def check_clinician_no_token(username, password): cursor = ext.connect_() query = "select pwhash, is_password_set from clinicians where username = %s" cursor.execute(query, (username, )) result = cursor.fetchall() # print(result) if result: pwhash = result[0].get("pwhash") is_password_set = result[0].get("is_password_set") if pbkdf2_sha256.verify(password, pwhash): query = ( "select first_name, last_name, role from clinicians where username = %s" ) cursor.execute(query, (username, )) result = cursor.fetchall() user_result = result[0] user_info = { "signoff_" + k: user_result[k] for k in user_result.keys() } user_info["signoff_username"] = username if is_password_set: return True, user_info, True else: return True, user_info, False return False, None, None
def get_case_info(info_table, case_id, user_info): info_table = "case" + info_table qargs = {"case_id": case_id} results = ext.select_query_result_(qargs, info_table) if (info_table == "case_managements" and results["result"] is not None): # TODO Think about whether might move this to hooks? cursor = ext.connect_() query = "select {} from {} where case_id=%s" extra_fields = [ ("dob", "cases"), ("large_vessel_occlusion", "case_radiologies"), ("last_well", "cases"), ("ich_found", "case_radiologies"), ] for field in extra_fields: cursor.execute(query.format(field[0], field[1]), (case_id, )) field_result = cursor.fetchall() field_val = field_result[0][field[0]] if field[0] == "dob" and field_val: field_val = field_val.isoformat() elif field[0] == "last_well" and field_val: field_val = field_val.strftime("%Y-%m-%d %H:%M") results["result"][0][field[0]] = field_val # if info_table == 'cases': # results['google_distance_api_key'] = app.config.get('GOOGLE_DISTANCE_API_KEY') results["success"] = True return jsonify(results)
def check_clinician(username, password, token): cursor = ext.connect_() query = "select pwhash, shared_secret, is_password_set from clinicians where username = %s" cursor.execute(query, (username, )) result = cursor.fetchall() # print(result) if result: pwhash = result[0].get("pwhash") shared_secret = result[0].get("shared_secret") is_password_set = result[0].get("is_password_set") if not shared_secret: return False, None, None totp = pyotp.TOTP(shared_secret, interval=300) # print(datetime.datetime.now()) # print(totp.now()) # print(pbkdf2_sha256.hash(password)) if pbkdf2_sha256.verify(password, pwhash) and totp.verify( token, valid_window=2): query = ( "select first_name, last_name, role from clinicians where username = %s" ) cursor.execute(query, (username, )) result = cursor.fetchall() user_result = result[0] user_info = { "signoff_" + k: user_result[k] for k in user_result.keys() } user_info["signoff_username"] = username if is_password_set: return True, user_info, True else: return True, user_info, False return False, None, None
def check_admin(username, password): cursor = ext.connect_() query = "select pwhash from admins where username = %s" cursor.execute(query, (username, )) result = cursor.fetchall() if result: pwhash = result[0]["pwhash"] if pbkdf2_sha256.verify(password, pwhash): return True return False
def edit_case_info(info_table, case_id, user_info): if not request.get_json(): return ( jsonify({ "success": False, "error_type": "request", "debugmsg": "No data in request.", }), 400, ) # TODO Requires safer error handling # TODO Check table exists and exit if not (safety) info_table = "case" + info_table cursor = ext.connect_() columns = ext.get_cols_(info_table) qargs = ext.get_args_(columns, request.get_json()) # Necessary for PUT since expect whole replacement back. # Will be much easier to implement this hook as a PATCH request # as will not have to check the previous stored data prior = ext.select_query_result_({"case_id": case_id}, info_table)["result"][0] #print(prior) prior_meta = ext.select_query_result_({"case_id": case_id}, "cases")["result"][0] qargs = {**qargs, **user_info} #print(qargs) qargs = hooks.put(info_table, case_id, qargs, prior) #print(qargs) if not qargs: # print("NO CHANGE") return jsonify({"success": True, "message": "no change"}) query = ext.update_(qargs) query_string = "update {} ".format( info_table) + query[0] + " where case_id=%s" # print(query_string) cursor.execute(query_string, query[1] + (case_id, )) mysql.connection.commit() meta = { "info_table": info_table, "case_id": case_id, "first_name": prior_meta.get("first_name"), "last_name": prior_meta.get("last_name"), "status": prior_meta.get("status"), "gender": prior_meta.get("gender"), "dob": prior_meta.get("dob"), } log_event("edit", qargs, meta, user_info) return jsonify({"success": True, "debugmsg": "added"})
def set_password(user_info): inputs = request.get_json() new_password = inputs.get("new_password") if not new_password: return ( jsonify({ "success": False, "error_type": "request", "debugmsg": "No new password given.", }), 400, ) cursor = ext.connect_() query = "update clinicians set pwhash = %s, is_password_set = 1 where username = %s" cursor.execute( query, (pbkdf2_sha256.hash(new_password), user_info.get("signoff_username"))) # print(user_info.get('username')) mysql.connection.commit() return jsonify({"success": True})
def delete_case(case_id, user_info): prior_meta = ext.select_query_result_({"case_id": case_id}, "cases")["result"][0] meta = { "case_id": case_id, "first_name": prior_meta.get("first_name"), "last_name": prior_meta.get("last_name"), "status": prior_meta.get("status"), "gender": prior_meta.get("gender"), "dob": prior_meta.get("dob"), } cursor = ext.connect_() query = "delete from cases where case_id = %s" cursor.execute(query, (case_id, )) mysql.connection.commit() # TODO Implement check that was deleted log_event("delete", {}, meta, user_info) return jsonify({"success": True})
def add_case(user_info): try: if not request.get_json(): return ( jsonify({ "success": False, "error_type": "request", "debugmsg": "No data in request.", }), 400, ) # TODO Safe error handling cursor = ext.connect_() cols_cases = ext.get_cols_("cases") args_cases = ext.get_args_(cols_cases, request.get_json()) # calculate eta if all(x in args_cases.keys() for x in ["initial_location_lat", "initial_location_long" ]): # just in case init_lat = args_cases["initial_location_lat"] init_long = args_cases["initial_location_long"] if None not in [init_lat, init_long]: eta = ext.calculate_eta_( init_lat, init_long, app.config["HOSPITAL_LAT"], app.config["HOSPITAL_LONG"], hooks.time_now(), ) args_cases["eta"] = eta else: eta = "UNKNOWN" # for notification print( "Debug line: initial location field latitude or longitude null." ) else: eta = "UNKNOWN" notify_type = "case_incoming" status = "incoming" if "status" in args_cases.keys(): if (args_cases.get("status").lower() == "active" and "active_timestamp" not in args_cases.keys()): status = "active" notify_type = "case_arrived" args_cases["active_timestamp"] = hooks.time_now() add_params = ext.add_(args_cases) add_query = "insert into cases " + add_params[0] cursor.execute(add_query, add_params[1]) cursor.execute("select last_insert_id()") result = cursor.fetchall() case_id = result[0]["last_insert_id()"] info_tables = [ "case_histories", "case_assessments", "case_eds", "case_radiologies", "case_managements", ] args_table = {"case_id": case_id} add_params = ext.add_(args_table) for info_table in info_tables: add_query = "insert into {} ".format(info_table) + add_params[0] cursor.execute(add_query, add_params[1]) mysql.connection.commit() # POST ADDITION HOOKS meta = { "case_id": case_id, "first_name": args_cases.get("first_name"), "last_name": args_cases.get("last_name"), "status": status, "gender": args_cases.get("gender"), "dob": args_cases.get("dob"), } log_event("add", args_cases, meta, user_info) args_event = user_info args_event["eta"] = eta notified = notify.add_message(notify_type, case_id, args_event) if not notified: return jsonify({ "success": True, "case_id": case_id, "debugmsg": "Notification not sent.", }) return jsonify({"success": True, "case_id": case_id}) except Exception as e: return jsonify({"success": False, "debug_info": str(e)}), 500
def pair_clinician(): inputs = request.get_json() in_username = inputs.get("username") in_password = inputs.get("password") in_pairing_code = inputs.get("pairing_code") in_backend_domain = inputs.get("backend_domain") in_backend_id = inputs.get("backend_id") if not in_username or not in_password: return ( jsonify({ "success": False, "error_type": "request", "debugmsg": "Username or password not given.", }), 400, ) if in_backend_domain != app.config.get( "BACKEND_DOMAIN") or in_backend_id != app.config.get("BACKEND_ID"): return ( jsonify({ "success": False, "error_type": "checkpoint", "debugmsg": "Backend details did not match", }), 401, ) cursor = ext.connect_() query = "select pwhash, pairing_code, is_paired from clinicians where username = %s" cursor.execute(query, (in_username, )) result = cursor.fetchall() if result: pwhash = result[0]["pwhash"] pairing_code = result[0]["pairing_code"] is_paired = result[0]["is_paired"] if (pbkdf2_sha256.verify(in_password, pwhash) and in_pairing_code == pairing_code and not is_paired): shared_secret = pyotp.random_base32() query = "update clinicians set is_paired = 1, shared_secret = %s where username = %s" cursor.execute(query, (shared_secret, in_username)) mysql.connection.commit() totp = pyotp.TOTP(shared_secret, interval=300) # print("PAIRING DONE, TOTP FOLLOWS") # print(totp.now()) # print("TOTP END") return jsonify({ "success": True, "shared_secret": shared_secret, "token": totp.now() }) return ( jsonify({ "success": False, "error_type": "checkpoint", "debugmsg": "Input parameters did not pass", }), 401, ) pass