Sicherheitsverbesserung: VerifyAccessCode implementiert und Verifizierungscode aus DTO entfernt
Die VerifyAccessCode-Methode wurde zur Validierung von Zugangscodes hinzugefügt und der Verifizierungscode aus Sicherheitsgründen aus dem DTO entfernt.
This commit is contained in:
Developer 02
parent
501d48961e
commit
db83eb90ee
@ -7,5 +7,6 @@ namespace EnvelopeGenerator.Application.Contracts
|
||||
{
|
||||
public interface IEnvelopeReceiverService : IBasicCRUDService<IEnvelopeReceiverRepository, EnvelopeReceiverDto, EnvelopeReceiver, int>
|
||||
{
|
||||
Task<IServiceMessage> VerifyAccessCode(string envelopeUuid, string accessCode);
|
||||
}
|
||||
}
|
||||
@ -10,7 +10,5 @@ namespace EnvelopeGenerator.Application.Contracts
|
||||
Task<IServiceResult<IEnumerable<EnvelopeDto>>> ReadAllWithAsync(bool documents = false, bool receivers = false, bool history = false, bool documentReceiverElement = false);
|
||||
|
||||
Task<IServiceResult<EnvelopeDto>> ReadByUuidAsync(string uuid, bool withDocuments = false, bool withReceivers = false, bool withHistory = false, bool withDocumentReceiverElement = false);
|
||||
|
||||
Task<IServiceResult<EnvelopeDto>> ReadByEnvelopeKeyAsync(string envelopeKey, bool withDocuments = false, bool withReceivers = false, bool withHistory = false, bool withDocumentReceiverElement = false);
|
||||
}
|
||||
}
|
||||
@ -8,7 +8,6 @@
|
||||
string JobTitle,
|
||||
string CompanyName,
|
||||
string PrivateMessage,
|
||||
string AccessCode,
|
||||
DateTime AddedWhen,
|
||||
DateTime? ChangedWhen);
|
||||
}
|
||||
@ -1,10 +1,12 @@
|
||||
using AutoMapper;
|
||||
using DigitalData.Core.Application;
|
||||
using DigitalData.Core.Contracts.Application;
|
||||
using DigitalData.Core.Contracts.CultureServices;
|
||||
using EnvelopeGenerator.Application.Contracts;
|
||||
using EnvelopeGenerator.Application.DTOs;
|
||||
using EnvelopeGenerator.Domain.Entities;
|
||||
using EnvelopeGenerator.Infrastructure.Contracts;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
namespace EnvelopeGenerator.Application.Services
|
||||
{
|
||||
@ -14,5 +16,11 @@ namespace EnvelopeGenerator.Application.Services
|
||||
: base(repository, translationService, mapper)
|
||||
{
|
||||
}
|
||||
|
||||
public async Task<IServiceMessage> VerifyAccessCode(string envelopeUuid, string accessCode)
|
||||
{
|
||||
var envelopeAccessCode = await _repository.ReadAccessCodeByEnvelopeUuid(envelopeUuid);
|
||||
return CreateMessage(isSuccess: accessCode == envelopeAccessCode) ;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -6,9 +6,11 @@ namespace EnvelopeGenerator.Domain.Entities
|
||||
[Table("TBSIG_ENVELOPE_RECEIVER", Schema = "dbo")]
|
||||
public class EnvelopeReceiver
|
||||
{
|
||||
[Key]
|
||||
[Column("ENVELOPE_ID")]
|
||||
public int EnvelopeId { get; set; }
|
||||
|
||||
[Key]
|
||||
[Column("RECEIVER_ID")]
|
||||
public int ReceiverId { get; set; }
|
||||
|
||||
@ -37,5 +39,11 @@ namespace EnvelopeGenerator.Domain.Entities
|
||||
|
||||
[Column("CHANGED_WHEN", TypeName = "datetime")]
|
||||
public DateTime? ChangedWhen { get; set; }
|
||||
|
||||
[ForeignKey("EnvelopeId")]
|
||||
public Envelope? Envelope { get; set; }
|
||||
|
||||
[ForeignKey("ReceiverId")]
|
||||
public Receiver? Receiver { get; set; }
|
||||
}
|
||||
}
|
||||
@ -22,5 +22,7 @@ namespace EnvelopeGenerator.Domain.Entities
|
||||
[Required]
|
||||
[Column("ADDED_WHEN", TypeName = "datetime")]
|
||||
public DateTime AddedWhen { get; set; }
|
||||
|
||||
public IEnumerable<EnvelopeReceiver>? EnvelopeReceivers { get; set; }
|
||||
}
|
||||
}
|
||||
@ -5,5 +5,6 @@ namespace EnvelopeGenerator.Infrastructure.Contracts
|
||||
{
|
||||
public interface IEnvelopeReceiverRepository : ICRUDRepository<EnvelopeReceiver, int>
|
||||
{
|
||||
Task<string?> ReadAccessCodeByEnvelopeUuid(string envelopeUuid);
|
||||
}
|
||||
}
|
||||
@ -33,10 +33,10 @@ namespace DigitalData.UserManager.Infrastructure.Repositories
|
||||
.WithOne()
|
||||
.HasForeignKey(ed => ed.EnvelopeId);
|
||||
|
||||
modelBuilder.Entity<Envelope>()
|
||||
.HasMany(e => e.Receivers)
|
||||
.WithOne()
|
||||
.HasForeignKey(er => er.EnvelopeId);
|
||||
//modelBuilder.Entity<Envelope>()
|
||||
// .HasMany(e => e.Receivers)
|
||||
// .WithOne(er => er.Envelope)
|
||||
// .HasForeignKey(er => er.EnvelopeId);
|
||||
|
||||
modelBuilder.Entity<Envelope>()
|
||||
.HasMany(e => e.History)
|
||||
@ -53,6 +53,10 @@ namespace DigitalData.UserManager.Infrastructure.Repositories
|
||||
.WithMany(ed => ed.Elements)
|
||||
.HasForeignKey(dre => dre.DocumentId);
|
||||
|
||||
//modelBuilder.Entity<Receiver>()
|
||||
// .HasMany(e => e.EnvelopeReceivers)
|
||||
// .WithOne(er => er.Receiver)
|
||||
// .HasForeignKey(er => er.ReceiverId);
|
||||
|
||||
base.OnModelCreating(modelBuilder);
|
||||
}
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
using DigitalData.UserManager.Infrastructure.Repositories;
|
||||
using EnvelopeGenerator.Domain.Entities;
|
||||
using EnvelopeGenerator.Infrastructure.Contracts;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
|
||||
namespace EnvelopeGenerator.Infrastructure.Repositories
|
||||
{
|
||||
@ -10,5 +11,15 @@ namespace EnvelopeGenerator.Infrastructure.Repositories
|
||||
public EnvelopeReceiverRepository(EGDbContext dbContext) : base(dbContext)
|
||||
{
|
||||
}
|
||||
|
||||
public async Task<string?> ReadAccessCodeByEnvelopeUuid(string envelopeUuid)
|
||||
{
|
||||
var accessCode = await _dbSet
|
||||
.Where(er => er.Envelope != null && er.Envelope.Uuid == envelopeUuid)
|
||||
.Select(er => er.AccessCode)
|
||||
.FirstOrDefaultAsync();
|
||||
|
||||
return accessCode;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -14,12 +14,12 @@ namespace EnvelopeGenerator.Web.Controllers
|
||||
{
|
||||
private readonly EnvelopeOldService envelopeOldService;
|
||||
private readonly IConfiguration _config;
|
||||
private readonly IEnvelopeService _envelopeService;
|
||||
private readonly IEnvelopeReceiverService _envRcvService;
|
||||
|
||||
public HomeController(DatabaseService databaseService, EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IConfiguration configuration, IEnvelopeService envelopeService) : base(databaseService, logger)
|
||||
public HomeController(DatabaseService databaseService, EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IConfiguration configuration, IEnvelopeReceiverService envelopeReceiverService) : base(databaseService, logger)
|
||||
{
|
||||
this.envelopeOldService = envelopeOldService;
|
||||
_envelopeService = envelopeService;
|
||||
_envRcvService = envelopeReceiverService;
|
||||
_config = configuration;
|
||||
}
|
||||
|
||||
@ -71,7 +71,8 @@ namespace EnvelopeGenerator.Web.Controllers
|
||||
[HttpPost("/EnvelopeKey/{envelopeReceiverId}/Locked")]
|
||||
public async Task<IActionResult> ShowEnvelopePost([FromRoute] string envelopeReceiverId, [FromForm] string access_code)
|
||||
{
|
||||
var envlopeServiceResult = await _envelopeService.ReadByUuidAsync(envelopeUuid, withDocuments: true, withReceivers: true, withHistory: true, withDocumentReceiverElement:true);
|
||||
var uuid = envelopeReceiverId.DecodeEnvelopeReceiverId().EnvelopeUuid;
|
||||
var verification = await _envRcvService.VerifyAccessCode(uuid, access_code);
|
||||
|
||||
EnvelopeResponse response = await envelopeOldService.LoadEnvelope(envelopeReceiverId);
|
||||
string accessCode = response.Receiver.AccessCode;
|
||||
@ -85,7 +86,7 @@ namespace EnvelopeGenerator.Web.Controllers
|
||||
{
|
||||
database.Services.actionService.EnterCorrectAccessCode(response.Envelope, response.Receiver); //for history
|
||||
ViewData["EnvelopeKey"] = envelopeReceiverId;
|
||||
return View("ShowEnvelope", envlopeServiceResult);
|
||||
return View("ShowEnvelope");
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user