AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sicherheitsverbesserung: VerifyAccessCode implementiert und Verifizierungscode aus DTO entfernt

Browse Source 
Die VerifyAccessCode-Methode wurde zur Validierung von Zugangscodes hinzugefügt und der Verifizierungscode aus Sicherheitsgründen aus dem DTO entfernt.
This commit is contained in:
Developer 02
2024-04-08 12:53:55 +02:00
parent 501d48961e
commit db83eb90ee
10 changed files with 45 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
EnvelopeGenerator.Web/Controllers/HomeController.cs
View File

@@ -14,12 +14,12 @@ namespace EnvelopeGenerator.Web.Controllers
{
private readonly EnvelopeOldService envelopeOldService;
private readonly IConfiguration _config;
private readonly IEnvelopeService _envelopeService;
private readonly IEnvelopeReceiverService _envRcvService;
public HomeController(DatabaseService databaseService, EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IConfiguration configuration, IEnvelopeService envelopeService) : base(databaseService, logger)
public HomeController(DatabaseService databaseService, EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IConfiguration configuration, IEnvelopeReceiverService envelopeReceiverService) : base(databaseService, logger)
{
this.envelopeOldService = envelopeOldService;
_envelopeService = envelopeService;
_envRcvService = envelopeReceiverService;
_config = configuration;
}
@@ -71,7 +71,8 @@ namespace EnvelopeGenerator.Web.Controllers
[HttpPost("/EnvelopeKey/{envelopeReceiverId}/Locked")]
public async Task<IActionResult> ShowEnvelopePost([FromRoute] string envelopeReceiverId, [FromForm] string access_code)
{
var envlopeServiceResult = await _envelopeService.ReadByUuidAsync(envelopeUuid, withDocuments: true, withReceivers: true, withHistory: true, withDocumentReceiverElement:true);
var uuid = envelopeReceiverId.DecodeEnvelopeReceiverId().EnvelopeUuid;
var verification = await _envRcvService.VerifyAccessCode(uuid, access_code);
EnvelopeResponse response = await envelopeOldService.LoadEnvelope(envelopeReceiverId);
string accessCode = response.Receiver.AccessCode;
@@ -85,7 +86,7 @@ namespace EnvelopeGenerator.Web.Controllers
{
database.Services.actionService.EnterCorrectAccessCode(response.Envelope, response.Receiver); //for history
ViewData["EnvelopeKey"] = envelopeReceiverId;
return View("ShowEnvelope", envlopeServiceResult);
return View("ShowEnvelope");
}
else
{