def update_test_results_consent(dataset):
# to check if there is testResultsConsent and update modified date
try:
currenttime = otherutils.get_current_time_utc()
testresultsconsent = TestResultsConsent()
testresultsconsent.set_consent_provided(dataset.testResultsConsent['consentProvided'])
testresultsconsent.set_date_modified(currenttime)
dataset.set_test_results_consent(testresultsconsent)
except:
pass
return dataset
def post():
is_new_install = True
# check if uuid is in there otherwise it is either a first installation
try:
in_json = request.get_json()
non_pii_uuid = in_json["uuid"]
# even if there is non_pii_uuid is in the input json, it could be a new one
# check if the dataset is existing with given uuid
dataset = mongoutils.get_non_pii_dataset_from_field(
cfg.FIELD_PROFILE_UUID, non_pii_uuid)
if dataset is not None:
is_new_install = False
msg = {
"reason":
"UUID in input json already exists in the database: " +
str(non_pii_uuid),
"error":
"Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("Profile", "POST", msg)
logging.error("POST " + json.dumps(json.loads(msg_json)))
return rs_handlers.bad_request(msg)
except:
pass
if is_new_install:
# new installation of the app
currenttime = otherutils.get_current_time_utc()
non_pii_dataset = NonPiiData('')
non_pii_uuid = str(uuidlib.uuid4())
non_pii_dataset.set_uuid(non_pii_uuid)
non_pii_dataset.set_creation_date(currenttime)
non_pii_dataset.set_last_modified_date(currenttime)
dataset, id = mongoutils.insert_non_pii_dataset_to_mongodb(
non_pii_dataset)
profile_uuid = dataset["uuid"]
# use this if it needs to return actual dataset
dataset = jsonutils.remove_objectid_from_dataset(dataset)
# out_json = mongoutils.construct_json_from_query_list(dataset)
msg = "new profile with new uuid has been created: " + str(
profile_uuid)
msg_json = jsonutils.create_log_json("Profile", "POST", dataset)
logging.info("POST " + json.dumps(msg_json))
return rs_handlers.return_id(msg, 'uuid', profile_uuid)
def pii_put(pid=None):
# Get ID Token data from global context variable.
auth_resp = g.user_token_data
tk_uin, tk_firstname, tk_lastname, tk_email, tk_phone, tk_is_uin, tk_is_phone = tokenutils.get_data_from_token(
auth_resp)
try:
in_json = request.get_json()
# ToDo following lines are commented out for now
# but it should be used if the email and phone number get updated
# # if there is any phone number or email information in input json, they will be removed
# # since the current policy is not updating the email or phone number
# # until further decision
# try:
# del in_json["uin"]
# except:
# pass
# try:
# del in_json["phone"]
# except:
# pass
except Exception as ex:
msg = {
"reason": "Json format error: " + str(pid),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
# check if the pid is really existing in the database
pii_dataset = mongoutils.get_pii_dataset_from_field(cfg.FIELD_PID, pid)
if pii_dataset == None:
msg = {
"reason": "There is no dataset with given pii uuid: " + str(pid),
"error": "Not Found: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.not_found(msg_json)
creation_date = pii_dataset.get_creation_date()
tmp_dataset = json.loads(json.dumps(pii_dataset.__dict__))
auth_pass = check_id(auth_resp, tmp_dataset)
if not (auth_pass):
msg = {
"reason": "The user info in id token and db are not matching.",
"error": "Authorization Failed."
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return jsonutils.create_auth_fail_message()
# get the current testResultsConset value to see if it is changed
# if changed, update last modified date after updating pii data
consent_provided = None
consent_last_modified = None
try:
consent_provided = pii_dataset.testResultsConsent["consentProvided"]
consent_last_modified = pii_dataset.testResultsConsent["dateModified"]
except:
pass
pii_dataset = datasetutils.update_pii_dataset_from_json(pii_dataset, in_json)
currenttime = otherutils.get_current_time_utc()
# if consentProvided value has been changed, update the last modified date
try:
if consent_provided != pii_dataset.testResultsConsent['consentProvided']:
pii_dataset = update_test_results_consent(pii_dataset)
else: # record the exising modified date that got lost during the json update
pii_dataset.testResultsConsent['dateModified'] = consent_last_modified
except:
pass
pii_dataset.set_last_modified_date(currenttime)
# remove creation date field and pid so doesn't get updated
del pii_dataset.creationDate
del pii_dataset.pid
# update pii_dataset's non_pii_uuid
non_pii_uuid_from_dataset = pii_dataset.get_uuid()
try:
non_pii_uuid = in_json[cfg.FIELD_PROFILE_UUID]
# both non_pii_uuid and non_pii_uuid_from_dataset should be list
if (type(non_pii_uuid) is not list) or (type(non_pii_uuid_from_dataset) is not list):
msg = {
"reason": "The uuid information is not a list.",
"error": "Json format error."
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
pii_dataset.set_uuid(non_pii_uuid)
# # the following lines can be used for item to item comparison and append when it is needed
# for i in range(len(non_pii_uuid)):
# pii_dataset = append_non_pii_uuid(non_pii_uuid[i], non_pii_uuid_from_dataset, pii_dataset)
except:
pass
# update dataset from id token info. Currently, only UIN and phone number are considered verified information and hence gets precedence through ID Token validation / parsing.
# if tk_firstname is not None:
# pii_dataset.set_firstname(tk_firstname)
# if tk_lastname is not None:
# pii_dataset.set_lastname(tk_lastname)
# if tk_email is not None:
# pii_dataset.set_email(tk_email)
if tk_phone is not None:
pii_dataset.set_phone(tk_phone)
if tk_uin is not None:
pii_dataset.set_uin(tk_uin)
result, pii_dataset = mongoutils.update_pii_dataset_in_mongo_by_field(cfg.FIELD_PID, pid,
pii_dataset)
if result is None:
msg = {
"reason": "Failed to update non pii uuid into pii dataset: " + str(pid),
"error": "Not Implemented: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "PUT", msg)
logging.error("PII PUT " + json.dumps(msg_json))
return rs_handlers.not_implemented(msg_json)
# add pid and original creation date to dataset for output json
try:
pii_dataset["pid"] = pid
pii_dataset["creationDate"] = creation_date
except:
pass
pii_dataset = jsonutils.remove_file_descriptor_from_dataset(pii_dataset)
out_json = mongoutils.construct_json_from_query_list(pii_dataset)
msg_json = jsonutils.create_log_json("PII", "PUT", jsonutils.remove_objectid_from_dataset(pii_dataset), 'pii')
logging.info("PII PUT " + json.dumps(msg_json))
return out_json
def pii_post():
# msg = {'message': 'POST info for PII:'}
# resp = jsonify(msg)
# resp.status_code = 200
# logging.debug("POST " + json.dumps(msg))
#
# return resp
# Get ID Token data from global context variable.
auth_resp = g.user_token_data
tk_uin, tk_firstname, tk_lastname, tk_email, tk_phone, tk_is_uin, tk_is_phone = tokenutils.get_data_from_token(
auth_resp)
is_new_entry = False
# Todo following variable should be revived if the email or phone number can get updated
# auth_pass = False
try:
in_json = request.get_json()
except Exception as ex:
msg = {
"reason": "Json format error.",
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "POST", msg)
logging.error("PII POST " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
# get uuid, if failed it is a bad request
try:
non_pii_uuid = in_json[cfg.FIELD_PROFILE_UUID]
if isinstance(non_pii_uuid, list) == False:
# # this is an error routine when it is not a list
# # for now, this should be commented out because the endpoint will accept both string and list
# # after chaning the app only send uuid as a list, following lines should be revived
# msg = {
# "reason": "The uuid information is not a list.",
# "error": "Json format error."
# }
# msg_json = jsonutils.create_log_json("PII", "POST", msg)
# logging.error("PII POST " + json.dumps(msg_json))
# return rs_handlers.bad_request(msg_json)
# if non_pii_uuid is not a list,
# we assume that it is a single string uuid object so convert this to a list with single item
tmp_list = []
tmp_list.append(non_pii_uuid)
non_pii_uuid = tmp_list
except Exception as ex:
msg = {
"reason": "uuid not supplied.",
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "POST", msg)
logging.error("PII POST " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
# get non_pii_uuid value from the list
if len(non_pii_uuid) > 0:
non_pii_uuid = non_pii_uuid[0]
else:
msg = {
"reason": "uuid list is empty.",
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "POST", msg)
logging.error("PII POST " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
# check if it is a new record or existing record
try:
pid = in_json[cfg.FIELD_PID]
dataset = mongoutils.get_pii_dataset_from_field(cfg.FIELD_PROFILE_UUID, pid)
# if it is an existing entry, then check if the information in db matches with the id token
auth_pass = check_auth(dataset, tk_uin, tk_phone, tk_is_uin, tk_is_phone)
except:
dataset = None
is_new_entry = True
# check if the email already exists
if tk_is_uin:
try:
dataset = mongoutils.get_pii_dataset_from_field('uin', tk_uin)
# if there is a dataset, it means that the email is existing in the database
if dataset is not None:
# ToDo Following lines will be commented out due to the following assumption
# that the email in the database doesn't get updated so, no change in email.
# However, if there is email update available, the following part should be revived.
# # check if the id token and db info matches
# if not (auth_pass):
# msg = {
# "reason": "The user info in id token and db are not matching.",
# "error": "Authorization Failed."
# }
# msg_json = jsonutils.create_log_json("PII", "POST", msg)
# self.logger.error("PII POST " + json.dumps(msg_json))
# return jsonutils.create_auth_fail_message()
#
# if not (auth_pass):
# msg = {
# "reason": "The user info in id token and db are not matching.",
# "error": "Authorization Failed."
# }
# msg_json = jsonutils.create_log_json("PII", "POST", msg)
# self.logger.error("PII POST " + json.dumps(msg_json))
# return jsonutils.create_auth_fail_message()
pid = dataset.get_pid()
non_pii_uuid_from_dataset = dataset.uuid
dataset = append_non_pii_uuid(non_pii_uuid, non_pii_uuid_from_dataset, dataset)
currenttime = otherutils.get_current_time_utc()
dataset.set_last_modified_date(currenttime)
result, pii_dataset = mongoutils.update_pii_dataset_in_mongo_by_field(cfg.FIELD_PID, pid, dataset)
msg = {
"reason": "UIN already exists: " + str(pid),
"warning": "UIN already exists: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "POST", msg)
logging.warning("PII POST " + json.dumps(msg_json))
return rs_handlers.return_id('UIN already exists.', 'pid', pid)
except:
return rs_handlers.internal_server_error()
# check if the phonenumber already exists
if tk_is_phone:
try:
dataset = mongoutils.get_pii_dataset_from_field('phone', tk_phone)
# ToDo Following lines will be commented out due to the following assumption
# that the email in the database doesn't get updated so, no change in email.
# However, if there is email update available, the following part should be revived.
# check if the id token and db info matches
# if not (auth_pass):
# auth_pass = self.check_auth(dataset, tk_uin, tk_phone, tk_is_uin, tk_is_phone)
#
# if not (auth_pass):
# msg = {
# "reason": "The user info in id token and db are not matching.",
# "error": "Authorization Failed."
# }
# msg_json = jsonutils.create_log_json("PII", "POST", msg)
# self.logger.error("PII POST " + json.dumps(msg_json))
# return jsonutils.create_auth_fail_message()
if dataset is not None:
pid = dataset.get_pid()
non_pii_uuid_from_dataset = dataset.uuid
dataset = append_non_pii_uuid(non_pii_uuid, non_pii_uuid_from_dataset, dataset)
currenttime = otherutils.get_current_time_utc()
dataset.set_last_modified_date(currenttime)
result, pii_dataset = mongoutils.update_pii_dataset_in_mongo_by_field(cfg.FIELD_PID, pid, dataset)
msg = {
"reason": "Phone number already exists: " + str(pid),
"warning": "Phone number already exists: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "POST", msg)
logging.warning("PII POST " + json.dumps(msg_json))
return rs_handlers.return_id('Phone number already exists.', 'pid', pid)
except:
return rs_handlers.internal_server_error()
if dataset is not None:
is_new_entry = False
pii_dataset = PiiData(in_json)
if is_new_entry:
# insert new pii_dataset
currenttime = otherutils.get_current_time_utc()
pid = str(uuidlib.uuid4())
pii_dataset.set_pid(pid)
non_pii_uuid_from_dataset = []
non_pii_uuid_from_dataset.append(non_pii_uuid)
pii_dataset.set_uuid(non_pii_uuid_from_dataset)
pii_dataset.set_creation_date(currenttime)
pii_dataset.set_last_modified_date(currenttime)
# to check if there is testResultsConsent and update modified date
try:
if in_json["testResultsConsent"]:
pii_dataset = update_test_results_consent(pii_dataset)
except:
pass
# update dataset from id token info. Currently, only UIN and phone number are considered verified information and hence gets precedence through ID Token validation / parsing.
# if tk_firstname is not None:
# pii_dataset.set_firstname(tk_firstname)
# if tk_lastname is not None:
# pii_dataset.set_lastname(tk_lastname)
# if tk_email is not None:
# pii_dataset.set_email(tk_email)
if tk_phone is not None:
pii_dataset.set_phone(tk_phone)
if tk_uin is not None:
pii_dataset.set_uin(tk_uin)
pii_dataset = mongoutils.insert_pii_dataset_to_mongodb(pii_dataset)
if pii_dataset is None:
msg = {
"reason": "Failed to update profile uuid into pii dataset: " + str(pid),
"error": "Not Implemented: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "POST", msg)
logging.error("PII POST " + json.dumps(msg_json))
return rs_handlers.not_implemented(msg_json)
msg = "Pii data has been posted with : " + str(pid)
msg_json = jsonutils.create_log_json("PII", "POST", jsonutils.remove_objectid_from_dataset(pii_dataset), 'pii')
logging.info("PII POST " + json.dumps(msg_json))
return rs_handlers.return_id(msg, 'pid', pid)
else:
msg = {
"reason": "The request is wrong or the entry already exists: " + str(pid),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("PII", "POST", msg)
logging.error("PII POST " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
def core_search(uin=None, phone=None):
if request.headers.get(
"ROKWIRE-CORE-BB-API-KEY") != cfg.ROKWIRE_CORE_BB_API_KEY:
msg = {
"reason": "Unauthorized",
"error": "Unauthorized: " + request.url,
}
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg)
logging.error("CORE PROFILE GET " + json.dumps(msg_json))
return rs_handlers.forbidden(msg_json)
fields = {}
if uin:
fields['uin'] = uin
if phone:
fields['phone'] = phone
if len(fields) == 0:
msg = {
"reason": "Must provide uin or phone",
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg)
logging.error("CORE PROFILE GET " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
if fields != None:
data_list = mongoutils.get_pii_result(fields)
if len(data_list) > 1:
msg = {
"reason": "There is more than 1 pii record: " + str(fields),
"error": "There is more than 1 pii record: " + request.url,
}
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg)
logging.error("CORE PROFILE GET " + json.dumps(msg_json))
return rs_handlers.internal_server_error(msg_json)
if len(data_list) == 0:
msg = {"Not Found": str(fields)}
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg)
logging.info("CORE PROFILE GET " + json.dumps(msg_json))
return mongoutils.construct_json_from_query_list({})
else:
msg = {
"reason": "Invalid search: " + str(fields),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", msg)
logging.error("CORE PROFILE GET " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
data_list = jsonutils.remove_file_descriptor_from_data_list(data_list)
uuid_list = data_list[0].get('uuid')
return_data = {"pii": jsonutils.remove_null_fields(data_list[0])}
if uuid_list != None and len(uuid_list) > 0:
non_pii_data = mongoutils.get_non_pii_query_json_from_field(
cfg.FIELD_PROFILE_UUID, uuid_list[0])
non_pii_data = jsonutils.remove_file_descriptor_from_dataset(
non_pii_data)
non_pii_data = jsonutils.remove_null_subcategory(non_pii_data)
return_data["non_pii"] = jsonutils.remove_null_fields(non_pii_data)
out_json = mongoutils.construct_json_from_query_list(return_data)
msg_json = jsonutils.create_log_json("CORE PROFILE", "GET", return_data)
logging.info("CORE PROFILE GET " + json.dumps(msg_json))
currenttime = otherutils.get_current_time_utc()
mongoutils.update_pii_core_migrate_date(fields, currenttime)
return out_json
def put(uuid=None):
try:
in_json = request.get_json()
except Exception as ex:
msg = {
"reason": "Json format error: " + str(uuid),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
logging.error("PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
# check if the uuid is really existing in the database
non_pii_dataset = mongoutils.get_non_pii_dataset_from_field(
cfg.FIELD_PROFILE_UUID, uuid)
if non_pii_dataset is None:
msg = {
"reason":
"There is no profile dataset with given uuid: " + str(uuid),
"error": "Not Found: " + request.url,
}
msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
logging.error("PUT " + json.dumps(msg_json))
return rs_handlers.not_found(msg_json)
# the level check in in_json should be performed
level_ok, level = otherutils.check_privacy_level(in_json)
if level_ok == False:
msg = {
"reason": "The given privacy level is not correct: " + str(level),
"error": "Bad Request: " + request.url,
}
msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
logging.error("PUT " + json.dumps(msg_json))
return rs_handlers.bad_request(msg_json)
non_pii_dataset, restjson = datasetutils.update_non_pii_dataset_from_json(
non_pii_dataset, in_json)
currenttime = otherutils.get_current_time_utc()
non_pii_dataset.set_last_modified_date(currenttime)
result, non_pii_dataset = mongoutils.update_non_pii_dataset_in_mongo_by_field(
cfg.FIELD_PROFILE_UUID, uuid, non_pii_dataset)
# update the json information that doesn't belong to data schema
if len(restjson) > 0:
result, non_pii_dataset = mongoutils.update_json_with_no_schema(
cfg.FIELD_PROFILE_UUID, uuid, non_pii_dataset, restjson)
if result is None:
msg = {
"reason": "Failed to update Profile dataset: " + str(uuid),
"error": "Not Implemented: " + request.url,
}
msg_json = jsonutils.create_log_json("Profile", "PUT", msg)
logging.error("PUT " + json.dumps(msg_json))
return rs_handlers.not_implemented(msg_json)
non_pii_dataset = jsonutils.remove_file_descriptor_from_dataset(
non_pii_dataset)
out_json = jsonutils.remove_null_subcategory(non_pii_dataset)
msg_json = jsonutils.create_log_json("Profile", "PUT", copy.copy(out_json))
logging.info("PUT " + json.dumps(msg_json))
out_json = mongoutils.construct_json_from_query_list(out_json)
return out_json
