def change_password(username, form, as_manager=False):
"""Change password, and return success/failure HTML."""
user = User(username, False)
if not user.user:
return user_management_failure_message(
"Problem: can't find user " + username, as_manager)
old_password = ws.get_cgi_parameter_str(form, PARAM.OLD_PASSWORD)
new_password_1 = ws.get_cgi_parameter_str(form, PARAM.NEW_PASSWORD_1)
new_password_2 = ws.get_cgi_parameter_str(form, PARAM.NEW_PASSWORD_2)
must_change_password = ws.get_cgi_parameter_bool(
form, PARAM.MUST_CHANGE_PASSWORD)
if new_password_1 != new_password_2:
return user_management_failure_message("New passwords don't match",
as_manager)
if len(new_password_1) < MINIMUM_PASSWORD_LENGTH:
return user_management_failure_message(
"New password must be at least {} characters; not changed.".format(
MINIMUM_PASSWORD_LENGTH
),
as_manager
)
if old_password == new_password_1 and not as_manager:
return user_management_failure_message(
"Old/new passwords are the same",
as_manager
)
if (not as_manager) and (not user.is_password_valid(old_password)):
return user_management_failure_message("Old password incorrect",
as_manager)
# OK
user.set_password(new_password_1)
user.save()
if not as_manager:
must_change_password = False
if must_change_password:
user.force_password_change()
audit("Password changed for user " + user.user)
return user_management_success_message(
"Password updated for user {}.".format(user.user),
as_manager,
"""<div class="important">
If you store your password in your CamCOPS tablet application,
remember to change it there as well.
</div>"""
)
def application_show_environment_test_database(environ, start_response):
LINEBREAK = "=" * 79 + "\n"
status = '200 OK'
if not environ['mod_wsgi.process_group']:
output = 'mod_wsgi EMBEDDED MODE'
else:
output = 'mod_wsgi DAEMON MODE'
output += "\n\nenviron parameter:\n" + LINEBREAK
for (k, v) in sorted(environ.iteritems()):
output += str(k) + ": " + str(v) + "\n"
output += "\nos.environ:\n" + LINEBREAK
for (k, v) in sorted(os.environ.iteritems()):
output += str(k) + ": " + str(v) + "\n"
output += "\nCGI form:\n" + LINEBREAK
form = ws.get_cgi_fieldstorage_from_wsgi_env(environ)
for k in form.keys():
output += "{0} = {1}\n".format(k, form.getvalue(k))
output += "\nCGI value for 'test' field:\n" + LINEBREAK
output += "{}\n".format(ws.get_cgi_parameter_str(form, "test"))
output += "\nCGI value for 'Test' field:\n" + LINEBREAK
output += "{}\n".format(ws.get_cgi_parameter_str(form, "Test"))
# This successfully writes to the Apache log:
sys.stderr.write("testwsgi.py: STARTING\n")
# Let's not bother with a persistent database connection for now.
# http://stackoverflow.com/questions/405352/mysql-connection-pooling-question-is-it-worth-it # noqa
testDatabase = False
if testDatabase:
db = connect_to_database(environ)
output += "\nCONNECTED TO DATABASE\n" + LINEBREAK
output += (
"Count: " +
str(db.fetchvalue("SELECT COUNT(*) FROM expdetthreshold")) + "\n"
)
# Final output
response_headers = [('Content-type', 'text/plain'),
('Content-Length', str(len(output)))]
start_response(status, response_headers)
return [output]
def provide_report(session, form):
"""Extracts report type, report parameters, and output type from the CGI
form; offers up the results in the chosen format."""
# Which report?
report_id = ws.get_cgi_parameter_str(form, PARAM.REPORT_ID)
report = get_report_instance(report_id)
if not report:
return cc_html.fail_with_error_stay_logged_in("Invalid report_id")
# What output type?
outputtype = ws.get_cgi_parameter_str(form, PARAM.OUTPUTTYPE)
if outputtype is not None:
outputtype = outputtype.lower()
if (outputtype != VALUE.OUTPUTTYPE_HTML
and outputtype != VALUE.OUTPUTTYPE_TSV):
return cc_html.fail_with_error_stay_logged_in("Unknown outputtype")
# Get parameters
params = get_params_from_form(report.get_param_spec_list(), form)
# Get query details
rows, descriptions = report.get_rows_descriptions(**params)
if rows is None or descriptions is None:
return cc_html.fail_with_error_stay_logged_in(
"Report failed to return a list of descriptions/results")
if outputtype == VALUE.OUTPUTTYPE_TSV:
filename = (
"CamCOPS_"
+ report.get_report_id()
+ "_"
+ cc_dt.format_datetime(pls.NOW_LOCAL_TZ, DATEFORMAT.FILENAME)
+ ".tsv"
)
return ws.tsv_result(tsv_from_query(rows, descriptions), [], filename)
else:
# HTML
html = pls.WEBSTART + u"""
{}
<h1>{}</h1>
""".format(
session.get_current_user_html(),
report.get_report_title(),
) + ws.html_table_from_query(rows, descriptions) + cc_html.WEBEND
return html
def offer_individual_report(session, form):
"""For a specific report (specified within the CGI form), offers an HTML
page with the parameters to be configured for that report."""
# Which report?
report_id = ws.get_cgi_parameter_str(form, PARAM.REPORT_ID)
report = get_report_instance(report_id)
if not report:
return cc_html.fail_with_error_stay_logged_in("Invalid report_id")
html = pls.WEBSTART + u"""
{userdetails}
<h1>Report: {reporttitle}</h1>
<div class="filter">
<form method="GET" action="{script}">
<input type="hidden" name="{PARAM.ACTION}"
value="{ACTION.PROVIDE_REPORT}">
<input type="hidden" name="{PARAM.REPORT_ID}"
value="{report_id}">
""".format(
userdetails=session.get_current_user_html(),
reporttitle=report.get_report_title(),
script=pls.SCRIPT_NAME,
ACTION=ACTION,
PARAM=PARAM,
report_id=report_id
)
for p in report.get_param_spec_list():
html += get_param_html(p)
html += u"""
<br>
Report output format:<br>
<label>
<input type="radio" name="{PARAM.OUTPUTTYPE}"
value="{VALUE.OUTPUTTYPE_HTML}" checked>
HTML
</label><br>
<label>
<input type="radio" name="{PARAM.OUTPUTTYPE}"
value="{VALUE.OUTPUTTYPE_TSV}">
Tab-separated values (TSV)
</label><br>
<br>
<input type="submit" value="Report">
</form>
</div>
""".format(
PARAM=PARAM,
VALUE=VALUE,
)
return html + cc_html.WEBEND
def add_user(form):
"""Add a user, and return HTML success/failure message."""
username = ws.get_cgi_parameter_str(form, PARAM.USERNAME)
password_1 = ws.get_cgi_parameter_str(form, PARAM.PASSWORD_1)
password_2 = ws.get_cgi_parameter_str(form, PARAM.PASSWORD_2)
must_change_password = ws.get_cgi_parameter_bool(
form, PARAM.MUST_CHANGE_PASSWORD)
may_use_webviewer = ws.get_cgi_parameter_bool(
form, PARAM.MAY_USE_WEBVIEWER)
may_view_other_users_records = ws.get_cgi_parameter_bool(
form, PARAM.MAY_VIEW_OTHER_USERS_RECORDS)
view_all_patients_when_unfiltered = ws.get_cgi_parameter_bool(
form, PARAM.VIEW_ALL_PTS_WHEN_UNFILTERED)
may_upload = ws.get_cgi_parameter_bool(form, PARAM.MAY_UPLOAD)
superuser = ws.get_cgi_parameter_bool(form, PARAM.SUPERUSER)
may_register_devices = ws.get_cgi_parameter_bool(
form, PARAM.MAY_REGISTER_DEVICES)
may_use_webstorage = ws.get_cgi_parameter_bool(
form, PARAM.MAY_USE_WEBSTORAGE)
may_dump_data = ws.get_cgi_parameter_bool(form, PARAM.MAY_DUMP_DATA)
may_run_reports = ws.get_cgi_parameter_bool(form, PARAM.MAY_RUN_REPORTS)
may_add_notes = ws.get_cgi_parameter_bool(form, PARAM.MAY_ADD_NOTES)
user = User(username, False)
if user.user:
return user_management_failure_message(
"User already exists: " + username)
if not is_username_permissible(username):
return user_management_failure_message(
"Invalid username: "******"Passwords don't mach")
if len(password_1) < MINIMUM_PASSWORD_LENGTH:
return user_management_failure_message(
"Password must be at least {} characters".format(
MINIMUM_PASSWORD_LENGTH
))
user = User(username, True)
user.set_password(password_1)
user.may_use_webviewer = may_use_webviewer
user.may_view_other_users_records = may_view_other_users_records
user.view_all_patients_when_unfiltered = view_all_patients_when_unfiltered
user.may_upload = may_upload
user.superuser = superuser
user.may_register_devices = may_register_devices
user.may_use_webstorage = may_use_webstorage
user.may_dump_data = may_dump_data
user.may_run_reports = may_run_reports
user.may_add_notes = may_add_notes
user.save()
if must_change_password:
user.force_password_change()
audit(
(
"User created: {}: "
"may_use_webviewer={}, "
"may_view_other_users_records={}, "
"view_all_patients_when_unfiltered={}, "
"may_upload={}, "
"superuser={}, "
"may_register_devices={}, "
"may_use_webstorage={}, "
"may_dump_data={}, "
"may_run_reports={}, "
"may_add_notes={}, "
"must_change_password={}"
).format(
user.user,
may_use_webviewer,
may_view_other_users_records,
view_all_patients_when_unfiltered,
may_upload,
superuser,
may_register_devices,
may_use_webstorage,
may_dump_data,
may_run_reports,
may_add_notes,
must_change_password
)
)
return user_management_success_message("User " + user.user + " created")
def change_user(form):
"""Apply changes to a user, and return success/failure HTML."""
username = ws.get_cgi_parameter_str(form, PARAM.USERNAME)
may_use_webviewer = ws.get_cgi_parameter_bool(
form, PARAM.MAY_USE_WEBVIEWER)
may_view_other_users_records = ws.get_cgi_parameter_bool(
form, PARAM.MAY_VIEW_OTHER_USERS_RECORDS)
view_all_patients_when_unfiltered = ws.get_cgi_parameter_bool(
form, PARAM.VIEW_ALL_PTS_WHEN_UNFILTERED)
may_upload = ws.get_cgi_parameter_bool(form, PARAM.MAY_UPLOAD)
superuser = ws.get_cgi_parameter_bool(form, PARAM.SUPERUSER)
may_register_devices = ws.get_cgi_parameter_bool(
form, PARAM.MAY_REGISTER_DEVICES)
may_use_webstorage = ws.get_cgi_parameter_bool(
form, PARAM.MAY_USE_WEBSTORAGE)
may_dump_data = ws.get_cgi_parameter_bool(form, PARAM.MAY_DUMP_DATA)
may_run_reports = ws.get_cgi_parameter_bool(form, PARAM.MAY_RUN_REPORTS)
may_add_notes = ws.get_cgi_parameter_bool(form, PARAM.MAY_ADD_NOTES)
user = User(username, False)
if not user.user:
return user_management_failure_message("Invalid user: "******"User permissions edited for user {}: "
"may_use_webviewer={}, "
"may_view_other_users_records={}, "
"view_all_patients_when_unfiltered={}, "
"may_upload={}, "
"superuser={}, "
"may_register_devices={}, "
"may_use_webstorage={}, "
"may_dump_data={}, "
"may_run_reports={}, "
"may_add_notes={} "
).format(
user.user,
may_use_webviewer,
may_view_other_users_records,
view_all_patients_when_unfiltered,
may_upload,
superuser,
may_register_devices,
may_use_webstorage,
may_dump_data,
may_run_reports,
may_add_notes,
)
)
return user_management_success_message(
"Details updated for user " + user.user)
