AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat(TotpSmsParams): Erstellt, um die Konfiguration von Totp zu handhaben

Browse Source
This commit is contained in:
Developer 02
2025-01-31 10:22:37 +01:00
parent 06b1aa9560
commit e54d9d2da8
3 changed files with 46 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
EnvelopeGenerator.Web/Controllers/HomeController.cs
View File

@@ -22,6 +22,7 @@ using DigitalData.Core.Client;
using EnvelopeGenerator.Application.Extensions;
using Microsoft.Extensions.Caching.Distributed;
using System.Globalization;
using Microsoft.Extensions.Options;
namespace EnvelopeGenerator.Web.Controllers
{
@@ -41,12 +42,9 @@ namespace EnvelopeGenerator.Web.Controllers
private readonly ICodeGenerator _codeGenerator;
private readonly IReceiverService _rcvService;
private readonly IDistributedCache _dCache;
private static readonly int SmsTotpStep = 60 * 1;
private static readonly string SmsFormat = "signFlow TFA-Passwort ist {0}. Dieses Passwort ist bis {1} Uhr gültig.";
private static readonly string SmsCodeExpirationCacheKeyFormat = "e{0}_r{1}_sms_code_expiration";
private static readonly (string DateTimeFormat, CultureInfo CultureInfo) SmsCodeExpiration = ("HH:mm:ss", new CultureInfo("de-DE"));
private readonly TotpSmsParams _totpSmsParams;
public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService, IMessagingService messagingService, ICodeGenerator codeGenerator, IReceiverService receiverService, IDistributedCache distributedCache)
public HomeController(EnvelopeOldService envelopeOldService, ILogger<HomeController> logger, IEnvelopeReceiverService envelopeReceiverService, IEnvelopeHistoryService historyService, IStringLocalizer<Resource> localizer, IConfiguration configuration, HtmlSanitizer sanitizer, Cultures cultures, IEnvelopeMailService envelopeMailService, IEnvelopeReceiverReadOnlyService readOnlyService, IMessagingService messagingService, ICodeGenerator codeGenerator, IReceiverService receiverService, IDistributedCache distributedCache, IOptions<TotpSmsParams> totpSmsParamsOptions)
{
this.envelopeOldService = envelopeOldService;
_envRcvService = envelopeReceiverService;
@@ -62,6 +60,7 @@ namespace EnvelopeGenerator.Web.Controllers
_codeGenerator = codeGenerator;
_rcvService = receiverService;
_dCache = distributedCache;
_totpSmsParams = totpSmsParamsOptions.Value;
}
[HttpGet("/")]
@@ -174,14 +173,15 @@ namespace EnvelopeGenerator.Web.Controllers
{
if (viaSms)
{
//TODO: create a service (like EnvelopeSmsService)
//add date time cache
var key = string.Format(SmsCodeExpirationCacheKeyFormat, er_secret.EnvelopeId, er_secret.ReceiverId);
var key = string.Format(_totpSmsParams.Expiration.CacheKeyFormat, er_secret.EnvelopeId, er_secret.ReceiverId);
var expiration = await _dCache.GetDateTimeAsync(key);
if (expiration is null || expiration <= DateTime.Now)
{
var new_expiration = DateTime.Now.AddSeconds(SmsTotpStep);
var totp = _codeGenerator.GenerateTotp(er_secret.Receiver!.TotpSecretkey!, SmsTotpStep);
var msg = string.Format(SmsFormat, totp, new_expiration.ToString(SmsCodeExpiration.DateTimeFormat, SmsCodeExpiration.CultureInfo));
var new_expiration = DateTime.Now.AddSeconds(_totpSmsParams.TotpStep);
var totp = _codeGenerator.GenerateTotp(er_secret.Receiver!.TotpSecretkey!, _totpSmsParams.TotpStep);
var msg = string.Format(_totpSmsParams.Format, totp, new_expiration.ToString(_totpSmsParams.Expiration.Format, _totpSmsParams.Expiration.CultureInfo));
var smsRes = await _msgService.SendSmsAsync(er_secret.PhoneNumber!, msg);
if (smsRes.Failed)
{
@@ -237,7 +237,7 @@ namespace EnvelopeGenerator.Web.Controllers
if (er_secret.Receiver!.TotpSecretkey is null)
throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
if (_codeGenerator.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey, step: SmsTotpStep))
if (_codeGenerator.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey, step: _totpSmsParams.TotpStep))
{
Response.StatusCode = StatusCodes.Status401Unauthorized;
ViewData["ErrorMessage"] = _localizer[WebKey.WrongAccessCode].Value;