2026-01-18 11:49:29 +01:00
|
|
|
using Books.Api.Authentication;
|
|
|
|
|
using Microsoft.AspNetCore.Authentication;
|
|
|
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
|
|
|
using Microsoft.AspNetCore.Authorization;
|
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
|
|
|
|
|
|
namespace Books.Api.Controllers;
|
|
|
|
|
|
|
|
|
|
[Route("api")]
|
|
|
|
|
[ApiController]
|
|
|
|
|
public class AuthController : ControllerBase
|
|
|
|
|
{
|
|
|
|
|
[HttpGet("login")]
|
|
|
|
|
[Authorize]
|
|
|
|
|
public IActionResult Login([FromQuery] string? returnUrl)
|
|
|
|
|
{
|
|
|
|
|
// The [Authorize] attribute triggers the OIDC challenge if not authenticated.
|
|
|
|
|
// If we reach here, the user is authenticated - redirect back to the app.
|
Audit v3: VAT alignment, security, encoding, UX, compliance
VAT System Alignment (LEGAL - Critical):
- Align frontend VAT codes with backend (S25→U25, K25→I25, etc.)
- Add missing codes: UEU, IVV, IVY, REP
- Fix output VAT account 5710→5611 to match StandardDanishAccounts
- Invoice posting now checks fiscal year status before allowing send
- Disallow custom invoice number override (always use auto-numbering)
Security:
- Fix open redirect in AuthController (validate returnUrl is local)
- Store seller CVR/name/address on invoice events (Momsloven §52)
Backend Compliance:
- Add description validation at posting (Bogføringsloven §7)
- SAF-T: add DefaultCurrencyCode, TaxAccountingBasis to header
- SAF-T: add TaxTable to MasterFiles with all VAT codes
- SAF-T: always write balance elements even when zero
- Add financial income account 9100 Renteindtægter
Danish Encoding (~25 fixes):
- Kassekladde: Bogført, Bogføring, Vælg, være, på, Tilføj, Differens
- AttachmentUpload: træk, Understøtter, påkrævet, Bogføringsloven
- keyboardShortcuts: Bogfør, Bogføring display name
- ShortcutsHelpModal: åbne
- DataTable: Genindlæs
- documentProcessing: være
- CloseFiscalYearWizard: årsafslutning
Bugs Fixed:
- Non-null assertion crashes in Kunder.tsx and Produkter.tsx (company!.id)
- StatusBadge typo "Succces"→"Succes"
- HTML entity ø in Kassekladde→proper UTF-8
- AmountText showSign prop was dead code (true || showSign)
UX Improvements:
- Add PageHeader to Bankafstemning and Dashboard loading/empty states
- Responsive columns in Bankafstemning (xs/sm/lg breakpoints)
- Disable misleading buttons: Settings preferences, Kontooversigt edit,
Loenforstaelse export — with tooltips explaining status
- Add DemoDataDisclaimer to UserSettings
- Fix breadcrumb self-references on 3 pages
- Replace Dashboard fake progress bar with honest message
- Standardize date format DD-MM-YYYY in Bankafstemning and Ordrer
- Replace Input type="number" with InputNumber in Ordrer
Quality:
- Remove 8 redundant console.error statements
- Fix Kreditnotaer breadcrumb "Salg"→"Fakturering" for consistency
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 01:15:45 +01:00
|
|
|
// Validate returnUrl to prevent open redirect attacks
|
|
|
|
|
if (returnUrl != null && !Url.IsLocalUrl(returnUrl))
|
|
|
|
|
returnUrl = "/";
|
2026-01-18 11:49:29 +01:00
|
|
|
return Redirect(returnUrl ?? "/");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[HttpGet("logout")]
|
|
|
|
|
public async Task<IActionResult> Logout()
|
|
|
|
|
{
|
|
|
|
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
|
|
|
return Ok(new { message = "Logged out successfully" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[HttpGet("profile")]
|
|
|
|
|
[Authorize]
|
|
|
|
|
public IActionResult Profile()
|
|
|
|
|
{
|
|
|
|
|
var userContext = User.GetUserContext();
|
|
|
|
|
if (userContext == null)
|
|
|
|
|
{
|
|
|
|
|
return Unauthorized();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Ok(userContext);
|
|
|
|
|
}
|
|
|
|
|
}
|