def test_anonymise_record_end_to_end(self): self.maxDiff = None self.set_up_simple_report_scenario() user = User.objects.create_user(username="******", password="******") report = Report.objects.create(owner=user, encrypted=b'dummy report') gpg = gnupg.GPG() test_key = gpg.import_keys(private_test_key) self.addCleanup(delete_test_key, gpg, test_key.fingerprints[0]) row = EvalRow() row.anonymise_record(action=EvalRow.CREATE, report=report, decrypted_text=self.json_report, key=public_test_key) row.save() self.assertEqual( json.loads( six.text_type( gpg.decrypt( six.binary_type(EvalRow.objects.get(id=row.pk).row)))), self.expected)
def setUp(self): super(ExistingRecordTest, self).setUp() User.objects.create_user(username='******', password='******') self.client.login(username='******', password='******') self.request = HttpRequest() self.request.GET = {} self.request.method = 'GET' self.request.user = User.objects.get(username='******') self.report_text = """[ { "answer": "test answer", "id": %i, "section": 1, "question_text": "first question", "type": "SingleLineText" }, { "answer": "another answer to a different question", "id": %i, "section": 1, "question_text": "2nd question", "type": "SingleLineText" } ]""" % (self.question1.pk, self.question2.pk) self.report = Report(owner=self.request.user) self.report_key = 'bananabread! is not my key' self.report.encrypt_report(self.report_text, self.report_key) self.report.save() row = EvalRow() row.anonymise_record(action=EvalRow.CREATE, report=self.report, decrypted_text=self.report_text) row.save()
def withdraw_from_matching(request, report_id, template_name): owner = request.user report = Report.objects.get(id=report_id) if owner == report.owner: report.withdraw_from_matching() report.save() # record match withdrawal in anonymous evaluation data try: row = EvalRow() row.anonymise_record(action=EvalRow.WITHDRAW, report=report) row.save() except Exception: logger.exception( "couldn't save evaluation row on match withdrawal") pass return render( request, template_name, { 'owner': request.user, 'school_name': settings.SCHOOL_SHORTNAME, 'coordinator_name': settings.COORDINATOR_NAME, 'coordinator_email': settings.COORDINATOR_EMAIL, 'match_report_withdrawn': True }) else: logger.warning( "illegal matching withdrawal attempt on record {} by user {}". format(report_id, owner.id)) return HttpResponseForbidden()
def done(self, form_list, **kwargs): req = kwargs.get('request') or self.request report = Report(owner=req.user) if self.object_to_edit: if self.object_to_edit.owner == req.user: report = self.object_to_edit else: return HttpResponseForbidden() key = list(form_list)[-1].cleaned_data['key'] report_text = json.dumps(self.processed_answers, sort_keys=True) report.encrypt_report(report_text, key) report.save() #save anonymised answers try: if self.object_to_edit: action = EvalRow.EDIT else: action = EvalRow.CREATE row = EvalRow() row.anonymise_record(action=action, report=report, decrypted_text=report_text) row.save() except Exception as e: #TODO: real logging bugsnag.notify(e) pass #TODO: check if valid? return self.wizard_complete(report, **kwargs)
def done(self, form_list, **kwargs): req = kwargs.get('request') or self.request report = Report(owner=req.user) if self.object_to_edit: if self.object_to_edit.owner == req.user: report = self.object_to_edit else: return HttpResponseForbidden() key = list(form_list)[-1].cleaned_data['key'] report_text = json.dumps(self.processed_answers, sort_keys=True) report.encrypt_report(report_text, key) report.save() #save anonymised answers try: if self.object_to_edit: action = EvalRow.EDIT else: action = EvalRow.CREATE row = EvalRow() row.anonymise_record(action=action, report=report, decrypted_text=report_text) row.save() except Exception: logger.exception("couldn't save evaluation row on record creation") pass return self.wizard_complete(report, **kwargs)
def submit_to_matching(request, report_id, form_template_name="submit_to_matching.html", confirmation_template_name="submit_to_matching_confirmation.html", report_class=PDFMatchReport): owner = request.user report = Report.objects.get(id=report_id) if owner == report.owner: if request.method == 'POST': form = SubmitToSchoolForm(owner, report, request.POST) formset = SubmitToMatchingFormSet(request.POST) form.report = report if form.is_valid() and formset.is_valid(): try: match_reports = [] for perp_form in formset: #enter into matching match_report = MatchReport(report=report) match_report.contact_name = conditional_escape(form.cleaned_data.get('name')) match_report.contact_email = form.cleaned_data.get('email') match_report.contact_phone = conditional_escape(form.cleaned_data.get('phone_number')) match_report.contact_voicemail = conditional_escape(form.cleaned_data.get('voicemail')) match_report.contact_notes = conditional_escape(form.cleaned_data.get('contact_notes')) match_report.identifier = perp_form.cleaned_data.get('perp') match_report.name = conditional_escape(perp_form.cleaned_data.get('perp_name')) match_reports.append(match_report) MatchReport.objects.bulk_create(match_reports) if settings.MATCH_IMMEDIATELY: find_matches(report_class=report_class) except Exception: logger.exception("couldn't submit match report for report {}".format(report_id)) return render(request, form_template_name, {'form': form, 'formset': formset, 'school_name': settings.SCHOOL_SHORTNAME, 'submit_error': True}) #record matching submission in anonymous evaluation data try: row = EvalRow() row.anonymise_record(action=EvalRow.MATCH, report=report) row.save() except Exception: logger.exception("couldn't save evaluation row on match submission") pass try: _send_user_notification(form, 'match_confirmation') except Exception: # matching was entered even if confirmation email fails, so don't show an error if so logger.exception("couldn't send confirmation to user on match submission") return render(request, confirmation_template_name, {'school_name': settings.SCHOOL_SHORTNAME, 'report': report}) else: form = SubmitToSchoolForm(owner, report) formset = SubmitToMatchingFormSet() return render(request, form_template_name, {'form': form, 'formset': formset, 'school_name': settings.SCHOOL_SHORTNAME}) else: logger.warning("illegal matching attempt on record {} by user {}".format(report_id, owner.id)) return HttpResponseForbidden()
def submit_to_school(request, report_id): owner = request.user report = Report.objects.get(id=report_id) if owner == report.owner: if request.method == 'POST': form = SubmitToSchoolForm(owner, report, request.POST) form.report = report if form.is_valid(): try: report.contact_name = conditional_escape(form.cleaned_data.get('name')) report.contact_email = form.cleaned_data.get('email') report.contact_phone = conditional_escape(form.cleaned_data.get('phone_number')) report.contact_voicemail = conditional_escape(form.cleaned_data.get('voicemail')) report.contact_notes = conditional_escape(form.cleaned_data.get('contact_notes')) PDFFullReport(owner, report, form.decrypted_report).send_report_to_school() report.save() except Exception as e: #TODO: real logging bugsnag.notify(e) return render(request, 'submit_to_school.html', {'form': form, 'school_name': settings.SCHOOL_SHORTNAME, 'submit_error': True}) #record submission in anonymous evaluation data try: row = EvalRow() row.anonymise_record(action=EvalRow.SUBMIT, report=report) row.save() except Exception as e: #TODO: real logging bugsnag.notify(e) pass try: if form.cleaned_data.get('email_confirmation') == "True": notification = EmailNotification.objects.get(name='submit_confirmation') preferred_email = form.cleaned_data.get('email') to_email = set([owner.account.school_email, preferred_email]) from_email = '"Callisto Confirmation" <confirmation@{0}>'.format(settings.APP_URL) notification.send(to=to_email, from_email=from_email) except Exception as e: #TODO: real logging # report was sent even if confirmation email fails, so don't show an error if so bugsnag.notify(e) return render(request, 'submit_to_school_confirmation.html', {'form': form, 'school_name': settings.SCHOOL_SHORTNAME, 'report': report}) else: form = SubmitToSchoolForm(owner, report) return render(request, 'submit_to_school.html', {'form': form, 'school_name': settings.SCHOOL_SHORTNAME}) else: return HttpResponseForbidden()
def submit_to_school(request, report_id, form_template_name="submit_to_school.html", confirmation_template_name="submit_to_school_confirmation.html", report_class=PDFFullReport): owner = request.user report = Report.objects.get(id=report_id) if owner == report.owner: if request.method == 'POST': form = SubmitToSchoolForm(owner, report, request.POST) form.report = report if form.is_valid(): try: report.contact_name = conditional_escape(form.cleaned_data.get('name')) report.contact_email = form.cleaned_data.get('email') report.contact_phone = conditional_escape(form.cleaned_data.get('phone_number')) report.contact_voicemail = conditional_escape(form.cleaned_data.get('voicemail')) report.contact_notes = conditional_escape(form.cleaned_data.get('contact_notes')) report_class(report=report, decrypted_report=form.decrypted_report).send_report_to_school() report.save() except Exception: logger.exception("couldn't submit report for report {}".format(report_id)) return render(request, form_template_name, {'form': form, 'school_name': settings.SCHOOL_SHORTNAME, 'submit_error': True}) #record submission in anonymous evaluation data try: row = EvalRow() row.anonymise_record(action=EvalRow.SUBMIT, report=report) row.save() except Exception: logger.exception("couldn't save evaluation row on submission") pass try: _send_user_notification(form, 'submit_confirmation') except Exception: # report was sent even if confirmation email fails, so don't show an error if so logger.exception("couldn't send confirmation to user on submission") return render(request, confirmation_template_name, {'form': form, 'school_name': settings.SCHOOL_SHORTNAME, 'report': report}) else: form = SubmitToSchoolForm(owner, report) return render(request, form_template_name, {'form': form, 'school_name': settings.SCHOOL_SHORTNAME}) else: logger.warning("illegal submit attempt on record {} by user {}".format(report_id, owner.id)) return HttpResponseForbidden()
def test_anonymise_record_end_to_end(self): self.maxDiff = None self.set_up_simple_report_scenario() user = User.objects.create_user(username="******", password="******") report = Report.objects.create(owner=user, encrypted=b'dummy report') gpg = gnupg.GPG() test_key = gpg.import_keys(private_test_key) self.addCleanup(delete_test_key, gpg, test_key.fingerprints[0]) row = EvalRow() row.anonymise_record(action=EvalRow.CREATE, report=report, decrypted_text=self.json_report, key = public_test_key) row.save() self.assertEqual(json.loads(six.text_type(gpg.decrypt(six.binary_type(EvalRow.objects.get(id=row.pk).row)))), self.expected)
def withdraw_from_matching(request, report_id): owner = request.user report = Report.objects.get(id=report_id) if owner == report.owner: report.withdraw_from_matching() report.save() #record match withdrawal in anonymous evaluation data try: row = EvalRow() row.anonymise_record(action=EvalRow.WITHDRAW, report=report) row.save() except Exception as e: #TODO: real logging bugsnag.notify(e) pass return render(request, 'dashboard.html', {'owner': request.user, 'school_name': settings.SCHOOL_SHORTNAME, 'coordinator_name': settings.COORDINATOR_NAME, 'coordinator_email': settings.COORDINATOR_EMAIL, 'match_report_withdrawn': True}) else: return HttpResponseForbidden()
def withdraw_from_matching(request, report_id, template_name): owner = request.user report = Report.objects.get(id=report_id) if owner == report.owner: report.withdraw_from_matching() report.save() # record match withdrawal in anonymous evaluation data try: row = EvalRow() row.anonymise_record(action=EvalRow.WITHDRAW, report=report) row.save() except Exception: logger.exception("couldn't save evaluation row on match withdrawal") pass return render(request, template_name, {'owner': request.user, 'school_name': settings.SCHOOL_SHORTNAME, 'coordinator_name': settings.COORDINATOR_NAME, 'coordinator_email': settings.COORDINATOR_EMAIL, 'match_report_withdrawn': True}) else: logger.warning("illegal matching withdrawal attempt on record {} by user {}".format(report_id, owner.id)) return HttpResponseForbidden()
def submit_to_school( request, report_id, form_template_name="submit_to_school.html", confirmation_template_name="submit_to_school_confirmation.html", report_class=PDFFullReport): owner = request.user report = Report.objects.get(id=report_id) if owner == report.owner: if request.method == 'POST': form = SubmitToSchoolForm(owner, report, request.POST) form.report = report if form.is_valid(): try: report.contact_name = conditional_escape( form.cleaned_data.get('name')) report.contact_email = form.cleaned_data.get('email') report.contact_phone = conditional_escape( form.cleaned_data.get('phone_number')) report.contact_voicemail = conditional_escape( form.cleaned_data.get('voicemail')) report.contact_notes = conditional_escape( form.cleaned_data.get('contact_notes')) report_class(report=report, decrypted_report=form.decrypted_report ).send_report_to_school() report.save() except Exception: logger.exception( "couldn't submit report for report {}".format( report_id)) return render( request, form_template_name, { 'form': form, 'school_name': settings.SCHOOL_SHORTNAME, 'submit_error': True }) #record submission in anonymous evaluation data try: row = EvalRow() row.anonymise_record(action=EvalRow.SUBMIT, report=report) row.save() except Exception: logger.exception( "couldn't save evaluation row on submission") pass try: _send_user_notification(form, 'submit_confirmation') except Exception: # report was sent even if confirmation email fails, so don't show an error if so logger.exception( "couldn't send confirmation to user on submission") return render( request, confirmation_template_name, { 'form': form, 'school_name': settings.SCHOOL_SHORTNAME, 'report': report }) else: form = SubmitToSchoolForm(owner, report) return render(request, form_template_name, { 'form': form, 'school_name': settings.SCHOOL_SHORTNAME }) else: logger.warning("illegal submit attempt on record {} by user {}".format( report_id, owner.id)) return HttpResponseForbidden()
def submit_to_matching( request, report_id, form_template_name="submit_to_matching.html", confirmation_template_name="submit_to_matching_confirmation.html", report_class=PDFMatchReport): owner = request.user report = Report.objects.get(id=report_id) if owner == report.owner: if request.method == 'POST': form = SubmitToSchoolForm(owner, report, request.POST) formset = SubmitToMatchingFormSet(request.POST) form.report = report if form.is_valid() and formset.is_valid(): try: match_reports = [] for perp_form in formset: #enter into matching match_report = MatchReport(report=report) match_report.contact_name = conditional_escape( form.cleaned_data.get('name')) match_report.contact_email = form.cleaned_data.get( 'email') match_report.contact_phone = conditional_escape( form.cleaned_data.get('phone_number')) match_report.contact_voicemail = conditional_escape( form.cleaned_data.get('voicemail')) match_report.contact_notes = conditional_escape( form.cleaned_data.get('contact_notes')) match_report.identifier = perp_form.cleaned_data.get( 'perp') match_report.name = conditional_escape( perp_form.cleaned_data.get('perp_name')) match_reports.append(match_report) MatchReport.objects.bulk_create(match_reports) if settings.MATCH_IMMEDIATELY: find_matches(report_class=report_class) except Exception: logger.exception( "couldn't submit match report for report {}".format( report_id)) return render( request, form_template_name, { 'form': form, 'formset': formset, 'school_name': settings.SCHOOL_SHORTNAME, 'submit_error': True }) #record matching submission in anonymous evaluation data try: row = EvalRow() row.anonymise_record(action=EvalRow.MATCH, report=report) row.save() except Exception: logger.exception( "couldn't save evaluation row on match submission") pass try: _send_user_notification(form, 'match_confirmation') except Exception: # matching was entered even if confirmation email fails, so don't show an error if so logger.exception( "couldn't send confirmation to user on match submission" ) return render(request, confirmation_template_name, { 'school_name': settings.SCHOOL_SHORTNAME, 'report': report }) else: form = SubmitToSchoolForm(owner, report) formset = SubmitToMatchingFormSet() return render( request, form_template_name, { 'form': form, 'formset': formset, 'school_name': settings.SCHOOL_SHORTNAME }) else: logger.warning( "illegal matching attempt on record {} by user {}".format( report_id, owner.id)) return HttpResponseForbidden()
def submit_to_matching(request, report_id): owner = request.user report = Report.objects.get(id=report_id) if owner == report.owner: if request.method == 'POST': form = SubmitToSchoolForm(owner, report, request.POST) formset = SubmitToMatchingFormSet(request.POST) form.report = report if form.is_valid() and formset.is_valid(): try: match_reports = [] for perp_form in formset: #enter into matching match_report = MatchReport(report=report) match_report.contact_name = conditional_escape(form.cleaned_data.get('name')) match_report.contact_email = form.cleaned_data.get('email') match_report.contact_phone = conditional_escape(form.cleaned_data.get('phone_number')) match_report.contact_voicemail = conditional_escape(form.cleaned_data.get('voicemail')) match_report.contact_notes = conditional_escape(form.cleaned_data.get('contact_notes')) match_report.identifier = perp_form.cleaned_data.get('perp') match_report.name = conditional_escape(perp_form.cleaned_data.get('perp_name')) match_reports.append(match_report) MatchReport.objects.bulk_create(match_reports) if settings.MATCH_IMMEDIATELY: find_matches() except Exception as e: #TODO: real logging bugsnag.notify(e) return render(request, 'submit_to_matching.html', {'form': form, 'formset': formset, 'school_name': settings.SCHOOL_SHORTNAME, 'submit_error': True}) #record matching submission in anonymous evaluation data try: row = EvalRow() row.anonymise_record(action=EvalRow.MATCH, report=report) row.save() except Exception as e: #TODO: real logging bugsnag.notify(e) pass try: if form.cleaned_data.get('email_confirmation') == "True": notification = EmailNotification.objects.get(name='match_confirmation') preferred_email = form.cleaned_data.get('email') to_email = set([owner.account.school_email, preferred_email]) from_email = '"Callisto Confirmation" <confirmation@{0}>'.format(settings.APP_URL) notification.send(to=to_email, from_email=from_email) except Exception as e: #TODO: real logging # matching was entered even if confirmation email fails, so don't show an error if so bugsnag.notify(e) return render(request, 'submit_to_matching_confirmation.html', {'school_name': settings.SCHOOL_SHORTNAME, 'report': report}) else: form = SubmitToSchoolForm(owner, report) formset = SubmitToMatchingFormSet() return render(request, 'submit_to_matching.html', {'form': form, 'formset': formset, 'school_name': settings.SCHOOL_SHORTNAME}) else: return HttpResponseForbidden()