From af2884471432dfc8384ba1b674613edefcc0b8ed Mon Sep 17 00:00:00 2001 From: OlgunR Date: Mon, 23 Mar 2026 17:01:48 +0100 Subject: [PATCH] API NEW CONTROLLER UPDATED - Remove mail service from ReceiverAuthController All references to IEnvelopeMailService have been removed from ReceiverAuthController. The controller no longer sends access code emails; this responsibility is now handled by the Web project when generating the link. Updated comments clarify the new flow, and related redundant code has been cleaned up. Authentication and TFA logic remain unchanged. --- .../Controllers/ReceiverAuthController.cs | 36 ++++--------------- 1 file changed, 7 insertions(+), 29 deletions(-) diff --git a/EnvelopeGenerator.API/Controllers/ReceiverAuthController.cs b/EnvelopeGenerator.API/Controllers/ReceiverAuthController.cs index 19a87389..73acce0a 100644 --- a/EnvelopeGenerator.API/Controllers/ReceiverAuthController.cs +++ b/EnvelopeGenerator.API/Controllers/ReceiverAuthController.cs @@ -36,7 +36,6 @@ public class ReceiverAuthController : ControllerBase private readonly IMediator _mediator; private readonly IEnvelopeReceiverService _envRcvService; private readonly IEnvelopeHistoryService _historyService; - private readonly IEnvelopeMailService _mailService; private readonly IAuthenticator _authenticator; private readonly IReceiverService _rcvService; private readonly IEnvelopeSmsHandler _envSmsHandler; @@ -46,7 +45,6 @@ public class ReceiverAuthController : ControllerBase IMediator mediator, IEnvelopeReceiverService envRcvService, IEnvelopeHistoryService historyService, - IEnvelopeMailService mailService, IAuthenticator authenticator, IReceiverService rcvService, IEnvelopeSmsHandler envSmsHandler) @@ -55,7 +53,6 @@ public class ReceiverAuthController : ControllerBase _mediator = mediator; _envRcvService = envRcvService; _historyService = historyService; - _mailService = mailService; _authenticator = authenticator; _rcvService = rcvService; _envSmsHandler = envSmsHandler; @@ -79,16 +76,12 @@ public class ReceiverAuthController : ControllerBase try { // ── Key dekodieren ── - // Entspricht: if (!envelopeReceiverId.TryDecode(out var decoded)) if (!key.TryDecode(out var decoded)) return NotFound(new ReceiverAuthResponse { Status = "not_found" }); // ── ReadOnly-Links ── - // Entspricht: if (decoded.GetEncodeType() == EncodeType.EnvelopeReceiverReadOnly) if (decoded.GetEncodeType() == EncodeType.EnvelopeReceiverReadOnly) { - // ReadOnly-Logik: Prüfe ob abgelaufen - // Wir geben erstmal show_document zurück, ReadOnly-Details kommen in Phase 6 return Ok(new ReceiverAuthResponse { Status = "show_document", @@ -97,13 +90,11 @@ public class ReceiverAuthController : ControllerBase } // ── EnvelopeReceiver laden ── - // Entspricht: var er = await _mediator.ReadEnvelopeReceiverAsync(envelopeReceiverId, cancel); var er = await _mediator.ReadEnvelopeReceiverAsync(key, cancel); if (er is null) return NotFound(new ReceiverAuthResponse { Status = "not_found" }); // ── Abgelehnt? ── - // Entspricht: var rejRcvrs = await _historyService.ReadRejectingReceivers(er.Envelope!.Id); var rejRcvrs = await _historyService.ReadRejectingReceivers(er.Envelope!.Id); if (rejRcvrs.Any()) { @@ -117,7 +108,6 @@ public class ReceiverAuthController : ControllerBase } // ── Bereits signiert? ── - // Entspricht: if (await _historyService.IsSigned(...)) if (await _historyService.IsSigned( envelopeId: er.Envelope.Id, userReference: er.Receiver!.EmailAddress)) @@ -132,7 +122,6 @@ public class ReceiverAuthController : ControllerBase } // ── Kein AccessCode nötig? → Direkt SignIn ── - // Entspricht: if (!er.Envelope!.UseAccessCode) if (!er.Envelope.UseAccessCode) { (string? uuid, string? signature) = decoded.ParseEnvelopeReceiverId(); @@ -154,22 +143,24 @@ public class ReceiverAuthController : ControllerBase }); } - // ── AccessCode nötig → Code senden (wenn noch nicht gesendet) ── - // Entspricht: bool accessCodeAlreadyRequested = ... + // ── AccessCode nötig ── + // HINWEIS: Die E-Mail mit dem AccessCode wird NICHT hier gesendet. + // Das passiert bereits im Web-Projekt, wenn der Link generiert wird. + // Der Blazor-Flow übernimmt erst NACH dem E-Mail-Versand. bool accessCodeAlreadyRequested = await _historyService.AccessCodeAlreadyRequested( envelopeId: er.Envelope.Id, userReference: er.Receiver.EmailAddress); if (!accessCodeAlreadyRequested) { + // AccessCode wurde noch nie angefordert — das bedeutet der Empfänger + // kommt zum ersten Mal. Wir zeichnen es auf, aber die E-Mail + // wurde bereits vom Web-Projekt gesendet. await _historyService.RecordAsync( er.EnvelopeId, er.Receiver.EmailAddress, EnvelopeStatus.AccessCodeRequested); - - await _mailService.SendAccessCodeAsync(envelopeReceiverDto: er); } // ── Prüfe ob der Nutzer bereits eingeloggt ist ── - // Entspricht: CreateEnvelopeLockedView → Prüfung ob User.IsInRole(ReceiverFull) if (User.IsInRole(Role.ReceiverFull)) { return Ok(new ReceiverAuthResponse @@ -204,7 +195,6 @@ public class ReceiverAuthController : ControllerBase // ══════════════════════════════════════════════════════════════ // ENDPUNKT 2: ACCESS-CODE PRÜFEN - // Entspricht: Web.EnvelopeController.LogInEnvelope() → HandleAccessCodeAsync() // ══════════════════════════════════════════════════════════════ /// @@ -234,7 +224,6 @@ public class ReceiverAuthController : ControllerBase var erSecret = erSecretRes.Data; // ── AccessCode prüfen ── - // Entspricht: HandleAccessCodeAsync() → if (er_secret.AccessCode != auth.AccessCode) if (erSecret.AccessCode != request.AccessCode) { await _historyService.RecordAsync( @@ -260,10 +249,8 @@ public class ReceiverAuthController : ControllerBase EnvelopeStatus.AccessCodeCorrect); // ── TFA erforderlich? ── - // Entspricht: if (er_secret.Envelope!.TFAEnabled) if (erSecret.Envelope!.TFAEnabled) { - // TotpSecretKey generieren falls noch nicht vorhanden var rcv = erSecret.Receiver; if (rcv.TotpSecretkey is null) { @@ -271,10 +258,8 @@ public class ReceiverAuthController : ControllerBase await _rcvService.UpdateAsync(rcv); } - // SignIn mit TFA-Rolle (eingeschränkt — nur TFA erlaubt, kein Dokument) await HttpContext.SignInEnvelopeAsync(erSecret, Role.ReceiverTFA); - // SMS senden wenn vom Benutzer gewählt if (request.PreferSms) { var (smsRes, expiration) = await _envSmsHandler.SendTotpAsync(erSecret); @@ -327,7 +312,6 @@ public class ReceiverAuthController : ControllerBase // ══════════════════════════════════════════════════════════════ // ENDPUNKT 3: TFA-CODE PRÜFEN - // Entspricht: Web.EnvelopeController.LogInEnvelope() → HandleSmsAsync/HandleAuthenticatorAsync // ══════════════════════════════════════════════════════════════ /// @@ -342,7 +326,6 @@ public class ReceiverAuthController : ControllerBase { try { - // ── Prüfe ob der Nutzer TFA-berechtigt ist ── if (!User.IsInRole(Role.ReceiverTFA)) return Unauthorized(new ReceiverAuthResponse { @@ -350,7 +333,6 @@ public class ReceiverAuthController : ControllerBase ErrorMessage = "Bitte zuerst den Zugangscode eingeben." }); - // ── Daten laden ── (string? uuid, string? signature) = key.DecodeEnvelopeReceiverId(); if (uuid is null || signature is null) return NotFound(new ReceiverAuthResponse { Status = "not_found" }); @@ -373,17 +355,14 @@ public class ReceiverAuthController : ControllerBase }); } - // ── Code verifizieren ── bool codeValid; if (request.Type == "sms") { - // Entspricht: HandleSmsAsync() codeValid = _envSmsHandler.VerifyTotp(request.Code, erSecret.Receiver.TotpSecretkey); } else { - // Entspricht: HandleAuthenticatorAsync() codeValid = _authenticator.VerifyTotp( request.Code, erSecret.Receiver.TotpSecretkey, @@ -403,7 +382,6 @@ public class ReceiverAuthController : ControllerBase }); } - // ── TFA erfolgreich → Voll-SignIn ── await HttpContext.SignInEnvelopeAsync(erSecret, Role.ReceiverFull); return Ok(new ReceiverAuthResponse