From ebed51b46a1dadc5667868dabcf5f273da7c5aaa Mon Sep 17 00:00:00 2001 From: TekH Date: Fri, 6 Feb 2026 10:49:28 +0100 Subject: [PATCH] Refactor receiver roles: rename FullyAuth/PreAuth for clarity MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Renamed receiver roles FullyAuth → Receiver.Full and PreAuth → Receiver.TFA across the codebase for improved clarity and consistency. Updated all usages, [Authorize] attributes, role checks, authentication logic, and authorization policies to use the new role names. Marked old constants as obsolete and pointed them to the new values. This change enhances code readability and groups receiver roles under the Receiver static class. --- .../Controllers/AuthController.cs | 2 +- .../Controllers/DocumentController.cs | 2 +- EnvelopeGenerator.API/Program.cs | 6 +++--- EnvelopeGenerator.Domain/Constants/Role.cs | 12 ++++++------ .../Controllers/AnnotationController.cs | 6 +++--- .../Controllers/DocumentController.cs | 2 +- .../Controllers/EnvelopeController.cs | 18 +++++++++--------- .../Controllers/ReadOnlyController.cs | 2 +- .../Controllers/TFARegController.cs | 2 +- 9 files changed, 26 insertions(+), 26 deletions(-) diff --git a/EnvelopeGenerator.API/Controllers/AuthController.cs b/EnvelopeGenerator.API/Controllers/AuthController.cs index 831617a2..b8c89cd0 100644 --- a/EnvelopeGenerator.API/Controllers/AuthController.cs +++ b/EnvelopeGenerator.API/Controllers/AuthController.cs @@ -40,7 +40,7 @@ public partial class AuthController(IOptions authTokenKeyOptions) { if (User.IsInRole(Role.Sender)) Response.Cookies.Delete(authTokenKeys.Cookie); - else if (User.IsInRole(Role.Receiver.FullyAuth)) + else if (User.IsInRole(Role.Receiver.Full)) await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); else return Unauthorized(); diff --git a/EnvelopeGenerator.API/Controllers/DocumentController.cs b/EnvelopeGenerator.API/Controllers/DocumentController.cs index 474412a9..45165517 100644 --- a/EnvelopeGenerator.API/Controllers/DocumentController.cs +++ b/EnvelopeGenerator.API/Controllers/DocumentController.cs @@ -40,7 +40,7 @@ public class DocumentController(IMediator mediator, ILogger } // Receiver: resolve envelope id from claims - if (User.IsInRole(Role.Receiver.FullyAuth)) + if (User.IsInRole(Role.Receiver.Full)) { if (query is not null) return BadRequest("Query parameters are not allowed for receiver role."); diff --git a/EnvelopeGenerator.API/Program.cs b/EnvelopeGenerator.API/Program.cs index da15a25b..448d256a 100644 --- a/EnvelopeGenerator.API/Program.cs +++ b/EnvelopeGenerator.API/Program.cs @@ -179,13 +179,13 @@ try builder.Services.AddAuthorizationBuilder() .AddPolicy(AuthPolicy.SenderOrReceiver, policy => - policy.RequireRole(Role.Sender, Role.Receiver.FullyAuth)) + policy.RequireRole(Role.Sender, Role.Receiver.Full)) .AddPolicy(AuthPolicy.Sender, policy => policy.RequireRole(Role.Sender)) .AddPolicy(AuthPolicy.Receiver, policy => - policy.RequireRole(Role.Receiver.FullyAuth)) + policy.RequireRole(Role.Receiver.Full)) .AddPolicy(AuthPolicy.ReceiverTFA, policy => - policy.RequireRole(Role.Receiver.PreAuth)); + policy.RequireRole(Role.Receiver.TFA)); // User manager #pragma warning disable CS0618 // Type or member is obsolete diff --git a/EnvelopeGenerator.Domain/Constants/Role.cs b/EnvelopeGenerator.Domain/Constants/Role.cs index 49bcf6fe..0a85a9bc 100644 --- a/EnvelopeGenerator.Domain/Constants/Role.cs +++ b/EnvelopeGenerator.Domain/Constants/Role.cs @@ -6,16 +6,16 @@ namespace EnvelopeGenerator.Domain.Constants { public static class Role { - [Obsolete("Use Receiver.PreAuth or Receiver.FullyAuth")] - public const string PreAuth = "PreAuth"; + [Obsolete("Use Receiver.TFA")] + public const string ReceiverTFA = Receiver.TFA; - [Obsolete("Use Receiver.PreAuth or Receiver.FullyAuth")] - public const string FullyAuth = "FullyAuth"; + [Obsolete("Use Receiver.Full")] + public const string ReceiverFull = Receiver.Full; public static class Receiver { - public const string PreAuth = "PreAuth"; - public const string FullyAuth = "FullyAuth"; + public const string TFA = "EGReceiverTFA"; + public const string Full = "EGReceiver"; } public const string Sender = "EGSender"; diff --git a/EnvelopeGenerator.Web/Controllers/AnnotationController.cs b/EnvelopeGenerator.Web/Controllers/AnnotationController.cs index b00d5564..e2d64966 100644 --- a/EnvelopeGenerator.Web/Controllers/AnnotationController.cs +++ b/EnvelopeGenerator.Web/Controllers/AnnotationController.cs @@ -15,7 +15,7 @@ using Microsoft.AspNetCore.Mvc; namespace EnvelopeGenerator.Web.Controllers; -[Authorize(Roles = Role.FullyAuth)] +[Authorize(Roles = Role.ReceiverFull)] [ApiController] [Route("api/[controller]")] public class AnnotationController : ControllerBase @@ -42,7 +42,7 @@ public class AnnotationController : ControllerBase _logger = logger; } - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Roles = Role.ReceiverFull)] [HttpPost] public async Task CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default) { @@ -80,7 +80,7 @@ public class AnnotationController : ControllerBase return Ok(); } - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Roles = Role.ReceiverFull)] [HttpPost("reject")] [Obsolete("Use DigitalData.Core.Exceptions and .Middleware")] public async Task Reject([FromBody] string? reason = null) diff --git a/EnvelopeGenerator.Web/Controllers/DocumentController.cs b/EnvelopeGenerator.Web/Controllers/DocumentController.cs index f202cf24..e3efdf45 100644 --- a/EnvelopeGenerator.Web/Controllers/DocumentController.cs +++ b/EnvelopeGenerator.Web/Controllers/DocumentController.cs @@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Mvc; namespace EnvelopeGenerator.Web.Controllers; -[Authorize(Roles = Role.FullyAuth)] +[Authorize(Roles = Role.ReceiverFull)] [ApiController] [Route("api/[controller]")] public class DocumentController : ControllerBase diff --git a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs index 169b684c..df402822 100644 --- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs +++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs @@ -107,7 +107,7 @@ public class EnvelopeController : ViewControllerBase return this.ViewEnvelopeNotFound(); } var er_secret = er_secret_res.Data; - await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverFull); return await CreateShowEnvelopeView(er_secret); } #endregion UseAccessCode @@ -172,7 +172,7 @@ public class EnvelopeController : ViewControllerBase } // show envelope if already logged in - if (User.IsInRole(Role.FullyAuth)) + if (User.IsInRole(Role.ReceiverFull)) return await CreateShowEnvelopeView(er_secret); if (auth.HasMulti) @@ -206,7 +206,7 @@ public class EnvelopeController : ViewControllerBase .WithData("ErrorMessage", _localizer.WrongEnvelopeReceiverId()); } - await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverFull); return await CreateShowEnvelopeView(er_secret); } @@ -225,9 +225,9 @@ public class EnvelopeController : ViewControllerBase && uuidClaim == er.Envelope?.Uuid && signatureClaim is not null && signatureClaim == er.Receiver?.Signature - && User.IsInRole(Role.FullyAuth)) + && User.IsInRole(Role.ReceiverFull)) { - await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er, Role.ReceiverFull); //add PSPDFKit licence key ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"]; @@ -262,7 +262,7 @@ public class EnvelopeController : ViewControllerBase return this.ViewDocumentNotFound(); } - await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth); + await HttpContext.SignInEnvelopeAsync(er, Role.ReceiverFull); ViewData["ReadAndConfirm"] = er.Envelope.ReadOnly; @@ -334,7 +334,7 @@ public class EnvelopeController : ViewControllerBase await _rcvService.UpdateAsync(rcv); } - await HttpContext.SignInEnvelopeAsync(er_secret, Role.PreAuth); + await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverTFA); return await TFAViewAsync(auth.UserSelectSMS, er_secret, envelopeReceiverId); } @@ -348,7 +348,7 @@ public class EnvelopeController : ViewControllerBase if (er_secret.Receiver!.TotpSecretkey is null) throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}"); - if (!User.IsInRole(Role.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey)) + if (!User.IsInRole(Role.ReceiverTFA) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey)) { Response.StatusCode = StatusCodes.Status401Unauthorized; ViewData["ErrorMessage"] = _localizer.WrongAccessCode(); @@ -364,7 +364,7 @@ public class EnvelopeController : ViewControllerBase if (er_secret.Receiver!.TotpSecretkey is null) throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}"); - if (!User.IsInRole(Role.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay)) + if (!User.IsInRole(Role.ReceiverTFA) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay)) { Response.StatusCode = StatusCodes.Status401Unauthorized; ViewData["ErrorMessage"] = _localizer.WrongAccessCode(); diff --git a/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs b/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs index d705e689..7e7dd381 100644 --- a/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs +++ b/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs @@ -34,7 +34,7 @@ namespace EnvelopeGenerator.Web.Controllers } [HttpPost] - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Roles = Role.ReceiverFull)] [Obsolete("Use MediatR")] public async Task CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto) { diff --git a/EnvelopeGenerator.Web/Controllers/TFARegController.cs b/EnvelopeGenerator.Web/Controllers/TFARegController.cs index 165e8725..ba4da507 100644 --- a/EnvelopeGenerator.Web/Controllers/TFARegController.cs +++ b/EnvelopeGenerator.Web/Controllers/TFARegController.cs @@ -91,7 +91,7 @@ public class TFARegController : ViewControllerBase } } - [Authorize(Roles = Role.FullyAuth)] + [Authorize(Roles = Role.ReceiverFull)] [HttpPost("auth/logout")] public async Task LogOut() {