diff --git a/EnvelopeGenerator.API/Controllers/AuthController.cs b/EnvelopeGenerator.API/Controllers/AuthController.cs index 831617a2..b8c89cd0 100644 --- a/EnvelopeGenerator.API/Controllers/AuthController.cs +++ b/EnvelopeGenerator.API/Controllers/AuthController.cs @@ -40,7 +40,7 @@ public partial class AuthController(IOptions authTokenKeyOptions) { if (User.IsInRole(Role.Sender)) Response.Cookies.Delete(authTokenKeys.Cookie); - else if (User.IsInRole(Role.Receiver.FullyAuth)) + else if (User.IsInRole(Role.Receiver.Full)) await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); else return Unauthorized(); diff --git a/EnvelopeGenerator.API/Controllers/DocumentController.cs b/EnvelopeGenerator.API/Controllers/DocumentController.cs index 474412a9..45165517 100644 --- a/EnvelopeGenerator.API/Controllers/DocumentController.cs +++ b/EnvelopeGenerator.API/Controllers/DocumentController.cs @@ -40,7 +40,7 @@ public class DocumentController(IMediator mediator, ILogger } // Receiver: resolve envelope id from claims - if (User.IsInRole(Role.Receiver.FullyAuth)) + if (User.IsInRole(Role.Receiver.Full)) { if (query is not null) return BadRequest("Query parameters are not allowed for receiver role."); diff --git a/EnvelopeGenerator.API/Program.cs b/EnvelopeGenerator.API/Program.cs index da15a25b..448d256a 100644 --- a/EnvelopeGenerator.API/Program.cs +++ b/EnvelopeGenerator.API/Program.cs @@ -179,13 +179,13 @@ try builder.Services.AddAuthorizationBuilder() .AddPolicy(AuthPolicy.SenderOrReceiver, policy => - policy.RequireRole(Role.Sender, Role.Receiver.FullyAuth)) + policy.RequireRole(Role.Sender, Role.Receiver.Full)) .AddPolicy(AuthPolicy.Sender, policy => policy.RequireRole(Role.Sender)) .AddPolicy(AuthPolicy.Receiver, policy => - policy.RequireRole(Role.Receiver.FullyAuth)) + policy.RequireRole(Role.Receiver.Full)) .AddPolicy(AuthPolicy.ReceiverTFA, policy => - policy.RequireRole(Role.Receiver.PreAuth)); + policy.RequireRole(Role.Receiver.TFA)); // User manager #pragma warning disable CS0618 // Type or member is obsolete diff --git a/EnvelopeGenerator.Domain/Constants/Role.cs b/EnvelopeGenerator.Domain/Constants/Role.cs index 49bcf6fe..0a85a9bc 100644 --- a/EnvelopeGenerator.Domain/Constants/Role.cs +++ b/EnvelopeGenerator.Domain/Constants/Role.cs @@ -6,16 +6,16 @@ namespace EnvelopeGenerator.Domain.Constants { public static class Role { - [Obsolete("Use Receiver.PreAuth or Receiver.FullyAuth")] - public const string PreAuth = "PreAuth"; + [Obsolete("Use Receiver.TFA")] + public const string ReceiverTFA = Receiver.TFA; - [Obsolete("Use Receiver.PreAuth or Receiver.FullyAuth")] - public const string FullyAuth = "FullyAuth"; + [Obsolete("Use Receiver.Full")] + public const string ReceiverFull = Receiver.Full; public static class Receiver { - public const string PreAuth = "PreAuth"; - public const string FullyAuth = "FullyAuth"; + public const string TFA = "EGReceiverTFA"; + public const string Full = "EGReceiver"; } public const string Sender = "EGSender"; diff --git a/EnvelopeGenerator.Web/Controllers/AnnotationController.cs b/EnvelopeGenerator.Web/Controllers/AnnotationController.cs index b00d5564..e2d64966 100644 --- a/EnvelopeGenerator.Web/Controllers/AnnotationController.cs +++ b/EnvelopeGenerator.Web/Controllers/AnnotationController.cs @@ -15,7 +15,7 @@ using Microsoft.AspNetCore.Mvc; namespace EnvelopeGenerator.Web.Controllers; -[Authorize(Roles = Role.FullyAuth)] +[Authorize(Roles = Role.ReceiverFull)] [ApiController] [Route("api/[controller]")] public class AnnotationController : ControllerBase @@ -42,7 +42,7 @@ public class AnnotationController : ControllerBase _logger = logger; } - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Roles = Role.ReceiverFull)] [HttpPost] public async Task CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default) { @@ -80,7 +80,7 @@ public class AnnotationController : ControllerBase return Ok(); } - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Roles = Role.ReceiverFull)] [HttpPost("reject")] [Obsolete("Use DigitalData.Core.Exceptions and .Middleware")] public async Task Reject([FromBody] string? reason = null) diff --git a/EnvelopeGenerator.Web/Controllers/DocumentController.cs b/EnvelopeGenerator.Web/Controllers/DocumentController.cs index f202cf24..e3efdf45 100644 --- a/EnvelopeGenerator.Web/Controllers/DocumentController.cs +++ b/EnvelopeGenerator.Web/Controllers/DocumentController.cs @@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Mvc; namespace EnvelopeGenerator.Web.Controllers; -[Authorize(Roles = Role.FullyAuth)] +[Authorize(Roles = Role.ReceiverFull)] [ApiController] [Route("api/[controller]")] public class DocumentController : ControllerBase diff --git a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs index 169b684c..df402822 100644 --- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs +++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs @@ -107,7 +107,7 @@ public class EnvelopeController : ViewControllerBase return this.ViewEnvelopeNotFound(); } var er_secret = er_secret_res.Data; - await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverFull); return await CreateShowEnvelopeView(er_secret); } #endregion UseAccessCode @@ -172,7 +172,7 @@ public class EnvelopeController : ViewControllerBase } // show envelope if already logged in - if (User.IsInRole(Role.FullyAuth)) + if (User.IsInRole(Role.ReceiverFull)) return await CreateShowEnvelopeView(er_secret); if (auth.HasMulti) @@ -206,7 +206,7 @@ public class EnvelopeController : ViewControllerBase .WithData("ErrorMessage", _localizer.WrongEnvelopeReceiverId()); } - await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverFull); return await CreateShowEnvelopeView(er_secret); } @@ -225,9 +225,9 @@ public class EnvelopeController : ViewControllerBase && uuidClaim == er.Envelope?.Uuid && signatureClaim is not null && signatureClaim == er.Receiver?.Signature - && User.IsInRole(Role.FullyAuth)) + && User.IsInRole(Role.ReceiverFull)) { - await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er, Role.ReceiverFull); //add PSPDFKit licence key ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"]; @@ -262,7 +262,7 @@ public class EnvelopeController : ViewControllerBase return this.ViewDocumentNotFound(); } - await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er, Role.ReceiverFull); ViewData["ReadAndConfirm"] = er.Envelope.ReadOnly; @@ -334,7 +334,7 @@ public class EnvelopeController : ViewControllerBase await _rcvService.UpdateAsync(rcv); } - await HttpContext.SignInEnvelopeAsync(er_secret, Role.PreAuth); + await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverTFA); return await TFAViewAsync(auth.UserSelectSMS, er_secret, envelopeReceiverId); } @@ -348,7 +348,7 @@ public class EnvelopeController : ViewControllerBase if (er_secret.Receiver!.TotpSecretkey is null) throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}"); - if (!User.IsInRole(Role.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey)) + if (!User.IsInRole(Role.ReceiverTFA) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey)) { Response.StatusCode = StatusCodes.Status401Unauthorized; ViewData["ErrorMessage"] = _localizer.WrongAccessCode(); @@ -364,7 +364,7 @@ public class EnvelopeController : ViewControllerBase if (er_secret.Receiver!.TotpSecretkey is null) throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}"); - if (!User.IsInRole(Role.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay)) + if (!User.IsInRole(Role.ReceiverTFA) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay)) { Response.StatusCode = StatusCodes.Status401Unauthorized; ViewData["ErrorMessage"] = _localizer.WrongAccessCode(); diff --git a/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs b/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs index d705e689..7e7dd381 100644 --- a/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs +++ b/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs @@ -34,7 +34,7 @@ namespace EnvelopeGenerator.Web.Controllers } [HttpPost] - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Roles = Role.ReceiverFull)] [Obsolete("Use MediatR")] public async Task CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto) { diff --git a/EnvelopeGenerator.Web/Controllers/TFARegController.cs b/EnvelopeGenerator.Web/Controllers/TFARegController.cs index 165e8725..ba4da507 100644 --- a/EnvelopeGenerator.Web/Controllers/TFARegController.cs +++ b/EnvelopeGenerator.Web/Controllers/TFARegController.cs @@ -91,7 +91,7 @@ public class TFARegController : ViewControllerBase } } - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Roles = Role.ReceiverFull)] [HttpPost("auth/logout")] public async Task LogOut() {