AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refaktorierung des HomeController zur Verbesserung der Fehlerbehandlung, des Authentifizierungsprozesses und der Verwaltung der Benutzersprache.

Browse Source
This commit is contained in:
Developer 02 2024-05-24 13:42:20 +02:00
parent b60ae62779
commit b594ddb646
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
EnvelopeGenerator.Web/Controllers/HomeController.cs
View File

@ -164,7 +164,8 @@ namespace EnvelopeGenerator.Web.Controllers
var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme); var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
var authProperties = new AuthenticationProperties { var authProperties = new AuthenticationProperties {
AllowRefresh = false AllowRefresh = false,
IsPersistent = false
}; };
await HttpContext.SignInAsync( await HttpContext.SignInAsync(
@ -187,14 +188,17 @@ namespace EnvelopeGenerator.Web.Controllers
else else
{ {
database.Services.actionService.EnterIncorrectAccessCode(response.Envelope, response.Receiver); //for history database.Services.actionService.EnterIncorrectAccessCode(response.Envelope, response.Receiver); //for history
return Unauthorized(); Response.StatusCode = StatusCodes.Status401Unauthorized;
return View("EnvelopeLocked")
.WithData("UserLanguage", UserLanguage ?? _cultures.Default.Language);
} }
}, },
Fail: (messages, notices) => Fail: (messages, notices) =>
{ {
_logger.LogNotice(notices); _logger.LogNotice(notices);
return Unauthorized(); Response.StatusCode = StatusCodes.Status401Unauthorized;
return View("EnvelopeLocked")
.WithData("UserLanguage", UserLanguage ?? _cultures.Default.Language);
}); });
} }
catch(Exception ex) catch(Exception ex)

5
EnvelopeGenerator.Web/Program.cs
View File

@ -58,9 +58,8 @@ try
{ {
//remove option for Test*Controller //remove option for Test*Controller
options.Conventions.Add(new RemoveIfControllerConvention() options.Conventions.Add(new RemoveIfControllerConvention()
.AndIf(_ => !builder.IsDevOrDiP())
.AndIf(c => c.ControllerName.StartsWith("Test")) .AndIf(c => c.ControllerName.StartsWith("Test"))
.AndIf(_ => !config.GetValue<bool>("EnableTestControllers"))); .AndIf(_ => !builder.IsDevOrDiP() || !config.GetValue<bool>("EnableTestControllers")));
}).AddJsonOptions(q => }).AddJsonOptions(q =>
{ {
// Prevents serialization error when serializing SvgBitmap in EnvelopeReceiver // Prevents serialization error when serializing SvgBitmap in EnvelopeReceiver
@ -129,7 +128,7 @@ try
options.Cookie.HttpOnly = true; // Makes the cookie inaccessible to client-side scripts for security options.Cookie.HttpOnly = true; // Makes the cookie inaccessible to client-side scripts for security
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest; // Ensures cookies are sent over HTTPS only
options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites options.Cookie.SameSite = SameSiteMode.Strict; // Protects against CSRF attacks by restricting how cookies are sent with requests from external sites
options.ExpireTimeSpan = TimeSpan.FromMinutes(5); options.ExpireTimeSpan = TimeSpan.FromMinutes(30);
options.Events = new CookieAuthenticationEvents options.Events = new CookieAuthenticationEvents
{ {