PDF-Serialisierung erfolgt jetzt direkt auf Razor Page - Sicherheitsverbesserung

Externer Fetch-Vorgang entfernt, PDF-Inhalt aus Sicherheitsgründen direkt auf der Razor Page serialisiert.
2024-04-10 09:21:56 +02:00
parent 2c17d440c0
commit f5dd3cf8be
8 changed files with 59 additions and 69 deletions
--- a/EnvelopeGenerator.Web/Controllers/HomeController.cs
+++ b/EnvelopeGenerator.Web/Controllers/HomeController.cs
@@ -32,7 +32,7 @@ namespace EnvelopeGenerator.Web.Controllers
        }

        [HttpPost("/")]
-        public IActionResult DebugEnvelopes([FromForm] string password)
+        public IActionResult DebugEnvelopes([FromForm] string? password)
        {
            try
            {
@@ -44,12 +44,6 @@ namespace EnvelopeGenerator.Web.Controllers
                    return View("Index");
                }

-                if (password == null)
-                {
-                    ViewData["error"] = "No password supplied!";
-                    return View("Index");
-                }
-
                if (password != passwordFromConfig)
                {
                    ViewData["error"] = "Wrong Password!";
@@ -75,15 +69,34 @@ namespace EnvelopeGenerator.Web.Controllers
        {
            var decodedId = envelopeReceiverId.DecodeEnvelopeReceiverId();

+            _logger.LogInformation($"Envelope UUID: [{decodedId.EnvelopeUuid}]");
+            _logger.LogInformation($"Receiver Signature: [{decodedId.ReceiverSignature}]");
+
            var verification = await _envRcvService.VerifyAccessCode(decodedId.EnvelopeUuid, access_code);
            EnvelopeResponse response = await envelopeOldService.LoadEnvelope(envelopeReceiverId);

            if (verification.IsSuccess)
            {
-                var envelope = await _envelopeService.ReadByUuidAsync(uuid: decodedId.EnvelopeUuid, signature: decodedId.ReceiverSignature, withAll:true);
+                if (envelopeOldService.ReceiverAlreadySigned(response.Envelope, response.Receiver.Id) == true)
+                {
+                    return Problem(statusCode: 403);
+                }
+
+                var envelope = await _envelopeService.ReadByUuidAsync(uuid: decodedId.EnvelopeUuid, signature: decodedId.ReceiverSignature, withAll: true);
                database.Services.actionService.EnterCorrectAccessCode(response.Envelope, response.Receiver);   //for history
                ViewData["EnvelopeKey"] = envelopeReceiverId;
                ViewData["EnvelopeResponse"] = response;
+                ViewData["EnvelopeResponse"] = response;
+
+                if (response.Envelope.Documents.Count() > 0)
+                {
+                    var document = await envelopeOldService.GetDocument(response.Envelope.Documents[0].Id, envelopeReceiverId);
+                    byte[] bytes = await envelopeOldService.GetDocumentContents(document);
+                    ViewData["DocumentBytes"] = bytes;
+                }
+                else
+                    ViewData["DocumentBytes"] = null;
+
                return View("ShowEnvelope", envelope);
            } 
            else