From 6b23dcdba78d675e415be959b6a08256ee04635a Mon Sep 17 00:00:00 2001 From: TekH Date: Mon, 2 Feb 2026 11:53:26 +0100 Subject: [PATCH] Refactor: unify role constants under new Role class Replaced all usages of ReceiverRole with the new Role class in EnvelopeGenerator.Domain.Constants. Removed ReceiverRole.cs and added Role.cs with PreAuth and FullyAuth constants. Updated all [Authorize] attributes and role checks in controllers and authentication logic to use Role.FullyAuth and Role.PreAuth. This centralizes role management for improved maintainability and clarity. --- .../Controllers/AnnotationController.cs | 6 +++--- .../Controllers/DocumentController.cs | 2 +- .../Controllers/ReadOnlyController.cs | 2 +- .../Controllers/TfaRegistrationController.cs | 2 +- .../Constants/{ReceiverRole.cs => Role.cs} | 2 +- .../Controllers/AnnotationController.cs | 6 +++--- .../Controllers/DocumentController.cs | 2 +- .../Controllers/EnvelopeController.cs | 18 +++++++++--------- .../Controllers/ReadOnlyController.cs | 2 +- .../Controllers/TFARegController.cs | 2 +- 10 files changed, 22 insertions(+), 22 deletions(-) rename EnvelopeGenerator.Domain/Constants/{ReceiverRole.cs => Role.cs} (81%) diff --git a/EnvelopeGenerator.API/Controllers/AnnotationController.cs b/EnvelopeGenerator.API/Controllers/AnnotationController.cs index 9437f1fa..a88bb1cc 100644 --- a/EnvelopeGenerator.API/Controllers/AnnotationController.cs +++ b/EnvelopeGenerator.API/Controllers/AnnotationController.cs @@ -18,7 +18,7 @@ namespace EnvelopeGenerator.API.Controllers; /// /// Manages annotations and signature lifecycle for envelopes. /// -[Authorize(Roles = ReceiverRole.FullyAuth)] +[Authorize(Roles = Role.FullyAuth)] [ApiController] [Route("api/[controller]")] public class AnnotationController : ControllerBase @@ -54,7 +54,7 @@ public class AnnotationController : ControllerBase /// /// Annotation payload. /// Cancellation token. - [Authorize(Roles = ReceiverRole.FullyAuth)] + [Authorize(Roles = Role.FullyAuth)] [HttpPost] [Obsolete("This endpoint is for PSPDF Kit.")] public async Task CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default) @@ -93,7 +93,7 @@ public class AnnotationController : ControllerBase /// Rejects the document for the current receiver. /// /// Optional rejection reason. - [Authorize(Roles = ReceiverRole.FullyAuth)] + [Authorize(Roles = Role.FullyAuth)] [HttpPost("reject")] [Obsolete("Use MediatR")] public async Task Reject([FromBody] string? reason = null) diff --git a/EnvelopeGenerator.API/Controllers/DocumentController.cs b/EnvelopeGenerator.API/Controllers/DocumentController.cs index 31b007f9..0adac3cb 100644 --- a/EnvelopeGenerator.API/Controllers/DocumentController.cs +++ b/EnvelopeGenerator.API/Controllers/DocumentController.cs @@ -14,7 +14,7 @@ namespace EnvelopeGenerator.API.Controllers; /// /// Initializes a new instance of the class. /// -[Authorize(Roles = ReceiverRole.FullyAuth)] +[Authorize(Roles = Role.FullyAuth)] [ApiController] [Route("api/[controller]")] public class DocumentController(IMediator mediator, ILogger logger) : ControllerBase diff --git a/EnvelopeGenerator.API/Controllers/ReadOnlyController.cs b/EnvelopeGenerator.API/Controllers/ReadOnlyController.cs index ebce9a71..24f246b8 100644 --- a/EnvelopeGenerator.API/Controllers/ReadOnlyController.cs +++ b/EnvelopeGenerator.API/Controllers/ReadOnlyController.cs @@ -37,7 +37,7 @@ public class ReadOnlyController : ControllerBase /// /// Creation payload. [HttpPost] - [Authorize(Roles = ReceiverRole.FullyAuth)] + [Authorize(Roles = Role.FullyAuth)] public async Task CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto) { var authReceiverMail = User.GetAuthReceiverMail(); diff --git a/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs b/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs index d13e713d..0a909cd6 100644 --- a/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs +++ b/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs @@ -111,7 +111,7 @@ public class TfaRegistrationController : ControllerBase /// /// Logs out the envelope receiver from cookie authentication. /// - [Authorize(Roles = ReceiverRole.FullyAuth)] + [Authorize(Roles = Role.FullyAuth)] [HttpPost("auth/logout")] public async Task LogOutAsync() { diff --git a/EnvelopeGenerator.Domain/Constants/ReceiverRole.cs b/EnvelopeGenerator.Domain/Constants/Role.cs similarity index 81% rename from EnvelopeGenerator.Domain/Constants/ReceiverRole.cs rename to EnvelopeGenerator.Domain/Constants/Role.cs index e6da139d..b0670ff2 100644 --- a/EnvelopeGenerator.Domain/Constants/ReceiverRole.cs +++ b/EnvelopeGenerator.Domain/Constants/Role.cs @@ -1,6 +1,6 @@ namespace EnvelopeGenerator.Domain.Constants { - public static class ReceiverRole + public static class Role { public const string PreAuth = "PreAuth"; public const string FullyAuth = "FullyAuth"; diff --git a/EnvelopeGenerator.Web/Controllers/AnnotationController.cs b/EnvelopeGenerator.Web/Controllers/AnnotationController.cs index bbe33cbc..b00d5564 100644 --- a/EnvelopeGenerator.Web/Controllers/AnnotationController.cs +++ b/EnvelopeGenerator.Web/Controllers/AnnotationController.cs @@ -15,7 +15,7 @@ using Microsoft.AspNetCore.Mvc; namespace EnvelopeGenerator.Web.Controllers; -[Authorize(Roles = ReceiverRole.FullyAuth)] +[Authorize(Roles = Role.FullyAuth)] [ApiController] [Route("api/[controller]")] public class AnnotationController : ControllerBase @@ -42,7 +42,7 @@ public class AnnotationController : ControllerBase _logger = logger; } - [Authorize(Roles = ReceiverRole.FullyAuth)] + [Authorize(Roles = Role.FullyAuth)] [HttpPost] public async Task CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default) { @@ -80,7 +80,7 @@ public class AnnotationController : ControllerBase return Ok(); } - [Authorize(Roles = ReceiverRole.FullyAuth)] + [Authorize(Roles = Role.FullyAuth)] [HttpPost("reject")] [Obsolete("Use DigitalData.Core.Exceptions and .Middleware")] public async Task Reject([FromBody] string? reason = null) diff --git a/EnvelopeGenerator.Web/Controllers/DocumentController.cs b/EnvelopeGenerator.Web/Controllers/DocumentController.cs index 86374b3d..f202cf24 100644 --- a/EnvelopeGenerator.Web/Controllers/DocumentController.cs +++ b/EnvelopeGenerator.Web/Controllers/DocumentController.cs @@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Mvc; namespace EnvelopeGenerator.Web.Controllers; -[Authorize(Roles = ReceiverRole.FullyAuth)] +[Authorize(Roles = Role.FullyAuth)] [ApiController] [Route("api/[controller]")] public class DocumentController : ControllerBase diff --git a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs index 3362473b..169b684c 100644 --- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs +++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs @@ -107,7 +107,7 @@ public class EnvelopeController : ViewControllerBase return this.ViewEnvelopeNotFound(); } var er_secret = er_secret_res.Data; - await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth); return await CreateShowEnvelopeView(er_secret); } #endregion UseAccessCode @@ -172,7 +172,7 @@ public class EnvelopeController : ViewControllerBase } // show envelope if already logged in - if (User.IsInRole(ReceiverRole.FullyAuth)) + if (User.IsInRole(Role.FullyAuth)) return await CreateShowEnvelopeView(er_secret); if (auth.HasMulti) @@ -206,7 +206,7 @@ public class EnvelopeController : ViewControllerBase .WithData("ErrorMessage", _localizer.WrongEnvelopeReceiverId()); } - await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth); return await CreateShowEnvelopeView(er_secret); } @@ -225,9 +225,9 @@ public class EnvelopeController : ViewControllerBase && uuidClaim == er.Envelope?.Uuid && signatureClaim is not null && signatureClaim == er.Receiver?.Signature - && User.IsInRole(ReceiverRole.FullyAuth)) + && User.IsInRole(Role.FullyAuth)) { - await HttpContext.SignInEnvelopeAsync(er, ReceiverRole.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth); //add PSPDFKit licence key ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"]; @@ -262,7 +262,7 @@ public class EnvelopeController : ViewControllerBase return this.ViewDocumentNotFound(); } - await HttpContext.SignInEnvelopeAsync(er, ReceiverRole.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth); ViewData["ReadAndConfirm"] = er.Envelope.ReadOnly; @@ -334,7 +334,7 @@ public class EnvelopeController : ViewControllerBase await _rcvService.UpdateAsync(rcv); } - await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.PreAuth); + await HttpContext.SignInEnvelopeAsync(er_secret, Role.PreAuth); return await TFAViewAsync(auth.UserSelectSMS, er_secret, envelopeReceiverId); } @@ -348,7 +348,7 @@ public class EnvelopeController : ViewControllerBase if (er_secret.Receiver!.TotpSecretkey is null) throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}"); - if (!User.IsInRole(ReceiverRole.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey)) + if (!User.IsInRole(Role.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey)) { Response.StatusCode = StatusCodes.Status401Unauthorized; ViewData["ErrorMessage"] = _localizer.WrongAccessCode(); @@ -364,7 +364,7 @@ public class EnvelopeController : ViewControllerBase if (er_secret.Receiver!.TotpSecretkey is null) throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}"); - if (!User.IsInRole(ReceiverRole.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay)) + if (!User.IsInRole(Role.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay)) { Response.StatusCode = StatusCodes.Status401Unauthorized; ViewData["ErrorMessage"] = _localizer.WrongAccessCode(); diff --git a/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs b/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs index 89ff1e59..d705e689 100644 --- a/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs +++ b/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs @@ -34,7 +34,7 @@ namespace EnvelopeGenerator.Web.Controllers } [HttpPost] - [Authorize(Roles = ReceiverRole.FullyAuth)] + [Authorize(Roles = Role.FullyAuth)] [Obsolete("Use MediatR")] public async Task CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto) { diff --git a/EnvelopeGenerator.Web/Controllers/TFARegController.cs b/EnvelopeGenerator.Web/Controllers/TFARegController.cs index 19540770..165e8725 100644 --- a/EnvelopeGenerator.Web/Controllers/TFARegController.cs +++ b/EnvelopeGenerator.Web/Controllers/TFARegController.cs @@ -91,7 +91,7 @@ public class TFARegController : ViewControllerBase } } - [Authorize(Roles = ReceiverRole.FullyAuth)] + [Authorize(Roles = Role.FullyAuth)] [HttpPost("auth/logout")] public async Task LogOut() {