SessionHandler now throws exception if no sessionID is provided. Catught said exception in all controllers.

CoviDok/BLL/Sessions/SessionHandler.cs

@@ -20,8 +20,9 @@ namespace CoviDok.BLL.Sessions
 
         public async Task<Session> GetSession(string SessionId)
         {
+            if (string.IsNullOrEmpty(SessionId)) throw new UnauthorizedAccessException();
             string Candidate = SessionStore.Get(SessionId);
-            if (Candidate == null) return null;
+            if (Candidate == null) throw new UnauthorizedAccessException();
             Session session = null;
             await Task.Run(() => {
                 session = JsonSerializer.Deserialize<Session>(Candidate);

CoviDok/Controllers/AssistantController.cs

@@ -37,10 +37,9 @@ namespace CoviDok.Controllers
         [HttpPut("{id}")]
         public async Task<IActionResult> PutAssistant(int id, PublicAssistant ast)
         {
-            Session s = await Handler.GetSession(ast.SessionId);
-            if (s == null) return Unauthorized();
             try
             {
+                Session s = await Handler.GetSession(ast.SessionId);
                 await mgr.UpdateAssistant(s, id, ast);
                 return NoContent();
             }
@@ -52,10 +51,6 @@ namespace CoviDok.Controllers
             {
                 return NotFound();
             }
-            catch (FormatException)
-            {
-                return BadRequest();
-            }
         }
     }
 }

CoviDok/Controllers/CaseController.cs

@@ -27,10 +27,8 @@ namespace CoviDok.Controllers
         [HttpPost("{id}")]
         public async Task<ActionResult<Case>> PostGetCase(int id, string SessionId)
         {
-            Session s = await Handler.GetSession(SessionId);
-            if (s == null) return Unauthorized();
-
             try {
+                Session s = await Handler.GetSession(SessionId);
                 return await mgr.GetCase(s, id);
             }
             catch (KeyNotFoundException)
@@ -48,10 +46,9 @@ namespace CoviDok.Controllers
         [HttpPut("{id}/update")]
         public async Task<IActionResult> PostUpdate(int id, CaseUpdate data)
         {            
-            Session s = await Handler.GetSession(data.SessionId);
-            if (s == null) return Unauthorized();
             try
             {
+                Session s = await Handler.GetSession(data.SessionId);
                 await mgr.UpdateCase(s, id, data.UpdateMsg, data.Images);
                 return Ok();
             }
@@ -72,11 +69,9 @@ namespace CoviDok.Controllers
         [HttpPost]
         public async Task<ActionResult<Case>> NewCase(CaseCreate data)
         {
-            Session s = await Handler.GetSession(data.SessionId);
-            if (s == null) return Unauthorized();
-
             try
             {
+                Session s = await Handler.GetSession(data.SessionId);
                 Case c = await mgr.CreateCase(s, data.DoctorId, data.ChildId, data.Title, data.StartDate);
                 return CreatedAtAction("PostGetCase", new { id = c.Id }, c);
             }
@@ -89,9 +84,8 @@ namespace CoviDok.Controllers
         [HttpPost("{id}/updates")]
         public async Task<ActionResult<List<Update>>> GetUpdatesForCase(int id, string SessionId)
         {
-            Session s = await Handler.GetSession(SessionId);
-            if (s == null) return Unauthorized();
             try {
+                Session s = await Handler.GetSession(SessionId);
                 return await mgr.GetUpdatesForCase(s, id);
             }
             catch (UnauthorizedAccessException)
@@ -107,10 +101,9 @@ namespace CoviDok.Controllers
         [HttpPost("updates/{id}")]
         public async Task<ActionResult<Update>>  GetUpdate(int id, string SessionId)
         {
-            Session s = await Handler.GetSession(SessionId);
-            if (s == null) return Unauthorized();
             try
             {
+                Session s = await Handler.GetSession(SessionId);
                 return await mgr.GetUpdate(s, id);
             }
             catch (UnauthorizedAccessException)
@@ -127,10 +120,9 @@ namespace CoviDok.Controllers
         [HttpPost("{id}/close")]
         public async Task<IActionResult> PostClose(int id, string SessionId)
         {
-            Session s = await Handler.GetSession(SessionId);
-            if (s == null) return Unauthorized();
             try
             {
+                Session s = await Handler.GetSession(SessionId);
                 await mgr.SetCertified(s, id);
                 return Ok();
             }
@@ -147,10 +139,9 @@ namespace CoviDok.Controllers
         [HttpPost("{id}/cure")]
         public async Task<IActionResult> PostCured(int id, string SessionId)
         {
-            Session s = await Handler.GetSession(SessionId);
-            if (s == null) return Unauthorized();
             try
             {
+                Session s = await Handler.GetSession(SessionId);
                 await mgr.SetCured(s, id);
                 return Ok();
             }
@@ -168,11 +159,9 @@ namespace CoviDok.Controllers
         [HttpPost("filter")]
         public async Task<ActionResult<List<Case>>> Filter(CaseFilter filters)
         {
-            Session s = await Handler.GetSession(filters.SessionId);
-            if (s == null) return Unauthorized();
-
             try
             {
+                Session s = await Handler.GetSession(filters.SessionId);
                 return await mgr.FilterCases(s, filters);
             }
             catch (UnauthorizedAccessException)

CoviDok/Controllers/ChildController.cs

@@ -25,11 +25,9 @@ namespace CoviDok.Controllers
         [HttpPost("{id}")]
         public async Task<ActionResult<PublicChild>> GetPublicChild(int id, string SessionId)
         {
-            Session s = await Handler.GetSession(SessionId);
-            if (s == null) return Unauthorized();
-
             try
             {
+                Session s = await Handler.GetSession(SessionId);
                 return await ChildManager.GetChild(s, id);
             }
             catch (UnauthorizedAccessException)
@@ -48,9 +46,8 @@ namespace CoviDok.Controllers
         [HttpPut("{id}")]
         public async Task<IActionResult> PutPublicChild(int id, PublicChild publicChild)
         {            
-            Session s = await Handler.GetSession(publicChild.SessionId);
-            if (s == null) return Unauthorized();
             try {
+                Session s = await Handler.GetSession(publicChild.SessionId);
                 await ChildManager.UpdateChild(s, id, publicChild);
                 return NoContent();
             }
@@ -69,10 +66,16 @@ namespace CoviDok.Controllers
         [HttpPost("parent")]
         public async Task<ActionResult<List<PublicChild>>> GetChildrenOfParent(string SessionId)
         {
+            try {
                 Session s = await Handler.GetSession(SessionId);
-            if (s == null) return Unauthorized();
                 return ChildManager.ChildrenOfParent(s.Id);
             }
+            catch (UnauthorizedAccessException)
+            {
+                return Unauthorized();
+            }
+            
+        }
 
         // POST: api/Child
         // To protect from overposting attacks, enable the specific properties you want to bind to, for
@@ -80,10 +83,8 @@ namespace CoviDok.Controllers
         [HttpPost]
         public async Task<ActionResult<PublicChild>> PostPublicChild(PublicChild publicChild)
         {
-            Session s = await Handler.GetSession(publicChild.SessionId);
-            if (s == null ) return Unauthorized();
-
             try {
+                Session s = await Handler.GetSession(publicChild.SessionId);
                 int Id = await ChildManager.AddChild(s, publicChild);
                 return CreatedAtAction("GetPublicChild", new { id = Id }, publicChild);
             }

CoviDok/Controllers/DoctorController.cs

@@ -99,10 +99,9 @@ namespace CoviDok.Controllers
         [HttpPost("{id}/children")]
         public async Task<ActionResult<ICollection<PublicChild>>> GetChildrenOfDoctor(int id, string SessionId)
         {
-            Session s = await Handler.GetSession(SessionId);
-            if (s == null) return Unauthorized();
             try
             {
+                Session s = await Handler.GetSession(SessionId);
                 return await doctorHandler.GetChildren(id);
             }
             catch (KeyNotFoundException)

CoviDok/Controllers/ImagesController.cs

@@ -60,16 +60,12 @@ namespace CoviDok.Controllers
         public async Task<GenericResponse> OnGetImage(ImageGet imageGet)
         {
             GenericResponse response = new GenericResponse();
-            Session s = await Handler.GetSession(imageGet.SessionId);
-            if (s == null)
+            try
             {
-                response.Status = Status.Error;
-                response.Body["reason"] = "unauthorized";
-                return response;
-            }
-            try {
+                Session s = await Handler.GetSession(imageGet.SessionId);
                 string res = null;
-                await MinioHandler.GetImage(BucketName, imageGet.ImageId, (stream) => {
+                await MinioHandler.GetImage(BucketName, imageGet.ImageId, (stream) =>
+                {
                     StreamReader reader = new StreamReader(stream);
                     res = reader.ReadToEnd();
                 });
@@ -77,6 +73,13 @@ namespace CoviDok.Controllers
                 response.Body["image"] = res;
                 return response;
             }
+            catch (UnauthorizedAccessException)
+            {
+                response.Status = Status.Error;
+                response.Body["reason"] = "unauthorized";
+                return response;
+            }
+
             catch (KeyNotFoundException)
             {
                 response.Status = Status.Error;

CoviDok/Controllers/ParentController.cs

@@ -24,11 +24,14 @@ namespace CoviDok.Controllers
         [HttpPost("{id}")]
         public async Task<ActionResult<PublicParent>> GetParent(int id, string SessionId)
         {
-            Session s = await sessionHandler.GetSession(SessionId);
-            if (s == null) return Unauthorized();
             try {
+                Session s = await sessionHandler.GetSession(SessionId);
                 return await parentManager.GetParent(id);
             }
+            catch (UnauthorizedAccessException)
+            {
+                return Unauthorized();
+            }
             catch (KeyNotFoundException)
             {
                 return NotFound();
@@ -38,9 +41,8 @@ namespace CoviDok.Controllers
         [HttpPut("{id}")]
         public async Task<IActionResult> PutParent(int id, PublicParent parent)
         {
-            Session s = await sessionHandler.GetSession(parent.SessionId);
-            if (s == null) return Unauthorized();
             try {
+                Session s = await sessionHandler.GetSession(parent.SessionId);
                 await parentManager.UpdateParent(s, id, parent);
                 return NoContent();
             }
@@ -60,10 +62,9 @@ namespace CoviDok.Controllers
         [HttpPost("{id}/children")]
         public async Task<ActionResult<List<PublicChild>>> GetChildrenOfParent(int id, string SessionId)
         {
-            Session s = await sessionHandler.GetSession(SessionId);
-            if (s == null) return Unauthorized();
             try
             {
+                Session s = await sessionHandler.GetSession(SessionId);
                 return await parentManager.GetChildren(id);
             }
             catch (KeyNotFoundException)

helm/covidok/values.yaml

@@ -24,7 +24,7 @@ config:
     secretkey: "secretkey"
   mysql:
     database: "covidok"
-    user: "covdiok"
+    user: "covidok"
     password: "covidok"
   redis:
     port: "6379"