Refactor receiver roles: rename FullyAuth/PreAuth for clarity

Renamed receiver roles FullyAuth → Receiver.Full and PreAuth → Receiver.TFA across the codebase for improved clarity and consistency. Updated all usages, [Authorize] attributes, role checks, authentication logic, and authorization policies to use the new role names. Marked old constants as obsolete and pointed them to the new values. This change enhances code readability and groups receiver roles under the Receiver static class.
2026-02-06 10:49:28 +01:00
parent 0d2425c9cf
commit ebed51b46a
9 changed files with 26 additions and 26 deletions
--- a/EnvelopeGenerator.API/Controllers/AuthController.cs
+++ b/EnvelopeGenerator.API/Controllers/AuthController.cs
@@ -40,7 +40,7 @@ public partial class AuthController(IOptions<AuthTokenKeys> authTokenKeyOptions)
    {
        if (User.IsInRole(Role.Sender))
            Response.Cookies.Delete(authTokenKeys.Cookie);
-        else if (User.IsInRole(Role.Receiver.FullyAuth))
+        else if (User.IsInRole(Role.Receiver.Full))
            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
        else
            return Unauthorized();
--- a/EnvelopeGenerator.API/Controllers/DocumentController.cs
+++ b/EnvelopeGenerator.API/Controllers/DocumentController.cs
@@ -40,7 +40,7 @@ public class DocumentController(IMediator mediator, ILogger<DocumentController>
        }
        // Receiver: resolve envelope id from claims
-        if (User.IsInRole(Role.Receiver.FullyAuth))
+        if (User.IsInRole(Role.Receiver.Full))
        {           
            if (query is not null)
                return BadRequest("Query parameters are not allowed for receiver role.");
--- a/EnvelopeGenerator.API/Program.cs
+++ b/EnvelopeGenerator.API/Program.cs
@@ -179,13 +179,13 @@ try
    builder.Services.AddAuthorizationBuilder()
        .AddPolicy(AuthPolicy.SenderOrReceiver, policy =>
-            policy.RequireRole(Role.Sender, Role.Receiver.FullyAuth))
+            policy.RequireRole(Role.Sender, Role.Receiver.Full))
        .AddPolicy(AuthPolicy.Sender, policy =>
            policy.RequireRole(Role.Sender))
        .AddPolicy(AuthPolicy.Receiver, policy =>
-            policy.RequireRole(Role.Receiver.FullyAuth))
+            policy.RequireRole(Role.Receiver.Full))
        .AddPolicy(AuthPolicy.ReceiverTFA, policy =>
-            policy.RequireRole(Role.Receiver.PreAuth));
+            policy.RequireRole(Role.Receiver.TFA));
    // User manager
 #pragma warning disable CS0618 // Type or member is obsolete
--- a/EnvelopeGenerator.Domain/Constants/Role.cs
+++ b/EnvelopeGenerator.Domain/Constants/Role.cs
@@ -6,16 +6,16 @@ namespace EnvelopeGenerator.Domain.Constants
 {
    public static class Role
    {
-        [Obsolete("Use Receiver.PreAuth or Receiver.FullyAuth")]
+        [Obsolete("Use Receiver.TFA")]
-        public const string PreAuth = "PreAuth";
+        public const string ReceiverTFA = Receiver.TFA;
-        [Obsolete("Use Receiver.PreAuth or Receiver.FullyAuth")]
+        [Obsolete("Use Receiver.Full")]
-        public const string FullyAuth = "FullyAuth";
+        public const string ReceiverFull = Receiver.Full;
        public static class Receiver
        {
-            public const string PreAuth = "PreAuth";
+            public const string TFA = "EGReceiverTFA";
-            public const string FullyAuth = "FullyAuth";
+            public const string Full = "EGReceiver";
        }
        public const string Sender = "EGSender";
--- a/EnvelopeGenerator.Web/Controllers/AnnotationController.cs
+++ b/EnvelopeGenerator.Web/Controllers/AnnotationController.cs
@@ -15,7 +15,7 @@ using Microsoft.AspNetCore.Mvc;
 namespace EnvelopeGenerator.Web.Controllers;
-[Authorize(Roles = Role.FullyAuth)]
+[Authorize(Roles = Role.ReceiverFull)]
 [ApiController]
 [Route("api/[controller]")]
 public class AnnotationController : ControllerBase
@@ -42,7 +42,7 @@ public class AnnotationController : ControllerBase
        _logger = logger;
    }
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.ReceiverFull)]
    [HttpPost]
    public async Task<IActionResult> CreateOrUpdate([FromBody] PsPdfKitAnnotation? psPdfKitAnnotation = null, CancellationToken cancel = default)
    {
@@ -80,7 +80,7 @@ public class AnnotationController : ControllerBase
        return Ok();
    }
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.ReceiverFull)]
    [HttpPost("reject")]
    [Obsolete("Use DigitalData.Core.Exceptions and .Middleware")]
    public async Task<IActionResult> Reject([FromBody] string? reason = null)
--- a/EnvelopeGenerator.Web/Controllers/DocumentController.cs
+++ b/EnvelopeGenerator.Web/Controllers/DocumentController.cs
@@ -8,7 +8,7 @@ using Microsoft.AspNetCore.Mvc;
 namespace EnvelopeGenerator.Web.Controllers;
-[Authorize(Roles = Role.FullyAuth)]
+[Authorize(Roles = Role.ReceiverFull)]
 [ApiController]
 [Route("api/[controller]")]
 public class DocumentController : ControllerBase
--- a/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/EnvelopeController.cs
@@ -107,7 +107,7 @@ public class EnvelopeController : ViewControllerBase
                    return this.ViewEnvelopeNotFound();
                }
                var er_secret = er_secret_res.Data;
-                await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth);
+                await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverFull);
                return await CreateShowEnvelopeView(er_secret);
            }
            #endregion UseAccessCode
@@ -172,7 +172,7 @@ public class EnvelopeController : ViewControllerBase
            }
            // show envelope if already logged in
-            if (User.IsInRole(Role.FullyAuth))
+            if (User.IsInRole(Role.ReceiverFull))
                return await CreateShowEnvelopeView(er_secret);
            if (auth.HasMulti)
@@ -206,7 +206,7 @@ public class EnvelopeController : ViewControllerBase
                        .WithData("ErrorMessage", _localizer.WrongEnvelopeReceiverId());
            }
-            await HttpContext.SignInEnvelopeAsync(er_secret, Role.FullyAuth);
+            await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverFull);
            return await CreateShowEnvelopeView(er_secret);
        }
@@ -225,9 +225,9 @@ public class EnvelopeController : ViewControllerBase
            && uuidClaim == er.Envelope?.Uuid
            && signatureClaim is not null
            && signatureClaim == er.Receiver?.Signature
-            && User.IsInRole(Role.FullyAuth))
+            && User.IsInRole(Role.ReceiverFull))
        {
-            await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth);
+            await HttpContext.SignInEnvelopeAsync(er, Role.ReceiverFull);
            //add PSPDFKit licence key
            ViewData["PSPDFKitLicenseKey"] = _configuration["PSPDFKitLicenseKey"];
@@ -262,7 +262,7 @@ public class EnvelopeController : ViewControllerBase
            return this.ViewDocumentNotFound();
        }
-        await HttpContext.SignInEnvelopeAsync(er, Role.FullyAuth);
+        await HttpContext.SignInEnvelopeAsync(er, Role.ReceiverFull);
        ViewData["ReadAndConfirm"] = er.Envelope.ReadOnly;
@@ -334,7 +334,7 @@ public class EnvelopeController : ViewControllerBase
                await _rcvService.UpdateAsync(rcv);
            }
-            await HttpContext.SignInEnvelopeAsync(er_secret, Role.PreAuth);
+            await HttpContext.SignInEnvelopeAsync(er_secret, Role.ReceiverTFA);
            return await TFAViewAsync(auth.UserSelectSMS, er_secret, envelopeReceiverId);
        }
@@ -348,7 +348,7 @@ public class EnvelopeController : ViewControllerBase
        if (er_secret.Receiver!.TotpSecretkey is null)
            throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
-        if (!User.IsInRole(Role.PreAuth) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
+        if (!User.IsInRole(Role.ReceiverTFA) || !_envSmsHandler.VerifyTotp(auth.SmsCode!, er_secret.Receiver.TotpSecretkey))
        {
            Response.StatusCode = StatusCodes.Status401Unauthorized;
            ViewData["ErrorMessage"] = _localizer.WrongAccessCode();
@@ -364,7 +364,7 @@ public class EnvelopeController : ViewControllerBase
        if (er_secret.Receiver!.TotpSecretkey is null)
            throw new InvalidOperationException($"TotpSecretkey of DTO cannot validate without TotpSecretkey. Dto: {JsonConvert.SerializeObject(er_secret)}");
-        if (!User.IsInRole(Role.PreAuth) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
+        if (!User.IsInRole(Role.ReceiverTFA) || !_authenticator.VerifyTotp(auth.AuthenticatorCode!, er_secret.Receiver.TotpSecretkey, window: VerificationWindow.RfcSpecifiedNetworkDelay))
        {
            Response.StatusCode = StatusCodes.Status401Unauthorized;
            ViewData["ErrorMessage"] = _localizer.WrongAccessCode();
--- a/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs
+++ b/EnvelopeGenerator.Web/Controllers/ReadOnlyController.cs
@@ -34,7 +34,7 @@ namespace EnvelopeGenerator.Web.Controllers
        }
        [HttpPost]
-        [Authorize(Roles = Role.FullyAuth)]
+        [Authorize(Roles = Role.ReceiverFull)]
        [Obsolete("Use MediatR")]
        public async Task<IActionResult> CreateAsync([FromBody] EnvelopeReceiverReadOnlyCreateDto createDto)
        {
--- a/EnvelopeGenerator.Web/Controllers/TFARegController.cs
+++ b/EnvelopeGenerator.Web/Controllers/TFARegController.cs
@@ -91,7 +91,7 @@ public class TFARegController : ViewControllerBase
        }
    }
-    [Authorize(Roles = Role.FullyAuth)]
+    [Authorize(Roles = Role.ReceiverFull)]
    [HttpPost("auth/logout")]
    public async Task<IActionResult> LogOut()
    {