Verify input when upload image

This commit is contained in:
Astrian Zheng 2023-10-12 10:52:50 +11:00
parent 76999b805d
commit 18fe6822d4
3 changed files with 82 additions and 26 deletions

View File

@ -20,6 +20,7 @@ using System.Net.Http;
using System.Threading.Tasks;
using Newtonsoft.Json;
using System.Net.Http.Headers;
using System.Dynamic;
namespace FIT5032_Assignment.Controllers {
@ -32,6 +33,15 @@ namespace FIT5032_Assignment.Controllers {
public string Email { get; set; }
}
public class PassageUserFindReply {
public int Total_Users { get; set; }
public List<PassageUserFindReplyUser> Users { get; set; }
}
public class PassageUserFindReplyUser {
public string Id { get; set; }
}
// Database
public class Database1Entities : DbContext {
public DbSet<Users> Users { get; set; }
@ -65,7 +75,7 @@ namespace FIT5032_Assignment.Controllers {
return new RsaSecurityKey(rsa);
}
private String loginVerify(string token) {
private String psgCredentialVerify(string token) {
var jwtHandler = new JwtSecurityTokenHandler();
var jwtToken = jwtHandler.ReadJwtToken(token);
@ -107,7 +117,21 @@ namespace FIT5032_Assignment.Controllers {
return sub;
}
private Users loginInfo(string user) {
var db = new Database1Entities();
var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
if (credential.Count() == 0) {
return null;
} else {
var userUuid = credential.First().user;
var dbUser = db.Users.Where(res => res.uuid == userUuid);
if (dbUser.Count() == 0) {
return null;
} else {
return dbUser.First();
}
}
}
private Database1Entities db = new Database1Entities();
private string GenerateRandomString(int length) {
@ -128,7 +152,7 @@ namespace FIT5032_Assignment.Controllers {
public ActionResult Index() {
// If user logged in, show user name
if (Request.Cookies["psg_auth_token"] != null) {
var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
var user = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value);
if (user != null) {
var db = new Database1Entities();
var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
@ -155,7 +179,7 @@ namespace FIT5032_Assignment.Controllers {
var psg_auth_token = Request.Cookies["psg_auth_token"];
Trace.WriteLine(psg_auth_token.Value);
// JWT Verify
string sub = loginVerify(psg_auth_token.Value);
string sub = psgCredentialVerify(psg_auth_token.Value);
if (sub == null) {
return RedirectToAction("Login");
} else {
@ -181,7 +205,7 @@ namespace FIT5032_Assignment.Controllers {
// Verify user is logged in
var psg_auth_token = Request.Cookies["psg_auth_token"];
var user = loginVerify(psg_auth_token.Value);
var user = psgCredentialVerify(psg_auth_token.Value);
if (user == null) {
return RedirectToAction("Login");
}
@ -254,7 +278,7 @@ namespace FIT5032_Assignment.Controllers {
// Redirect to home page
return RedirectToAction("Index");
}
var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
var user = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value);
if (user == null) {
// Redirect to home page
return RedirectToAction("Index");
@ -280,29 +304,60 @@ namespace FIT5032_Assignment.Controllers {
public ActionResult ImageUpload(Models.ImageUploadForm model) {
try {
if (Request.Cookies["psg_auth_token"] == null) {
// Redirect to home page
return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
// Return 401 error
return new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
}
var user = loginVerify(Request.Cookies["psg_auth_token"].Value);
if (user == null) {
// Redirect to home page
return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
} else {
// Detect if user is doctor or patient
var userCre = psgCredentialVerify(Request.Cookies["psg_auth_token"].Value);
var user = loginInfo(userCre);
if (user.role != 2) {
// Return 403 error if user is not doctor
return new HttpStatusCodeResult(HttpStatusCode.Forbidden) ;
}
// check recived items
if (!ModelState.IsValid) {
ModelState.AddModelError("patientEmail", "Form not valid");
return View(model);
}
// check uploaded file
if (model.imageFile == null) {
ModelState.AddModelError("imageFile", "Please upload a file");
return View(model);
}
// check format: png, jpg
if (model.imageFile.ContentType != "image/png" && model.imageFile.ContentType != "image/jpeg") {
ModelState.AddModelError("imageFile", "Please upload a png or jpg file");
return View(model);
}
// Check if the email have a patient profile
var db = new Database1Entities();
var credential = db.Credentials.Where(res => (res.uniqueIdCode == user) && (res.provider == 0));
if (credential.Count() == 0) {
// return error 403
return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
// Find the account associated with the email
var app_id = "ZHM5whW5xsZEczTn2loffzjN";
var url = $"https://api.passage.id/v1/apps/{app_id}/users?identifier={model.patientEmail}";
var res = httpClient.GetStringAsync(url).Result;
if (JsonConvert.DeserializeObject<PassageUserFindReply>(res).Total_Users == 0) {
ModelState.AddModelError("patientEmail", "No patient found");
return View(model);
}
var dbUser = db.Users.Where(res => res.uuid == credential.First().user);
// print dbUser
Trace.WriteLine(dbUser.First());
var patientId = JsonConvert.DeserializeObject<PassageUserFindReply>(res).Users[0].Id;
var patientCredential = db.Credentials.Where(c => (c.uniqueIdCode == patientId) && (c.provider == 0));
if (patientCredential.Count() == 0) {
ModelState.AddModelError("patientEmail", "No patient found");
return View(model);
}
var patientUuid = patientCredential.First().user;
var patient = db.Users.Where(u => u.uuid == patientUuid);
if (patient.Count() == 0 || patient.First().role != 1) {
ModelState.AddModelError("patientEmail", "No patient found");
return View(model);
}
return View();
}
} catch (Exception e) {
Trace.WriteLine(e);
return RedirectToAction("Index");
return new HttpStatusCodeResult(HttpStatusCode.BadGateway);
}
}
}

View File

@ -5,6 +5,7 @@ namespace FIT5032_Assignment.Models {
public class ImageUploadForm {
[Required]
[Display(Name = "Assign to patient (email)")]
[EmailAddress]
public string patientEmail { get; set; }
[Required]

View File

@ -23,7 +23,7 @@
<div class="form-group">
@Html.LabelFor(model => model.imageFile, htmlAttributes: new { @class = "control-label col-md-2" })
<div class="col-md-10">
<input type="file" name="imageFile" id="imageFile" />
<input type="file" name="imageFile" id="imageFile" accept="image/png, image/jpeg" />
@Html.ValidationMessageFor(model => model.imageFile, "", new { @class = "text-danger" })
</div>
</div>