def change_password(username, form, as_manager=False): """Change password, and return success/failure HTML.""" user = User(username, False) if not user.user: return user_management_failure_message( "Problem: can't find user " + username, as_manager) old_password = ws.get_cgi_parameter_str(form, PARAM.OLD_PASSWORD) new_password_1 = ws.get_cgi_parameter_str(form, PARAM.NEW_PASSWORD_1) new_password_2 = ws.get_cgi_parameter_str(form, PARAM.NEW_PASSWORD_2) must_change_password = ws.get_cgi_parameter_bool( form, PARAM.MUST_CHANGE_PASSWORD) if new_password_1 != new_password_2: return user_management_failure_message("New passwords don't match", as_manager) if len(new_password_1) < MINIMUM_PASSWORD_LENGTH: return user_management_failure_message( "New password must be at least {} characters; not changed.".format( MINIMUM_PASSWORD_LENGTH ), as_manager ) if old_password == new_password_1 and not as_manager: return user_management_failure_message( "Old/new passwords are the same", as_manager ) if (not as_manager) and (not user.is_password_valid(old_password)): return user_management_failure_message("Old password incorrect", as_manager) # OK user.set_password(new_password_1) user.save() if not as_manager: must_change_password = False if must_change_password: user.force_password_change() audit("Password changed for user " + user.user) return user_management_success_message( "Password updated for user {}.".format(user.user), as_manager, """<div class="important"> If you store your password in your CamCOPS tablet application, remember to change it there as well. </div>""" )
def application_show_environment_test_database(environ, start_response): LINEBREAK = "=" * 79 + "\n" status = '200 OK' if not environ['mod_wsgi.process_group']: output = 'mod_wsgi EMBEDDED MODE' else: output = 'mod_wsgi DAEMON MODE' output += "\n\nenviron parameter:\n" + LINEBREAK for (k, v) in sorted(environ.iteritems()): output += str(k) + ": " + str(v) + "\n" output += "\nos.environ:\n" + LINEBREAK for (k, v) in sorted(os.environ.iteritems()): output += str(k) + ": " + str(v) + "\n" output += "\nCGI form:\n" + LINEBREAK form = ws.get_cgi_fieldstorage_from_wsgi_env(environ) for k in form.keys(): output += "{0} = {1}\n".format(k, form.getvalue(k)) output += "\nCGI value for 'test' field:\n" + LINEBREAK output += "{}\n".format(ws.get_cgi_parameter_str(form, "test")) output += "\nCGI value for 'Test' field:\n" + LINEBREAK output += "{}\n".format(ws.get_cgi_parameter_str(form, "Test")) # This successfully writes to the Apache log: sys.stderr.write("testwsgi.py: STARTING\n") # Let's not bother with a persistent database connection for now. # http://stackoverflow.com/questions/405352/mysql-connection-pooling-question-is-it-worth-it # noqa testDatabase = False if testDatabase: db = connect_to_database(environ) output += "\nCONNECTED TO DATABASE\n" + LINEBREAK output += ( "Count: " + str(db.fetchvalue("SELECT COUNT(*) FROM expdetthreshold")) + "\n" ) # Final output response_headers = [('Content-type', 'text/plain'), ('Content-Length', str(len(output)))] start_response(status, response_headers) return [output]
def provide_report(session, form): """Extracts report type, report parameters, and output type from the CGI form; offers up the results in the chosen format.""" # Which report? report_id = ws.get_cgi_parameter_str(form, PARAM.REPORT_ID) report = get_report_instance(report_id) if not report: return cc_html.fail_with_error_stay_logged_in("Invalid report_id") # What output type? outputtype = ws.get_cgi_parameter_str(form, PARAM.OUTPUTTYPE) if outputtype is not None: outputtype = outputtype.lower() if (outputtype != VALUE.OUTPUTTYPE_HTML and outputtype != VALUE.OUTPUTTYPE_TSV): return cc_html.fail_with_error_stay_logged_in("Unknown outputtype") # Get parameters params = get_params_from_form(report.get_param_spec_list(), form) # Get query details rows, descriptions = report.get_rows_descriptions(**params) if rows is None or descriptions is None: return cc_html.fail_with_error_stay_logged_in( "Report failed to return a list of descriptions/results") if outputtype == VALUE.OUTPUTTYPE_TSV: filename = ( "CamCOPS_" + report.get_report_id() + "_" + cc_dt.format_datetime(pls.NOW_LOCAL_TZ, DATEFORMAT.FILENAME) + ".tsv" ) return ws.tsv_result(tsv_from_query(rows, descriptions), [], filename) else: # HTML html = pls.WEBSTART + u""" {} <h1>{}</h1> """.format( session.get_current_user_html(), report.get_report_title(), ) + ws.html_table_from_query(rows, descriptions) + cc_html.WEBEND return html
def offer_individual_report(session, form): """For a specific report (specified within the CGI form), offers an HTML page with the parameters to be configured for that report.""" # Which report? report_id = ws.get_cgi_parameter_str(form, PARAM.REPORT_ID) report = get_report_instance(report_id) if not report: return cc_html.fail_with_error_stay_logged_in("Invalid report_id") html = pls.WEBSTART + u""" {userdetails} <h1>Report: {reporttitle}</h1> <div class="filter"> <form method="GET" action="{script}"> <input type="hidden" name="{PARAM.ACTION}" value="{ACTION.PROVIDE_REPORT}"> <input type="hidden" name="{PARAM.REPORT_ID}" value="{report_id}"> """.format( userdetails=session.get_current_user_html(), reporttitle=report.get_report_title(), script=pls.SCRIPT_NAME, ACTION=ACTION, PARAM=PARAM, report_id=report_id ) for p in report.get_param_spec_list(): html += get_param_html(p) html += u""" <br> Report output format:<br> <label> <input type="radio" name="{PARAM.OUTPUTTYPE}" value="{VALUE.OUTPUTTYPE_HTML}" checked> HTML </label><br> <label> <input type="radio" name="{PARAM.OUTPUTTYPE}" value="{VALUE.OUTPUTTYPE_TSV}"> Tab-separated values (TSV) </label><br> <br> <input type="submit" value="Report"> </form> </div> """.format( PARAM=PARAM, VALUE=VALUE, ) return html + cc_html.WEBEND
def add_user(form): """Add a user, and return HTML success/failure message.""" username = ws.get_cgi_parameter_str(form, PARAM.USERNAME) password_1 = ws.get_cgi_parameter_str(form, PARAM.PASSWORD_1) password_2 = ws.get_cgi_parameter_str(form, PARAM.PASSWORD_2) must_change_password = ws.get_cgi_parameter_bool( form, PARAM.MUST_CHANGE_PASSWORD) may_use_webviewer = ws.get_cgi_parameter_bool( form, PARAM.MAY_USE_WEBVIEWER) may_view_other_users_records = ws.get_cgi_parameter_bool( form, PARAM.MAY_VIEW_OTHER_USERS_RECORDS) view_all_patients_when_unfiltered = ws.get_cgi_parameter_bool( form, PARAM.VIEW_ALL_PTS_WHEN_UNFILTERED) may_upload = ws.get_cgi_parameter_bool(form, PARAM.MAY_UPLOAD) superuser = ws.get_cgi_parameter_bool(form, PARAM.SUPERUSER) may_register_devices = ws.get_cgi_parameter_bool( form, PARAM.MAY_REGISTER_DEVICES) may_use_webstorage = ws.get_cgi_parameter_bool( form, PARAM.MAY_USE_WEBSTORAGE) may_dump_data = ws.get_cgi_parameter_bool(form, PARAM.MAY_DUMP_DATA) may_run_reports = ws.get_cgi_parameter_bool(form, PARAM.MAY_RUN_REPORTS) may_add_notes = ws.get_cgi_parameter_bool(form, PARAM.MAY_ADD_NOTES) user = User(username, False) if user.user: return user_management_failure_message( "User already exists: " + username) if not is_username_permissible(username): return user_management_failure_message( "Invalid username: "******"Passwords don't mach") if len(password_1) < MINIMUM_PASSWORD_LENGTH: return user_management_failure_message( "Password must be at least {} characters".format( MINIMUM_PASSWORD_LENGTH )) user = User(username, True) user.set_password(password_1) user.may_use_webviewer = may_use_webviewer user.may_view_other_users_records = may_view_other_users_records user.view_all_patients_when_unfiltered = view_all_patients_when_unfiltered user.may_upload = may_upload user.superuser = superuser user.may_register_devices = may_register_devices user.may_use_webstorage = may_use_webstorage user.may_dump_data = may_dump_data user.may_run_reports = may_run_reports user.may_add_notes = may_add_notes user.save() if must_change_password: user.force_password_change() audit( ( "User created: {}: " "may_use_webviewer={}, " "may_view_other_users_records={}, " "view_all_patients_when_unfiltered={}, " "may_upload={}, " "superuser={}, " "may_register_devices={}, " "may_use_webstorage={}, " "may_dump_data={}, " "may_run_reports={}, " "may_add_notes={}, " "must_change_password={}" ).format( user.user, may_use_webviewer, may_view_other_users_records, view_all_patients_when_unfiltered, may_upload, superuser, may_register_devices, may_use_webstorage, may_dump_data, may_run_reports, may_add_notes, must_change_password ) ) return user_management_success_message("User " + user.user + " created")
def change_user(form): """Apply changes to a user, and return success/failure HTML.""" username = ws.get_cgi_parameter_str(form, PARAM.USERNAME) may_use_webviewer = ws.get_cgi_parameter_bool( form, PARAM.MAY_USE_WEBVIEWER) may_view_other_users_records = ws.get_cgi_parameter_bool( form, PARAM.MAY_VIEW_OTHER_USERS_RECORDS) view_all_patients_when_unfiltered = ws.get_cgi_parameter_bool( form, PARAM.VIEW_ALL_PTS_WHEN_UNFILTERED) may_upload = ws.get_cgi_parameter_bool(form, PARAM.MAY_UPLOAD) superuser = ws.get_cgi_parameter_bool(form, PARAM.SUPERUSER) may_register_devices = ws.get_cgi_parameter_bool( form, PARAM.MAY_REGISTER_DEVICES) may_use_webstorage = ws.get_cgi_parameter_bool( form, PARAM.MAY_USE_WEBSTORAGE) may_dump_data = ws.get_cgi_parameter_bool(form, PARAM.MAY_DUMP_DATA) may_run_reports = ws.get_cgi_parameter_bool(form, PARAM.MAY_RUN_REPORTS) may_add_notes = ws.get_cgi_parameter_bool(form, PARAM.MAY_ADD_NOTES) user = User(username, False) if not user.user: return user_management_failure_message("Invalid user: "******"User permissions edited for user {}: " "may_use_webviewer={}, " "may_view_other_users_records={}, " "view_all_patients_when_unfiltered={}, " "may_upload={}, " "superuser={}, " "may_register_devices={}, " "may_use_webstorage={}, " "may_dump_data={}, " "may_run_reports={}, " "may_add_notes={} " ).format( user.user, may_use_webviewer, may_view_other_users_records, view_all_patients_when_unfiltered, may_upload, superuser, may_register_devices, may_use_webstorage, may_dump_data, may_run_reports, may_add_notes, ) ) return user_management_success_message( "Details updated for user " + user.user)