Verify input when upload image
This commit is contained in:
parent
76999b805d
commit
18fe6822d4
|
@ -20,6 +20,7 @@ using System.Net.Http;
|
|||
using System.Threading.Tasks;
|
||||
using Newtonsoft.Json;
|
||||
using System.Net.Http.Headers;
|
||||
using System.Dynamic;
|
||||
|
||||
namespace FIT5032_Assignment.Controllers {
|
||||
|
||||
|
@ -32,6 +33,15 @@ namespace FIT5032_Assignment.Controllers {
|
|||
public string Email { get; set; }
|
||||
}
|
||||
|
||||
public class PassageUserFindReply {
|
||||
public int Total_Users { get; set; }
|
||||
public List<PassageUserFindReplyUser> Users { get; set; }
|
||||
}
|
||||
|
||||
public class PassageUserFindReplyUser {
|
||||
public string Id { get; set; }
|
||||
}
|
||||
|
||||
// Database
|
||||
public class Database1Entities : DbContext {
|
||||
public DbSet<Users> Users { get; set; }
|
||||
|
@ -65,7 +75,7 @@ namespace FIT5032_Assignment.Controllers {
|
|||
|
||||
return new RsaSecurityKey(rsa);
|
||||
}
|
||||
private String loginVerify(string token) {
|
||||
private String psgCredentialVerify(string token) {
|
||||
|
||||
var jwtHandler = new JwtSecurityTokenHandler();
|
||||
var jwtToken = jwtHandler.ReadJwtToken(token);
|
||||
|
@ -107,7 +117,21 @@ namespace FIT5032_Assignment.Controllers {
|
|||
|
||||
return sub;
|
||||
}
|
||||
|
||||
private Users loginInfo(string user) {
|
||||
var db = new Database1Entities();
|
||||
var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
|
||||
if (credential.Count() == 0) {
|
||||
return null;
|
||||
} else {
|
||||
var userUuid = credential.First().user;
|
||||
var dbUser = db.Users.Where(res => res.uuid == userUuid);
|
||||
if (dbUser.Count() == 0) {
|
||||
return null;
|
||||
} else {
|
||||
return dbUser.First();
|
||||
}
|
||||
}
|
||||
}
|
||||
private Database1Entities db = new Database1Entities();
|
||||
|
||||
private string GenerateRandomString(int length) {
|
||||
|
@ -128,7 +152,7 @@ namespace FIT5032_Assignment.Controllers {
|
|||
public ActionResult Index() {
|
||||
// If user logged in, show user name
|
||||
if (Request.Cookies["psg_auth_token"] != null) {
|
||||
var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
|
||||
var user = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value);
|
||||
if (user != null) {
|
||||
var db = new Database1Entities();
|
||||
var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
|
||||
|
@ -155,7 +179,7 @@ namespace FIT5032_Assignment.Controllers {
|
|||
var psg_auth_token = Request.Cookies["psg_auth_token"];
|
||||
Trace.WriteLine(psg_auth_token.Value);
|
||||
// JWT Verify
|
||||
string sub = loginVerify(psg_auth_token.Value);
|
||||
string sub = psgCredentialVerify(psg_auth_token.Value);
|
||||
if (sub == null) {
|
||||
return RedirectToAction("Login");
|
||||
} else {
|
||||
|
@ -181,7 +205,7 @@ namespace FIT5032_Assignment.Controllers {
|
|||
|
||||
// Verify user is logged in
|
||||
var psg_auth_token = Request.Cookies["psg_auth_token"];
|
||||
var user = loginVerify(psg_auth_token.Value);
|
||||
var user = psgCredentialVerify(psg_auth_token.Value);
|
||||
if (user == null) {
|
||||
return RedirectToAction("Login");
|
||||
}
|
||||
|
@ -254,7 +278,7 @@ namespace FIT5032_Assignment.Controllers {
|
|||
// Redirect to home page
|
||||
return RedirectToAction("Index");
|
||||
}
|
||||
var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
|
||||
var user = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value);
|
||||
if (user == null) {
|
||||
// Redirect to home page
|
||||
return RedirectToAction("Index");
|
||||
|
@ -280,29 +304,60 @@ namespace FIT5032_Assignment.Controllers {
|
|||
public ActionResult ImageUpload(Models.ImageUploadForm model) {
|
||||
try {
|
||||
if (Request.Cookies["psg_auth_token"] == null) {
|
||||
// Redirect to home page
|
||||
return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
|
||||
// Return 401 error
|
||||
return new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
|
||||
}
|
||||
var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
|
||||
if (user == null) {
|
||||
// Redirect to home page
|
||||
return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
|
||||
} else {
|
||||
// Detect if user is doctor or patient
|
||||
var userCre = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value);
|
||||
var user = loginInfo(userCre);
|
||||
if (user.role != 2) {
|
||||
// Return 403 error if user is not doctor
|
||||
return new HttpStatusCodeResult(HttpStatusCode.Forbidden) ;
|
||||
}
|
||||
|
||||
// check recived items
|
||||
if (!ModelState.IsValid) {
|
||||
ModelState.AddModelError("patientEmail", "Form not valid");
|
||||
return View(model);
|
||||
}
|
||||
|
||||
// check uploaded file
|
||||
if (model.imageFile == null) {
|
||||
ModelState.AddModelError("imageFile", "Please upload a file");
|
||||
return View(model);
|
||||
}
|
||||
// check format: png, jpg
|
||||
if (model.imageFile.ContentType != "image/png" && model.imageFile.ContentType != "image/jpeg") {
|
||||
ModelState.AddModelError("imageFile", "Please upload a png or jpg file");
|
||||
return View(model);
|
||||
}
|
||||
|
||||
// Check if the email have a patient profile
|
||||
var db = new Database1Entities();
|
||||
var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
|
||||
if (credential.Count() == 0) {
|
||||
// return error 403
|
||||
return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
|
||||
// Find the account associated with the email
|
||||
var app_id = "ZHM5whW5xsZEczTn2loffzjN";
|
||||
var url = $"https://api.passage.id/v1/apps/{app_id}/users?identifier={model.patientEmail}";
|
||||
var res = httpClient.GetStringAsync(url).Result;
|
||||
if (JsonConvert.DeserializeObject<PassageUserFindReply>(res).Total_Users == 0) {
|
||||
ModelState.AddModelError("patientEmail", "No patient found");
|
||||
return View(model);
|
||||
}
|
||||
var dbUser = db.Users.Where(res => res.uuid == credential.First().user);
|
||||
// print dbUser
|
||||
Trace.WriteLine(dbUser.First());
|
||||
var patientId = JsonConvert.DeserializeObject<PassageUserFindReply>(res).Users[0].Id;
|
||||
var patientCredential = db.Credentials.Where(c => (c.uniqueIdCode == patientId) && (c.provider == 0));
|
||||
if (patientCredential.Count() == 0) {
|
||||
ModelState.AddModelError("patientEmail", "No patient found");
|
||||
return View(model);
|
||||
}
|
||||
var patientUuid = patientCredential.First().user;
|
||||
var patient = db.Users.Where(u => u.uuid == patientUuid);
|
||||
if (patient.Count() == 0 || patient.First().role != 1) {
|
||||
ModelState.AddModelError("patientEmail", "No patient found");
|
||||
return View(model);
|
||||
}
|
||||
|
||||
return View();
|
||||
}
|
||||
} catch (Exception e) {
|
||||
Trace.WriteLine(e);
|
||||
return RedirectToAction("Index");
|
||||
return new HttpStatusCodeResult(HttpStatusCode.BadGateway);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@ namespace FIT5032_Assignment.Models {
|
|||
public class ImageUploadForm {
|
||||
[Required]
|
||||
[Display(Name = "Assign to patient (email)")]
|
||||
[EmailAddress]
|
||||
public string patientEmail { get; set; }
|
||||
|
||||
[Required]
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
<div class="form-group">
|
||||
@Html.LabelFor(model => model.imageFile, htmlAttributes: new { @class = "control-label col-md-2" })
|
||||
<div class="col-md-10">
|
||||
<input type="file" name="imageFile" id="imageFile" />
|
||||
<input type="file" name="imageFile" id="imageFile" accept="image/png, image/jpeg" />
|
||||
@Html.ValidationMessageFor(model => model.imageFile, "", new { @class = "text-danger" })
|
||||
</div>
|
||||
</div>
|
||||
|
|
Loading…
Reference in New Issue
Block a user