feat(HomeController): Sanizer hinzugefügt
This commit is contained in:
Developer 02
parent
efa9160c04
commit
62b54d6e75
@ -17,6 +17,7 @@ using EnvelopeGenerator.Application.Resources;
|
|||||||
using EnvelopeGenerator.Application.DTOs.EnvelopeReceiver;
|
using EnvelopeGenerator.Application.DTOs.EnvelopeReceiver;
|
||||||
using static EnvelopeGenerator.Common.Constants;
|
using static EnvelopeGenerator.Common.Constants;
|
||||||
using EnvelopeGenerator.Domain.Entities;
|
using EnvelopeGenerator.Domain.Entities;
|
||||||
|
using Ganss.Xss;
|
||||||
|
|
||||||
namespace EnvelopeGenerator.Web.Controllers
|
namespace EnvelopeGenerator.Web.Controllers
|
||||||
{
|
{
|
||||||
@ -28,19 +29,19 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
private readonly IEnvelopeHistoryService _historyService;
|
private readonly IEnvelopeHistoryService _historyService;
|
||||||
private readonly IStringLocalizer<Resource> _localizer;
|
private readonly IStringLocalizer<Resource> _localizer;
|
||||||
private readonly IConfiguration _configuration;
|
private readonly IConfiguration _configuration;
|
||||||
private readonly UrlEncoder _urlEncoder;
|
private readonly HtmlSanitizer _sanitizer;
|
||||||
private readonly Cultures _cultures;
|
private readonly Cultures _cultures;
|
||||||
private readonly IEnvelopeMailService _mailService;
|
private readonly IEnvelopeMailService _mailService;
|
||||||
private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
|
private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
|
||||||
|
|
||||||
public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, UrlEncoder urlEncoder, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService)
|
public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService)
|
||||||
{
|
{
|
||||||
this.envelopeOldService = envelopeOldService;
|
this.envelopeOldService = envelopeOldService;
|
||||||
_envRcvService = envelopeReceiverService;
|
_envRcvService = envelopeReceiverService;
|
||||||
_historyService = historyService;
|
_historyService = historyService;
|
||||||
_localizer = localizer;
|
_localizer = localizer;
|
||||||
_configuration = configuration;
|
_configuration = configuration;
|
||||||
_urlEncoder = urlEncoder;
|
_sanitizer = sanitizer;
|
||||||
_cultures = cultures;
|
_cultures = cultures;
|
||||||
_mailService = envelopeMailService;
|
_mailService = envelopeMailService;
|
||||||
_logger = logger;
|
_logger = logger;
|
||||||
@ -52,7 +53,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
//envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
|
envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
|
||||||
|
|
||||||
if (!envelopeReceiverId.TryDecode(out var decoded))
|
if (!envelopeReceiverId.TryDecode(out var decoded))
|
||||||
{
|
{
|
||||||
@ -103,8 +104,8 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
culture = culture is not null ? _urlEncoder.Encode(culture) : null;
|
culture = culture is not null ? _sanitizer.Sanitize(culture) : null;
|
||||||
envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
|
envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
|
||||||
|
|
||||||
if (UserLanguage is null && culture is null)
|
if (UserLanguage is null && culture is null)
|
||||||
{
|
{
|
||||||
@ -139,7 +140,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
{
|
{
|
||||||
ViewData["UserCulture"] = _cultures[UserLanguage];
|
ViewData["UserCulture"] = _cultures[UserLanguage];
|
||||||
|
|
||||||
envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
|
envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
|
||||||
(string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
|
(string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
|
||||||
|
|
||||||
if (uuid is null || signature is null)
|
if (uuid is null || signature is null)
|
||||||
@ -246,7 +247,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
|
envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
|
||||||
return await _envRcvService.IsExisting(envelopeReceiverId: envelopeReceiverId).ThenAsync(
|
return await _envRcvService.IsExisting(envelopeReceiverId: envelopeReceiverId).ThenAsync(
|
||||||
SuccessAsync: async isExisting =>
|
SuccessAsync: async isExisting =>
|
||||||
{
|
{
|
||||||
@ -280,7 +281,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
envelopeReceiverId = _urlEncoder.Encode(envelopeReceiverId);
|
envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
|
||||||
|
|
||||||
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
||||||
return await _envRcvService.ReadByEnvelopeReceiverIdAsync(envelopeReceiverId).ThenAsync(
|
return await _envRcvService.ReadByEnvelopeReceiverIdAsync(envelopeReceiverId).ThenAsync(
|
||||||
@ -310,7 +311,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
//readOnlyKey = _urlEncoder.Encode(readOnlyKey);
|
readOnlyKey = _sanitizer.Sanitize(readOnlyKey);
|
||||||
|
|
||||||
// check if the readOnlyId is valid
|
// check if the readOnlyId is valid
|
||||||
if (!readOnlyKey.TryDecode(out var decodedKeys) || decodedKeys.GetEncodeType() != EncodeType.EnvelopeReceiverReadOnly)
|
if (!readOnlyKey.TryDecode(out var decodedKeys) || decodedKeys.GetEncodeType() != EncodeType.EnvelopeReceiverReadOnly)
|
||||||
@ -379,7 +380,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
{
|
{
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
language = _urlEncoder.Encode(language);
|
language = _sanitizer.Sanitize(language);
|
||||||
if (!_cultures.Languages.Contains(language))
|
if (!_cultures.Languages.Contains(language))
|
||||||
return BadRequest();
|
return BadRequest();
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user