Nicolaj Hartmann
1a0922b778
VAT System Alignment (LEGAL - Critical): - Align frontend VAT codes with backend (S25→U25, K25→I25, etc.) - Add missing codes: UEU, IVV, IVY, REP - Fix output VAT account 5710→5611 to match StandardDanishAccounts - Invoice posting now checks fiscal year status before allowing send - Disallow custom invoice number override (always use auto-numbering) Security: - Fix open redirect in AuthController (validate returnUrl is local) - Store seller CVR/name/address on invoice events (Momsloven §52) Backend Compliance: - Add description validation at posting (Bogføringsloven §7) - SAF-T: add DefaultCurrencyCode, TaxAccountingBasis to header - SAF-T: add TaxTable to MasterFiles with all VAT codes - SAF-T: always write balance elements even when zero - Add financial income account 9100 Renteindtægter Danish Encoding (~25 fixes): - Kassekladde: Bogført, Bogføring, Vælg, være, på, Tilføj, Differens - AttachmentUpload: træk, Understøtter, påkrævet, Bogføringsloven - keyboardShortcuts: Bogfør, Bogføring display name - ShortcutsHelpModal: åbne - DataTable: Genindlæs - documentProcessing: være - CloseFiscalYearWizard: årsafslutning Bugs Fixed: - Non-null assertion crashes in Kunder.tsx and Produkter.tsx (company!.id) - StatusBadge typo "Succces"→"Succes" - HTML entity ø in Kassekladde→proper UTF-8 - AmountText showSign prop was dead code (true || showSign) UX Improvements: - Add PageHeader to Bankafstemning and Dashboard loading/empty states - Responsive columns in Bankafstemning (xs/sm/lg breakpoints) - Disable misleading buttons: Settings preferences, Kontooversigt edit, Loenforstaelse export — with tooltips explaining status - Add DemoDataDisclaimer to UserSettings - Fix breadcrumb self-references on 3 pages - Replace Dashboard fake progress bar with honest message - Standardize date format DD-MM-YYYY in Bankafstemning and Ordrer - Replace Input type="number" with InputNumber in Ordrer Quality: - Remove 8 redundant console.error statements - Fix Kreditnotaer breadcrumb "Salg"→"Fakturering" for consistency Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
44 lines
1.3 KiB
C#
44 lines
1.3 KiB
C#
using Books.Api.Authentication;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace Books.Api.Controllers;
|
|
|
|
[Route("api")]
|
|
[ApiController]
|
|
public class AuthController : ControllerBase
|
|
{
|
|
[HttpGet("login")]
|
|
[Authorize]
|
|
public IActionResult Login([FromQuery] string? returnUrl)
|
|
{
|
|
// The [Authorize] attribute triggers the OIDC challenge if not authenticated.
|
|
// If we reach here, the user is authenticated - redirect back to the app.
|
|
// Validate returnUrl to prevent open redirect attacks
|
|
if (returnUrl != null && !Url.IsLocalUrl(returnUrl))
|
|
returnUrl = "/";
|
|
return Redirect(returnUrl ?? "/");
|
|
}
|
|
|
|
[HttpGet("logout")]
|
|
public async Task<IActionResult> Logout()
|
|
{
|
|
await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
|
return Ok(new { message = "Logged out successfully" });
|
|
}
|
|
|
|
[HttpGet("profile")]
|
|
[Authorize]
|
|
public IActionResult Profile()
|
|
{
|
|
var userContext = User.GetUserContext();
|
|
if (userContext == null)
|
|
{
|
|
return Unauthorized();
|
|
}
|
|
|
|
return Ok(userContext);
|
|
}
|
|
}
|