Refactor receiver roles: rename FullyAuth/PreAuth for clarity

Renamed receiver roles FullyAuth → Receiver.Full and PreAuth → Receiver.TFA across the codebase for improved clarity and consistency. Updated all usages, [Authorize] attributes, role checks, authentication logic, and authorization policies to use the new role names. Marked old constants as obsolete and pointed them to the new values. This change enhances code readability and groups receiver roles under the Receiver static class.

EnvelopeGenerator.API/Controllers/AuthController.cs

@@ -40,7 +40,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions)
     {
         if (User.IsInRole(Role.Sender))
             Response.Cookies.Delete(authTokenKeys.Cookie);
-        else if (User.IsInRole(Role.Receiver.FullyAuth))
+        else if (User.IsInRole(Role.Receiver.Full))
             await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
         else
             return Unauthorized();

EnvelopeGenerator.API/Controllers/DocumentController.cs

@@ -40,7 +40,7 @@ public class DocumentController(IMediator mediator, ILogger<DocumentController>
         }
 
         // Receiver: resolve envelope id from claims
-        if (User.IsInRole(Role.Receiver.FullyAuth))
+        if (User.IsInRole(Role.Receiver.Full))
         {           
             if (query is not null)
                 return BadRequest("Query parameters are not allowed for receiver role.");

EnvelopeGenerator.API/Program.cs

@@ -179,13 +179,13 @@ try
 
     builder.Services.AddAuthorizationBuilder()
         .AddPolicy(AuthPolicy.SenderOrReceiver, policy =>
-            policy.RequireRole(Role.Sender, Role.Receiver.FullyAuth))
+            policy.RequireRole(Role.Sender, Role.Receiver.Full))
         .AddPolicy(AuthPolicy.Sender, policy =>
             policy.RequireRole(Role.Sender))
         .AddPolicy(AuthPolicy.Receiver, policy =>
-            policy.RequireRole(Role.Receiver.FullyAuth))
+            policy.RequireRole(Role.Receiver.Full))
         .AddPolicy(AuthPolicy.ReceiverTFA, policy =>
-            policy.RequireRole(Role.Receiver.PreAuth));
+            policy.RequireRole(Role.Receiver.TFA));
 
     // User manager
 #pragma warning disable CS0618 // Type or member is obsolete

EnvelopeGenerator.Domain/Constants/Role.cs

@@ -6,16 +6,16 @@ namespace EnvelopeGenerator.Domain.Constants
 {
     public static class Role
     {
-        [Obsolete("Use Receiver.PreAuth or Receiver.FullyAuth")]
-        public const string PreAuth = "PreAuth";
+        [Obsolete("Use Receiver.TFA")]
+        public const string ReceiverTFA = Receiver.TFA;
 
-        [Obsolete("Use Receiver.PreAuth or Receiver.FullyAuth")]
-        public const string FullyAuth = "FullyAuth";
+        [Obsolete("Use Receiver.Full")]
+        public const string ReceiverFull = Receiver.Full;
 
         public static class Receiver
         {
-            public const string PreAuth = "PreAuth";
-            public const string FullyAuth = "FullyAuth";
+            public const string TFA = "EGReceiverTFA";
+            public const string Full = "EGReceiver";
         }
 
         public const string Sender = "EGSender";

EnvelopeGenerator.Web/Controllers/AnnotationController.cs

@@ -15,7 +15,7 @@ using Microsoft.AspNetCore.Mvc;
 
 namespace EnvelopeGenerator.Web.Controllers;
 
-[Authorize(Roles = Role.FullyAuth)]
+[Authorize(Roles = Role.ReceiverFull)]
 [ApiController]
 [Route("api/[controller]")]
 public class AnnotationController : ControllerBase
@@ -42,7 +42,7 @@ public class AnnotationController : ControllerBase
         _logger = logger;
     }
 
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.ReceiverFull)]
     [HttpPost]
     public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
     {
@@ -80,7 +80,7 @@ public class AnnotationController : ControllerBase
         return Ok();
     }
     
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.ReceiverFull)]
     [HttpPost("reject")]
     [Obsolete("Use DigitalData.Core.Exceptions and .Middleware")]
     public async Task<IActionResult> Reject([FromBody] string? reason = null)

EnvelopeGenerator.Web/Controllers/DocumentController.cs

@@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Mvc;
 
 namespace EnvelopeGenerator.Web.Controllers;
 
-[Authorize(Roles = Role.FullyAuth)]
+[Authorize(Roles = Role.ReceiverFull)]
 [ApiController]
 [Route("api/[controller]")]
 public class DocumentController : ControllerBase

EnvelopeGenerator.Web/Controllers/EnvelopeController.cs

@@ -107,7 +107,7 @@ public class EnvelopeController : ViewControllerBase
                     return this.ViewEnvelopeNotFound();
                 }
                 var er_secret = er_secret_res.Data;
-                await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth);
+                await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverFull);
                 return await CreateShowEnvelopeView(er_secret);
             }
             #endregion UseAccessCode
@@ -172,7 +172,7 @@ public class EnvelopeController : ViewControllerBase
             }
 
             // show envelope if already logged in
-            if (User.IsInRole(Role.FullyAuth))
+            if (User.IsInRole(Role.ReceiverFull))
                 return await CreateShowEnvelopeView(er_secret);
 
             if (auth.HasMulti)
@@ -206,7 +206,7 @@ public class EnvelopeController : ViewControllerBase
                         .WithData("ErrorMessage", _localizer.WrongEnvelopeReceiverId());
             }
 
-            await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth);
+            await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverFull);
 
             return await CreateShowEnvelopeView(er_secret);
         }
@@ -225,9 +225,9 @@ public class EnvelopeController : ViewControllerBase
             && uuidClaim == er.Envelope?.Uuid
             && signatureClaim is not null
             && signatureClaim == er.Receiver?.Signature
-            && User.IsInRole(Role.FullyAuth))
+            && User.IsInRole(Role.ReceiverFull))
         {
-            await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth);
+            await HttpContext.SignInEnvelopeAsync(er, Role.ReceiverFull);
 
             //add PSPDFKit licence key
             ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"];
@@ -262,7 +262,7 @@ public class EnvelopeController : ViewControllerBase
             return this.ViewDocumentNotFound();
         }
 
-        await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth);
+        await HttpContext.SignInEnvelopeAsync(er, Role.ReceiverFull);
 
         ViewData["ReadAndConfirm"] = er.Envelope.ReadOnly;
 
@@ -334,7 +334,7 @@ public class EnvelopeController : ViewControllerBase
                 await _rcvService.UpdateAsync(rcv);
             }
 
-            await HttpContext.SignInEnvelopeAsync(er_secret, Role.PreAuth);
+            await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverTFA);
 
             return await TFAViewAsync(auth.UserSelectSMS, er_secret, envelopeReceiverId);
         }
@@ -348,7 +348,7 @@ public class EnvelopeController : ViewControllerBase
         if (er_secret.Receiver!.TotpSecretkey is null)
             throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
         
-        if (!User.IsInRole(Role.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
+        if (!User.IsInRole(Role.ReceiverTFA) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
         {
             Response.StatusCode = StatusCodes.Status401Unauthorized;
             ViewData["ErrorMessage"] = _localizer.WrongAccessCode();
@@ -364,7 +364,7 @@ public class EnvelopeController : ViewControllerBase
         if (er_secret.Receiver!.TotpSecretkey is null)
             throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
 
-        if (!User.IsInRole(Role.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
+        if (!User.IsInRole(Role.ReceiverTFA) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
         {
             Response.StatusCode = StatusCodes.Status401Unauthorized;
             ViewData["ErrorMessage"] = _localizer.WrongAccessCode();

EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs

@@ -34,7 +34,7 @@ namespace EnvelopeGenerator.Web.Controllers
         }
 
         [HttpPost]
-        [Authorize(Roles = Role.FullyAuth)]
+        [Authorize(Roles = Role.ReceiverFull)]
         [Obsolete("Use MediatR")]
         public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
         {

EnvelopeGenerator.Web/Controllers/TFARegController.cs

@@ -91,7 +91,7 @@ public class TFARegController : ViewControllerBase
         }
     }
 
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.ReceiverFull)]
     [HttpPost("auth/logout")]
     public async Task<IActionResult> LogOut()
     {