de.json
index de868af5..9457be3b 100644
--- a/EnvelopeGenerator.Web/wwwroot/cookie-consent-content/de.json
+++ b/EnvelopeGenerator.Web/wwwroot/cookie-consent-content/de.json
@@ -14,4 +14,5 @@
       "description": [ "Diese Cookies sind notwendig für Funktionen wie Seitensicherheit, Sitzungsverwaltung und Schutz. Unsere Cookies umfassen technische Cookies, die für die Sitzungsverwaltung und zur Gewährleistung der Sicherheit verwendet werden." ]
     }
   }
-}
\ No newline at end of file
+}
+