Use embeded Passage login flow

FIT5032-Assignment/Controllers/HomeController.cs

@@ -8,6 +8,8 @@ using FIT5032_Assignment.Models;
 using System.Security.Cryptography;
 using System.Text;
 using BCryptNet = BCrypt.Net.BCrypt;
+using System.Diagnostics;
+using System.Net;
 
 namespace FIT5032_Assignment.Controllers
 {
@@ -34,6 +36,14 @@ namespace FIT5032_Assignment.Controllers
             return View();
         }
 
+        public ActionResult LoginRedirect()
+        {
+            // See cookies
+            var psg_auth_token = Request.Cookies["psg_auth_token"];
+            Trace.WriteLine(psg_auth_token.Value);
+            return View();
+        }
+
         // POST /CreateAccount
         [HttpPost]
         public ActionResult CreateAccount(Models.CreateAccountForm model)
@@ -46,7 +56,7 @@ namespace FIT5032_Assignment.Controllers
             
             // Email address is not valid
             // Use regular expression to verify email address
-            if (!System.Text.RegularExpressions.Regex.IsMatch(model.emailaddress, @"^([\w\.\-]+)@([\w\-]+)((\.(\w){2,3})+)$"))
+            if (!System.Text.RegularExpressions.Regex.IsMatch(model.emailaddress, @"^([a-zA-Z0-9]|\-|_|\.){1,}@([a-zA-Z0-9]|\-|_|){1,}(\.([a-zA-Z0-9]|\-|_){1,}){1,}$"))
             {
                 ModelState.AddModelError("emailaddress", "Email address is not valid");
                 return View(model);
@@ -114,13 +124,17 @@ namespace FIT5032_Assignment.Controllers
             db.SaveChanges();
 
             // write cookie (`session`)
-            HttpCookie cookie = new HttpCookie("session", sessionUuid + ":" + token);
+            HttpCookie cookie1 = new HttpCookie("session", sessionUuid + ":" + token);
-            cookie.Expires = DateTime.Now.AddDays(7);
+            cookie1.Expires = DateTime.Now.AddDays(7);
-            Response.Cookies.Add(cookie);
+            Response.Cookies.Add(cookie1);
 
-            return RedirectToAction("Index");
+            return RedirectToAction("InitialPasskey");
         }
         
+        public ActionResult InitialPasskey()
+        {
+            return View();
+        }
     }
 
 }

FIT5032-Assignment/FIT5032-Assignment.csproj

@@ -55,7 +55,16 @@
     <Reference Include="EntityFramework.SqlServer, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL">
       <HintPath>..\packages\EntityFramework.6.4.4\lib\net45\EntityFramework.SqlServer.dll</HintPath>
     </Reference>
+    <Reference Include="JWT, Version=10.0.0.0, Culture=neutral, PublicKeyToken=6f98bca0f40f2ecf, processorArchitecture=MSIL">
+      <HintPath>..\packages\JWT.10.1.0\lib\net462\JWT.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Bcl.AsyncInterfaces, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Bcl.AsyncInterfaces.6.0.0\lib\net461\Microsoft.Bcl.AsyncInterfaces.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.CSharp" />
+    <Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\packages\Newtonsoft.Json.13.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
+    </Reference>
     <Reference Include="System" />
     <Reference Include="System.Buffers, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
       <HintPath>..\packages\System.Buffers.4.5.1\lib\net461\System.Buffers.dll</HintPath>
@@ -69,11 +78,23 @@
     <Reference Include="System.Numerics.Vectors, Version=4.1.4.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
       <HintPath>..\packages\System.Numerics.Vectors.4.5.0\lib\net46\System.Numerics.Vectors.dll</HintPath>
     </Reference>
-    <Reference Include="System.Runtime.CompilerServices.Unsafe, Version=4.0.4.1, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
+    <Reference Include="System.Runtime.CompilerServices.Unsafe, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.4.5.3\lib\net461\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
+      <HintPath>..\packages\System.Runtime.CompilerServices.Unsafe.6.0.0\lib\net461\System.Runtime.CompilerServices.Unsafe.dll</HintPath>
     </Reference>
     <Reference Include="System.Runtime.Serialization" />
     <Reference Include="System.Security" />
+    <Reference Include="System.Text.Encodings.Web, Version=6.0.0.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Text.Encodings.Web.6.0.0\lib\net461\System.Text.Encodings.Web.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Text.Json, Version=6.0.0.7, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Text.Json.6.0.7\lib\net461\System.Text.Json.dll</HintPath>
+    </Reference>
+    <Reference Include="System.Threading.Tasks.Extensions, Version=4.2.0.1, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.Threading.Tasks.Extensions.4.5.4\lib\net461\System.Threading.Tasks.Extensions.dll</HintPath>
+    </Reference>
+    <Reference Include="System.ValueTuple, Version=4.0.3.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.ValueTuple.4.5.0\lib\net47\System.ValueTuple.dll</HintPath>
+    </Reference>
     <Reference Include="System.Web.DynamicData" />
     <Reference Include="System.Web.Entity" />
     <Reference Include="System.Web.ApplicationServices" />
@@ -124,9 +145,6 @@
       <Private>True</Private>
       <HintPath>..\packages\Microsoft.AspNet.WebPages.3.2.9\lib\net45\System.Web.WebPages.Razor.dll</HintPath>
     </Reference>
-    <Reference Include="Newtonsoft.Json">
-      <HintPath>..\packages\Newtonsoft.Json.12.0.2\lib\net45\Newtonsoft.Json.dll</HintPath>
-    </Reference>
     <Reference Include="WebGrease">
       <Private>True</Private>
       <HintPath>..\packages\WebGrease.1.6.0\lib\WebGrease.dll</HintPath>
@@ -177,6 +195,7 @@
     <Compile Include="Models\Images.cs">
       <DependentUpon>FIT5032-Assignment.tt</DependentUpon>
     </Compile>
+    <Compile Include="Models\InitialPasskeyForm.cs" />
     <Compile Include="Models\Patients.cs">
       <DependentUpon>FIT5032-Assignment.tt</DependentUpon>
     </Compile>
@@ -269,6 +288,8 @@
     <Content Include="Views\Home\Index.cshtml" />
     <Content Include="Views\Home\CreateAccount.cshtml" />
     <Content Include="Views\Test.cshtml" />
+    <Content Include="Views\Home\InitialPasskey.cshtml" />
+    <Content Include="Views\Home\LoginRedirect.cshtml" />
   </ItemGroup>
   <ItemGroup>
     <Folder Include="Views\Test\" />

FIT5032-Assignment/FIT5032-Assignment.csproj.user

@@ -12,10 +12,11 @@
     <Controller_SelectedScaffolderID>MvcControllerWithContextScaffolder</Controller_SelectedScaffolderID>
     <Controller_SelectedScaffolderCategoryPath>root/Common/MVC/Controller</Controller_SelectedScaffolderCategoryPath>
     <WebStackScaffolding_ControllerDialogWidth>600</WebStackScaffolding_ControllerDialogWidth>
-    <WebStackScaffolding_LayoutPageFile>~/Views/Shared/_Layout.cshtml</WebStackScaffolding_LayoutPageFile>
+    <WebStackScaffolding_LayoutPageFile>
-    <WebStackScaffolding_IsLayoutPageSelected>True</WebStackScaffolding_IsLayoutPageSelected>
+    </WebStackScaffolding_LayoutPageFile>
+    <WebStackScaffolding_IsLayoutPageSelected>False</WebStackScaffolding_IsLayoutPageSelected>
     <WebStackScaffolding_IsPartialViewSelected>False</WebStackScaffolding_IsPartialViewSelected>
-    <WebStackScaffolding_IsReferencingScriptLibrariesSelected>True</WebStackScaffolding_IsReferencingScriptLibrariesSelected>
+    <WebStackScaffolding_IsReferencingScriptLibrariesSelected>False</WebStackScaffolding_IsReferencingScriptLibrariesSelected>
     <WebStackScaffolding_DbContextTypeFullName>FIT5032_Assignment.Models.Database1Entities</WebStackScaffolding_DbContextTypeFullName>
     <WebStackScaffolding_IsViewGenerationSelected>False</WebStackScaffolding_IsViewGenerationSelected>
     <WebStackScaffolding_IsAsyncSelected>False</WebStackScaffolding_IsAsyncSelected>

FIT5032-Assignment/Models/InitialPasskeyForm.cs

@@ -0,0 +1,11 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Web;
+
+namespace FIT5032_Assignment.Models
+{
+    public class InitialPasskeyForm
+    {
+    }
+}

FIT5032-Assignment/Views/Home/CreateAccount.cshtml

@@ -7,73 +7,12 @@
 
 <h2>CreateAccount</h2>
 
+<passage-register app-id="ZHM5whW5xsZEczTn2loffzjN"></passage-register>
 
-@using (Html.BeginForm()) 
+<script src="https://psg.so/web.js" defer></script>
-{
-    @Html.AntiForgeryToken()
-    
-<div class="form-horizontal">
-    <h4>CreateAccountForm</h4>
-    <hr />
-    @Html.ValidationSummary(true, "", new { @class = "text-danger" })
-    <div class="form-group">
-        @Html.LabelFor(model => model.emailaddress, htmlAttributes: new { @class = "control-label col-md-2" })
-        <div class="col-md-10">
-            @Html.EditorFor(model => model.emailaddress, new { htmlAttributes = new { @class = "form-control" } })
-            @Html.ValidationMessageFor(model => model.emailaddress, "", new { @class = "text-danger" })
-        </div>
-    </div>
-
-    <div class="form-group">
-        @Html.LabelFor(model => model.fullname, htmlAttributes: new { @class = "control-label col-md-2" })
-        <div class="col-md-10">
-            @Html.EditorFor(model => model.fullname, new { htmlAttributes = new { @class = "form-control" } })
-            @Html.ValidationMessageFor(model => model.fullname, "", new { @class = "text-danger" })
-        </div>
-    </div>
-
-    <!-- Dropdown menu -->
-    <div class="form-group">
-        @Html.LabelFor(model => model.role, htmlAttributes: new { @class = "control-label col-md-2" })
-        <div class="col-md-10">
-            <select class="form-control" id="role" name="role">
-                <option value="1">Patient</option>
-                <option value="2">Doctor</option>
-            </select>
-        </div>
-    </div>
-
-    <div class="form-group">
-        <div class="col-md-offset-2 col-md-10">
-            <p>Next, you need to assign a passkey for authentication. Don't worry, it's safer than a password and uses your existing screen-unlocking authentication methods.</p>
-            <input type="submit" value="Set Passkey" class="btn btn-default"  />
-        </div>
-    </div>
-
-</div>
-}
-
-<div>
-    @Html.ActionLink("Back to List", "Index")
-</div>
 
 @section Scripts {
     @Scripts.Render("~/bundles/jqueryval")
 }
 
-<script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
-<script type="module">
-    import {Passage, TokenStore} from "https://cdn.passage.id/passage-js.js"
 
-    export class MyTokenStore extends TokenStore {
-        getAuthToken() {
-            // get token from a cookie named "session"
-            const authToken = document.cookie
-                .split('; ')
-                .find((row) => row.startsWith('session='))
-                ?.split('=')[1];
-            return Promise.resolve(authToken);
-        }
-    };
-    const psg = new Passage('seT6IaaZLyXcPBmd00SmPvTb', { MyTokenStore });
-</script>

FIT5032-Assignment/Views/Home/InitialPasskey.cshtml

@@ -0,0 +1,48 @@
+
+@{
+    ViewBag.Title = "InitialPasskey";
+    Layout = "~/Views/Shared/_Layout.cshtml";
+}
+
+<h2>InitialPasskey</h2>
+
+<script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
+<script type="module">
+    import {Passage, TokenStore} from "https://cdn.passage.id/passage-js.js"
+
+    class MyTokenStore extends TokenStore {
+        getAuthToken() {
+            console.log("getAuthToken")
+            // get token from a cookie named "session"
+            const authToken = document.cookie
+                .split('; ')
+                .find((row) => row.startsWith('session='))
+                ?.split('=')[1];
+            console.log(authToken)
+            return Promise.resolve(authToken);
+        }
+
+        setTokens(authResult) {
+            console.log(authResult)
+            console.log("setTokens")
+            return Promise.resolve()
+        }
+    };
+    const psg = new Passage('I1uNAk2ZQGH8X19JtaddHz1h', { tokenStore: new MyTokenStore() });
+
+    $(document).ready(async () => {
+        const passageUser = psg.getCurrentUser();
+        console.log(passageUser)
+        try {
+            const passkey = await passageUser.addDevice()
+            // Show passkey has successfully been registered
+            console.log(passkey)
+        } catch (e) {
+            console.log(e)
+            // An error can be raised for one of the following reasons:
+            // 1. User Device does not support webauthn
+            // 2. User cancels the register passkey flow
+            // 3. Network request error
+        }
+    })
+</script>

FIT5032-Assignment/Views/Home/LoginRedirect.cshtml

@@ -0,0 +1,17 @@
+
+@{
+    Layout = null;
+}
+
+<!DOCTYPE html>
+
+<html>
+<head>
+    <meta name="viewport" content="width=device-width" />
+    <title>LoginRedirect</title>
+</head>
+<body>
+    <div> 
+    </div>
+</body>
+</html>

FIT5032-Assignment/Web.config

@@ -30,7 +30,7 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" />
-        <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
@@ -52,6 +52,10 @@
         <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
         <bindingRedirect oldVersion="1.0.0.0-5.2.9.0" newVersion="5.2.9.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <system.codedom>

FIT5032-Assignment/packages.config

@@ -6,18 +6,24 @@
   <package id="EntityFramework" version="6.4.4" targetFramework="net48" />
   <package id="jQuery" version="3.4.1" targetFramework="net48" />
   <package id="jQuery.Validation" version="1.17.0" targetFramework="net48" />
+  <package id="JWT" version="10.1.0" targetFramework="net48" />
   <package id="Microsoft.AspNet.Mvc" version="5.2.9" targetFramework="net48" />
   <package id="Microsoft.AspNet.Razor" version="3.2.9" targetFramework="net48" />
   <package id="Microsoft.AspNet.Web.Optimization" version="1.1.3" targetFramework="net48" />
   <package id="Microsoft.AspNet.WebPages" version="3.2.9" targetFramework="net48" />
+  <package id="Microsoft.Bcl.AsyncInterfaces" version="6.0.0" targetFramework="net48" />
   <package id="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" version="2.0.1" targetFramework="net48" />
   <package id="Microsoft.jQuery.Unobtrusive.Validation" version="3.2.11" targetFramework="net48" />
   <package id="Microsoft.Web.Infrastructure" version="2.0.1" targetFramework="net48" />
   <package id="Modernizr" version="2.8.3" targetFramework="net48" />
-  <package id="Newtonsoft.Json" version="12.0.2" targetFramework="net48" />
+  <package id="Newtonsoft.Json" version="13.0.2" targetFramework="net48" />
   <package id="System.Buffers" version="4.5.1" targetFramework="net48" />
   <package id="System.Memory" version="4.5.4" targetFramework="net48" />
   <package id="System.Numerics.Vectors" version="4.5.0" targetFramework="net48" />
-  <package id="System.Runtime.CompilerServices.Unsafe" version="4.5.3" targetFramework="net48" />
+  <package id="System.Runtime.CompilerServices.Unsafe" version="6.0.0" targetFramework="net48" />
+  <package id="System.Text.Encodings.Web" version="6.0.0" targetFramework="net48" />
+  <package id="System.Text.Json" version="6.0.7" targetFramework="net48" />
+  <package id="System.Threading.Tasks.Extensions" version="4.5.4" targetFramework="net48" />
+  <package id="System.ValueTuple" version="4.5.0" targetFramework="net48" />
   <package id="WebGrease" version="1.6.0" targetFramework="net48" />
 </packages>

packages/Newtonsoft.Json.12.0.2/LICENSE.md

@@ -1,20 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2007 James Newton-King
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.