Vereinfachte Zugriffscode-Validierung für den Endpunkt EnvelopeKey/{envelopeReceiverId}/Locked POST. resx aktualisiert, um den Benutzer besser zu informieren
This commit is contained in:
Developer 02
@@ -1,5 +1,4 @@
|
||||
using EnvelopeGenerator.Application.Contracts;
|
||||
using EnvelopeGenerator.Application.Services;
|
||||
using EnvelopeGenerator.Common;
|
||||
using EnvelopeGenerator.Web.Services;
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
@@ -16,9 +15,6 @@ using Microsoft.AspNetCore.Localization;
|
||||
using System.Text.Encodings.Web;
|
||||
using EnvelopeGenerator.Web.Models;
|
||||
using EnvelopeGenerator.Application.Resources;
|
||||
using Microsoft.EntityFrameworkCore.ChangeTracking.Internal;
|
||||
using System.Text.RegularExpressions;
|
||||
using EnvelopeGenerator.Domain.Entities;
|
||||
|
||||
namespace EnvelopeGenerator.Web.Controllers
|
||||
{
|
||||
@@ -121,7 +117,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
||||
envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
|
||||
(string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
|
||||
|
||||
if(uuid is null || signature is null)
|
||||
if (uuid is null || signature is null)
|
||||
{
|
||||
_logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer[WebKey.WrongEnvelopeReceiverId]);
|
||||
return Unauthorized();
|
||||
@@ -129,83 +125,84 @@ namespace EnvelopeGenerator.Web.Controllers
|
||||
|
||||
_logger.LogInformation($"Envelope UUID: [{uuid}]\nReceiver Signature: [{signature}]");
|
||||
|
||||
return await _envRcvService.VerifyAccessCodeAsync(uuid: uuid, signature: signature, accessCode: access_code).ThenAsync(
|
||||
SuccessAsync: async isVerified =>
|
||||
{
|
||||
EnvelopeResponse response = await envelopeOldService.LoadEnvelope(envelopeReceiverId);
|
||||
if (isVerified)
|
||||
//check access code
|
||||
EnvelopeResponse response = await envelopeOldService.LoadEnvelope(envelopeReceiverId);
|
||||
var verification = await _envRcvService.VerifyAccessCodeAsync(uuid: uuid, signature: signature, accessCode: access_code);
|
||||
if (verification.IsFailed)
|
||||
{
|
||||
_logger.LogNotice(verification.Notices);
|
||||
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||
return View("EnvelopeLocked")
|
||||
.WithData("UserLanguage", UserLanguage ?? _cultures.Default.Language)
|
||||
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
|
||||
}
|
||||
else if (verification.IsWrong())
|
||||
{
|
||||
database.Services.actionService.EnterIncorrectAccessCode(response.Envelope, response.Receiver); //for history
|
||||
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||
return View("EnvelopeLocked")
|
||||
.WithData("UserLanguage", UserLanguage ?? _cultures.Default.Language)
|
||||
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
|
||||
}
|
||||
else
|
||||
{
|
||||
ViewData["EnvelopeKey"] = envelopeReceiverId;
|
||||
}
|
||||
|
||||
//show envelope
|
||||
database.Services.actionService.EnterCorrectAccessCode(response.Envelope, response.Receiver); //for history
|
||||
return await _envRcvService.ReadByUuidSignatureAsync(uuid: uuid, signature: signature).ThenAsync<EnvelopeReceiverDto, IActionResult>(
|
||||
SuccessAsync: async er =>
|
||||
{
|
||||
database.Services.actionService.EnterCorrectAccessCode(response.Envelope, response.Receiver); //for history
|
||||
ViewData["EnvelopeKey"] = envelopeReceiverId;
|
||||
if (await _historyService.IsRejected(envelopeId: er.Envelope!.Id))
|
||||
return View("EnvelopeRejected", er);
|
||||
|
||||
return await _envRcvService.ReadByUuidSignatureAsync(uuid: uuid, signature: signature).ThenAsync<EnvelopeReceiverDto, IActionResult>(
|
||||
SuccessAsync: async er =>
|
||||
{
|
||||
if(await _historyService.IsSigned(envelopeId: er.Envelope!.Id, userReference: er.Receiver!.EmailAddress))
|
||||
return View("EnvelopeSigned");
|
||||
if (await _historyService.IsSigned(envelopeId: er.Envelope!.Id, userReference: er.Receiver!.EmailAddress))
|
||||
return View("EnvelopeSigned");
|
||||
|
||||
if (response.Envelope.Documents.Count > 0)
|
||||
{
|
||||
var document = await envelopeOldService.GetDocument(response.Envelope.Documents[0].Id, envelopeReceiverId);
|
||||
byte[] bytes = await envelopeOldService.GetDocumentContents(document);
|
||||
ViewData["DocumentBytes"] = bytes;
|
||||
}
|
||||
else
|
||||
{
|
||||
return this.ViewDocumentNotFound();
|
||||
}
|
||||
if (response.Envelope.Documents.Count > 0)
|
||||
{
|
||||
var document = await envelopeOldService.GetDocument(response.Envelope.Documents[0].Id, envelopeReceiverId);
|
||||
byte[] bytes = await envelopeOldService.GetDocumentContents(document);
|
||||
ViewData["DocumentBytes"] = bytes;
|
||||
}
|
||||
else
|
||||
return this.ViewDocumentNotFound();
|
||||
|
||||
var claims = new List<Claim> {
|
||||
var claims = new List<Claim> {
|
||||
new(ClaimTypes.NameIdentifier, uuid),
|
||||
new(ClaimTypes.Hash, signature),
|
||||
new(ClaimTypes.Name, er.Name ?? string.Empty),
|
||||
new(ClaimTypes.Email, er.Receiver.EmailAddress),
|
||||
new(EnvelopeClaimTypes.Title, er.Envelope.Title)
|
||||
};
|
||||
};
|
||||
|
||||
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
|
||||
var authProperties = new AuthenticationProperties {
|
||||
AllowRefresh = false,
|
||||
IsPersistent = false
|
||||
};
|
||||
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
|
||||
var authProperties = new AuthenticationProperties
|
||||
{
|
||||
AllowRefresh = false,
|
||||
IsPersistent = false
|
||||
};
|
||||
|
||||
await HttpContext.SignInAsync(
|
||||
CookieAuthenticationDefaults.AuthenticationScheme,
|
||||
new ClaimsPrincipal(claimsIdentity),
|
||||
authProperties);
|
||||
await HttpContext.SignInAsync(
|
||||
CookieAuthenticationDefaults.AuthenticationScheme,
|
||||
new ClaimsPrincipal(claimsIdentity),
|
||||
authProperties);
|
||||
|
||||
//add PSPDFKit licence key
|
||||
ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"];
|
||||
ViewData["UserCulture"] = _cultures[UserLanguage];
|
||||
//add PSPDFKit licence key
|
||||
ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"];
|
||||
ViewData["UserCulture"] = _cultures[UserLanguage];
|
||||
|
||||
return View("ShowEnvelope", er);
|
||||
},
|
||||
Fail: (messages, notices) =>
|
||||
{
|
||||
_logger.LogNotice(notices);
|
||||
return this.ViewEnvelopeNotFound();
|
||||
}
|
||||
);
|
||||
}
|
||||
else
|
||||
return View("ShowEnvelope", er);
|
||||
},
|
||||
Fail: (messages, notices) =>
|
||||
{
|
||||
database.Services.actionService.EnterIncorrectAccessCode(response.Envelope, response.Receiver); //for history
|
||||
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||
return View("EnvelopeLocked")
|
||||
.WithData("UserLanguage", UserLanguage ?? _cultures.Default.Language)
|
||||
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
|
||||
_logger.LogNotice(notices);
|
||||
return this.ViewEnvelopeNotFound();
|
||||
}
|
||||
},
|
||||
Fail: (messages, notices) =>
|
||||
{
|
||||
_logger.LogNotice(notices);
|
||||
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||
return View("EnvelopeLocked")
|
||||
.WithData("UserLanguage", UserLanguage ?? _cultures.Default.Language)
|
||||
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
|
||||
});
|
||||
);
|
||||
}
|
||||
catch(Exception ex)
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.LogEnvelopeError(envelopeEeceiverId: envelopeReceiverId, exception: ex);
|
||||
return this.ViewInnerServiceError();
|
||||
|
||||
Reference in New Issue
Block a user