feat(EnvelopeSmsHandler): Methode VerifyTotp hinzugefügt, um Totp mit TotpVerificationWindow von TotpSmsParams zu verifizieren.

2025-02-03 09:52:46 +01:00 · 2025-02-03 09:52:46 +01:00 · bbd03615e1
commit bbd03615e1
parent 772d510705
4 changed files with 25 additions and 14 deletions
--- a/EnvelopeGenerator.Application/Configurations/TotpSmsParams.cs
+++ b/EnvelopeGenerator.Application/Configurations/TotpSmsParams.cs
@ -1,4 +1,5 @@
-using System.Globalization;
+using OtpNet;
+using System.Globalization;

 namespace EnvelopeGenerator.Application.Configurations
 {
@ -13,6 +14,21 @@ namespace EnvelopeGenerator.Application.Configurations
        
        public ExpirationHandler Expiration { get; init; } = new();

+        public VerificationWindow? TotpVerificationWindow { get; private init; } = VerificationWindow.RfcSpecifiedNetworkDelay;
+
+        private IEnumerable<int>? _tvwParams;
+
+        public IEnumerable<int>? TotpVerificationWindowParams
+        {
+            get => _tvwParams;
+            init
+            {
+                _tvwParams = value;
+                if(_tvwParams is not null)
+                    TotpVerificationWindow = new(previous: _tvwParams.ElementAtOrDefault(0), future: _tvwParams.ElementAtOrDefault(0));
+            }
+        }
+
        public class ExpirationHandler
        {
            public string CacheKeyFormat { get; init; } = "e{0}_r{1}_sms_code_expiration";
--- a/EnvelopeGenerator.Application/Contracts/IEnvelopeSmsHandler.cs
+++ b/EnvelopeGenerator.Application/Contracts/IEnvelopeSmsHandler.cs
@ -12,4 +12,6 @@ public interface IEnvelopeSmsHandler
    /// <param name="cToken"></param>
    /// <returns></returns>
    Task<(SmsResponse? SmsResponse, DateTime Expiration)> SendTotpAsync(EnvelopeReceiverSecretDto er_secret, CancellationToken cToken = default);
+
+    bool VerifyTotp(string totpCode, string secretKey);
 }
--- a/EnvelopeGenerator.Application/Services/EnvelopeSmsHandler.cs
+++ b/EnvelopeGenerator.Application/Services/EnvelopeSmsHandler.cs
@ -47,4 +47,7 @@ public class EnvelopeSmsHandler : IEnvelopeSmsHandler
            return (await _sender.SendSmsAsync(er_secret.PhoneNumber!, msg), new_expiration);
        }
    }
+
+    public bool VerifyTotp(string totpCode, string secretKey) => _codeGenerator
+        .VerifyTotp(totpCode, secretKey, _totpSmsParams.TotpStep, _totpSmsParams.TotpVerificationWindow);
 }
--- a/EnvelopeGenerator.Web/Controllers/HomeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs
@ -20,10 +20,6 @@ using Newtonsoft.Json;
 using EnvelopeGenerator.Application.DTOs;
 using DigitalData.Core.Client;
 using EnvelopeGenerator.Application.Extensions;
-using Microsoft.Extensions.Caching.Distributed;
-using Microsoft.Extensions.Options;
-using EnvelopeGenerator.Application.Configurations;
-using EnvelopeGenerator.Application.DTOs.Messaging;

 namespace EnvelopeGenerator.Web.Controllers
 {
@ -39,14 +35,11 @@ namespace EnvelopeGenerator.Web.Controllers
        private readonly Cultures _cultures;
        private readonly IEnvelopeMailService _mailService;
        private readonly IEnvelopeReceiverReadOnlyService _readOnlyService;
-        private readonly ISmsSender _msgService;
        private readonly ICodeGenerator _codeGenerator;
        private readonly IReceiverService _rcvService;
-        private readonly IDistributedCache _dCache;
-        private readonly TotpSmsParams _totpSmsParams;
        private readonly IEnvelopeSmsHandler _envSmsHandler;

-        public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService, ISmsSender messagingService, ICodeGenerator codeGenerator, IReceiverService receiverService, IDistributedCache distributedCache, IOptions<TotpSmsParams> totpSmsParamsOptions, IEnvelopeSmsHandler envelopeSmsService)
+        public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService, ICodeGenerator codeGenerator, IReceiverService receiverService, IEnvelopeSmsHandler envelopeSmsService)
        {
            this.envelopeOldService = envelopeOldService;
            _envRcvService = envelopeReceiverService;
@ -58,11 +51,8 @@ namespace EnvelopeGenerator.Web.Controllers
            _mailService = envelopeMailService;
            _logger = logger;
            _readOnlyService = readOnlyService;
-            _msgService = messagingService;
            _codeGenerator = codeGenerator;
            _rcvService = receiverService;
-            _dCache = distributedCache;
-            _totpSmsParams = totpSmsParamsOptions.Value;
            _envSmsHandler = envelopeSmsService;
        }

@ -231,7 +221,7 @@ namespace EnvelopeGenerator.Web.Controllers
            if (er_secret.Receiver!.TotpSecretkey is null)
                throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
            
-            if (_codeGenerator.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey, step: _totpSmsParams.TotpStep))
+            if (_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
            {
                Response.StatusCode = StatusCodes.Status401Unauthorized;
                ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value;