TekH
6b23dcdba7
Replaced all usages of ReceiverRole with the new Role class in EnvelopeGenerator.Domain.Constants. Removed ReceiverRole.cs and added Role.cs with PreAuth and FullyAuth constants. Updated all [Authorize] attributes and role checks in controllers and authentication logic to use Role.FullyAuth and Role.PreAuth. This centralizes role management for improved maintainability and clarity.
109 lines
4.0 KiB
C#
109 lines
4.0 KiB
C#
using EnvelopeGenerator.Web.Models;
|
|
using Ganss.Xss;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Extensions.Localization;
|
|
using EnvelopeGenerator.Application.Resources;
|
|
using Microsoft.Extensions.Options;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using DigitalData.Core.Abstraction.Application.DTO;
|
|
using EnvelopeGenerator.Domain.Constants;
|
|
using EnvelopeGenerator.Web.Extensions;
|
|
using EnvelopeGenerator.Application.Common.Extensions;
|
|
using EnvelopeGenerator.Application.Common.Interfaces.Services;
|
|
|
|
namespace EnvelopeGenerator.Web.Controllers;
|
|
|
|
//TODO: Add authorization as well as limiting the link duration (intermediate token with different role) or sign it
|
|
public class TFARegController : ViewControllerBase
|
|
{
|
|
[Obsolete("Use MediatR")]
|
|
private readonly IEnvelopeReceiverService _envRcvService;
|
|
private readonly IAuthenticator _authenticator;
|
|
[Obsolete("Use MediatR")]
|
|
private readonly IReceiverService _rcvService;
|
|
private readonly TFARegParams _params;
|
|
|
|
[Obsolete("Use MediatR")]
|
|
public TFARegController(ILogger<TFARegController> logger, Cultures cultures, IStringLocalizer<Resource> localizer, IEnvelopeReceiverService erService, IAuthenticator authenticator, IReceiverService receiverService, IOptions<TFARegParams> tfaRegParamsOptions) : base(logger, cultures, localizer)
|
|
{
|
|
_envRcvService = erService;
|
|
_authenticator = authenticator;
|
|
_rcvService = receiverService;
|
|
_params = tfaRegParamsOptions.Value;
|
|
}
|
|
|
|
//TODO: move under auth route
|
|
[Authorize]
|
|
[HttpGet("tfa/{envelopeReceiverId}")]
|
|
[Obsolete("Use MediatR")]
|
|
public async Task<IActionResult> Reg(string envelopeReceiverId)
|
|
{
|
|
try
|
|
{
|
|
(string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
|
|
|
|
if (uuid is null || signature is null)
|
|
{
|
|
_logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer.WrongEnvelopeReceiverId());
|
|
return Unauthorized();
|
|
}
|
|
|
|
var er_secret_res = await _envRcvService.ReadWithSecretByUuidSignatureAsync(uuid: uuid, signature: signature);
|
|
|
|
if (er_secret_res.IsFailed)
|
|
{
|
|
_logger.LogNotice(er_secret_res.Notices);
|
|
return this.ViewEnvelopeNotFound();
|
|
}
|
|
var er_secret = er_secret_res.Data;
|
|
|
|
if (!er_secret.Envelope!.TFAEnabled)
|
|
return Unauthorized();
|
|
|
|
var rcv = er_secret.Receiver;
|
|
|
|
// Generate QR code as base 64
|
|
rcv!.TotpSecretkey = _authenticator.GenerateTotpSecretKey();
|
|
await _rcvService.UpdateAsync(rcv);
|
|
var totp_qr_64 = _authenticator.GenerateTotpQrCode(userEmail: rcv.EmailAddress, secretKey: rcv.TotpSecretkey).ToBase64String();
|
|
|
|
// Calculate RFA registiration deadline
|
|
if (rcv.TfaRegDeadline is null)
|
|
{
|
|
rcv.TfaRegDeadline = _params.Deadline;
|
|
await _rcvService.UpdateAsync(rcv);
|
|
}
|
|
else if (rcv.TfaRegDeadline <= DateTime.Now)
|
|
return View("_Expired");
|
|
|
|
ViewData["RegDeadline"] = rcv.TfaRegDeadline;
|
|
|
|
ViewData["TotpQR64"] = totp_qr_64;
|
|
|
|
return View();
|
|
}
|
|
catch(Exception ex)
|
|
{
|
|
_logger.LogEnvelopeError(envelopeReceiverId: envelopeReceiverId, exception: ex, message: _localizer.WrongEnvelopeReceiverId());
|
|
return this.ViewInnerServiceError();
|
|
}
|
|
}
|
|
|
|
[Authorize(Roles = Role.FullyAuth)]
|
|
[HttpPost("auth/logout")]
|
|
public async Task<IActionResult> LogOut()
|
|
{
|
|
try
|
|
{
|
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
return Ok();
|
|
}
|
|
catch(Exception ex)
|
|
{
|
|
_logger.LogError(ex, "{message}", ex.Message);
|
|
return this.ViewInnerServiceError();
|
|
}
|
|
}
|
|
} |