AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Restrict Logout method to Sender auth scheme

Browse Source 
The `[Authorize]` attribute on the `Logout` method in the
`AuthController` class was updated to use the
`AuthenticationSchemes = AuthScheme.Sender` instead of the
`Policy = AuthPolicy.SenderOrReceiver`. This change narrows
the authorization requirement, ensuring only users under the
`Sender` authentication scheme can access the `Logout`
functionality.
This commit is contained in:
tekh
2026-06-16 16:32:53 +02:00
parent b3a70d7259
commit 4572e20c51
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
EnvelopeGenerator.API/Controllers/AuthController.cs
View File

@@ -40,7 +40,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions,
/// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
[ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
[ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
[Authorize(Policy = AuthPolicy.SenderOrReceiver)]
[Authorize(AuthenticationSchemes = AuthScheme.Sender)]
[HttpPost("logout")]
public async Task<IActionResult> Logout()
{