Sicherheitsverbesserung: VerifyAccessCode implementiert und Verifizierungscode aus DTO entfernt

Die VerifyAccessCode-Methode wurde zur Validierung von Zugangscodes hinzugefügt und der Verifizierungscode aus Sicherheitsgründen aus dem DTO entfernt.
2024-04-08 12:53:55 +02:00
parent 501d48961e
commit db83eb90ee
10 changed files with 45 additions and 12 deletions
--- a/EnvelopeGenerator.Application/Contracts/IEnvelopeReceiverService.cs
+++ b/EnvelopeGenerator.Application/Contracts/IEnvelopeReceiverService.cs
@@ -7,5 +7,6 @@ namespace EnvelopeGenerator.Application.Contracts
 {
    public interface IEnvelopeReceiverService : IBasicCRUDService<IEnvelopeReceiverRepository, EnvelopeReceiverDto, EnvelopeReceiver, int>
    {
+        Task<IServiceMessage> VerifyAccessCode(string envelopeUuid, string accessCode);
    }
 }
--- a/EnvelopeGenerator.Application/Contracts/IEnvelopeService.cs
+++ b/EnvelopeGenerator.Application/Contracts/IEnvelopeService.cs
@@ -10,7 +10,5 @@ namespace EnvelopeGenerator.Application.Contracts
        Task<IServiceResult<IEnumerable<EnvelopeDto>>> ReadAllWithAsync(bool documents = false, bool receivers = false, bool history = false, bool documentReceiverElement = false);

        Task<IServiceResult<EnvelopeDto>> ReadByUuidAsync(string uuid, bool withDocuments = false, bool withReceivers = false, bool withHistory = false, bool withDocumentReceiverElement = false);
-
-        Task<IServiceResult<EnvelopeDto>> ReadByEnvelopeKeyAsync(string envelopeKey, bool withDocuments = false, bool withReceivers = false, bool withHistory = false, bool withDocumentReceiverElement = false);
    }
 }
--- a/EnvelopeGenerator.Application/DTOs/EnvelopeReceiverDto.cs
+++ b/EnvelopeGenerator.Application/DTOs/EnvelopeReceiverDto.cs
@@ -8,7 +8,6 @@
        string JobTitle,
        string CompanyName,
        string PrivateMessage,
-        string AccessCode,
        DateTime AddedWhen,
        DateTime? ChangedWhen);
 }
--- a/EnvelopeGenerator.Application/Services/EnvelopeReceiverService.cs
+++ b/EnvelopeGenerator.Application/Services/EnvelopeReceiverService.cs
@@ -1,10 +1,12 @@
 using AutoMapper;
 using DigitalData.Core.Application;
+using DigitalData.Core.Contracts.Application;
 using DigitalData.Core.Contracts.CultureServices;
 using EnvelopeGenerator.Application.Contracts;
 using EnvelopeGenerator.Application.DTOs;
 using EnvelopeGenerator.Domain.Entities;
 using EnvelopeGenerator.Infrastructure.Contracts;
+using Microsoft.EntityFrameworkCore;

 namespace EnvelopeGenerator.Application.Services
 {
@@ -14,5 +16,11 @@ namespace EnvelopeGenerator.Application.Services
            : base(repository, translationService, mapper)
        {
        }
+
+        public async Task<IServiceMessage> VerifyAccessCode(string envelopeUuid, string accessCode)
+        {
+            var envelopeAccessCode = await _repository.ReadAccessCodeByEnvelopeUuid(envelopeUuid);
+            return CreateMessage(isSuccess: accessCode == envelopeAccessCode) ;
+        }
    }
 }