AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

API NEW CONTROLLER UPDATED - Remove mail service from ReceiverAuthController

Browse Source 
All references to IEnvelopeMailService have been removed from ReceiverAuthController. The controller no longer sends access code emails; this responsibility is now handled by the Web project when generating the link. Updated comments clarify the new flow, and related redundant code has been cleaned up. Authentication and TFA logic remain unchanged.
This commit is contained in:
OlgunR
2026-03-23 17:01:48 +01:00
parent 8257ed573d
commit af28844714
1 changed files with 7 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
EnvelopeGenerator.API/Controllers/ReceiverAuthController.cs
View File

@@ -36,7 +36,6 @@ public class ReceiverAuthController : ControllerBase
private readonly IMediator _mediator; private readonly IMediator _mediator;
private readonly IEnvelopeReceiverService _envRcvService; private readonly IEnvelopeReceiverService _envRcvService;
private readonly IEnvelopeHistoryService _historyService; private readonly IEnvelopeHistoryService _historyService;
private readonly IEnvelopeMailService _mailService;
private readonly IAuthenticator _authenticator; private readonly IAuthenticator _authenticator;
private readonly IReceiverService _rcvService; private readonly IReceiverService _rcvService;
private readonly IEnvelopeSmsHandler _envSmsHandler; private readonly IEnvelopeSmsHandler _envSmsHandler;
@@ -46,7 +45,6 @@ public class ReceiverAuthController : ControllerBase
IMediator mediator, IMediator mediator,
IEnvelopeReceiverService envRcvService, IEnvelopeReceiverService envRcvService,
IEnvelopeHistoryService historyService, IEnvelopeHistoryService historyService,
IEnvelopeMailService mailService,
IAuthenticator authenticator, IAuthenticator authenticator,
IReceiverService rcvService, IReceiverService rcvService,
IEnvelopeSmsHandler envSmsHandler) IEnvelopeSmsHandler envSmsHandler)
@@ -55,7 +53,6 @@ public class ReceiverAuthController : ControllerBase
_mediator = mediator; _mediator = mediator;
_envRcvService = envRcvService; _envRcvService = envRcvService;
_historyService = historyService; _historyService = historyService;
_mailService = mailService;
_authenticator = authenticator; _authenticator = authenticator;
_rcvService = rcvService; _rcvService = rcvService;
_envSmsHandler = envSmsHandler; _envSmsHandler = envSmsHandler;
@@ -79,16 +76,12 @@ public class ReceiverAuthController : ControllerBase
try try
{ {
// ── Key dekodieren ── // ── Key dekodieren ──
// Entspricht: if (!envelopeReceiverId.TryDecode(out var decoded))
if (!key.TryDecode(out var decoded)) if (!key.TryDecode(out var decoded))
return NotFound(new ReceiverAuthResponse { Status = "not_found" }); return NotFound(new ReceiverAuthResponse { Status = "not_found" });
// ── ReadOnly-Links ── // ── ReadOnly-Links ──
// Entspricht: if (decoded.GetEncodeType() == EncodeType.EnvelopeReceiverReadOnly)
if (decoded.GetEncodeType() == EncodeType.EnvelopeReceiverReadOnly) if (decoded.GetEncodeType() == EncodeType.EnvelopeReceiverReadOnly)
{ {
// ReadOnly-Logik: Prüfe ob abgelaufen
// Wir geben erstmal show_document zurück, ReadOnly-Details kommen in Phase 6
return Ok(new ReceiverAuthResponse return Ok(new ReceiverAuthResponse
{ {
Status = "show_document", Status = "show_document",
@@ -97,13 +90,11 @@ public class ReceiverAuthController : ControllerBase
} }
// ── EnvelopeReceiver laden ── // ── EnvelopeReceiver laden ──
// Entspricht: var er = await _mediator.ReadEnvelopeReceiverAsync(envelopeReceiverId, cancel);
var er = await _mediator.ReadEnvelopeReceiverAsync(key, cancel); var er = await _mediator.ReadEnvelopeReceiverAsync(key, cancel);
if (er is null) if (er is null)
return NotFound(new ReceiverAuthResponse { Status = "not_found" }); return NotFound(new ReceiverAuthResponse { Status = "not_found" });
// ── Abgelehnt? ── // ── Abgelehnt? ──
// Entspricht: var rejRcvrs = await _historyService.ReadRejectingReceivers(er.Envelope!.Id);
var rejRcvrs = await _historyService.ReadRejectingReceivers(er.Envelope!.Id); var rejRcvrs = await _historyService.ReadRejectingReceivers(er.Envelope!.Id);
if (rejRcvrs.Any()) if (rejRcvrs.Any())
{ {
@@ -117,7 +108,6 @@ public class ReceiverAuthController : ControllerBase
} }
// ── Bereits signiert? ── // ── Bereits signiert? ──
// Entspricht: if (await _historyService.IsSigned(...))
if (await _historyService.IsSigned( if (await _historyService.IsSigned(
envelopeId: er.Envelope.Id, envelopeId: er.Envelope.Id,
userReference: er.Receiver!.EmailAddress)) userReference: er.Receiver!.EmailAddress))
@@ -132,7 +122,6 @@ public class ReceiverAuthController : ControllerBase
} }
// ── Kein AccessCode nötig? → Direkt SignIn ── // ── Kein AccessCode nötig? → Direkt SignIn ──
// Entspricht: if (!er.Envelope!.UseAccessCode)
if (!er.Envelope.UseAccessCode) if (!er.Envelope.UseAccessCode)
{ {
(string? uuid, string? signature) = decoded.ParseEnvelopeReceiverId(); (string? uuid, string? signature) = decoded.ParseEnvelopeReceiverId();
@@ -154,22 +143,24 @@ public class ReceiverAuthController : ControllerBase
}); });
} }
// ── AccessCode nötig → Code senden (wenn noch nicht gesendet) ── // ── AccessCode nötig ──
// Entspricht: bool accessCodeAlreadyRequested = ... // HINWEIS: Die E-Mail mit dem AccessCode wird NICHT hier gesendet.
// Das passiert bereits im Web-Projekt, wenn der Link generiert wird.
// Der Blazor-Flow übernimmt erst NACH dem E-Mail-Versand.
bool accessCodeAlreadyRequested = await _historyService.AccessCodeAlreadyRequested( bool accessCodeAlreadyRequested = await _historyService.AccessCodeAlreadyRequested(
envelopeId: er.Envelope.Id, envelopeId: er.Envelope.Id,
userReference: er.Receiver.EmailAddress); userReference: er.Receiver.EmailAddress);
if (!accessCodeAlreadyRequested) if (!accessCodeAlreadyRequested)
{ {
// AccessCode wurde noch nie angefordert — das bedeutet der Empfänger
// kommt zum ersten Mal. Wir zeichnen es auf, aber die E-Mail
// wurde bereits vom Web-Projekt gesendet.
await _historyService.RecordAsync( await _historyService.RecordAsync(
er.EnvelopeId, er.Receiver.EmailAddress, EnvelopeStatus.AccessCodeRequested); er.EnvelopeId, er.Receiver.EmailAddress, EnvelopeStatus.AccessCodeRequested);
await _mailService.SendAccessCodeAsync(envelopeReceiverDto: er);
} }
// ── Prüfe ob der Nutzer bereits eingeloggt ist ── // ── Prüfe ob der Nutzer bereits eingeloggt ist ──
// Entspricht: CreateEnvelopeLockedView → Prüfung ob User.IsInRole(ReceiverFull)
if (User.IsInRole(Role.ReceiverFull)) if (User.IsInRole(Role.ReceiverFull))
{ {
return Ok(new ReceiverAuthResponse return Ok(new ReceiverAuthResponse
@@ -204,7 +195,6 @@ public class ReceiverAuthController : ControllerBase
// ══════════════════════════════════════════════════════════════ // ══════════════════════════════════════════════════════════════
// ENDPUNKT 2: ACCESS-CODE PRÜFEN // ENDPUNKT 2: ACCESS-CODE PRÜFEN
// Entspricht: Web.EnvelopeController.LogInEnvelope() → HandleAccessCodeAsync()
// ══════════════════════════════════════════════════════════════ // ══════════════════════════════════════════════════════════════
/// <summary> /// <summary>
@@ -234,7 +224,6 @@ public class ReceiverAuthController : ControllerBase
var erSecret = erSecretRes.Data; var erSecret = erSecretRes.Data;
// ── AccessCode prüfen ── // ── AccessCode prüfen ──
// Entspricht: HandleAccessCodeAsync() → if (er_secret.AccessCode != auth.AccessCode)
if (erSecret.AccessCode != request.AccessCode) if (erSecret.AccessCode != request.AccessCode)
{ {
await _historyService.RecordAsync( await _historyService.RecordAsync(
@@ -260,10 +249,8 @@ public class ReceiverAuthController : ControllerBase
EnvelopeStatus.AccessCodeCorrect); EnvelopeStatus.AccessCodeCorrect);
// ── TFA erforderlich? ── // ── TFA erforderlich? ──
// Entspricht: if (er_secret.Envelope!.TFAEnabled)
if (erSecret.Envelope!.TFAEnabled) if (erSecret.Envelope!.TFAEnabled)
{ {
// TotpSecretKey generieren falls noch nicht vorhanden
var rcv = erSecret.Receiver; var rcv = erSecret.Receiver;
if (rcv.TotpSecretkey is null) if (rcv.TotpSecretkey is null)
{ {
@@ -271,10 +258,8 @@ public class ReceiverAuthController : ControllerBase
await _rcvService.UpdateAsync(rcv); await _rcvService.UpdateAsync(rcv);
} }
// SignIn mit TFA-Rolle (eingeschränkt — nur TFA erlaubt, kein Dokument)
await HttpContext.SignInEnvelopeAsync(erSecret, Role.ReceiverTFA); await HttpContext.SignInEnvelopeAsync(erSecret, Role.ReceiverTFA);
// SMS senden wenn vom Benutzer gewählt
if (request.PreferSms) if (request.PreferSms)
{ {
var (smsRes, expiration) = await _envSmsHandler.SendTotpAsync(erSecret); var (smsRes, expiration) = await _envSmsHandler.SendTotpAsync(erSecret);
@@ -327,7 +312,6 @@ public class ReceiverAuthController : ControllerBase
// ══════════════════════════════════════════════════════════════ // ══════════════════════════════════════════════════════════════
// ENDPUNKT 3: TFA-CODE PRÜFEN // ENDPUNKT 3: TFA-CODE PRÜFEN
// Entspricht: Web.EnvelopeController.LogInEnvelope() → HandleSmsAsync/HandleAuthenticatorAsync
// ══════════════════════════════════════════════════════════════ // ══════════════════════════════════════════════════════════════
/// <summary> /// <summary>
@@ -342,7 +326,6 @@ public class ReceiverAuthController : ControllerBase
{ {
try try
{ {
// ── Prüfe ob der Nutzer TFA-berechtigt ist ──
if (!User.IsInRole(Role.ReceiverTFA)) if (!User.IsInRole(Role.ReceiverTFA))
return Unauthorized(new ReceiverAuthResponse return Unauthorized(new ReceiverAuthResponse
{ {
@@ -350,7 +333,6 @@ public class ReceiverAuthController : ControllerBase
ErrorMessage = "Bitte zuerst den Zugangscode eingeben." ErrorMessage = "Bitte zuerst den Zugangscode eingeben."
}); });
// ── Daten laden ──
(string? uuid, string? signature) = key.DecodeEnvelopeReceiverId(); (string? uuid, string? signature) = key.DecodeEnvelopeReceiverId();
if (uuid is null || signature is null) if (uuid is null || signature is null)
return NotFound(new ReceiverAuthResponse { Status = "not_found" }); return NotFound(new ReceiverAuthResponse { Status = "not_found" });
@@ -373,17 +355,14 @@ public class ReceiverAuthController : ControllerBase
}); });
} }
// ── Code verifizieren ──
bool codeValid; bool codeValid;
if (request.Type == "sms") if (request.Type == "sms")
{ {
// Entspricht: HandleSmsAsync()
codeValid = _envSmsHandler.VerifyTotp(request.Code, erSecret.Receiver.TotpSecretkey); codeValid = _envSmsHandler.VerifyTotp(request.Code, erSecret.Receiver.TotpSecretkey);
} }
else else
{ {
// Entspricht: HandleAuthenticatorAsync()
codeValid = _authenticator.VerifyTotp( codeValid = _authenticator.VerifyTotp(
request.Code, request.Code,
erSecret.Receiver.TotpSecretkey, erSecret.Receiver.TotpSecretkey,
@@ -403,7 +382,6 @@ public class ReceiverAuthController : ControllerBase
}); });
} }
// ── TFA erfolgreich → Voll-SignIn ──
await HttpContext.SignInEnvelopeAsync(erSecret, Role.ReceiverFull); await HttpContext.SignInEnvelopeAsync(erSecret, Role.ReceiverFull);
return Ok(new ReceiverAuthResponse return Ok(new ReceiverAuthResponse