Refactor: unify role constants under new Role class
Replaced all usages of ReceiverRole with the new Role class in EnvelopeGenerator.Domain.Constants. Removed ReceiverRole.cs and added Role.cs with PreAuth and FullyAuth constants. Updated all [Authorize] attributes and role checks in controllers and authentication logic to use Role.FullyAuth and Role.PreAuth. This centralizes role management for improved maintainability and clarity.
This commit is contained in:
@@ -18,7 +18,7 @@ namespace EnvelopeGenerator.API.Controllers;
|
||||
/// <summary>
|
||||
/// Manages annotations and signature lifecycle for envelopes.
|
||||
/// </summary>
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[ApiController]
|
||||
[Route("api/[controller]")]
|
||||
public class AnnotationController : ControllerBase
|
||||
@@ -54,7 +54,7 @@ public class AnnotationController : ControllerBase
|
||||
/// </summary>
|
||||
/// <param name="psPdfKitAnnotation">Annotation payload.</param>
|
||||
/// <param name="cancel">Cancellation token.</param>
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[HttpPost]
|
||||
[Obsolete("This endpoint is for PSPDF Kit.")]
|
||||
public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
|
||||
@@ -93,7 +93,7 @@ public class AnnotationController : ControllerBase
|
||||
/// Rejects the document for the current receiver.
|
||||
/// </summary>
|
||||
/// <param name="reason">Optional rejection reason.</param>
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[HttpPost("reject")]
|
||||
[Obsolete("Use MediatR")]
|
||||
public async Task<IActionResult> Reject([FromBody] string? reason = null)
|
||||
|
||||
@@ -14,7 +14,7 @@ namespace EnvelopeGenerator.API.Controllers;
|
||||
/// <remarks>
|
||||
/// Initializes a new instance of the <see cref="DocumentController"/> class.
|
||||
/// </remarks>
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[ApiController]
|
||||
[Route("api/[controller]")]
|
||||
public class DocumentController(IMediator mediator, ILogger<DocumentController> logger) : ControllerBase
|
||||
|
||||
@@ -37,7 +37,7 @@ public class ReadOnlyController : ControllerBase
|
||||
/// </summary>
|
||||
/// <param name="createDto">Creation payload.</param>
|
||||
[HttpPost]
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
|
||||
{
|
||||
var authReceiverMail = User.GetAuthReceiverMail();
|
||||
|
||||
@@ -111,7 +111,7 @@ public class TfaRegistrationController : ControllerBase
|
||||
/// <summary>
|
||||
/// Logs out the envelope receiver from cookie authentication.
|
||||
/// </summary>
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[HttpPost("auth/logout")]
|
||||
public async Task<IActionResult> LogOutAsync()
|
||||
{
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
namespace EnvelopeGenerator.Domain.Constants
|
||||
{
|
||||
public static class ReceiverRole
|
||||
public static class Role
|
||||
{
|
||||
public const string PreAuth = "PreAuth";
|
||||
public const string FullyAuth = "FullyAuth";
|
||||
@@ -15,7 +15,7 @@ using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace EnvelopeGenerator.Web.Controllers;
|
||||
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[ApiController]
|
||||
[Route("api/[controller]")]
|
||||
public class AnnotationController : ControllerBase
|
||||
@@ -42,7 +42,7 @@ public class AnnotationController : ControllerBase
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[HttpPost]
|
||||
public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
|
||||
{
|
||||
@@ -80,7 +80,7 @@ public class AnnotationController : ControllerBase
|
||||
return Ok();
|
||||
}
|
||||
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[HttpPost("reject")]
|
||||
[Obsolete("Use DigitalData.Core.Exceptions and .Middleware")]
|
||||
public async Task<IActionResult> Reject([FromBody] string? reason = null)
|
||||
|
||||
@@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace EnvelopeGenerator.Web.Controllers;
|
||||
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[ApiController]
|
||||
[Route("api/[controller]")]
|
||||
public class DocumentController : ControllerBase
|
||||
|
||||
@@ -107,7 +107,7 @@ public class EnvelopeController : ViewControllerBase
|
||||
return this.ViewEnvelopeNotFound();
|
||||
}
|
||||
var er_secret = er_secret_res.Data;
|
||||
await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.FullyAuth);
|
||||
await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth);
|
||||
return await CreateShowEnvelopeView(er_secret);
|
||||
}
|
||||
#endregion UseAccessCode
|
||||
@@ -172,7 +172,7 @@ public class EnvelopeController : ViewControllerBase
|
||||
}
|
||||
|
||||
// show envelope if already logged in
|
||||
if (User.IsInRole(ReceiverRole.FullyAuth))
|
||||
if (User.IsInRole(Role.FullyAuth))
|
||||
return await CreateShowEnvelopeView(er_secret);
|
||||
|
||||
if (auth.HasMulti)
|
||||
@@ -206,7 +206,7 @@ public class EnvelopeController : ViewControllerBase
|
||||
.WithData("ErrorMessage", _localizer.WrongEnvelopeReceiverId());
|
||||
}
|
||||
|
||||
await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.FullyAuth);
|
||||
await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth);
|
||||
|
||||
return await CreateShowEnvelopeView(er_secret);
|
||||
}
|
||||
@@ -225,9 +225,9 @@ public class EnvelopeController : ViewControllerBase
|
||||
&& uuidClaim == er.Envelope?.Uuid
|
||||
&& signatureClaim is not null
|
||||
&& signatureClaim == er.Receiver?.Signature
|
||||
&& User.IsInRole(ReceiverRole.FullyAuth))
|
||||
&& User.IsInRole(Role.FullyAuth))
|
||||
{
|
||||
await HttpContext.SignInEnvelopeAsync(er, ReceiverRole.FullyAuth);
|
||||
await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth);
|
||||
|
||||
//add PSPDFKit licence key
|
||||
ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"];
|
||||
@@ -262,7 +262,7 @@ public class EnvelopeController : ViewControllerBase
|
||||
return this.ViewDocumentNotFound();
|
||||
}
|
||||
|
||||
await HttpContext.SignInEnvelopeAsync(er, ReceiverRole.FullyAuth);
|
||||
await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth);
|
||||
|
||||
ViewData["ReadAndConfirm"] = er.Envelope.ReadOnly;
|
||||
|
||||
@@ -334,7 +334,7 @@ public class EnvelopeController : ViewControllerBase
|
||||
await _rcvService.UpdateAsync(rcv);
|
||||
}
|
||||
|
||||
await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.PreAuth);
|
||||
await HttpContext.SignInEnvelopeAsync(er_secret, Role.PreAuth);
|
||||
|
||||
return await TFAViewAsync(auth.UserSelectSMS, er_secret, envelopeReceiverId);
|
||||
}
|
||||
@@ -348,7 +348,7 @@ public class EnvelopeController : ViewControllerBase
|
||||
if (er_secret.Receiver!.TotpSecretkey is null)
|
||||
throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
|
||||
|
||||
if (!User.IsInRole(ReceiverRole.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
|
||||
if (!User.IsInRole(Role.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
|
||||
{
|
||||
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||
ViewData["ErrorMessage"] = _localizer.WrongAccessCode();
|
||||
@@ -364,7 +364,7 @@ public class EnvelopeController : ViewControllerBase
|
||||
if (er_secret.Receiver!.TotpSecretkey is null)
|
||||
throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
|
||||
|
||||
if (!User.IsInRole(ReceiverRole.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
|
||||
if (!User.IsInRole(Role.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
|
||||
{
|
||||
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||
ViewData["ErrorMessage"] = _localizer.WrongAccessCode();
|
||||
|
||||
@@ -34,7 +34,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
||||
}
|
||||
|
||||
[HttpPost]
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[Obsolete("Use MediatR")]
|
||||
public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
|
||||
{
|
||||
|
||||
@@ -91,7 +91,7 @@ public class TFARegController : ViewControllerBase
|
||||
}
|
||||
}
|
||||
|
||||
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
||||
[Authorize(Roles = Role.FullyAuth)]
|
||||
[HttpPost("auth/logout")]
|
||||
public async Task<IActionResult> LogOut()
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user