diff --git a/EnvelopeGenerator.API/Controllers/AuthController.cs b/EnvelopeGenerator.API/Controllers/AuthController.cs index 64f2edc6..831617a2 100644 --- a/EnvelopeGenerator.API/Controllers/AuthController.cs +++ b/EnvelopeGenerator.API/Controllers/AuthController.cs @@ -34,7 +34,7 @@ public partial class AuthController(IOptions authTokenKeyOptions) /// Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben. [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")] [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)] - [Authorize(Policy = AuthPolicy.SenderOrReceiverFullyAuth)] + [Authorize(Policy = AuthPolicy.SenderOrReceiver)] [HttpPost("logout")] public async Task Logout() { @@ -56,7 +56,7 @@ public partial class AuthController(IOptions authTokenKeyOptions) [ProducesResponseType(typeof(void), StatusCodes.Status200OK)] [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)] [HttpGet("check")] - [Authorize(Policy = AuthPolicy.SenderOrReceiverFullyAuth)] + [Authorize(Policy = AuthPolicy.SenderOrReceiver)] public IActionResult Check([FromQuery] string role) => User.IsInRole(role) ? Ok() : Unauthorized(); /// diff --git a/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs b/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs index c391429d..f365c0df 100644 --- a/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs +++ b/EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs @@ -111,7 +111,7 @@ public class TfaRegistrationController : ControllerBase /// /// Logs out the envelope receiver from cookie authentication. /// - [Authorize(Policy = AuthPolicy.ReceiverFullyAuth)] + [Authorize(Policy = AuthPolicy.Receiver)] [HttpPost("auth/logout")] public async Task LogOutAsync() { diff --git a/EnvelopeGenerator.API/Program.cs b/EnvelopeGenerator.API/Program.cs index 8750ac5c..40dd1377 100644 --- a/EnvelopeGenerator.API/Program.cs +++ b/EnvelopeGenerator.API/Program.cs @@ -178,9 +178,9 @@ try }); builder.Services.AddAuthorizationBuilder() - .AddPolicy(AuthPolicy.SenderOrReceiverFullyAuth, policy => + .AddPolicy(AuthPolicy.SenderOrReceiver, policy => policy.RequireRole(Role.Sender, Role.Receiver.FullyAuth)) - .AddPolicy(AuthPolicy.ReceiverFullyAuth, policy => + .AddPolicy(AuthPolicy.Receiver, policy => policy.RequireRole(Role.Receiver.FullyAuth)); // User manager diff --git a/EnvelopeGenerator.Domain/Constants/AuthPolicy.cs b/EnvelopeGenerator.Domain/Constants/AuthPolicy.cs index 2ebc8887..a20afb23 100644 --- a/EnvelopeGenerator.Domain/Constants/AuthPolicy.cs +++ b/EnvelopeGenerator.Domain/Constants/AuthPolicy.cs @@ -2,7 +2,7 @@ namespace EnvelopeGenerator.Domain.Constants { public static class AuthPolicy { - public const string SenderOrReceiverFullyAuth = "SenderOrReceiverFullyAuth"; - public const string ReceiverFullyAuth = "ReceiverFullyAuth"; + public const string SenderOrReceiver = nameof(SenderOrReceiver) + nameof(AuthPolicy); + public const string Receiver = nameof(Receiver) + nameof(AuthPolicy); } }