From 3248a38549751ff6386caa5f0819c4b5c714d9c1 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Tue, 9 Jul 2024 20:43:04 +0200
Subject: [PATCH 01/20] bash scripts to scan repo

---
 scripts/.gitignore                   |  1 -
 scripts/discover-large-repo-files.sh | 33 ++++++++++++++++++++++++++++
 scripts/pull-remote-branches.sh      |  4 ++++
 3 files changed, 37 insertions(+), 1 deletion(-)
 delete mode 100644 scripts/.gitignore
 create mode 100644 scripts/discover-large-repo-files.sh
 create mode 100644 scripts/pull-remote-branches.sh

diff --git a/scripts/.gitignore b/scripts/.gitignore
deleted file mode 100644
index cd0d0072..00000000
--- a/scripts/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-*.sh
\ No newline at end of file
diff --git a/scripts/discover-large-repo-files.sh b/scripts/discover-large-repo-files.sh
new file mode 100644
index 00000000..7be2716d
--- /dev/null
+++ b/scripts/discover-large-repo-files.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+#set -x 
+
+# Shows you the largest objects in your repo's pack file.
+# Written for osx.
+#
+# @see http://stubbisms.wordpress.com/2009/07/10/git-script-to-show-largest-pack-objects-and-trim-your-waist-line/
+# @author Antony Stubbs
+
+# set the internal field spereator to line break, so that we can iterate easily over the verify-pack output
+IFS=$'\n';
+
+# list all objects including their size, sort by size, take top 10
+objects=`git verify-pack -v /mnt/c/Users/bbdnet3218/Documents/GitHub/occupi/.git/objects/pack/pack-*.idx | grep -v chain | sort -k3nr | head -n 60`
+
+echo "All sizes are in kB. The pack column is the size of the object, compressed, inside the pack file."
+
+output="size,pack,SHA,location"
+for y in $objects
+do
+	# extract the size in bytes
+	size=$((`echo $y | cut -f 5 -d ' '`/1024))
+	# extract the compressed size in bytes
+	compressedSize=$((`echo $y | cut -f 6 -d ' '`/1024))
+	# extract the SHA
+	sha=`echo $y | cut -f 1 -d ' '`
+	# find the objects location in the repository tree
+	other=`git rev-list --all --objects | grep $sha`
+	#lineBreak=`echo -e "\n"`
+	output="${output}\n${size},${compressedSize},${other}"
+done
+
+echo -e $output | column -t -s ', '
\ No newline at end of file
diff --git a/scripts/pull-remote-branches.sh b/scripts/pull-remote-branches.sh
new file mode 100644
index 00000000..4f3fd576
--- /dev/null
+++ b/scripts/pull-remote-branches.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+for branch in `git branch -a | grep remotes | grep -v HEAD | grep -v master`; do
+    git branch --track ${branch##*/} $branch
+done
\ No newline at end of file

From 082a0c2bb305026e5ff8e501d979140d1dd37ebe Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Wed, 31 Jul 2024 22:02:32 +0200
Subject: [PATCH 02/20] basic: added webauthn config

---
 occupi-backend/configs/setup.go | 29 +++++++++++++++++++++++++++++
 occupi-backend/go.mod           |  9 +++++----
 occupi-backend/go.sum           |  6 ++++++
 3 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/occupi-backend/configs/setup.go b/occupi-backend/configs/setup.go
index ce5dcc6c..970906c4 100644
--- a/occupi-backend/configs/setup.go
+++ b/occupi-backend/configs/setup.go
@@ -5,6 +5,7 @@ import (
 	"time"
 
 	"github.com/allegro/bigcache/v3"
+	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/ipinfo/go/v2/ipinfo"
 	"github.com/ipinfo/go/v2/ipinfo/cache"
 
@@ -187,3 +188,31 @@ func CreateRabbitQueue(ch *amqp.Channel) amqp.Queue {
 
 	return q
 }
+
+func CreateWebAuthnInstance() *webauthn.WebAuthn {
+	// WebAuthn parameters
+	rpID := GetRPID()
+	rpName := GetRPName()
+	rpOrigin := GetRPOrigin()
+	rpIcon := GetRPIcon()
+	rpChallengeLength := GetRPChallengeLength()
+	rpTimeout := GetRPTimeout()
+	rpIDLength := GetRPIDLength()
+
+	// Create a new WebAuthn instance
+	webAuthn := webauthn.New(&webauthn.Config{
+		RPID:              rpID,
+		RPName:            rpName,
+		RPOrigin:          rpOrigin,
+		RPIcon:            rpIcon,
+		RPChallengeLength: rpChallengeLength,
+		RPTimeout:         rpTimeout,
+		RPIDLength:        rpIDLength,
+		Attestation:       webauthn.ConveyAttestationNone,
+		AuthenticatorSelection: webauthn.AuthenticatorSelection{
+			UserVerification: webauthn.VerificationRequired,
+		},
+	})
+
+	return webAuthn
+}
diff --git a/occupi-backend/go.mod b/occupi-backend/go.mod
index 81ebe3e7..1a53e455 100644
--- a/occupi-backend/go.mod
+++ b/occupi-backend/go.mod
@@ -1,8 +1,8 @@
 module github.com/COS301-SE-2024/occupi/occupi-backend
 
-go 1.21
+go 1.22
 
-toolchain go1.21.6
+toolchain go1.22.5
 
 require (
 	github.com/alexedwards/argon2id v1.0.0
@@ -24,6 +24,7 @@ require (
 )
 
 require (
+	github.com/go-webauthn/webauthn v0.11.0 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
@@ -84,11 +85,11 @@ require (
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
 	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/crypto v0.24.0 // indirect
+	golang.org/x/crypto v0.25.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
-	golang.org/x/sys v0.21.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
diff --git a/occupi-backend/go.sum b/occupi-backend/go.sum
index 751a36b3..31cfa935 100644
--- a/occupi-backend/go.sum
+++ b/occupi-backend/go.sum
@@ -42,6 +42,8 @@ github.com/go-playground/validator v9.31.0+incompatible h1:UA72EPEogEnq76ehGdEDp
 github.com/go-playground/validator v9.31.0+incompatible/go.mod h1:yrEkQXlcI+PugkyDjY2bRrL/UBU4f3rvrgkN3V8JEig=
 github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
 github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-webauthn/webauthn v0.11.0 h1:2U0jWuGeoiI+XSZkHPFRtwaYtqmMUsqABtlfSq1rODo=
+github.com/go-webauthn/webauthn v0.11.0/go.mod h1:57ZrqsZzD/eboQDVtBkvTdfqFYAh/7IwzdPT+sPWqB0=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
 github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
@@ -177,6 +179,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
 golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
 golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
@@ -208,6 +212,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=

From e5d17d6eaafeeccf28484db082ae3d61bb7e4229 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Thu, 1 Aug 2024 10:08:44 +0200
Subject: [PATCH 03/20] chore: Add BeginLoginAdmin and FinishLoginAdmin
 functions in auth_handlers.go for begginign webauthn integration

---
 occupi-backend/configs/config.go              |  28 +++++++++++++++
 occupi-backend/configs/config.yaml.gpg        | Bin 383 -> 393 bytes
 occupi-backend/configs/dev.deployed.yaml.gpg  | Bin 959 -> 981 bytes
 occupi-backend/configs/dev.localhost.yaml.gpg | Bin 909 -> 928 bytes
 occupi-backend/configs/prod.yaml.gpg          | Bin 947 -> 971 bytes
 occupi-backend/configs/setup.go               |  34 +++++++++---------
 occupi-backend/configs/test.yaml.gpg          | Bin 857 -> 866 bytes
 occupi-backend/go.mod                         |  12 +++++--
 occupi-backend/go.sum                         |  18 +++++++---
 occupi-backend/pkg/handlers/auth_handlers.go  |   6 ++++
 occupi-backend/pkg/models/app.go              |   3 ++
 11 files changed, 76 insertions(+), 25 deletions(-)

diff --git a/occupi-backend/configs/config.go b/occupi-backend/configs/config.go
index 445b14e5..33d1bb36 100644
--- a/occupi-backend/configs/config.go
+++ b/occupi-backend/configs/config.go
@@ -44,6 +44,9 @@ const (
 	RabbitMQPassword    = "RABBITMQ_PASSWORD"
 	RabbitMQHost        = "RABBITMQ_HOST"
 	RabbitMQPort        = "RABBITMQ_PORT"
+	RPID                = "RP_ID"
+	RPName              = "RP_NAME"
+	RPOrigins           = "RP_ORIGINS"
 )
 
 // init viper
@@ -378,3 +381,28 @@ func GetRabbitMQPort() string {
 	}
 	return port
 }
+
+func GetRPID() string {
+	id := viper.GetString(RPID)
+	if id == "" {
+		id = "RP_ID"
+	}
+	return id
+}
+
+func GetRPName() string {
+	name := viper.GetString(RPName)
+	if name == "" {
+		name = "RP_NAME"
+	}
+	return name
+}
+
+func GetRPOrigins() []string {
+	origins := viper.GetString(RPOrigins)
+	if origins != "" {
+		originList := strings.Split(origins, ",")
+		return originList
+	}
+	return []string{}
+}
diff --git a/occupi-backend/configs/config.yaml.gpg b/occupi-backend/configs/config.yaml.gpg
index de6683689ed7e1e6b90c4f065bf4e93d99014209..6ffd414dd1dc63cb77e887977f39f67b2fc562bc 100644
GIT binary patch
literal 393
zcmV;40e1e34Fm}T0^u(<K#$|jg#XgOw*fni8_#wMrNh2QV+v(|rAk@&6xSv#u<36t
zg-Fx`OEvO8L|WF`&R>osEZUfBFs?Ltb7Ym*D*6#o!lLB!k9AH}-5c+P6wy1l>^4ai
z$P%zMSl>k?S>TA?8!-2T`jJswx_NkoMy`0K81tGlHn5618v(-TL(P+8wW_ovU}S}2
z5!{y@O!1_Zy?K*%6%cgFTWt1{80`X#M+-|qkCpXlXx!5lQWZP&BjUdG_`|Z*WoR%6
z$zv@tIm>5QO;^gm$}JfWN|}29H^Khb=2Q;EmW~?fHi(>4!=5oD$3UM_qUePEbAGip
z&dTOKe5ENKIFo0B{t~Nw_ajVf<z8#j(`y&xsZI1-u?>8fyhm=8fzn$}_)V&psS`1E
z)$Pr|!?E<sYd0ZSsm#McARu`8Y=8JEqx30%Z^1~LJP~wr&kb|-z&=LtR<vQQ7S(0G
n06r08w>bBHz89b2ys_L2m!p3g1<y)(gt0-n>mk*+(f5al#2dsZ

literal 383
zcmV-_0f7FD4Fm}T0_-@w^UGd?uK&`&tpVu#z!j|ttxC+412~=8;K#z@=Gbkyrf#9N
zFmiUm^V`3aW@E*-<t6MQ#4ddO<Q~KO@o@KbM}hy#^OprTisYGqRfhQ#Ft$P+R06zN
z#Wi8d4O*pL`Ia~8L1ohctYV+n{1ED$QImqEiZ`z6wEyX#ML&JUwNv|FTN^HCNvlTk
zygS0@&zO-FXCrM2SlDF~Z+g=VebxmNY_o~$*S(9ID5@vSMPyuW&-+wndSGc$1Oe`N
ztn+b9Z9u9?^5zJjIvH0K^FeJF_F)8Xgm!8s+n>dp&YzJ*9YgQS^0GvG{tM6C(C+rX
zFcK{)gye?UB!#kQcBBJ8trE)lK*0bU4lII6av7Y~9-<B8<OIl`t`+oCl|Mn7BuN!J
zLihN`e6{YD3pYNS*_vmzN8}Pd#bDNlvCM+`sOTBpS%Lb0IdIw^pgzIA$7LNgy^@FF
db+6=#v&=+Y_%iXoNyaa)7SyYL!=bIk7od@Y$Y1~f

diff --git a/occupi-backend/configs/dev.deployed.yaml.gpg b/occupi-backend/configs/dev.deployed.yaml.gpg
index 37efafe50051d6c4535f3fe5665c2136b7dbfd78..d21ea2a50e3dceae2e431b6544533b1fbacaba99 100644
GIT binary patch
literal 981
zcmV;`11kKC4Fm}T0xD1~ump-1e*e<x0c?B-EIlY2OKYJAI~P5puu^cEja7jF?$YXE
zuerbvO0o~q0g7ha5;SQCxoL1pTFZ1BlyCP?wpq~G+ncl5`C~+Ry<ZN)e24dXFX2tT
z<}Q$rEB__Q?xfuCz?h>7@HNvxYli!#Hk9G0nIM{?&V1Ap;r<EzTEItXSL2V32MXx(
zp0!Mtdt|ddE6feONL68Lai;5Cy&%~!;3+ekuF*HVx=A(rk;KmA)Fw1A*Az1XL0A7q
z9Ahpt1B!j8=Oz~gv2v;Z#?oM}xwVeFaNbRNc7!#p@OQE?R#|tpU_yV5AhAcL$o%3}
z4BHQ_iAM&q9eR<-y*sE0vy=R6OBz&74-XWEhNt+_WA-O+3F^iBMjp4E{q3lMBhJf2
zoFs@?;z+(RoCghgC#g=SVNG5fh&p?S2}^Hh1~w*_@DXRQguX}8koW<k36gYMgJA}?
zvku~9xX~8z@d}r8M{L*?!oT359+C{nhN~hP-r#m)K6&7&41(yAwmXkOXtOXd8Q(&^
zu;<vriQp8kk0T#ylV1TjvpLT45wyt?4t$n9DRTmq;AO6iV0$?8Tbu7sUjckR(_GWc
z50UQ`X0-!$a0I@#d}Tt(M^ZzKm|E3WRG5Z|nSo!11Bp5OLNp)b^%96wWAX9uPLC(u
zGtmX3riUIN=Kaa~I7n*7!2-6Z!AQ1@ZCns}3t*6>e`bm@%yM%ti3oO=bscc`lk18`
z5d1{W+X?^Wi^7g($zs1~R&af66u~djq(@9qdEWeau4M}0cKda;Sw>;atkzMhaU3dV
zS_UjyYn-JP^c*lXy(}LkI`gS>F9fuE$)@!K{zHGg-qqoRT&+LQ(rx!Mwju9b5pV*`
z4u1Z_4#=HsUj-_l8Lmcx85%vN1Y+fX2IG-M1>2(?UX6AFuOYNee=keWS(K`gZ`2i_
zaOmtMUZ-VRHQX~LKwr+VjTT+!#e|Iv^sTI*sMQB;O~dEL#96xG9nQE?*&k=|0CBPO
zhGAM}S2%COt53%-;|N5!-azybA=U%g-<*u+0fJQLya31JGNPYH17wsVRa5iIk|R?A
zT}b3+7E`5^2=42|Jw4rPwv9|hbv1W8wU;Z0E0L@UX1V$`bMUJ;xuX2bfFr(CW%yNw
z^mN5R8Wy+=j80u`WSwO1sWis@)1*(UPU4t?_ydX(N{;ccZvwG@-3}4s{;$fNv8nZu
zBmK9qS(^F7jan*mIG3hFNcBMM{VSUZQd0&0GRfO1fZ&nfccGfO_mp!X+RgYn?(q#k
Dwz1=@

literal 959
zcmV;w13>(Y4Fm}T0{@mGS5-wRe*e<x0V-!a#1`hv$F6;tyf3(k<bIpBSs;8?--5l~
zYu_Bp%B-NMp)m^r{q=RZJ^<18p4r#Bj3eCUd7q=R`S0C^bJ!mc2sr}$BNmb`<oOWp
z^*jDS<ppbr<nJacBc>%;0!uboUk@#^HUe=m&Yy<9z62r@o^aHTCIQ5$pnEWAU*{vA
z&;h?VYdQd2Q7Zpyr;Xo(JE2EDF1JumRmwMjD&EHmcgrXHc*8V3Jy?%MqXdW)PTUKl
zn&|PGm#qaR0t7D9{)J3*EG*9quK-kKo^o^3N7rvASVk|KMPWOFIphynCFd(ec4K2b
zIgeOyzull;*2Jl{yS~qZ0wF{m4F95wyqh5lg62Z#R#0Dg+-9>B`Nza3g+6LKkg^KX
zl#~h7j{O~BOir+O062)X+aC>{#W3}LFp2PX_n1EIxSp&p^{gc|?Cn8+_NViBxLBG6
zb=gyXCnci&zg6PTa!0zNxF3*wwr;(dX5(Cql&VoHpN=JtG&9z_KFJWV{`YnU7gzW^
zpWQ~`?j4nO=l|x3E0k94E>6WQSH@yhL11C(Y*=wQuU3dNmu7K>R^g1C4-iuU`(6&{
z`G=Az4sJ_rsvJWJsQ8zk%evb_=ZEi1&_tiNxXkOVuY6QqW@XX0;410wdACQElMg;s
z2}385Z4Db%-ely6fa4o@!0a|~>OG;J`Nh=ThAbD2?llZG5azJU#M}V7Av$x=*Htkq
zowRPw@gEpoou>{c5w+z1)3m^KccafW#k%Fywe~fn(+e#fCljw1>$Z8C?}k+a6Gh-#
z=Fz~8Anaa8GcW@*>E!`WX4VQYl{<v3fX6{^FF9siq7+D>KT}{;Y4E0!!6L<IVdRX=
z_<}N~&V;b|K5za|YX=smORS9jxT$=343G~}hvdJ*Bz;&;>_li=Za@J{(vMZ|V*H@?
zp99F_u|PX#6q)pt1jq$cKxtAiTrL2+)f467os!KtFzo|T<81gsFZ<td*etHq4WHHS
zqiiQ&v@kC=l#y&J#(qn<79D3L0$Fi)XA<E)mTy5Lcw^-zJfU;*f!mBOOVT?kp~egX
zN5^>L5b7hkq0h5k+T))Dlv8I%C=9kB<}8yG19kwp@58IX0P>CS?X&D|<T0-^AM`k3
zTIy+12g$R9()jEHqx5t*+DvWC-uxaNVKw<-7N?VYw@WfL)<XYQ6YP4Cc;Qr1BCtS%
h7w4p1o@Uq*UINy%vHUOz99GIt^(>monD8S{=*W;X*IfVr

diff --git a/occupi-backend/configs/dev.localhost.yaml.gpg b/occupi-backend/configs/dev.localhost.yaml.gpg
index b7823acb2b524932459af5f072108ff22add6046..bc1cfc110da5d5f4b7e50141259e30c61c856f43 100644
GIT binary patch
literal 928
zcmV;R17G}%4Fm}T0ytK5ocu+AT>sMP0g~ub{uu6QWx>1ll>?GK)PRWYq<#2jaLFMb
z#EIiz@qCSj?gc{E(h~Z}u!jkyD4ZHh#-bSaYj#0r#@o5b2hcJ>=@oEzw4}Lr2SIsP
zgX-++cT5G>Q6kC7yyFa$8+Nn4ziaLJ<~H?%w?$Lb46)xVM~DYugzo-UilX|Ru;-kH
zvy_ox3qs*+hhtAbn~iJy(f`2@$}jaq+;1g)-a4L$qeAQ$+Sc`OJ*~eroZ>?Kp%|AD
zuXn`hB2L(7hH0|~>b!oLugI-HzaPm7S7(*qZs2;{WfcbE9e@<#>Agz{Q6z0&dqN2U
zz%S#=wSbP-u0^FywD6`8kJj;n<P#s`EXdKJS7H#aL(Qq-iYk~}LV>J-*H{TmxF43|
z9kx*$Hb%4N2cl4X*h$PXs*>0zd*NETpC=qzD{lHCGnesfJYeO8Ms^_zl4E#p!G^v4
zJe%G+RdNaO>F{42Y1oS&MA00X(x^ni(b%C0wyub|y8CJ4PXLmAsM9z{5JS5RTS2nQ
zNBRu88sSY+dC{VZxe?W*u+_$n&PCBmt&FK3f19{`0-qaP_WIlEr5FXltKV$Gh>w&G
zV**u33{J;b4COg;+A!e>lJ<`t;kZI3Tpjg6VNyf?tc>I2+Jf))n^v5M?TVVne*p#r
znyrhoyRbD-{F<Z<q?6{nz|B4rVI6S@9Gvs^u|NR0+&mnV{&7W@OCcANQh0!d6JhvY
z&M2Js_3T;nI;SMJ=aW=7d}O<>p`9Dwbs-tslSms)Hr&ayS=J3FF=2P5?<f;?`f8&a
zt`LH824oiJl$L31Jk?5rk|!{@9M+rD>*7~E$|lZ3rqZ(yezh)9^|{zktFN3J27e%&
zb1JtaT!RbXW?m(ySi`$pnbN4K{5-MPM8*ZbtE2@ZpNN87+sTSCx0U2xJO?MNb@@nt
zKd!{gN6s*2-G{Ypb5-fZl##$AcP)g3=*n^u&59%}Kla6h7=LXT%YM^NO>hTEdb8Gx
zM_-OdK(m0~Nog_0#`_oWU7{PKYSp+cdsJQM*%lhZ7|#Ca3@7?%@rc7jX6NG1j*ic=
zrRk~=N0gJo(_wE%npvvzsZrumEF5xV7)2RU`xv^WB8@PP1+To4RrkmOY%}qMrRXBr
zwD`3&exgmfoc!<!&N4T!DE+fYPiK(0?2BA0DuNVAfe=usBR{vsKgA7i81Pq8<+ev}
C0oktr

literal 909
zcmV;819JR~4Fm}T0#W0<nF*Hm8voMi0Zf1vFQHhd-yvv~TqLTLsMJCsb=!n_CNmT+
z2zE1Nl6eE?MRD1w5g*>ua5lkj+8jnQ=G<vU#RrbK7nX}V1>K`X0nSSVlgJ$q^f93N
zj&L6aMtyuaiA2@b1M-H=-m)zM?RIU9=BO{#p>%~Eq&+eS_ZEGVmD(}OHQarR<z@s@
zq(L)c;o{LSa)@XQKv&I&#J$*j1S%9&O)h!+y0%t*2KqOF&In6go`7p!>v0PSr^o?X
z?|@oNo37V!&M>+@9X&Y!4%`<6oWD9jM&FS?-OxXJYLFH6v8@)of8?hL-$CGwofUb(
z2+-`9&DY-XIg+~r+in+1l+_I_Y*u}K;WND%V}mjNP~zY^Ki!c)>G-{!FG^E@A~Nll
zNLkH+ur&B_ynO^H-2t0*up~l+>6obE-J${fF>=Im?4!f0{oIaT>e|XYJ&x|N93z)J
z;Tqlm5jUTX`{7ilI#NThNa*ySNn@gt)ZbCJF!2ReTV!rhAAY&iEE#6ZBd1O&yV3Sa
z2>}%)!_RlR^!*Ngc}-m=&I$$e6-$V3X>Ij&eK)VZkRiN8u$K~Z_+jNb$!+LCrHa8e
za}7g4vq69@qq4sY;909JlU&H>^vMYx{{74LaaKXVbOeUyy(jq>LT}S0)C_{kv}ifp
zRzB^diwv(K?i4PIP=_xwz`DwN8oX&)RqThh5P+kmU<Nrc#eqHDwEKkB`N;Fp%AKLQ
znf%duLGO|SB(>zQNBuilj|I7O=s3V%X5=500nkJ!Z$I0<oX8&Fa~<?Ij=uvL3MPXG
zB^cMaY?^WxEc*ms55VFX@B_=#GL-uGx0G-7FE@b&L4))&ivTUXzWCkQzFU9PbvJ<>
z@;2^J6Y^+p#k$h@f>_r+sTY~lmN3q8)*bt^-(4iHQ)RPv=;_pQ$B0jD#Wx$F2qkGJ
z3n{0THztkn0-68lHMY1g27@@iLEduWc@#-AI9IYJ9*e(1pm6jOcV3-L3*<#}jY^Jf
z#iF=ih)=3$=AQMhV#W4fSGvzC{-Xe!hO-dOE##I(_zSRZu9N_5WOXSeXO$Asq|^C1
zcvWdICcw<;%W}Nmj_Xbg;PZ6Eh2;wsxHlw3#x8>}+ggjcz7Xs?!VCzr9e1~|&N(EQ
juqz6A-8MxQR8m@jZngR7Tehn2>c<HnOu7)nt7%KR<R-t&

diff --git a/occupi-backend/configs/prod.yaml.gpg b/occupi-backend/configs/prod.yaml.gpg
index b63e5061db403c3b1b0b5ce9d1ab952407f9e938..3edf08ba84c5977361a36f67a4389268b6d5766e 100644
GIT binary patch
literal 971
zcmV;+12p`M4Fm}T0;|eA{{hv4$p6ym0T9We>hu#v76DSLW2251GBKmVuFOPcb6~pR
z@&n>Ozbgo@{N=H=ec@Plcpv*v``8-ru1B88?<z0(Hd_kjRaf8WivYd=06J5h^X(nv
zYfG#u7|gPsK{J63dqZHW8UMt)v$&)bS0ZQaKyj066b`FXa=&@PVxG0->16|j*ku(P
z%Pw!|(#<DfO8b|?)1d0TXb5l<^!m1A_4G)^A4uXXIqVKpI1UD!Zfuo*F32$Qfk$l<
zo5bMay#F4{KezaF5iOLaL~qElo^UC~x#9M2-(j+=vop9fzk4(#Gq=wo(&ymYUrHcK
zsixteAmBGm@v<na1!Te(?OoGllvBi-R3u^Q5^SVx4yCOZa}dq_EyP-vOUT?X>Dpb&
z!@b3ZD5Z<hUapy@pI+u^_aS_6>tqHf!F}AGV-6v+0{-Q{9Rhlc91}zjxkJ?*k~YE#
ztsa~N*PUF)kQK#ZH)EjXrp}xdAQlDLLT%1_gmxL`W*yJbgWl_~@h<h~N|*wE^BDzD
zc`=v>gvoWgi2&V`OgvWvzGLW)o0xH*@00BV4(VR(k~|Z<g?8gjHC~jR8jQWVG)M_0
z(X|~Kw+HsBqFnyIIJui?swgqYd<p%kV&fTdicwp&CrA^Pm9*q_m!#Drz-rJ63Cp+v
z*Ec&ZfqlTz+t{2{Sa|?7!1!9CiRQv>b`(XcR5Y4FlzgjqUq*-b40nyGtJc8lSDN;6
zh>eQkGcLw`l@1_lE5zkVO;=+$^9fL{?*c~pF!emcsu#E4Gg^AMeerSA1CBLuMqx|D
zdatLpe6Sj;*u<gCo@`fo>c88wO0({ufijk~BA)C>kvTa2u*;}ZS|2d%bCe%ZaoQ{R
zJ-63RO@1~cVhtk4O?hH1dvOzHG>wUToEmi0u;Yf`i;egdENv`}%DOz5##GwOXJ~kY
zB69WFl4V|!t>*r=yYm}^;kR;o$gFm2sXFz&hZTYa*A(`&Uy#cDcZNNM>pa^h(za_t
zU^+|4zxPb9CcHaf5Fg_1qJM)R{aGth2(ahhvmZ^GqM;Zv`mwLS7~4d<EUPUo{wLl1
zGE+30qowfQfrd7BF}BAwTIV0YNmN=Hr!t?FKvt%}ev+QvW6>MfmzE_5&&2$h1>cvF
zVK)m+Rme2dhwtHk(H$c5^#q=Rdi`G{XRj;P2WG>_l}9@&AubH1s%O+h_0Le9wZ0a@
t4+DxSk2y8TPS0e)SbSIquvUw-$(oHF>8d-m@Kw@UsWTIn8Sg23Bkpkr>FfXi

literal 947
zcmV;k15Esk4Fm}T0zI$!7(4~y<p0v?0b%lmh+;^MEqI;<IP@SK*I@i05>ja9QKQn)
zh3Tjr-<)NW;y2@t#IYd8AxAtv`F;~irjhuIv!sNBu8M7O*{7;ww4H5*=#X$-v3J--
zV_07VsXP@&)*orj?uHw5V+6S#oQR!jNuH-LLe0pimecs*tul^f-j<tbqa~HRwm21u
z{P%k7J{v05m<N5tnOwi|QB|fgQEzRXPfhj{<XnT<5e%+wFN$=j*afw>4wZnQQf4y-
zEHItuF{g>-1k4GyGl(1}?Br_6Hn*e+h*VP!*|C_86phz<w7i5qbwnsURKB4!*>4w$
z-;r1t{`f3x#!2GhqyT#ja&y5;Pd?4|BeqML`OTKp`rCBG4pm4AT2_|w+{T`2DxZ!W
zu=8;CzIe@&n~4r~CvD2fT=p4()h%80xjjP|gtYmi3+A`~lt6g~Gw3ycL*!@d8}Y!f
zVueG-^|MiS^n<t9l=YL4YvjM*oS#pXmAc8e#)_<<|L+=q*sVbFBFrp)Evvc>6Q42H
z2scd=GPO<(R3T&>F(33TA~HCa%9H;SI)a7+Jwj)(pWat5P&+FYoo=blyT%Z3=1cuD
z2Q#x{so*=34qpE#<E&(*E-QTyLwsgc(yq5?H>O#C2py)fMlvpTF%hH6Y{nW<Q=6}q
z%`MzJ?;s^%LedgP$(^`Sz~F7RI2j3w(Xz*VLp+|Yj)wH6JtMWnp2rq!pgWW;RAj<f
ziSc7pGt$F+7_@J6{X%ro+IG!Il4;5;!qz|=pH!4FctBH41@G92BSd>fKIuQ#>+)|4
z86%J}CQs_R_5Q5&3HVjF^}lz5vDhDq-%iozM0LmVuz_NIJ?Vf-O;6ZlzT3GJY&Kr_
zC~7bmv8ldJ$AJGxHgqdb?<}i|QfR0m_FftP5sK=KoN9W+Ll7T?NdS4#MGz7*m=16N
zR9ns8Wb>X7VwWwfxctH7^nz?TW242L0*49t)nCYaxm?mMKR<MSM@5f7I-wagtMt{O
z{;pNh$fFE;LDg323KevqtX@P!gw1AQ)fQdz@fXJ8IkCmll0gbb2gK(?q@Q1YH*6#d
zeW{x&r>6b#dw9-!BmKeDf_#%zH|Sj6v%kHX+HBoqf2W@<J^tjYT2cv{UM1<TR*rC_
zE}9cLkdvNtBMkSow2c1~%~?;H?5~WqR?h)aC?Cu{)IQ-`3K~FO7n(XMhM2v$&G!04
Vfzp`LI@(Xs^IbgPALk;~2RJro*$w~z

diff --git a/occupi-backend/configs/setup.go b/occupi-backend/configs/setup.go
index 970906c4..1cda8dab 100644
--- a/occupi-backend/configs/setup.go
+++ b/occupi-backend/configs/setup.go
@@ -193,26 +193,24 @@ func CreateWebAuthnInstance() *webauthn.WebAuthn {
 	// WebAuthn parameters
 	rpID := GetRPID()
 	rpName := GetRPName()
-	rpOrigin := GetRPOrigin()
-	rpIcon := GetRPIcon()
-	rpChallengeLength := GetRPChallengeLength()
-	rpTimeout := GetRPTimeout()
-	rpIDLength := GetRPIDLength()
+	rpOrigins := GetRPOrigins()
+
+	var webAuthn *webauthn.WebAuthn
+	var err error
 
 	// Create a new WebAuthn instance
-	webAuthn := webauthn.New(&webauthn.Config{
-		RPID:              rpID,
-		RPName:            rpName,
-		RPOrigin:          rpOrigin,
-		RPIcon:            rpIcon,
-		RPChallengeLength: rpChallengeLength,
-		RPTimeout:         rpTimeout,
-		RPIDLength:        rpIDLength,
-		Attestation:       webauthn.ConveyAttestationNone,
-		AuthenticatorSelection: webauthn.AuthenticatorSelection{
-			UserVerification: webauthn.VerificationRequired,
-		},
-	})
+	wConfig := &webauthn.Config{
+		RPID:          rpID,
+		RPDisplayName: rpName,
+		RPOrigins:     rpOrigins,
+	}
+
+	if webAuthn, err = webauthn.New(wConfig); err != nil {
+		fmt.Printf("Failed to create WebAuthn instance: %s\n", err)
+		logrus.WithError(err).Fatal("Failed to create WebAuthn instance")
+	}
+
+	fmt.Println("WebAuthn instance created!")
 
 	return webAuthn
 }
diff --git a/occupi-backend/configs/test.yaml.gpg b/occupi-backend/configs/test.yaml.gpg
index 086fb4e4c059ba3d6eaa03ec2e8a19dd466bd6e9..722b61a8f8ab8485367b7cd3baa5b66779be50b7 100644
GIT binary patch
literal 866
zcmV-o1D*Vg4Fm}T0-<~j@fbU=;s4U<0VakL*uz#wQ(SG#(MAjL{Dg`~-28$s`+H`a
z9O4yv6ba^He@ITVPDRGHiV2wHG5tPn6^|$46%jMGlLE}2Kpv9CHL#Tn>L)p(&c72)
z!}KSdKnGniv(f4K7LS#LE#CO2v2f~v<40?QTof)r$~TQ%`4R5`iv6|pGM;C<Kpx0%
z;X!PuW<s-W#3Qi;U^>-ORbO#O??A!F5?f;3!0HLd!En%=@F#OT6{weNWFs%zuF_>`
zA3HI5+de(wXBC+07;n3htEMNP&j2%*=mKAXcvyN_y{DnDVR6$nXg%^ygm|{Dqe?8@
z#NGE-6rY*HR5a{&UmgjEGilc;9<T@=U`Q7KS&w#`@JlW<IrB?J8Ek$dziJF|zlu^6
zaTHoy(Eb`u{(f&B!bE5?(RT5rJC$a0y9mfUb)YRbh0EDZ0YQ~vWfdn;iY_pr=WHjl
zeZ`xwF*0>d{{RU3ZE_!uZi9Urm7d+L{~WF0(fRH82fCcjKC%)o0$cM72=-A~9&gr!
zntel*hMy&FQD1-zT4~y5PXjK*RZ{^VR~ZmE`F$)a7pJi}p2&;&Y3PhRJ5Dep7ySM~
zC&mM}&oXf3*aMJ2NU=c?ciQcov~@P+CaYkoT9?D=u_hQ%-_G2e9N2xdEt;`c+{|Z<
zB}w2b+Yn<m!!xQY3Q?Csz>oeT5a9~3tw^8R<yFFd8q4`Hv6NRbsZ0H7iSQc4@`thT
z8)Cs#p*)1!kO-MSsG=%LxiAfi@S$$5;6xRA0f0M$3vSR)>>O$KY3CTTEMFW{kYJDi
z+=d!BqAiPNWx)&`Rm|62BUj!C!jCD;#jy|hEyHbgib1sBU%UHCZZS*pz`RZ7#_P(<
z1Jl#DB8iEK=*zjYb%M*Szq&v##!_v+BKL^Z()`8O0hFyjdF=@(L;+CdU>j&Y&Nv#=
zJTmMm41N?C8N<#c5z1S0ZN!c8{x6#%_Djuqy48Ub%5jiN<5d+03G(P#rKQH07y89T
zK%HFU;`?;R?psV3+8hYai!9p6IOeRzCFEBqud~rOE|A1Mdb4Nwu_G{1-JMcNo~)}<
s!|NC=iD8TY%pOQ4$pE1tA^xI`Bwx!2Pl8xRNL>soH9A<7b7Mo_Y8?KbcmMzZ

literal 857
zcmV-f1E&0p4Fm}T0;LC()ddE3e*e<x0Uy{OFLKugX$UE#&q{oEMQC?NkXSm~Cf)Rf
ze0bx#I<Bmq`zT+939LF+0sHn44U1;zrRl-zS5=;sOk1rTkPNRYbU6TIB=U+{ct2Ge
z61Mk})cfq8u`{z3?DpYBCiU#ZqKxsBxEUoQuVASJ8gw`^RbTJD{V=hNRF%^axWyr~
zu%k(tQCm_6?tVj#A~rA>1<f+t#SUKsmp;~iwQWn+<fG4?AXjEl_mJd~%%|O5pi-0J
znPBP$*r!0Tv0Hb;etn~LnH_DJMqy{~=RM@XO7sFI_wx?o&Tm)mW*39<wes_qp&v`n
zq_#dq@?U3gtic~=E4z55AB&!E#cto8vE8@E;p_JJLPnE=?1B3ajyhc~?#XTga+E5H
zPs7hYNe6ecD`0##Ng{owjT|LGD`|DtOxsK=8M>uF831lMbb6wIHKeb*c8+slJc%7Y
z8D2j#Fy7%yG2MUIN~Ck1L$vIba85FFOwqd8m0?YCWX%>d;T02r9X4ikd`UIOwj!=&
z(J@SclIgr3JkX**yc|H6E^q9}pTO{D^bCqMfod5IpV*d&XbuD?tAVizOw1NWubFps
zJXuj68bIl@7S_V135b}FLCZGXvYPr)0*^6gt5lrdAUfen+4mxC(Z60^-J^<0f|iyi
zF*Gf=&}RLB;xVlWsyAfrz=jqM&K(;m%4GXe(EY6)03rxQTR(p=2qZC?%GFYo7=lY$
zW|E16E|R)nppeWyXTt9b;NX05h2<b8$3G82H>|Rbi$ZpUpR?h)lVk5w?F$rI-d;t|
z%F#w=*V;8N1Zj2_kh%Mg-ACXO!P%KYy5aY46kpl4K75*VD#o<cRquw4TlS^T)6geE
zUQ#SDsU&Q!iZzWTGT&BWs;0v9pSUfM=9I6Qra<wAF-3&SV$-$wFppnl?yezx=&J$t
zjU9?W`(STAwH4aFedV5l$i#KBBemmjzLuyvYtGnfYFN&1Y~J7K^OK<epn*X#QfZZX
z=G3rKcZF3^CkPJZnA(rd=b!hv0)%=#rLR@tvlR^8#H9QPO(Lg>gqef15lHF*R3Ffq
jX*s^noQ*Uc!5r7`Zp4@<Rb1~=Bg#g4E5sGa43|9+zVN7j

diff --git a/occupi-backend/go.mod b/occupi-backend/go.mod
index 1a53e455..b87b118c 100644
--- a/occupi-backend/go.mod
+++ b/occupi-backend/go.mod
@@ -11,10 +11,13 @@ require (
 	github.com/gin-contrib/sessions v1.0.1
 	github.com/gin-gonic/gin v1.10.0
 	github.com/go-playground/validator/v10 v10.20.0
+	github.com/go-webauthn/webauthn v0.11.0
 	github.com/ipinfo/go/v2 v2.10.0
 	github.com/microcosm-cc/bluemonday v1.0.26
 	github.com/newrelic/go-agent/v3 v3.33.1
+	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646
 	github.com/oliveroneill/exponent-server-sdk-golang v0.0.0-20210823140141-d050598be512
+	github.com/rabbitmq/amqp091-go v1.10.0
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.9.0
@@ -24,11 +27,14 @@ require (
 )
 
 require (
-	github.com/go-webauthn/webauthn v0.11.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/go-webauthn/x v0.1.12 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/nfnt/resize v0.0.0-20180221191011-83c6a9932646 // indirect
+	github.com/google/go-tpm v0.9.1 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
-	github.com/rabbitmq/amqp091-go v1.10.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect
 	google.golang.org/grpc v1.62.1 // indirect
 	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
diff --git a/occupi-backend/go.sum b/occupi-backend/go.sum
index 31cfa935..942b6855 100644
--- a/occupi-backend/go.sum
+++ b/occupi-backend/go.sum
@@ -22,6 +22,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I=
 github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
 github.com/gin-contrib/cors v1.7.2 h1:oLDHxdg8W/XDoN/8zamqk/Drgt4oVZDvaV0YmvVICQw=
@@ -44,8 +46,12 @@ github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBEx
 github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/go-webauthn/webauthn v0.11.0 h1:2U0jWuGeoiI+XSZkHPFRtwaYtqmMUsqABtlfSq1rODo=
 github.com/go-webauthn/webauthn v0.11.0/go.mod h1:57ZrqsZzD/eboQDVtBkvTdfqFYAh/7IwzdPT+sPWqB0=
+github.com/go-webauthn/x v0.1.12 h1:RjQ5cvApzyU/xLCiP+rub0PE4HBZsLggbxGR5ZpUf/A=
+github.com/go-webauthn/x v0.1.12/go.mod h1:XlRcGkNH8PT45TfeJYc6gqpOtiOendHhVmnOxh+5yHs=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
 github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
@@ -54,9 +60,13 @@ github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-tpm v0.9.1 h1:0pGc4X//bAlmZzMKf8iz6IsDo1nYTbYJ6FZN/rg4zdM=
+github.com/google/go-tpm v0.9.1/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
 github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
 github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=
@@ -155,6 +165,8 @@ github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65E
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/ulule/limiter/v3 v3.11.2 h1:P4yOrxoEMJbOTfRJR2OzjL90oflzYPPmWg+dvwN2tHA=
 github.com/ulule/limiter/v3 v3.11.2/go.mod h1:QG5GnFOCV+k7lrL5Y8kgEeeflPH3+Cviqlqa8SVSQxI=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
 github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
 github.com/xdg-go/scram v1.1.2 h1:FHX5I5B4i4hKRVRBCFRxq1iQRej7WO3hhBuJf+UUySY=
@@ -168,6 +180,8 @@ go.mongodb.org/mongo-driver v1.15.0 h1:rJCKC8eEliewXjZGf0ddURtl7tTVy1TK3bfl0gkUS
 go.mongodb.org/mongo-driver v1.15.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
 go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
 go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI=
 go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
@@ -177,8 +191,6 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
-golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
 golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
@@ -210,8 +222,6 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
-golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
 golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
diff --git a/occupi-backend/pkg/handlers/auth_handlers.go b/occupi-backend/pkg/handlers/auth_handlers.go
index 4b7fd7ad..6be0822c 100644
--- a/occupi-backend/pkg/handlers/auth_handlers.go
+++ b/occupi-backend/pkg/handlers/auth_handlers.go
@@ -77,6 +77,12 @@ func Login(ctx *gin.Context, appsession *models.AppSession, role string, cookies
 	AllocateAuthTokens(ctx, token, expirationTime, cookies)
 }
 
+func BeginLoginAdmin(ctx *gin.Context, appsession *models.AppSession) {
+
+}
+
+func FinishLoginAdmin(ctx *gin.Context, appsession *models.AppSession) {}
+
 // handler for registering a new user on occupi /auth/register
 func Register(ctx *gin.Context, appsession *models.AppSession) {
 	var requestUser models.RegisterUser
diff --git a/occupi-backend/pkg/models/app.go b/occupi-backend/pkg/models/app.go
index 9576cf54..ff64bce9 100644
--- a/occupi-backend/pkg/models/app.go
+++ b/occupi-backend/pkg/models/app.go
@@ -4,6 +4,7 @@ import (
 	"time"
 
 	"github.com/allegro/bigcache/v3"
+	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/ipinfo/go/v2/ipinfo"
 	amqp "github.com/rabbitmq/amqp091-go"
 	"go.mongodb.org/mongo-driver/mongo"
@@ -22,6 +23,7 @@ type AppSession struct {
 	RabbitMQ    *amqp.Connection
 	RabbitCh    *amqp.Channel
 	RabbitQ     amqp.Queue
+	webAuthn    *webauthn.WebAuthn
 }
 
 // constructor for app session
@@ -39,5 +41,6 @@ func New(db *mongo.Client, cache *bigcache.BigCache) *AppSession {
 		RabbitMQ:    conn,
 		RabbitCh:    ch,
 		RabbitQ:     q,
+		webAuthn:    configs.CreateWebAuthnInstance(),
 	}
 }

From a7639972a963a0071f0d012460bbd37559e5de4b Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Thu, 1 Aug 2024 20:51:04 +0200
Subject: [PATCH 04/20] feat: Add session management for WebAuthn
 authentication

---
 occupi-backend/pkg/cache/cache.go            |  56 ++++++++++
 occupi-backend/pkg/cache/cache_keys_gen.go   |   4 +
 occupi-backend/pkg/database/database.go      |  63 ++++++++++-
 occupi-backend/pkg/handlers/auth_handlers.go | 108 ++++++++++++++++++-
 occupi-backend/pkg/handlers/auth_helpers.go  |  33 ++++++
 occupi-backend/pkg/models/app.go             |  40 ++++++-
 occupi-backend/pkg/models/database.go        |   8 +-
 7 files changed, 303 insertions(+), 9 deletions(-)

diff --git a/occupi-backend/pkg/cache/cache.go b/occupi-backend/pkg/cache/cache.go
index bc407577..bd9e6e7d 100644
--- a/occupi-backend/pkg/cache/cache.go
+++ b/occupi-backend/pkg/cache/cache.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/models"
+	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/sirupsen/logrus"
 	"go.mongodb.org/mongo-driver/bson"
 )
@@ -219,3 +220,58 @@ func DeleteImage(appsession *models.AppSession, id string) {
 		return
 	}
 }
+
+func SetSession(appsession *models.AppSession, session *webauthn.SessionData, email string) error {
+	if appsession.Cache == nil {
+		return errors.New("cache not found")
+	}
+
+	// marshal the session
+	sessionData, err := bson.Marshal(session)
+	if err != nil {
+		logrus.Error("failed to marshall", err)
+		return err
+	}
+
+	// set the session in the cache
+	if err := appsession.Cache.Set(SessionKey(email), sessionData); err != nil {
+		logrus.Error("failed to set session in cache", err)
+		return err
+	}
+
+	return nil
+}
+
+func GetSession(appsession *models.AppSession, email string) (*webauthn.SessionData, error) {
+	if appsession.Cache == nil {
+		return nil, errors.New("cache not found")
+	}
+
+	// unmarshal the session from the cache
+	var session webauthn.SessionData
+	sessionData, err := appsession.Cache.Get(SessionKey(email))
+
+	if err != nil {
+		logrus.Error("key does not exist: ", err)
+		return nil, err
+	}
+
+	if err := bson.Unmarshal(sessionData, &session); err != nil {
+		logrus.Error("failed to unmarshall", err)
+		return nil, err
+	}
+
+	return &session, nil
+}
+
+func DeleteSession(appsession *models.AppSession, email string) {
+	if appsession.Cache == nil {
+		return
+	}
+
+	// delete the session from the cache
+	if err := appsession.Cache.Delete(SessionKey(email)); err != nil {
+		logrus.Error("failed to delete session from cache", err)
+		return
+	}
+}
diff --git a/occupi-backend/pkg/cache/cache_keys_gen.go b/occupi-backend/pkg/cache/cache_keys_gen.go
index 7a22b2ab..af06d3de 100644
--- a/occupi-backend/pkg/cache/cache_keys_gen.go
+++ b/occupi-backend/pkg/cache/cache_keys_gen.go
@@ -15,3 +15,7 @@ func RoomBookingKey(roomID string) string {
 func ImageKey(imageID string) string {
 	return "Images:" + imageID
 }
+
+func SessionKey(email string) string {
+	return "Sessions:" + email
+}
diff --git a/occupi-backend/pkg/database/database.go b/occupi-backend/pkg/database/database.go
index 2c35a0c3..a06e894c 100644
--- a/occupi-backend/pkg/database/database.go
+++ b/occupi-backend/pkg/database/database.go
@@ -11,6 +11,7 @@ import (
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/constants"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/models"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/sender"
+	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/ipinfo/go/v2/ipinfo"
 	"github.com/sirupsen/logrus"
 	"go.mongodb.org/mongo-driver/bson"
@@ -1087,8 +1088,11 @@ func GetSecuritySettings(ctx *gin.Context, appsession *models.AppSession, email
 	collection := appsession.DB.Database(configs.GetMongoDBName()).Collection("Users")
 
 	filter := bson.M{"email": email}
+	findOptions := options.FindOne()
+	// exclude the security.credentials field only
+	findOptions.SetProjection(bson.M{"security.credentials": 0})
 	var user models.User
-	err := collection.FindOne(ctx, filter).Decode(&user)
+	err := collection.FindOne(ctx, filter, findOptions).Decode(&user)
 	if err != nil {
 		logrus.Error(err)
 		return models.SecuritySettingsRequest{}, err
@@ -1544,3 +1548,60 @@ func AddRoom(ctx *gin.Context, appsession *models.AppSession, rroom models.Reque
 
 	return res.InsertedID.(primitive.ObjectID).Hex(), nil
 }
+
+func GetUserCredentials(ctx *gin.Context, appsession *models.AppSession, email string) (webauthn.Credential, error) {
+	// check if database is nil
+	if appsession.DB == nil {
+		logrus.Error("Database is nil")
+		return webauthn.Credential{}, errors.New("database is nil")
+	}
+
+	// check if user is in cache
+	if userData, err := cache.GetUser(appsession, email); err == nil {
+		return userData.Security.Credentials, nil
+	}
+
+	collection := appsession.DB.Database(configs.GetMongoDBName()).Collection("Users")
+
+	filter := bson.M{"email": email}
+	var user models.User
+	err := collection.FindOne(ctx, filter).Decode(&user)
+	if err != nil {
+		return webauthn.Credential{}, err
+	}
+
+	// Add the user to the cache if cache is not nil
+	cache.SetUser(appsession, user)
+
+	return user.Security.Credentials, nil
+}
+
+func AddUserCredential(ctx *gin.Context, appsession *models.AppSession, email string, credential *webauthn.Credential) error {
+	// check if database is nil
+	if appsession.DB == nil {
+		logrus.Error("Database is nil")
+		return errors.New("database is nil")
+	}
+
+	// get user from cache
+	userData, cacheErr := cache.GetUser(appsession, email)
+
+	collection := appsession.DB.Database(configs.GetMongoDBName()).Collection("Users")
+
+	filter := bson.M{"email": email}
+	update := bson.M{"$set": bson.M{"security.credentials": credential}}
+
+	_, err := collection.UpdateOne(ctx, filter, update)
+	if err != nil {
+		logrus.Error(err)
+		return err
+	}
+
+	// update user in cache
+	if cacheErr == nil {
+		userData.Security.Credentials = *credential
+		cache.SetUser(appsession, userData)
+	}
+
+	return nil
+}
diff --git a/occupi-backend/pkg/handlers/auth_handlers.go b/occupi-backend/pkg/handlers/auth_handlers.go
index 6be0822c..04504bc1 100644
--- a/occupi-backend/pkg/handlers/auth_handlers.go
+++ b/occupi-backend/pkg/handlers/auth_handlers.go
@@ -4,18 +4,20 @@ import (
 	"net/http"
 
 	"github.com/COS301-SE-2024/occupi/occupi-backend/configs"
+	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/cache"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/constants"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/database"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/mail"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/models"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/utils"
+	"github.com/go-webauthn/webauthn/webauthn"
 
 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
 )
 
 // handler for logging a new user on occupi /auth/login
-func Login(ctx *gin.Context, appsession *models.AppSession, role string, cookies bool) {
+func Login(ctx *gin.Context, appsession *models.AppSession, role string, cookies bool, shouldWebAuthN bool) {
 	var requestUser models.RequestUser
 	if err := ctx.ShouldBindBodyWithJSON(&requestUser); err != nil {
 		ctx.JSON(http.StatusBadRequest, utils.ErrorResponse(
@@ -65,6 +67,14 @@ func Login(ctx *gin.Context, appsession *models.AppSession, role string, cookies
 		return
 	}
 
+	if shouldWebAuthN {
+		err := WebAuthNAuthentication(ctx, appsession, requestUser)
+		if err != nil {
+			logrus.WithError(err).Error("Error with WebAuthN authentication")
+		}
+		return
+	}
+
 	// generate a jwt token for the user
 	token, expirationTime, err := GenerateJWTTokenAndStartSession(ctx, appsession, requestUser.Email, role)
 
@@ -77,11 +87,103 @@ func Login(ctx *gin.Context, appsession *models.AppSession, role string, cookies
 	AllocateAuthTokens(ctx, token, expirationTime, cookies)
 }
 
-func BeginLoginAdmin(ctx *gin.Context, appsession *models.AppSession) {
+func FinishLoginAdmin(ctx *gin.Context, appsession *models.AppSession, role string, cookies bool) {
+	var requestEmail models.RequestEmail
+	if err := ctx.ShouldBindBodyWithJSON(&requestEmail); err != nil {
+		ctx.JSON(http.StatusBadRequest, utils.ErrorResponse(
+			http.StatusBadRequest,
+			"Invalid request payload",
+			constants.InvalidRequestPayloadCode,
+			"Expected email field",
+			nil))
+		return
+	}
+
+	// fetch sessionData from the cache
+	sessionData, err := cache.GetSession(appsession, requestEmail.Email)
+
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		logrus.WithError(err).Error("Error fetching session data from cache")
+		return
+	}
 
+	// get the user's credentials from the database
+	cred, err := database.GetUserCredentials(ctx, appsession, requestEmail.Email)
+
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		logrus.WithError(err).Error("Error fetching user credentials from database")
+		return
+	}
+
+	user := models.NewWebAuthnUser([]byte(requestEmail.Email), requestEmail.Email, requestEmail.Email, cred)
+
+	credential, err := appsession.WebAuthn.FinishLogin(user, *sessionData, ctx.Request)
+
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		logrus.WithError(err).Error("Error finishing login")
+		return
+	}
+
+	err = database.AddUserCredential(ctx, appsession, requestEmail.Email, credential)
+
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		logrus.WithError(err).Error("Error finishing login")
+		return
+	}
+
+	// generate a jwt token for the user
+	token, expirationTime, err := GenerateJWTTokenAndStartSession(ctx, appsession, requestEmail.Email, role)
+
+	if err != nil {
+		logrus.WithError(err).Error("Error generating JWT token")
+		return
+	}
+
+	// Use AllocateAuthTokens to handle the response
+	AllocateAuthTokens(ctx, token, expirationTime, cookies)
+}
+
+func BeginRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession) {
+	var requestEmail models.RequestEmail
+	if err := ctx.ShouldBindBodyWithJSON(&requestEmail); err != nil {
+		ctx.JSON(http.StatusBadRequest, utils.ErrorResponse(
+			http.StatusBadRequest,
+			"Invalid request payload",
+			constants.InvalidRequestPayloadCode,
+			"Expected email field",
+			nil))
+		return
+	}
+
+	webauthnUser := models.NewWebAuthnUser([]byte(requestEmail.Email), requestEmail.Email, requestEmail.Email, webauthn.Credential{})
+	options, sessionData, err := appsession.WebAuthn.BeginRegistration(webauthnUser)
+	if err != nil {
+		logrus.WithError(err).Error("Error beginning WebAuthn registration")
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		return
+	}
+
+	// Save the session data - cache will expire in x defined minutes according to the config
+	if err := cache.SetSession(appsession, sessionData, requestEmail.Email); err != nil {
+		logrus.WithError(err).Error("Error saving session data in cache")
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		return
+	}
+
+	ctx.JSON(http.StatusOK, utils.SuccessResponse(
+		http.StatusOK,
+		"WebAuthn login initiated",
+		gin.H{"options": options, "sessionData": sessionData},
+	))
 }
 
-func FinishLoginAdmin(ctx *gin.Context, appsession *models.AppSession) {}
+func FinishRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession) {
+
+}
 
 // handler for registering a new user on occupi /auth/register
 func Register(ctx *gin.Context, appsession *models.AppSession) {
diff --git a/occupi-backend/pkg/handlers/auth_helpers.go b/occupi-backend/pkg/handlers/auth_helpers.go
index 9a490a44..a0754911 100644
--- a/occupi-backend/pkg/handlers/auth_helpers.go
+++ b/occupi-backend/pkg/handlers/auth_helpers.go
@@ -1,11 +1,13 @@
 package handlers
 
 import (
+	"fmt"
 	"net/http"
 	"time"
 
 	"github.com/COS301-SE-2024/occupi/occupi-backend/configs"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/authenticator"
+	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/cache"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/constants"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/database"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/mail"
@@ -545,3 +547,34 @@ func AttemptToSignNewEmail(ctx *gin.Context, appsession *models.AppSession, emai
 		))
 	}
 }
+
+func WebAuthNAuthentication(ctx *gin.Context, appsession *models.AppSession, requestUser models.RequestUser) error {
+	// Begin WebAuthn login process
+	cred, err := database.GetUserCredentials(ctx, appsession, requestUser.Email)
+	if err != nil {
+		ctx.JSON(http.StatusOK, utils.SuccessResponse(
+			http.StatusOK,
+			"Error getting user credentials, please register for WebAuthn",
+			gin.H{"error": "Error getting user credentials, please register for WebAuthn"}))
+		return fmt.Errorf("error getting user credentials: %v", err)
+	}
+	webauthnUser := models.NewWebAuthnUser([]byte(requestUser.Email), requestUser.Email, requestUser.Email, cred)
+	options, sessionData, err := appsession.WebAuthn.BeginLogin(webauthnUser)
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		return fmt.Errorf("error beginning WebAuthn login: %v", err)
+	}
+
+	// Save the session data - cache will expire in x defined minutes according to the config
+	if err := cache.SetSession(appsession, sessionData, requestUser.Email); err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		return fmt.Errorf("error saving WebAuthn session data: %v", err)
+	}
+
+	ctx.JSON(http.StatusOK, utils.SuccessResponse(
+		http.StatusOK,
+		"WebAuthn login initiated",
+		gin.H{"options": options, "sessionData": sessionData},
+	))
+	return nil
+}
diff --git a/occupi-backend/pkg/models/app.go b/occupi-backend/pkg/models/app.go
index ff64bce9..879c6c76 100644
--- a/occupi-backend/pkg/models/app.go
+++ b/occupi-backend/pkg/models/app.go
@@ -23,7 +23,7 @@ type AppSession struct {
 	RabbitMQ    *amqp.Connection
 	RabbitCh    *amqp.Channel
 	RabbitQ     amqp.Queue
-	webAuthn    *webauthn.WebAuthn
+	WebAuthn    *webauthn.WebAuthn
 }
 
 // constructor for app session
@@ -41,6 +41,42 @@ func New(db *mongo.Client, cache *bigcache.BigCache) *AppSession {
 		RabbitMQ:    conn,
 		RabbitCh:    ch,
 		RabbitQ:     q,
-		webAuthn:    configs.CreateWebAuthnInstance(),
+		WebAuthn:    configs.CreateWebAuthnInstance(),
+	}
+}
+
+type WebAuthnUser struct {
+	ID          []byte
+	Name        string
+	DisplayName string
+	Credentials []webauthn.Credential
+}
+
+// WebAuthnCredentials implements webauthn.User.
+func (u WebAuthnUser) WebAuthnCredentials() []webauthn.Credential {
+	return u.Credentials
+}
+
+// WebAuthnDisplayName implements webauthn.User.
+func (u WebAuthnUser) WebAuthnDisplayName() string {
+	return u.DisplayName
+}
+
+// WebAuthnID implements webauthn.User.
+func (u WebAuthnUser) WebAuthnID() []byte {
+	return u.ID
+}
+
+// WebAuthnName implements webauthn.User.
+func (u WebAuthnUser) WebAuthnName() string {
+	return u.Name
+}
+
+func NewWebAuthnUser(id []byte, name, displayName string, credentials webauthn.Credential) WebAuthnUser {
+	return WebAuthnUser{
+		ID:          id,
+		Name:        name,
+		DisplayName: displayName,
+		Credentials: []webauthn.Credential{credentials},
 	}
 }
diff --git a/occupi-backend/pkg/models/database.go b/occupi-backend/pkg/models/database.go
index b7b87759..866a490d 100644
--- a/occupi-backend/pkg/models/database.go
+++ b/occupi-backend/pkg/models/database.go
@@ -3,6 +3,7 @@ package models
 import (
 	"time"
 
+	"github.com/go-webauthn/webauthn/webauthn"
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/bson/primitive"
 )
@@ -66,9 +67,10 @@ type Notifications struct {
 }
 
 type Security struct {
-	MFA         bool `json:"mfa" bson:"mfa"`
-	Biometrics  bool `json:"biometrics" bson:"biometrics"`
-	ForceLogout bool `json:"forceLogout" bson:"forceLogout"`
+	MFA         bool                `json:"mfa" bson:"mfa"`
+	Biometrics  bool                `json:"biometrics" bson:"biometrics"`
+	ForceLogout bool                `json:"forceLogout" bson:"forceLogout"`
+	Credentials webauthn.Credential `json:"credentials" bson:"credentials"`
 }
 
 type Location struct {

From 8bd505c071f238a4c771259b5343538f98aa27d2 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Fri, 2 Aug 2024 20:35:14 +0200
Subject: [PATCH 05/20] chore: Add dev.json to .gitignore and update
 FinishRegistrationAdmin function in auth_handlers.go

---
 occupi-backend/.gitignore                    |  4 +-
 occupi-backend/pkg/handlers/auth_handlers.go | 58 +++++++++++++++++++-
 occupi-backend/pkg/router/router.go          |  9 +--
 3 files changed, 65 insertions(+), 6 deletions(-)

diff --git a/occupi-backend/.gitignore b/occupi-backend/.gitignore
index c6eabc7e..5ade30fd 100644
--- a/occupi-backend/.gitignore
+++ b/occupi-backend/.gitignore
@@ -4,4 +4,6 @@
 
 /web
 
-*.exe
\ No newline at end of file
+*.exe
+
+dev.json
\ No newline at end of file
diff --git a/occupi-backend/pkg/handlers/auth_handlers.go b/occupi-backend/pkg/handlers/auth_handlers.go
index 04504bc1..6ae990df 100644
--- a/occupi-backend/pkg/handlers/auth_handlers.go
+++ b/occupi-backend/pkg/handlers/auth_handlers.go
@@ -181,8 +181,64 @@ func BeginRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession) {
 	))
 }
 
-func FinishRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession) {
+func FinishRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession, role string, cookies bool) {
+	var requestEmail models.RequestEmail
+	if err := ctx.ShouldBindBodyWithJSON(&requestEmail); err != nil {
+		ctx.JSON(http.StatusBadRequest, utils.ErrorResponse(
+			http.StatusBadRequest,
+			"Invalid request payload",
+			constants.InvalidRequestPayloadCode,
+			"Expected email field",
+			nil))
+		return
+	}
+
+	// fetch sessionData from the cache
+	sessionData, err := cache.GetSession(appsession, requestEmail.Email)
+
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		logrus.WithError(err).Error("Error fetching session data from cache")
+		return
+	}
+
+	// get the user's credentials from the database
+	cred, err := database.GetUserCredentials(ctx, appsession, requestEmail.Email)
+
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		logrus.WithError(err).Error("Error fetching user credentials from database")
+		return
+	}
 
+	user := models.NewWebAuthnUser([]byte(requestEmail.Email), requestEmail.Email, requestEmail.Email, cred)
+
+	credential, err := appsession.WebAuthn.FinishRegistration(user, *sessionData, ctx.Request)
+
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		logrus.WithError(err).Error("Error finishing login")
+		return
+	}
+
+	err = database.AddUserCredential(ctx, appsession, requestEmail.Email, credential)
+
+	if err != nil {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		logrus.WithError(err).Error("Error finishing login")
+		return
+	}
+
+	// generate a jwt token for the user
+	token, expirationTime, err := GenerateJWTTokenAndStartSession(ctx, appsession, requestEmail.Email, role)
+
+	if err != nil {
+		logrus.WithError(err).Error("Error generating JWT token")
+		return
+	}
+
+	// Use AllocateAuthTokens to handle the response
+	AllocateAuthTokens(ctx, token, expirationTime, cookies)
 }
 
 // handler for registering a new user on occupi /auth/register
diff --git a/occupi-backend/pkg/router/router.go b/occupi-backend/pkg/router/router.go
index a6534e26..c1a6a2cf 100644
--- a/occupi-backend/pkg/router/router.go
+++ b/occupi-backend/pkg/router/router.go
@@ -58,10 +58,11 @@ func OccupiRouter(router *gin.Engine, appsession *models.AppSession) {
 	}
 	auth := router.Group("/auth")
 	{
-		auth.POST("/login", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Basic, true) })
-		auth.POST("/login-admin", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, true) })
-		auth.POST("/login-mobile", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Basic, false) })
-		auth.POST("/login-admin-mobile", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, false) })
+		auth.POST("/login", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Basic, true, false) })
+		auth.POST("/login-admin", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, true, false) })
+		auth.POST("/login-admin-webauthn", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, true, true) })
+		auth.POST("/login-mobile", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Basic, false, false) })
+		auth.POST("/login-admin-mobile", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, false, false) })
 		auth.POST("/register", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Register(ctx, appsession) })
 		auth.POST("/resend-otp", func(ctx *gin.Context) { middleware.AttachOTPRateLimitMiddleware(ctx, appsession) }, func(ctx *gin.Context) { handlers.ResendOTP(ctx, appsession, constants.ReverifyEmail) })
 		auth.POST("/verify-otp", func(ctx *gin.Context) { handlers.VerifyOTP(ctx, appsession, false, constants.Basic, true) })

From 2aa2dc9b98137238cde6fbb6987b32436e0bb5b7 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sat, 3 Aug 2024 23:10:21 +0200
Subject: [PATCH 06/20] =?UTF-8?q?feat:=20backend=20webauthn=20implementati?=
 =?UTF-8?q?on=20is=20now=20working=F0=9F=8E=89!!!?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 occupi-backend/static/index.html | 88 ++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 occupi-backend/static/index.html

diff --git a/occupi-backend/static/index.html b/occupi-backend/static/index.html
new file mode 100644
index 00000000..a881f6f4
--- /dev/null
+++ b/occupi-backend/static/index.html
@@ -0,0 +1,88 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>WebAuthn Demo</title>
+</head>
+<body>
+    <h1>WebAuthn Demo</h1>
+    <button id="register">Register</button>
+    <button id="login">Login</button>
+
+    <script>
+
+        window.addEventListener('load', async () => {
+            if (!window.PublicKeyCredential) {
+                alert('WebAuthn is not supported in this browser');
+            } else {
+                console.log('WebAuthn is supported in this browser');
+            }
+        });
+
+        function bufferDecode(value) {
+            // Replace URL-safe characters with standard Base64 characters
+            console.log(value);
+            value = value.replace(/-/g, '+').replace(/_/g, '/');
+            
+            // Add necessary padding
+            while (value.length % 4) {
+                value += '=';
+            }
+
+            // Decode Base64 string
+            return Uint8Array.from(atob(value), c => c.charCodeAt(0));
+        }
+
+        document.getElementById('register').addEventListener('click', async () => {
+            const response = await fetch('http://localhost:8080/auth/register-admin-begin', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ email: 'michael.chinyama.bbd@gmail.com' })
+            });
+            const res = await response.json();
+            res.data.options.publicKey.challenge = bufferDecode(res.data.options.publicKey.challenge);
+            res.data.options.publicKey.user.id = bufferDecode(res.data.options.publicKey.user.id);
+            console.log(res.data.options.publicKey);
+
+            const credential = await navigator.credentials.create({ publicKey: res.data.options.publicKey });
+            await fetch('http://localhost:8080/auth/register-admin-finish', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                  email: 'michael.chinyama.bbd@gmail.com',
+                  credential: credential
+                })
+            });
+        });
+
+        document.getElementById('login').addEventListener('click', async () => {
+            const response = await fetch('http://localhost:8080/auth/login-admin-begin', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ email: 'michael.chinyama.bbd@gmail.com' })
+            });
+            const res = await response.json();
+
+            console.log(res.data.options);
+
+            res.data.options.challenge = bufferDecode(res.data.options.challenge);
+            res.data.options.allowCredentials.forEach(function (listItem) {
+              listItem.id = bufferDecode(listItem.id)
+            });
+
+            console.log(res.data.options.publicKey);
+
+            const assertion = await navigator.credentials.get({ publicKey: res.data.options.publicKey });
+            await fetch('http://localhost:8080/auth/login-admin-finish', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                  email: 'michael.chinyama.bbd@gmail.com',
+                  assertion
+                })
+            });
+        });
+    </script>
+</body>
+</html>

From 06f4ce0acc1ab6324b7b6221b1efac7a1d3bb4a4 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sat, 3 Aug 2024 23:11:43 +0200
Subject: [PATCH 07/20] =?UTF-8?q?feat:=20wait=20the=20others=20were=20left?=
 =?UTF-8?q?=20behind=20lol,=20okay=20here=20are=20the=20real=20ones?=
 =?UTF-8?q?=F0=9F=AB=B5=F0=9F=92=AA=F0=9F=8F=8B=EF=B8=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 occupi-backend/configs/setup.go              |  12 ++
 occupi-backend/pkg/cache/cache.go            |  21 ++--
 occupi-backend/pkg/handlers/auth_handlers.go | 109 +++++++++++-----
 occupi-backend/pkg/handlers/auth_helpers.go  |  11 +-
 occupi-backend/pkg/models/app.go             |  42 ++++---
 occupi-backend/pkg/models/request.go         |   9 ++
 occupi-backend/pkg/router/router.go          |   6 +-
 occupi-backend/pkg/utils/utils.go            |  11 ++
 occupi-backend/static/index.html             | 126 ++++++++++++-------
 9 files changed, 239 insertions(+), 108 deletions(-)

diff --git a/occupi-backend/configs/setup.go b/occupi-backend/configs/setup.go
index 1cda8dab..5a08f4a6 100644
--- a/occupi-backend/configs/setup.go
+++ b/occupi-backend/configs/setup.go
@@ -89,6 +89,18 @@ func CreateCache() *bigcache.BigCache {
 	return cache
 }
 
+// Create cache for sessions
+func CreateSessionCache() *bigcache.BigCache {
+	config := bigcache.DefaultConfig(time.Duration(GetCacheEviction()) * time.Second) // Set the eviction time to x seconds
+	config.CleanWindow = time.Duration(GetCacheEviction()/2) * time.Second            // Set the cleanup interval to x seconds
+	cache, err := bigcache.New(context.Background(), config)
+	if err != nil {
+		logrus.Fatal(err)
+	}
+
+	return cache
+}
+
 // create cache for rate limiting otp regenration requests
 func CreateOTPRateLimitCache() *bigcache.BigCache {
 	config := bigcache.DefaultConfig(time.Duration(GetOTPReqEviction()) * time.Second) // Set the eviction time to x seconds
diff --git a/occupi-backend/pkg/cache/cache.go b/occupi-backend/pkg/cache/cache.go
index bd9e6e7d..c5200ded 100644
--- a/occupi-backend/pkg/cache/cache.go
+++ b/occupi-backend/pkg/cache/cache.go
@@ -4,7 +4,6 @@ import (
 	"errors"
 
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/models"
-	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/sirupsen/logrus"
 	"go.mongodb.org/mongo-driver/bson"
 )
@@ -221,8 +220,8 @@ func DeleteImage(appsession *models.AppSession, id string) {
 	}
 }
 
-func SetSession(appsession *models.AppSession, session *webauthn.SessionData, email string) error {
-	if appsession.Cache == nil {
+func SetSession(appsession *models.AppSession, session models.WebAuthnSession, uuid string) error {
+	if appsession.SessionCache == nil {
 		return errors.New("cache not found")
 	}
 
@@ -234,7 +233,7 @@ func SetSession(appsession *models.AppSession, session *webauthn.SessionData, em
 	}
 
 	// set the session in the cache
-	if err := appsession.Cache.Set(SessionKey(email), sessionData); err != nil {
+	if err := appsession.SessionCache.Set(SessionKey(uuid), sessionData); err != nil {
 		logrus.Error("failed to set session in cache", err)
 		return err
 	}
@@ -242,14 +241,14 @@ func SetSession(appsession *models.AppSession, session *webauthn.SessionData, em
 	return nil
 }
 
-func GetSession(appsession *models.AppSession, email string) (*webauthn.SessionData, error) {
-	if appsession.Cache == nil {
+func GetSession(appsession *models.AppSession, uuid string) (*models.WebAuthnSession, error) {
+	if appsession.SessionCache == nil {
 		return nil, errors.New("cache not found")
 	}
 
 	// unmarshal the session from the cache
-	var session webauthn.SessionData
-	sessionData, err := appsession.Cache.Get(SessionKey(email))
+	var session models.WebAuthnSession
+	sessionData, err := appsession.SessionCache.Get(SessionKey(uuid))
 
 	if err != nil {
 		logrus.Error("key does not exist: ", err)
@@ -264,13 +263,13 @@ func GetSession(appsession *models.AppSession, email string) (*webauthn.SessionD
 	return &session, nil
 }
 
-func DeleteSession(appsession *models.AppSession, email string) {
-	if appsession.Cache == nil {
+func DeleteSession(appsession *models.AppSession, uuid string) {
+	if appsession.SessionCache == nil {
 		return
 	}
 
 	// delete the session from the cache
-	if err := appsession.Cache.Delete(SessionKey(email)); err != nil {
+	if err := appsession.SessionCache.Delete(SessionKey(uuid)); err != nil {
 		logrus.Error("failed to delete session from cache", err)
 		return
 	}
diff --git a/occupi-backend/pkg/handlers/auth_handlers.go b/occupi-backend/pkg/handlers/auth_handlers.go
index 6ae990df..aea6f399 100644
--- a/occupi-backend/pkg/handlers/auth_handlers.go
+++ b/occupi-backend/pkg/handlers/auth_handlers.go
@@ -1,6 +1,7 @@
 package handlers
 
 import (
+	"fmt"
 	"net/http"
 
 	"github.com/COS301-SE-2024/occupi/occupi-backend/configs"
@@ -87,7 +88,7 @@ func Login(ctx *gin.Context, appsession *models.AppSession, role string, cookies
 	AllocateAuthTokens(ctx, token, expirationTime, cookies)
 }
 
-func FinishLoginAdmin(ctx *gin.Context, appsession *models.AppSession, role string, cookies bool) {
+func BeginLoginAdmin(ctx *gin.Context, appsession *models.AppSession) {
 	var requestEmail models.RequestEmail
 	if err := ctx.ShouldBindBodyWithJSON(&requestEmail); err != nil {
 		ctx.JSON(http.StatusBadRequest, utils.ErrorResponse(
@@ -99,27 +100,72 @@ func FinishLoginAdmin(ctx *gin.Context, appsession *models.AppSession, role stri
 		return
 	}
 
-	// fetch sessionData from the cache
-	sessionData, err := cache.GetSession(appsession, requestEmail.Email)
-
+	// Begin WebAuthn login process
+	cred, err := database.GetUserCredentials(ctx, appsession, requestEmail.Email)
+	if err != nil || len(cred.ID) == 0 {
+		ctx.JSON(http.StatusOK, utils.SuccessResponse(
+			http.StatusOK,
+			"Error getting user credentials, please register for WebAuthn",
+			gin.H{"error": "Error getting user credentials, please register for WebAuthn"}))
+		fmt.Printf("error getting user credentials: %v", err)
+		return
+	}
+	webauthnUser := models.NewWebAuthnUser([]byte(requestEmail.Email), requestEmail.Email, requestEmail.Email, cred)
+	options, sessionData, err := appsession.WebAuthn.BeginLogin(webauthnUser)
 	if err != nil {
 		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
-		logrus.WithError(err).Error("Error fetching session data from cache")
+		fmt.Printf("error beginning WebAuthn login: %v", err)
 		return
 	}
 
-	// get the user's credentials from the database
-	cred, err := database.GetUserCredentials(ctx, appsession, requestEmail.Email)
+	uuid := utils.GenerateUUID()
+
+	session := models.WebAuthnSession{
+		Uuid:        uuid,
+		Email:       requestEmail.Email,
+		Cred:        cred,
+		SessionData: sessionData,
+	}
+
+	// Save the session data - cache will expire in x defined minutes according to the config
+	if err := cache.SetSession(appsession, session, uuid); err != nil && err.Error() != "cache not found" {
+		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
+		fmt.Printf("error saving WebAuthn session data: %v", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, utils.SuccessResponse(
+		http.StatusOK,
+		"WebAuthn login initiated",
+		gin.H{"options": options, "sessionData": sessionData, "uuid": uuid},
+	))
+}
+
+func FinishLoginAdmin(ctx *gin.Context, appsession *models.AppSession, role string, cookies bool) {
+	uuid := ctx.Param("id")
+
+	if uuid == "" {
+		ctx.JSON(http.StatusBadRequest, utils.ErrorResponse(
+			http.StatusBadRequest,
+			"Invalid request payload",
+			constants.InvalidRequestPayloadCode,
+			"Expected id field",
+			nil))
+		return
+	}
+
+	// fetch sessionData from the cache
+	sessionData, err := cache.GetSession(appsession, uuid)
 
 	if err != nil {
 		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
-		logrus.WithError(err).Error("Error fetching user credentials from database")
+		logrus.WithError(err).Error("Error fetching session data from cache")
 		return
 	}
 
-	user := models.NewWebAuthnUser([]byte(requestEmail.Email), requestEmail.Email, requestEmail.Email, cred)
+	user := models.NewWebAuthnUser([]byte(sessionData.Email), sessionData.Email, sessionData.Email, sessionData.Cred)
 
-	credential, err := appsession.WebAuthn.FinishLogin(user, *sessionData, ctx.Request)
+	credential, err := appsession.WebAuthn.FinishLogin(user, *sessionData.SessionData, ctx.Request)
 
 	if err != nil {
 		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
@@ -127,7 +173,7 @@ func FinishLoginAdmin(ctx *gin.Context, appsession *models.AppSession, role stri
 		return
 	}
 
-	err = database.AddUserCredential(ctx, appsession, requestEmail.Email, credential)
+	err = database.AddUserCredential(ctx, appsession, sessionData.Email, credential)
 
 	if err != nil {
 		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
@@ -136,7 +182,7 @@ func FinishLoginAdmin(ctx *gin.Context, appsession *models.AppSession, role stri
 	}
 
 	// generate a jwt token for the user
-	token, expirationTime, err := GenerateJWTTokenAndStartSession(ctx, appsession, requestEmail.Email, role)
+	token, expirationTime, err := GenerateJWTTokenAndStartSession(ctx, appsession, sessionData.Email, role)
 
 	if err != nil {
 		logrus.WithError(err).Error("Error generating JWT token")
@@ -167,8 +213,17 @@ func BeginRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession) {
 		return
 	}
 
+	uuid := utils.GenerateUUID()
+
+	session := models.WebAuthnSession{
+		Uuid:        uuid,
+		Email:       requestEmail.Email,
+		Cred:        webauthn.Credential{},
+		SessionData: sessionData,
+	}
+
 	// Save the session data - cache will expire in x defined minutes according to the config
-	if err := cache.SetSession(appsession, sessionData, requestEmail.Email); err != nil {
+	if err := cache.SetSession(appsession, session, uuid); err != nil && err.Error() != "cache not found" {
 		logrus.WithError(err).Error("Error saving session data in cache")
 		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
 		return
@@ -177,24 +232,25 @@ func BeginRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession) {
 	ctx.JSON(http.StatusOK, utils.SuccessResponse(
 		http.StatusOK,
 		"WebAuthn login initiated",
-		gin.H{"options": options, "sessionData": sessionData},
+		gin.H{"options": options, "sessionData": sessionData, "uuid": uuid},
 	))
 }
 
 func FinishRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession, role string, cookies bool) {
-	var requestEmail models.RequestEmail
-	if err := ctx.ShouldBindBodyWithJSON(&requestEmail); err != nil {
+	uuid := ctx.Param("id")
+
+	if uuid == "" {
 		ctx.JSON(http.StatusBadRequest, utils.ErrorResponse(
 			http.StatusBadRequest,
 			"Invalid request payload",
 			constants.InvalidRequestPayloadCode,
-			"Expected email field",
+			"Expected id field",
 			nil))
 		return
 	}
 
 	// fetch sessionData from the cache
-	sessionData, err := cache.GetSession(appsession, requestEmail.Email)
+	sessionData, err := cache.GetSession(appsession, uuid)
 
 	if err != nil {
 		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
@@ -202,18 +258,9 @@ func FinishRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession, ro
 		return
 	}
 
-	// get the user's credentials from the database
-	cred, err := database.GetUserCredentials(ctx, appsession, requestEmail.Email)
-
-	if err != nil {
-		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
-		logrus.WithError(err).Error("Error fetching user credentials from database")
-		return
-	}
-
-	user := models.NewWebAuthnUser([]byte(requestEmail.Email), requestEmail.Email, requestEmail.Email, cred)
+	user := models.NewWebAuthnUser([]byte(sessionData.Email), sessionData.Email, sessionData.Email, sessionData.Cred)
 
-	credential, err := appsession.WebAuthn.FinishRegistration(user, *sessionData, ctx.Request)
+	credential, err := appsession.WebAuthn.FinishRegistration(user, *sessionData.SessionData, ctx.Request)
 
 	if err != nil {
 		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
@@ -221,7 +268,7 @@ func FinishRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession, ro
 		return
 	}
 
-	err = database.AddUserCredential(ctx, appsession, requestEmail.Email, credential)
+	err = database.AddUserCredential(ctx, appsession, sessionData.Email, credential)
 
 	if err != nil {
 		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
@@ -230,7 +277,7 @@ func FinishRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession, ro
 	}
 
 	// generate a jwt token for the user
-	token, expirationTime, err := GenerateJWTTokenAndStartSession(ctx, appsession, requestEmail.Email, role)
+	token, expirationTime, err := GenerateJWTTokenAndStartSession(ctx, appsession, sessionData.Email, role)
 
 	if err != nil {
 		logrus.WithError(err).Error("Error generating JWT token")
diff --git a/occupi-backend/pkg/handlers/auth_helpers.go b/occupi-backend/pkg/handlers/auth_helpers.go
index a0754911..f336a96b 100644
--- a/occupi-backend/pkg/handlers/auth_helpers.go
+++ b/occupi-backend/pkg/handlers/auth_helpers.go
@@ -565,8 +565,17 @@ func WebAuthNAuthentication(ctx *gin.Context, appsession *models.AppSession, req
 		return fmt.Errorf("error beginning WebAuthn login: %v", err)
 	}
 
+	uuid := utils.GenerateUUID()
+
+	session := models.WebAuthnSession{
+		Uuid:        uuid,
+		Email:       requestUser.Email,
+		Cred:        cred,
+		SessionData: sessionData,
+	}
+
 	// Save the session data - cache will expire in x defined minutes according to the config
-	if err := cache.SetSession(appsession, sessionData, requestUser.Email); err != nil {
+	if err := cache.SetSession(appsession, session, requestUser.Email); err != nil {
 		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
 		return fmt.Errorf("error saving WebAuthn session data: %v", err)
 	}
diff --git a/occupi-backend/pkg/models/app.go b/occupi-backend/pkg/models/app.go
index 879c6c76..00411197 100644
--- a/occupi-backend/pkg/models/app.go
+++ b/occupi-backend/pkg/models/app.go
@@ -14,16 +14,17 @@ import (
 
 // state management for the web app during runtime
 type AppSession struct {
-	DB          *mongo.Client
-	Cache       *bigcache.BigCache
-	EmailsSent  int
-	CurrentDate time.Time
-	OtpReqCache *bigcache.BigCache
-	IPInfo      *ipinfo.Client
-	RabbitMQ    *amqp.Connection
-	RabbitCh    *amqp.Channel
-	RabbitQ     amqp.Queue
-	WebAuthn    *webauthn.WebAuthn
+	DB           *mongo.Client
+	Cache        *bigcache.BigCache
+	EmailsSent   int
+	CurrentDate  time.Time
+	OtpReqCache  *bigcache.BigCache
+	IPInfo       *ipinfo.Client
+	RabbitMQ     *amqp.Connection
+	RabbitCh     *amqp.Channel
+	RabbitQ      amqp.Queue
+	WebAuthn     *webauthn.WebAuthn
+	SessionCache *bigcache.BigCache
 }
 
 // constructor for app session
@@ -32,16 +33,17 @@ func New(db *mongo.Client, cache *bigcache.BigCache) *AppSession {
 	ch := configs.CreateRabbitChannel(conn)
 	q := configs.CreateRabbitQueue(ch)
 	return &AppSession{
-		DB:          db,
-		Cache:       cache,
-		EmailsSent:  0,
-		CurrentDate: time.Now(),
-		OtpReqCache: configs.CreateOTPRateLimitCache(),
-		IPInfo:      configs.CreateIPInfoClient(),
-		RabbitMQ:    conn,
-		RabbitCh:    ch,
-		RabbitQ:     q,
-		WebAuthn:    configs.CreateWebAuthnInstance(),
+		DB:           db,
+		Cache:        cache,
+		EmailsSent:   0,
+		CurrentDate:  time.Now(),
+		OtpReqCache:  configs.CreateOTPRateLimitCache(),
+		IPInfo:       configs.CreateIPInfoClient(),
+		RabbitMQ:     conn,
+		RabbitCh:     ch,
+		RabbitQ:      q,
+		WebAuthn:     configs.CreateWebAuthnInstance(),
+		SessionCache: configs.CreateSessionCache(),
 	}
 }
 
diff --git a/occupi-backend/pkg/models/request.go b/occupi-backend/pkg/models/request.go
index 2f96c4bd..bc6d5b83 100644
--- a/occupi-backend/pkg/models/request.go
+++ b/occupi-backend/pkg/models/request.go
@@ -1,5 +1,7 @@
 package models
 
+import "github.com/go-webauthn/webauthn/webauthn"
+
 type RegisterUser struct {
 	Email         string `json:"email" binding:"required,email"`
 	Password      string `json:"password" binding:"required,min=8"`
@@ -102,3 +104,10 @@ type RequestRoom struct {
 	RoomName     string   `json:"roomName" binding:"required"`
 	Resources    []string `json:"resources" binding:"required"`
 }
+
+type WebAuthnSession struct {
+	Uuid        string                `json:"uuid"`
+	Email       string                `json:"email"`
+	Cred        webauthn.Credential   `json:"cred"`
+	SessionData *webauthn.SessionData `json:"sessionData"`
+}
diff --git a/occupi-backend/pkg/router/router.go b/occupi-backend/pkg/router/router.go
index c1a6a2cf..0beecdac 100644
--- a/occupi-backend/pkg/router/router.go
+++ b/occupi-backend/pkg/router/router.go
@@ -58,9 +58,13 @@ func OccupiRouter(router *gin.Engine, appsession *models.AppSession) {
 	}
 	auth := router.Group("/auth")
 	{
+		auth.POST("/login-admin-begin", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.BeginLoginAdmin(ctx, appsession) })
+		auth.POST("/login-admin-finish/:id", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.FinishLoginAdmin(ctx, appsession, constants.Admin, false) })
+		auth.POST("/register-admin-begin", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.BeginRegistrationAdmin(ctx, appsession) })
+		auth.POST("/register-admin-finish/:id", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.FinishRegistrationAdmin(ctx, appsession, constants.Admin, false) })
+
 		auth.POST("/login", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Basic, true, false) })
 		auth.POST("/login-admin", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, true, false) })
-		auth.POST("/login-admin-webauthn", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, true, true) })
 		auth.POST("/login-mobile", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Basic, false, false) })
 		auth.POST("/login-admin-mobile", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, false, false) })
 		auth.POST("/register", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Register(ctx, appsession) })
diff --git a/occupi-backend/pkg/utils/utils.go b/occupi-backend/pkg/utils/utils.go
index f4e9cf2a..9456ec36 100644
--- a/occupi-backend/pkg/utils/utils.go
+++ b/occupi-backend/pkg/utils/utils.go
@@ -21,6 +21,7 @@ import (
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"github.com/go-playground/validator"
+	"github.com/google/uuid"
 	"github.com/microcosm-cc/bluemonday"
 	"github.com/nfnt/resize"
 	"github.com/sirupsen/logrus"
@@ -660,3 +661,13 @@ func ConvertImageToBytes(file *multipart.FileHeader, width uint, thumbnail bool)
 
 	return buf.Bytes(), nil
 }
+
+func GenerateUUID() string {
+	uuid, err := uuid.NewRandom()
+
+	if err != nil {
+		return ""
+	}
+
+	return uuid.String()
+}
diff --git a/occupi-backend/static/index.html b/occupi-backend/static/index.html
index a881f6f4..c9cbda2c 100644
--- a/occupi-backend/static/index.html
+++ b/occupi-backend/static/index.html
@@ -7,7 +7,6 @@
 </head>
 <body>
     <h1>WebAuthn Demo</h1>
-    <button id="register">Register</button>
     <button id="login">Login</button>
 
     <script>
@@ -20,9 +19,19 @@ <h1>WebAuthn Demo</h1>
             }
         });
 
+        function bufferEncode(value) {
+            return btoa(String.fromCharCode.apply(null, new Uint8Array(value)))
+                .replace(/\+/g, '-')
+                .replace(/\//g, '_')
+                .replace(/=+$/, '');
+        }
+
         function bufferDecode(value) {
             // Replace URL-safe characters with standard Base64 characters
             console.log(value);
+            if (value === null) {
+                return null;
+            }
             value = value.replace(/-/g, '+').replace(/_/g, '/');
             
             // Add necessary padding
@@ -33,56 +42,85 @@ <h1>WebAuthn Demo</h1>
             // Decode Base64 string
             return Uint8Array.from(atob(value), c => c.charCodeAt(0));
         }
+        
+        const register = async () => {
+                    const response = await fetch('http://localhost:8080/auth/register-admin-begin', {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json' },
+                        body: JSON.stringify({ email: 'michael.chinyama.bbd@gmail.com' })
+                    });
+                    const res = await response.json();
+                    res.data.options.publicKey.challenge = bufferDecode(res.data.options.publicKey.challenge);
+                    res.data.options.publicKey.user.id = bufferDecode(res.data.options.publicKey.user.id);
+        
+                    const credential = await navigator.credentials.create({ publicKey: res.data.options.publicKey });
 
-        document.getElementById('register').addEventListener('click', async () => {
-            const response = await fetch('http://localhost:8080/auth/register-admin-begin', {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ email: 'michael.chinyama.bbd@gmail.com' })
-            });
-            const res = await response.json();
-            res.data.options.publicKey.challenge = bufferDecode(res.data.options.publicKey.challenge);
-            res.data.options.publicKey.user.id = bufferDecode(res.data.options.publicKey.user.id);
-            console.log(res.data.options.publicKey);
+                    console.log(credential);
 
-            const credential = await navigator.credentials.create({ publicKey: res.data.options.publicKey });
-            await fetch('http://localhost:8080/auth/register-admin-finish', {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({
-                  email: 'michael.chinyama.bbd@gmail.com',
-                  credential: credential
-                })
-            });
-        });
+                    const credentialJSON = JSON.stringify({
+                        id: credential.id,
+                        rawId: bufferEncode(credential.rawId),
+                        type: credential.type,
+                        response: {
+                            attestationObject: bufferEncode(credential.response.attestationObject),
+                            clientDataJSON: bufferEncode(credential.response.clientDataJSON),
+                        },
+                    });
 
-        document.getElementById('login').addEventListener('click', async () => {
-            const response = await fetch('http://localhost:8080/auth/login-admin-begin', {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ email: 'michael.chinyama.bbd@gmail.com' })
-            });
-            const res = await response.json();
+                    await fetch(`http://localhost:8080/auth/register-admin-finish/${res.data.uuid}`, {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json' },
+                        body: credentialJSON
+                    });
+                };
 
-            console.log(res.data.options);
+        const login = async () => {
+                    const response = await fetch('http://localhost:8080/auth/login-admin-begin', {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json' },
+                        body: JSON.stringify({ email: 'michael.chinyama.bbd@gmail.com' })
+                    });
+                    const res = await response.json();
 
-            res.data.options.challenge = bufferDecode(res.data.options.challenge);
-            res.data.options.allowCredentials.forEach(function (listItem) {
-              listItem.id = bufferDecode(listItem.id)
-            });
+                    console.log(res);
+        
+                    // if backend returns this message: "Error getting user credentials, please register for WebAuthn",
+                    // then do an automatic call to register function
+                    if (res.message === "Error getting user credentials, please register for WebAuthn") {
+                        register();
+                        return;
+                    }
+        
+                    console.log(res.data.options);
+        
+                    res.data.options.publicKey.challenge = bufferDecode(res.data.options.publicKey.challenge);
+                    res.data.options.publicKey.allowCredentials.forEach(function (listItem) {
+                      listItem.id = bufferDecode(listItem.id)
+                    });
+        
+                    const assertion = await navigator.credentials.get({ publicKey: res.data.options.publicKey });
 
-            console.log(res.data.options.publicKey);
+                    const assertionJSON = JSON.stringify({
+                        id: assertion.id,
+                        rawId: bufferEncode(assertion.rawId),
+                        type: assertion.type,
+                        response: {
+                            authenticatorData: bufferEncode(assertion.response.authenticatorData),
+                            clientDataJSON: bufferEncode(assertion.response.clientDataJSON),
+                            signature: bufferEncode(assertion.response.signature),
+                            userHandle: bufferEncode(assertion.response.userHandle),
+                        },
+                    });
+                    
+                    await fetch(`http://localhost:8080/auth/login-admin-finish/${res.data.uuid}`, {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json' },
+                        body: JSON.stringify({ assertion })
+                    });
+                }
+                
 
-            const assertion = await navigator.credentials.get({ publicKey: res.data.options.publicKey });
-            await fetch('http://localhost:8080/auth/login-admin-finish', {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({
-                  email: 'michael.chinyama.bbd@gmail.com',
-                  assertion
-                })
-            });
-        });
+        document.getElementById('login').addEventListener('click', login);
     </script>
 </body>
 </html>

From 27bdae48df041297fbb2808be57ccc962565311f Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 12:08:59 +0200
Subject: [PATCH 08/20] =?UTF-8?q?chore=F0=9F=A7=B9:=20small=20webauthn=20c?=
 =?UTF-8?q?leanup=20and=20fixes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 occupi-backend/configs/config.yaml.gpg        | Bin 393 -> 391 bytes
 occupi-backend/configs/dev.deployed.yaml.gpg  | Bin 981 -> 1012 bytes
 occupi-backend/configs/dev.localhost.yaml.gpg | Bin 928 -> 936 bytes
 occupi-backend/configs/prod.yaml.gpg          | Bin 971 -> 1004 bytes
 occupi-backend/configs/test.yaml.gpg          | Bin 866 -> 863 bytes
 occupi-backend/pkg/handlers/auth_handlers.go  |  46 +++++++++++++-----
 occupi-backend/pkg/handlers/auth_helpers.go   |  42 ----------------
 occupi-backend/pkg/models/request.go          |   2 +-
 occupi-backend/pkg/router/router.go           |  12 ++---
 occupi-backend/static/README.md               |  10 ++++
 occupi-backend/static/index.html              |  22 ++++++++-
 occupi-backend/static/main.py                 |   8 +++
 12 files changed, 80 insertions(+), 62 deletions(-)
 create mode 100644 occupi-backend/static/README.md
 create mode 100644 occupi-backend/static/main.py

diff --git a/occupi-backend/configs/config.yaml.gpg b/occupi-backend/configs/config.yaml.gpg
index 6ffd414dd1dc63cb77e887977f39f67b2fc562bc..44c6fc3874f4cc11692d4e3c8e5ca80c4fe6b772 100644
GIT binary patch
literal 391
zcmV;20eJq54Fm}T0;3uwCEnvsN&nKowE=zT{%cn%iBbhkWSgxh3U_7RzmMCs!9+La
zXd8n<w_7Uj%N_~8D2Jc*5K^qW(!<A}+Cdan;6I~VB>42E5_oJZc_9N4VCr`m?@H-u
zCp|W;Gh~MDg|s@ujR5t9{vP@@6`3F>mkw{eu<WIPb8@>I<-x!Ut^{X_5P;X}l?Ffl
zx=+d9UwZvWj?4xM*g2^9q})fkWn07Sxitw_^8phLA`8cEG<1MZg2h=wv)M3D<j{|L
z5){P~;D!Py0CFA(S8!paZzf2w7y!Vc8p(EYEGvbRJ4%OB5j{ZKHvMKiM>-OTd&DX;
z+j_ck?C0>kyKN2WZvJkYouLm%p&72_Z|w`}5!<$J$%IUe!>9|8GVB<KEcH;X_m{%W
zu7C>iP1OfH2%#RMv(=`itr`y|*<iqc>UOWjahk-_I3Ox7_=uW!AL1`HD{%3)X4Z4c
l&l{?>gz%tke#%>i9bGt>fK<FCZ}fKXxaZN-89PfVD9`*Nyq5p~

literal 393
zcmV;40e1e34Fm}T0^u(<K#$|jg#XgOw*fni8_#wMrNh2QV+v(|rAk@&6xSv#u<36t
zg-Fx`OEvO8L|WF`&R>osEZUfBFs?Ltb7Ym*D*6#o!lLB!k9AH}-5c+P6wy1l>^4ai
z$P%zMSl>k?S>TA?8!-2T`jJswx_NkoMy`0K81tGlHn5618v(-TL(P+8wW_ovU}S}2
z5!{y@O!1_Zy?K*%6%cgFTWt1{80`X#M+-|qkCpXlXx!5lQWZP&BjUdG_`|Z*WoR%6
z$zv@tIm>5QO;^gm$}JfWN|}29H^Khb=2Q;EmW~?fHi(>4!=5oD$3UM_qUePEbAGip
z&dTOKe5ENKIFo0B{t~Nw_ajVf<z8#j(`y&xsZI1-u?>8fyhm=8fzn$}_)V&psS`1E
z)$Pr|!?E<sYd0ZSsm#McARu`8Y=8JEqx30%Z^1~LJP~wr&kb|-z&=LtR<vQQ7S(0G
n06r08w>bBHz89b2ys_L2m!p3g1<y)(gt0-n>mk*+(f5al#2dsZ

diff --git a/occupi-backend/configs/dev.deployed.yaml.gpg b/occupi-backend/configs/dev.deployed.yaml.gpg
index d21ea2a50e3dceae2e431b6544533b1fbacaba99..6f65e4d4ce19e96364e732478df0df9fe699609e 100644
GIT binary patch
literal 1012
zcmV<Q0}K3&4Fm}T0xpgBV}$p!H2>1+0Uk|%EhXE4w5@9Pa9o$A@~#i+dVBR;Gl{BD
ztfNI-JMY8(ojNE1Na8)c-M)YC@<MX8VU!U7Eys`;{jyhs_s6@u;eLGg?7yDMM7xf6
zhdv6!#PyDIx{adl-g+u08^2>~%{i&JjZ^9D^=2%uxh3ldBLjUc6D?DbT2sFkA^Km)
zYnMGdam)B?8?@P_#x>Sg(Bj8-d}Ma9fjVnND_b}M#o?Qk!F{CDc<=;1SyKB7`W?Mw
zn>RZTY^{v2rJRHe(iIz6NfH~&=Yf1B4yl<$9cqS+$c1jI>3a4!iAV37A$Px%_5Glr
z1_<VOObi+@mvC@Vz_Oz}p$<`VLy$i++Ax`%ejBk<1{!~H5IxaF7s2T}B_?QChWden
zaTKO6Y+GOAKO2Q;)C_j#&t7PS==(jTe^A*_adD?oC=Jq*Nz@OP8K2dB&Q|v0N>600
z?oFavWrFP_^Bj4odRgP9%8&}aYAhemGlsmP=wNBzx1S|_W8BV1?-GKvEJqp{88s02
z-v}M<WG`Xy5jHbNUfowm6uWuGXgyH7^q0WTQeOB--oy@|$)7|OSEC(2Dqnw8(_ahr
zMBPY|=FU{oXya;rzZH&Cxp+XC<PFBjsX3M$D+F?;w<l?bmJ<PrKCHk+JrSsr+D5t>
zgs=nlQHl<z_XoL{A7Dvg!6AFW33pMi8-rK3bJq|W%$Y|Fogr>B25t9*p`jqHI}r7%
zo(B7PI0m=NF#U>86Xd<K#Iy`wLHbZD2gmKdP1GEaH$9qM&{~mjj(t~wBlV**D`1lJ
z-SEy#1eO^k6VloQIaGHnV$Z`hNLr~B`_a{+UB|;D;$!;#w!NLnK9rRuir9m`yG=n(
zD6qP)RZHvr$kbmh=pGaXnUW~bKsyOgwdE};GU0uQPa|&`WNnrL;&tFn?v<f7SkiBG
zH*ZMy$rIW?XR4lWdV}*xw`<0f;Q(NzSKYfa0POyb{B64}8w)^F>oA}a;$TfRh@4FB
z&X{ksVI;770iWhQMXuU;bQ@x+DWy@GKUZRhi04@5^SIi|8vW#w5D|$!Pd1@F!mv+_
z^|nY`^{?homSq&nyENAs&QQ9$!D5;;HCWm%2TdMpK+xwv?!w#zfqxH;@shP=L?{wT
zSNms7t!=az;DwQBwu%>PR7r582D&4-s)@}c%=zDIMCd*lflpROTbtjQ%tdYK;R?^c
z8J&pmm=GIUX~C#HddBUW!Ao7E=r2lo>^4O;M@zY=_pIUR{cqwOtiFHJH-*MmcJZ#s
ivVG9;=|I5uM9L1(@b^zJgr#tws%Q4O2RZ%|gxjY+5B4np

literal 981
zcmV;`11kKC4Fm}T0xD1~ump-1e*e<x0c?B-EIlY2OKYJAI~P5puu^cEja7jF?$YXE
zuerbvO0o~q0g7ha5;SQCxoL1pTFZ1BlyCP?wpq~G+ncl5`C~+Ry<ZN)e24dXFX2tT
z<}Q$rEB__Q?xfuCz?h>7@HNvxYli!#Hk9G0nIM{?&V1Ap;r<EzTEItXSL2V32MXx(
zp0!Mtdt|ddE6feONL68Lai;5Cy&%~!;3+ekuF*HVx=A(rk;KmA)Fw1A*Az1XL0A7q
z9Ahpt1B!j8=Oz~gv2v;Z#?oM}xwVeFaNbRNc7!#p@OQE?R#|tpU_yV5AhAcL$o%3}
z4BHQ_iAM&q9eR<-y*sE0vy=R6OBz&74-XWEhNt+_WA-O+3F^iBMjp4E{q3lMBhJf2
zoFs@?;z+(RoCghgC#g=SVNG5fh&p?S2}^Hh1~w*_@DXRQguX}8koW<k36gYMgJA}?
zvku~9xX~8z@d}r8M{L*?!oT359+C{nhN~hP-r#m)K6&7&41(yAwmXkOXtOXd8Q(&^
zu;<vriQp8kk0T#ylV1TjvpLT45wyt?4t$n9DRTmq;AO6iV0$?8Tbu7sUjckR(_GWc
z50UQ`X0-!$a0I@#d}Tt(M^ZzKm|E3WRG5Z|nSo!11Bp5OLNp)b^%96wWAX9uPLC(u
zGtmX3riUIN=Kaa~I7n*7!2-6Z!AQ1@ZCns}3t*6>e`bm@%yM%ti3oO=bscc`lk18`
z5d1{W+X?^Wi^7g($zs1~R&af66u~djq(@9qdEWeau4M}0cKda;Sw>;atkzMhaU3dV
zS_UjyYn-JP^c*lXy(}LkI`gS>F9fuE$)@!K{zHGg-qqoRT&+LQ(rx!Mwju9b5pV*`
z4u1Z_4#=HsUj-_l8Lmcx85%vN1Y+fX2IG-M1>2(?UX6AFuOYNee=keWS(K`gZ`2i_
zaOmtMUZ-VRHQX~LKwr+VjTT+!#e|Iv^sTI*sMQB;O~dEL#96xG9nQE?*&k=|0CBPO
zhGAM}S2%COt53%-;|N5!-azybA=U%g-<*u+0fJQLya31JGNPYH17wsVRa5iIk|R?A
zT}b3+7E`5^2=42|Jw4rPwv9|hbv1W8wU;Z0E0L@UX1V$`bMUJ;xuX2bfFr(CW%yNw
z^mN5R8Wy+=j80u`WSwO1sWis@)1*(UPU4t?_ydX(N{;ccZvwG@-3}4s{;$fNv8nZu
zBmK9qS(^F7jan*mIG3hFNcBMM{VSUZQd0&0GRfO1fZ&nfccGfO_mp!X+RgYn?(q#k
Dwz1=@

diff --git a/occupi-backend/configs/dev.localhost.yaml.gpg b/occupi-backend/configs/dev.localhost.yaml.gpg
index bc1cfc110da5d5f4b7e50141259e30c61c856f43..f0d357cecd97e9fa0d0a56fcdfa09486a85d0b59 100644
GIT binary patch
literal 936
zcmV;Z16TZv4Fm}T0ul5QHn@~8#sAXj0Ub{$cS(RRV>qpK=U${X3(bpsV4}grj#yx}
z?2HGWId`N2o|p;0cRIgrh%?2Nuoy--b`n~rx?#-0d3YvaZ#`0t+CIDCEJI^eCX*}V
zbh>@(hz3cY7=z5(diA2;&<v#AOsCMY?>%fgpmSoB@FH?nP&(58Vm5+ON(%m-l?+Bq
zWxl^T2FolU)h!{hZq|At%%!I2981bGUSkIfhyV$M%QJWtZsZ~|sc|AoXX1sgoDvcn
zp!hS)N6kdWIa;J68XU|tcG<iFz~IQA@_sW#uD3m-&;Qo97)Wki^PZWA0k5%*Ri0rC
z_#w%zut$s8Id^#Z^qh%s85nz@PZQ`LZ_N7|m(}sD-<0hg0bRm7LfktPj7)CW8}A_Q
zTv^PV9!Pc@`w05@IMmfDqT=`BL8h+%?uGpyJUV8P=M7Z;-#lzAATx85HfGy|Q|%2W
zmq<Jw$o^IkvP!oS!zl+1oTqv~H?2373iyamDmyG-w6AjJM{(q0kHb2$(PcK5^Oz(=
z!-ghf&h+v%xr^p8&3n(qaRw0Lou*=T{cGg``bkS(6&Y{`K`>Iclu>=tf(vus*$ZIj
zJbOaBrt7X1DKO&dXbyzMr@v7>8j5lW$1^dmSF^p)BQv=b2A(B!M&DS4ax?>pSHQ4e
z3zLQGpp!(C1BkVrUXfHTz}3!O6tZ!@H{fEJ4c)CviFuVx{g?ph!2>%#6MZD`H8072
zt{aSVg0hVO5Ft7!{Tk-;-Af)_GOfu{fd!s8__)E4_{^9?EV61V8tUbxB<8oSz~xbY
zXK1b#(qe#DN~eaZ(_WTg#31))Z^m!tC^VO{T-af_mV7m{@qA4T3XQo^RZiweTtql%
z@isgtLg4~Qw$v%-=G|B&Yu|w5xjU=M?e4Y4@gki+EMhpb1sU_d0}{$#!g-ga`MqAj
zJPOVh(3LEUFs<CG(VF%^y;J8rx7#m|-Sl6XW~FT&+9&NtF*!YdB+fh|<VSwum*W;f
z37JQZA%jP|@^*-N?-vz?^LBGFpIef3@SFmAlrnIhWx(<I6fk?gSl`vR+KOS!s<f;m
zK{kY5=PEIKPDBp3(Y_U_G)6bpTsCj>_g1U4m*QI;FQ`OX=%+vo@%N6H9cxI1rWa``
zD1)Aw9E16YO&wZS8MgE-l+APO7a$;=9{isB%QUQ{Ps^20i|}ovH7zn)K+Z`g7$(;Y
KiYVL-p~V*%3&kw}

literal 928
zcmV;R17G}%4Fm}T0ytK5ocu+AT>sMP0g~ub{uu6QWx>1ll>?GK)PRWYq<#2jaLFMb
z#EIiz@qCSj?gc{E(h~Z}u!jkyD4ZHh#-bSaYj#0r#@o5b2hcJ>=@oEzw4}Lr2SIsP
zgX-++cT5G>Q6kC7yyFa$8+Nn4ziaLJ<~H?%w?$Lb46)xVM~DYugzo-UilX|Ru;-kH
zvy_ox3qs*+hhtAbn~iJy(f`2@$}jaq+;1g)-a4L$qeAQ$+Sc`OJ*~eroZ>?Kp%|AD
zuXn`hB2L(7hH0|~>b!oLugI-HzaPm7S7(*qZs2;{WfcbE9e@<#>Agz{Q6z0&dqN2U
zz%S#=wSbP-u0^FywD6`8kJj;n<P#s`EXdKJS7H#aL(Qq-iYk~}LV>J-*H{TmxF43|
z9kx*$Hb%4N2cl4X*h$PXs*>0zd*NETpC=qzD{lHCGnesfJYeO8Ms^_zl4E#p!G^v4
zJe%G+RdNaO>F{42Y1oS&MA00X(x^ni(b%C0wyub|y8CJ4PXLmAsM9z{5JS5RTS2nQ
zNBRu88sSY+dC{VZxe?W*u+_$n&PCBmt&FK3f19{`0-qaP_WIlEr5FXltKV$Gh>w&G
zV**u33{J;b4COg;+A!e>lJ<`t;kZI3Tpjg6VNyf?tc>I2+Jf))n^v5M?TVVne*p#r
znyrhoyRbD-{F<Z<q?6{nz|B4rVI6S@9Gvs^u|NR0+&mnV{&7W@OCcANQh0!d6JhvY
z&M2Js_3T;nI;SMJ=aW=7d}O<>p`9Dwbs-tslSms)Hr&ayS=J3FF=2P5?<f;?`f8&a
zt`LH824oiJl$L31Jk?5rk|!{@9M+rD>*7~E$|lZ3rqZ(yezh)9^|{zktFN3J27e%&
zb1JtaT!RbXW?m(ySi`$pnbN4K{5-MPM8*ZbtE2@ZpNN87+sTSCx0U2xJO?MNb@@nt
zKd!{gN6s*2-G{Ypb5-fZl##$AcP)g3=*n^u&59%}Kla6h7=LXT%YM^NO>hTEdb8Gx
zM_-OdK(m0~Nog_0#`_oWU7{PKYSp+cdsJQM*%lhZ7|#Ca3@7?%@rc7jX6NG1j*ic=
zrRk~=N0gJo(_wE%npvvzsZrumEF5xV7)2RU`xv^WB8@PP1+To4RrkmOY%}qMrRXBr
zwD`3&exgmfoc!<!&N4T!DE+fYPiK(0?2BA0DuNVAfe=usBR{vsKgA7i81Pq8<+ev}
C0oktr

diff --git a/occupi-backend/configs/prod.yaml.gpg b/occupi-backend/configs/prod.yaml.gpg
index 3edf08ba84c5977361a36f67a4389268b6d5766e..0f92962121d57012fb5081a4c3b22b9a093b6327 100644
GIT binary patch
literal 1004
zcmV<I0~7p=4Fm}T0zJph`;7uW2>;UQ0UPcIj{B7mmLIKgh)-E42ZMDlL<+)LU$2|-
zZRT@Y=0qD!sU!9*W3|FFF4q}`G*Faq!`xw>I7m^KH4Un-G!3i$RX^<Si};En@_`yq
zRmos+!HWNp>$TEJ;wU~zuz5|E)5*#pI;Kjv#4e^j>dN*<cATTTfOs%wY4&ofumpw6
z19lpQd|)U%znSLi)B63R>ta)m*T>2Y{ii#02tWQH<nO{w{r_i{*rz$%`SY-u*bDYp
zueDFpvCQuY-L7~Pi05KG5{?$VAxSTUlSz+*IL5Js&#1yO(HPJc)=kvt$)d&8%m~?R
zuYdv&os$I@l61^-w#~TV{FAKiV;cG3D38BfQJQSA()B&V39X`<7rpI4%$%=T>K=15
zD7PY$c792u_rwrZ8_$C*zo?SF7d+j)zb4kVhcwsqDF*)RyL8As)K5Rmn$DMuvI!Xg
zpT30yb@{Qn@>;AP&zvc^*gCRd*4Pr<f%o{<@)tR{N;=G()oQwSNL__u&jS6s4h!y4
z30QN_J!dPX@e3S21(32H%i10mV|62IIW9p0f#}uytm7ey3vS+e!0;?MI${(aEFcNT
zK7yQ5Ae+66_pe~fDXm$cZdtH8zvUaT=Zh|fg<{rdpZnB@R2nTvf6Wx{$K2M`)|jqc
zMUZ>oM6!Y;mbz)fc7YHW!5MCuklacQz2bU>Ul{wSv$JgtkfQ$Um7BlEHvKCeTGeVl
z3NeBL^_AYvstOB2@l*#G?k6Sa)B^IWT4Zooq7=#zz}h2uqA9+~iaRXA4S?)qXAX6U
zq)eHkzXEHfCZ1AV?WqNC8#~1ZHs&ez+tQQCkGAM!T*FIJK`e9Tq1fzBT{EX~(NC);
zx)dIs8MN054#YG9i>`4iGd{~LMD0J=sv!hdTWD9;B!zgds*x_H=sq45AX{(>M;CU>
zJPm$Ny~)PJty0@b%uqYsPNFInHpt;r4It4Upna)pzp_BIxiA<x<on*Vs`YbNZ53nG
zx3`}~32zlfu;-xK{_<FVe6p{I@Wk5m-Fv>!_*qdUncm*@;1^{=j^V6kz-lTFNcgHe
zW{<@7$U)Jw<{|6~jRbnz>%B2T?iXR$y2NqT=~6~>!x@eI<Uiu!TM$NH2g@QVl3?ET
zB<ZxUNgTc`Yp9yN<6Dib7~JR-#1pmg%%b7NK|h-M+TD;!JECQdrWPGg1QoWWGh!!t
zwng?hGjH@ww}Wpq7|~}DDhOJRh;q^QZy~x(dCkDq{D25MXSNHfR?lK(@w2iZcPWW{
aoBHthnon9RfC0B^wc??s8J-5DH$%V9a{m|r

literal 971
zcmV;+12p`M4Fm}T0;|eA{{hv4$p6ym0T9We>hu#v76DSLW2251GBKmVuFOPcb6~pR
z@&n>Ozbgo@{N=H=ec@Plcpv*v``8-ru1B88?<z0(Hd_kjRaf8WivYd=06J5h^X(nv
zYfG#u7|gPsK{J63dqZHW8UMt)v$&)bS0ZQaKyj066b`FXa=&@PVxG0->16|j*ku(P
z%Pw!|(#<DfO8b|?)1d0TXb5l<^!m1A_4G)^A4uXXIqVKpI1UD!Zfuo*F32$Qfk$l<
zo5bMay#F4{KezaF5iOLaL~qElo^UC~x#9M2-(j+=vop9fzk4(#Gq=wo(&ymYUrHcK
zsixteAmBGm@v<na1!Te(?OoGllvBi-R3u^Q5^SVx4yCOZa}dq_EyP-vOUT?X>Dpb&
z!@b3ZD5Z<hUapy@pI+u^_aS_6>tqHf!F}AGV-6v+0{-Q{9Rhlc91}zjxkJ?*k~YE#
ztsa~N*PUF)kQK#ZH)EjXrp}xdAQlDLLT%1_gmxL`W*yJbgWl_~@h<h~N|*wE^BDzD
zc`=v>gvoWgi2&V`OgvWvzGLW)o0xH*@00BV4(VR(k~|Z<g?8gjHC~jR8jQWVG)M_0
z(X|~Kw+HsBqFnyIIJui?swgqYd<p%kV&fTdicwp&CrA^Pm9*q_m!#Drz-rJ63Cp+v
z*Ec&ZfqlTz+t{2{Sa|?7!1!9CiRQv>b`(XcR5Y4FlzgjqUq*-b40nyGtJc8lSDN;6
zh>eQkGcLw`l@1_lE5zkVO;=+$^9fL{?*c~pF!emcsu#E4Gg^AMeerSA1CBLuMqx|D
zdatLpe6Sj;*u<gCo@`fo>c88wO0({ufijk~BA)C>kvTa2u*;}ZS|2d%bCe%ZaoQ{R
zJ-63RO@1~cVhtk4O?hH1dvOzHG>wUToEmi0u;Yf`i;egdENv`}%DOz5##GwOXJ~kY
zB69WFl4V|!t>*r=yYm}^;kR;o$gFm2sXFz&hZTYa*A(`&Uy#cDcZNNM>pa^h(za_t
zU^+|4zxPb9CcHaf5Fg_1qJM)R{aGth2(ahhvmZ^GqM;Zv`mwLS7~4d<EUPUo{wLl1
zGE+30qowfQfrd7BF}BAwTIV0YNmN=Hr!t?FKvt%}ev+QvW6>MfmzE_5&&2$h1>cvF
zVK)m+Rme2dhwtHk(H$c5^#q=Rdi`G{XRj;P2WG>_l}9@&AubH1s%O+h_0Le9wZ0a@
t4+DxSk2y8TPS0e)SbSIquvUw-$(oHF>8d-m@Kw@UsWTIn8Sg23Bkpkr>FfXi

diff --git a/occupi-backend/configs/test.yaml.gpg b/occupi-backend/configs/test.yaml.gpg
index 722b61a8f8ab8485367b7cd3baa5b66779be50b7..31baf76540d3241cfc43ae733885c8af25d59924 100644
GIT binary patch
literal 863
zcmV-l1EBnj4Fm}T0-x&SELr&@0{_zK0r}%M1CN6NFHO0N2C$IK%V2;?ybaJpDR#d+
z!C!Z58wt&Y|3JDOZ}6GH7+8f<!uX^%p6!8jrcRAe{X)C9Fmtxh8v|#kdom0e_)dC8
z;irvI6`<akPP{L6kfH$J#)3TsT2!4<>0V)O9=X}~eaqnZuS<>=Nc!$;@XFW8e;>F=
zwOjQ^kkj=a6R&NgLqgWVUWh7nro#rPOz20Je#az)(4QaY-+y0gu3fnwZ07^8y-pO1
z7O<krF|>cli!dk?S@GIq9Tty8<z~=oXPU>{U#Vx;#B!rr<8%)}3Umt%xQlh~=)mC|
zqaFFgyR#Q<UZRUw5_h|^RmW=0lZKqQWJ{+Bch?E{Oay^g{NsQ0J-F~yBICBpFO!DF
z*+vN1dn$4v3fXKfWK2yd=>UV#5_aBHUf5$dYZCqQ-3~SiKb*#%*V1EHIK!EIqlDId
zC68NkC2^r^mX5i0cO{?tvnBc`+~+Mr_<AgW$Z+`D!l+hjXwTdcgx7WzOUrm@`Ptdb
z%{?>dTz%@(B~RQeLmia3^alIm#wKMcvYB!fHrA((608`3&)s@!^+09zfCKJ6gagfK
zlv*OOdT4yMw8DxX%5fmAXXk$7u(eDAgstTl^AM<;1066hjr<<iwVb>bCgQ~zCu4k1
z%cD`QZBPAA&4oSY_bgg5z>IXN3TcLLg~GMeF$)Us#YT2)ht+u@u12_AqOv5aMW*(0
zzj^&zgnb7-aZ7Lry$KZ@pubcPh7dTF-R7A(SxMR6V?!v>Ih@O?yAmGoHp3MoMbL{G
zE^f9zgoDyj{{2gHTbM+Ny}YzRx-`BPeIe=OLnOqt^-LD0X#{|axS|2z<~<T~fU+qs
z+@4MR;b2I?4QEWIVF%J!{yS@kt*qPEkd%CHvA)oj{2;Z%!2BDo`0&Qe=)vOww*V9p
znC)xUWX)ldsMgB<koB6MD}St~8!?D^kXgP@d|jLiOmmrXvBpDr##eHtICSjVKVD`%
zFv97Sxdy+e7>u^oMpj@vAPGJJ-uZ}IcI1HC?g*SfggX^zECK}2M>XgEmeC1zikp1m
p73Z-RxHnV&NhV3uXdX<h-iz@5xi$i|0zO(bImzWWN2KWU5CFTkvIGDC

literal 866
zcmV-o1D*Vg4Fm}T0-<~j@fbU=;s4U<0VakL*uz#wQ(SG#(MAjL{Dg`~-28$s`+H`a
z9O4yv6ba^He@ITVPDRGHiV2wHG5tPn6^|$46%jMGlLE}2Kpv9CHL#Tn>L)p(&c72)
z!}KSdKnGniv(f4K7LS#LE#CO2v2f~v<40?QTof)r$~TQ%`4R5`iv6|pGM;C<Kpx0%
z;X!PuW<s-W#3Qi;U^>-ORbO#O??A!F5?f;3!0HLd!En%=@F#OT6{weNWFs%zuF_>`
zA3HI5+de(wXBC+07;n3htEMNP&j2%*=mKAXcvyN_y{DnDVR6$nXg%^ygm|{Dqe?8@
z#NGE-6rY*HR5a{&UmgjEGilc;9<T@=U`Q7KS&w#`@JlW<IrB?J8Ek$dziJF|zlu^6
zaTHoy(Eb`u{(f&B!bE5?(RT5rJC$a0y9mfUb)YRbh0EDZ0YQ~vWfdn;iY_pr=WHjl
zeZ`xwF*0>d{{RU3ZE_!uZi9Urm7d+L{~WF0(fRH82fCcjKC%)o0$cM72=-A~9&gr!
zntel*hMy&FQD1-zT4~y5PXjK*RZ{^VR~ZmE`F$)a7pJi}p2&;&Y3PhRJ5Dep7ySM~
zC&mM}&oXf3*aMJ2NU=c?ciQcov~@P+CaYkoT9?D=u_hQ%-_G2e9N2xdEt;`c+{|Z<
zB}w2b+Yn<m!!xQY3Q?Csz>oeT5a9~3tw^8R<yFFd8q4`Hv6NRbsZ0H7iSQc4@`thT
z8)Cs#p*)1!kO-MSsG=%LxiAfi@S$$5;6xRA0f0M$3vSR)>>O$KY3CTTEMFW{kYJDi
z+=d!BqAiPNWx)&`Rm|62BUj!C!jCD;#jy|hEyHbgib1sBU%UHCZZS*pz`RZ7#_P(<
z1Jl#DB8iEK=*zjYb%M*Szq&v##!_v+BKL^Z()`8O0hFyjdF=@(L;+CdU>j&Y&Nv#=
zJTmMm41N?C8N<#c5z1S0ZN!c8{x6#%_Djuqy48Ub%5jiN<5d+03G(P#rKQH07y89T
zK%HFU;`?;R?psV3+8hYai!9p6IOeRzCFEBqud~rOE|A1Mdb4Nwu_G{1-JMcNo~)}<
s!|NC=iD8TY%pOQ4$pE1tA^xI`Bwx!2Pl8xRNL>soH9A<7b7Mo_Y8?KbcmMzZ

diff --git a/occupi-backend/pkg/handlers/auth_handlers.go b/occupi-backend/pkg/handlers/auth_handlers.go
index aea6f399..a520c671 100644
--- a/occupi-backend/pkg/handlers/auth_handlers.go
+++ b/occupi-backend/pkg/handlers/auth_handlers.go
@@ -18,7 +18,7 @@ import (
 )
 
 // handler for logging a new user on occupi /auth/login
-func Login(ctx *gin.Context, appsession *models.AppSession, role string, cookies bool, shouldWebAuthN bool) {
+func Login(ctx *gin.Context, appsession *models.AppSession, role string, cookies bool) {
 	var requestUser models.RequestUser
 	if err := ctx.ShouldBindBodyWithJSON(&requestUser); err != nil {
 		ctx.JSON(http.StatusBadRequest, utils.ErrorResponse(
@@ -68,14 +68,6 @@ func Login(ctx *gin.Context, appsession *models.AppSession, role string, cookies
 		return
 	}
 
-	if shouldWebAuthN {
-		err := WebAuthNAuthentication(ctx, appsession, requestUser)
-		if err != nil {
-			logrus.WithError(err).Error("Error with WebAuthN authentication")
-		}
-		return
-	}
-
 	// generate a jwt token for the user
 	token, expirationTime, err := GenerateJWTTokenAndStartSession(ctx, appsession, requestUser.Email, role)
 
@@ -100,6 +92,22 @@ func BeginLoginAdmin(ctx *gin.Context, appsession *models.AppSession) {
 		return
 	}
 
+	// validate email exists
+	if valid, err := ValidateEmailExists(ctx, appsession, requestEmail.Email); !valid {
+		if err != nil {
+			logrus.WithError(err).Error("Error validating email")
+		}
+		return
+	}
+
+	// pre-login checks
+	if success, err := PreLoginAccountChecks(ctx, appsession, requestEmail.Email, constants.Admin); !success {
+		if err != nil {
+			logrus.WithError(err).Error("Error validating email")
+		}
+		return
+	}
+
 	// Begin WebAuthn login process
 	cred, err := database.GetUserCredentials(ctx, appsession, requestEmail.Email)
 	if err != nil || len(cred.ID) == 0 {
@@ -121,7 +129,7 @@ func BeginLoginAdmin(ctx *gin.Context, appsession *models.AppSession) {
 	uuid := utils.GenerateUUID()
 
 	session := models.WebAuthnSession{
-		Uuid:        uuid,
+		UUID:        uuid,
 		Email:       requestEmail.Email,
 		Cred:        cred,
 		SessionData: sessionData,
@@ -205,6 +213,22 @@ func BeginRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession) {
 		return
 	}
 
+	// validate email exists
+	if valid, err := ValidateEmailExists(ctx, appsession, requestEmail.Email); !valid {
+		if err != nil {
+			logrus.WithError(err).Error("Error validating email")
+		}
+		return
+	}
+
+	// pre-login checks
+	if success, err := PreLoginAccountChecks(ctx, appsession, requestEmail.Email, constants.Admin); !success {
+		if err != nil {
+			logrus.WithError(err).Error("Error validating email")
+		}
+		return
+	}
+
 	webauthnUser := models.NewWebAuthnUser([]byte(requestEmail.Email), requestEmail.Email, requestEmail.Email, webauthn.Credential{})
 	options, sessionData, err := appsession.WebAuthn.BeginRegistration(webauthnUser)
 	if err != nil {
@@ -216,7 +240,7 @@ func BeginRegistrationAdmin(ctx *gin.Context, appsession *models.AppSession) {
 	uuid := utils.GenerateUUID()
 
 	session := models.WebAuthnSession{
-		Uuid:        uuid,
+		UUID:        uuid,
 		Email:       requestEmail.Email,
 		Cred:        webauthn.Credential{},
 		SessionData: sessionData,
diff --git a/occupi-backend/pkg/handlers/auth_helpers.go b/occupi-backend/pkg/handlers/auth_helpers.go
index f336a96b..9a490a44 100644
--- a/occupi-backend/pkg/handlers/auth_helpers.go
+++ b/occupi-backend/pkg/handlers/auth_helpers.go
@@ -1,13 +1,11 @@
 package handlers
 
 import (
-	"fmt"
 	"net/http"
 	"time"
 
 	"github.com/COS301-SE-2024/occupi/occupi-backend/configs"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/authenticator"
-	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/cache"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/constants"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/database"
 	"github.com/COS301-SE-2024/occupi/occupi-backend/pkg/mail"
@@ -547,43 +545,3 @@ func AttemptToSignNewEmail(ctx *gin.Context, appsession *models.AppSession, emai
 		))
 	}
 }
-
-func WebAuthNAuthentication(ctx *gin.Context, appsession *models.AppSession, requestUser models.RequestUser) error {
-	// Begin WebAuthn login process
-	cred, err := database.GetUserCredentials(ctx, appsession, requestUser.Email)
-	if err != nil {
-		ctx.JSON(http.StatusOK, utils.SuccessResponse(
-			http.StatusOK,
-			"Error getting user credentials, please register for WebAuthn",
-			gin.H{"error": "Error getting user credentials, please register for WebAuthn"}))
-		return fmt.Errorf("error getting user credentials: %v", err)
-	}
-	webauthnUser := models.NewWebAuthnUser([]byte(requestUser.Email), requestUser.Email, requestUser.Email, cred)
-	options, sessionData, err := appsession.WebAuthn.BeginLogin(webauthnUser)
-	if err != nil {
-		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
-		return fmt.Errorf("error beginning WebAuthn login: %v", err)
-	}
-
-	uuid := utils.GenerateUUID()
-
-	session := models.WebAuthnSession{
-		Uuid:        uuid,
-		Email:       requestUser.Email,
-		Cred:        cred,
-		SessionData: sessionData,
-	}
-
-	// Save the session data - cache will expire in x defined minutes according to the config
-	if err := cache.SetSession(appsession, session, requestUser.Email); err != nil {
-		ctx.JSON(http.StatusInternalServerError, utils.InternalServerError())
-		return fmt.Errorf("error saving WebAuthn session data: %v", err)
-	}
-
-	ctx.JSON(http.StatusOK, utils.SuccessResponse(
-		http.StatusOK,
-		"WebAuthn login initiated",
-		gin.H{"options": options, "sessionData": sessionData},
-	))
-	return nil
-}
diff --git a/occupi-backend/pkg/models/request.go b/occupi-backend/pkg/models/request.go
index bc6d5b83..383fbf3c 100644
--- a/occupi-backend/pkg/models/request.go
+++ b/occupi-backend/pkg/models/request.go
@@ -106,7 +106,7 @@ type RequestRoom struct {
 }
 
 type WebAuthnSession struct {
-	Uuid        string                `json:"uuid"`
+	UUID        string                `json:"uuid"`
 	Email       string                `json:"email"`
 	Cred        webauthn.Credential   `json:"cred"`
 	SessionData *webauthn.SessionData `json:"sessionData"`
diff --git a/occupi-backend/pkg/router/router.go b/occupi-backend/pkg/router/router.go
index 0beecdac..8a3abecd 100644
--- a/occupi-backend/pkg/router/router.go
+++ b/occupi-backend/pkg/router/router.go
@@ -59,14 +59,14 @@ func OccupiRouter(router *gin.Engine, appsession *models.AppSession) {
 	auth := router.Group("/auth")
 	{
 		auth.POST("/login-admin-begin", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.BeginLoginAdmin(ctx, appsession) })
-		auth.POST("/login-admin-finish/:id", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.FinishLoginAdmin(ctx, appsession, constants.Admin, false) })
+		auth.POST("/login-admin-finish/:id", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.FinishLoginAdmin(ctx, appsession, constants.Admin, true) })
 		auth.POST("/register-admin-begin", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.BeginRegistrationAdmin(ctx, appsession) })
-		auth.POST("/register-admin-finish/:id", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.FinishRegistrationAdmin(ctx, appsession, constants.Admin, false) })
+		auth.POST("/register-admin-finish/:id", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.FinishRegistrationAdmin(ctx, appsession, constants.Admin, true) })
 
-		auth.POST("/login", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Basic, true, false) })
-		auth.POST("/login-admin", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, true, false) })
-		auth.POST("/login-mobile", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Basic, false, false) })
-		auth.POST("/login-admin-mobile", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, false, false) })
+		auth.POST("/login", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Basic, true) })
+		auth.POST("/login-admin", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, true) })
+		auth.POST("/login-mobile", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Basic, false) })
+		auth.POST("/login-admin-mobile", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Login(ctx, appsession, constants.Admin, false) })
 		auth.POST("/register", middleware.UnProtectedRoute, func(ctx *gin.Context) { handlers.Register(ctx, appsession) })
 		auth.POST("/resend-otp", func(ctx *gin.Context) { middleware.AttachOTPRateLimitMiddleware(ctx, appsession) }, func(ctx *gin.Context) { handlers.ResendOTP(ctx, appsession, constants.ReverifyEmail) })
 		auth.POST("/verify-otp", func(ctx *gin.Context) { handlers.VerifyOTP(ctx, appsession, false, constants.Basic, true) })
diff --git a/occupi-backend/static/README.md b/occupi-backend/static/README.md
new file mode 100644
index 00000000..0b5e1f72
--- /dev/null
+++ b/occupi-backend/static/README.md
@@ -0,0 +1,10 @@
+1. To run the script, open ubuntu terminal and install python3 with:
+```
+sudo apt update
+sudo apt install python3
+```
+
+2. Run script with:
+```python3 main.py```
+
+NB: Be careful, in the index.html, the fetch requests access "http://localhost:8080", that may need to be changed. Also not that the email and password are not valid and are just for test.
\ No newline at end of file
diff --git a/occupi-backend/static/index.html b/occupi-backend/static/index.html
index c9cbda2c..c281a72f 100644
--- a/occupi-backend/static/index.html
+++ b/occupi-backend/static/index.html
@@ -10,12 +10,17 @@ <h1>WebAuthn Demo</h1>
     <button id="login">Login</button>
 
     <script>
+        // the console.log statements are for debugging purposes and for your eyes only👀, they can be removed
+        let isWebAuthnSupported = false;
 
         window.addEventListener('load', async () => {
             if (!window.PublicKeyCredential) {
                 alert('WebAuthn is not supported in this browser');
+                //default to password login
             } else {
                 console.log('WebAuthn is supported in this browser');
+                isWebAuthnSupported = true;
+                // use webauthn yayy :)
             }
         });
 
@@ -43,11 +48,13 @@ <h1>WebAuthn Demo</h1>
             return Uint8Array.from(atob(value), c => c.charCodeAt(0));
         }
         
+        // there shouldn't be a reason to have an event listener here, please call login as that is the only function that is needed
+        // and it calls register if the user is not registered
         const register = async () => {
                     const response = await fetch('http://localhost:8080/auth/register-admin-begin', {
                         method: 'POST',
                         headers: { 'Content-Type': 'application/json' },
-                        body: JSON.stringify({ email: 'michael.chinyama.bbd@gmail.com' })
+                        body: JSON.stringify({ email: 'test@example.com' })// this user should be an admin, the backend will check for this
                     });
                     const res = await response.json();
                     res.data.options.publicKey.challenge = bufferDecode(res.data.options.publicKey.challenge);
@@ -75,10 +82,21 @@ <h1>WebAuthn Demo</h1>
                 };
 
         const login = async () => {
+                    if (!isWebAuthnSupported) {
+                        const res = await fetch('http://localhost:8080/auth/login-admin', {
+                            method: 'POST',
+                            headers: { 'Content-Type': 'application/json' },
+                            body: JSON.stringify({ email: 'test@example.com', password: 'password' })// this user should be an admin, the backend will check for this
+                        });
+
+                        // handle response appropriately
+                        console.log(res);
+                        return;
+                    }
                     const response = await fetch('http://localhost:8080/auth/login-admin-begin', {
                         method: 'POST',
                         headers: { 'Content-Type': 'application/json' },
-                        body: JSON.stringify({ email: 'michael.chinyama.bbd@gmail.com' })
+                        body: JSON.stringify({ email: 'test@example.com' })// this user should be an admin, the backend will check for this
                     });
                     const res = await response.json();
 
diff --git a/occupi-backend/static/main.py b/occupi-backend/static/main.py
new file mode 100644
index 00000000..961db3a2
--- /dev/null
+++ b/occupi-backend/static/main.py
@@ -0,0 +1,8 @@
+import http.server
+import ssl
+
+httpd = http.server.HTTPServer(('localhost', 4443), http.server.SimpleHTTPRequestHandler)
+httpd.socket = ssl.wrap_socket(httpd.socket, certfile='cert.pem', keyfile='key.pem', server_side=True)
+
+print("Serving on https://localhost:4443")
+httpd.serve_forever()

From c683b361f792527990d758c86e4e7f9a2e243f79 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 12:29:30 +0200
Subject: [PATCH 09/20] =?UTF-8?q?docs=F0=9F=93=96:=20Add=20webauthn=20auth?=
 =?UTF-8?q?entication=20endpoints=20for=20admin=20users?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../pages/api-documentation/auth-usage.mdx    | 130 ++++++++++++++++++
 1 file changed, 130 insertions(+)

diff --git a/documentation/occupi-docs/pages/api-documentation/auth-usage.mdx b/documentation/occupi-docs/pages/api-documentation/auth-usage.mdx
index 37a13640..f364fc9f 100644
--- a/documentation/occupi-docs/pages/api-documentation/auth-usage.mdx
+++ b/documentation/occupi-docs/pages/api-documentation/auth-usage.mdx
@@ -10,6 +10,10 @@ The auth endpoint is used to authenticate a user and get a token to access the A
     - [Login-Admin](#login-admin)
     - [Login-Mobile](#login-mobile)
     - [Login-Admin-Mobile](#login-admin-mobile)
+    - [Login-Admin-Begin](#login-admin-begin)
+    - [Login-Admin-Finish](#login-admin-finish)
+    - [Register-Admin-Begin](#register-admin-begin)
+    - [Register-Admin-Finish](#register-admin-finish)
     - [Register](#register)
     - [Resend OTP](#resend-otp)
     - [Verify OTP](#verify-otp)
@@ -163,6 +167,132 @@ The authentication endpoints are used to register, login, login-admin, logout, a
 ```
 **if you use this endpoint, you will get back an auth token that you can use to access other endpoints. Ensure to intilialise it in the Auth header**
 
+### Login-Admin-Begin
+
+This endpoint is used for beginning the authentication process using webauthn for admin users.
+
+- **URL**
+
+  `/auth/login-admin-begin`
+
+- **Method**
+  
+    `POST`
+
+- **Success Response**
+
+  - **Code:** 200
+  - **Content:** `{ "status":  200, "message": "WebAuthn login initiated", "data": {"options": {"some data"}, "sessionData": {"some data"}, "uuid": "some uuid"}, }`
+
+- **Error Response**
+
+  - **Code:** 400
+  - **Content:** `{"status":  400, "message": "Invalid email address": {"code": "INVALID_REQUEST_PAYLOAD","message": "Expected a valid format for email address": {}}}`
+
+- **Error Response**
+
+  - **Code:** 500
+  - **Content:** `{"status":  500, "message": "Internal Server Error","error": {"code": "INTERNAL_SERVER_ERROR","message": "Internal Server Error","details": {}}}`
+
+**_Example json to send:_**
+  
+  ```json copy
+  {
+    "email": "test@example.com"
+  }
+
+  ```
+
+### Login-Admin-Finish
+
+This endpoint is used for finishing the authentication process using webauthn for admin users.
+
+- **URL**
+
+  `/auth/login-admin-finish/${uuid}` // the uuid is gotten from the response of the login-admin-begin endpoint
+
+- **Method**
+  
+    `POST`
+
+- **Success Response**
+
+  - **Code:** 200
+  - **Content:** `{ "status":  200, "message": "Successful login!", "data": {}, }`
+
+- **Error Response**
+  
+    - **Code:** 400
+    - **Content:** `{"status":  400, "message": "Expected id field": {"code": "INVALID_REQUEST_PAYLOAD","message": "Expected an id field": {}}}`
+
+- **Error Response**
+  
+    - **Code:** 500
+    - **Content:** `{"status":  500, "message": "Internal Server Error","error": {"code": "INTERNAL_SERVER_ERROR","message": "Internal Server Error","details": {}}}`
+
+### Register-Admin-Begin
+
+This endpoint is used for beginning the authentication process using webauthn for admin users who have not setup their webauthn credentials yet.
+
+- **URL**
+
+  `/auth/register-admin-begin`
+
+- **Method**
+  
+    `POST`
+
+- **Success Response**
+
+  - **Code:** 200
+  - **Content:** `{ "status":  200, "message": "WebAuthn login initiated", "data": {"options": {"some data"}, "sessionData": {"some data"}, "uuid": "some uuid"}, }`
+
+- **Error Response**
+
+  - **Code:** 400
+  - **Content:** `{"status":  400, "message": "Invalid email address": {"code": "INVALID_REQUEST_PAYLOAD","message": "Expected a valid format for email address": {}}}`
+
+- **Error Response**
+
+  - **Code:** 500
+  - **Content:** `{"status":  500, "message": "Internal Server Error","error": {"code": "INTERNAL_SERVER_ERROR","message": "Internal Server Error","details": {}}}`
+
+**_Example json to send:_**
+  
+  ```json copy
+  {
+    "email": "test@example.com"
+  }
+
+  ```
+
+### Register-Admin-Finish
+
+This endpoint is used for finishing the authentication process using webauthn for admin users who have not setup their webauthn credentials yet.
+
+- **URL**
+
+  `/auth/register-admin-finish/${uuid}` // the uuid is gotten from the response of the register-admin-begin endpoint
+
+- **Method**
+  
+    `POST`
+
+- **Success Response**
+
+  - **Code:** 200
+  - **Content:** `{ "status":  200, "message": "Successful login!", "data": {}, }`
+
+- **Error Response**
+  
+    - **Code:** 400
+    - **Content:** `{"status":  400, "message": "Expected id field": {"code": "INVALID_REQUEST_PAYLOAD","message": "Expected an id field": {}}}`
+
+- **Error Response**
+  
+    - **Code:** 500
+    - **Content:** `{"status":  500, "message": "Internal Server Error","error": {"code": "INTERNAL_SERVER_ERROR","message": "Internal Server Error","details": {}}}`
+
 ### Register
 
 - **URL**

From 4d0dc13323c9ac50d71a42f44658a8d8713779c6 Mon Sep 17 00:00:00 2001
From: Rethakgetse-Manaka <rethakgetse11@gmail.com>
Date: Sun, 4 Aug 2024 14:08:12 +0200
Subject: [PATCH 10/20] Dockerfile included

---
 python-code/Dockerfile | 20 ++++++++++++++++++++
 python-code/app.py     |  4 ++--
 2 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 python-code/Dockerfile

diff --git a/python-code/Dockerfile b/python-code/Dockerfile
new file mode 100644
index 00000000..516040bc
--- /dev/null
+++ b/python-code/Dockerfile
@@ -0,0 +1,20 @@
+# Use the official Python image from the Docker Hub
+FROM python:3.9-slim
+
+# Set the working directory in the container
+WORKDIR /app
+
+# Copy the requirements file into the container
+COPY requirements.txt requirements.txt 
+
+# Install the dependencies
+RUN pip install -r requirements.txt
+
+# Copy the rest of the application code into the container
+COPY . .
+
+# Expose the port the app runs on
+EXPOSE 9000
+
+# Define the command to run the application using Gunicorn
+CMD ["gunicorn", "app:app", "-b", "0.0.0.0:9000", "-w", "4"]
diff --git a/python-code/app.py b/python-code/app.py
index 7b9e24bd..c52b7740 100644
--- a/python-code/app.py
+++ b/python-code/app.py
@@ -34,7 +34,7 @@ def predict():
         # Set factor based on special event
         # factor = 1.5 if special_event else 1.0
 
-        predicted_class, predicted_attendance_level = get_prediction(day_of_week, month, day_of_month, weekend, special_event, scaler, factor)
+        predicted_class, predicted_attendance_level = get_prediction(day_of_week, month, day_of_month, weekend, special_event, scaler)
         
         return jsonify({
             'Day_of_Week': day_of_week,
@@ -74,7 +74,7 @@ def predict_week():
             # factor = 1.5 if special_event else 1.0
             
             # Get prediction
-            predicted_class, predicted_attendance_level = get_prediction(day_of_week, month, day_of_month, weekend, special_event, scaler, factor)
+            predicted_class, predicted_attendance_level = get_prediction(day_of_week, month, day_of_month, weekend, special_event, scaler)
             
             # Append the results
             predictions.append({

From 8e0cc57d16cc92a5ff800f3a22f75eb4cb968685 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 14:36:29 +0200
Subject: [PATCH 11/20] =?UTF-8?q?chore=F0=9F=8F=83=E2=80=8D=E2=99=82?=
 =?UTF-8?q?=EF=B8=8F=F0=9F=91=9F:=20Update=20TensorFlow=20Serving=20API=20?=
 =?UTF-8?q?URL=20in=20prediction.py=20and=20Dockerfile=20and=20docker-comp?=
 =?UTF-8?q?ose=20file=20and=20actions?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/deploy-models.yml |  47 -------------
 .github/workflows/deploy-python.yml | 105 ++++++++++++++++++++++++++++
 python-code/Dockerfile              |  20 ++++++
 python-code/docker-compose.yml      |  29 ++++++--
 python-code/prediction.py           |   2 +-
 5 files changed, 149 insertions(+), 54 deletions(-)
 delete mode 100644 .github/workflows/deploy-models.yml
 create mode 100644 .github/workflows/deploy-python.yml
 create mode 100644 python-code/Dockerfile

diff --git a/.github/workflows/deploy-models.yml b/.github/workflows/deploy-models.yml
deleted file mode 100644
index ef3f26d0..00000000
--- a/.github/workflows/deploy-models.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-name: Deploy Models 🤖🧠
-
-on:
-    push:
-        branches: ["develop"]
-        paths: [
-            "models/**",
-            ".github/workflows/deploy-models.yml"
-        ]
-
-    workflow_dispatch:
-
-defaults:
-    run:
-        working-directory: models
-
-jobs:
-    deploy:
-          name: 🛳️ Deploy Models 🤖🧠
-          runs-on: ubuntu-latest
-  
-          steps:
-              - name: ⬇️ Checkout code
-                uses: actions/checkout@v4
-  
-              - name: 🪷 Copy files to VM
-                uses: appleboy/scp-action@v0.1.5
-                with:
-                    host: ${{ secrets.VM_IP }}
-                    username: ${{ secrets.VM_USERNAME }}
-                    key: ${{ secrets.VM_SSH_KEY }}
-                    source: "models/attendance_model,models/docker-compose.yml"
-                    target: "/home/${{ secrets.VM_USERNAME }}/model"
-  
-              # SSH to VM and run commands
-              - name: 🚀 SSH to VM
-                uses: appleboy/ssh-action@master
-                with:
-                    host: ${{ secrets.VM_IP }}
-                    username: ${{ secrets.VM_USERNAME }}
-                    key: ${{ secrets.VM_SSH_KEY }}
-                    script: |
-                        cd /home/${{ secrets.VM_USERNAME }}/model/models
-                        echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
-                        docker compose -f docker-compose.yml down
-                        docker compose -f docker-compose.yml pull
-                        docker compose -f docker-compose.yml up -d
diff --git a/.github/workflows/deploy-python.yml b/.github/workflows/deploy-python.yml
new file mode 100644
index 00000000..59ebc683
--- /dev/null
+++ b/.github/workflows/deploy-python.yml
@@ -0,0 +1,105 @@
+name: Build 🏗️ and Deploy Python App 🛳️
+
+on:
+    push:
+        branches: ["develop"]
+        paths: [
+            "python-code/**",
+            ".github/workflows/build-python.yml"
+        ]
+
+    workflow_dispatch:
+
+defaults:
+    run:
+        working-directory: python-code
+
+jobs:
+    build:
+        name: 🏗️ Build
+        runs-on: ubuntu-latest
+    
+        strategy:
+          matrix:
+            python-version: [3.8, 3.9, 3.11]
+    
+        steps:
+        - name: ⬇️ Checkout repository
+          uses: actions/checkout@v4
+    
+        - name: 🏗 Set up Python ${{ matrix.python-version }}
+          uses: actions/setup-python@v5
+          with:
+            python-version: ${{ matrix.python-version }}
+    
+        - name: 📦 Install dependencies
+          run: |
+            python -m pip install --upgrade pip
+            pip install -r requirements.txt
+    
+        - name: ✅ Build completed
+          run: echo "Build completed successfully!"
+    
+    build-push-docker:
+        name: 🐋 Build and Push Docker Image
+        runs-on: ubuntu-latest
+        needs: build
+    
+        steps:
+        - name: ⬇️ Checkout repository
+          uses: actions/checkout@v4
+    
+        - name: 🏗 Set up QEMU
+          uses: docker/setup-qemu-action@v3
+    
+        - name: 🏗 Set up Docker Buildx
+          uses: docker/setup-buildx-action@v3
+    
+        - name: 🧑‍💻 Login to DockerHub
+          uses: docker/login-action@v3
+          with:
+            username: ${{ secrets.DOCKER_USERNAME }}
+            password: ${{ secrets.DOCKER_PASSWORD }}
+    
+        - name: 🐳 Build and push Docker image
+          uses: docker/build-push-action@v5
+          with:
+              context: attendance-model
+              file: python-code/Dockerfile
+              platforms: linux/amd64,linux/arm64
+              push: true
+              tags: ${{ secrets.DOCKER_USERNAME }}/attendance-model:latest
+
+    deploy:
+        name: 🛳️ Deploy Python App 🐳
+        runs-on: ubuntu-latest
+        needs: build-push-docker
+    
+        steps:
+        - name: ⬇️ Checkout repository
+          uses: actions/checkout@v4
+    
+        - name: 🪷 Copy files to VM
+          uses: appleboy/scp-action@v0.1.5
+          with:
+              host: ${{ secrets.VM_IP }}
+              username: ${{ secrets.VM_USERNAME }}
+              key: ${{ secrets.VM_SSH_KEY }}
+              source: "python-code/docker-compose.yml,models/attendance_model"
+              target: "/home/${{ secrets.VM_USERNAME }}/attendance-model"
+    
+        - name: 🚀 SSH to VM
+          uses: appleboy/ssh-action@master
+          with:
+              host: ${{ secrets.VM_IP }}
+              username: ${{ secrets.VM_USERNAME }}
+              key: ${{ secrets.VM_SSH_KEY }}
+              script: |
+                  cd /home/${{ secrets.VM_USERNAME }}/attendance-model/python-code
+                  echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+                  ATTENDANCE_MODEL_PATH=/home/${{ secrets.VM_USERNAME }}/attendance-model/models/attendance_model \ 
+                  DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }} docker compose -f docker-compose.yml down
+                  ATTENDANCE_MODEL_PATH=/home/${{ secrets.VM_USERNAME }}/attendance-model/models/attendance_model \ 
+                  DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }} docker compose -f docker-compose.yml pull
+                  ATTENDANCE_MODEL_PATH=/home/${{ secrets.VM_USERNAME }}/attendance-model/models/attendance_model \ 
+                  DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }} docker compose -f docker-compose.yml up -d
diff --git a/python-code/Dockerfile b/python-code/Dockerfile
new file mode 100644
index 00000000..881fdb00
--- /dev/null
+++ b/python-code/Dockerfile
@@ -0,0 +1,20 @@
+# Use the official Python image from the Docker Hub
+FROM python:3.9-slim
+
+# Set the working directory in the container
+WORKDIR /app
+
+# Copy the requirements file into the container
+COPY requirements.txt requirements.txt 
+
+# Install the dependencies
+RUN pip install -r requirements.txt
+
+# Copy the rest of the application code into the container
+COPY . .
+
+# Expose the port the app runs on
+EXPOSE 9000
+
+# Define the command to run the application using Gunicorn
+CMD ["gunicorn", "app:app", "-b", "0.0.0.0:9000", "-w", "4"]
\ No newline at end of file
diff --git a/python-code/docker-compose.yml b/python-code/docker-compose.yml
index 06d60af6..63c8127b 100644
--- a/python-code/docker-compose.yml
+++ b/python-code/docker-compose.yml
@@ -1,18 +1,35 @@
-version: '3.8'
-
 services:
-  web:
-    build: .
+  attendance-model:
+    image: $DOCKER_USERNAME/attendance-model:latest
+    container_name: attendance-model
+    build: 
+      context: .
+      dockerfile: Dockerfile
+    networks:
+      - webnet
     ports:
       - "9000:9000"
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    restart: on-failure:5
     depends_on:
       - model
 
   model:
     image: tensorflow/serving:latest
+    container_name: model
     environment:
-      - MODEL_NAME=attendance_model
+      MODEL_NAME: attendance_model
     volumes:
-      - ../models/attendance_model:/models/attendance_model
+      - $ATTENDANCE_MODEL_PATH:/models/attendance_model
     ports:
       - "8501:8501"
+    command: >
+      sh -c 'tensorflow_model_server --port=8501 --model_name=attendance_model --model_base_path=/models/attendance_model'
+    networks:
+      - webnet
+    restart: on-failure:5
+
+networks:
+  webnet:
+    external: true
\ No newline at end of file
diff --git a/python-code/prediction.py b/python-code/prediction.py
index c054f394..faebb626 100644
--- a/python-code/prediction.py
+++ b/python-code/prediction.py
@@ -6,7 +6,7 @@
 import logging
 
 # Define the URL for the TensorFlow Serving API
-url = 'http://model:8501/v1/models/attendance_model:predict'
+url = 'http://localhost:8501/v1/models/attendance_model:predict'
 
 # Define the attendance levels based on the bin ranges
 attendance_levels = ["0-300", "300-600", "600-900", "900-1200", "1200-1500", "1500-1800", "1800+"]

From 58459c3e517cffb6f7886f22e460cf464e4e558f Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 14:43:09 +0200
Subject: [PATCH 12/20] =?UTF-8?q?update=F0=9F=98=AA:=20fixing=20incorrect?=
 =?UTF-8?q?=20actions=20file=20paths?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/deploy-python.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-python.yml b/.github/workflows/deploy-python.yml
index 53ee5827..a5bfe0f7 100644
--- a/.github/workflows/deploy-python.yml
+++ b/.github/workflows/deploy-python.yml
@@ -65,7 +65,7 @@ jobs:
         - name: 🐳 Build and push Docker image
           uses: docker/build-push-action@v5
           with:
-              context: attendance-model
+              context: python-code
               file: python-code/Dockerfile
               platforms: linux/amd64,linux/arm64
               push: true

From 9d4bb3424d5d1b64f8ff3b04b62cb5e51ee96a67 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 14:43:49 +0200
Subject: [PATCH 13/20] chore: Fix typo in file path for deploy-python.yml

---
 .github/workflows/deploy-python.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/deploy-python.yml b/.github/workflows/deploy-python.yml
index a5bfe0f7..5d76751a 100644
--- a/.github/workflows/deploy-python.yml
+++ b/.github/workflows/deploy-python.yml
@@ -6,7 +6,7 @@ on:
         paths: [
             "python-code/**",
             "models/**",
-            ".github/workflows/deeploy-python.yml"
+            ".github/workflows/deploy-python.yml"
         ]
 
     workflow_dispatch:

From 59dc1364b68b22f0453001e244fa6d8815061087 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 16:22:37 +0200
Subject: [PATCH 14/20] chore: Move attendance model to python-code directory
 and update docker-compose.yml

---
 .github/workflows/deploy-python.yml          | 6 ++----
 occupi-backend/pkg/handlers/auth_handlers.go | 5 -----
 python-code/docker-compose.yml               | 2 +-
 3 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/deploy-python.yml b/.github/workflows/deploy-python.yml
index 5d76751a..38db40b3 100644
--- a/.github/workflows/deploy-python.yml
+++ b/.github/workflows/deploy-python.yml
@@ -97,10 +97,8 @@ jobs:
               key: ${{ secrets.VM_SSH_KEY }}
               script: |
                   cd /home/${{ secrets.VM_USERNAME }}/attendance-model/python-code
-                  echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
-                  ATTENDANCE_MODEL_PATH=/home/${{ secrets.VM_USERNAME }}/attendance-model/models/attendance_model \ 
+                  mv /home/${{ secrets.VM_USERNAME }}/attendance-model/models/attendance_model /home/${{ secrets.VM_USERNAME }}/attendance-model/python-code
+                  echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin 
                   DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }} docker compose -f docker-compose.yml down
-                  ATTENDANCE_MODEL_PATH=/home/${{ secrets.VM_USERNAME }}/attendance-model/models/attendance_model \ 
                   DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }} docker compose -f docker-compose.yml pull
-                  ATTENDANCE_MODEL_PATH=/home/${{ secrets.VM_USERNAME }}/attendance-model/models/attendance_model \ 
                   DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }} docker compose -f docker-compose.yml up -d
diff --git a/occupi-backend/pkg/handlers/auth_handlers.go b/occupi-backend/pkg/handlers/auth_handlers.go
index a520c671..31122907 100644
--- a/occupi-backend/pkg/handlers/auth_handlers.go
+++ b/occupi-backend/pkg/handlers/auth_handlers.go
@@ -377,11 +377,6 @@ func Register(ctx *gin.Context, appsession *models.AppSession) {
 		logrus.WithError(err).Error("Error sending OTP email")
 		return
 	}
-
-	ctx.JSON(http.StatusOK, utils.SuccessResponse(
-		http.StatusOK,
-		"Registration successful! Please check your email for the OTP to verify your account.",
-		nil))
 }
 
 // handler for generating a new otp for a user and resending it via email
diff --git a/python-code/docker-compose.yml b/python-code/docker-compose.yml
index 63c8127b..8f78dd0b 100644
--- a/python-code/docker-compose.yml
+++ b/python-code/docker-compose.yml
@@ -21,7 +21,7 @@ services:
     environment:
       MODEL_NAME: attendance_model
     volumes:
-      - $ATTENDANCE_MODEL_PATH:/models/attendance_model
+      - attendance_model:/models/attendance_model
     ports:
       - "8501:8501"
     command: >

From 599e5d6b06064866d69454568542f7af69c76f9d Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 16:53:07 +0200
Subject: [PATCH 15/20] chore: Update docker-compose.yml to fix volume path for
 attendance model

---
 python-code/docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python-code/docker-compose.yml b/python-code/docker-compose.yml
index 8f78dd0b..a41977fb 100644
--- a/python-code/docker-compose.yml
+++ b/python-code/docker-compose.yml
@@ -21,7 +21,7 @@ services:
     environment:
       MODEL_NAME: attendance_model
     volumes:
-      - attendance_model:/models/attendance_model
+      - /attendance_model:/models/attendance_model
     ports:
       - "8501:8501"
     command: >

From 8c191f96cb601dec512b1c9e6df2a9917a84cf1b Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 17:15:24 +0200
Subject: [PATCH 16/20] chore: Add ping route to check if Prediction API is up
 and running

---
 python-code/app.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/python-code/app.py b/python-code/app.py
index c52b7740..0a31bdf9 100644
--- a/python-code/app.py
+++ b/python-code/app.py
@@ -19,6 +19,10 @@ def is_special_event(date):
     special_events_dates = [(7, 4), (12, 25), (4, 23), (12, 9), (8, 5), (3, 6), (11, 27), (3, 10), (7, 26)]  # Example: 4th of July, Christmas
     return 1 if (date.month, date.day) in special_events_dates else 0
 
+@app.route('/', methods=['GET'])
+def ping():
+    return jsonify({'response': 'Prediction API is up and running'})
+
 @app.route('/predict', methods=['GET'])
 def predict():
     try:

From 0f769020e0df57bd9badbe69110eed1cd04186ee Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 17:15:54 +0200
Subject: [PATCH 17/20] chore: Update ping route to return 200 status code

---
 python-code/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python-code/app.py b/python-code/app.py
index 0a31bdf9..d8720948 100644
--- a/python-code/app.py
+++ b/python-code/app.py
@@ -21,7 +21,7 @@ def is_special_event(date):
 
 @app.route('/', methods=['GET'])
 def ping():
-    return jsonify({'response': 'Prediction API is up and running'})
+    return jsonify({'response': 'Prediction API is up and running'}), 200
 
 @app.route('/predict', methods=['GET'])
 def predict():

From 3aa7bf028f079537dfd6e9f7f570e2fba4f1cc22 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 19:20:45 +0200
Subject: [PATCH 18/20] chore: Update TensorFlow Serving API URL in
 prediction.py

---
 python-code/prediction.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python-code/prediction.py b/python-code/prediction.py
index faebb626..c054f394 100644
--- a/python-code/prediction.py
+++ b/python-code/prediction.py
@@ -6,7 +6,7 @@
 import logging
 
 # Define the URL for the TensorFlow Serving API
-url = 'http://localhost:8501/v1/models/attendance_model:predict'
+url = 'http://model:8501/v1/models/attendance_model:predict'
 
 # Define the attendance levels based on the bin ranges
 attendance_levels = ["0-300", "300-600", "600-900", "900-1200", "1200-1500", "1500-1800", "1800+"]

From ee8b8a25a3a0d40689539112eb50dcb05b027239 Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Sun, 4 Aug 2024 22:53:45 +0200
Subject: [PATCH 19/20] =?UTF-8?q?feat'=E2=9C=A8:=20after=20a=20long=20batt?=
 =?UTF-8?q?le,=20webauthn=20works=20on=20web(locally)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 frontend/occupi-web/bun.lockb                 | Bin 538373 -> 538301 bytes
 frontend/occupi-web/src/AuthService.ts        | 122 +++++++++++++++++-
 .../occupi-web/src/pages/Login/LoginForm.tsx  | 117 ++++++++---------
 occupi-backend/configs/config.yaml.gpg        | Bin 391 -> 394 bytes
 occupi-backend/configs/dev.deployed.yaml.gpg  | Bin 1012 -> 1015 bytes
 occupi-backend/configs/dev.localhost.yaml.gpg | Bin 936 -> 940 bytes
 occupi-backend/configs/prod.yaml.gpg          | Bin 1004 -> 1009 bytes
 occupi-backend/configs/test.yaml.gpg          | Bin 863 -> 867 bytes
 8 files changed, 175 insertions(+), 64 deletions(-)

diff --git a/frontend/occupi-web/bun.lockb b/frontend/occupi-web/bun.lockb
index a62ff0dd891195996d87ba36ac0ca7e76237b0d4..b48bafbc343594afe9cc8c37232920bc3ca36aa5 100644
GIT binary patch
delta 3744
zcmXY!2XK@{7>4i2-9duwEMrB9grb5HP(cMT7!VbRQBbiU87yEd1jx`0F~p!Cgt`<3
zBN~l>5&;h>LO>A}M^qeURA$VefOItW`n>w?__5#rykFjbcmLhJvHVE$4Tqao_KmhH
z%`4A~mghAp&r4gK7aP1M+9a&p6YG;Kj71{RNF>sjP%8|{Z)2x*eZ)8ol=Ytwi9BjX
z7ineo7!Rt66K&0kLV+xXyIjtfSsG#1gy#-sBhAuz?qpURYGpCXQd97?mPVVMz;k!A
zF=i+7oNG2VM8CsgoTZb&H(45Qb_&lc^*6K$W=ZlF%$^AOvM8~18qyL=6U|PC6`Pfs
zodJ8u?8#6ii!w`RBBfiJWOf!Tp-(_7hiN&_CK{Vf4##EjjLXkOTA|6)rkI^azRh27
zDy$LD&4|y;riGlnSWI{M1xSUKDq(tKbD}+r$H*+#Ws+a!y4hidEaq5hfz;a4T(d0L
zngsvQ0!*W5NvwtGgU=83vRL5q)}Y}?`tA#18T4(45w>{Qbr-=#npKDFeOT03x&&#o
zrPs`~3&)r(HERdUHCq-+WwG3nc4h}lubZ`pZ6H^BgI*KKCf+ft4WG*5O_z5>+Ci=f
ztTelv{BxJDqL;-L#P?=zh0Og}q+G6j|GT9%W}RV6%-%M;3N}oii?%it$zq+QYd{k$
ztvBle>rH6$YeE`DSE3)GwlUPnVw20eftGuB)|p)gTWYr1EC)6Yrp>=4B)`YvT}#)4
z8oY7eGs}hjWVRKiQS=~wH`^8pWbuK^Z$L_VA|JZE7wlBC?J)j}+(?{mwj<QaLMtxQ
zn~AfKbhLJwX&ugU`4=#aq7Tu`Y*&aLz~W1n=OJBS=_|8aV3}rLo8`k=nC%YvviJr`
z<Tj$Er9Cd!%C|QA)~r9QjoEjhN*4Pp-GLOdwBPJbSlmq8NfRDGoJ4XC{ef^?76&ce
z4O-~?;*i-rupv5<w8Liil2?$c9SJ!Hu{dh!K2R}-UH8T@n3ir3QST4<gX;=lyE#i)
z^go6fvS_e07*vL&L;sW6{p8P>{cQFCY>L@0p<WihT6zd+uBG41hQPWp3f&PpKN`?b
zVvK%|Xn%z4Ls<N2sSvb^rPE>l%j^;IAuj*h>`_=2uhJ?0CzN7QqF*?<KTcGU>o7;n
zhLO*)MI*B!SW|MH>@>6C<jZ)4TFh(&d9}Z0+-xLl8lmHxfbpwwQlyxNorGGmka?JC
zosXt(F^U+Z!O@!AV>EeN#9aDJvoYkIe3mZ^MY3pNX&lmGEOhv?%*K=VU}!pgEzKs7
z_x5mGg*sWZM$#xsi2jx?a`{BqZ4zl0o0XFHgX#QU5|T%-Xltnq)E*0+)pjuUTx1f_
z!R&I^mBV^^!dHX>SzKwU0;#v9PB0B<GSSEEYS%pt>u+{VsFg(*OH+`lk#q%gHJeJl
z)aBQjJqugJM07253(=!kTxV%IXcFbR9dgVn$yeB-yV(rbYS^vx*N1#r<XV~q+UoKi
zX0u`2VY*p*n$02q#C11>Dp~Zh6p&^j>4Le@Y#w=I7Ud55o6P2ur^D`|zd0PoVnA<8
z3qb?DW&4;t2it}1Ao{*$&y%myTGR4iN*573$<=Ok-QrMmj1j&7(y37EXQ_%@ORLu3
z>_zf!X1ALy33ak~3288+(B^*(NpF0a=*R{iOJC&jYVu-l!Qn7X=9Q2<j>W5_qb-ec
zc@69;yvn4Ry+(eBx^jBmEW9<cG!)2U8R;%tjI*>Hwi~9cINt1a@_Y1mv<YT!gj!jw
z0PVF@VyPCk&upUEo3Q<6rDiKb^am_fAsw((W@$C-pxGp|w_u0N%FR+CUlwbSj##R&
z^fv6M*<`b|uw!OVo2?5~Sd^?sn!~)c#im%=K(7B0SU^7&rlop^*uWBN&rEaOMsa;Y
z+H|u`<QrXAX;ufTGn-+y8TLh-`$rpYrr{Ryz2uAOXPLcA{vc!5)|qYg9{CV6-Qk+r
zR$>|>)z+D7_C9%~SuooM+XK@km>1{%(;t681fW)9z6(Dje;82%SYY-MxmHUrTWGeO
zd?rjUd(P}*a`~zLd9%*?S*5MW0MIhJ6nE?p1~kOZO$}>^oseuaC>F-X<E=8Zq??G%
zX{kl=_|Iv{p8R1pBhmV6ZR^77^!Oi%t)yGh!sd+lh36C^>xHw4dBit<$@-kow;|Rl
z)uw6u>nqcb=~|;bl{&F|ykDY8bYOPpOFLegT`{y*JT<ge;(>wbJE{}^l~ks7RVSip
V>6>c)e{NY(Uz14H*EG(0_Fol0!t4M5

delta 3814
zcmXYy3v^Y*8HLYH?hOf6+bg<6%OjCMaMdmev;``N!GKY*X#}JXt7NGqN~r`0ghvP|
zL=X@N2m_)(qyzy`BH%?ZKu{=csc5m)uGZC3<R#D8XswU7-^M+QpZU+X|Lij}XJ&5G
zx$N5W*^7P<tEefiEsoU|r_~mxZ!eBNcr3lJH6H33GTMcM$KrjGqvBB%i=wCvp*AWc
zKZv*MUuK*R%Dp5+(IaMbQ8%+kc~DJ)xY2A(D3!%8T`uRFEInqH$#YM$v1VC3_ckjJ
zjj|YT=`!#wmL`~ejpu=86=s+7Txd2i#ExSz$<o)scUr16`v%Wj^*6N1W=ZljW>Z3m
zET&p&hqTtxG_$K<6=qdtSHnh`O%L_5sJ3(sQkJC|X6<1a`UJEZn3nTeqK(<C&?1Y+
zUH(m^Et))Swpj=AgZ_eZU}-#eB>reNHx!(}VxG%8BaOB+AEq~E6Fp!&Mhjh+Lw=L%
z7KJ)l)LH6+lxJzNSuSix2LI8Pz%+`k#7>w#_|kAx7Ry|o2O5W@?;c=n>AMr-ZBg&K
z8(<U6o(uUWu~=v6TS%3b8qBl{C!4J|`!=l5?D<e5iw%~vGkaRvXx0PPM6R}pUK7bD
zcAISuZ_DCEm-j+?i(C_U$?QAiM_j&zUKZaaPMf_Pa!z5f)#cjvpIO>w)(5uMY`a-s
z*jRlo+AE=47AZ?NgQ_g;FzW{!LTK~93ezb16T=9#U7=YPuep2xXtQ^x=C2KSE3wH;
z^A{^1roy!O_k`qWEcRNu4b-X{TC-Up`NwAaU>e0B;xn^1La8kFyZm;fq$hH~<wdY7
z%?`r&7u`WzWp*eu%Hpss?m}vhq@$%TqZer%I=K98m_~6o(b4Qkh<%8~pIu&z)Y;Oz
zW<P}Gn7wCK0_$S-mrx>$zafbXCAwPryUVrmd1n7G8xHGkb~Mz>;+UloNO4OanEeQr
zFgtGcW7rkU@;dqxp+y!aE&UX<()YzFv-@CWI+8T)NUhJ$2;C=YABKW6Se&u+0H}h)
zu6yGwOiMSCIO-30-gTw0_c=?s^cO;%EG}Al5Hu4>hrY$^A@aFqADKN2n`ic~a8wqp
zmPR2hv-Gi98EgQf&>iuK*(2nW^?OA7cgR1B#iy1=gSN4BI?Vqu`vrNK%XI`br!hn>
zuhJ?0Jk(%O{e`8+K=qXCFn?(_mVBu#{%ckay9}n2{XesD<S&q4YG``Zc%s2yGiEjc
zwt&#_O@r~PaYa<Y!#jl9wISym)4C2#-(nImQf9Oc_NXMk5wVcIquFHg-agBnLb)tD
zTbhcr8Veo1Y_n<PgBY3)UyfN7`4A8H`p_(kE=U?hH8I>$SC`L#4V6giW>!N!45ss&
z7n0|(=x%8ys0S80t2e;dbI~lKr&$lz)xrjQ!ug?87CkM^MjB$N7fb`1L)>llJ=Z+}
z8*bJ+G|HlnrFlpVNV)?0n$0KQ<nr&EJqcUIM073O9AX!+=x1pmXcpzV9r~LsBHv<*
zTg>WU+hO<64+tf)xYg1U&;gehm^}qM1k=qj&}=FBVb|Rj>Sa-ADIhII(gicfY&m%w
z7G(teV6zqES+Jkb-yT}9s4lX!5_B(HR=2|)X3vn{?`?di*|V^BdDTezyUbRR@6!6y
zhQK&b(Q4uya<zM0w}$+mW<$SXX;FPBzsOXcL(^iZ4R`%o@&RV|n*AE4BQud00prL-
z>q4_E8c2Jw>!;9{yL>%)h4<w+m}c`lF$p$<exmC(gk%dA8$o@U$xQl6OPk2gQeI21
z>qej81>y)yn{bNR=1?k&7eVh^nr7)G*nR$VRc2dY$IYgjHHJo6yo_|x(hN&mVW-S$
z%(lT!oBhgcdx(96#Vbf>EX}f%f}J(1HQNC@XZE<+tD!^|JCQC}nqz4f?4sEdX0O5i
z3e*0aYt|I%v8dh+8po19O+O!rWr_9>O)RlC%>tM2CEsnf&~?qQJ!W;T+XrhlTWt0^
zY@gW@|Lq&FKP9-Rv<r1%YsmYF6Xa{?mzf<P|2g71`e61O@-nmKW(Q#l7`?XB3bWsm
zFEV@D?02wZu+8)<6I_&f@$ZQMY@&b0g@?$yA!_u`n*D+NQJ4m`%Ir<@rTnc1u-fb}
z`C^y`u*U2ya=k<K^=4x;^@~dTG$dQ&d8vM_@yui>N+fbqm5D@add^7X!9+eU)hE#>
z(30;Zw9NZLRaWBjE3-8w9$zOk=Db*#-ZpW4r%vRf3BC6zVmZ-WKZUgTz|_vRiL~BX
zeRO@%-c0Q;NDRx!q~=naol}%Z<rHN+e1BH^^|~;k=)Kg!hKyKxR_4a9p2y5yu^}V1
KVndtUC;tzYE6I-l

diff --git a/frontend/occupi-web/src/AuthService.ts b/frontend/occupi-web/src/AuthService.ts
index 2f287007..ad2997c6 100644
--- a/frontend/occupi-web/src/AuthService.ts
+++ b/frontend/occupi-web/src/AuthService.ts
@@ -12,7 +12,100 @@ const AuthService = {
       });
       return response.data;
     } catch (error) {
-      if (axios.isAxiosError(error) && error.response) {
+      if (axios.isAxiosError(error) && error.response?.data) {
+        throw error.response.data;
+      }
+      throw new Error('An unexpected error occurred');
+    }
+  },
+
+  webauthnRegister: async (email: string) => {
+    try {
+      const response = await axios.post(`${API_URL}/register-admin-begin`, {
+        email,
+      });
+
+      if (response.data.message === "Please check your email for an otp."){
+        return response.data;
+      }
+      
+      response.data.data.options.publicKey.challenge = bufferDecode(response.data.data.options.publicKey.challenge);
+      response.data.data.options.publicKey.user.id = bufferDecode(response.data.data.options.publicKey.user.id);
+
+      const credential: any = await navigator.credentials.create({ publicKey: response.data.data.options.publicKey });
+
+      if (!credential) {
+        throw new Error('Failed to create credential');
+      }
+
+      const credentialJSON = JSON.stringify({
+          id: credential.id,
+          rawId: bufferEncode(credential.rawId),
+          type: credential.type,
+          response: {
+              attestationObject: bufferEncode(credential.response.attestationObject),
+              clientDataJSON: bufferEncode(credential.response.clientDataJSON),
+          },
+      });
+
+      // Send the credential to the server
+      const response2 = await axios.post(`${API_URL}/register-admin-finish/${response.data.data.uuid}`, credentialJSON);
+
+      return response2.data;
+    } catch (error) {
+      if (axios.isAxiosError(error) && error.response?.data) {
+        throw error.response.data;
+      }
+      throw new Error('An unexpected error occurred, please try again');
+    }
+  },
+
+  webauthnLogin: async (email: string) => {
+    try {
+      const response = await axios.post(`${API_URL}/login-admin-begin`, {
+        email,
+      });
+
+      if (response.data.message === "Please check your email for an otp."){
+        return response.data;
+      }
+      
+      // if backend returns this message: "Error getting user credentials, please register for WebAuthn",
+      // then do an automatic call to register function
+      if (response.data.message === "Error getting user credentials, please register for WebAuthn") {
+        const response3 = await AuthService.webauthnRegister(email);
+        return response3;
+      }
+
+      response.data.data.options.publicKey.challenge = bufferDecode(response.data.data.options.publicKey.challenge);
+      response.data.data.options.publicKey.allowCredentials.forEach(function (listItem: any) {
+        listItem.id = bufferDecode(listItem.id)
+      });
+
+      const assertion: any = await navigator.credentials.get({ publicKey: response.data.data.options.publicKey });
+
+      if (assertion === null) {
+        throw new Error('No assertion returned');
+      }
+
+      const assertionJSON = JSON.stringify({
+          id: assertion.id,
+          rawId: bufferEncode(assertion.rawId),
+          type: assertion.type,
+          response: {
+              authenticatorData: bufferEncode(assertion.response.authenticatorData),
+              clientDataJSON: bufferEncode(assertion.response.clientDataJSON),
+              signature: bufferEncode(assertion.response.signature),
+              userHandle: bufferEncode(assertion.response.userHandle),
+          },
+      });
+      
+      // Send the assertion to the server
+      const response2 = await axios.post(`${API_URL}/login-admin-finish${response.data.data.uuid}`, assertionJSON);
+
+      return response2.data;
+    } catch (error) {
+      if (axios.isAxiosError(error) && error.response?.data) {
         throw error.response.data;
       }
       throw new Error('An unexpected error occurred');
@@ -28,7 +121,7 @@ const AuthService = {
       });
       return response.data;
     } catch (error) {
-      if (axios.isAxiosError(error) && error.response) {
+      if (axios.isAxiosError(error) && error.response?.data) {
         throw error.response.data;
       }
       throw new Error('An unexpected error occurred Whilst Logging out');
@@ -83,4 +176,29 @@ const AuthService = {
 
 };
 
+function bufferEncode(value: ArrayBuffer): string {
+  return btoa(String.fromCharCode(...new Uint8Array(value)))
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=+$/, '');
+}
+
+function bufferDecode(value: string | null): Uint8Array | null {
+  if (value === null) {
+    return null;
+  }
+
+  // Replace URL-safe characters with standard Base64 characters
+  value = value.replace(/-/g, '+').replace(/_/g, '/');
+
+  // Add necessary padding
+  while (value.length % 4) {
+    value += '=';
+  }
+
+  // Decode Base64 string
+  return Uint8Array.from(atob(value), c => c.charCodeAt(0));
+}
+
+
 export default AuthService;
\ No newline at end of file
diff --git a/frontend/occupi-web/src/pages/Login/LoginForm.tsx b/frontend/occupi-web/src/pages/Login/LoginForm.tsx
index 076807ce..c2fd9873 100644
--- a/frontend/occupi-web/src/pages/Login/LoginForm.tsx
+++ b/frontend/occupi-web/src/pages/Login/LoginForm.tsx
@@ -2,7 +2,6 @@ import { useState } from "react";
 import { loginpng, OccupiLogo } from "@assets/index";
 import { Checkbox, GradientButton, InputBox } from "@components/index";
 import { useNavigate } from "react-router-dom";
-import { registerCredential, authenticateWithCredential } from './WebAuthn';
 import AuthService from "AuthService";
 import { useUser } from "UserContext";
 
@@ -24,19 +23,64 @@ const LoginForm = (): JSX.Element => {
   const handleLogin = async () => {
     setIsLoading(true);
     setError("");
-    
-    try {
-      const response = await AuthService.login(form.email, form.password);
-      console.log("Login response:", response);
-  
-console.log("Login:", form.email, form.password);
-      if (response.message.includes('check your email for an otp')) {
-        setRequiresOtp(true);
-        navigate("/otp", { state: { email: form.email } });
 
+    if (form.email === "") {
+      setError("Please fill in email field");
+      setIsLoading(false);
+      return;
+    }
+
+    if(!window.PublicKeyCredential){
+      if (form.password === "") {
+        setError("Please fill in password field");
+        setIsLoading(false);
+        return;
+      }
+
+      try{
+        const response = await AuthService.login(form.email, form.password);
+        console.log("Login response:", response);
+    
+  console.log("Login:", form.email, form.password);
+        if (response.message.includes('check your email for an otp')) {
+          setRequiresOtp(true);
+          navigate("/otp", { state: { email: form.email } });
+
+          setIsLoading(false);
+          return;
+        }
+      } catch (error) {
+        console.error("Login error:", error);
+        if (typeof error === 'object' && error !== null && 'message' in error) {
+          setError(error.message as string);
+        } else {
+          setError("An unexpected error occurred");
+        }
         setIsLoading(false);
         return;
       }
+    } else {
+      try {
+        const response = await AuthService.webauthnLogin(form.email);
+
+        if (response.message.includes('check your email for an otp')) {
+          setRequiresOtp(true);
+          navigate("/otp", { state: { email: form.email } });
+          setIsLoading(false);
+          return;
+        }
+      } catch (error) {
+        if (typeof error === 'object' && error !== null && 'message' in error) {
+          setError(error.message as string);
+        } else {
+          setError("An unexpected error occurred");
+        }
+        setIsLoading(false);
+        return;
+      }
+    }
+    
+    try {
       setUserDetails({ email: form.email /* other fields */ });
       const userDetails = await AuthService.getUserDetails(form.email);
       console.log("User details from API:", userDetails);
@@ -57,51 +101,6 @@ console.log("Login:", form.email, form.password);
     }
   };
 
-
-
-  // const handleOtpVerificationSuccess = async () => {
-  //   setRequiresOtp(false);
-  //   const userDetails = await AuthService.getUserDetails(form.email);
-  //   console.log("User details from API:", userDetails);
-  
-  //     setUserDetails(userDetails);
-  // };
-
-  // const handleOtpVerificationFailure = (error: string) => {
-  //   setError(error);
-  // };
-
-
-  const handleWebAuthnRegistration = async () => {
-    try {
-      setIsLoading(true);
-      const credential = await registerCredential();
-      console.log('Credential registered:', credential);
-      // Handle success (e.g., show success message, redirect)
-    } catch (error) {
-      console.error('Error registering credential:', error);
-      // Handle error (e.g., show error message)
-    } finally {
-      setIsLoading(false);
-    }
-  };
-
-  const handleWebAuthnAuthentication = async () => {
-    try {
-      setIsLoading(true);
-      const assertion = await authenticateWithCredential();
-      if (assertion) {
-        console.log('Authentication successful:', assertion);
-        navigate("/dashboard/overview");
-      }
-    } catch (error) {
-      console.error('Error authenticating with credential:', error);
-      // Handle error (e.g., show error message)
-    } finally {
-      setIsLoading(false);
-    }
-  };
-
   return (
     <div className="flex flex-col lg:flex-row justify-center items-center min-h-screen p-4">
       <div className="w-full lg:w-1/2 flex justify-center items-center mb-8 lg:mb-0 p-4">
@@ -144,13 +143,7 @@ console.log("Login:", form.email, form.password);
         {error && <p className="text-red-500 mt-2">{error}</p>}
 
         <div className="mt-5 w-full">
-          <GradientButton isLoading={isloading} Text="Login" isClickable={form.valid_email && form.valid_password} clickEvent={handleLogin}/>
-        </div>
-        <div className="mt-5 w-full">
-          <GradientButton isLoading={isloading} Text="Auth" isClickable={form.valid_email && form.valid_password} clickEvent={handleWebAuthnAuthentication}/>
-        </div>
-        <div className="mt-5 w-full">
-          <GradientButton isLoading={isloading} Text="Register" isClickable={form.valid_email && form.valid_password} clickEvent={handleWebAuthnRegistration}/>
+          <GradientButton isLoading={isloading} Text="Login" isClickable={form.valid_email} clickEvent={handleLogin}/>
         </div>
 
         <div className="flex items-center justify-center mt-5 mb-5">
diff --git a/occupi-backend/configs/config.yaml.gpg b/occupi-backend/configs/config.yaml.gpg
index 44c6fc3874f4cc11692d4e3c8e5ca80c4fe6b772..417bf467bd8abb9c498743fd3ef07ef95f82b217 100644
GIT binary patch
literal 394
zcmV;50d@Y24Fm}T0-Pc^h3sOzrvK8wxB*sKp?H@I)dXR=PTUTJzr1OxCX&Top(Z{P
zMo^E}BBM}PjZ<4zK6?qdYoY`tKB6Ozo&V+gUrZPkS%xLuey&Wfz@4G8uzVFRaJ#&P
zp0$UaWQt}fn2#L$qgNXJa%f&Gn{^N4<H?y=65cR8myI-bgsM>8+A~SqIT=P`P@=N*
zq8c10+f->o1f7AzNSR7YE0e*s@ZFU?QZht=Svv~5l?pTvBLa7j1@Bb^GtEn@{#*n&
zQ79hbkf*FxhxgUQCllaT4ZMUOf4gm;1*#%z5Ml<mo_M_GCHYSRHBf|rxR2z*BDp~=
z#Zh+SD=9w<C56fmV;)k@A}{O7-QMDm^TqNnYw=+fI(4Ifcs!cm$v*jzm5>>cHRvzG
zR~9^8@fH0R>vElLMHabI4pmp_>=#0+gX~nf@9aE7zL8oLcg=if=N3nkgpwGubgFE8
on=4kaBZor>9EN$u^&fARkGe~YzF`MiBS-gW=_#&F(z*&W$Ia5VbpQYW

literal 391
zcmV;20eJq54Fm}T0;3uwCEnvsN&nKowE=zT{%cn%iBbhkWSgxh3U_7RzmMCs!9+La
zXd8n<w_7Uj%N_~8D2Jc*5K^qW(!<A}+Cdan;6I~VB>42E5_oJZc_9N4VCr`m?@H-u
zCp|W;Gh~MDg|s@ujR5t9{vP@@6`3F>mkw{eu<WIPb8@>I<-x!Ut^{X_5P;X}l?Ffl
zx=+d9UwZvWj?4xM*g2^9q})fkWn07Sxitw_^8phLA`8cEG<1MZg2h=wv)M3D<j{|L
z5){P~;D!Py0CFA(S8!paZzf2w7y!Vc8p(EYEGvbRJ4%OB5j{ZKHvMKiM>-OTd&DX;
z+j_ck?C0>kyKN2WZvJkYouLm%p&72_Z|w`}5!<$J$%IUe!>9|8GVB<KEcH;X_m{%W
zu7C>iP1OfH2%#RMv(=`itr`y|*<iqc>UOWjahk-_I3Ox7_=uW!AL1`HD{%3)X4Z4c
l&l{?>gz%tke#%>i9bGt>fK<FCZ}fKXxaZN-89PfVD9`*Nyq5p~

diff --git a/occupi-backend/configs/dev.deployed.yaml.gpg b/occupi-backend/configs/dev.deployed.yaml.gpg
index 6f65e4d4ce19e96364e732478df0df9fe699609e..fc434a5ff7edb7def7478f008afa41cd316e1dc4 100644
GIT binary patch
literal 1015
zcmV<T0|@+#4Fm}T0wMi#v#>vN(f`uv0rCJyFNS@+dACJZ+89l?P`<=l+fc|8MI}i9
za3jJtwa8_o+hP8#T=HfmDprniDC$Y*nM0$;7aH(=tp1WtBQ|ilUGGq{pE;Dk`NH90
zA+00nbhrA9|GDto>Vq!w{q8m_j}J@DVDJdsqA%7T5A<J6CH~@1<y4;+D9^BJnTs%U
zfJck-;my2kicYGE)-e-#iXA2Dk2Hq&ZjF2jtq_Zw^MOtH;>??x3C&;sWU2@Z2Pl<m
zn4t5GT2b~^04Fmav5#dh#gSb!z%WhCRyXyAqf*aI+(oGiQ;VS+#4OrNtz$U#XbI%U
z{pc~-RcL4N!u_RNq}Hi(YuBoc9JlfQ=U-fne}`3{TpT}nRXBipSYQ_Z#22PwgQkPH
z@d%%}MWNe74{tK*&*&~W1NH>D=nLm-RFCjpXenm?YLDuHchGv!l#|RVnfem2DH)Q*
zyvMdTd0ZVgI8hrE-Sb%kkS#L$!Z-l$%8&8Ni=>u~!+x;jSQA$~0TNj&&5y_^BDp$2
z(<vB5>Zh8dVs2~bO$qrnJdeGe!GasKP>gHEPM_P}qV=egNuFaFsuL=ULHV<3ta`j`
z`T$}*^{$T=F7q{>`AH^fdCM=tF#Ra$FEyehtEJsK>9PbV9%0e-(`ka$tF1H}-}k^v
zmfHqqoz$cpCi!J89r2lA!6XBNWxr*AVWb50?&@ntUldwQh8{rsNZMekz!Ms!)5%i|
z1@5I*Q1lb+-;Kb;+iZt}EO9BP#2Q~Go~aD6h>P?ds$xp*x|jkK!LoVIS!$yDV)MVY
z5aF2e_YH*eL1ZvXrfd84-!iMw<TyrGQAtwB-qY1$Sp-HUGQ}Hchd@c4^Ouguu&U?i
zKaB5N@A3puI$6R-09-B^-<ykNrg=S6?M}7?!AF%IxN@pQGDM~!@%|cS&YsHZ9aUys
z8bKiiz4w9C%M6jv;`MBYh?9@9L@`mdnEsuZx?7GmN{ad2JA4w|6afkr@{Pe!@^RT{
z8fV2aV1RM~B%CemrJ$mW6y<|EyeS_0<dB8f6h$LuLR9aRk%>>RTNNcu9jRBjrYw=z
zXyDGtsf<uR&Yg$hnu(?X$!Vc;mX;ap990^D@}?c;DpozJOl?c0DKQk@2yu@`MFzpw
z7VfVfMWdRcxu{ZM9*o7y6u#aBJmcyLx&X<$KI<+BW*qs?%v*lV&x1vsc>z!b8@U5T
z<Wi|@NT6XA*hV-qqm*_SXVlDqLYqAKW<aBP!gME$)h>|`gw(P|l^TEdqqPMqun$-@
lYRbKQL{QDmZ~lX+H=U?k>=6%MLL&tJoT&HbJ8No8_d*1A`q=;g

literal 1012
zcmV<Q0}K3&4Fm}T0xpgBV}$p!H2>1+0Uk|%EhXE4w5@9Pa9o$A@~#i+dVBR;Gl{BD
ztfNI-JMY8(ojNE1Na8)c-M)YC@<MX8VU!U7Eys`;{jyhs_s6@u;eLGg?7yDMM7xf6
zhdv6!#PyDIx{adl-g+u08^2>~%{i&JjZ^9D^=2%uxh3ldBLjUc6D?DbT2sFkA^Km)
zYnMGdam)B?8?@P_#x>Sg(Bj8-d}Ma9fjVnND_b}M#o?Qk!F{CDc<=;1SyKB7`W?Mw
zn>RZTY^{v2rJRHe(iIz6NfH~&=Yf1B4yl<$9cqS+$c1jI>3a4!iAV37A$Px%_5Glr
z1_<VOObi+@mvC@Vz_Oz}p$<`VLy$i++Ax`%ejBk<1{!~H5IxaF7s2T}B_?QChWden
zaTKO6Y+GOAKO2Q;)C_j#&t7PS==(jTe^A*_adD?oC=Jq*Nz@OP8K2dB&Q|v0N>600
z?oFavWrFP_^Bj4odRgP9%8&}aYAhemGlsmP=wNBzx1S|_W8BV1?-GKvEJqp{88s02
z-v}M<WG`Xy5jHbNUfowm6uWuGXgyH7^q0WTQeOB--oy@|$)7|OSEC(2Dqnw8(_ahr
zMBPY|=FU{oXya;rzZH&Cxp+XC<PFBjsX3M$D+F?;w<l?bmJ<PrKCHk+JrSsr+D5t>
zgs=nlQHl<z_XoL{A7Dvg!6AFW33pMi8-rK3bJq|W%$Y|Fogr>B25t9*p`jqHI}r7%
zo(B7PI0m=NF#U>86Xd<K#Iy`wLHbZD2gmKdP1GEaH$9qM&{~mjj(t~wBlV**D`1lJ
z-SEy#1eO^k6VloQIaGHnV$Z`hNLr~B`_a{+UB|;D;$!;#w!NLnK9rRuir9m`yG=n(
zD6qP)RZHvr$kbmh=pGaXnUW~bKsyOgwdE};GU0uQPa|&`WNnrL;&tFn?v<f7SkiBG
zH*ZMy$rIW?XR4lWdV}*xw`<0f;Q(NzSKYfa0POyb{B64}8w)^F>oA}a;$TfRh@4FB
z&X{ksVI;770iWhQMXuU;bQ@x+DWy@GKUZRhi04@5^SIi|8vW#w5D|$!Pd1@F!mv+_
z^|nY`^{?homSq&nyENAs&QQ9$!D5;;HCWm%2TdMpK+xwv?!w#zfqxH;@shP=L?{wT
zSNms7t!=az;DwQBwu%>PR7r582D&4-s)@}c%=zDIMCd*lflpROTbtjQ%tdYK;R?^c
z8J&pmm=GIUX~C#HddBUW!Ao7E=r2lo>^4O;M@zY=_pIUR{cqwOtiFHJH-*MmcJZ#s
ivVG9;=|I5uM9L1(@b^zJgr#tws%Q4O2RZ%|gxjY+5B4np

diff --git a/occupi-backend/configs/dev.localhost.yaml.gpg b/occupi-backend/configs/dev.localhost.yaml.gpg
index f0d357cecd97e9fa0d0a56fcdfa09486a85d0b59..76f700f876fd429ccefe5e6ccad3275482211d63 100644
GIT binary patch
literal 940
zcmV;d15^Br4Fm}T0%bf0puHl%KmXF{0o3Q8O!-M2rjth{oGBCXIkni>{u3LyjX_a)
zEXqqS?xSVM<(lRkoyoXGYSb{A3x(ThjFIrKc>$rJqUDYTjR7weDPrBLp@gsbXX}wZ
zl%i`RvQyXmOL&^j(=f@K(t_)PST@xw6aWSX;tf;Y@qICD$RcU>40(-{E=n$lZ3-5g
ziR?R>tTmeMUaR<N23hT_L0yMJ1s9{SZQFD$$ixYoRE(g)j1Gn6M(hP?FWY7F>E}&B
z_1c%fi5rylg%r;74NuiwP&dM;P=h^OpuJDP>dKs_sW7GopxS}Ns50Ax8YAvPa=W4-
zr{rqw^LN9qX1aKAl5r51x$FfCvaXH9j6qjYJmA%~_x;d9-iA4drdyhhCUqiKfl7D5
zXl*DWP;%sYDz#v^FdPgeGCL!bZJr3JJyv&5!ytvbll^H6Uy>4e9|Np#Wfv&G=Q80t
zN76l<0{Tm4O|mm~)3Xkw=Fz+!m2Gh}Y&Evhuxj5<B5}5Vsm>NxsMS~!m+)T+s)CKY
zK6xR~lspetJ2Em)i#W=*c?JJ~gSAJ0#X!rANyf}UHJ^AS_MZZ6DXz~hcdW9WQB(9h
zU6-3*!NRp3^NixfnORNK%ewFC$(yoR%oY*4FRfnmUOyi+f4<MQ^}%PdR!B6rh_bJo
zVv&Rw(8QjQUHGaBtoiS^z}ej{`IZmlC5r8JVKiK`y=BXHL0u9v7?(59Br3g*f=^S|
z2+P54KwSF@9rJmUujEE6l#Cyf$!R7y#nlX*c@OT<9cF!caNGl1!)fN~*`8$-aa<}k
zfydt80S{$Vv0$Wy+cGd}MU0P;B<bA>>|+|~zLe8ld<rSA$JB6i^#}#RHH<h%+ua5*
zd8>URjZ=$H@Yr+?qovW57aP}Iq8W*+a#?{Pf#Dt{`y1hTAc;Na48NWBm<-s_U2CYF
zTn4Io%dP~(Ed}DMiGRR5Ex~Gy$oIeg2X*p3AcVz?TV5|Sgcj0i*agAG8}BXyUBnA1
zcUK7BZ{UTE)KRZRP{an0apJMIz4qZbiJ^ITJ~kvYo9eBB|72+j+WinUb%!!%YBLiT
z8N&7^Czc36Jyi6}b3p}V7*I`Q%H&Kv0-i@e>vF;|J3<fnWQ=?A{5Ef(Y-KP`Oaw&E
zlqi2u-Bk@fc7;qY;w_-9Mbl!HC{xgCCr?6Xj(Kh(N-fSEECzJQ?dnTFkQqSgpJdWE
O`IKd(pwVV9zlFTdg353J

literal 936
zcmV;Z16TZv4Fm}T0ul5QHn@~8#sAXj0Ub{$cS(RRV>qpK=U${X3(bpsV4}grj#yx}
z?2HGWId`N2o|p;0cRIgrh%?2Nuoy--b`n~rx?#-0d3YvaZ#`0t+CIDCEJI^eCX*}V
zbh>@(hz3cY7=z5(diA2;&<v#AOsCMY?>%fgpmSoB@FH?nP&(58Vm5+ON(%m-l?+Bq
zWxl^T2FolU)h!{hZq|At%%!I2981bGUSkIfhyV$M%QJWtZsZ~|sc|AoXX1sgoDvcn
zp!hS)N6kdWIa;J68XU|tcG<iFz~IQA@_sW#uD3m-&;Qo97)Wki^PZWA0k5%*Ri0rC
z_#w%zut$s8Id^#Z^qh%s85nz@PZQ`LZ_N7|m(}sD-<0hg0bRm7LfktPj7)CW8}A_Q
zTv^PV9!Pc@`w05@IMmfDqT=`BL8h+%?uGpyJUV8P=M7Z;-#lzAATx85HfGy|Q|%2W
zmq<Jw$o^IkvP!oS!zl+1oTqv~H?2373iyamDmyG-w6AjJM{(q0kHb2$(PcK5^Oz(=
z!-ghf&h+v%xr^p8&3n(qaRw0Lou*=T{cGg``bkS(6&Y{`K`>Iclu>=tf(vus*$ZIj
zJbOaBrt7X1DKO&dXbyzMr@v7>8j5lW$1^dmSF^p)BQv=b2A(B!M&DS4ax?>pSHQ4e
z3zLQGpp!(C1BkVrUXfHTz}3!O6tZ!@H{fEJ4c)CviFuVx{g?ph!2>%#6MZD`H8072
zt{aSVg0hVO5Ft7!{Tk-;-Af)_GOfu{fd!s8__)E4_{^9?EV61V8tUbxB<8oSz~xbY
zXK1b#(qe#DN~eaZ(_WTg#31))Z^m!tC^VO{T-af_mV7m{@qA4T3XQo^RZiweTtql%
z@isgtLg4~Qw$v%-=G|B&Yu|w5xjU=M?e4Y4@gki+EMhpb1sU_d0}{$#!g-ga`MqAj
zJPOVh(3LEUFs<CG(VF%^y;J8rx7#m|-Sl6XW~FT&+9&NtF*!YdB+fh|<VSwum*W;f
z37JQZA%jP|@^*-N?-vz?^LBGFpIef3@SFmAlrnIhWx(<I6fk?gSl`vR+KOS!s<f;m
zK{kY5=PEIKPDBp3(Y_U_G)6bpTsCj>_g1U4m*QI;FQ`OX=%+vo@%N6H9cxI1rWa``
zD1)Aw9E16YO&wZS8MgE-l+APO7a$;=9{isB%QUQ{Ps^20i|}ovH7zn)K+Z`g7$(;Y
KiYVL-p~V*%3&kw}

diff --git a/occupi-backend/configs/prod.yaml.gpg b/occupi-backend/configs/prod.yaml.gpg
index 0f92962121d57012fb5081a4c3b22b9a093b6327..ff00db755d7d935ad41ce5e516ff52a471ad7bac 100644
GIT binary patch
literal 1009
zcmV<N0}lL*4Fm}T0<J9D^?upn{{PbH0i`a=bq{n`S^QH8YwitK-ht}O6EK{42@B25
zk;J`%5Y9*tyK5XzmZ<T&47o)k#K|5MmZ*5m(Qir;UvvUB0P7P}kVRrs^|DxI)UQtT
z>n+it!DtO=wO@jmju#S3-SU=I?cN}jG&L$)3T{YWs5#|NxIe)A;fH~b?5yBM#bq8I
zqqpj9je6IM*4Qs9h$7tzw}$rHQinihqf3aJ@7R^IJ@a5dkfrqQ%ZRHT+_nVKB4T0<
zbUJ%=2SMlk^Z=DJ%vZ$Eq^|hX2JSOgcmFoU7QtVIGZ(xnaBo17*9|?FMk%9?puw~G
z{m^J0jpT*#G5W+*!~5U-?wH+xx-4VFp<iXzQ!Yj92ZGq=&F4+me2KpoNojyz61aNL
zu+DeCCUe^O#WcbuDB?2hX!P+i5@P8z(eVAY^ja5!$PXByk}hp>;r6N7=NK-WTxj~V
zA|GYTW0Km!j$2M4WL|iS3(*OGLJjza{oQJ+zGC;xdF1nFuzyh=hlPq|gW^|8K-<54
zc3M8S;d5L`&Xwso{it+G%en8qrgbue8y895I#3C@K`r@(NF3OX^oW`<TNNd>1YV*Q
zmyNI={Ja3=1w#4AH$Ve+6>h0RvkKGF(Pj!6&9u34b+Xk|Jg(IpiSJr3rji{wIfQf~
ztU6i87`{EeXgb^4pM<g9!5+ypnn2AFp7cx4P_sIGkY>gyc^W8!xVteEWI=_siBTWg
z(nBYqm)1<a$8Snb*A)GhmZtu}<z<5TfA%n2^}8YQKTY>l7f&QcJTuNBfMZTk6g|?g
za58&IvBmJtP|a>N!lq(T;Yq}lY;dwYeSFY&kwas?F0DMnj<Wb7U!*+fbLPA*DVvzg
z&N2zm3Rxlm_E4tjmz~K;>?Hp%3xH3M)k~~e?SZo8X=k;=lq@iE!@=j%R;^S7;c49b
z4oNRA9NEDzAsefdfB_&24n4#_9#jqmV!)>E{c?btnaE-FXoF=i`gLFU8r=DP61N;T
zQw#a5j$=X+2>@V|`zwRyYj!bAR$(GXWA9&#AZgTWt63ibm|S`3xz*^W28`>m4YGr<
z<P(w1?jUW@Clx5+O%U~w3~i?lKd`I(`{d2pWae_|wxGG)<2f$rXjH&c6yP~Vx0RL1
zbzn4^q<e!?(cYsa!oX37;3r%SogEo+OlDP~jbMo0Er)wdEg7V9sYB*GZ?D`${=+7X
z4C;QwJj=uu90`Q$*W^Lig+e9;c$bm=w3DBb^XW<#XdB%6XgDYnM|84VodP@?0~3wY
fFdOV-BA#zYoN0%*&qIjH`ENsR%)k~ez<26B#Dn}*

literal 1004
zcmV<I0~7p=4Fm}T0zJph`;7uW2>;UQ0UPcIj{B7mmLIKgh)-E42ZMDlL<+)LU$2|-
zZRT@Y=0qD!sU!9*W3|FFF4q}`G*Faq!`xw>I7m^KH4Un-G!3i$RX^<Si};En@_`yq
zRmos+!HWNp>$TEJ;wU~zuz5|E)5*#pI;Kjv#4e^j>dN*<cATTTfOs%wY4&ofumpw6
z19lpQd|)U%znSLi)B63R>ta)m*T>2Y{ii#02tWQH<nO{w{r_i{*rz$%`SY-u*bDYp
zueDFpvCQuY-L7~Pi05KG5{?$VAxSTUlSz+*IL5Js&#1yO(HPJc)=kvt$)d&8%m~?R
zuYdv&os$I@l61^-w#~TV{FAKiV;cG3D38BfQJQSA()B&V39X`<7rpI4%$%=T>K=15
zD7PY$c792u_rwrZ8_$C*zo?SF7d+j)zb4kVhcwsqDF*)RyL8As)K5Rmn$DMuvI!Xg
zpT30yb@{Qn@>;AP&zvc^*gCRd*4Pr<f%o{<@)tR{N;=G()oQwSNL__u&jS6s4h!y4
z30QN_J!dPX@e3S21(32H%i10mV|62IIW9p0f#}uytm7ey3vS+e!0;?MI${(aEFcNT
zK7yQ5Ae+66_pe~fDXm$cZdtH8zvUaT=Zh|fg<{rdpZnB@R2nTvf6Wx{$K2M`)|jqc
zMUZ>oM6!Y;mbz)fc7YHW!5MCuklacQz2bU>Ul{wSv$JgtkfQ$Um7BlEHvKCeTGeVl
z3NeBL^_AYvstOB2@l*#G?k6Sa)B^IWT4Zooq7=#zz}h2uqA9+~iaRXA4S?)qXAX6U
zq)eHkzXEHfCZ1AV?WqNC8#~1ZHs&ez+tQQCkGAM!T*FIJK`e9Tq1fzBT{EX~(NC);
zx)dIs8MN054#YG9i>`4iGd{~LMD0J=sv!hdTWD9;B!zgds*x_H=sq45AX{(>M;CU>
zJPm$Ny~)PJty0@b%uqYsPNFInHpt;r4It4Upna)pzp_BIxiA<x<on*Vs`YbNZ53nG
zx3`}~32zlfu;-xK{_<FVe6p{I@Wk5m-Fv>!_*qdUncm*@;1^{=j^V6kz-lTFNcgHe
zW{<@7$U)Jw<{|6~jRbnz>%B2T?iXR$y2NqT=~6~>!x@eI<Uiu!TM$NH2g@QVl3?ET
zB<ZxUNgTc`Yp9yN<6Dib7~JR-#1pmg%%b7NK|h-M+TD;!JECQdrWPGg1QoWWGh!!t
zwng?hGjH@ww}Wpq7|~}DDhOJRh;q^QZy~x(dCkDq{D25MXSNHfR?lK(@w2iZcPWW{
aoBHthnon9RfC0B^wc??s8J-5DH$%V9a{m|r

diff --git a/occupi-backend/configs/test.yaml.gpg b/occupi-backend/configs/test.yaml.gpg
index 31baf76540d3241cfc43ae733885c8af25d59924..6c30f72bbee3c87a1f74d00aa8d4c4dec79ce982 100644
GIT binary patch
literal 867
zcmV-p1DyPf4Fm}T0s&yvobs_+-v83+0op0|y50YrDKJO1|J?YN`}?zQ3tt%V2QkQ0
z?`MbQmPg@V2@Qfd4|QY_Ahvbk>d&?&-%}7o=p(lhm`>*~Y5Ihob8(jGJs&8Q5i=q?
z7hm7FCfZxkdx)yS&0yK6&}IW%w;f<$BE}`oS2ShzQ>U2`*FB{sTDe_<!O7MR3wrF=
zjHO)PZ98@l-QL+w=~{TnEAJ>o!4u|OY_h-qq19fK8cb3j6ra~5qvqH$W@J(2HEPvq
zqD!wGg4^vUg%`33fYXPg1sQ^BqFZL>446PmL;?!`(_X)J=tEwRa_WwzoJ0MNMF;x*
zKdL_GAmq>Tsyg7XL=OGk%Pg0Bjj0VRbXi>>C9Rh3fk9D_n;^VC#eJ;`xWjqSh?}vz
z)IoYwxdv{D1h4N4V52cb*Q{l3_-Ie^fT}_%veB_A^!rfvMTk5T?^HWM6r*U#1cGHV
zV0%5lN6%RyIdrQuoPKpDI>)rVkUx(+d6DllQiwnh2(8o86Uo_bYV{T)?%UK<T3S^{
zJJzmOeK6a1jnj8MA(aRi4dy^F^GeXo5gK-#Vt(T+p*`9e42z$vsjG%(tIDt&ZHUH`
zG_LbhQ=|oa@;7dvMt=vZWP!7#N4M<&&QQOFxB4MSl2p<`9CnXx5E(MdaOlOHR*PAv
z0SfR~3X(yBeXJkaI>b`!z>s4<0YT1UZh>zI8(O&iwKk~SR4ZYx@e8q>G~5n;F=NO|
zJ1Rh1o4&%<kx=HIl-}n&%28J|<mQBqX`n4H#MCCVqx@>BazgR{8N!Wu_Ov3|5~xNE
zg?<T&_FQ{H)(VM2&~|KW+A7u9DmF%W_%hY2OhD55>6vrUwDlex@p}kKUWL;Bl6qcD
zpu>ZfK^iw&O5)<_yq!blG?*F%7p?pHa2t|hv+VxUBbTNM$8sWUwScWYkcSetcF}IX
zx!f24utW;Q%RJzq8{v7mDtt9s%U1@T@8>i308o-`j<-ut-ti9V@^qv<X3oZ+{5>Ok
zR!YnIuHtskpvo)l>FFVQJ8z^&t4R2rnUaMDfh5lv21UVU>N&sAm6E+bRs!7}i2I+X
tEEBnE+k#^lObxf6@EQzoh@1VwhdCVfSzECJt-zI9J)?dok9W`-qedj)uyp_c

literal 863
zcmV-l1EBnj4Fm}T0-x&SELr&@0{_zK0r}%M1CN6NFHO0N2C$IK%V2;?ybaJpDR#d+
z!C!Z58wt&Y|3JDOZ}6GH7+8f<!uX^%p6!8jrcRAe{X)C9Fmtxh8v|#kdom0e_)dC8
z;irvI6`<akPP{L6kfH$J#)3TsT2!4<>0V)O9=X}~eaqnZuS<>=Nc!$;@XFW8e;>F=
zwOjQ^kkj=a6R&NgLqgWVUWh7nro#rPOz20Je#az)(4QaY-+y0gu3fnwZ07^8y-pO1
z7O<krF|>cli!dk?S@GIq9Tty8<z~=oXPU>{U#Vx;#B!rr<8%)}3Umt%xQlh~=)mC|
zqaFFgyR#Q<UZRUw5_h|^RmW=0lZKqQWJ{+Bch?E{Oay^g{NsQ0J-F~yBICBpFO!DF
z*+vN1dn$4v3fXKfWK2yd=>UV#5_aBHUf5$dYZCqQ-3~SiKb*#%*V1EHIK!EIqlDId
zC68NkC2^r^mX5i0cO{?tvnBc`+~+Mr_<AgW$Z+`D!l+hjXwTdcgx7WzOUrm@`Ptdb
z%{?>dTz%@(B~RQeLmia3^alIm#wKMcvYB!fHrA((608`3&)s@!^+09zfCKJ6gagfK
zlv*OOdT4yMw8DxX%5fmAXXk$7u(eDAgstTl^AM<;1066hjr<<iwVb>bCgQ~zCu4k1
z%cD`QZBPAA&4oSY_bgg5z>IXN3TcLLg~GMeF$)Us#YT2)ht+u@u12_AqOv5aMW*(0
zzj^&zgnb7-aZ7Lry$KZ@pubcPh7dTF-R7A(SxMR6V?!v>Ih@O?yAmGoHp3MoMbL{G
zE^f9zgoDyj{{2gHTbM+Ny}YzRx-`BPeIe=OLnOqt^-LD0X#{|axS|2z<~<T~fU+qs
z+@4MR;b2I?4QEWIVF%J!{yS@kt*qPEkd%CHvA)oj{2;Z%!2BDo`0&Qe=)vOww*V9p
znC)xUWX)ldsMgB<koB6MD}St~8!?D^kXgP@d|jLiOmmrXvBpDr##eHtICSjVKVD`%
zFv97Sxdy+e7>u^oMpj@vAPGJJ-uZ}IcI1HC?g*SfggX^zECK}2M>XgEmeC1zikp1m
p73Z-RxHnV&NhV3uXdX<h-iz@5xi$i|0zO(bImzWWN2KWU5CFTkvIGDC


From 69ad300a12aeca642d87c7553dc17f7743b29f8d Mon Sep 17 00:00:00 2001
From: Michael-u21546551 <u21546551@tuks.co.za>
Date: Mon, 5 Aug 2024 12:00:29 +0200
Subject: [PATCH 20/20] chore: Update InputBox component and LoginForm to allow
 usage of password manager

---
 .../src/components/InputBox/InputBox.tsx        |  6 ++++--
 .../occupi-web/src/pages/Login/LoginForm.tsx    | 17 +++++++++++++----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/frontend/occupi-web/src/components/InputBox/InputBox.tsx b/frontend/occupi-web/src/components/InputBox/InputBox.tsx
index d91303d4..1787cb00 100644
--- a/frontend/occupi-web/src/components/InputBox/InputBox.tsx
+++ b/frontend/occupi-web/src/components/InputBox/InputBox.tsx
@@ -10,7 +10,7 @@ type InputBoxProps = {
 const email_regex = /^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/; // Email regex
 const password_regex = /^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}$/; // Minimum eight characters, at least one uppercase letter, one lowercase letter and one number
 
-const InbutBox = (props: InputBoxProps) => {
+const InputBox = (props: InputBoxProps) => {
     const [err, setError] = useState("");
 
     function validateInput(e: React.ChangeEvent<HTMLInputElement>){
@@ -44,12 +44,14 @@ const InbutBox = (props: InputBoxProps) => {
             </div>
             <input
                 type={props.type}
+                autoComplete={props.type === "email" ? "username" : "current-password" } 
                 placeholder={props.placeholder}
                 onChange={validateInput}
                 className={"w-full h-[50px] rounded-[15px] bg-secondary p-[8px]" + (err !== "" ? " border-[2px] border-red_salmon" : "")}
+                required={props.type === "email" ? true : false}
             />
         </div>
     )
 }
 
-export default InbutBox
\ No newline at end of file
+export default InputBox
\ No newline at end of file
diff --git a/frontend/occupi-web/src/pages/Login/LoginForm.tsx b/frontend/occupi-web/src/pages/Login/LoginForm.tsx
index c2fd9873..6a2d126a 100644
--- a/frontend/occupi-web/src/pages/Login/LoginForm.tsx
+++ b/frontend/occupi-web/src/pages/Login/LoginForm.tsx
@@ -20,7 +20,8 @@ const LoginForm = (): JSX.Element => {
   const [error, setError] = useState<string>("");
   const [, setRequiresOtp] = useState(false);
 
-  const handleLogin = async () => {
+  const handleLogin = async (e: React.FormEvent<HTMLFormElement>) => {
+    e.preventDefault();
     setIsLoading(true);
     setError("");
 
@@ -101,6 +102,8 @@ const LoginForm = (): JSX.Element => {
     }
   };
 
+  const clickSubmit = () => { document.getElementById("LoginFormSubmitButton")?.click(); }
+
   return (
     <div className="flex flex-col lg:flex-row justify-center items-center min-h-screen p-4">
       <div className="w-full lg:w-1/2 flex justify-center items-center mb-8 lg:mb-0 p-4">
@@ -108,7 +111,7 @@ const LoginForm = (): JSX.Element => {
           <img className="w-full h-full object-contain" src={loginpng} alt="welcomes" />
         </div>
       </div>
-      <div className="w-full lg:w-1/2 max-w-md px-4 flex flex-col items-center">
+      <form className="w-full lg:w-1/2 max-w-md px-4 flex flex-col items-center" onSubmit={handleLogin}>
         <div className="w-24 h-24 mb-6">
           <OccupiLogo />
         </div>
@@ -143,14 +146,20 @@ const LoginForm = (): JSX.Element => {
         {error && <p className="text-red-500 mt-2">{error}</p>}
 
         <div className="mt-5 w-full">
-          <GradientButton isLoading={isloading} Text="Login" isClickable={form.valid_email} clickEvent={handleLogin}/>
+          <GradientButton isLoading={isloading} Text="Login" isClickable={form.valid_email} clickEvent={clickSubmit}/>
         </div>
 
+        {/**This is a hidden button that is clicked when the user clicks the login button
+         * This allows us to take advantage of password managers that automatically fill in the form
+         * so don't mistakenly remove it thinking it's not needed
+         */}
+        <button type="submit" id="LoginFormSubmitButton" className="hidden"></button>
+
         <div className="flex items-center justify-center mt-5 mb-5">
           <p className="text-text_col">New to occupi?</p>
           <p className="ml-2 text-text_col_green_leaf cursor-pointer">Learn more</p>
         </div>
-      </div>
+      </form>
     </div>
   );
 };