def check_clinician_no_token(username, password):
cursor = ext.connect_()
query = "select pwhash, is_password_set from clinicians where username = %s"
cursor.execute(query, (username, ))
result = cursor.fetchall()
# print(result)
if result:
pwhash = result[0].get("pwhash")
is_password_set = result[0].get("is_password_set")
if pbkdf2_sha256.verify(password, pwhash):
query = (
"select first_name, last_name, role from clinicians where username = %s"
)
cursor.execute(query, (username, ))
result = cursor.fetchall()
user_result = result[0]
user_info = {
"signoff_" + k: user_result[k]
for k in user_result.keys()
}
user_info["signoff_username"] = username
if is_password_set:
return True, user_info, True
else:
return True, user_info, False
return False, None, None
def get_case_info(info_table, case_id, user_info):
info_table = "case" + info_table
qargs = {"case_id": case_id}
results = ext.select_query_result_(qargs, info_table)
if (info_table == "case_managements" and results["result"]
is not None): # TODO Think about whether might move this to hooks?
cursor = ext.connect_()
query = "select {} from {} where case_id=%s"
extra_fields = [
("dob", "cases"),
("large_vessel_occlusion", "case_radiologies"),
("last_well", "cases"),
("ich_found", "case_radiologies"),
]
for field in extra_fields:
cursor.execute(query.format(field[0], field[1]), (case_id, ))
field_result = cursor.fetchall()
field_val = field_result[0][field[0]]
if field[0] == "dob" and field_val:
field_val = field_val.isoformat()
elif field[0] == "last_well" and field_val:
field_val = field_val.strftime("%Y-%m-%d %H:%M")
results["result"][0][field[0]] = field_val
# if info_table == 'cases':
# results['google_distance_api_key'] = app.config.get('GOOGLE_DISTANCE_API_KEY')
results["success"] = True
return jsonify(results)
def check_clinician(username, password, token):
cursor = ext.connect_()
query = "select pwhash, shared_secret, is_password_set from clinicians where username = %s"
cursor.execute(query, (username, ))
result = cursor.fetchall()
# print(result)
if result:
pwhash = result[0].get("pwhash")
shared_secret = result[0].get("shared_secret")
is_password_set = result[0].get("is_password_set")
if not shared_secret:
return False, None, None
totp = pyotp.TOTP(shared_secret, interval=300)
# print(datetime.datetime.now())
# print(totp.now())
# print(pbkdf2_sha256.hash(password))
if pbkdf2_sha256.verify(password, pwhash) and totp.verify(
token, valid_window=2):
query = (
"select first_name, last_name, role from clinicians where username = %s"
)
cursor.execute(query, (username, ))
result = cursor.fetchall()
user_result = result[0]
user_info = {
"signoff_" + k: user_result[k]
for k in user_result.keys()
}
user_info["signoff_username"] = username
if is_password_set:
return True, user_info, True
else:
return True, user_info, False
return False, None, None
def check_admin(username, password):
cursor = ext.connect_()
query = "select pwhash from admins where username = %s"
cursor.execute(query, (username, ))
result = cursor.fetchall()
if result:
pwhash = result[0]["pwhash"]
if pbkdf2_sha256.verify(password, pwhash):
return True
return False
def edit_case_info(info_table, case_id, user_info):
if not request.get_json():
return (
jsonify({
"success": False,
"error_type": "request",
"debugmsg": "No data in request.",
}),
400,
)
# TODO Requires safer error handling
# TODO Check table exists and exit if not (safety)
info_table = "case" + info_table
cursor = ext.connect_()
columns = ext.get_cols_(info_table)
qargs = ext.get_args_(columns, request.get_json())
# Necessary for PUT since expect whole replacement back.
# Will be much easier to implement this hook as a PATCH request
# as will not have to check the previous stored data
prior = ext.select_query_result_({"case_id": case_id},
info_table)["result"][0]
#print(prior)
prior_meta = ext.select_query_result_({"case_id": case_id},
"cases")["result"][0]
qargs = {**qargs, **user_info}
#print(qargs)
qargs = hooks.put(info_table, case_id, qargs, prior)
#print(qargs)
if not qargs:
# print("NO CHANGE")
return jsonify({"success": True, "message": "no change"})
query = ext.update_(qargs)
query_string = "update {} ".format(
info_table) + query[0] + " where case_id=%s"
# print(query_string)
cursor.execute(query_string, query[1] + (case_id, ))
mysql.connection.commit()
meta = {
"info_table": info_table,
"case_id": case_id,
"first_name": prior_meta.get("first_name"),
"last_name": prior_meta.get("last_name"),
"status": prior_meta.get("status"),
"gender": prior_meta.get("gender"),
"dob": prior_meta.get("dob"),
}
log_event("edit", qargs, meta, user_info)
return jsonify({"success": True, "debugmsg": "added"})
def set_password(user_info):
inputs = request.get_json()
new_password = inputs.get("new_password")
if not new_password:
return (
jsonify({
"success": False,
"error_type": "request",
"debugmsg": "No new password given.",
}),
400,
)
cursor = ext.connect_()
query = "update clinicians set pwhash = %s, is_password_set = 1 where username = %s"
cursor.execute(
query,
(pbkdf2_sha256.hash(new_password), user_info.get("signoff_username")))
# print(user_info.get('username'))
mysql.connection.commit()
return jsonify({"success": True})
def delete_case(case_id, user_info):
prior_meta = ext.select_query_result_({"case_id": case_id},
"cases")["result"][0]
meta = {
"case_id": case_id,
"first_name": prior_meta.get("first_name"),
"last_name": prior_meta.get("last_name"),
"status": prior_meta.get("status"),
"gender": prior_meta.get("gender"),
"dob": prior_meta.get("dob"),
}
cursor = ext.connect_()
query = "delete from cases where case_id = %s"
cursor.execute(query, (case_id, ))
mysql.connection.commit()
# TODO Implement check that was deleted
log_event("delete", {}, meta, user_info)
return jsonify({"success": True})
def add_case(user_info):
try:
if not request.get_json():
return (
jsonify({
"success": False,
"error_type": "request",
"debugmsg": "No data in request.",
}),
400,
)
# TODO Safe error handling
cursor = ext.connect_()
cols_cases = ext.get_cols_("cases")
args_cases = ext.get_args_(cols_cases, request.get_json())
# calculate eta
if all(x in args_cases.keys()
for x in ["initial_location_lat", "initial_location_long"
]): # just in case
init_lat = args_cases["initial_location_lat"]
init_long = args_cases["initial_location_long"]
if None not in [init_lat, init_long]:
eta = ext.calculate_eta_(
init_lat,
init_long,
app.config["HOSPITAL_LAT"],
app.config["HOSPITAL_LONG"],
hooks.time_now(),
)
args_cases["eta"] = eta
else:
eta = "UNKNOWN" # for notification
print(
"Debug line: initial location field latitude or longitude null."
)
else:
eta = "UNKNOWN"
notify_type = "case_incoming"
status = "incoming"
if "status" in args_cases.keys():
if (args_cases.get("status").lower() == "active"
and "active_timestamp" not in args_cases.keys()):
status = "active"
notify_type = "case_arrived"
args_cases["active_timestamp"] = hooks.time_now()
add_params = ext.add_(args_cases)
add_query = "insert into cases " + add_params[0]
cursor.execute(add_query, add_params[1])
cursor.execute("select last_insert_id()")
result = cursor.fetchall()
case_id = result[0]["last_insert_id()"]
info_tables = [
"case_histories",
"case_assessments",
"case_eds",
"case_radiologies",
"case_managements",
]
args_table = {"case_id": case_id}
add_params = ext.add_(args_table)
for info_table in info_tables:
add_query = "insert into {} ".format(info_table) + add_params[0]
cursor.execute(add_query, add_params[1])
mysql.connection.commit()
# POST ADDITION HOOKS
meta = {
"case_id": case_id,
"first_name": args_cases.get("first_name"),
"last_name": args_cases.get("last_name"),
"status": status,
"gender": args_cases.get("gender"),
"dob": args_cases.get("dob"),
}
log_event("add", args_cases, meta, user_info)
args_event = user_info
args_event["eta"] = eta
notified = notify.add_message(notify_type, case_id, args_event)
if not notified:
return jsonify({
"success": True,
"case_id": case_id,
"debugmsg": "Notification not sent.",
})
return jsonify({"success": True, "case_id": case_id})
except Exception as e:
return jsonify({"success": False, "debug_info": str(e)}), 500
def pair_clinician():
inputs = request.get_json()
in_username = inputs.get("username")
in_password = inputs.get("password")
in_pairing_code = inputs.get("pairing_code")
in_backend_domain = inputs.get("backend_domain")
in_backend_id = inputs.get("backend_id")
if not in_username or not in_password:
return (
jsonify({
"success": False,
"error_type": "request",
"debugmsg": "Username or password not given.",
}),
400,
)
if in_backend_domain != app.config.get(
"BACKEND_DOMAIN") or in_backend_id != app.config.get("BACKEND_ID"):
return (
jsonify({
"success": False,
"error_type": "checkpoint",
"debugmsg": "Backend details did not match",
}),
401,
)
cursor = ext.connect_()
query = "select pwhash, pairing_code, is_paired from clinicians where username = %s"
cursor.execute(query, (in_username, ))
result = cursor.fetchall()
if result:
pwhash = result[0]["pwhash"]
pairing_code = result[0]["pairing_code"]
is_paired = result[0]["is_paired"]
if (pbkdf2_sha256.verify(in_password, pwhash)
and in_pairing_code == pairing_code and not is_paired):
shared_secret = pyotp.random_base32()
query = "update clinicians set is_paired = 1, shared_secret = %s where username = %s"
cursor.execute(query, (shared_secret, in_username))
mysql.connection.commit()
totp = pyotp.TOTP(shared_secret, interval=300)
# print("PAIRING DONE, TOTP FOLLOWS")
# print(totp.now())
# print("TOTP END")
return jsonify({
"success": True,
"shared_secret": shared_secret,
"token": totp.now()
})
return (
jsonify({
"success": False,
"error_type": "checkpoint",
"debugmsg": "Input parameters did not pass",
}),
401,
)
pass