feat(HomeController): Funktionalität zur Überprüfung des SMS-Codes hinzugefügt
This commit is contained in:
Developer 02
parent
40a21a0b89
commit
a6468c2ff1
@ -5,7 +5,5 @@
|
|||||||
public string? AccessCode { get; init; }
|
public string? AccessCode { get; init; }
|
||||||
|
|
||||||
public string? PhoneNumber { get; init; }
|
public string? PhoneNumber { get; init; }
|
||||||
|
|
||||||
public EnvelopeReceiverDto WithoutSecrets => this;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1,4 +1,5 @@
|
|||||||
using EnvelopeGenerator.Domain.HttpResponse;
|
using EnvelopeGenerator.Application.DTOs.EnvelopeReceiver;
|
||||||
|
using EnvelopeGenerator.Domain.HttpResponse;
|
||||||
|
|
||||||
namespace EnvelopeGenerator.Application.Extensions
|
namespace EnvelopeGenerator.Application.Extensions
|
||||||
{
|
{
|
||||||
|
|||||||
@ -19,6 +19,7 @@ using Ganss.Xss;
|
|||||||
using Newtonsoft.Json;
|
using Newtonsoft.Json;
|
||||||
using EnvelopeGenerator.Application.DTOs;
|
using EnvelopeGenerator.Application.DTOs;
|
||||||
using DigitalData.Core.Client;
|
using DigitalData.Core.Client;
|
||||||
|
using DevExpress.Utils.About;
|
||||||
|
|
||||||
namespace EnvelopeGenerator.Web.Controllers
|
namespace EnvelopeGenerator.Web.Controllers
|
||||||
{
|
{
|
||||||
@ -35,7 +36,9 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
private readonly IEnvelopeMailService _mailService;
|
private readonly IEnvelopeMailService _mailService;
|
||||||
private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
|
private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
|
||||||
private readonly IMessagingService _msgService;
|
private readonly IMessagingService _msgService;
|
||||||
public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService, IMessagingService messagingService)
|
private readonly IEnvelopeReceiverCache _erCache;
|
||||||
|
|
||||||
|
public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService, IMessagingService messagingService, IEnvelopeReceiverCache envelopeReceiverCache)
|
||||||
{
|
{
|
||||||
this.envelopeOldService = envelopeOldService;
|
this.envelopeOldService = envelopeOldService;
|
||||||
_envRcvService = envelopeReceiverService;
|
_envRcvService = envelopeReceiverService;
|
||||||
@ -48,6 +51,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
_logger = logger;
|
_logger = logger;
|
||||||
_readOnlyService = readOnlyService;
|
_readOnlyService = readOnlyService;
|
||||||
_msgService = messagingService;
|
_msgService = messagingService;
|
||||||
|
_erCache = envelopeReceiverCache;
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpGet("/")]
|
[HttpGet("/")]
|
||||||
@ -175,20 +179,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
return await _envRcvService.ReadWithSecretByUuidSignatureAsync(uuid: uuid, signature: signature).ThenAsync<EnvelopeReceiverSecretDto, IActionResult>(
|
return await _envRcvService.ReadWithSecretByUuidSignatureAsync(uuid: uuid, signature: signature).ThenAsync<EnvelopeReceiverSecretDto, IActionResult>(
|
||||||
SuccessAsync: async er_secret =>
|
SuccessAsync: async er_secret =>
|
||||||
{
|
{
|
||||||
//check the access code verification
|
async Task<IActionResult> SendSmsView()
|
||||||
if (er_secret.AccessCode != auth.AccessCode)
|
|
||||||
{
|
|
||||||
//Constants.EnvelopeStatus.AccessCodeIncorrect
|
|
||||||
await _historyService.RecordAsync(er_secret.EnvelopeId, er_secret.Receiver!.EmailAddress, Constants.EnvelopeStatus.AccessCodeIncorrect);
|
|
||||||
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
|
||||||
return View("EnvelopeLocked")
|
|
||||||
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
|
|
||||||
}
|
|
||||||
|
|
||||||
await _historyService.RecordAsync(er_secret.EnvelopeId, er_secret.Receiver!.EmailAddress, Constants.EnvelopeStatus.AccessCodeCorrect);
|
|
||||||
|
|
||||||
//check if the user has phone is added
|
|
||||||
if (er_secret.HasPhoneNumber)
|
|
||||||
{
|
{
|
||||||
var res = await _msgService.SendSmsCodeAsync(er_secret.PhoneNumber!, envelopeReceiverId: envelopeReceiverId);
|
var res = await _msgService.SendSmsCodeAsync(er_secret.PhoneNumber!, envelopeReceiverId: envelopeReceiverId);
|
||||||
if (res.Ok)
|
if (res.Ok)
|
||||||
@ -203,8 +194,54 @@ namespace EnvelopeGenerator.Web.Controllers
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (auth.HasMulti)
|
||||||
|
{
|
||||||
|
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||||
|
return View("EnvelopeLocked")
|
||||||
|
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
|
||||||
|
}
|
||||||
|
else if (auth.HasAccessCode)
|
||||||
|
{
|
||||||
|
//check the access code verification
|
||||||
|
if (er_secret.AccessCode != auth.AccessCode)
|
||||||
|
{
|
||||||
|
//Constants.EnvelopeStatus.AccessCodeIncorrect
|
||||||
|
await _historyService.RecordAsync(er_secret.EnvelopeId, er_secret.Receiver!.EmailAddress, Constants.EnvelopeStatus.AccessCodeIncorrect);
|
||||||
|
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||||
|
return View("EnvelopeLocked")
|
||||||
|
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
|
||||||
|
}
|
||||||
|
|
||||||
|
await _historyService.RecordAsync(er_secret.EnvelopeId, er_secret.Receiver!.EmailAddress, Constants.EnvelopeStatus.AccessCodeCorrect);
|
||||||
|
|
||||||
|
//check if the user has phone is added
|
||||||
|
if (er_secret.HasPhoneNumber)
|
||||||
|
{
|
||||||
|
return await SendSmsView();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (auth.HasSmsCode)
|
||||||
|
{
|
||||||
|
var smsCode = await _erCache.GetSmsCodeAsync(envelopeReceiverId);
|
||||||
|
if (smsCode is null)
|
||||||
|
return RedirectToAction("EnvelopeLocked", new { envelopeReceiverId });
|
||||||
|
|
||||||
|
if(auth.SmsCode != smsCode)
|
||||||
|
{
|
||||||
|
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||||
|
ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value;
|
||||||
|
return await SendSmsView();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
Response.StatusCode = StatusCodes.Status401Unauthorized;
|
||||||
|
return View("EnvelopeLocked")
|
||||||
|
.WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
|
||||||
|
}
|
||||||
|
|
||||||
//continue the process without important data to minimize security errors.
|
//continue the process without important data to minimize security errors.
|
||||||
var er = er_secret.WithoutSecrets;
|
EnvelopeReceiverDto er = er_secret;
|
||||||
|
|
||||||
ViewData["EnvelopeKey"] = envelopeReceiverId;
|
ViewData["EnvelopeKey"] = envelopeReceiverId;
|
||||||
//check rejection
|
//check rejection
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user