From cfdfb4363165a10fb97b56b897459ba1d89307ff Mon Sep 17 00:00:00 2001 From: TekH Date: Mon, 2 Feb 2026 14:55:44 +0100 Subject: [PATCH] Restrict annotation endpoints to Receiver.FullyAuth role Updated [Authorize] attributes to require Receiver.FullyAuth role on AnnotationController and relevant methods. Removed redundant claim checks now enforced by role-based authorization. Clarified [Obsolete] message for PSPDF Kit endpoint. --- .../Controllers/AnnotationController.cs | 20 ++++--------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/EnvelopeGenerator.API/Controllers/AnnotationController.cs b/EnvelopeGenerator.API/Controllers/AnnotationController.cs index a88bb1cc..f8c8cff6 100644 --- a/EnvelopeGenerator.API/Controllers/AnnotationController.cs +++ b/EnvelopeGenerator.API/Controllers/AnnotationController.cs @@ -18,7 +18,7 @@ namespace EnvelopeGenerator.API.Controllers; /// /// Manages annotations and signature lifecycle for envelopes. /// -[Authorize(Roles = Role.FullyAuth)] +[Authorize(Roles = Role.Receiver.FullyAuth)] [ApiController] [Route("api/[controller]")] public class AnnotationController : ControllerBase @@ -54,20 +54,14 @@ public class AnnotationController : ControllerBase /// /// Annotation payload. /// Cancellation token. - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Roles = Role.Receiver.FullyAuth)] [HttpPost] - [Obsolete("This endpoint is for PSPDF Kit.")] + [Obsolete("PSPDF Kit will no longer be used.")] public async Task CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default) { var signature = User.GetAuthReceiverSignature(); var uuid = User.GetAuthEnvelopeUuid(); - if (signature is null || uuid is null) - { - _logger.LogError("Authorization failed: authenticated user does not have a valid signature or envelope UUID."); - return Unauthorized("User authentication is incomplete. Missing required claims for processing this request."); - } - var envelopeReceiver = await _mediator.ReadEnvelopeReceiverAsync(uuid, signature, cancel).ThrowIfNull(Exceptions.NotFound); if (!envelopeReceiver.Envelope!.ReadOnly && psPdfKitAnnotation is null) @@ -93,7 +87,7 @@ public class AnnotationController : ControllerBase /// Rejects the document for the current receiver. /// /// Optional rejection reason. - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Roles = Role.Receiver.FullyAuth)] [HttpPost("reject")] [Obsolete("Use MediatR")] public async Task Reject([FromBody] string? reason = null) @@ -101,12 +95,6 @@ public class AnnotationController : ControllerBase var signature = User.GetAuthReceiverSignature(); var uuid = User.GetAuthEnvelopeUuid(); var mail = User.GetAuthReceiverMail(); - if (uuid is null || signature is null || mail is null) - { - _logger.LogEnvelopeError(uuid: uuid, signature: signature, - message: @$"Unauthorized POST request in api\\envelope\\reject. One of claims, Envelope, signature or mail ({mail}) is null."); - return Unauthorized(); - } var envRcvRes = await _envelopeReceiverService.ReadByUuidSignatureAsync(uuid: uuid, signature: signature);