Verify input when upload image
This commit is contained in:
parent
76999b805d
commit
18fe6822d4
|
|
@ -20,6 +20,7 @@ using System.Net.Http;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Newtonsoft.Json;
|
using Newtonsoft.Json;
|
||||||
using System.Net.Http.Headers;
|
using System.Net.Http.Headers;
|
||||||
|
using System.Dynamic;
|
||||||
|
|
||||||
namespace FIT5032_Assignment.Controllers {
|
namespace FIT5032_Assignment.Controllers {
|
||||||
|
|
||||||
|
|
@ -32,6 +33,15 @@ namespace FIT5032_Assignment.Controllers {
|
||||||
public string Email { get; set; }
|
public string Email { get; set; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public class PassageUserFindReply {
|
||||||
|
public int Total_Users { get; set; }
|
||||||
|
public List<PassageUserFindReplyUser> Users { get; set; }
|
||||||
|
}
|
||||||
|
|
||||||
|
public class PassageUserFindReplyUser {
|
||||||
|
public string Id { get; set; }
|
||||||
|
}
|
||||||
|
|
||||||
// Database
|
// Database
|
||||||
public class Database1Entities : DbContext {
|
public class Database1Entities : DbContext {
|
||||||
public DbSet<Users> Users { get; set; }
|
public DbSet<Users> Users { get; set; }
|
||||||
|
|
@ -65,7 +75,7 @@ namespace FIT5032_Assignment.Controllers {
|
||||||
|
|
||||||
return new RsaSecurityKey(rsa);
|
return new RsaSecurityKey(rsa);
|
||||||
}
|
}
|
||||||
private String loginVerify(string token) {
|
private String psgCredentialVerify(string token) {
|
||||||
|
|
||||||
var jwtHandler = new JwtSecurityTokenHandler();
|
var jwtHandler = new JwtSecurityTokenHandler();
|
||||||
var jwtToken = jwtHandler.ReadJwtToken(token);
|
var jwtToken = jwtHandler.ReadJwtToken(token);
|
||||||
|
|
@ -107,7 +117,21 @@ namespace FIT5032_Assignment.Controllers {
|
||||||
|
|
||||||
return sub;
|
return sub;
|
||||||
}
|
}
|
||||||
|
private Users loginInfo(string user) {
|
||||||
|
var db = new Database1Entities();
|
||||||
|
var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
|
||||||
|
if (credential.Count() == 0) {
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
var userUuid = credential.First().user;
|
||||||
|
var dbUser = db.Users.Where(res => res.uuid == userUuid);
|
||||||
|
if (dbUser.Count() == 0) {
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
return dbUser.First();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
private Database1Entities db = new Database1Entities();
|
private Database1Entities db = new Database1Entities();
|
||||||
|
|
||||||
private string GenerateRandomString(int length) {
|
private string GenerateRandomString(int length) {
|
||||||
|
|
@ -128,7 +152,7 @@ namespace FIT5032_Assignment.Controllers {
|
||||||
public ActionResult Index() {
|
public ActionResult Index() {
|
||||||
// If user logged in, show user name
|
// If user logged in, show user name
|
||||||
if (Request.Cookies["psg_auth_token"] != null) {
|
if (Request.Cookies["psg_auth_token"] != null) {
|
||||||
var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
|
var user = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value);
|
||||||
if (user != null) {
|
if (user != null) {
|
||||||
var db = new Database1Entities();
|
var db = new Database1Entities();
|
||||||
var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
|
var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
|
||||||
|
|
@ -155,7 +179,7 @@ namespace FIT5032_Assignment.Controllers {
|
||||||
var psg_auth_token = Request.Cookies["psg_auth_token"];
|
var psg_auth_token = Request.Cookies["psg_auth_token"];
|
||||||
Trace.WriteLine(psg_auth_token.Value);
|
Trace.WriteLine(psg_auth_token.Value);
|
||||||
// JWT Verify
|
// JWT Verify
|
||||||
string sub = loginVerify(psg_auth_token.Value);
|
string sub = psgCredentialVerify(psg_auth_token.Value);
|
||||||
if (sub == null) {
|
if (sub == null) {
|
||||||
return RedirectToAction("Login");
|
return RedirectToAction("Login");
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -181,7 +205,7 @@ namespace FIT5032_Assignment.Controllers {
|
||||||
|
|
||||||
// Verify user is logged in
|
// Verify user is logged in
|
||||||
var psg_auth_token = Request.Cookies["psg_auth_token"];
|
var psg_auth_token = Request.Cookies["psg_auth_token"];
|
||||||
var user = loginVerify(psg_auth_token.Value);
|
var user = psgCredentialVerify(psg_auth_token.Value);
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
return RedirectToAction("Login");
|
return RedirectToAction("Login");
|
||||||
}
|
}
|
||||||
|
|
@ -254,7 +278,7 @@ namespace FIT5032_Assignment.Controllers {
|
||||||
// Redirect to home page
|
// Redirect to home page
|
||||||
return RedirectToAction("Index");
|
return RedirectToAction("Index");
|
||||||
}
|
}
|
||||||
var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
|
var user = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value);
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
// Redirect to home page
|
// Redirect to home page
|
||||||
return RedirectToAction("Index");
|
return RedirectToAction("Index");
|
||||||
|
|
@ -280,29 +304,60 @@ namespace FIT5032_Assignment.Controllers {
|
||||||
public ActionResult ImageUpload(Models.ImageUploadForm model) {
|
public ActionResult ImageUpload(Models.ImageUploadForm model) {
|
||||||
try {
|
try {
|
||||||
if (Request.Cookies["psg_auth_token"] == null) {
|
if (Request.Cookies["psg_auth_token"] == null) {
|
||||||
// Redirect to home page
|
// Return 401 error
|
||||||
return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
|
return new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
|
||||||
}
|
}
|
||||||
var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
|
var userCre = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value);
|
||||||
if (user == null) {
|
var user = loginInfo(userCre);
|
||||||
// Redirect to home page
|
if (user.role != 2) {
|
||||||
return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
|
// Return 403 error if user is not doctor
|
||||||
} else {
|
return new HttpStatusCodeResult(HttpStatusCode.Forbidden) ;
|
||||||
// Detect if user is doctor or patient
|
}
|
||||||
|
|
||||||
|
// check recived items
|
||||||
|
if (!ModelState.IsValid) {
|
||||||
|
ModelState.AddModelError("patientEmail", "Form not valid");
|
||||||
|
return View(model);
|
||||||
|
}
|
||||||
|
|
||||||
|
// check uploaded file
|
||||||
|
if (model.imageFile == null) {
|
||||||
|
ModelState.AddModelError("imageFile", "Please upload a file");
|
||||||
|
return View(model);
|
||||||
|
}
|
||||||
|
// check format: png, jpg
|
||||||
|
if (model.imageFile.ContentType != "image/png" && model.imageFile.ContentType != "image/jpeg") {
|
||||||
|
ModelState.AddModelError("imageFile", "Please upload a png or jpg file");
|
||||||
|
return View(model);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check if the email have a patient profile
|
||||||
var db = new Database1Entities();
|
var db = new Database1Entities();
|
||||||
var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
|
// Find the account associated with the email
|
||||||
if (credential.Count() == 0) {
|
var app_id = "ZHM5whW5xsZEczTn2loffzjN";
|
||||||
// return error 403
|
var url = $"https://api.passage.id/v1/apps/{app_id}/users?identifier={model.patientEmail}";
|
||||||
return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
|
var res = httpClient.GetStringAsync(url).Result;
|
||||||
|
if (JsonConvert.DeserializeObject<PassageUserFindReply>(res).Total_Users == 0) {
|
||||||
|
ModelState.AddModelError("patientEmail", "No patient found");
|
||||||
|
return View(model);
|
||||||
}
|
}
|
||||||
var dbUser = db.Users.Where(res => res.uuid == credential.First().user);
|
var patientId = JsonConvert.DeserializeObject<PassageUserFindReply>(res).Users[0].Id;
|
||||||
// print dbUser
|
var patientCredential = db.Credentials.Where(c => (c.uniqueIdCode == patientId) && (c.provider == 0));
|
||||||
Trace.WriteLine(dbUser.First());
|
if (patientCredential.Count() == 0) {
|
||||||
|
ModelState.AddModelError("patientEmail", "No patient found");
|
||||||
|
return View(model);
|
||||||
|
}
|
||||||
|
var patientUuid = patientCredential.First().user;
|
||||||
|
var patient = db.Users.Where(u => u.uuid == patientUuid);
|
||||||
|
if (patient.Count() == 0 || patient.First().role != 1) {
|
||||||
|
ModelState.AddModelError("patientEmail", "No patient found");
|
||||||
|
return View(model);
|
||||||
|
}
|
||||||
|
|
||||||
return View();
|
return View();
|
||||||
}
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
Trace.WriteLine(e);
|
Trace.WriteLine(e);
|
||||||
return RedirectToAction("Index");
|
return new HttpStatusCodeResult(HttpStatusCode.BadGateway);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ namespace FIT5032_Assignment.Models {
|
||||||
public class ImageUploadForm {
|
public class ImageUploadForm {
|
||||||
[Required]
|
[Required]
|
||||||
[Display(Name = "Assign to patient (email)")]
|
[Display(Name = "Assign to patient (email)")]
|
||||||
|
[EmailAddress]
|
||||||
public string patientEmail { get; set; }
|
public string patientEmail { get; set; }
|
||||||
|
|
||||||
[Required]
|
[Required]
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,7 @@
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
@Html.LabelFor(model => model.imageFile, htmlAttributes: new { @class = "control-label col-md-2" })
|
@Html.LabelFor(model => model.imageFile, htmlAttributes: new { @class = "control-label col-md-2" })
|
||||||
<div class="col-md-10">
|
<div class="col-md-10">
|
||||||
<input type="file" name="imageFile" id="imageFile" />
|
<input type="file" name="imageFile" id="imageFile" accept="image/png, image/jpeg" />
|
||||||
@Html.ValidationMessageFor(model => model.imageFile, "", new { @class = "text-danger" })
|
@Html.ValidationMessageFor(model => model.imageFile, "", new { @class = "text-danger" })
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user