From 18fe6822d46fa98045539d08d102c5416a51d37a Mon Sep 17 00:00:00 2001 From: Astrian Zheng Date: Thu, 12 Oct 2023 10:52:50 +1100 Subject: [PATCH] Verify input when upload image --- .../Controllers/HomeController.cs | 105 +++++++++++++----- FIT5032-Assignment/Models/ImageUploadForm.cs | 1 + .../Views/Home/ImageUpload.cshtml | 2 +- 3 files changed, 82 insertions(+), 26 deletions(-) diff --git a/FIT5032-Assignment/Controllers/HomeController.cs b/FIT5032-Assignment/Controllers/HomeController.cs index f0c4249..5cddd30 100644 --- a/FIT5032-Assignment/Controllers/HomeController.cs +++ b/FIT5032-Assignment/Controllers/HomeController.cs @@ -20,6 +20,7 @@ using System.Net.Http; using System.Threading.Tasks; using Newtonsoft.Json; using System.Net.Http.Headers; +using System.Dynamic; namespace FIT5032_Assignment.Controllers { @@ -32,6 +33,15 @@ namespace FIT5032_Assignment.Controllers { public string Email { get; set; } } + public class PassageUserFindReply { + public int Total_Users { get; set; } + public List Users { get; set; } + } + + public class PassageUserFindReplyUser { + public string Id { get; set; } + } + // Database public class Database1Entities : DbContext { public DbSet Users { get; set; } @@ -65,7 +75,7 @@ namespace FIT5032_Assignment.Controllers { return new RsaSecurityKey(rsa); } - private String loginVerify(string token) { + private String psgCredentialVerify(string token) { var jwtHandler = new JwtSecurityTokenHandler(); var jwtToken = jwtHandler.ReadJwtToken(token); @@ -107,7 +117,21 @@ namespace FIT5032_Assignment.Controllers { return sub; } - + private Users loginInfo(string user) { + var db = new Database1Entities(); + var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0)); + if (credential.Count() == 0) { + return null; + } else { + var userUuid = credential.First().user; + var dbUser = db.Users.Where(res => res.uuid == userUuid); + if (dbUser.Count() == 0) { + return null; + } else { + return dbUser.First(); + } + } + } private Database1Entities db = new Database1Entities(); private string GenerateRandomString(int length) { @@ -128,7 +152,7 @@ namespace FIT5032_Assignment.Controllers { public ActionResult Index() { // If user logged in, show user name if (Request.Cookies["psg_auth_token"] != null) { - var user = loginVerify(Request.Cookies["psg_auth_token"].Value); + var user = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value); if (user != null) { var db = new Database1Entities(); var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0)); @@ -155,7 +179,7 @@ namespace FIT5032_Assignment.Controllers { var psg_auth_token = Request.Cookies["psg_auth_token"]; Trace.WriteLine(psg_auth_token.Value); // JWT Verify - string sub = loginVerify(psg_auth_token.Value); + string sub = psgCredentialVerify(psg_auth_token.Value); if (sub == null) { return RedirectToAction("Login"); } else { @@ -181,7 +205,7 @@ namespace FIT5032_Assignment.Controllers { // Verify user is logged in var psg_auth_token = Request.Cookies["psg_auth_token"]; - var user = loginVerify(psg_auth_token.Value); + var user = psgCredentialVerify(psg_auth_token.Value); if (user == null) { return RedirectToAction("Login"); } @@ -254,7 +278,7 @@ namespace FIT5032_Assignment.Controllers { // Redirect to home page return RedirectToAction("Index"); } - var user = loginVerify(Request.Cookies["psg_auth_token"].Value); + var user = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value); if (user == null) { // Redirect to home page return RedirectToAction("Index"); @@ -280,29 +304,60 @@ namespace FIT5032_Assignment.Controllers { public ActionResult ImageUpload(Models.ImageUploadForm model) { try { if (Request.Cookies["psg_auth_token"] == null) { - // Redirect to home page - return new HttpStatusCodeResult(HttpStatusCode.Forbidden); + // Return 401 error + return new HttpStatusCodeResult(HttpStatusCode.Unauthorized); } - var user = loginVerify(Request.Cookies["psg_auth_token"].Value); - if (user == null) { - // Redirect to home page - return new HttpStatusCodeResult(HttpStatusCode.Forbidden); - } else { - // Detect if user is doctor or patient - var db = new Database1Entities(); - var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0)); - if (credential.Count() == 0) { - // return error 403 - return new HttpStatusCodeResult(HttpStatusCode.Forbidden); - } - var dbUser = db.Users.Where(res => res.uuid == credential.First().user); - // print dbUser - Trace.WriteLine(dbUser.First()); - return View(); + var userCre = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value); + var user = loginInfo(userCre); + if (user.role != 2) { + // Return 403 error if user is not doctor + return new HttpStatusCodeResult(HttpStatusCode.Forbidden) ; } + + // check recived items + if (!ModelState.IsValid) { + ModelState.AddModelError("patientEmail", "Form not valid"); + return View(model); + } + + // check uploaded file + if (model.imageFile == null) { + ModelState.AddModelError("imageFile", "Please upload a file"); + return View(model); + } + // check format: png, jpg + if (model.imageFile.ContentType != "image/png" && model.imageFile.ContentType != "image/jpeg") { + ModelState.AddModelError("imageFile", "Please upload a png or jpg file"); + return View(model); + } + + // Check if the email have a patient profile + var db = new Database1Entities(); + // Find the account associated with the email + var app_id = "ZHM5whW5xsZEczTn2loffzjN"; + var url = $"https://api.passage.id/v1/apps/{app_id}/users?identifier={model.patientEmail}"; + var res = httpClient.GetStringAsync(url).Result; + if (JsonConvert.DeserializeObject(res).Total_Users == 0) { + ModelState.AddModelError("patientEmail", "No patient found"); + return View(model); + } + var patientId = JsonConvert.DeserializeObject(res).Users[0].Id; + var patientCredential = db.Credentials.Where(c => (c.uniqueIdCode == patientId) && (c.provider == 0)); + if (patientCredential.Count() == 0) { + ModelState.AddModelError("patientEmail", "No patient found"); + return View(model); + } + var patientUuid = patientCredential.First().user; + var patient = db.Users.Where(u => u.uuid == patientUuid); + if (patient.Count() == 0 || patient.First().role != 1) { + ModelState.AddModelError("patientEmail", "No patient found"); + return View(model); + } + + return View(); } catch (Exception e) { Trace.WriteLine(e); - return RedirectToAction("Index"); + return new HttpStatusCodeResult(HttpStatusCode.BadGateway); } } } diff --git a/FIT5032-Assignment/Models/ImageUploadForm.cs b/FIT5032-Assignment/Models/ImageUploadForm.cs index 697096e..e605cc3 100644 --- a/FIT5032-Assignment/Models/ImageUploadForm.cs +++ b/FIT5032-Assignment/Models/ImageUploadForm.cs @@ -5,6 +5,7 @@ namespace FIT5032_Assignment.Models { public class ImageUploadForm { [Required] [Display(Name = "Assign to patient (email)")] + [EmailAddress] public string patientEmail { get; set; } [Required] diff --git a/FIT5032-Assignment/Views/Home/ImageUpload.cshtml b/FIT5032-Assignment/Views/Home/ImageUpload.cshtml index cb4928e..dab88e7 100644 --- a/FIT5032-Assignment/Views/Home/ImageUpload.cshtml +++ b/FIT5032-Assignment/Views/Home/ImageUpload.cshtml @@ -23,7 +23,7 @@
@Html.LabelFor(model => model.imageFile, htmlAttributes: new { @class = "control-label col-md-2" })
- + @Html.ValidationMessageFor(model => model.imageFile, "", new { @class = "text-danger" })