Updated `Version`, `FileVersion`, and `AssemblyVersion` in the `EnvelopeGenerator.API.csproj` file from `1.2.3` to `1.3.0`, indicating a minor version update with backward-compatible improvements or new features.
Modified the method to return a single item or null by using
`SingleOrDefault()` on the result of `await _mediator.Send(...)`.
This ensures the response is no longer a collection but a single
object, improving clarity and aligning with expected behavior.
Replaced hardcoded `envelopeId` with dynamic retrieval from
user claims. Reintroduced and updated error handling logic
to validate the `envelopeId` and log detailed errors when
parsing fails. Improved robustness by returning a 500 error
for invalid or missing envelope claims.
Introduce a `Transforms` section in `yarp.json` for the `receiver-ui` route to enforce a no-cache policy. This includes setting the following response headers for all responses:
- `Cache-Control`: `no-cache, no-store, must-revalidate`
- `Pragma`: `no-cache`
- `Expires`: `0`
These changes ensure that client-side caching is disabled for the `receiver-ui` route.
Added a new route configuration `receiver-ui-annotation-fake` to the `yarp.json` file. This route is associated with the `receiver-ui` cluster, has an `Order` value of `10`, and matches requests to `/api/Annotation/{envelopeKey}` with `GET` and `HEAD` methods. A path transformation rewrites the route to `/fake-data/annotations.json`.
Added a new `/login/{**catch-all}` route in `yarp.json` for the `receiver-ui` cluster. Updated `Login.razor` with a modernized UI, including a gradient header, improved error handling, and a toggle for password visibility. Integrated `AuthService` for API-based login validation.
Refactored `Login.razor` logic to handle login outcomes (`Success`, `InvalidCode`, `NotFound`, `Error`) using the new `EnvelopeLoginResult` enum. Added `LoginEnvelopeReceiverAsync` method in `AuthService` to handle login requests via `POST /api/Auth/envelope-receiver/{key}`. Improved code maintainability and user experience.
The `<TargetFrameworks>` property in `EnvelopeGenerator.API.csproj` was downgraded from `net9.0` to `net8.0`. Conditional package references were added for `Microsoft.AspNetCore.OpenApi` and `Microsoft.EntityFrameworkCore.SqlServer` to support both `net8.0` and `net9.0`.
Added `itext` and `itext.bouncy-castle-adapter` (version 8.0.5) as new dependencies. Updated the project to include a reference to `EnvelopeGenerator.PdfEditor.csproj`. Removed unconditional `Microsoft.AspNetCore.OpenApi` reference and replaced it with conditional references based on the target framework.
Introduced a preprocessor directive `#if NET9_0_OR_GREATER` to conditionally include the `app.MapOpenApi();` method call. This ensures that the `MapOpenApi` functionality is only executed when the application targets .NET 9.0 or later, maintaining compatibility with earlier .NET versions.
Introduced a conditional compilation directive (`#if NET9_0_OR_GREATER`) to register the `AddOpenApi` service only when the application is targeting .NET 9.0 or later. This ensures compatibility and avoids unnecessary service registration for earlier .NET versions.
Renamed the route "receiver-ui" to "receiver-ui-receiver" and added new routes for more specific path handling:
- "receiver-ui-receiver" for `/receiver/{**catch-all}`.
- "receiver-ui-sender" for `/sender/{**catch-all}`.
- "receiver-ui-envelope" for `/envelope/{**catch-all}`.
- "receiver-ui-static-assets" for `{**catch-all}` as a fallback.
These changes improve routing granularity for the "receiver-ui" cluster.
Updated the `CreateAsync` method in `EnvelopeController` to use
`WithAuth` instead of `Authorize` for handling authorization
within the `CreateEnvelopeCommand`. This change reflects a
refactor or update in the command's API to improve clarity or
functionality.
Updated the middleware pipeline in `Program.cs` to use `app.MapWhen()` for conditional routing. The reverse proxy now excludes requests to `/swagger`, `/scalar`, and `/openapi` paths, ensuring these endpoints are handled separately. This change replaces the direct `app.MapReverseProxy()` call with a more selective approach, improving request handling for specific API paths.
Added a new `receiver-ui` route under the `ReverseProxy:Routes`
section in `yarp.json` to match all paths for `GET` and `HEAD`
methods. The route is associated with the `receiver-ui` cluster
and has an `Order` value of 100.
Configured a new `receiver-ui` cluster under the
`ReverseProxy:Clusters` section with a single destination
pointing to `https://localhost:52936`. This enables reverse
proxying for the `receiver-ui` service.
Refactored the handling of `senderDoc.ByteData` by replacing
the ternary operator with an explicit `if` statement for better
readability. Added a `Content-Disposition` header to ensure
the file is displayed inline with a proper filename. Updated
the MIME type of the file response from `application/octet-stream`
to `application/pdf` to reflect the expected content type.
The `UseDbMigration` setting in the `appsettings.json` file was updated from `true` to `false`. This change disables automatic application of database migrations, potentially requiring manual intervention or an alternative approach for managing schema updates.
Added a new `GetEnvelopeReceiverOfReceiver` method in the
`EnvelopeReceiverController` to retrieve an envelope receiver
based on the provided `envelopeKey`. The method is secured
with the `Receiver` authorization policy and uses the
`_mediator.Send` method to process a `ReadEnvelopeReceiverQuery`.
Included the `Microsoft.Extensions.Options` namespace to
support potential configuration needs. Added XML documentation
placeholders for the new method.
Updated DocumentController to include a new GetDocumentOfReceiver
endpoint for retrieving envelope documents. Added authorization
based on the Receiver policy and implemented error handling for
invalid or missing EnvelopeId claims. Integrated ILogger to log
errors and provide detailed diagnostics. Included necessary
namespace imports to support the new functionality.
Enhanced token validation logic by introducing an `OnTokenValidated` event handler. This ensures the `envelopeKey` in the request path matches the token's subject (`sub` claim). Added `return Task.CompletedTask;` to complete asynchronous operations. These changes improve security by preventing mismatches or unauthorized access.
Added `AddEnvelopeReceiverLoginOperation` to `AuthProxyDocumentFilter` to define a new Swagger operation for the `/api/Auth/envelope-receiver/{key}` endpoint. Introduced the `EnvelopeReceiverLogin` record for the request body. Updated `yarp.json` to configure routing for the new endpoint, ensuring the `cookie` query parameter is always set to `true`. Modified `Apply` to include the new operation in Swagger documentation.
Added two new endpoints to `AuthController`: `LogoutEnvelopeReceiver` for removing a specific per-envelope receiver cookie and `LogoutAllEnvelopeReceivers` for clearing all such cookies. Updated `DigitalData.Auth.Claims` package to version 1.0.3. Introduced new `using` directives to support the added functionality. Included XML documentation for the new endpoints to improve code clarity.
Introduced a new `EnvelopeReceiverJwt` authentication scheme to support per-envelope JWT validation using cookies specific to envelope keys. Added the `CheckEnvelopeReceiver` endpoint in `AuthController.cs` to validate these tokens, protected by the `AuthPolicy.Receiver` policy.
Configured the `EnvelopeReceiverJwt` scheme to dynamically resolve issuer signing keys and validate tokens. Enhanced `JwtBearerEvents.OnMessageReceived` to extract envelope keys from the request path and retrieve tokens from corresponding cookies.
Updated the `AuthPolicy.Receiver` policy to use the `EnvelopeReceiverJwt` scheme, ensuring isolated authentication for per-envelope scenarios. Added XML documentation for the `CheckEnvelopeReceiver` method.
Introduce a new `CheckReceiver` action method in `AuthController`.
This method is protected by the `Receiver` authorization policy
and handles GET requests to the `check-receiver/{envelopeKey}` route.
It accepts an `envelopeKey` parameter from the route and currently
returns an HTTP 200 OK response.
- Added `using DigitalData.Auth.Claims` to support claims handling.
- Improved EF Core DbContext comment for better clarity.
- Added logic to dynamically select connection strings based on
`MIGRATION_TEST_MODE` or `UseDbMigration` configuration.
- Updated `AuthPolicy.Receiver` to include the `"receiver"` role.
Added a reference to the `DigitalData.Auth.Claims` package (version 1.0.1) in the `EnvelopeGenerator.API.csproj` file. This introduces functionality related to handling authentication claims in the project.
Added SixLabors.ImageSharp (v3.1.12) as a dependency to API, Application, Infrastructure, Jobs, Tests, Web, and WorkerService projects to enable advanced image processing capabilities across the solution. This prepares the codebase for features involving image manipulation or generation.
Upgraded Microsoft.Identity.Client to version 4.82.1 in all projects, updated related assembly references and binding redirects, and ensured packages.config reflects the new version. Also updated Microsoft.IdentityModel.Abstractions to 8.14.0 and added System.Formats.Asn1 where required. These changes improve consistency and compatibility for authentication dependencies.
Upgraded HtmlSanitizer from 8.0.865 to 9.0.892 in all existing project references. Added HtmlSanitizer 9.0.892 as a new dependency to API, Infrastructure, Jobs, Tests, and WorkerService projects to ensure consistent and up-to-date usage throughout the solution.
Marked CreateAsync in ReadOnlyController as [Obsolete] to encourage use of MediatR. Simplified Flag.DataIntegrityIssue reference in EnvelopeMailService error handling.
Simplified the Get method to always require a ReadEmailTemplateQuery and CancellationToken, delegating all queries to the mediator. Removed conditional logic for handling null or missing parameters. Updated XML documentation to reflect the new method signature.
Introduced IHasChangedWhen interface to EnvelopeReceiver and History.
Added HasEmailAndName property to EnvelopeReceiver.
Updated AutoMapperAuditingExtensions to map ChangedWhen to UTC.
Removed redundant using statements and fixed formatting.
Refactored ReadEmailTemplateQuery and handler to use non-nullable EmailTemplateDto, throwing NotFoundException when no template is found. Updated namespaces and using statements for consistency. Added detailed XML docs for query properties. Controller updated to reference new query namespace.
Replaced EmailTemplateQueryBase record with IEmailTemplateQuery interface for email template queries. Updated all relevant commands, queries, and controller methods to use the new interface. Removed EmailTemplateQueryBase and migrated properties to implementing classes. Improved documentation to clarify query structure and Type property usage.
Replaced specific Update command import with general Commands namespace import to streamline access to all command classes. No functional changes made.
Refactored the EmailTemplateQuery record to EmailTemplateQueryBase across the codebase. Updated all references, method signatures, inheritance, and documentation to use the new base type. No functional changes; this improves clarity and generalization for email template queries.
- Enforce [Authorize(Policy = AuthPolicy.Sender)] on controller
- Switch to primary constructor for dependency injection
- Remove obsolete constructor and private fields
- Update method logic to use constructor parameters directly
- Improve XML documentation and code clarity
- Ensure consistent use of MediatR for command/query handling
Refactored DocumentController to use IAuthorizationService and async policy checks via IsUserInPolicyAsync instead of role checks. Implemented IAuthController interface and removed ILogger dependency. Updated usings for new authorization logic.
Refactored AuthController to implement IAuthController and expose AuthService. Removed the protected IsUserInPolicyAsync method in favor of using an extension method for policy checks. Updated the Logout logic to use the new approach. Consolidated using directives into a single line.
Introduced IAuthController with AuthService and User properties to standardize authentication handling. Added AuthorizationControllerExtensions with IsUserInPolicyAsync to simplify policy-based authorization checks. Included necessary using directives.
Deleted the AuthExtensions.cs file, which included the AuthorizePolicyAsync extension for IAuthorizationService. This method and related code were no longer needed.
Introduce IsUserInPolicyAsync for cleaner policy checks in AuthController and update Logout to use it. Adjust Logout's response type to void and improve documentation and formatting.
- Inject IAuthorizationService for flexible policy checks
- Replace role checks in Logout with async policy authorization
- Merge IsAuthenticated into Check endpoint with optional role
- Update Check response type and clean up imports
Introduced a static AuthExtensions class providing an AuthorizePolicyAsync extension method for IAuthorizationService. This method streamlines policy-based authorization checks by returning a boolean result for a given user and policy name.
Renamed receiver roles FullyAuth → Receiver.Full and PreAuth → Receiver.TFA across the codebase for improved clarity and consistency. Updated all usages, [Authorize] attributes, role checks, authentication logic, and authorization policies to use the new role names. Marked old constants as obsolete and pointed them to the new values. This change enhances code readability and groups receiver roles under the Receiver static class.
Replaced direct role-based [Authorize] attributes with named
authorization policies (e.g., AuthPolicy.Receiver,
AuthPolicy.SenderOrReceiver) in AnnotationController,
DocumentController, and ReadOnlyController. Added and registered
new policies in Program.cs and updated AuthPolicy constants.
This centralizes and simplifies authorization management.
Replaced SenderOrReceiverFullyAuth and ReceiverFullyAuth policies with more general SenderOrReceiver and Receiver policies. Updated policy definitions in AuthPolicy.cs to use nameof for clarity. Adjusted AddAuthorizationBuilder configuration and [Authorize] attributes in controllers to use the new, less restrictive policies, simplifying authorization logic.
Renamed AuthorizationPolicies to AuthPolicy and updated all references to use the new naming convention for authorization policy constants. This improves consistency and clarity across the codebase.
