From 8187924a8ced1a59ab4e8d831cf324a41f9c784d Mon Sep 17 00:00:00 2001 From: TekH Date: Fri, 30 Jan 2026 13:06:40 +0100 Subject: [PATCH] Add EnvelopeAuthExtensions for envelope claim handling Introduces EnvelopeAuthExtensions with helper methods to retrieve envelope-specific claims from ClaimsPrincipal and to sign in envelope receivers using cookie authentication. Supports extracting envelope and receiver details via claims for authentication flows. --- .../Extensions/EnvelopeAuthExtensions.cs | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 EnvelopeGenerator.GeneratorAPI/Extensions/EnvelopeAuthExtensions.cs diff --git a/EnvelopeGenerator.GeneratorAPI/Extensions/EnvelopeAuthExtensions.cs b/EnvelopeGenerator.GeneratorAPI/Extensions/EnvelopeAuthExtensions.cs new file mode 100644 index 00000000..48b2edb6 --- /dev/null +++ b/EnvelopeGenerator.GeneratorAPI/Extensions/EnvelopeAuthExtensions.cs @@ -0,0 +1,87 @@ +using System.Security.Claims; +using EnvelopeGenerator.Application.Common.Dto.EnvelopeReceiver; +using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authentication.Cookies; + +namespace EnvelopeGenerator.GeneratorAPI.Extensions; + +/// +/// Provides helper methods for working with envelope-specific authentication claims. +/// +public static class EnvelopeAuthExtensions +{ + /// + /// Retrieves a claim value by type. + /// + /// The current claims principal. + /// The claim type to resolve. + /// The claim value or null when missing. + public static string? GetClaimValue(this ClaimsPrincipal user, string claimType) => user.FindFirstValue(claimType); + + /// + /// Gets the authenticated envelope UUID from the claims. + /// + public static string? GetAuthEnvelopeUuid(this ClaimsPrincipal user) => user.FindFirstValue(ClaimTypes.NameIdentifier); + + /// + /// Gets the authenticated receiver signature from the claims. + /// + public static string? GetAuthReceiverSignature(this ClaimsPrincipal user) => user.FindFirstValue(ClaimTypes.Hash); + + /// + /// Gets the authenticated receiver display name from the claims. + /// + public static string? GetAuthReceiverName(this ClaimsPrincipal user) => user.FindFirstValue(ClaimTypes.Name); + + /// + /// Gets the authenticated receiver email address from the claims. + /// + public static string? GetAuthReceiverMail(this ClaimsPrincipal user) => user.FindFirstValue(ClaimTypes.Email); + + /// + /// Gets the authenticated envelope title from the claims. + /// + public static string? GetAuthEnvelopeTitle(this ClaimsPrincipal user) => user.FindFirstValue(EnvelopeClaimTypes.Title); + + /// + /// Gets the authenticated envelope identifier from the claims. + /// + public static int? GetAuthEnvelopeId(this ClaimsPrincipal user) + { + var envIdStr = user.FindFirstValue(EnvelopeClaimTypes.Id); + return int.TryParse(envIdStr, out var envId) ? envId : null; + } + + /// + /// Signs in an envelope receiver using cookie authentication and attaches envelope claims. + /// + /// The current HTTP context. + /// Envelope receiver DTO to extract claims from. + /// Role to attach to the authentication ticket. + public static async Task SignInEnvelopeAsync(this HttpContext context, EnvelopeReceiverDto envelopeReceiver, string receiverRole) + { + var claims = new List + { + new(ClaimTypes.NameIdentifier, envelopeReceiver.Envelope!.Uuid), + new(ClaimTypes.Hash, envelopeReceiver.Receiver!.Signature), + new(ClaimTypes.Name, envelopeReceiver.Name ?? string.Empty), + new(ClaimTypes.Email, envelopeReceiver.Receiver.EmailAddress), + new(EnvelopeClaimTypes.Title, envelopeReceiver.Envelope.Title), + new(EnvelopeClaimTypes.Id, envelopeReceiver.Envelope.Id.ToString()), + new(ClaimTypes.Role, receiverRole) + }; + + var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); + + var authProperties = new AuthenticationProperties + { + AllowRefresh = false, + IsPersistent = false + }; + + await context.SignInAsync( + CookieAuthenticationDefaults.AuthenticationScheme, + new ClaimsPrincipal(claimsIdentity), + authProperties); + } +}