AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sicherheitsverbesserung: VerifyAccessCode implementiert und Verifizierungscode aus DTO entfernt

Browse Source 
Die VerifyAccessCode-Methode wurde zur Validierung von Zugangscodes hinzugefügt und der Verifizierungscode aus Sicherheitsgründen aus dem DTO entfernt.
This commit is contained in:
Developer 02 2024-04-08 12:53:55 +02:00
parent 501d48961e
commit db83eb90ee
10 changed files with 45 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
EnvelopeGenerator.Application/Contracts/IEnvelopeReceiverService.cs
View File

@ -7,5 +7,6 @@ namespace EnvelopeGenerator.Application.Contracts
{ {
public interface IEnvelopeReceiverService : IBasicCRUDService<IEnvelopeReceiverRepository, EnvelopeReceiverDto, EnvelopeReceiver, int> public interface IEnvelopeReceiverService : IBasicCRUDService<IEnvelopeReceiverRepository, EnvelopeReceiverDto, EnvelopeReceiver, int>
{ {
Task<IServiceMessage> VerifyAccessCode(string envelopeUuid, string accessCode);
} }
} }

2
EnvelopeGenerator.Application/Contracts/IEnvelopeService.cs
View File

@ -10,7 +10,5 @@ namespace EnvelopeGenerator.Application.Contracts
Task<IServiceResult<IEnumerable<EnvelopeDto>>> ReadAllWithAsync(bool documents = false, bool receivers = false, bool history = false, bool documentReceiverElement = false); Task<IServiceResult<IEnumerable<EnvelopeDto>>> ReadAllWithAsync(bool documents = false, bool receivers = false, bool history = false, bool documentReceiverElement = false);
Task<IServiceResult<EnvelopeDto>> ReadByUuidAsync(string uuid, bool withDocuments = false, bool withReceivers = false, bool withHistory = false, bool withDocumentReceiverElement = false); Task<IServiceResult<EnvelopeDto>> ReadByUuidAsync(string uuid, bool withDocuments = false, bool withReceivers = false, bool withHistory = false, bool withDocumentReceiverElement = false);
Task<IServiceResult<EnvelopeDto>> ReadByEnvelopeKeyAsync(string envelopeKey, bool withDocuments = false, bool withReceivers = false, bool withHistory = false, bool withDocumentReceiverElement = false);
} }
} }

1
EnvelopeGenerator.Application/DTOs/EnvelopeReceiverDto.cs
View File

@ -8,7 +8,6 @@
string JobTitle, string JobTitle,
string CompanyName, string CompanyName,
string PrivateMessage, string PrivateMessage,
string AccessCode,
DateTime AddedWhen, DateTime AddedWhen,
DateTime? ChangedWhen); DateTime? ChangedWhen);
} }

8
EnvelopeGenerator.Application/Services/EnvelopeReceiverService.cs
View File

@ -1,10 +1,12 @@
using AutoMapper; using AutoMapper;
using DigitalData.Core.Application; using DigitalData.Core.Application;
using DigitalData.Core.Contracts.Application;
using DigitalData.Core.Contracts.CultureServices; using DigitalData.Core.Contracts.CultureServices;
using EnvelopeGenerator.Application.Contracts; using EnvelopeGenerator.Application.Contracts;
using EnvelopeGenerator.Application.DTOs; using EnvelopeGenerator.Application.DTOs;
using EnvelopeGenerator.Domain.Entities; using EnvelopeGenerator.Domain.Entities;
using EnvelopeGenerator.Infrastructure.Contracts; using EnvelopeGenerator.Infrastructure.Contracts;
using Microsoft.EntityFrameworkCore;
namespace EnvelopeGenerator.Application.Services namespace EnvelopeGenerator.Application.Services
{ {
@ -14,5 +16,11 @@ namespace EnvelopeGenerator.Application.Services
: base(repository, translationService, mapper) : base(repository, translationService, mapper)
{ {
} }
public async Task<IServiceMessage> VerifyAccessCode(string envelopeUuid, string accessCode)
{
var envelopeAccessCode = await _repository.ReadAccessCodeByEnvelopeUuid(envelopeUuid);
return CreateMessage(isSuccess: accessCode == envelopeAccessCode) ;
}
} }
} }

8
EnvelopeGenerator.Domain/Entities/EnvelopeReceiver.cs
View File

@ -6,9 +6,11 @@ namespace EnvelopeGenerator.Domain.Entities
[Table("TBSIG_ENVELOPE_RECEIVER", Schema = "dbo")] [Table("TBSIG_ENVELOPE_RECEIVER", Schema = "dbo")]
public class EnvelopeReceiver public class EnvelopeReceiver
{ {
[Key]
[Column("ENVELOPE_ID")] [Column("ENVELOPE_ID")]
public int EnvelopeId { get; set; } public int EnvelopeId { get; set; }
[Key]
[Column("RECEIVER_ID")] [Column("RECEIVER_ID")]
public int ReceiverId { get; set; } public int ReceiverId { get; set; }
@ -37,5 +39,11 @@ namespace EnvelopeGenerator.Domain.Entities
[Column("CHANGED_WHEN", TypeName = "datetime")] [Column("CHANGED_WHEN", TypeName = "datetime")]
public DateTime? ChangedWhen { get; set; } public DateTime? ChangedWhen { get; set; }
[ForeignKey("EnvelopeId")]
public Envelope? Envelope { get; set; }
[ForeignKey("ReceiverId")]
public Receiver? Receiver { get; set; }
} }
} }

2
EnvelopeGenerator.Domain/Entities/Receiver.cs
View File

@ -22,5 +22,7 @@ namespace EnvelopeGenerator.Domain.Entities
[Required] [Required]
[Column("ADDED_WHEN", TypeName = "datetime")] [Column("ADDED_WHEN", TypeName = "datetime")]
public DateTime AddedWhen { get; set; } public DateTime AddedWhen { get; set; }
public IEnumerable<EnvelopeReceiver>? EnvelopeReceivers { get; set; }
} }
} }

1
EnvelopeGenerator.Infrastructure/Contracts/IEnvelopeReceiverRepository.cs
View File

@ -5,5 +5,6 @@ namespace EnvelopeGenerator.Infrastructure.Contracts
{ {
public interface IEnvelopeReceiverRepository : ICRUDRepository<EnvelopeReceiver, int> public interface IEnvelopeReceiverRepository : ICRUDRepository<EnvelopeReceiver, int>
{ {
Task<string?> ReadAccessCodeByEnvelopeUuid(string envelopeUuid);
} }
} }

12
EnvelopeGenerator.Infrastructure/EGDbContext.cs
View File

@ -33,10 +33,10 @@ namespace DigitalData.UserManager.Infrastructure.Repositories
.WithOne() .WithOne()
.HasForeignKey(ed => ed.EnvelopeId); .HasForeignKey(ed => ed.EnvelopeId);
modelBuilder.Entity<Envelope>() //modelBuilder.Entity<Envelope>()
.HasMany(e => e.Receivers) // .HasMany(e => e.Receivers)
.WithOne() // .WithOne(er => er.Envelope)
.HasForeignKey(er => er.EnvelopeId); // .HasForeignKey(er => er.EnvelopeId);
modelBuilder.Entity<Envelope>() modelBuilder.Entity<Envelope>()
.HasMany(e => e.History) .HasMany(e => e.History)
@ -53,6 +53,10 @@ namespace DigitalData.UserManager.Infrastructure.Repositories
.WithMany(ed => ed.Elements) .WithMany(ed => ed.Elements)
.HasForeignKey(dre => dre.DocumentId); .HasForeignKey(dre => dre.DocumentId);
//modelBuilder.Entity<Receiver>()
// .HasMany(e => e.EnvelopeReceivers)
// .WithOne(er => er.Receiver)
// .HasForeignKey(er => er.ReceiverId);
base.OnModelCreating(modelBuilder); base.OnModelCreating(modelBuilder);
} }

11
EnvelopeGenerator.Infrastructure/Repositories/EnvlopeReceiverRepository.cs
View File

@ -2,6 +2,7 @@
using DigitalData.UserManager.Infrastructure.Repositories; using DigitalData.UserManager.Infrastructure.Repositories;
using EnvelopeGenerator.Domain.Entities; using EnvelopeGenerator.Domain.Entities;
using EnvelopeGenerator.Infrastructure.Contracts; using EnvelopeGenerator.Infrastructure.Contracts;
using Microsoft.EntityFrameworkCore;
namespace EnvelopeGenerator.Infrastructure.Repositories namespace EnvelopeGenerator.Infrastructure.Repositories
{ {
@ -10,5 +11,15 @@ namespace EnvelopeGenerator.Infrastructure.Repositories
public EnvelopeReceiverRepository(EGDbContext dbContext) : base(dbContext) public EnvelopeReceiverRepository(EGDbContext dbContext) : base(dbContext)
{ {
} }
public async Task<string?> ReadAccessCodeByEnvelopeUuid(string envelopeUuid)
{
var accessCode = await _dbSet
.Where(er => er.Envelope != null && er.Envelope.Uuid == envelopeUuid)
.Select(er => er.AccessCode)
.FirstOrDefaultAsync();
return accessCode;
}
} }
} }

11
EnvelopeGenerator.Web/Controllers/HomeController.cs
View File

@ -14,12 +14,12 @@ namespace EnvelopeGenerator.Web.Controllers
{ {
private readonly EnvelopeOldService envelopeOldService; private readonly EnvelopeOldService envelopeOldService;
private readonly IConfiguration _config; private readonly IConfiguration _config;
private readonly IEnvelopeService _envelopeService; private readonly IEnvelopeReceiverService _envRcvService;
public HomeController(DatabaseService databaseService, EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IConfiguration configuration, IEnvelopeService envelopeService) : base(databaseService, logger) public HomeController(DatabaseService databaseService, EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IConfiguration configuration, IEnvelopeReceiverService envelopeReceiverService) : base(databaseService, logger)
{ {
this.envelopeOldService = envelopeOldService; this.envelopeOldService = envelopeOldService;
_envelopeService = envelopeService; _envRcvService = envelopeReceiverService;
_config = configuration; _config = configuration;
} }
@ -71,7 +71,8 @@ namespace EnvelopeGenerator.Web.Controllers
[HttpPost("/EnvelopeKey/{envelopeReceiverId}/Locked")] [HttpPost("/EnvelopeKey/{envelopeReceiverId}/Locked")]
public async Task<IActionResult> ShowEnvelopePost([FromRoute] string envelopeReceiverId, [FromForm] string access_code) public async Task<IActionResult> ShowEnvelopePost([FromRoute] string envelopeReceiverId, [FromForm] string access_code)
{ {
var envlopeServiceResult = await _envelopeService.ReadByUuidAsync(envelopeUuid, withDocuments: true, withReceivers: true, withHistory: true, withDocumentReceiverElement:true); var uuid = envelopeReceiverId.DecodeEnvelopeReceiverId().EnvelopeUuid;
var verification = await _envRcvService.VerifyAccessCode(uuid, access_code);
EnvelopeResponse response = await envelopeOldService.LoadEnvelope(envelopeReceiverId); EnvelopeResponse response = await envelopeOldService.LoadEnvelope(envelopeReceiverId);
string accessCode = response.Receiver.AccessCode; string accessCode = response.Receiver.AccessCode;
@ -85,7 +86,7 @@ namespace EnvelopeGenerator.Web.Controllers
{ {
database.Services.actionService.EnterCorrectAccessCode(response.Envelope, response.Receiver); //for history database.Services.actionService.EnterCorrectAccessCode(response.Envelope, response.Receiver); //for history
ViewData["EnvelopeKey"] = envelopeReceiverId; ViewData["EnvelopeKey"] = envelopeReceiverId;
return View("ShowEnvelope", envlopeServiceResult); return View("ShowEnvelope");
} }
else else
{ {