Refactor receiver roles: rename FullyAuth/PreAuth for clarity

Renamed receiver roles FullyAuth → Receiver.Full and PreAuth → Receiver.TFA across the codebase for improved clarity and consistency. Updated all usages, [Authorize] attributes, role checks, authentication logic, and authorization policies to use the new role names. Marked old constants as obsolete and pointed them to the new values. This change enhances code readability and groups receiver roles under the Receiver static class.
2026-02-06 10:49:28 +01:00
parent 0d2425c9cf
commit ebed51b46a
9 changed files with 26 additions and 26 deletions
--- a/EnvelopeGenerator.Web/Controllers/AnnotationController.cs
+++ b/EnvelopeGenerator.Web/Controllers/AnnotationController.cs
@@ -15,7 +15,7 @@ using Microsoft.AspNetCore.Mvc;

 namespace EnvelopeGenerator.Web.Controllers;

-[Authorize(Roles = Role.FullyAuth)]
+[Authorize(Roles = Role.ReceiverFull)]
 [ApiController]
 [Route("api/[controller]")]
 public class AnnotationController : ControllerBase
@@ -42,7 +42,7 @@ public class AnnotationController : ControllerBase
        _logger = logger;
    }

-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.ReceiverFull)]
    [HttpPost]
    public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
    {
@@ -80,7 +80,7 @@ public class AnnotationController : ControllerBase
        return Ok();
    }
    
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.ReceiverFull)]
    [HttpPost("reject")]
    [Obsolete("Use DigitalData.Core.Exceptions and .Middleware")]
    public async Task<IActionResult> Reject([FromBody] string? reason = null)
--- a/EnvelopeGenerator.Web/Controllers/DocumentController.cs
+++ b/EnvelopeGenerator.Web/Controllers/DocumentController.cs
@@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Mvc;

 namespace EnvelopeGenerator.Web.Controllers;

-[Authorize(Roles = Role.FullyAuth)]
+[Authorize(Roles = Role.ReceiverFull)]
 [ApiController]
 [Route("api/[controller]")]
 public class DocumentController : ControllerBase
--- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
@@ -107,7 +107,7 @@ public class EnvelopeController : ViewControllerBase
                    return this.ViewEnvelopeNotFound();
                }
                var er_secret = er_secret_res.Data;
-                await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth);
+                await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverFull);
                return await CreateShowEnvelopeView(er_secret);
            }
            #endregion UseAccessCode
@@ -172,7 +172,7 @@ public class EnvelopeController : ViewControllerBase
            }

            // show envelope if already logged in
-            if (User.IsInRole(Role.FullyAuth))
+            if (User.IsInRole(Role.ReceiverFull))
                return await CreateShowEnvelopeView(er_secret);

            if (auth.HasMulti)
@@ -206,7 +206,7 @@ public class EnvelopeController : ViewControllerBase
                        .WithData("ErrorMessage", _localizer.WrongEnvelopeReceiverId());
            }

-            await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth);
+            await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverFull);

            return await CreateShowEnvelopeView(er_secret);
        }
@@ -225,9 +225,9 @@ public class EnvelopeController : ViewControllerBase
            && uuidClaim == er.Envelope?.Uuid
            && signatureClaim is not null
            && signatureClaim == er.Receiver?.Signature
-            && User.IsInRole(Role.FullyAuth))
+            && User.IsInRole(Role.ReceiverFull))
        {
-            await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth);
+            await HttpContext.SignInEnvelopeAsync(er, Role.ReceiverFull);

            //add PSPDFKit licence key
            ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"];
@@ -262,7 +262,7 @@ public class EnvelopeController : ViewControllerBase
            return this.ViewDocumentNotFound();
        }

-        await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth);
+        await HttpContext.SignInEnvelopeAsync(er, Role.ReceiverFull);

        ViewData["ReadAndConfirm"] = er.Envelope.ReadOnly;

@@ -334,7 +334,7 @@ public class EnvelopeController : ViewControllerBase
                await _rcvService.UpdateAsync(rcv);
            }

-            await HttpContext.SignInEnvelopeAsync(er_secret, Role.PreAuth);
+            await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverTFA);

            return await TFAViewAsync(auth.UserSelectSMS, er_secret, envelopeReceiverId);
        }
@@ -348,7 +348,7 @@ public class EnvelopeController : ViewControllerBase
        if (er_secret.Receiver!.TotpSecretkey is null)
            throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
        
-        if (!User.IsInRole(Role.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
+        if (!User.IsInRole(Role.ReceiverTFA) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
        {
            Response.StatusCode = StatusCodes.Status401Unauthorized;
            ViewData["ErrorMessage"] = _localizer.WrongAccessCode();
@@ -364,7 +364,7 @@ public class EnvelopeController : ViewControllerBase
        if (er_secret.Receiver!.TotpSecretkey is null)
            throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");

-        if (!User.IsInRole(Role.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
+        if (!User.IsInRole(Role.ReceiverTFA) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
        {
            Response.StatusCode = StatusCodes.Status401Unauthorized;
            ViewData["ErrorMessage"] = _localizer.WrongAccessCode();
--- a/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs
+++ b/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs
@@ -34,7 +34,7 @@ namespace EnvelopeGenerator.Web.Controllers
        }

        [HttpPost]
-        [Authorize(Roles = Role.FullyAuth)]
+        [Authorize(Roles = Role.ReceiverFull)]
        [Obsolete("Use MediatR")]
        public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
        {
--- a/EnvelopeGenerator.Web/Controllers/TFARegController.cs
+++ b/EnvelopeGenerator.Web/Controllers/TFARegController.cs
@@ -91,7 +91,7 @@ public class TFARegController : ViewControllerBase
        }
    }

-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.ReceiverFull)]
    [HttpPost("auth/logout")]
    public async Task<IActionResult> LogOut()
    {