1720e137f9
- TFARegController.Reg aktualisiert, um die Seite _Expired view zu senden, wenn receiver.TfaRegDeadline abläuft. - TFARegParams Klasse für TimeLimit Configuration erstellt und mit appsettings konfiguriert.
78 lines
3.0 KiB
C#
78 lines
3.0 KiB
C#
using EnvelopeGenerator.Application.Contracts;
|
|
using EnvelopeGenerator.Web.Models;
|
|
using Ganss.Xss;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using EnvelopeGenerator.Extensions;
|
|
using Microsoft.Extensions.Localization;
|
|
using EnvelopeGenerator.Application.Resources;
|
|
using DigitalData.Core.DTO;
|
|
using EnvelopeGenerator.Application.Extensions;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace EnvelopeGenerator.Web.Controllers;
|
|
|
|
//TODO: Add authorization as well as limiting the link duration (intermediate token with different role) or sign it
|
|
[Route("tfa")]
|
|
public class TFARegController : ViewControllerBase
|
|
{
|
|
private readonly IEnvelopeReceiverService _envRcvService;
|
|
private readonly IAuthenticator _authenticator;
|
|
private readonly IReceiverService _rcvService;
|
|
private readonly TFARegParams _params;
|
|
|
|
public TFARegController(ILogger<TFARegController> logger, HtmlSanitizer sanitizer, Cultures cultures, IStringLocalizer<Resource> localizer, IEnvelopeReceiverService erService, IAuthenticator authenticator, IReceiverService receiverService, IOptions<TFARegParams> tfaRegParamsOptions) : base(logger, sanitizer, cultures, localizer)
|
|
{
|
|
_envRcvService = erService;
|
|
_authenticator = authenticator;
|
|
_rcvService = receiverService;
|
|
_params = tfaRegParamsOptions.Value;
|
|
}
|
|
|
|
[HttpGet("{envelopeReceiverId}")]
|
|
public async Task<IActionResult> Reg(string envelopeReceiverId)
|
|
{
|
|
envelopeReceiverId = _sanitizer.Sanitize(envelopeReceiverId);
|
|
(string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
|
|
|
|
if (uuid is null || signature is null)
|
|
{
|
|
_logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer[WebKey.WrongEnvelopeReceiverId]);
|
|
return Unauthorized();
|
|
}
|
|
|
|
var er_secret_res = await _envRcvService.ReadWithSecretByUuidSignatureAsync(uuid: uuid, signature: signature);
|
|
|
|
if (er_secret_res.IsFailed)
|
|
{
|
|
_logger.LogNotice(er_secret_res.Notices);
|
|
return this.ViewEnvelopeNotFound();
|
|
}
|
|
var er_secret = er_secret_res.Data;
|
|
|
|
if (!er_secret.Envelope!.TFAEnabled)
|
|
return Unauthorized();
|
|
|
|
var rcv = er_secret.Receiver;
|
|
|
|
// Generate QR code as base 64
|
|
rcv!.TotpSecretkey = _authenticator.GenerateTotpSecretKey();
|
|
rcv.TotpExpiration = DateTime.Now.AddMonths(1);
|
|
await _rcvService.UpdateAsync(rcv);
|
|
var totp_qr_64 = _authenticator.GenerateTotpQrCode(userEmail: rcv.EmailAddress, secretKey: rcv.TotpSecretkey).ToBase64String();
|
|
|
|
// Calculate RFA registiration deadline
|
|
if(rcv.TfaRegDeadline is null)
|
|
{
|
|
rcv.TfaRegDeadline = _params.Deadline;
|
|
await _rcvService.UpdateAsync(rcv);
|
|
}
|
|
else if(rcv.TfaRegDeadline <= DateTime.Now)
|
|
return View("_Expired");
|
|
|
|
ViewData["RegDeadline"] = rcv.TfaRegDeadline;
|
|
|
|
ViewData["TotpQR64"] = totp_qr_64;
|
|
|
|
return View();
|
|
}
|
|
} |