public async Task RequestAccessPost()
{
var providerCode = "PROVIDERCODE";
var viewModel = new RequestAccessViewModel {
FirstName = "FirstName", LastName = "LastName"
};
var tempKey = "RequestAccess_To_Name";
var apiMock = new Mock <IManageApi>();
var tempDataMock = new Mock <ITempDataDictionary>();
var frontendUrlMock = new Mock <IFrontendUrlService>();
var controller = new OrganisationController(apiMock.Object, frontendUrlMock.Object);
controller.TempData = tempDataMock.Object;
var result = await controller.RequestAccessPost(providerCode, viewModel);
apiMock.Verify(x => x.GetProviderSummaries(), Times.Never);
apiMock.Verify(x => x.CreateAccessRequest(It.IsAny <GovUk.Education.ManageCourses.Api.Model.AccessRequest>()), Times.Once);
tempDataMock.Verify(x => x.Add(tempKey, $"{viewModel.FirstName} {viewModel.LastName}"));
var actionResult = result as RedirectToActionResult;
Assert.IsNotNull(actionResult);
Assert.AreEqual("Show", actionResult.ActionName);
Assert.AreEqual("Organisation", actionResult.ControllerName);
Assert.AreEqual(providerCode, actionResult.RouteValues[providerCode]);
}
public async Task <ActionResult> RequestAccessPost(string providerCode, RequestAccessViewModel model)
{
if (!ModelState.IsValid)
{
ViewBag.ProviderCode = providerCode;
return(View("RequestAccess", model));
}
await _manageApi.CreateAccessRequest(new Api.Model.AccessRequest()
{
FirstName = model.FirstName,
LastName = model.LastName,
EmailAddress = model.EmailAddress,
Organisation = model.Organisation,
Reason = model.Reason,
});
TempData.Remove("RequestAccess_To_Name"); // clear out any stale requests to avoid stale TempData causing dupe key error
TempData.Add("RequestAccess_To_Name", $"{model.FirstName} {model.LastName}");
return(new RedirectToActionResult("Show", "Organisation", new { providerCode = providerCode }));
}
public IActionResult RequestAccess(RequestAccessViewModel requestAccessViewModel)
{
// Description: Authenticates a patient's identity when a Doctor requests access to their medical information
// Get's the Doctor's information for current session
ViewBag.DoctorName = HttpContext.Session.GetString(Globals.currentUserName);
if (!ModelState.IsValid)
{
return(View(requestAccessViewModel));
}
string PHN = HttpContext.Session.GetString(Globals.currentPPHN);
string patientSignPublicKey = HttpContext.Session.GetString(Globals.currentPSPubK);
string doctorSignPrivatekey = HttpContext.Session.GetString(Globals.currentDSPriK);
string doctorSignPublicKey = EncryptionService.getSignPublicKeyStringFromPrivate(doctorSignPrivatekey);
string doctorAgreePrivatekey = HttpContext.Session.GetString(Globals.currentDAPriK);
string doctorAgreePublicKey = EncryptionService.getAgreePublicKeyStringFromPrivate(doctorAgreePrivatekey);
string keyword = requestAccessViewModel.keyword;
// Searches for a patient with the specified PHN
Assets <UserCredAssetData> userAsset = _bigChainDbService.GetUserAssetFromTypeID(AssetType.Patient, PHN);
if (userAsset == null)
{
ModelState.AddModelError("", "Could not find a patient profile with PHN: " + PHN);
return(View(requestAccessViewModel));
}
// Decrypt the patient's fingerprint data stored in the Blockchain
byte[] dbFpData = null;
string patientSignPrivateKey, patientAgreePrivateKey;
List <string> dbList = userAsset.data.Data.FingerprintData;
List <Image> dbfpList = new List <Image>();
try
{
foreach (string db in dbList)
{
EncryptionService.decryptFingerprintData(PHN, keyword, db, out dbFpData);
dbfpList.Add(FingerprintService.byteToImg(dbFpData));
}
EncryptionService.getPrivateKeyFromIDKeyword(PHN, keyword, userAsset.data.Data.PrivateKeys, out patientSignPrivateKey, out patientAgreePrivateKey);
}
catch
{
ModelState.AddModelError("", "Keyword may be incorrect");
return(View(requestAccessViewModel));
}
// Send request to the Client Computer to authenticate with fingerprint
int numScans = 1;
List <Image> fpList = FingerprintService.authenticateFP("24.84.225.22", numScans); // DEBUG: Jacob's Computer
// Check if fingerprint data is valid
if (fpList.Count < numScans)
{
ModelState.AddModelError("", "Something went wrong with the fingerprint scan, try again.");
return(View(requestAccessViewModel));
}
Image fpImg = fpList[0];
// Compare the scanned fingerprint with the one saved in the database
if (!FingerprintService.compareFP(fpImg, dbfpList))
{
ModelState.AddModelError("", "The fingerprint did not match, try again.");
return(View(requestAccessViewModel));
}
// Choose the types of records we want to get
AssetType[] typeList = { AssetType.TestRequisition };
var recordList = _bigChainDbService.GetAllTypeRecordsFromPPublicKey <string>
(typeList, patientSignPublicKey);
foreach (var record in recordList)
{
MetaDataSaved <object> metadata = record.metadata;
if (!metadata.AccessList.Keys.Contains(doctorSignPublicKey))
{
var hashedKey = metadata.AccessList[patientSignPublicKey];
var dataDecryptionKey = EncryptionService.getDecryptedEncryptionKey(hashedKey, patientAgreePrivateKey);
var newHash = EncryptionService.getEncryptedEncryptionKey(dataDecryptionKey, patientAgreePrivateKey, doctorAgreePublicKey);
metadata.AccessList[doctorSignPublicKey] = newHash;
_bigChainDbService.SendTransferTransactionToDataBase(record.id, metadata,
patientSignPrivateKey, patientSignPublicKey, record.transID);
}
}
return(RedirectToAction("PatientRecords"));
}