TekH
ebed51b46a
Renamed receiver roles FullyAuth → Receiver.Full and PreAuth → Receiver.TFA across the codebase for improved clarity and consistency. Updated all usages, [Authorize] attributes, role checks, authentication logic, and authorization policies to use the new role names. Marked old constants as obsolete and pointed them to the new values. This change enhances code readability and groups receiver roles under the Receiver static class.
109 lines
4.0 KiB
C#
109 lines
4.0 KiB
C#
using EnvelopeGenerator.Web.Models;
|
|
using Ganss.Xss;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.Extensions.Localization;
|
|
using EnvelopeGenerator.Application.Resources;
|
|
using Microsoft.Extensions.Options;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using DigitalData.Core.Abstraction.Application.DTO;
|
|
using EnvelopeGenerator.Domain.Constants;
|
|
using EnvelopeGenerator.Web.Extensions;
|
|
using EnvelopeGenerator.Application.Common.Extensions;
|
|
using EnvelopeGenerator.Application.Common.Interfaces.Services;
|
|
|
|
namespace EnvelopeGenerator.Web.Controllers;
|
|
|
|
//TODO: Add authorization as well as limiting the link duration (intermediate token with different role) or sign it
|
|
public class TFARegController : ViewControllerBase
|
|
{
|
|
[Obsolete("Use MediatR")]
|
|
private readonly IEnvelopeReceiverService _envRcvService;
|
|
private readonly IAuthenticator _authenticator;
|
|
[Obsolete("Use MediatR")]
|
|
private readonly IReceiverService _rcvService;
|
|
private readonly TFARegParams _params;
|
|
|
|
[Obsolete("Use MediatR")]
|
|
public TFARegController(ILogger<TFARegController> logger, Cultures cultures, IStringLocalizer<Resource> localizer, IEnvelopeReceiverService erService, IAuthenticator authenticator, IReceiverService receiverService, IOptions<TFARegParams> tfaRegParamsOptions) : base(logger, cultures, localizer)
|
|
{
|
|
_envRcvService = erService;
|
|
_authenticator = authenticator;
|
|
_rcvService = receiverService;
|
|
_params = tfaRegParamsOptions.Value;
|
|
}
|
|
|
|
//TODO: move under auth route
|
|
[Authorize]
|
|
[HttpGet("tfa/{envelopeReceiverId}")]
|
|
[Obsolete("Use MediatR")]
|
|
public async Task<IActionResult> Reg(string envelopeReceiverId)
|
|
{
|
|
try
|
|
{
|
|
(string? uuid, string? signature) = envelopeReceiverId.DecodeEnvelopeReceiverId();
|
|
|
|
if (uuid is null || signature is null)
|
|
{
|
|
_logger.LogEnvelopeError(uuid: uuid, signature: signature, message: _localizer.WrongEnvelopeReceiverId());
|
|
return Unauthorized();
|
|
}
|
|
|
|
var er_secret_res = await _envRcvService.ReadWithSecretByUuidSignatureAsync(uuid: uuid, signature: signature);
|
|
|
|
if (er_secret_res.IsFailed)
|
|
{
|
|
_logger.LogNotice(er_secret_res.Notices);
|
|
return this.ViewEnvelopeNotFound();
|
|
}
|
|
var er_secret = er_secret_res.Data;
|
|
|
|
if (!er_secret.Envelope!.TFAEnabled)
|
|
return Unauthorized();
|
|
|
|
var rcv = er_secret.Receiver;
|
|
|
|
// Generate QR code as base 64
|
|
rcv!.TotpSecretkey = _authenticator.GenerateTotpSecretKey();
|
|
await _rcvService.UpdateAsync(rcv);
|
|
var totp_qr_64 = _authenticator.GenerateTotpQrCode(userEmail: rcv.EmailAddress, secretKey: rcv.TotpSecretkey).ToBase64String();
|
|
|
|
// Calculate RFA registiration deadline
|
|
if (rcv.TfaRegDeadline is null)
|
|
{
|
|
rcv.TfaRegDeadline = _params.Deadline;
|
|
await _rcvService.UpdateAsync(rcv);
|
|
}
|
|
else if (rcv.TfaRegDeadline <= DateTime.Now)
|
|
return View("_Expired");
|
|
|
|
ViewData["RegDeadline"] = rcv.TfaRegDeadline;
|
|
|
|
ViewData["TotpQR64"] = totp_qr_64;
|
|
|
|
return View();
|
|
}
|
|
catch(Exception ex)
|
|
{
|
|
_logger.LogEnvelopeError(envelopeReceiverId: envelopeReceiverId, exception: ex, message: _localizer.WrongEnvelopeReceiverId());
|
|
return this.ViewInnerServiceError();
|
|
}
|
|
}
|
|
|
|
[Authorize(Roles = Role.ReceiverFull)]
|
|
[HttpPost("auth/logout")]
|
|
public async Task<IActionResult> LogOut()
|
|
{
|
|
try
|
|
{
|
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
return Ok();
|
|
}
|
|
catch(Exception ex)
|
|
{
|
|
_logger.LogError(ex, "{message}", ex.Message);
|
|
return this.ViewInnerServiceError();
|
|
}
|
|
}
|
|
} |