update SendAuthenticationQuery to use EmailHashes and perform validation

2026-02-08 12:40:08 +00:00 · 2026-01-21 09:09:57 -07:00
parent 584d6baef2
commit 6b6dd28a9e
4 changed files with 12 additions and 24 deletions
--- a/src/Api/Tools/Controllers/SendsController.cs
+++ b/src/Api/Tools/Controllers/SendsController.cs
@@ -239,12 +239,6 @@ public class SendsController : Controller
        {
            throw new BadRequestException("Could not locate send");
        }
-        if (send.MaxAccessCount.GetValueOrDefault(int.MaxValue) <= send.AccessCount ||
-            send.ExpirationDate.GetValueOrDefault(DateTime.MaxValue) < DateTime.UtcNow || send.Disabled ||
-            send.DeletionDate < DateTime.UtcNow)
-        {
-            throw new NotFoundException();
-        }

        var sendResponse = new SendAccessResponseModel(send);
        if (send.UserId.HasValue && !send.HideEmail.GetValueOrDefault())
@@ -272,12 +266,6 @@ public class SendsController : Controller
        {
            throw new BadRequestException("Could not locate send");
        }
-        if (send.MaxAccessCount.GetValueOrDefault(int.MaxValue) <= send.AccessCount ||
-            send.ExpirationDate.GetValueOrDefault(DateTime.MaxValue) < DateTime.UtcNow || send.Disabled ||
-            send.DeletionDate < DateTime.UtcNow)
-        {
-            throw new NotFoundException();
-        }

        var url = await _sendFileStorageService.GetSendFileDownloadUrlAsync(send, fileId);

--- a/src/Api/Tools/Models/Response/SendResponseModel.cs
+++ b/src/Api/Tools/Models/Response/SendResponseModel.cs
@@ -47,7 +47,6 @@ public class SendResponseModel : ResponseModel
        DeletionDate = send.DeletionDate;
        Password = send.Password;
        Emails = send.Emails;
-        EmailHashes = send.EmailHashes;
        Disabled = send.Disabled;
        HideEmail = send.HideEmail.GetValueOrDefault();

@@ -155,12 +154,6 @@ public class SendResponseModel : ResponseModel
    /// </summary>
    public string Emails { get; set; }

-    /// <summary>
-    /// Comma-separated list of email **hashes**  that may access the send using OTP
-    /// authentication. Mutually exclusive with <see cref="Password"/>.
-    /// </summary>
-    public string EmailHashes { get; set; }
-
    /// <summary>
    /// When <see langword="true"/>, send access is disabled.
    /// </summary>
--- a/src/Core/Tools/Models/Data/SendAuthenticationTypes.cs
+++ b/src/Core/Tools/Models/Data/SendAuthenticationTypes.cs
@@ -45,6 +45,6 @@ public record ResourcePassword(string Hash) : SendAuthenticationMethod;
 /// Create a send claim by requesting a one time password (OTP) confirmation code.
 /// </summary>
 /// <param name="Emails">
-/// The list of email addresses permitted access to the send.
+/// The list of email address **hashes**  permitted access to the send.
 /// </param>
 public record EmailOtp(string[] Emails) : SendAuthenticationMethod;
--- a/src/Core/Tools/SendFeatures/Queries/SendAuthenticationQuery.cs
+++ b/src/Core/Tools/SendFeatures/Queries/SendAuthenticationQuery.cs
@@ -37,8 +37,11 @@ public class SendAuthenticationQuery : ISendAuthenticationQuery
        SendAuthenticationMethod method = send switch
        {
            null => NEVER_AUTHENTICATE,
-            var s when s.AccessCount >= s.MaxAccessCount => NEVER_AUTHENTICATE,
-            var s when s.AuthType == AuthType.Email && s.Emails is not null => emailOtp(s.Emails),
+            var s when s.Disabled => NEVER_AUTHENTICATE,
+            var s when s.AccessCount >= s.MaxAccessCount.GetValueOrDefault(int.MaxValue) => NEVER_AUTHENTICATE,
+            var s when s.ExpirationDate.GetValueOrDefault(DateTime.MaxValue) < DateTime.UtcNow => NEVER_AUTHENTICATE,
+            var s when s.DeletionDate <= DateTime.UtcNow => NEVER_AUTHENTICATE,
+            var s when s.AuthType == AuthType.Email && s.EmailHashes is not null => EmailOtp(s.EmailHashes),
            var s when s.AuthType == AuthType.Password && s.Password is not null => new ResourcePassword(s.Password),
            _ => NOT_AUTHENTICATED
        };
@@ -46,9 +49,13 @@ public class SendAuthenticationQuery : ISendAuthenticationQuery
        return method;
    }

-    private EmailOtp emailOtp(string emails)
+    private static EmailOtp EmailOtp(string? emailHashes)
    {
-        var list = emails.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
+        if (string.IsNullOrWhiteSpace(emailHashes))
+        {
+            return new EmailOtp([]);
+        }
+        var list = emailHashes.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
        return new EmailOtp(list);
    }
 }