Example #1
0
def upload(OS_API=""):
    """ Entry point to upload GPS, Accelerometer, Audio, PowerState, Calls Log, Texts Log,
    Survey Response, and debugging files to s3.

    Behavior:
    The Beiwe app is supposed to delete the uploaded file if it receives an html 200 response.
    The API returns a 200 response when the file has A) been successfully handled, B) the file it
    has been sent is empty, C) the file did not decrypt properly.  We encountered problems in
    production with incorrectly encrypted files (as well as Android generating "rList" files
    under unknown circumstances) and the app then uploads them.  The source of encryption errors
    is not well understood and could not be tracked down.  In order to salvage partial data the
    server decrypts files to the best of its ability and uploads it to S3.  In order to delete
    these files we still send a 200 response.

    (The above about encryption is awful, in a theoretical version 2.0 the 200 response would be
    replaced with a difference response code to allow for better debugging and less/fewer ... hax.)

    A 400 error means there is something is wrong with the uploaded file or its parameters,
    administrators will be emailed regarding this upload, the event will be logged to the apache
    log.  The app should not delete the file, it should try to upload it again at some point.

    If a 500 error occurs that means there is something wrong server side, administrators will be
    emailed and the event will be logged. The app should not delete the file, it should try to
    upload it again at some point.

    Request format:
    send an http post request to [domain name]/upload, remember to include security
    parameters (see user_authentication for documentation). Provide the contents of the file,
    encrypted (see encryption specification) and properly converted to Base64 encoded text,
    as a request parameter entitled "file".
    Provide the file name in a request parameter entitled "file_name". """
    patient_id = request.values['patient_id']
    user = Participant.objects.get(patient_id=patient_id)

    # Slightly different values for iOS vs Android behavior.
    # Android sends the file data as standard form post parameter (request.values)
    # iOS sends the file as a multipart upload (so ends up in request.files)
    # if neither is found, consider the "body" of the post the file
    # ("body" post is not currently used by any client, only here for completeness)
    if "file" in request.files:
        uploaded_file = request.files['file']
    elif "file" in request.values:
        uploaded_file = request.values['file']
    else:
        uploaded_file = request.data

    if isinstance(uploaded_file, FileStorage):
        uploaded_file = uploaded_file.read()

    file_name = request.values['file_name']
    # print "uploaded file name:", file_name, len(uploaded_file)
    if "crashlog" in file_name.lower():
        send_android_error_report(patient_id, uploaded_file)
        return render_template('blank.html'), 200

    if file_name[:6] == "rList-":
        return render_template('blank.html'), 200

    client_private_key = get_client_private_key(patient_id,
                                                user.study.object_id)
    try:
        uploaded_file = decrypt_device_file(patient_id, uploaded_file,
                                            client_private_key, user)
    except HandledError as e:
        # when decrypting fails, regardless of why, we rely on the decryption code
        # to log it correctly and return 200 OK to get the device to delete the file.
        # We do not want emails on these types of errors, so we use log_error explicitly.
        print("the following error was handled:")
        log_error(e, "%s; %s; %s" % (patient_id, file_name, e.message))
        return render_template('blank.html'), 200
    except OurBase64Error:
        if IS_STAGING:
            print("decryption problems" + "#" * 200)
            print(patient_id)
            print(file_name)
            print(uploaded_file)
        raise
# This is what the decryption failure mode SHOULD be, but we are still identifying the decryption bug
#     except DecryptionKeyInvalidError:
#         return render_template('blank.html'), 200

# print "decryption success:", file_name
# if uploaded data a) actually exists, B) is validly named and typed...
    if uploaded_file and file_name and contains_valid_extension(file_name):
        s3_upload(file_name.replace("_", "/"), uploaded_file,
                  user.study.object_id)
        FileToProcess.append_file_for_processing(file_name.replace("_", "/"),
                                                 user.study.object_id,
                                                 participant=user)
        UploadTracking.objects.create(
            file_path=file_name.replace("_", "/"),
            file_size=len(uploaded_file),
            timestamp=timezone.now(),
            participant=user,
        )
        return render_template('blank.html'), 200
    else:
        error_message = "an upload has failed " + patient_id + ", " + file_name + ", "
        if not uploaded_file:
            # it appears that occasionally the app creates some spurious files
            # with a name like "rList-org.beiwe.app.LoadingActivity"
            error_message += "there was no/an empty file, returning 200 OK so device deletes bad file."
            log_error(Exception("upload error"), error_message)
            return render_template('blank.html'), 200

        elif not file_name:
            error_message += "there was no provided file name, this is an app error."
        elif file_name and not contains_valid_extension(file_name):
            error_message += "contains an invalid extension, it was interpretted as "
            error_message += grab_file_extension(file_name)
        else:
            error_message += "AN UNKNOWN ERROR OCCURRED."

        tags = {"upload_error": "upload error", "user_id": patient_id}
        sentry_client = make_sentry_client('eb', tags)
        sentry_client.captureMessage(error_message)

        # log_and_email_500_error(Exception("upload error"), error_message)
        return abort(400)
Example #2
0
def upload(OS_API=""):
    """ Entry point to upload GPS, Accelerometer, Audio, PowerState, Calls Log, Texts Log,
    Survey Response, and debugging files to s3.

    Behavior:
    The Beiwe app is supposed to delete the uploaded file if it receives an html 200 response.
    The API returns a 200 response when the file has A) been successfully handled, B) the file it
    has been sent is empty, C) the file did not decrypt properly.  We encountered problems in
    production with incorrectly encrypted files (as well as Android generating "rList" files
    under unknown circumstances) and the app then uploads them.  When the device receives a 200
    that is its signal to delete the file.
    When a file is undecryptable (this was tracked to a scenario where the device could not
    create/write an AES encryption key) we send a 200 response to stop that device attempting to
    re-upload the data.
    In the event of a single line being undecryptable (can happen due to io errors on the device)
    we drop only that line (and store the erroring line in an attempt to track it down.

    A 400 error means there is something is wrong with the uploaded file or its parameters,
    administrators will be emailed regarding this upload, the event will be logged to the apache
    log.  The app should not delete the file, it should try to upload it again at some point.

    If a 500 error occurs that means there is something wrong server side, administrators will be
    emailed and the event will be logged. The app should not delete the file, it should try to
    upload it again at some point.

    Request format:
    send an http post request to [domain name]/upload, remember to include security
    parameters (see user_authentication for documentation). Provide the contents of the file,
    encrypted (see encryption specification) and properly converted to Base64 encoded text,
    as a request parameter entitled "file".
    Provide the file name in a request parameter entitled "file_name". """

    # Handle these corner cases first because they requires no database input.
    # Crash logs are from truly ancient versions of the android codebase
    # rList are randomly generated by android
    # PersistedInstallation files come from firebase.
    # todo: stop uploading junk files in the app by putting our files into a folder.
    file_name = request.values.get("file_name", None)
    if (
            not bool(file_name)
            or file_name.startswith("rList")
            or file_name.startswith("PersistedInstallation")
            or not contains_valid_extension(file_name)
    ):
        return render_template('blank.html'), 200

    s3_file_location = file_name.replace("_", "/")
    participant = get_session_participant()

    if participant.unregistered:
        # "Unregistered" participants are blocked from uploading further data.
        # If the participant is unregistered, throw away the data file, but
        # return a 200 "OK" status to the phone so the phone decides it can
        # safely delete the file.
        return render_template('blank.html'), 200

    # block duplicate FTPs.  Testing the upload history is too complex
    if FileToProcess.test_file_path_exists(s3_file_location, participant.study.object_id):
        return render_template('blank.html'), 200

    uploaded_file = get_uploaded_file()
    try:
        uploaded_file = decrypt_device_file(uploaded_file, participant)
    except HandledError:
        return render_template('blank.html'), 200
    except DecryptionKeyInvalidError:
        # when the decryption key is invalid the file is lost.  Nothing we can do.
        # record the event, send the device a 200 so it can clear out the file.
        if REPORT_DECRYPTION_KEY_ERRORS:
            tags = {
                "participant": participant.patient_id,
                "operating system": "ios" if "ios" in request.path.lower() else "android",
                "DecryptionKeyError id": str(DecryptionKeyError.objects.last().id),
                "file_name": file_name,
                "bug_report": DECRYPTION_KEY_ADDITIONAL_MESSAGE,
            }
            sentry_client = make_sentry_client(SentryTypes.elastic_beanstalk, tags)
            sentry_client.captureMessage(DECRYPTION_KEY_ERROR_MESSAGE)
        return render_template('blank.html'), 200

    # if uploaded data actually exists, and has a valid extension
    if uploaded_file and file_name and contains_valid_extension(file_name):
        s3_upload(s3_file_location, uploaded_file, participant.study.object_id)

        # race condition: multiple _concurrent_ uploads with same file path. Behavior without
        # try-except is correct, but we don't care about reporting it. Just send the device a 500
        # error so it skips the file, the followup attempt receives 200 code and deletes the file.
        try:
            FileToProcess.append_file_for_processing(
                s3_file_location, participant.study.object_id, participant=participant
            )
        except ValidationError as e:
            # Real error is a second validation inside e.error_dict["s3_file_path"].
            # Ew; just test for this string instead...
            if S3_FILE_PATH_UNIQUE_CONSTRAINT_ERROR in str(e):
                # this tells the device to just move on to the next file, try again later.
                return abort(500)
            else:
                raise

        UploadTracking.objects.create(
            file_path=s3_file_location,
            file_size=len(uploaded_file),
            timestamp=timezone.now(),
            participant=participant,
        )
        return render_template('blank.html'), 200

    elif not uploaded_file:
        # if the file turns out to be empty, delete it, we simply do not care.
        return render_template('blank.html'), 200
    else:
        return make_upload_error_report(participant.patient_id, file_name)
Example #3
0
def upload(OS_API=""):
    """ Entry point to upload GPS, Accelerometer, Audio, PowerState, Calls Log, Texts Log,
    Survey Response, and debugging files to s3.

    Behavior:
    The Beiwe app is supposed to delete the uploaded file if it receives an html 200 response.
    The API returns a 200 response when the file has A) been successfully handled, B) the file it
    has been sent is empty, C) the file did not decrypt properly.  We encountered problems in
    production with incorrectly encrypted files (as well as Android generating "rList" files
    under unknown circumstances) and the app then uploads them.  When the device receives a 200
    that is its signal to delete the file.
    When a file is undecryptable (this was tracked to a scenario where the device could not
    create/write an AES encryption key) we send a 200 response to stop that device attempting to
    re-upload the data.
    In the event of a single line being undecryptable (can happen due to io errors on the device)
    we drop only that line (and store the erroring line in an attempt to track it down.

    A 400 error means there is something is wrong with the uploaded file or its parameters,
    administrators will be emailed regarding this upload, the event will be logged to the apache
    log.  The app should not delete the file, it should try to upload it again at some point.

    If a 500 error occurs that means there is something wrong server side, administrators will be
    emailed and the event will be logged. The app should not delete the file, it should try to
    upload it again at some point.

    Request format:
    send an http post request to [domain name]/upload, remember to include security
    parameters (see user_authentication for documentation). Provide the contents of the file,
    encrypted (see encryption specification) and properly converted to Base64 encoded text,
    as a request parameter entitled "file".
    Provide the file name in a request parameter entitled "file_name". """
    patient_id = request.values['patient_id']
    user = Participant.objects.get(patient_id=patient_id)

    # first we check to make sure that the participant is currently registered, if not we reject the upload and
    # tell the mobile app to delete it so it will not be resent
    if user.device_id == '':
        error_message = "an upload has failed " + patient_id
        error_message += ". Participant is not registered, returning 200 OK so device deletes bad file."
        log_error(Exception("upload error"), error_message)
        return render_template('blank.html'), 200

    # Slightly different values for iOS vs Android behavior.
    # Android sends the file data as standard form post parameter (request.values)
    # iOS sends the file as a multipart upload (so ends up in request.files)
    # if neither is found, consider the "body" of the post the file
    # ("body" post is not currently used by any client, only here for completeness)
    print('finding file contents')
    if "file" in request.files:
        uploaded_file = request.files['file']
    elif "file" in request.values:
        uploaded_file = request.values['file']
    else:
        uploaded_file = request.data

    if isinstance(uploaded_file, FileStorage):
        print('reading file contents')
        uploaded_file = uploaded_file.read()

    print('finding file name')
    if 'file_name' in request.values and request.values['file_name']:
        file_name = request.values['file_name']
    else:
        error_message = "an upload has failed " + patient_id
        error_message += ". Request did not include a file_name."
        log_error(Exception("upload error"), error_message)
        return render_template('blank.html'), 200
    print('filename is {0}'.format(file_name))

    if "crashlog" in file_name.lower():
        send_android_error_report(patient_id, uploaded_file)
        return render_template('blank.html'), 200

    if file_name[:6] == "rList-":
        return render_template('blank.html'), 200

    print('retrieving private key')
    client_private_key = get_client_private_key(patient_id,
                                                user.study.object_id)
    print('decrypting device file')
    try:
        uploaded_file = decrypt_device_file(patient_id, uploaded_file,
                                            client_private_key, user)
    except HandledError as e:
        # when decrypting fails, regardless of why, we rely on the decryption code
        # to log it correctly and return 200 OK to get the device to delete the file.
        # We do not want emails on these types of errors, so we use log_error explicitly.
        print("the following error was handled:")
        log_error(e, "%s; %s; %s" % (patient_id, file_name, e.message))
        return render_template('blank.html'), 200
    #This is what the decryption failure mode SHOULD be, but we are still identifying the decryption bug
    except DecryptionKeyInvalidError:
        tags = {
            "participant": patient_id,
            "operating system":
            "ios" if "ios" in request.path.lower() else "android",
            "DecryptionKeyError id": str(DecryptionKeyError.objects.last().id),
            "file_name": file_name,
        }
        make_sentry_client('eb',
                           tags).captureMessage("DecryptionKeyInvalidError")

        return render_template('blank.html'), 200

    # print "decryption success:", file_name
    # if uploaded data a) actually exists, B) is validly named and typed...
    if uploaded_file and file_name and contains_valid_extension(file_name):
        print('constructing rawdata filename')
        raw_data_filename = construct_s3_raw_data_path(
            user.study.object_id, file_name.replace("_", "/"))
        print('rawdata filename {0}'.format(raw_data_filename))
        s3_upload(raw_data_filename,
                  uploaded_file,
                  user.study.object_id,
                  raw_path=True)
        print('file uploaded to s3, now adding to FTP')
        FileToProcess.append_file_for_processing(raw_data_filename,
                                                 user.study.object_id,
                                                 participant=user)
        print('next is update upload tracking database')
        UploadTracking.objects.create(
            file_path=raw_data_filename,
            file_size=len(uploaded_file),
            timestamp=timezone.now(),
            participant=user,
        )
        print('next is update received data stats database')
        ReceivedDataStats.update_statistics(
            file_path=raw_data_filename,
            file_size=len(uploaded_file),
            timestamp=timezone.now(),
            participant=user,
        )
        print('finished processing the upload')
        return render_template('blank.html'), 200
    else:
        error_message = "an upload has failed " + patient_id + ", " + file_name + ", "
        if not uploaded_file:
            # it appears that occasionally the app creates some spurious files
            # with a name like "rList-org.beiwe.app.LoadingActivity"
            error_message += "there was no/an empty file, returning 200 OK so device deletes bad file."
            log_error(Exception("upload error"), error_message)
            return render_template('blank.html'), 200

        elif not file_name:
            error_message += "there was no provided file name, this is an app error."
        elif file_name and not contains_valid_extension(file_name):
            error_message += "contains an invalid extension, it was interpretted as "
            error_message += grab_file_extension(file_name)
        else:
            error_message += "AN UNKNOWN ERROR OCCURRED."

        tags = {"upload_error": "upload error", "user_id": patient_id}
        sentry_client = make_sentry_client('eb', tags)
        sentry_client.captureMessage(error_message)

        return abort(400)
Example #4
0
    def save(file_name, uploaded_file):
        uploaded_file0 = uploaded_file
        error_count = 0

        if "crashlog" in file_name.lower():
            send_android_error_report(patient_id, uploaded_file)
            return render_template('blank.html'), 200

        # it appears that occasionally the app creates some spurious files with a name like "rList-org.beiwe.app.LoadingActivity"
        if file_name[:6] == "rList-":
            return render_template('blank.html'), 200

        # test whether can decrypt successfully
        # if cannot decrypt, save the raw file, return OK:200 to free up phone storage
        # if cannot save to S3 bucket, return Error:500 to postpone upload & keep the file on the phone
        client_private_key = get_client_private_key(patient_id,
                                                    user.study.object_id)
        try:
            uploaded_file, error_count = decrypt_device_file(
                patient_id, uploaded_file, client_private_key, user)
        except HandledError as e:
            canUpload = s3_upload(file_name.replace("_", "/"),
                                  uploaded_file,
                                  user.study.object_id,
                                  encrypt=False)
            print("The following upload error was handled:")
            log_error(e, "%s; %s; %s" % (patient_id, file_name, e.message))
            return render_template('blank.html'), 200 if canUpload else 500
        except OurBase64Error:
            canUpload = s3_upload(file_name.replace("_", "/"),
                                  uploaded_file,
                                  user.study.object_id,
                                  encrypt=False)
            print(
                "### decryption error: patient_id=%s, file_name=%s, file_size=%s"
                % (patient_id, file_name, len(uploaded_file)))
            return render_template('blank.html'), 200 if canUpload else 500
        except:
            canUpload = s3_upload(file_name.replace("_", "/"),
                                  uploaded_file,
                                  user.study.object_id,
                                  encrypt=False)
            return render_template('blank.html'), 200 if canUpload else 500

        # set upload info
        file_basename = file_name.split('_')[-2]
        if file_basename in CHECKABLE_FILES:
            try:
                upload_info = user.get_upload_info()
                update_upload_info(file_basename, upload_info,
                                   uploaded_file.strip().splitlines()[1:],
                                   2 if file_basename == 'callLog' else 0)
                user.set_upload_info(upload_info)
            except Exception as e:
                log_error(
                    e,
                    "Failed to update upload info: patient_id=%s; file_name=%s; msg=%s"
                    % (patient_id, file_name, e.message))

        # if uploaded data a) actually exists, B) is validly named and typed...
        if uploaded_file and file_name and contains_valid_extension(file_name):
            canUpload = s3_upload(file_name.replace("_", "/"), uploaded_file,
                                  user.study.object_id)
            user.set_upload_time()
            # for files with non-fatal decryption errors, save another raw copy
            if canUpload and error_count > 0:
                canUpload = s3_upload(file_name.replace("_", "/"),
                                      uploaded_file0,
                                      user.study.object_id,
                                      encrypt=False)
            return render_template('blank.html'), 200 if canUpload else 500
        else:
            error_message = "an upload has failed " + patient_id + ", " + file_name + ", "
            canUpload = s3_upload(file_name.replace("_", "/"),
                                  uploaded_file,
                                  user.study.object_id,
                                  encrypt=False)
            user.set_upload_time()
            if not uploaded_file:
                error_message += "there was an empty file, returning 200 OK so device deletes bad file."
                log_error(Exception("upload error"), error_message)
                return render_template('blank.html'), 200 if canUpload else 500
            elif not file_name:
                error_message += "there was no provided file name, this is an app error."
            elif not contains_valid_extension(file_name):
                error_message += "contains an invalid extension, it was interpretted as "
                error_message += grab_file_extension(file_name)
            else:
                error_message += "AN UNKNOWN ERROR OCCURRED."

            tags = {"upload_error": "upload error", "user_id": patient_id}
            sentry_client = make_sentry_client('eb', tags)
            sentry_client.captureMessage(error_message)

            # log_and_email_500_error(Exception("upload error"), error_message)
            return render_template('blank.html'), 200 if canUpload else 500
Example #5
0
def upload(OS_API=""):
    """ Entry point to upload GPS, Accelerometer, Audio, PowerState, Calls Log, Texts Log,
    Survey Response, and debugging files to s3.

    Behavior:
    The Beiwe app is supposed to delete the uploaded file if it receives an html 200 response.
    The API returns a 200 response when the file has A) been successfully handled, B) the file it
    has been sent is empty, C) the file did not decrypt properly.  We encountered problems in
    production with incorrectly encrypted files (as well as Android generating "rList" files
    under unknown circumstances) and the app then uploads them.  When the device receives a 200
    that is its signal to delete the file.
    When a file is undecryptable (this was tracked to a scenario where the device could not
    create/write an AES encryption key) we send a 200 response to stop that device attempting to
    re-upload the data.
    In the event of a single line being undecryptable (can happen due to io errors on the device)
    we drop only that line (and store the erroring line in an attempt to track it down.

    A 400 error means there is something is wrong with the uploaded file or its parameters,
    administrators will be emailed regarding this upload, the event will be logged to the apache
    log.  The app should not delete the file, it should try to upload it again at some point.

    If a 500 error occurs that means there is something wrong server side, administrators will be
    emailed and the event will be logged. The app should not delete the file, it should try to
    upload it again at some point.

    Request format:
    send an http post request to [domain name]/upload, remember to include security
    parameters (see user_authentication for documentation). Provide the contents of the file,
    encrypted (see encryption specification) and properly converted to Base64 encoded text,
    as a request parameter entitled "file".
    Provide the file name in a request parameter entitled "file_name". """

    # Handle these corner cases first because they requires no database input.
    # Crash logs are from truly ancient versions of the android codebase
    file_name = request.values['file_name']
    if file_name.startswith("rList") or "crashlog" in file_name.lower():
        return render_template('blank.html'), 200

    patient_id = request.values['patient_id']
    user = get_session_participant()

    # Slightly different values for iOS vs Android behavior.
    # Android sends the file data as standard form post parameter (request.values)
    # iOS sends the file as a multipart upload (so ends up in request.files)
    # if neither is found, consider the "body" of the post the file
    # ("body" post is not currently used by any client, only here for completeness)
    if "file" in request.files:
        uploaded_file = request.files['file']
    elif "file" in request.values:
        uploaded_file = request.values['file']
    else:
        uploaded_file = request.data

    if isinstance(uploaded_file, FileStorage):
        uploaded_file = uploaded_file.read()
    elif isinstance(uploaded_file, str):
        uploaded_file = uploaded_file.encode()
    elif isinstance(uploaded_file, bytes):
        # not current behavior on any app
        pass
    else:
        raise TypeError("uploaded_file was a %s" % type(uploaded_file))


    client_private_key = get_client_private_key(patient_id, user.study.object_id)
    try:
        uploaded_file = decrypt_device_file(patient_id, uploaded_file, client_private_key, user)
    except HandledError as e:
        # when decrypting fails, regardless of why, we rely on the decryption code
        # to log it correctly and return 200 OK to get the device to delete the file.
        # We do not want emails on these types of errors, so we use log_error explicitly.
        # this log statement hasn't been valuable since 2015, turning it off.
        # log_error(e, "%s; %s; %s" % (patient_id, file_name, e))
        return render_template('blank.html'), 200

    except DecryptionKeyInvalidError:
        # when the decryption key is invalid the file is lost.  Nothing we can do.
        # record the event, send the device a 200 so it can clear out the file.
        tags = {
            "participant": patient_id,
            "operating system": "ios" if "ios" in request.path.lower() else "android",
            "DecryptionKeyError id": str(DecryptionKeyError.objects.last().id),
            "file_name": file_name,
        }
        make_sentry_client('eb', tags).captureMessage("DecryptionKeyInvalidError")
        return render_template('blank.html'), 200

    s3_file_location = file_name.replace("_", "/")

    # if uploaded data a) actually exists, B) is validly named and typed...
    if uploaded_file and file_name and contains_valid_extension(file_name):
        s3_upload(s3_file_location, uploaded_file, user.study.object_id)
        FileToProcess.append_file_for_processing(
            s3_file_location, user.study.object_id, participant=user
        )
        UploadTracking.objects.create(
            file_path=s3_file_location,
            file_size=len(uploaded_file),
            timestamp=timezone.now(),
            participant=user,
        )
        return render_template('blank.html'), 200

    else:
        error_message = "an upload has failed " + patient_id + ", " + file_name + ", "
        if not uploaded_file:
            # it appears that occasionally the app creates some spurious files
            # with a name like "rList-org.beiwe.app.LoadingActivity"
            error_message += "there was no/an empty file, returning 200 OK so device deletes bad file."
            log_error(Exception("upload error"), error_message)
            return render_template('blank.html'), 200

        elif not file_name:
            error_message += "there was no provided file name, this is an app error."
        elif file_name and not contains_valid_extension(file_name):
            error_message += "contains an invalid extension, it was interpreted as "
            error_message += grab_file_extension(file_name)
        else:
            error_message += "AN UNKNOWN ERROR OCCURRED."

        tags = {"upload_error": "upload error", "user_id": patient_id}
        sentry_client = make_sentry_client('eb', tags)
        sentry_client.captureMessage(error_message)

        return abort(400)