diff --git a/EnvelopeGenerator.Web/Controllers/HomeController.cs b/EnvelopeGenerator.Web/Controllers/HomeController.cs index 79824bd6..6aec1ca6 100644 --- a/EnvelopeGenerator.Web/Controllers/HomeController.cs +++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs @@ -24,9 +24,9 @@ using EnvelopeGenerator.Application.Extensions; namespace EnvelopeGenerator.Web.Controllers { public class HomeController : Controller - { - private readonly ILogger _logger; - private readonly EnvelopeOldService envelopeOldService; + { + private readonly ILogger _logger; + private readonly EnvelopeOldService envelopeOldService; private readonly IEnvelopeReceiverService _envRcvService; private readonly IEnvelopeHistoryService _historyService; private readonly IStringLocalizer _localizer; @@ -38,6 +38,8 @@ namespace EnvelopeGenerator.Web.Controllers private readonly IMessagingService _msgService; private readonly ICodeGenerator _codeGenerator; private readonly IReceiverService _rcvService; + private static readonly int SmsTotpStep = 60 * 3; + private static readonly string SmsFormat = "{0}"; public HomeController(EnvelopeOldService envelopeOldService, ILogger logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService, IMessagingService messagingService, ICodeGenerator codeGenerator, IReceiverService receiverService) { @@ -72,7 +74,7 @@ namespace EnvelopeGenerator.Web.Controllers return View(); } - + [HttpGet("EnvelopeKey/{envelopeReceiverId}")] public async Task MainAsync([FromRoute] string envelopeReceiverId, [FromQuery] string? culture = null) { @@ -195,9 +197,9 @@ namespace EnvelopeGenerator.Web.Controllers if (viaSms) { //add date time cache - var res = await _msgService.SendSmsCodeAsync(er_secret.PhoneNumber!, er_secret.Receiver.TotpSecretkey); + var res = await _msgService.SendSmsCodeAsync(er_secret.PhoneNumber!, er_secret.Receiver!.TotpSecretkey!, SmsFormat); if (res.Ok) - return View("EnvelopeLocked").WithData("CodeType", "smsCode").WithData("SmsExpiration", res.Expiration); + return View("EnvelopeLocked").WithData("CodeType", "smsCode").WithData("SmsExpiration", _codeGenerator.GetTotpExpirationTime(SmsTotpStep)); else if (!res.Allowed) return View("EnvelopeLocked").WithData("CodeType", "smsCode").WithData("SmsExpiration", res.AllowedAt); else @@ -246,14 +248,14 @@ namespace EnvelopeGenerator.Web.Controllers } return await TFAView(auth.UserSelectSMS); } - + } else if (auth.HasSmsCode) { if (er_secret.Receiver!.TotpSecretkey is null) throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}"); - if (_codeGenerator.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey, step: 60 * 5)) + if (_codeGenerator.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey, step: SmsTotpStep)) { Response.StatusCode = StatusCodes.Status401Unauthorized; ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value; @@ -279,14 +281,14 @@ namespace EnvelopeGenerator.Web.Controllers //continue the process without important data to minimize security errors. EnvelopeReceiverDto er = er_secret; - ViewData["EnvelopeKey"] = envelopeReceiverId; - //check rejection - var rejRcvrs = await _historyService.ReadRejectingReceivers(er.Envelope!.Id); + ViewData["EnvelopeKey"] = envelopeReceiverId; + //check rejection + var rejRcvrs = await _historyService.ReadRejectingReceivers(er.Envelope!.Id); if(rejRcvrs.Any()) { ViewBag.IsExt = !rejRcvrs.Contains(er.Receiver); //external if the current user is not rejected return View("EnvelopeRejected", er); - } + } //check if it has already signed if (await _historyService.IsSigned(envelopeId: er.Envelope!.Id, userReference: er.Receiver!.EmailAddress)) @@ -299,8 +301,8 @@ namespace EnvelopeGenerator.Web.Controllers else { _logger.LogEnvelopeError(envelopeReceiverId: envelopeReceiverId, message: "No document byte-data was found in ENVELOPE_DOCUMENT table."); - return this.ViewDocumentNotFound(); - } + return this.ViewDocumentNotFound(); + } var claims = new List { new(ClaimTypes.NameIdentifier, uuid), @@ -326,7 +328,7 @@ namespace EnvelopeGenerator.Web.Controllers //add PSPDFKit licence key ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"]; - return View("ShowEnvelope", er); + return View("ShowEnvelope", er); } catch (Exception ex) { @@ -381,7 +383,8 @@ namespace EnvelopeGenerator.Web.Controllers await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); return await _envRcvService.ReadByEnvelopeReceiverIdAsync(envelopeReceiverId).ThenAsync( SuccessAsync: async (er) => - {ViewData["UserCulture"] = _cultures[UserLanguage]; + { + ViewData["UserCulture"] = _cultures[UserLanguage]; ViewData["UserCulture"] = _cultures[UserLanguage]; return await _historyService.IsRejected(envelopeId: er.EnvelopeId) ? View(er) @@ -434,7 +437,7 @@ namespace EnvelopeGenerator.Web.Controllers SuccessAsync: async er => { var envelopeKey = (er.Envelope!.Uuid, er.Receiver!.Signature).EncodeEnvelopeReceiverId(); - + EnvelopeResponse response = await envelopeOldService.LoadEnvelope(envelopeKey); //TODO: implement multi-threading to history process (Task) @@ -514,7 +517,7 @@ namespace EnvelopeGenerator.Web.Controllers var cookieValue = Request.Cookies[CookieRequestCultureProvider.DefaultCookieName]; if (string.IsNullOrEmpty(cookieValue)) - return null; + return null; var culture = CookieRequestCultureProvider.ParseCookieValue(cookieValue)?.Cultures[0]; return culture?.Value ?? null;