[Authorize]-Attribut zu DocumentController und EnvelopeController hinzugefügt

[Authorize]-Attribute wurden zum DocumentController und EnvelopeController hinzugefügt, um die Sicherheit zu erhöhen. [NonAction]-Attribute wurden zu den Methoden DocumentController.Get (api/document/{envelopeKey}) und EnvelopeController.Get (api/envelope/{envelopeKey}) hinzugefügt, um redundante Cookie-basierte Authentifizierung zu vermeiden, da der Datenzugriffscode korrekt gehandhabt wird, nachdem er im HomeController.LogInEnvelope (/EnvelopeKey/{envelopeReceiverId}/Locked) über die entsprechende Razor-Seite (.cshtml) eingegeben wurde.
2024-04-16 13:28:52 +02:00 · 2024-04-16 13:28:52 +02:00 · 23609d2bd7
commit 23609d2bd7
parent 1c55c4aa99
5 changed files with 9 additions and 5 deletions
--- a/EnvelopeGenerator.Web/Controllers/ControllerBaseExtensions.cs
+++ b/EnvelopeGenerator.Web/Controllers/ControllerBaseExtensions.cs
@ -5,7 +5,6 @@ namespace EnvelopeGenerator.Web.Controllers
 {
    public static class ControllerBaseExtensions
    {
-
        public static (string EnvelopeUuid, string ReceiverSignature)? GetAuthenticatedEnvelopeDetails(this ControllerBase controller)
        {
            if(controller?.User?.Identity?.IsAuthenticated ?? false)
--- a/EnvelopeGenerator.Web/Controllers/DocumentController.cs
+++ b/EnvelopeGenerator.Web/Controllers/DocumentController.cs
@ -2,9 +2,11 @@
 using EnvelopeGenerator.Common;
 using EnvelopeGenerator.Web.Services;
 using EnvelopeGenerator.Application.Contracts;
+using Microsoft.AspNetCore.Authorization;

 namespace EnvelopeGenerator.Web.Controllers
 {
+    [Authorize]
    public class DocumentController : BaseController
    {
        private readonly EnvelopeOldService envelopeService;
@ -18,6 +20,7 @@ namespace EnvelopeGenerator.Web.Controllers
            _envDocService = envDocService;
        }

+        [NonAction]
        [HttpGet]
        [Route("api/document/{envelopeKey}")]
        public async Task<IActionResult> Get([FromRoute] string envelopeKey, [FromQuery] int index)
--- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
@ -2,10 +2,12 @@
 using EnvelopeGenerator.Application.Contracts;
 using EnvelopeGenerator.Common;
 using EnvelopeGenerator.Web.Services;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;

 namespace EnvelopeGenerator.Web.Controllers
 {
+    [Authorize]
    public class EnvelopeController : BaseController
    {
        private readonly EnvelopeOldService envelopeService;
@ -19,6 +21,7 @@ namespace EnvelopeGenerator.Web.Controllers
            _envelopeService = envService;
        }

+        [NonAction]
        [HttpGet("api/envelope/{envelopeKey}")]
        public async Task<IActionResult> Get([FromRoute] string envelopeKey)
        {
--- a/EnvelopeGenerator.Web/Views/Home/DebugEnvelopes.cshtml
+++ b/EnvelopeGenerator.Web/Views/Home/DebugEnvelopes.cshtml
@ -28,7 +28,6 @@
                    <summary>Show envelopes</summary>
                    @foreach (Envelope envelope in @group)
                    {
-
                        <section>
                            <article class="envelope">
                                <strong><a href="/EnvelopeKey/@encodeEnvelopeKey(envelope)">@envelope.Title</a></strong>
@ -45,4 +44,3 @@
        }
    </section>
 </div>
-
--- a/EnvelopeGenerator.Web/wwwroot/cookie-consent-content/de.json
+++ b/EnvelopeGenerator.Web/wwwroot/cookie-consent-content/de.json
@ -15,3 +15,4 @@
    }
  }
 }
+