AppStd/EnvelopeGenerator
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Relax and rename auth policies for sender/receiver roles

Browse Source 
Replaced SenderOrReceiverFullyAuth and ReceiverFullyAuth policies with more general SenderOrReceiver and Receiver policies. Updated policy definitions in AuthPolicy.cs to use nameof for clarity. Adjusted AddAuthorizationBuilder configuration and [Authorize] attributes in controllers to use the new, less restrictive policies, simplifying authorization logic.
This commit is contained in:
tekh
2026-02-03 16:08:15 +01:00
parent 1b95b9d7e0
commit eb345a0e4d
4 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
EnvelopeGenerator.API/Controllers/AuthController.cs
View File

@@ -34,7 +34,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions)
/// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response> /// <response code="401">Wenn es kein zugelassenes Cookie gibt, wird „nicht zugelassen“ zurückgegeben.</response>
[ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")] [ProducesResponseType(typeof(string), StatusCodes.Status200OK, "text/javascript")]
[ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)] [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
[Authorize(Policy = AuthPolicy.SenderOrReceiverFullyAuth)] [Authorize(Policy = AuthPolicy.SenderOrReceiver)]
[HttpPost("logout")] [HttpPost("logout")]
public async Task<IActionResult> Logout() public async Task<IActionResult> Logout()
{ {
@@ -56,7 +56,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions)
[ProducesResponseType(typeof(void), StatusCodes.Status200OK)] [ProducesResponseType(typeof(void), StatusCodes.Status200OK)]
[ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)] [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
[HttpGet("check")] [HttpGet("check")]
[Authorize(Policy = AuthPolicy.SenderOrReceiverFullyAuth)] [Authorize(Policy = AuthPolicy.SenderOrReceiver)]
public IActionResult Check([FromQuery] string role) => User.IsInRole(role) ? Ok() : Unauthorized(); public IActionResult Check([FromQuery] string role) => User.IsInRole(role) ? Ok() : Unauthorized();
/// <summary> /// <summary>

2
EnvelopeGenerator.API/Controllers/TfaRegistrationController.cs
View File

@@ -111,7 +111,7 @@ public class TfaRegistrationController : ControllerBase
/// <summary> /// <summary>
/// Logs out the envelope receiver from cookie authentication. /// Logs out the envelope receiver from cookie authentication.
/// </summary> /// </summary>
[Authorize(Policy = AuthPolicy.ReceiverFullyAuth)] [Authorize(Policy = AuthPolicy.Receiver)]
[HttpPost("auth/logout")] [HttpPost("auth/logout")]
public async Task<IActionResult> LogOutAsync() public async Task<IActionResult> LogOutAsync()
{ {

4
EnvelopeGenerator.API/Program.cs
View File

@@ -178,9 +178,9 @@ try
}); });
builder.Services.AddAuthorizationBuilder() builder.Services.AddAuthorizationBuilder()
.AddPolicy(AuthPolicy.SenderOrReceiverFullyAuth, policy => .AddPolicy(AuthPolicy.SenderOrReceiver, policy =>
policy.RequireRole(Role.Sender, Role.Receiver.FullyAuth)) policy.RequireRole(Role.Sender, Role.Receiver.FullyAuth))
.AddPolicy(AuthPolicy.ReceiverFullyAuth, policy => .AddPolicy(AuthPolicy.Receiver, policy =>
policy.RequireRole(Role.Receiver.FullyAuth)); policy.RequireRole(Role.Receiver.FullyAuth));
// User manager // User manager

4
EnvelopeGenerator.Domain/Constants/AuthPolicy.cs
View File

@@ -2,7 +2,7 @@ namespace EnvelopeGenerator.Domain.Constants
{ {
public static class AuthPolicy public static class AuthPolicy
{ {
public const string SenderOrReceiverFullyAuth = "SenderOrReceiverFullyAuth"; public const string SenderOrReceiver = nameof(SenderOrReceiver) + nameof(AuthPolicy);
public const string ReceiverFullyAuth = "ReceiverFullyAuth"; public const string Receiver = nameof(Receiver) + nameof(AuthPolicy);
} }
} }