TekH
5d65f58a55
- Added `HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme)` to `CreateOrUpdate` and `Reject` endpoints in `EnvelopeController` - Ensures user session is cleared after completing or rejecting envelope actions - Updated using directives to include `Microsoft.AspNetCore.Authentication` and `Microsoft.AspNetCore.Authentication.Cookies`
111 lines
4.2 KiB
C#
111 lines
4.2 KiB
C#
using DigitalData.Core.Abstraction.Application.DTO;
|
|
using DigitalData.Core.Exceptions;
|
|
using EnvelopeGenerator.Application.Common.Extensions;
|
|
using EnvelopeGenerator.Application.Common.Interfaces.Services;
|
|
using EnvelopeGenerator.Application.Common.Notifications.DocSigned;
|
|
using EnvelopeGenerator.Application.EnvelopeReceivers.Queries;
|
|
using EnvelopeGenerator.Domain.Constants;
|
|
using EnvelopeGenerator.Web.Extensions;
|
|
using MediatR;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using System.Dynamic;
|
|
|
|
namespace EnvelopeGenerator.Web.Controllers;
|
|
|
|
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
|
[ApiController]
|
|
[Route("api/[controller]")]
|
|
public class EnvelopeController : ControllerBase
|
|
{
|
|
[Obsolete("Use MediatR")]
|
|
private readonly IEnvelopeHistoryService _histService;
|
|
[Obsolete("Use MediatR")]
|
|
private readonly IEnvelopeReceiverService _envRcvService;
|
|
|
|
private readonly IMediator _mediator;
|
|
|
|
private readonly ILogger<EnvelopeController> _logger;
|
|
|
|
[Obsolete("Use MediatR")]
|
|
public EnvelopeController(
|
|
ILogger<EnvelopeController> logger,
|
|
IEnvelopeHistoryService envelopeHistoryService,
|
|
IEnvelopeReceiverService envelopeReceiverService,
|
|
IMediator mediator)
|
|
{
|
|
_histService = envelopeHistoryService;
|
|
_envRcvService = envelopeReceiverService;
|
|
_mediator = mediator;
|
|
_logger = logger;
|
|
}
|
|
|
|
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
|
[HttpPost]
|
|
public async Task<IActionResult> CreateOrUpdate([FromBody] ExpandoObject annotations, CancellationToken cancel = default)
|
|
{
|
|
// get claims
|
|
var signature = User.GetAuthReceiverSignature();
|
|
var uuid = User.GetAuthEnvelopeUuid();
|
|
|
|
if (signature is null || uuid is null)
|
|
{
|
|
_logger.LogError("Authorization failed: authenticated user does not have a valid signature or envelope UUID.");
|
|
return Unauthorized("User authentication is incomplete. Missing required claims for processing this request.");
|
|
}
|
|
|
|
// Again check if receiver has already signed
|
|
if (await _mediator.IsSignedAsync(uuid, signature, cancel))
|
|
return Problem(statusCode: 403);
|
|
|
|
var docSignedNotification = await _mediator
|
|
.ReadEnvelopeReceiverAsync(uuid, signature, cancel)
|
|
.ToDocSignedNotification(annotations)
|
|
?? throw new NotFoundException("Envelope receiver is not found.");
|
|
|
|
await _mediator.Publish(docSignedNotification, cancel);
|
|
|
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
|
|
return Ok();
|
|
}
|
|
|
|
[Authorize(Roles = ReceiverRole.FullyAuth)]
|
|
[HttpPost("reject")]
|
|
[Obsolete("Use DigitalData.Core.Exceptions and .Middleware")]
|
|
public async Task<IActionResult> Reject([FromBody] string? reason = null)
|
|
{
|
|
var signature = User.GetAuthReceiverSignature();
|
|
var uuid = User.GetAuthEnvelopeUuid();
|
|
var mail = User.GetAuthReceiverMail();
|
|
if (uuid is null || signature is null || mail is null)
|
|
{
|
|
_logger.LogEnvelopeError(uuid: uuid, signature: signature,
|
|
message: @$"Unauthorized POST request in api\envelope\reject. One of claims, Envelope, signature or mail ({mail}) is null.");
|
|
return Unauthorized();
|
|
}
|
|
|
|
var envRcvRes = await _envRcvService.ReadByUuidSignatureAsync(uuid: uuid, signature: signature);
|
|
|
|
if (envRcvRes.IsFailed)
|
|
{
|
|
_logger.LogNotice(envRcvRes.Notices);
|
|
return Unauthorized("you are not authirized");
|
|
}
|
|
|
|
var histRes = await _histService.RecordAsync(envRcvRes.Data.EnvelopeId, userReference: mail, EnvelopeStatus.DocumentRejected, comment: reason);
|
|
if (histRes.IsSuccess)
|
|
{
|
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
return NoContent();
|
|
}
|
|
else
|
|
{
|
|
_logger.LogEnvelopeError(uuid: uuid, signature: signature, message: "Unexpected error happend in api/envelope/reject");
|
|
_logger.LogNotice(histRes.Notices);
|
|
return StatusCode(500, histRes.Messages);
|
|
}
|
|
}
|
|
} |