Refaktorierung des HomeController zur Verbesserung der Fehlerbehandlung, des Authentifizierungsprozesses und der Verwaltung der Benutzersprache.

2024-05-24 13:42:20 +02:00 · 2024-05-24 13:42:20 +02:00 · b594ddb646
commit b594ddb646
parent b60ae62779
2 changed files with 10 additions and 7 deletions
--- a/EnvelopeGenerator.Web/Controllers/HomeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs
@ -164,7 +164,8 @@ namespace EnvelopeGenerator.Web.Controllers

                                        var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
                                        var authProperties = new AuthenticationProperties {
-                                            AllowRefresh = false
+                                            AllowRefresh = false,
+                                            IsPersistent = false
                                        };

                                        await HttpContext.SignInAsync(
@ -187,14 +188,17 @@ namespace EnvelopeGenerator.Web.Controllers
                        else
                        {
                            database.Services.actionService.EnterIncorrectAccessCode(response.Envelope, response.Receiver); //for history
-                            return Unauthorized();
-
+                            Response.StatusCode = StatusCodes.Status401Unauthorized;
+                            return View("EnvelopeLocked")
+                                    .WithData("UserLanguage", UserLanguage ?? _cultures.Default.Language);
                        }
                    },
                    Fail: (messages, notices) =>
                    {
                        _logger.LogNotice(notices);
-                        return Unauthorized();
+                        Response.StatusCode = StatusCodes.Status401Unauthorized;
+                        return View("EnvelopeLocked")
+                                .WithData("UserLanguage", UserLanguage ?? _cultures.Default.Language);
                    });
            }
            catch(Exception ex)
--- a/EnvelopeGenerator.Web/Program.cs
+++ b/EnvelopeGenerator.Web/Program.cs
@ -58,9 +58,8 @@ try
    {
        //remove option for Test*Controller
        options.Conventions.Add(new RemoveIfControllerConvention()
-            .AndIf(_ => !builder.IsDevOrDiP())
            .AndIf(c => c.ControllerName.StartsWith("Test"))
-            .AndIf(_ => !config.GetValue<bool>("EnableTestControllers")));
+            .AndIf(_ => !builder.IsDevOrDiP() || !config.GetValue<bool>("EnableTestControllers")));
    }).AddJsonOptions(q =>
    {
        // Prevents serialization error when serializing SvgBitmap in EnvelopeReceiver
@ -129,7 +128,7 @@ try
        options.Cookie.HttpOnly = true;         // Makes the cookie inaccessible to client-side scripts for security
        options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
        options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
-        options.ExpireTimeSpan = TimeSpan.FromMinutes(5);
+        options.ExpireTimeSpan = TimeSpan.FromMinutes(30);

        options.Events = new CookieAuthenticationEvents
        {