AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remvoe sanitzer from views and use extensions instead of keys

Browse Source
This commit is contained in:
tekh 2025-08-23 00:54:27 +02:00
parent a080aaec95
commit 7a011930df
13 changed files with 300 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

263
EnvelopeGenerator.Application/Resources/Resource.cs
View File

@ -21,117 +21,346 @@ public static class Extensions
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string InnerServiceError(this IStringLocalizer localizer) => localizer[nameof(InnerServiceError)]; public static string InnerServiceError(this IStringLocalizer localizer) => localizer[nameof(InnerServiceError)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string EnvelopeNotFound(this IStringLocalizer localizer) => localizer[nameof(EnvelopeNotFound)]; public static string EnvelopeNotFound(this IStringLocalizer localizer) => localizer[nameof(EnvelopeNotFound)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string EnvelopeReceiverNotFound(this IStringLocalizer localizer) => localizer[nameof(EnvelopeReceiverNotFound)]; public static string EnvelopeReceiverNotFound(this IStringLocalizer localizer) => localizer[nameof(EnvelopeReceiverNotFound)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string AccessCodeNull(this IStringLocalizer localizer) => localizer[nameof(AccessCodeNull)]; public static string AccessCodeNull(this IStringLocalizer localizer) => localizer[nameof(AccessCodeNull)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string WrongAccessCode(this IStringLocalizer localizer) => localizer[nameof(WrongAccessCode)]; public static string WrongAccessCode(this IStringLocalizer localizer) => localizer[nameof(WrongAccessCode)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string DataIntegrityIssue(this IStringLocalizer localizer) => localizer[nameof(DataIntegrityIssue)]; public static string DataIntegrityIssue(this IStringLocalizer localizer) => localizer[nameof(DataIntegrityIssue)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string SecurityBreachOrDataIntegrity(this IStringLocalizer localizer) => localizer[nameof(SecurityBreachOrDataIntegrity)]; public static string SecurityBreachOrDataIntegrity(this IStringLocalizer localizer) => localizer[nameof(SecurityBreachOrDataIntegrity)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string PossibleDataIntegrityIssue(this IStringLocalizer localizer) => localizer[nameof(PossibleDataIntegrityIssue)]; public static string PossibleDataIntegrityIssue(this IStringLocalizer localizer) => localizer[nameof(PossibleDataIntegrityIssue)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string SecurityBreach(this IStringLocalizer localizer) => localizer[nameof(SecurityBreach)]; public static string SecurityBreach(this IStringLocalizer localizer) => localizer[nameof(SecurityBreach)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string PossibleSecurityBreach(this IStringLocalizer localizer) => localizer[nameof(PossibleSecurityBreach)]; public static string PossibleSecurityBreach(this IStringLocalizer localizer) => localizer[nameof(PossibleSecurityBreach)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string WrongEnvelopeReceiverId(this IStringLocalizer localizer) => localizer[nameof(WrongEnvelopeReceiverId)]; public static string WrongEnvelopeReceiverId(this IStringLocalizer localizer) => localizer[nameof(WrongEnvelopeReceiverId)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string EnvelopeOrReceiverNonexists(this IStringLocalizer localizer) => localizer[nameof(EnvelopeOrReceiverNonexists)]; public static string EnvelopeOrReceiverNonexists(this IStringLocalizer localizer) => localizer[nameof(EnvelopeOrReceiverNonexists)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string PhoneNumberNonexists(this IStringLocalizer localizer) => localizer[nameof(PhoneNumberNonexists)]; public static string PhoneNumberNonexists(this IStringLocalizer localizer) => localizer[nameof(PhoneNumberNonexists)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string Default(this IStringLocalizer localizer) => localizer[nameof(Default)]; public static string Default(this IStringLocalizer localizer) => localizer[nameof(Default)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string DbMigrationTest(this IStringLocalizer localizer) => localizer[nameof(DbMigrationTest)]; public static string DbMigrationTest(this IStringLocalizer localizer) => localizer[nameof(DbMigrationTest)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string Culture(this IStringLocalizer localizer) => localizer[nameof(Culture)]; public static string Culture(this IStringLocalizer localizer) => localizer[nameof(Culture)].Value;
/// <summary> /// <summary>
/// ///
/// </summary> /// </summary>
/// <param name="localizer"></param> /// <param name="localizer"></param>
/// <returns></returns> /// <returns></returns>
public static string FiClass(this IStringLocalizer localizer) => localizer[nameof(FiClass)]; public static string FiClass(this IStringLocalizer localizer) => localizer[nameof(FiClass)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string ServiceOutputNullError(this IStringLocalizer localizer) => localizer[nameof(ServiceOutputNullError)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string UnexpectedError(this IStringLocalizer localizer) => localizer[nameof(UnexpectedError)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string FailedToSendAccessCode(this IStringLocalizer localizer) => localizer[nameof(FailedToSendAccessCode)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string DataIntegrityError(this IStringLocalizer localizer) => localizer[nameof(DataIntegrityError)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string NonDecodableEnvelopeReceiverId(this IStringLocalizer localizer) => localizer[nameof(NonDecodableEnvelopeReceiverId)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string DeDE(this IStringLocalizer localizer) => localizer["de-DE"].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string EnUS(this IStringLocalizer localizer) => localizer["en-US"].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string SignDoc(this IStringLocalizer localizer) => localizer[nameof(SignDoc)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string DocRejected(this IStringLocalizer localizer) => localizer[nameof(DocRejected)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string DocSigned(this IStringLocalizer localizer) => localizer[nameof(DocSigned)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string DocProtected(this IStringLocalizer localizer) => localizer[nameof(DocProtected)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string Complete(this IStringLocalizer localizer) => localizer[nameof(Complete)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string EnvelopeInfo1(this IStringLocalizer localizer) => localizer[nameof(EnvelopeInfo1)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string EnvelopeInfo2(this IStringLocalizer localizer) => localizer[nameof(EnvelopeInfo2)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string SigAgree(this IStringLocalizer localizer) => localizer[nameof(SigAgree)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string Reject(this IStringLocalizer localizer) => localizer[nameof(Reject)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string And(this IStringLocalizer localizer) => localizer["and"].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string Hello(this IStringLocalizer localizer) => localizer[nameof(Hello)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string RejectionInfo1(this IStringLocalizer localizer) => localizer[nameof(RejectionInfo1)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string RejectionInfo2(this IStringLocalizer localizer) => localizer[nameof(RejectionInfo2)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string RejectionInfo1Ext(this IStringLocalizer localizer) => localizer["RejectionInfo1_ext"].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string RejectionInfo2Ext(this IStringLocalizer localizer) => localizer["RejectionInfo2_ext"].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string SigningProcessTitle(this IStringLocalizer localizer) => localizer[nameof(SigningProcessTitle)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string WelcomeToTheESignPortal(this IStringLocalizer localizer) => localizer[nameof(WelcomeToTheESignPortal)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string ViewDoc(this IStringLocalizer localizer) => localizer[nameof(ViewDoc)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string HomePageDescription(this IStringLocalizer localizer) => localizer[nameof(HomePageDescription)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <returns></returns>
public static string Privacy(this IStringLocalizer localizer) => localizer[nameof(Privacy)].Value;
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <param name="arg0"></param>
/// <returns></returns>
public static string LockedTitle(this IStringLocalizer localizer, object? arg0) => string.Format(localizer[nameof(Privacy)].Value, arg0);
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <param name="arg0"></param>
/// <returns></returns>
public static string LockedBody(this IStringLocalizer localizer, object? arg0) => string.Format(localizer[nameof(LockedBody)].Value, arg0);
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <param name="arg0"></param>
/// <returns></returns>
public static string LockedCodeLabel(this IStringLocalizer localizer, object? arg0) => string.Format(localizer[nameof(LockedCodeLabel)].Value, arg0);
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <param name="arg0"></param>
/// <returns></returns>
public static string LockedFooterTitle(this IStringLocalizer localizer, object? arg0) => string.Format(localizer[nameof(LockedFooterTitle)].Value, arg0);
/// <summary>
///
/// </summary>
/// <param name="localizer"></param>
/// <param name="arg0"></param>
/// <returns></returns>
public static string LockedFooterBody(this IStringLocalizer localizer, object? arg0) => string.Format(localizer[nameof(LockedFooterBody)].Value, arg0);
} }

14
EnvelopeGenerator.Web/Controllers/HomeController.cs
View File

@ -103,7 +103,7 @@ public class HomeController : ViewControllerBase
} }
catch(Exception ex) catch(Exception ex)
{ {
_logger.LogEnvelopeError(envelopeReceiverId: envelopeReceiverId, exception:ex, message: _localizer[WebKey.UnexpectedError]); _logger.LogEnvelopeError(envelopeReceiverId: envelopeReceiverId, exception:ex, message: _localizer.UnexpectedError());
return this.ViewInnerServiceError(); return this.ViewInnerServiceError();
} }
} }
@ -150,7 +150,7 @@ public class HomeController : ViewControllerBase
if (uuid is null || signature is null) if (uuid is null || signature is null)
{ {
_logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer[WebKey.WrongEnvelopeReceiverId]); _logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer.WrongEnvelopeReceiverId());
return Unauthorized(); return Unauthorized();
} }
@ -239,7 +239,7 @@ public class HomeController : ViewControllerBase
.WithData("HasPhoneNumber", er_secret.HasPhoneNumber) .WithData("HasPhoneNumber", er_secret.HasPhoneNumber)
.WithData("SenderEmail", er_secret.Envelope.User!.Email) .WithData("SenderEmail", er_secret.Envelope.User!.Email)
.WithData("EnvelopeTitle", er_secret.Envelope.Title) .WithData("EnvelopeTitle", er_secret.Envelope.Title)
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value); .WithData("ErrorMessage", _localizer.WrongAccessCode());
} }
await _historyService.RecordAsync(er_secret.EnvelopeId, er_secret.Receiver!.EmailAddress, EnvelopeStatus.AccessCodeCorrect); await _historyService.RecordAsync(er_secret.EnvelopeId, er_secret.Receiver!.EmailAddress, EnvelopeStatus.AccessCodeCorrect);
@ -271,7 +271,7 @@ public class HomeController : ViewControllerBase
if (!User.IsInRole(ReceiverRole.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey)) if (!User.IsInRole(ReceiverRole.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
{ {
Response.StatusCode = StatusCodes.Status401Unauthorized; Response.StatusCode = StatusCodes.Status401Unauthorized;
ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value; ViewData["ErrorMessage"] = _localizer.WrongAccessCode();
return await TFAViewAsync(viaSms: true, er_secret, envelopeReceiverId); return await TFAViewAsync(viaSms: true, er_secret, envelopeReceiverId);
} }
@ -287,7 +287,7 @@ public class HomeController : ViewControllerBase
if (!User.IsInRole(ReceiverRole.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay)) if (!User.IsInRole(ReceiverRole.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
{ {
Response.StatusCode = StatusCodes.Status401Unauthorized; Response.StatusCode = StatusCodes.Status401Unauthorized;
ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value; ViewData["ErrorMessage"] = _localizer.WrongAccessCode();
return await TFAViewAsync(viaSms: false, er_secret, envelopeReceiverId); return await TFAViewAsync(viaSms: false, er_secret, envelopeReceiverId);
} }
@ -306,7 +306,7 @@ public class HomeController : ViewControllerBase
if (uuid is null || signature is null) if (uuid is null || signature is null)
{ {
_logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer[WebKey.WrongEnvelopeReceiverId]); _logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer.WrongEnvelopeReceiverId());
return Unauthorized(); return Unauthorized();
} }
@ -353,7 +353,7 @@ public class HomeController : ViewControllerBase
.WithData("HasPhoneNumber", er_secret.HasPhoneNumber) .WithData("HasPhoneNumber", er_secret.HasPhoneNumber)
.WithData("SenderEmail", er_secret.Envelope.User!.Email) .WithData("SenderEmail", er_secret.Envelope.User!.Email)
.WithData("EnvelopeTitle", er_secret.Envelope.Title) .WithData("EnvelopeTitle", er_secret.Envelope.Title)
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value); .WithData("ErrorMessage", _localizer.WrongEnvelopeReceiverId());
} }
await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.FullyAuth); await HttpContext.SignInEnvelopeAsync(er_secret, ReceiverRole.FullyAuth);

4
EnvelopeGenerator.Web/Controllers/TFARegController.cs
View File

@ -46,7 +46,7 @@ public class TFARegController : ViewControllerBase
if (uuid is null || signature is null) if (uuid is null || signature is null)
{ {
_logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer[WebKey.WrongEnvelopeReceiverId]); _logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer.WrongEnvelopeReceiverId());
return Unauthorized(); return Unauthorized();
} }
@ -86,7 +86,7 @@ public class TFARegController : ViewControllerBase
} }
catch(Exception ex) catch(Exception ex)
{ {
_logger.LogEnvelopeError(envelopeReceiverId: envelopeReceiverId, exception: ex, message: _localizer[WebKey.UnexpectedError]); _logger.LogEnvelopeError(envelopeReceiverId: envelopeReceiverId, exception: ex, message: _localizer.WrongEnvelopeReceiverId());
return this.ViewInnerServiceError(); return this.ViewInnerServiceError();
} }
} }

6
EnvelopeGenerator.Web/StringExtensions.cs Normal file
View File

@ -0,0 +1,6 @@
namespace EnvelopeGenerator.Web;
public static class StringExtensions
{
public static string Format(this string st, params object?[] args) => string.Format(st, args: args);
}

19
EnvelopeGenerator.Web/Views/Home/EnvelopeLocked.cshtml
View File

@ -5,7 +5,7 @@
//TODO: Create view model //TODO: Create view model
var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string; var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
var cImg = _cImgOpt.Value; var cImg = _cImgOpt.Value;
ViewData["Title"] = _localizer[WebKey.DocProtected]; ViewData["Title"] = _localizer.DocProtected();
string codeType = ViewData["CodeType"] is string _codeType ? _codeType : "accessCode"; string codeType = ViewData["CodeType"] is string _codeType ? _codeType : "accessCode";
string codeKeyName = (char.ToUpper(codeType[0]) + codeType.Substring(1)).Replace("Code", ""); string codeKeyName = (char.ToUpper(codeType[0]) + codeType.Substring(1)).Replace("Code", "");
bool viaSms = codeType == "smsCode"; bool viaSms = codeType == "smsCode";
@ -22,7 +22,7 @@
<div class="page container py-4 px-4"> <div class="page container py-4 px-4">
<header class="text-center"> <header class="text-center">
<div class="header-1 alert alert-secondary" role="alert"> <div class="header-1 alert alert-secondary" role="alert">
<h3 class="text">@_localizer[WebKey.WelcomeToTheESignPortal]</h3> <h3 class="text">@_localizer.WelcomeToTheESignPortal()</h3>
<img class="@cImg["Company"].GetClassIn("Locked")" src="@cImg["Company"].Src" /> <img class="@cImg["Company"].GetClassIn("Locked")" src="@cImg["Company"].Src" />
</div> </div>
<div class="icon locked @(viaTFA ? "tfa" : "") mt-4 mb-1"> <div class="icon locked @(viaTFA ? "tfa" : "") mt-4 mb-1">
@ -31,7 +31,7 @@
<path d="M9.5 6.5a1.5 1.5 0 0 1-1 1.415l.385 1.99a.5.5 0 0 1-.491.595h-.788a.5.5 0 0 1-.49-.595l.384-1.99a1.5 1.5 0 1 1 2-1.415" /> <path d="M9.5 6.5a1.5 1.5 0 0 1-1 1.415l.385 1.99a.5.5 0 0 1-.491.595h-.788a.5.5 0 0 1-.49-.595l.384-1.99a1.5 1.5 0 1 1 2-1.415" />
</svg> </svg>
</div> </div>
<h1>@_localizer[WebKey.Formats.LockedTitle.Format(codeKeyName)]</h1> <h1>@_localizer.LockedTitle(codeKeyName)</h1>
</header> </header>
@if (viaAuthenticator && (tfaRegDeadline is null || tfaRegDeadline > DateTime.Now)) @if (viaAuthenticator && (tfaRegDeadline is null || tfaRegDeadline > DateTime.Now))
{ {
@ -47,14 +47,14 @@
</section> </section>
} }
<section class="text-center"> <section class="text-center">
<p>@_localizer[WebKey.Formats.LockedBody.Format(codeKeyName)].Value</p> <p>@_localizer.LockedBody(codeKeyName)</p>
</section> </section>
<div class="row m-0 p-0"> <div class="row m-0 p-0">
<div class="access-code-panel justify-content-center align-items-center p-0 m-0"> <div class="access-code-panel justify-content-center align-items-center p-0 m-0">
<form id="form-access-code" class="form form-floating mb-0" method="post"> <form id="form-access-code" class="form form-floating mb-0" method="post">
<div class="form-floating access-code-form-floating"> <div class="form-floating access-code-form-floating">
<input type="password" id="access_code" class="form-control" name="@codeType" placeholder="@_localizer[WebKey.Formats.LockedCodeLabel.Format(codeKeyName)]" required="required"> <input type="password" id="access_code" class="form-control" name="@codeType" placeholder="@_localizer.LockedCodeLabel(codeKeyName)]" required="required">
<label for="access_code">@_localizer[WebKey.Formats.LockedCodeLabel.Format(codeKeyName)]</label> <label for="access_code">@_localizer.LockedCodeLabel(codeKeyName)</label>
<button type="submit" class="btn btn-primary"> <button type="submit" class="btn btn-primary">
<span class="material-symbols-outlined"> <span class="material-symbols-outlined">
login login
@ -85,14 +85,13 @@
@if (ViewData["ErrorMessage"] is string errMsg) @if (ViewData["ErrorMessage"] is string errMsg)
{ {
<div id="access-code-error-message" class="alert alert-danger row" role="alert"> <div id="access-code-error-message" class="alert alert-danger row" role="alert">
@_sanitizer.Sanitize(errMsg) @errMsg
</div> </div>
} }
<section class="no-receiver-explanation text-center"> <section class="no-receiver-explanation text-center">
<details> <details>
<summary>@_localizer[WebKey.Formats.LockedFooterTitle.Format(codeKeyName)]</summary> <summary>@_localizer.LockedFooterTitle(codeKeyName)</summary>
<p>@Html.Raw(_localizer[WebKey.Formats.LockedFooterBody.Format(codeKeyName)].Value.Format(senderEmail, "Envelope - " + envelopeTitle, string.Empty))</p> <p>@Html.Raw(_localizer.LockedFooterBody(codeKeyName).Format(senderEmail, "Envelope - " + envelopeTitle, string.Empty))</p>
</details> </details>
</section> </section>
</div> </div>

12
EnvelopeGenerator.Web/Views/Home/EnvelopeRejected.cshtml
View File

@ -1,5 +1,5 @@
@{ @{
ViewData["Title"] = _localizer[WebKey.DocRejected]; ViewData["Title"] = _localizer.DocRejected();
} }
@{ @{
var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string; var nonce = _accessor.HttpContext?.Items["csp-nonce"] as string;
@ -53,16 +53,16 @@
c-5.791,5.79-15.176,5.79-20.969,0l-30.32-30.322l-11.676,11.676l30.32,30.32c5.79,5.79,5.79,15.178,0,20.969L299.11,404.045z"/> c-5.791,5.79-15.176,5.79-20.969,0l-30.32-30.322l-11.676,11.676l30.32,30.32c5.79,5.79,5.79,15.178,0,20.969L299.11,404.045z"/>
</svg> </svg>
</div> </div>
<h1>@_localizer[isExt ? WebKey.RejectionInfo1_ext : WebKey.RejectionInfo1].TrySanitize(_sanitizer)</h1> <h1>@(isExt ? _localizer.RejectionInfo1Ext() : _localizer.RejectionInfo1())</h1>
</header> </header>
<section class="text-center"> <section class="text-center">
<div class="card-body p-0 m-0 ms-4"> <div class="card-body p-0 m-0 ms-4">
<p class="card-text p-0 m-0"> <p class="card-text p-0 m-0">
<small class="text-body-secondary"> <small class="text-body-secondary">
@Html.Raw(string.Format(_localizer[isExt ? WebKey.RejectionInfo2_ext : WebKey.RejectionInfo2], @Html.Raw((isExt ? _localizer.RejectionInfo2Ext() : _localizer.RejectionInfo2()).Format(
$"{sender?.Prename} {sender?.Name}".TrySanitize(_sanitizer), $"{sender?.Prename} {sender?.Name}",
sender?.Email.TrySanitize(_sanitizer), sender?.Email,
envelope?.Title.TrySanitize(_sanitizer))) envelope?.Title))
</small> </small>
</p> </p>
</div> </div>

2
EnvelopeGenerator.Web/Views/Home/EnvelopeSigned.cshtml
View File

@ -1,5 +1,5 @@
@{ @{
ViewData["Title"] = _localizer[WebKey.DocSigned]; ViewData["Title"] = _localizer.DocSigned();
} }
<div class="page container p-5"> <div class="page container p-5">
<header class="text-center"> <header class="text-center">

6
EnvelopeGenerator.Web/Views/Home/Main.cshtml
View File

@ -8,7 +8,7 @@
<div class="page container py-4 px-4"> <div class="page container py-4 px-4">
<header class="text-center"> <header class="text-center">
<div class="header-1 alert alert-secondary" role="alert"> <div class="header-1 alert alert-secondary" role="alert">
<h3 class="text">@_localizer[WebKey.WelcomeToTheESignPortal]</h3> <h3 class="text">@_localizer.WelcomeToTheESignPortal()</h3>
<img class="@cImg["Company"].GetClassIn("Locked")" src="@cImg["Company"].Src" /> <img class="@cImg["Company"].GetClassIn("Locked")" src="@cImg["Company"].Src" />
</div> </div>
<div class="icon mt-4 mb-1"> <div class="icon mt-4 mb-1">
@ -27,12 +27,12 @@
@if (ViewData["ErrorMessage"] is string errMsg) @if (ViewData["ErrorMessage"] is string errMsg)
{ {
<div id="access-code-error-message" class="alert alert-danger row" role="alert"> <div id="access-code-error-message" class="alert alert-danger row" role="alert">
@_sanitizer.Sanitize(errMsg) @errMsg
</div> </div>
} }
</div> </div>
<script nonce="@nonce"> <script nonce="@nonce">
const msg = "@_localizer[WebKey.HomePageDescription]"; const msg = "@_localizer.HomePageDescription()";
var typed = new Typed('#home-description', { var typed = new Typed('#home-description', {
strings: [msg], strings: [msg],
typeSpeed: 15, typeSpeed: 15,

30
EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml
View File

@ -18,12 +18,12 @@
var pages = document?.Elements?.Select(e => e.Page) ?? Array.Empty<int>(); var pages = document?.Elements?.Select(e => e.Page) ?? Array.Empty<int>();
int? signatureCount = document?.Elements?.Count(); int? signatureCount = document?.Elements?.Count();
var stPageIndexes = string.Join(pages.Count() > 1 ? ", " : "", pages.Take(pages.Count() - 1)) var stPageIndexes = string.Join(pages.Count() > 1 ? ", " : "", pages.Take(pages.Count() - 1))
+ (pages.Count() > 1 ? $" {_localizer[WebKey.and].TrySanitize(_sanitizer)} " : "") + pages.LastOrDefault(); + (pages.Count() > 1 ? $" {_localizer.And()} " : "") + pages.LastOrDefault();
var isReadOnly = false; var isReadOnly = false;
if (ViewData["IsReadOnly"] is bool isReadOnly_bool) if (ViewData["IsReadOnly"] is bool isReadOnly_bool)
isReadOnly = isReadOnly_bool; isReadOnly = isReadOnly_bool;
ViewData["Title"] = isReadOnly ? _localizer[WebKey.ViewDoc] : _localizer[WebKey.SignDoc]; ViewData["Title"] = isReadOnly ? _localizer.ViewDoc() : _localizer.SignDoc();
} }
<div class="envelope-view"> <div class="envelope-view">
@if (!isReadOnly) @if (!isReadOnly)
@ -34,13 +34,13 @@
<path d="m10.036 8.278 9.258-7.79A1.979 1.979 0 0 0 18 0H2A1.987 1.987 0 0 0 .641.541l9.395 7.737Z" /> <path d="m10.036 8.278 9.258-7.79A1.979 1.979 0 0 0 18 0H2A1.987 1.987 0 0 0 .641.541l9.395 7.737Z" />
<path d="M11.241 9.817c-.36.275-.801.425-1.255.427-.428 0-.845-.138-1.187-.395L0 2.6V14a2 2 0 0 0 2 2h16a2 2 0 0 0 2-2V2.5l-8.759 7.317Z" /> <path d="M11.241 9.817c-.36.275-.801.425-1.255.427-.428 0-.845-.138-1.187-.395L0 2.6V14a2 2 0 0 0 2 2h16a2 2 0 0 0 2-2V2.5l-8.759 7.317Z" />
</svg> </svg>
<span>@_localizer[WebKey.Complete]</span> <span>@_localizer.Complete()</span>
</button> </button>
<button class="btn_reject btn btn-danger btn-desktop" type="button"> <button class="btn_reject btn btn-danger btn-desktop" type="button">
<svg width="25px" height="25px" viewBox="43.5 43.5 512 512" version="1.1" fill="currentColor" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <svg width="25px" height="25px" viewBox="43.5 43.5 512 512" version="1.1" fill="currentColor" xml:space="preserve" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<path class="st0" d="M263.24,43.5c-117.36,0-212.5,95.14-212.5,212.5s95.14,212.5,212.5,212.5s212.5-95.14,212.5-212.5 S380.6,43.5,263.24,43.5z M367.83,298.36c17.18,17.18,17.18,45.04,0,62.23v0c-17.18,17.18-45.04,17.18-62.23,0l-42.36-42.36 l-42.36,42.36c-17.18,17.18-45.04,17.18-62.23,0v0c-17.18-17.18-17.18-45.04,0-62.23L201.01,256l-42.36-42.36 c-17.18-17.18-17.18-45.04,0-62.23v0c17.18-17.18,45.04-17.18,62.23,0l42.36,42.36l42.36-42.36c17.18-17.18,45.04-17.18,62.23,0v0 c17.18,17.18,17.18,45.04,0,62.23L325.46,256L367.83,298.36z" /> <path class="st0" d="M263.24,43.5c-117.36,0-212.5,95.14-212.5,212.5s95.14,212.5,212.5,212.5s212.5-95.14,212.5-212.5 S380.6,43.5,263.24,43.5z M367.83,298.36c17.18,17.18,17.18,45.04,0,62.23v0c-17.18,17.18-45.04,17.18-62.23,0l-42.36-42.36 l-42.36,42.36c-17.18,17.18-45.04,17.18-62.23,0v0c-17.18-17.18-17.18-45.04,0-62.23L201.01,256l-42.36-42.36 c-17.18-17.18-17.18-45.04,0-62.23v0c17.18-17.18,45.04-17.18,62.23,0l42.36,42.36l42.36-42.36c17.18-17.18,45.04-17.18,62.23,0v0 c17.18,17.18,17.18,45.04,0,62.23L325.46,256L367.83,298.36z" />
</svg> </svg>
<span>@_localizer[WebKey.Reject]</span> <span>@_localizer.Reject()</span>
</button> </button>
<button class="btn_refresh btn btn-secondary btn-desktop" type="button"> <button class="btn_refresh btn btn-secondary btn-desktop" type="button">
<svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="currentColor" class="bi bi-arrow-counterclockwise" viewBox="0 0 16 16"> <svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" fill="currentColor" class="bi bi-arrow-counterclockwise" viewBox="0 0 16 16">
@ -68,7 +68,7 @@
<div class="logo"> <div class="logo">
<img class="@cImg["Company"].GetClassIn("Show")" src="@cImg["Company"].Src" alt="logo"> <img class="@cImg["Company"].GetClassIn("Show")" src="@cImg["Company"].Src" alt="logo">
</div> </div>
<h2>@($"{envelope?.Title}".TrySanitize(_sanitizer))</h2> <h2>@($"{envelope?.Title}")</h2>
@if (isReadOnly) @if (isReadOnly)
{ {
var dateTimeSt = string.Empty; var dateTimeSt = string.Empty;
@ -78,18 +78,18 @@
} }
else else
{ {
<h6>@($"{@envelope?.Message}".TrySanitize(_sanitizer))</h6> <h6>@($"{@envelope?.Message}")</h6>
} }
<p> <p>
<small class="text-body-secondary"> <small class="text-body-secondary">
@Html.Raw(string.Format(_localizer[WebKey.EnvelopeInfo2], /* sanitize separately but don't sanitize the URI */ @Html.Raw(_localizer.EnvelopeInfo2().Format(
envelope?.AddedWhen.ToString(userCulture?.Info?.DateTimeFormat).TrySanitize(_sanitizer), envelope?.AddedWhen.ToString(userCulture?.Info?.DateTimeFormat),
$"{sender?.Prename} {sender?.Name}".TrySanitize(_sanitizer), $"{sender?.Prename} {sender?.Name}",
sender?.Email.TrySanitize(_sanitizer), sender?.Email,
envelope?.Title.TrySanitize(_sanitizer), envelope?.Title,
sender?.Prename.TrySanitize(_sanitizer), sender?.Prename,
sender?.Name.TrySanitize(_sanitizer), sender?.Name,
sender?.Email.TrySanitize(_sanitizer))) sender?.Email))
</small> </small>
</p> </p>
</div> </div>
@ -212,6 +212,6 @@
var documentBase64String = Convert.ToBase64String(documentBytes); var documentBase64String = Convert.ToBase64String(documentBytes);
var envelopeKey = ViewData["EnvelopeKey"] as string; var envelopeKey = ViewData["EnvelopeKey"] as string;
@:document.addEventListener("DOMContentLoaded", async () => await new App("@envelopeKey.TrySanitize(_sanitizer)", @Html.Raw(envelopeReceiverJson.TrySanitize(_sanitizer)), B64ToBuff("@Html.Raw(documentBase64String.TrySanitize(_sanitizer))"), "@ViewData["PSPDFKitLicenseKey"]", "@userCulture?.Info?.TwoLetterISOLanguageName").init()) @:document.addEventListener("DOMContentLoaded", async () => await new App("@envelopeKey", @Html.Raw(envelopeReceiverJson), B64ToBuff("@Html.Raw(documentBase64String)"), "@ViewData["PSPDFKitLicenseKey"]", "@userCulture?.Info?.TwoLetterISOLanguageName").init())
} }
</script> </script>

9
EnvelopeGenerator.Web/Views/Shared/_Layout.cshtml
View File

@ -35,10 +35,9 @@
<script nonce="@nonce"> <script nonce="@nonce">
@if (ViewData["EnvelopeKey"] is string envelopeKey) @if (ViewData["EnvelopeKey"] is string envelopeKey)
{ {
@: const ENV_KEY = "@envelopeKey.TrySanitize(_sanitizer)" @: const ENV_KEY = "@envelopeKey";
} }
const IS_READONLY = @isReadOnly.ToString().ToLower(); const IS_READONLY = @isReadOnly.ToString().ToLower();
const DEVICE_SCREEN_TYPE = window.innerWidth <= 768 ? 'mobile' : window.innerWidth <= 1024 ? 'tablet' : 'desktop'; const DEVICE_SCREEN_TYPE = window.innerWidth <= 768 ? 'mobile' : window.innerWidth <= 1024 ? 'tablet' : 'desktop';
const IS_DESKTOP_SIZE = DEVICE_SCREEN_TYPE == 'desktop' const IS_DESKTOP_SIZE = DEVICE_SCREEN_TYPE == 'desktop'
@ -88,14 +87,14 @@
var lang = culture.Language; var lang = culture.Language;
var info = culture.Info; var info = culture.Info;
<li> <li>
<a class="dropdown-item culture-dropdown-item" data-language="@lang.TrySanitize(_sanitizer)" data-flag="@_cultures[lang]?.FIClass.TrySanitize(_sanitizer)"> <a class="dropdown-item culture-dropdown-item" data-language="@lang" data-flag="@_cultures[lang]?.FIClass">
<span class="fi @_cultures[lang]?.FIClass.TrySanitize(_sanitizer) me-2"></span>@info?.Parent.NativeName <span class="fi @_cultures[lang]?.FIClass me-2"></span>@info?.Parent.NativeName
</a> </a>
</li> </li>
} }
</ul> </ul>
</div> </div>
<a href="/privacy-policy.@(_localizer.Culture()).html" target="_blank">@_localizer[WebKey.Privacy]</a> <a href="/privacy-policy.@(_localizer.Culture()).html" target="_blank">@_localizer.Privacy()</a>
</footer> </footer>
</body> </body>
</html> </html>

2
EnvelopeGenerator.Web/Views/TestView/DebugEnvelopes.cshtml
View File

@ -32,7 +32,7 @@
<section> <section>
<article class="envelope"> <article class="envelope">
<strong><a href="/EnvelopeKey/@encodeEnvelopeKey(envelope)">@envelope.Title</a></strong> <strong><a href="/EnvelopeKey/@encodeEnvelopeKey(envelope)">@envelope.Title</a></strong>
<div><strong>Ersteller</strong> @envelope.User.Email.TrySanitize(_sanitizer)</div> <div><strong>Ersteller</strong> @envelope.User.Email</div>
<div><strong>Datum</strong> @envelope.AddedWhen</div> <div><strong>Datum</strong> @envelope.AddedWhen</div>
</article> </article>
</section> </section>

3
EnvelopeGenerator.Web/Views/_ViewImports.cshtml
View File

@ -6,9 +6,6 @@
@using EnvelopeGenerator.Application.Resources @using EnvelopeGenerator.Application.Resources
@using Microsoft.Extensions.Options @using Microsoft.Extensions.Options
@inject IStringLocalizer<Resource> _localizer @inject IStringLocalizer<Resource> _localizer
@inject System.Text.Encodings.Web.UrlEncoder _encoder
@inject Ganss.Xss.HtmlSanitizer _sanitizer
@inject HighlightHtmlSanitizer _hlSanitizer
@inject Microsoft.AspNetCore.Http.IHttpContextAccessor _accessor @inject Microsoft.AspNetCore.Http.IHttpContextAccessor _accessor
@inject Cultures _cultures @inject Cultures _cultures
@inject IOptions<CustomImages> _cImgOpt @inject IOptions<CustomImages> _cImgOpt

52
EnvelopeGenerator.Web/WebKey.cs
View File

@ -1,52 +0,0 @@
namespace EnvelopeGenerator.Web
{
public static class WebKey
{
public static readonly string ServiceOutputNullError = nameof(ServiceOutputNullError);
public static readonly string UnexpectedError = nameof(UnexpectedError);
public static readonly string FailedToSendAccessCode = nameof(FailedToSendAccessCode);
public static readonly string WrongEnvelopeReceiverId = nameof(WrongEnvelopeReceiverId);
public static readonly string DataIntegrityError = nameof(DataIntegrityError);
public static readonly string NonDecodableEnvelopeReceiverId = nameof(NonDecodableEnvelopeReceiverId);
public static readonly string de_DE = nameof(de_DE).Replace("_", "-");
public static readonly string en_US = nameof(en_US).Replace("_", "-");
public static readonly string WrongAccessCode = nameof(WrongAccessCode);
public static readonly string SignDoc = nameof(SignDoc);
public static readonly string DocRejected = nameof(DocRejected);
public static readonly string DocSigned = nameof(DocSigned);
public static readonly string DocProtected = nameof(DocProtected);
public static readonly string Complete = nameof(Complete);
public static readonly string EnvelopeInfo1 = nameof(EnvelopeInfo1);
public static readonly string EnvelopeInfo2 = nameof(EnvelopeInfo2);
public static readonly string SigAgree = nameof(SigAgree);
public static readonly string Reject = nameof(Reject);
public static readonly string and = nameof(and);
public static readonly string Hello = nameof(Hello);
public static readonly string RejectionInfo1 = nameof(RejectionInfo1);
public static readonly string RejectionInfo2 = nameof(RejectionInfo2);
public static readonly string RejectionInfo1_ext = nameof(RejectionInfo1_ext);
public static readonly string RejectionInfo2_ext = nameof(RejectionInfo2_ext);
public static readonly string SigningProcessTitle = nameof(SigningProcessTitle);
public static readonly string WelcomeToTheESignPortal = nameof(WelcomeToTheESignPortal);
public static readonly string ViewDoc = nameof(ViewDoc);
public static readonly string HomePageDescription = nameof(HomePageDescription);
public static readonly string Privacy = nameof(Privacy);
public static class Formats
{
public static readonly string LockedTitle = nameof(LockedTitle) + "{0}";
public static readonly string LockedBody = nameof(LockedBody) + "{0}";
public static readonly string LockedCodeLabel = nameof(LockedCodeLabel) + "{0}";
public static readonly string LockedFooterTitle = nameof(LockedFooterTitle) + "{0}";
public static readonly string LockedFooterBody = nameof(LockedFooterBody) + "{0}";
}
public static string Format(this string st, object? arg0) => string.Format(st, arg0: arg0);
public static string Format(this string st, params object?[] args) => string.Format(st, args: args);
}
}