feat(HomeController): Funktionalität zur Überprüfung des SMS-Codes hinzugefügt

2024-11-30 04:23:24 +01:00 · 2024-11-30 04:23:24 +01:00 · a6468c2ff1
commit a6468c2ff1
parent 40a21a0b89
3 changed files with 55 additions and 19 deletions
--- a/EnvelopeGenerator.Application/DTOs/EnvelopeReceiver/EnvelopeReceiverSecretDto.cs
+++ b/EnvelopeGenerator.Application/DTOs/EnvelopeReceiver/EnvelopeReceiverSecretDto.cs
@ -5,7 +5,5 @@
        public string? AccessCode { get; init; }

        public string? PhoneNumber { get; init; }
-
-        public EnvelopeReceiverDto WithoutSecrets => this;
    }
 }
--- a/EnvelopeGenerator.Application/Extensions/MappingExtensions.cs
+++ b/EnvelopeGenerator.Application/Extensions/MappingExtensions.cs
@ -1,4 +1,5 @@
-using EnvelopeGenerator.Domain.HttpResponse;
+using EnvelopeGenerator.Application.DTOs.EnvelopeReceiver;
+using EnvelopeGenerator.Domain.HttpResponse;

 namespace EnvelopeGenerator.Application.Extensions
 {
--- a/EnvelopeGenerator.Web/Controllers/HomeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs
@ -19,6 +19,7 @@ using Ganss.Xss;
 using Newtonsoft.Json;
 using EnvelopeGenerator.Application.DTOs;
 using DigitalData.Core.Client;
+using DevExpress.Utils.About;

 namespace EnvelopeGenerator.Web.Controllers
 {
@ -35,7 +36,9 @@ namespace EnvelopeGenerator.Web.Controllers
        private readonly IEnvelopeMailService _mailService;
        private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
        private readonly IMessagingService _msgService;
-        public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService, IMessagingService messagingService)
+        private readonly IEnvelopeReceiverCache _erCache;
+
+        public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService, IMessagingService messagingService, IEnvelopeReceiverCache envelopeReceiverCache)
        {
            this.envelopeOldService = envelopeOldService;
            _envRcvService = envelopeReceiverService;
@ -48,6 +51,7 @@ namespace EnvelopeGenerator.Web.Controllers
            _logger = logger;
            _readOnlyService = readOnlyService;
            _msgService = messagingService;
+            _erCache = envelopeReceiverCache;
        }

        [HttpGet("/")]
@ -174,6 +178,29 @@ namespace EnvelopeGenerator.Web.Controllers

                return await _envRcvService.ReadWithSecretByUuidSignatureAsync(uuid: uuid, signature: signature).ThenAsync<EnvelopeReceiverSecretDto, IActionResult>(
                        SuccessAsync: async er_secret =>
+                        {
+                            async Task<IActionResult> SendSmsView()
+                            {
+                                var res = await _msgService.SendSmsCodeAsync(er_secret.PhoneNumber!, envelopeReceiverId: envelopeReceiverId);
+                                if (res.Ok)
+                                    return View("EnvelopeLocked").WithData("ViaSms", true).WithData("Expiration", res.Expiration);
+                                else if (!res.Allowed)
+                                    return View("EnvelopeLocked").WithData("ViaSms", true).WithData("Expiration", res.AllowedAt);
+                                else
+                                {
+                                    var res_json = JsonConvert.SerializeObject(res);
+                                    _logger.LogEnvelopeError(envelopeReceiverId: envelopeReceiverId, message: $"An unexpected error occurred while sending an SMS code. Response: ${res_json}");
+                                    return this.ViewInnerServiceError();
+                                }
+                            }
+
+                            if (auth.HasMulti)
+                            {
+                                Response.StatusCode = StatusCodes.Status401Unauthorized;
+                                return View("EnvelopeLocked")
+                                        .WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
+                            }
+                            else if (auth.HasAccessCode)
                            {
                                //check the access code verification
                                if (er_secret.AccessCode != auth.AccessCode)
@ -190,21 +217,31 @@ namespace EnvelopeGenerator.Web.Controllers
                                //check if the user has phone is added
                                if (er_secret.HasPhoneNumber)
                                {
-                                var res = await _msgService.SendSmsCodeAsync(er_secret.PhoneNumber!, envelopeReceiverId: envelopeReceiverId);
-                                if (res.Ok)
-                                    return View("EnvelopeLocked").WithData("ViaSms", true).WithData("Expiration", res.Expiration);
-                                else if (!res.Allowed)
-                                    return View("EnvelopeLocked").WithData("ViaSms", true).WithData("Expiration", res.AllowedAt);
+                                    return await SendSmsView();
+                                }
+                            }
+                            else if (auth.HasSmsCode)
+                            {
+                                var smsCode = await _erCache.GetSmsCodeAsync(envelopeReceiverId);
+                                if (smsCode is null)
+                                    return RedirectToAction("EnvelopeLocked", new { envelopeReceiverId });
+
+                                if(auth.SmsCode != smsCode)
+                                {
+                                    Response.StatusCode = StatusCodes.Status401Unauthorized;
+                                    ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value;
+                                    return await SendSmsView();
+                                }
+                            }
                            else
                            {
-                                    var res_json = JsonConvert.SerializeObject(res);
-                                    _logger.LogEnvelopeError(envelopeReceiverId: envelopeReceiverId, message: $"An unexpected error occurred while sending an SMS code. Response: ${res_json}");
-                                    return this.ViewInnerServiceError();
-                                }
+                                Response.StatusCode = StatusCodes.Status401Unauthorized;
+                                return View("EnvelopeLocked")
+                                        .WithData("ErrorMessage", _localizer[WebKey.WrongAccessCode].Value);
                            }

                            //continue the process without important data to minimize security errors.
-                            var er = er_secret.WithoutSecrets;
+                            EnvelopeReceiverDto er = er_secret;

 							ViewData["EnvelopeKey"] = envelopeReceiverId;
 							//check rejection