AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

API NEW CONTROLLER UPDATED - Remove mail service from ReceiverAuthController

Browse Source 
All references to IEnvelopeMailService have been removed from ReceiverAuthController. The controller no longer sends access code emails; this responsibility is now handled by the Web project when generating the link. Updated comments clarify the new flow, and related redundant code has been cleaned up. Authentication and TFA logic remain unchanged.
This commit is contained in:
OlgunR
2026-03-23 17:01:48 +01:00
parent 8257ed573d
commit af28844714
1 changed files with 7 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
EnvelopeGenerator.API/Controllers/ReceiverAuthController.cs
View File

@@ -36,7 +36,6 @@ public class ReceiverAuthController : ControllerBase
private readonly IMediator _mediator;
private readonly IEnvelopeReceiverService _envRcvService;
private readonly IEnvelopeHistoryService _historyService;
private readonly IEnvelopeMailService _mailService;
private readonly IAuthenticator _authenticator;
private readonly IReceiverService _rcvService;
private readonly IEnvelopeSmsHandler _envSmsHandler;
@@ -46,7 +45,6 @@ public class ReceiverAuthController : ControllerBase
IMediator mediator,
IEnvelopeReceiverService envRcvService,
IEnvelopeHistoryService historyService,
IEnvelopeMailService mailService,
IAuthenticator authenticator,
IReceiverService rcvService,
IEnvelopeSmsHandler envSmsHandler)
@@ -55,7 +53,6 @@ public class ReceiverAuthController : ControllerBase
_mediator = mediator;
_envRcvService = envRcvService;
_historyService = historyService;
_mailService = mailService;
_authenticator = authenticator;
_rcvService = rcvService;
_envSmsHandler = envSmsHandler;
@@ -79,16 +76,12 @@ public class ReceiverAuthController : ControllerBase
try
{
// ── Key dekodieren ──
// Entspricht: if (!envelopeReceiverId.TryDecode(out var decoded))
if (!key.TryDecode(out var decoded))
return NotFound(new ReceiverAuthResponse { Status = "not_found" });
// ── ReadOnly-Links ──
// Entspricht: if (decoded.GetEncodeType() == EncodeType.EnvelopeReceiverReadOnly)
if (decoded.GetEncodeType() == EncodeType.EnvelopeReceiverReadOnly)
{
// ReadOnly-Logik: Prüfe ob abgelaufen
// Wir geben erstmal show_document zurück, ReadOnly-Details kommen in Phase 6
return Ok(new ReceiverAuthResponse
{
Status = "show_document",
@@ -97,13 +90,11 @@ public class ReceiverAuthController : ControllerBase
}
// ── EnvelopeReceiver laden ──
// Entspricht: var er = await _mediator.ReadEnvelopeReceiverAsync(envelopeReceiverId, cancel);
var er = await _mediator.ReadEnvelopeReceiverAsync(key, cancel);
if (er is null)
return NotFound(new ReceiverAuthResponse { Status = "not_found" });
// ── Abgelehnt? ──
// Entspricht: var rejRcvrs = await _historyService.ReadRejectingReceivers(er.Envelope!.Id);
var rejRcvrs = await _historyService.ReadRejectingReceivers(er.Envelope!.Id);
if (rejRcvrs.Any())
{
@@ -117,7 +108,6 @@ public class ReceiverAuthController : ControllerBase
}
// ── Bereits signiert? ──
// Entspricht: if (await _historyService.IsSigned(...))
if (await _historyService.IsSigned(
envelopeId: er.Envelope.Id,
userReference: er.Receiver!.EmailAddress))
@@ -132,7 +122,6 @@ public class ReceiverAuthController : ControllerBase
}
// ── Kein AccessCode nötig? → Direkt SignIn ──
// Entspricht: if (!er.Envelope!.UseAccessCode)
if (!er.Envelope.UseAccessCode)
{
(string? uuid, string? signature) = decoded.ParseEnvelopeReceiverId();
@@ -154,22 +143,24 @@ public class ReceiverAuthController : ControllerBase
});
}
// ── AccessCode nötig → Code senden (wenn noch nicht gesendet) ──
// Entspricht: bool accessCodeAlreadyRequested = ...
// ── AccessCode nötig ──
// HINWEIS: Die E-Mail mit dem AccessCode wird NICHT hier gesendet.
// Das passiert bereits im Web-Projekt, wenn der Link generiert wird.
// Der Blazor-Flow übernimmt erst NACH dem E-Mail-Versand.
bool accessCodeAlreadyRequested = await _historyService.AccessCodeAlreadyRequested(
envelopeId: er.Envelope.Id,
userReference: er.Receiver.EmailAddress);
if (!accessCodeAlreadyRequested)
{
// AccessCode wurde noch nie angefordert — das bedeutet der Empfänger
// kommt zum ersten Mal. Wir zeichnen es auf, aber die E-Mail
// wurde bereits vom Web-Projekt gesendet.
await _historyService.RecordAsync(
er.EnvelopeId, er.Receiver.EmailAddress, EnvelopeStatus.AccessCodeRequested);
await _mailService.SendAccessCodeAsync(envelopeReceiverDto: er);
}
// ── Prüfe ob der Nutzer bereits eingeloggt ist ──
// Entspricht: CreateEnvelopeLockedView → Prüfung ob User.IsInRole(ReceiverFull)
if (User.IsInRole(Role.ReceiverFull))
{
return Ok(new ReceiverAuthResponse
@@ -204,7 +195,6 @@ public class ReceiverAuthController : ControllerBase
// ══════════════════════════════════════════════════════════════
// ENDPUNKT 2: ACCESS-CODE PRÜFEN
// Entspricht: Web.EnvelopeController.LogInEnvelope() → HandleAccessCodeAsync()
// ══════════════════════════════════════════════════════════════
/// <summary>
@@ -234,7 +224,6 @@ public class ReceiverAuthController : ControllerBase
var erSecret = erSecretRes.Data;
// ── AccessCode prüfen ──
// Entspricht: HandleAccessCodeAsync() → if (er_secret.AccessCode != auth.AccessCode)
if (erSecret.AccessCode != request.AccessCode)
{
await _historyService.RecordAsync(
@@ -260,10 +249,8 @@ public class ReceiverAuthController : ControllerBase
EnvelopeStatus.AccessCodeCorrect);
// ── TFA erforderlich? ──
// Entspricht: if (er_secret.Envelope!.TFAEnabled)
if (erSecret.Envelope!.TFAEnabled)
{
// TotpSecretKey generieren falls noch nicht vorhanden
var rcv = erSecret.Receiver;
if (rcv.TotpSecretkey is null)
{
@@ -271,10 +258,8 @@ public class ReceiverAuthController : ControllerBase
await _rcvService.UpdateAsync(rcv);
}
// SignIn mit TFA-Rolle (eingeschränkt — nur TFA erlaubt, kein Dokument)
await HttpContext.SignInEnvelopeAsync(erSecret, Role.ReceiverTFA);
// SMS senden wenn vom Benutzer gewählt
if (request.PreferSms)
{
var (smsRes, expiration) = await _envSmsHandler.SendTotpAsync(erSecret);
@@ -327,7 +312,6 @@ public class ReceiverAuthController : ControllerBase
// ══════════════════════════════════════════════════════════════
// ENDPUNKT 3: TFA-CODE PRÜFEN
// Entspricht: Web.EnvelopeController.LogInEnvelope() → HandleSmsAsync/HandleAuthenticatorAsync
// ══════════════════════════════════════════════════════════════
/// <summary>
@@ -342,7 +326,6 @@ public class ReceiverAuthController : ControllerBase
{
try
{
// ── Prüfe ob der Nutzer TFA-berechtigt ist ──
if (!User.IsInRole(Role.ReceiverTFA))
return Unauthorized(new ReceiverAuthResponse
{
@@ -350,7 +333,6 @@ public class ReceiverAuthController : ControllerBase
ErrorMessage = "Bitte zuerst den Zugangscode eingeben."
});
// ── Daten laden ──
(string? uuid, string? signature) = key.DecodeEnvelopeReceiverId();
if (uuid is null || signature is null)
return NotFound(new ReceiverAuthResponse { Status = "not_found" });
@@ -373,17 +355,14 @@ public class ReceiverAuthController : ControllerBase
});
}
// ── Code verifizieren ──
bool codeValid;
if (request.Type == "sms")
{
// Entspricht: HandleSmsAsync()
codeValid = _envSmsHandler.VerifyTotp(request.Code, erSecret.Receiver.TotpSecretkey);
}
else
{
// Entspricht: HandleAuthenticatorAsync()
codeValid = _authenticator.VerifyTotp(
request.Code,
erSecret.Receiver.TotpSecretkey,
@@ -403,7 +382,6 @@ public class ReceiverAuthController : ControllerBase
});
}
// ── TFA erfolgreich → Voll-SignIn ──
await HttpContext.SignInEnvelopeAsync(erSecret, Role.ReceiverFull);
return Ok(new ReceiverAuthResponse