#!/usr/bin/python # -*- coding: UTF-8 -*- from cStringIO import StringIO from datetime import datetime, timedelta from email.mime.application import MIMEApplication from email.mime.multipart import MIMEMultipart from email.mime.text import MIMEText from logging.config import dictConfig from threading import Thread from uuid import uuid4 import base64 import functools import hashlib import logging import json import os from PIL import Image from flask import Flask from flask import jsonify from flask import render_template, send_from_directory from flask import request, has_request_context from flask import send_file from flask import session from flask import url_for from flask_compress import Compress from flask_session import Session from pyzbar import pyzbar from werkzeug import abort, redirect from werkzeug.middleware.proxy_fix import ProxyFix import gnupg import pdf2image import pyotp import pytz import time import qrcode import webauthn from NIST.fingerprint import NISTf_auto from PiAnoS import caseExistsInDB from const import pfsp import utils from functions import redis_cache from functions import dek_generate, do_encrypt_dek, do_decrypt_dek, dek_check from functions import do_encrypt_user_session, do_decrypt_user_session from functions import no_preview_image from functions import mySMTP import config ################################################################################ from version import __version__, __branch__, __commit__, __commiturl__, __treeurl__ ################################################################################ Image.MAX_IMAGE_PIXELS = 1 * 1024 * 1024 * 1024 ################################################################################ class RequestFormatter( logging.Formatter ): def format( self, record ): if has_request_context(): try: username = session[ "username" ] except: username = "-" record.msg = "{REMOTE_ADDR} (" + username + ") - " + record.msg record.msg = record.msg.format( **request.headers.environ ) return super( RequestFormatter, self ).format( record ) dictConfig( { 'version': 1, 'formatters': { 'default': { '()': 'module.RequestFormatter', 'format': '[%(asctime)s] %(levelname)s: \t%(message)s', } }, 'handlers': { 'console': { 'class': 'logging.StreamHandler', 'formatter': 'default' } }, 'root': { 'level': 'INFO', 'handlers': [ 'console' ] } } ) ################################################################################ app = Flask( __name__ ) app.config.from_pyfile( "config.py" ) Compress( app ) Session( app ) if config.PROXY: app.wsgi_app = ProxyFix( app.wsgi_app ) baseurl = os.environ.get( "BASEURL", "" ) envtype = os.environ.get( "ENVTYPE", "" ) ################################################################################ gnupg._parsers.Verify.TRUST_LEVELS[ "ENCRYPTION_COMPLIANCE_MODE" ] = 23 ################################################################################ # Decorators def session_field_required( field, value ): def decorator( func ): @functools.wraps( func ) def wrapper_login_required( *args, **kwargs ): if not field in session: return redirect( url_for( "login" ) ) elif not session.get( field ) == value: return redirect( url_for( "login" ) ) return func( *args, **kwargs ) return wrapper_login_required return decorator def login_required( func ): @functools.wraps( func ) def wrapper_login_required( *args, **kwargs ): if not session.get( "logged", False ) : return redirect( url_for( "login" ) ) return func( *args, **kwargs ) return wrapper_login_required def referer_required( func ): @functools.wraps( func ) def wrapper_login_required( *args, **kwargs ): if not request.headers.get( "Referer", False ): return "referrer needed", 404 return func( *args, **kwargs ) return wrapper_login_required def admin_required( func ): @functools.wraps( func ) def wrapper_login_required( *args, **kwargs ): if not session.get( "logged", False ) or not session.get( "account_type_name", None ) == "Administrator": return redirect( url_for( "login" ) ) return func( *args, **kwargs ) return wrapper_login_required @redis_cache( 15 * 60 ) def check_correct_submitter( submission_id, submitter_id ): sql = """ SELECT count( * ) FROM submissions WHERE uuid = %s AND submitter_id = %s """ check = config.db.query_fetchone( sql, ( submission_id, submitter_id, ) )[ "count" ] return check == 1 def submission_has_access( func ): @functools.wraps( func ) def wrapper_login_required( *args, **kwargs ): submission_id = request.view_args.get( "submission_id", None ) user_id = session.get( "user_id" ) if not session.get( "logged", False ) or not session.get( "account_type_name", None ) == "Submitter": return redirect( url_for( "login" ) ) elif submission_id != None and not check_correct_submitter( submission_id, user_id ): return abort( 403 ) else: return func( *args, **kwargs ) return wrapper_login_required ################################################################################ # Overloads def my_render_template( *args, **kwargs ): kwargs[ "baseurl" ] = baseurl kwargs[ "envtype" ] = envtype kwargs[ "js" ] = config.cdnjs kwargs[ "css" ] = config.cdncss kwargs[ "session_timeout" ] = config.session_timeout kwargs[ "session_security_key" ] = session.get( "session_security_key" ) kwargs[ "account_type" ] = session.get( "account_type", None ) kwargs[ "nist_file_extensions" ] = json.dumps( config.NIST_file_extensions ) if session.get( "account_type", False ): at = account_type_id_name[ session.get( "account_type" ) ] kwargs[ "navigation" ] = "navigations/{}.html".format( at.lower() ) kwargs[ "pianosendpoint" ] = config.pianosendpoint return render_template( *args, **kwargs ) ################################################################################ # Generic routing @app.route( "/ping" ) @app.route( baseurl + "/ping" ) def ping(): """ Ping function to check if the web application is healthy. """ return "pong" @app.route( baseurl + "/version" ) def version(): """ Function to report the version of the web app. The version.py file is re-generated by the CI/CD for production. """ try: return jsonify( { "error": False, "version": __version__, "branch": __branch__, "commit": __commit__, "commiturl": __commiturl__, "treeurl": __treeurl__ } ) except: return jsonify( { "error": True } ) ################################################################################ # CDN serving @app.route( baseurl + "/cdn/" ) def send_cdn_files( subpath ): """ Serve the files from the cdn directory. """ return send_from_directory( "cdn", subpath ) ################################################################################ # App serving @app.route( baseurl + "/app/" ) def send_app_files( subpath ): """ Serve the file from the app directory (all files related to the ICNML application). """ return send_from_directory( "app", subpath ) @app.route( baseurl + "/static/" ) def send_static_files( subpath ): """ Serve static files from the static directory. """ return send_from_directory( "static", subpath ) ################################################################################ # Sessions @app.before_request def renew_session(): """ Reset the timer before the automatic-logout. This function is called before every HTTP call. """ session.permanent = True app.permanent_session_lifetime = timedelta( seconds = config.session_timeout ) @app.route( baseurl + "/is_logged" ) def is_logged(): """ App route to know if the user is logged in the ICNML main application. This route is used by nginx to protect some other locations, for example the PiAnoS dedicated pages. The session countdown timer is resetted to allow the user to use the protected location for the rest of the timeout. """ app.logger.info( "Check if the user is connected" ) if session.get( "logged", False ): return "ok" else: return abort( 403 ) @app.route( baseurl + "/logout" ) def logout(): """ Logout the user, clear the session and redirect to the login page. """ app.logger.info( "Logout and clear session" ) session_clear_and_prepare() return redirect( url_for( "home" ) ) def session_clear_and_prepare(): """ Clear the session related to the user and initialize the login related variables. """ session.clear() session[ "process" ] = "login" session[ "need_to_check" ] = [ "password" ] session[ "logged" ] = False session[ "session_security_key" ] = str( uuid4() ) @app.route( baseurl + "/login" ) def login(): """ Route to serve the login.html page. """ app.logger.info( "Login start" ) session_clear_and_prepare() return my_render_template( "login.html" ) @app.route( baseurl + "/do/login", methods = [ "POST" ] ) def do_login(): """ Function to manadge the login workflow and check the username, password and TOTP data. This function is called multiple times because the check is done only for one data type at the time. If all the checks are OK, the user has provided all needed information, hence is logged in. """ #TODO: double-check this function with someone external #TODO: combine the security key checks in this function need_to_check = session.get( "need_to_check", [ "password" ] ) try: current_check = need_to_check[ 0 ] except: current_check = None session[ "need_to_check" ] = need_to_check app.logger.info( "Current check: {}".format( current_check ) ) ############################################################################ # Username and password check if current_check == "password": user = config.db.query_fetchone( "SELECT * FROM users WHERE username = %s", ( request.form.get( "username" ), ) ) if user == None: app.logger.error( "Username not found in the database" ) session_clear_and_prepare() return jsonify( { "error": False, "logged": False } ) form_password = request.form.get( "password", None ) if form_password == None or not utils.hash.pbkdf2( form_password, user[ "password" ] ).verify(): app.logger.error( "Password not validated" ) session_clear_and_prepare() return jsonify( { "error": False, "logged": False, } ) elif not user[ "active" ]: app.logger.error( "User not active" ) session_clear_and_prepare() return jsonify( { "error": False, "logged": False, "message": "Your account is not activated. Please contact an administrator (icnml@unil.ch)." } ) else: session[ "username" ] = user[ "username" ] session[ "user_id" ] = user[ "id" ] session[ "password_check" ] = True app.logger.info( "User '{}' checked by password".format( user[ "username" ] ) ) session[ "need_to_check" ].remove( current_check ) session[ "password" ] = utils.hash.pbkdf2( form_password, "AES256", config.PASSWORD_NB_ITERATIONS ).hash() sql = "SELECT count( * ) FROM webauthn WHERE user_id = %s AND active = TRUE" security_keys_count = config.db.query_fetchone( sql, ( user[ "id" ], ) )[ "count" ] app.logger.info( "Number of security keys: {}".format( security_keys_count ) ) app.logger.info( "TOTP: {}".format( user[ "totp" ] is not None ) ) if security_keys_count > 0: session[ "need_to_check" ].append( "securitykey" ) elif user[ "totp" ]: session[ "need_to_check" ].append( "totp" ) else: app.logger.error( "Second factor missing" ) session_clear_and_prepare() return jsonify( { "error": False, "logged": False, "message": "Second factor missing. Contact the ICNML administrator (icnml@unil.ch)." } ) ############################################################################ # Time-based One Time Password check elif current_check == "totp": user = config.db.query_fetchone( "SELECT username, totp FROM users WHERE username = %s", ( session[ "username" ], ) ) totp_db = pyotp.TOTP( user[ "totp" ] ) totp_user = request.form.get( "totp", None ) if totp_user == None: return jsonify( { "error": True, "message": "No TOTP provided" } ) app.logger.info( "TOTP expected now: {}".format( totp_db.now() ) ) app.logger.info( "TOTP provided: {}".format( totp_user ) ) if not totp_db.verify( totp_user, valid_window = config.TOTP_VALIDWINDOW ): app.logger.error( "TOTP not valid in a {} time window".format( config.TOTP_VALIDWINDOW ) ) app.logger.info( "TOTP check for a bigger time window" ) # Check for a possible time difference now = datetime.now() time_diff = None try: for i in xrange( config.TOTP_VALIDWINDOW, config.TOTP_MAX_VALIDWINDOW ): for m in [ -1, 1 ]: if pyotp.utils.strings_equal( totp_user, totp_db.at( now, i * m ) ): raise else: app.logger.error( "TOTP not valid for this secret in a timeframe of {}".format( config.TOTP_MAX_VALIDWINDOW ) ) except: time_diff = i * m * totp_db.interval app.logger.info( "TOTP valid for {} seconds".format( time_diff ) ) # Error return session[ "logged" ] = False return jsonify( { "error": False, "logged": False, "message": "Wrong TOTP", "time_diff": time_diff, "time": time.time() } ) else: app.logger.info( "Valid TOTP in a {} time window".format( config.TOTP_VALIDWINDOW ) ) session[ "need_to_check" ].remove( current_check ) ############################################################################ # Check if all the data has been provided; login if ok if len( session[ "need_to_check" ] ) == 0 and session.get( "password_check", False ): for key in [ "process", "need_to_check", "password_check" ]: if key in session: session.pop( key ) session[ "logged" ] = True app.logger.info( "User '{}' connected".format( session[ "username" ] ) ) sql = """ SELECT users.type, account_type.name as account_type_name FROM users LEFT JOIN account_type ON users.type = account_type.id WHERE username = %s """ user = config.db.query_fetchone( sql, ( session[ "username" ], ) ) session[ "account_type" ] = int( user[ "type" ] ) session[ "account_type_name" ] = user[ "account_type_name" ] return jsonify( { "error": False, "logged": True, } ) else: app.logger.info( "Push '{}' as next login step".format( session[ "need_to_check" ][ 0 ] ) ) return jsonify( { "error": False, "next_step": session[ "need_to_check" ][ 0 ] } ) ################################################################################ # Reset @app.route( baseurl + "/reset_password" ) def password_reset(): """ Serve the password_reset.html page. """ session.clear() session[ "process" ] = "request_password_reset" return my_render_template( "users/password_reset.html" ) @app.route( baseurl + "/do/reset_password", methods = [ "POST" ] ) def do_password_reset(): """ Start the check of the username for a password reset. The check is done in a thread to allow a fast "OK" response, even if the username does not exists. This prevent data extraction (presence or not of a username). """ email = request.form.get( "email", None ) app.logger.info( "Start a password reset procedure for '{}'".format( email ) ) Thread( target = do_password_reset_thread, args = ( email, ) ).start() return jsonify( { "error": False, "message": "OK" } ) def do_password_reset_thread( email ): """ Search in the database if the provided email is present, and send the password reset email if so. """ if email == None: return False else: users = config.db.query_fetchall( "SELECT id, username, email FROM users" ) found = [] for user in users: app.logger.debug( "Password reset - Checking '{}' against '{}'".format( email, user[ "username" ] ) ) if not user[ "email" ].startswith( "pbkdf2$" ): continue elif utils.hash.pbkdf2( email, user[ "email" ] ).verify(): user_id = hashlib.sha512( utils.rand.random_data( 100 ) ).hexdigest() #################################################################### data = { "process": "password_reset", "process_id": user_id, "user_id": user[ "id" ] } data = json.dumps( data ) data = base64.b64encode( data ) reset_id = "reset_{}".format( user_id ) config.redis_shared.set( reset_id, data, ex = 24 * 3600 ) #################################################################### with app.app_context(), app.test_request_context(): url = config.domain + url_for( "password_reset_stage2", user_id = user_id ) email_content = utils.template.render_jinja_html( "templates/email", "reset.html", url = url, username = user[ "username" ] ) msg = MIMEText( email_content, "html" ) msg[ "Subject" ] = "ICNML - User password reset" msg[ "From" ] = config.sender msg[ "To" ] = email with mySMTP() as s: s.sendmail( config.sender, [ email ], msg.as_string() ) found.append( user[ "username" ] ) if len( found ) > 0: app.logger.info( "Password reset - '{}' found against {}".format( email, ", ".join( found ) ) ) else: app.logger.error( "Password reset - '{}' not found".format( email ) ) @app.route( baseurl + "/reset_password_stage2/", methods = [ "GET", "POST" ] ) def password_reset_stage2( user_id ): """ Serve the reset password, second stage (password edit fields) page, and set the data in the database if provided. """ #TODO: double-check this function with someone external app.logger.info( "Starting password reset stage 2" ) reset_id = "reset_{}".format( user_id ) data = config.redis_shared.get( reset_id ) if data != None: data = base64.b64decode( data ) data = json.loads( data ) password = request.form.get( "password", None ) userid = data.get( "user_id", None ) if password != None: password = utils.hash.pbkdf2( password, utils.rand.random_data( config.EMAIL_SALT_LENGTH ), config.EMAIL_NB_ITERATIONS ).hash() config.db.query( "UPDATE users SET password = %s WHERE id = %s", ( password, userid ) ) config.db.commit() app.logger.debug( "Password updated for user id '{}'".format( userid ) ) reset_id = "reset_{}".format( user_id ) config.redis_shared.delete( reset_id ) return jsonify( { "error": False, "password_updated": True } ) else: app.logger.debug( "Password reset template render" ) return my_render_template( "users/password_reset_stage2.html", user_id = user_id ) else: app.logger.error( "No reset procedure found for '{}'".format( user_id ) ) return jsonify( { "error": True, "message": "Reset procedure not found/expired" } ) ################################################################################ # webauthn keys @app.route( baseurl + "/webauthn/admin" ) @login_required def webauthn_admin(): """ Serve the administartion page for the FIDO2 keys. """ app.logger.info( "Webauthn admin page" ) return my_render_template( "webauthn/admin.html", keys = do_webauthn_get_list_of_keys( all_keys = True ) ) def do_webauthn_get_list_of_keys( uid = None, all_keys = False ): """ Get the list of keys for a particular user. Can be filtered by active keys only with the `all_keys` parameter. If the user id (uid) variable is not passed in parameter, the id of the currently logged user will be used (via the session). """ user_id = session.get( "user_id", uid ) app.logger.info( "Retrieving the security keys for user '{}'".format( session[ "username" ] ) ) sql = """ SELECT id, key_name as name, created_on, last_usage, usage_counter, active FROM webauthn WHERE user_id = %s """ if not all_keys: sql += " AND active = true" sql += " ORDER BY key_name ASC" keys = config.db.query_fetchall( sql, ( user_id, ) ) data = [] for key in keys: data.append( dict( key ) ) app.logger.debug( "key '{}' ({}) loaded".format( key[ "name" ], key[ "id" ] ) ) app.logger.info( "{} keys found in the database".format( len( data ) ) ) return data @app.route( baseurl + "/webauthn/begin_activate", methods = [ "POST" ] ) @login_required def webauthn_begin_activate(): """ Start the registering process for a new security key. The json returned will be used by the javascript navigator.credentials.create() function. """ app.logger.info( "Start the registring process for a new security key" ) session[ "key_name" ] = request.form.get( "key_name", None ) username = session.get( "username" ) challenge = pyotp.random_base32( 64 ) ukey = pyotp.random_base32( 64 ) app.logger.debug( "User: {}".format( username ) ) app.logger.debug( "Challenge: {}".format( challenge ) ) session[ "challenge" ] = challenge session[ "register_ukey" ] = ukey make_credential_options = webauthn.WebAuthnMakeCredentialOptions( challenge, config.rp_name, config.RP_ID, ukey, username, username, None ) registration_dict = make_credential_options.registration_dict registration_dict[ "authenticatorSelection" ] = { "authenticatorAttachment": "cross-platform", "requireResidentKey": False, "userVerification": "discouraged" } return jsonify( registration_dict ) @app.route( baseurl + "/webauthn/verify", methods = [ "POST" ] ) @login_required def webauthn_verify(): """ Verify the data produced by the security key while registring (with the navigator.credentials.create() function). """ app.logger.info( "Start webauthn verification process" ) challenge = session[ "challenge" ] user_id = session[ "user_id" ] key_name = session.get( "key_name", None ) ukey = session[ "register_ukey" ] app.logger.debug( "Session challenge: {}".format( challenge ) ) app.logger.debug( "Session user_id: {}".format( user_id ) ) app.logger.debug( "Session key_name: {}".format( key_name ) ) webauthn_registration_response = webauthn.WebAuthnRegistrationResponse( config.RP_ID, config.ORIGIN, request.form, challenge ) try: webauthn_credential = webauthn_registration_response.verify() app.logger.info( "Verification OK" ) except Exception as e: app.logger.info( "Verification failed" ) return jsonify( { "error": True, "message": "Registration failed. Error: {}".format( e ) } ) try: app.logger.info( "Insertion of the key to the database" ) config.db.query( utils.sql.sql_insert_generate( "webauthn", [ "user_id", "key_name", "ukey", "credential_id", "pub_key", "sign_count" ] ), ( user_id, key_name, ukey, webauthn_credential.credential_id, webauthn_credential.public_key, webauthn_credential.sign_count, ) ) config.db.commit() return jsonify( { "success": "User successfully registered." } ) except: app.logger.error( "Database insertion error" ) return jsonify( { "error": True, "message": "Database error" } ) ################################################################################ @app.route( baseurl + "/webauthn/delete", methods = [ "POST" ] ) @login_required def webauthn_delete_key(): """ Delete a key based upon the key id and name for the currently logged user. """ app.logger.info( "Start security deletion" ) key_id = request.form.get( "key_id", False ) userid = session[ "user_id" ] app.logger.debug( "Session username: {}".format( session[ "username" ] ) ) app.logger.debug( "key_id: {}".format( key_id ) ) try: config.db.query( "DELETE FROM webauthn WHERE id = %s AND user_id = %s", ( key_id, userid, ) ) config.db.commit() app.logger.debug( "Security key deleted" ) return jsonify( { "error": False } ) except: app.logger.error( "Security key deletion failed" ) return jsonify( { "error": True } ); @app.route( baseurl + "/webauthn/disable", methods = [ "POST" ] ) @login_required def webauthn_disable_key(): """ Disable a particular security key for the current user. """ key_id = request.form.get( "key_id", False ) userid = session[ "user_id" ] app.logger.info( "Disabling key '{}' for user '{}'".format( key_id, session[ "username" ] ) ) try: config.db.query( "UPDATE webauthn SET active = False WHERE id = %s AND user_id = %s", ( key_id, userid, ) ) config.db.commit() app.logger.debug( "Key disabled" ) return jsonify( { "error": False } ) except: app.logger.error( "Key disabling database error" ) return jsonify( { "error": True } ); @app.route( baseurl + "/webauthn/enable", methods = [ "POST" ] ) @login_required def webauthn_enable_key(): """ Activation of a security key for the current user. """ key_id = request.form.get( "key_id", False ) userid = session[ "user_id" ] app.logger.info( "Enabling key '{}' for user '{}'".format( key_id, session[ "username" ] ) ) try: config.db.query( "UPDATE webauthn SET active = True WHERE id = %s AND user_id = %s", ( key_id, userid, ) ) config.db.commit() app.logger.debug( "Key enabled" ) return jsonify( { "error": False } ) except: app.logger.error( "Key enabling database error" ) return jsonify( { "error": True } ); @app.route( baseurl + "/webauthn/rename", methods = [ "POST" ] ) @login_required def webauthn_rename_key(): """ Rename a security key for the current user. """ key_id = request.form.get( "key_id", False ) key_name = request.form.get( "key_name", False ) userid = session[ "user_id" ] app.logger.info( "Renaming key '{}' for user '{}'".format( key_id, session[ "username" ] ) ) try: config.db.query( "UPDATE webauthn SET key_name = %s WHERE id = %s AND user_id = %s", ( key_name, key_id, userid, ) ) config.db.commit() app.logger.debug( "Key renamed" ) return jsonify( { "error": False } ) except: app.logger.error( "Key renaming error" ) return jsonify( { "error": True } ); @app.route( baseurl + "/webauthn/begin_assertion" ) def webauthn_begin_assertion(): """ Get the data to start the login process with all actives keys for a user. """ app.logger.info( "Webauthn start data preparation for user '{}'".format( session[ "username" ] ) ) user_id = session.get( "user_id" ) if "challenge" in session: del session[ "challenge" ] challenge = pyotp.random_base32( 64 ) session[ "challenge" ] = challenge app.logger.debug( "Challenge: '{}'".format( challenge ) ) key_list = config.db.query_fetchall( "SELECT * FROM webauthn WHERE user_id = %s AND active = true", ( user_id, ) ) app.logger.info( "{} keys active for this user".format( len( key_list ) ) ) credential_id_list = [] for key in key_list: credential_id_list.append( { "type": "public-key", "id": key[ "credential_id" ], "transports": [ "usb", "nfc", "ble", "internal" ] } ) app.logger.debug( "key '{}' added to the usable keys".format( key[ "credential_id" ] ) ) assertion_dict = { "challenge": challenge, "timeout": 60000, "allowCredentials": credential_id_list, "rpId": config.RP_ID, } return jsonify( { "error": False, "data": assertion_dict } ) @app.route( baseurl + "/webauthn/verify_assertion", methods = [ "POST" ] ) def webauthn_verify_assertion(): """ Check the signed challenge provided to the user for the login process. """ app.logger.info( "Webauthn start assertion verification" ) challenge = session.get( "challenge" ) assertion_response = request.form credential_id = assertion_response.get( "id" ) app.logger.debug( "Used key: '{}'".format( credential_id ) ) user = config.db.query_fetchone( "SELECT * FROM webauthn WHERE credential_id = %s", ( credential_id, ) ) for key in [ "sign_count", "created_on", "last_usage", "usage_counter" ]: app.logger.debug( "key {}: {}".format( key, user[key] ) ) webauthn_user = webauthn.WebAuthnUser( None, session[ "username" ], None, None, user[ "credential_id" ], user[ "pub_key" ], user[ "sign_count" ], config.RP_ID ) webauthn_assertion_response = webauthn.WebAuthnAssertionResponse( webauthn_user, assertion_response, challenge, config.ORIGIN, uv_required = False ) try: sign_count = webauthn_assertion_response.verify() app.logger.info( "Webauthn key verified" ) except Exception as e: app.logger.error( "Webauthn assertion failed" ) return jsonify( { "error": True, "message": "Assertion failed. Error: {}".format( e ) } ) else: app.logger.debug( "Update key usage in the database" ) dt = datetime.now( pytz.timezone( "Europe/Zurich" ) ) q = config.db.query( "UPDATE webauthn SET sign_count = %s, last_usage = %s, usage_counter = usage_counter + 1 WHERE credential_id = %s", ( sign_count, dt, credential_id, ) ) config.db.commit() session[ "need_to_check" ].remove( "securitykey" ) do_login() return jsonify( { "error": False } ) ################################################################################ # New user @app.route( baseurl + "/signin" ) def new_user(): """ Serve the page to register to ICNML. """ app.logger.info( "New user registration page open" ) r = config.db.query_fetchall( "SELECT id, name FROM account_type WHERE can_singin = true" ) account_type = [] for rr in r: account_type.append( dict( rr ) ) return my_render_template( "users/signin.html", list_account_type = account_type ) @app.route( baseurl + "/do/signin", methods = [ "POST" ] ) def add_account_request_to_db(): """ Add the new user request to the database. """ app.logger.info( "Registrer new user request to the database" ) try: first_name = request.form[ "first_name" ] last_name = request.form[ "last_name" ] email = request.form[ "email" ] account_type = int( request.form[ "account_type" ] ) uuid = str( uuid4() ) email = email.lower() app.logger.debug( "First name: {}".format( first_name ) ) app.logger.debug( "Last name: {}".format( last_name ) ) app.logger.debug( "Email: {}".format( email ) ) app.logger.debug( "Account: {}".format( account_type ) ) sql = "SELECT name FROM account_type WHERE id = %s" account_type_name = config.db.query_fetchone( sql, ( account_type, ) )[ "name" ] account_type_name = account_type_name.lower() sql = "SELECT nextval( 'username_{}_seq' ) as id".format( account_type_name ) username_id = config.db.query_fetchone( sql )[ "id" ] app.logger.debug( "Username id:{}".format( username_id ) ) config.db.query( utils.sql.sql_insert_generate( "signin_requests", [ "first_name", "last_name", "email", "account_type", "uuid", "username_id" ] ), ( first_name, last_name, email, account_type, uuid, username_id, ) ) config.db.commit() return jsonify( { "error": False, "uuid": uuid } ) except: app.logger.error( "New user request database error" ) return jsonify( { "error": True } ) @app.route( baseurl + "/validate_signin" ) @admin_required def validate_signin(): """ Serve the page to admins regarding the validation of new users. """ app.logger.info( "Serve the signin valiation page" ) q = config.db.query( """ SELECT signin_requests.*, account_type.name as account_type FROM signin_requests LEFT JOIN account_type ON signin_requests.account_type = account_type.id WHERE signin_requests.status = 'pending' """ ) users = [] try: r = q.fetchall() for rr in r: users.append( dict( rr ) ) app.logger.debug( "Add '{}' to the validation list".format( rr[ "email" ] ) ) except: pass app.logger.info( "{} users added to the validation list".format( len( users ) ) ) return my_render_template( "users/validate_signin.html", users = users ) @app.route( baseurl + "/do/validate_signin", methods = [ "POST" ] ) @admin_required def do_validate_signin(): """ Prepare the new user data to be signed by the admin, and serve the page. """ request_id = request.form.get( "id" ) app.logger.info( "Signin validation begin for request_id '{}'".format( request_id ) ) s = config.db.query_fetchone( "SELECT * FROM signin_requests WHERE id = %s", ( request_id, ) ) s = dict( s ) r = {} r[ "user" ] = s r[ "user" ][ "request_time" ] = str( r[ "user" ][ "request_time" ] ) r[ "user" ][ "validation_time" ] = str( r[ "user" ][ "validation_time" ] ) r[ "acceptance" ] = {} r[ "acceptance" ][ "username" ] = session[ "username" ] r[ "acceptance" ][ "time" ] = str( datetime.now() ) j = json.dumps( r ) challenge = base64.b64encode( j ) challenge = challenge.replace( "=", "" ) session[ "validation_user_challenge" ] = challenge ############################################################################ user_id = session[ "user_id" ] key = config.db.query_fetchone( "SELECT * FROM webauthn WHERE user_id = %s AND usage_counter > 0 ORDER BY last_usage DESC LIMIT 1", ( user_id, ) ) webauthn_user = webauthn.WebAuthnUser( key[ "ukey" ], session[ "username" ], session[ "username" ], None, key[ "credential_id" ], key[ "pub_key" ], key[ "sign_count" ], config.RP_ID ) webauthn_assertion_options = webauthn.WebAuthnAssertionOptions( webauthn_user, challenge ) return jsonify( { "error": False, "data": webauthn_assertion_options.assertion_dict } ) @app.route( baseurl + "/do/validate_signin_2", methods = [ "POST" ] ) @admin_required def do_validate_signin_2(): """ Verification of the signature of the new user data by the admin. """ app.logger.info( "Verification of the validated new user" ) challenge = session.get( "validation_user_challenge" ) assertion_response = request.form assertion_response_s = base64.b64encode( json.dumps( assertion_response ) ) credential_id = assertion_response.get( "id" ) user = config.db.query_fetchone( "SELECT * FROM webauthn WHERE credential_id = %s", ( credential_id, ) ) webauthn_user = webauthn.WebAuthnUser( user[ "ukey" ], session[ "username" ], session[ "username" ], None, user[ "credential_id" ], user[ "pub_key" ], user[ "sign_count" ], "icnml.unil.ch" ) webauthn_assertion_response = webauthn.WebAuthnAssertionResponse( webauthn_user, assertion_response, challenge, config.ORIGIN, uv_required = False ) try: webauthn_assertion_response.verify() app.logger.info( "Webauthn assertion verified" ) except Exception as e: return jsonify( { "error": True, "message": "Assertion failed. Error: {}".format( e ) } ) ############################################################################ if len( challenge ) % 4 != 0: challenge += "=" * ( 4 - ( len( challenge ) % 4 ) ) newuser = base64.b64decode( challenge ) newuser = json.loads( newuser ) user_type = int( newuser[ "user" ][ "account_type" ] ) email = newuser[ "user" ][ "email" ] email_hash = utils.hash.pbkdf2( email, utils.rand.random_data( config.EMAIL_SALT_LENGTH ), config.EMAIL_NB_ITERATIONS ).hash() request_id = newuser[ "user" ][ "id" ] username_id = newuser[ "user" ][ "username_id" ] n = config.db.query_fetchone( "SELECT name FROM account_type WHERE id = %s", ( user_type, ) )[ "name" ] username = "{}_{}".format( n, username_id ) username = username.lower() app.logger.info( "Creation of the new user '{}'".format( username ) ) try: config.db.query( "UPDATE signin_requests SET validation_time = now(), assertion_response = %s, status = 'validated' WHERE id = %s", ( assertion_response_s, request_id ) ) config.db.query( utils.sql.sql_insert_generate( "users", [ "username", "email", "type" ] ), ( username, email_hash, user_type ) ) config.db.commit() app.logger.debug( "User '{}' created".format( username ) ) except: app.logger.error( "Error while creating the user account for '{}'".format( username ) ) return jsonify( { "error": True, "message": "Can not insert into database." } ) ############################################################################ try: email_content = utils.template.render_jinja_html( "templates/email", "signin.html", username = username, url = "https://icnml.unil.ch" + url_for( "config_new_user", uuid = newuser[ "user" ][ "uuid" ] ) ) msg = MIMEText( email_content, "html" ) msg[ "Subject" ] = "ICNML - Login information" msg[ "From" ] = config.sender msg[ "To" ] = email app.logger.info( "Sending the email to the user '{}'".format( username ) ) with mySMTP() as s: s.sendmail( config.sender, [ email ], msg.as_string() ) return jsonify( { "error": False } ) except: return jsonify( { "error": True, "message": "Error while sending the email" } ) @app.route( baseurl + "/do/validation_reject", methods = [ "POST" ] ) def do_validation_reject(): """ Reject the request for a new user. """ request_id = request.form.get( "id" ) app.logger.info( "Reject the new user request {}".format( request_id ) ) try: sql = "UPDATE signin_requests SET status = 'rejected' WHERE id = %s" config.db.query( sql, ( request_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/config/" ) def config_new_user( uuid ): """ Serve the first page to the new user to configure his account. """ app.logger.info( "Serve user account configuration page" ) session.clear() r = config.db.query_fetchone( "SELECT email FROM signin_requests WHERE uuid = %s", ( uuid, ) ) try: email = r[ "email" ] session[ "signin_user_validation_email" ] = email session[ "signin_user_validation_uuid" ] = uuid return my_render_template( "users/config.html", next_step = "do_config_new_user" ) except: return redirect( url_for( "home" ) ) @app.route( baseurl + "/do/config", methods = [ "POST" ] ) def do_config_new_user(): """ Save the configuration of the new user to the database. """ app.logger.info( "Start user account configuration" ) email = session[ "signin_user_validation_email" ] uuid = session[ "signin_user_validation_uuid" ] username = request.form.get( "username" ) password = request.form.get( "password" ) session[ "username" ] = username ############################################################################ r = config.db.query_fetchone( "SELECT count(*) FROM signin_requests WHERE uuid = %s AND email = %s", ( uuid, email, ) ) r = r[ 0 ] if r == 0: return jsonify( { "error": True, "message": "no signin request" } ) user = config.db.query_fetchone( "SELECT * FROM users WHERE username = %s", ( username, ) ) if user == None: app.logger.error( "No user found in the databse for '{}'".format( username ) ) return jsonify( { "error": True, "message": "no user" } ) elif not password.startswith( "pbkdf2" ): app.logger.error( "Password not hashed with PBKDF2" ) return jsonify( { "error": True, "message": "password not in the correct format" } ) elif not utils.hash.pbkdf2( email, user[ "email" ] ).verify(): app.logger.error( "Email not corresponding to the stored email in the database" ) return jsonify( { "error": True, "message": "email not corresponding to the request form" } ) elif user.get( "password", None ) != None: app.logger.error( "Password already set for this user" ) return jsonify( { "error": True, "message": "password already set" } ) ############################################################################ app.logger.debug( "Storing the new password to the databse" ) password = utils.hash.pbkdf2( password, utils.rand.random_data( config.EMAIL_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash() q = config.db.query( "UPDATE users SET password = %s WHERE username = %s", ( password, username, ) ) config.db.commit() session[ "username" ] = username ############################################################################ return jsonify( { "error": False } ) @app.route( baseurl + "/config/donor/" ) def config_new_user_donor( h ): """ Serve the configuration page for a new donor. """ app.logger.info( "Start new donor configuration" ) session.clear() app.logger.debug( "Searching in the database for hash value '{}'".format( h ) ) sql = """ SELECT users.id, users.username, users.email FROM users LEFT JOIN account_type ON users.type = account_type.id WHERE account_type.name = 'Donor' AND password IS NULL """ for r in config.db.query_fetchall( sql ): if h == hashlib.sha512( r[ "email" ] ).hexdigest(): app.logger.info( "User '{}' found".format( r[ "username" ] ) ) user = r break else: app.logger.error( "The hash '{}' is not present in the users database".format( h ) ) return redirect( url_for( "home" ) ) session[ "email_hash" ] = h session[ "user_id" ] = user[ "id" ] app.logger.info( "Serving the config new donor page" ) return my_render_template( "users/config.html", next_step = "do_config_new_donor", hash = h ) @app.route( baseurl + "/do/config/donor", methods = [ "POST" ] ) def do_config_new_donor(): """ Save the donor configuration to the database. """ app.logger.info( "Start donor configuration" ) username = request.form.get( "username" ) app.logger.debug( "Username: {}".format( username ) ) password = request.form.get( "password" ) password = utils.hash.pbkdf2( password, utils.rand.random_data( config.PASSWORD_SALT_LENGTH ), config.PASSWORD_NB_ITERATIONS ).hash() h = request.form.get( "hash" ) sql = "SELECT id FROM users WHERE username = %s" user_id = config.db.query_fetchone( sql, ( username, ) )[ "id" ] session[ "username" ] = username if session[ "email_hash" ] == h and session[ "user_id" ] == user_id: config.db.query( "UPDATE users SET password = %s WHERE username = %s", ( password, username, ) ) config.db.commit() app.logger.info( "Password set" ) return jsonify( { "error": False } ) else: app.logger.error( "Error while updating the password dor {}".format( username ) ) return jsonify( { "error": True, "message": "Invalid parameters" } ) @app.route( baseurl + "/totp_help" ) def totp_help(): """ Serve the help page for the TOTP. """ app.logger.info( "Serving the TOTP help page" ) return my_render_template( "totp_help.html" ) ################################################################################ # QR Code generation def renew_secret(): """ Request a new TOTP secret. """ app.logger.info( "Generate new secret" ) secret = pyotp.random_base32( 40 ) session[ "secret" ] = secret return secret def get_secret(): """ Retrieve the current secret. """ app.logger.info( "Request secret for user '{}'".format( session[ "username" ] ) ) secret = session.get( "secret", None ) if secret == None: secret = renew_secret() return secret @app.route( baseurl + "/set_secret" ) def set_secret(): """ Set the new secret value for the TOTP in the database. """ app.logger.info( "Storing new secret for user '{}'".format( session[ "username" ] ) ) try: config.db.query( "UPDATE users SET totp = %s WHERE username = %s", ( session[ "secret" ], session[ "username" ], ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/secret" ) def request_secret(): """ Serve the current secret as JSON. """ app.logger.info( "Request the secret for user '{}'".format( session[ "username" ] ) ) get_secret() return jsonify( { "error": False, "secret": session[ "secret" ] } ) @app.route( baseurl + "/new_secret" ) @login_required def request_renew_secret(): """ Serve current secret. """ app.logger.info( "Renew TOTP secret for user '{}'".format( session[ "username" ] ) ) renew_secret() return jsonify( { "error": False, "secret": session[ "secret" ] } ) @app.route( baseurl + "/user/config/totp_qrcode.png" ) def user_totp_qrcode(): """ Generate the TOTP PNG QRcode image ready to scan. """ app.logger.info( "Generate the TOTP QRcode" ) if "username" in session: qrcode_value = "otpauth://totp/ICNML%20{}?secret={}".format( session[ "username" ], get_secret() ) else: qrcode_value = "otpauth://totp/ICNML?secret={}".format( get_secret() ) app.logger.debug( "Value: {}".format( qrcode_value ) ) img = qrcode.make( qrcode_value ) temp = StringIO() img.save( temp, format = "png" ) temp.seek( 0 ) return send_file( temp, mimetype = "image/png" ) @app.route( baseurl + "/user/config/totp" ) @login_required def user_totp_config(): """ Serve the TOTP configuration page. """ app.logger.info( "Serve the TOTP config page" ) return my_render_template( "users/totp.html", secret = get_secret() ) ################################################################################ # DEK encryption/decryption @app.route( baseurl + "/dek/reconstruct", methods = [ "POST" ] ) @login_required def dek_regenerate(): app.logger.info( "DEK reconstruction" ) try: email_hash = request.form.get( "email_hash" ) username = session.get( "username" ) app.logger.debug( "User: {}".format( username ) ) sql = "SELECT * FROM donor_dek WHERE donor_name = %s" user = config.db.query_fetchone( sql, ( username, ) ) if user[ "salt" ] == None: app.logger.error( "No DEK salt for user '{}'".format( session[ "username" ] ) ) raise _, dek, _ = dek_generate( username = username, email_hash = email_hash, salt = user[ "salt" ] ) app.logger.debug( "DEK reconstructed: {}...".format( dek[ 0:10 ] ) ) check = utils.aes.do_decrypt( user[ "dek_check" ], dek ) check = json.loads( check ) if check[ "value" ] != "ok": app.logger.error( "DEK check error for user '{}'".format( session[ "username" ] ) ) raise app.logger.debug( "DEK check OK" ) sql = "UPDATE donor_dek SET dek = %s WHERE id = %s AND donor_name = %s" config.db.query( sql, ( dek, user[ "id" ], username, ) ) config.db.commit() app.logger.info( "Reconstructed DEK saved to the database" ) return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/dek/delete" ) @login_required def dek_delete(): try: username = session.get( "username" ) app.logger.info( "Delete DEK for user {}".format( username ) ) sql = "UPDATE donor_dek SET dek = NULL WHERE donor_name = %s" config.db.query( sql, ( username, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/dek/fulldelete" ) @login_required def dek_delete_fully(): try: username = session.get( "username" ) app.logger.info( "Fully delete the DEK of user {}".format( username ) ) sql = "UPDATE donor_dek SET dek = NULL WHERE donor_name = %s" config.db.query( sql, ( username, ) ) sql = "UPDATE donor_dek SET salt = NULL WHERE donor_name = %s" config.db.query( sql, ( username, ) ) sql = "UPDATE donor_dek SET dek_check = NULL WHERE donor_name = %s" config.db.query( sql, ( username, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) ################################################################################ # File upload @app.route( baseurl + "/upload", methods = [ "POST" ] ) @login_required def upload_file(): """ Main function dealing with the upload of files (tenprint, mark and consent forms). This function accept traditionals images and NIST files for the fingerprint data, and PDFs for the consent forms. """ app.logger.info( "Processing of the uploaded file" ) upload_type = request.form.get( "upload_type", None ) app.logger.debug( "Upload type: {}".format( upload_type ) ) file_extension = request.form.get( "extension", None ) if isinstance( file_extension, str ): file_extension = file_extension.lower() app.logger.debug( "File extension: {}".format( file_extension ) ) if upload_type == None: return jsonify( { "error": True, "message": "Must specify a file type to upload a file" } ) if "file" not in request.files: app.logger.error( "No file in the upload request" ) return jsonify( { "error": True, "message": "No file in the POST request" } ) elif "submission_id" not in request.form: app.logger.error( "No submission identification number" ) return jsonify( { "error": True, "message": "No submission_id" } ) else: try: submission_uuid = request.form.get( "submission_id" ) sql = "SELECT id FROM submissions WHERE uuid = %s" submission_id = config.db.query_fetchone( sql, ( submission_uuid, ) )[ "id" ] app.logger.debug( "Submission UUID: {}".format( submission_uuid ) ) except: return jsonify( { "error": True, "message": "upload not related to a submission form" } ) uploaded_file = request.files[ "file" ] file_name = do_encrypt_user_session( uploaded_file.filename ) file_uuid = str( uuid4() ) app.logger.debug( "File uuid: {}".format( file_uuid ) ) fp = StringIO() uploaded_file.save( fp ) file_size = fp.tell() app.logger.debug( "File size: {}".format( file_size ) ) fp.seek( 0 ) if file_extension in config.NIST_file_extensions: file_data = fp.getvalue() file_data = base64.b64encode( file_data ) file_data = do_encrypt_dek( file_data, submission_uuid ) try: n = NISTf_auto( fp ) if not n.is_initialized(): raise app.logger.info( "NIST file loaded correctly" ) app.logger.debug( "Records: " + ", ".join( [ "Type-%02d" % x for x in n.get_ntype() ] ) ) except: app.logger.error( "Error while loading the NIST file" ) return jsonify( { "error": True, "message": "Error while loading the NIST file" } ) # Save the NIST file in the DB app.logger.info( "Saving the NIST file to the database" ) sql = utils.sql.sql_insert_generate( "files", [ "folder", "creator", "filename", "type", "format", "size", "uuid", "data" ] ) data = ( submission_id, session[ "user_id" ], file_name, 5, "NIST", file_size, file_uuid, file_data, ) config.db.query( sql, data ) # Segmentation of the NIST file app.logger.info( "Segmenting the NIST file" ) fpc_in_file = [] for fpc in config.all_fpc: app.logger.debug( "FPC {}".format( fpc ) ) try: try: img = n.get_print( fpc = fpc ) except: img = n.get_palmar( fpc = fpc ) buff = StringIO() img.save( buff, format = "TIFF" ) app.logger.debug( str( img ) ) buff.seek( 0 ) img_data = buff.getvalue() img_data = base64.b64encode( img_data ) img_data = do_encrypt_dek( img_data, submission_uuid ) sql = utils.sql.sql_insert_generate( "files_segments", [ "tenprint", "uuid", "pc", "data" ] ) data = ( file_uuid, str( uuid4() ), fpc, img_data, ) config.db.query( sql, data ) app.logger.info( "Image saved to the database" ) fpc_in_file.append( fpc ) except: app.logger.debug( " No data" ) pass app.logger.info( "FPC processed ({}): {}".format( len( fpc_in_file ), fpc_in_file ) ) config.db.commit() return jsonify( { "error": False, "fpc": fpc_in_file } ) else: if upload_type in [ "mark_target", "mark_incidental", "tenprint_card_front", "tenprint_card_back" ]: app.logger.info( "Image file type: {}".format( upload_type ) ) img = Image.open( fp ) img_format = img.format width, height = img.size app.logger.debug( str( img ) ) try: res = int( img.info[ "dpi" ][ 0 ] ) app.logger.debug( "Resolution: {}".format( res ) ) except: app.logger.error( "No resolution found in the image" ) return jsonify( { "error": True, "message": "No resolution found in the image. Upload not possible at the moment." } ) try: img = utils.images.rotate_image_upon_exif( img ) app.logger.debug( "Rotation of the image" ) except: pass buff = StringIO() img.save( buff, format = img_format ) buff.seek( 0 ) file_data = buff.getvalue() if upload_type in [ "tenprint_card_front", "tenprint_card_back" ]: app.logger.debug( "Creation of the thumbnail" ) create_thumbnail( file_uuid, img, submission_uuid ) else: file_data = fp.getvalue() file_data_r = file_data file_data = base64.b64encode( file_data ) sql = "SELECT id FROM files_type WHERE name = %s" upload_type_id = config.db.query_fetchone( sql, ( upload_type, ) )[ "id" ] #################################################################### if upload_type == "consent_form": app.logger.info( "Processing of the consent form" ) sql = "SELECT email_aes FROM submissions WHERE uuid = %s" email = config.db.query_fetchone( sql, ( submission_uuid, ) )[ "email_aes" ] email = do_decrypt_user_session( email ) sql = """ SELECT users.username, users.email FROM users LEFT JOIN account_type ON users.type = account_type.id WHERE account_type.name = 'Donor' ORDER BY users.id DESC """ for username_db, email_db in config.db.query_fetchall( sql ): if utils.hash.pbkdf2( email, email_db ).verify(): username = username_db url_hash = hashlib.sha512( email_db ).hexdigest() app.logger.info( "Donor: {}".format( username ) ) break else: app.logger.error( "User not found" ) return jsonify( { "error": True, "message": "user not found" } ) # Check that the PDF contains the QRCODE qrcode_checked = False try: pages = pdf2image.convert_from_bytes( file_data_r, poppler_path = config.POPPLER_PATH ) for page in pages: decoded = pyzbar.decode( page ) for d in decoded: if d.data == "ICNML CONSENT FORM": qrcode_checked = True except: qrcode_checked = False # Email for the donor app.logger.info( "Sending the email to the donor" ) email_content = utils.template.render_jinja_html( "templates/email", "donor.html", username = username, url = "https://icnml.unil.ch" + url_for( "config_new_user_donor", h = url_hash ) ) msg = MIMEMultipart() msg[ "Subject" ] = "ICNML - You have been added as donor" msg[ "From" ] = config.sender msg[ "To" ] = email msg.attach( MIMEText( email_content, "html" ) ) part = MIMEApplication( file_data_r, Name = "consent_form.pdf" ) part[ "Content-Disposition" ] = "attachment; filename=consent_form.pdf" msg.attach( part ) try: with mySMTP() as s: s.sendmail( config.sender, [ email ], msg.as_string() ) app.logger.info( "Email sended" ) except: app.logger.error( "Can not send the email to the donor" ) return jsonify( { "error": True, "message": "Can not send the email to the user" } ) else: # Consent form save app.logger.info( "Saving the consent form to the database" ) file_data = base64.b64encode( file_data ) file_data = gpg.encrypt( file_data, *config.gpg_key ) file_data = str( file_data ) file_data = base64.b64encode( file_data ) email_hash = utils.hash.pbkdf2( email, iterations = config.CF_NB_ITERATIONS ).hash() sql = utils.sql.sql_insert_generate( "cf", [ "uuid", "data", "email", "has_qrcode" ] ) data = ( file_uuid, file_data, email_hash, qrcode_checked, ) config.db.query( sql , data ) sql = "UPDATE submissions SET consent_form = true WHERE uuid = %s" config.db.query( sql, ( submission_uuid, ) ) config.db.commit() else: app.logger.info( "Save the file to the databse" ) file_data = do_encrypt_dek( file_data, submission_uuid ) sql = utils.sql.sql_insert_generate( "files", [ "folder", "creator", "filename", "type", "format", "size", "width", "height", "resolution", "uuid", "data" ] ) data = ( submission_id, session[ "user_id" ], file_name, upload_type_id, img_format, file_size, width, height, res, file_uuid, file_data, ) config.db.query( sql, data ) config.db.commit() return jsonify( { "error": False, "uuid": file_uuid } ) ################################################################################ # Submission of a new donor @app.route( baseurl + "/submission/new" ) @submission_has_access def submission_new(): """ Serve the page to start a new submission (new donor). """ app.logger.info( "Serve the new donor form" ) return my_render_template( "submission/new.html" ) @app.route( baseurl + "/submission/do_new", methods = [ "POST" ] ) @submission_has_access def submission_do_new(): """ Check the new donor data, and store the new submission process in the database. """ app.logger.info( "Process the new donor form" ) email = request.form.get( "email", False ) email = email.lower() if email: # Check for duplicate base upon the email data sql = "SELECT id, email_hash FROM submissions WHERE submitter_id = %s" for case in config.db.query_fetchall( sql, ( session[ "user_id" ], ) ): if utils.hash.pbkdf2( email, case[ "email_hash" ] ).verify(): app.logger.error( "Email already used for an other submission ({}) by this submitter".format( case[ "id" ] ) ) return jsonify( { "error": True, "message": "Email already used for an other submission. Check the list of submissions to update the corresponding one." } ) break else: app.logger.info( "Insertion of the donor to the databse" ) # Insert the new donor donor_uuid = str( uuid4() ) app.logger.debug( "Donor uuid: {}".format( donor_uuid ) ) email_aes = do_encrypt_user_session( email ) email_hash = utils.hash.pbkdf2( email, iterations = config.EMAIL_NB_ITERATIONS ).hash() upload_nickname = request.form.get( "upload_nickname", None ) upload_nickname = do_encrypt_user_session( upload_nickname ) submitter_id = session[ "user_id" ] status = "pending" userid = config.db.query_fetchone( "SELECT nextval( 'username_donor_seq' ) as id" )[ "id" ] username = "donor_{}".format( userid ) sql = utils.sql.sql_insert_generate( "users", [ "username", "email", "type" ], "id" ) data = ( username, email_hash, 2 ) donor_user_id = config.db.query_fetchone( sql, data )[ "id" ] app.logger.debug( "Username: {}".format( username ) ) dek_salt, dek, dek_check = dek_generate( email = email, username = username ) app.logger.debug( "DEK salt: {}...".format( dek_salt[ 0:10 ] ) ) app.logger.debug( "DEK: {}...".format( dek[ 0:10 ] ) ) sql = utils.sql.sql_insert_generate( "donor_dek", [ "donor_name", "salt", "dek", "dek_check", "iterations", "algo", "hash" ], "id" ) data = ( username, dek_salt, dek, dek_check, config.DEK_NB_ITERATIONS, "pbkdf2", "sha512", ) config.db.query_fetchone( sql, data ) sql = utils.sql.sql_insert_generate( "submissions", [ "uuid", "email_aes", "email_hash", "nickname", "donor_id", "status", "submitter_id" ] ) data = ( donor_uuid, email_aes, email_hash, upload_nickname, donor_user_id, status, submitter_id, ) config.db.query( sql, data ) config.db.commit() return jsonify( { "error": False, "id": donor_uuid } ) else: app.logger.error( "No email provided for the submission folder" ) return jsonify( { "error": True, "message": "Email not provided" } ) @app.route( baseurl + "/submission//add_files" ) @submission_has_access def submission_upload_tplp( submission_id ): """ Serve the page to upload tenprint and mark images files. This page is not accessible if a consent form is not available in the database for this particular donor. """ app.logger.info( "Upload a new file in the submission {}".format( submission_id ) ) try: dek_check( submission_id ) sql = """ SELECT email_aes as email, nickname, created_time, consent_form FROM submissions WHERE submitter_id = %s AND uuid = %s """ user = config.db.query_fetchone( sql, ( session[ "user_id" ], submission_id ) ) if user[ "consent_form" ]: app.logger.debug( "The donor has a consent form" ) app.logger.info( "Serving the add new file page" ) for key in [ "email", "nickname" ]: user[ key ] = do_decrypt_user_session( user[ key ] ) return my_render_template( "submission/add_files.html", submission_id = submission_id, **user ) else: app.logger.debug( "The donor dont have a consent form in the database" ) app.logger.info( "Serving the consent form upload page" ) return redirect( url_for( "submission_consent_form", submission_id = submission_id ) ) except: return jsonify( { "error": True, "message": "Case not found" } ) @app.route( baseurl + "/submission//consent_form" ) @submission_has_access def submission_consent_form( submission_id ): """ Serve the page to upload the consent form for the user. """ app.logger.info( "Serve the consent form upload page" ) sql = """ SELECT email_aes as email, nickname, created_time FROM submissions WHERE submitter_id = %s AND uuid = %s """ user = config.db.query_fetchone( sql, ( session[ "user_id" ], submission_id ) ) if user != None: for key in [ "email", "nickname" ]: user[ key ] = do_decrypt_user_session( user[ key ] ) return my_render_template( "submission/consent_form.html", submission_id = submission_id, **user ) else: app.logger.error( "Submission not found" ) return abort( 404 ) @app.route( baseurl + "/submission//set/nickname", methods = [ "POST" ] ) @submission_has_access def submission_update_nickname( submission_id ): """ Change the nickname of the donor in the database. THIS INFORMATION SHALL BE ENCRYPTED ON THE CLIENT SIDE FIRST WITH A UNIQUE ENCRYPTION KEY NOT TRANSMETTED TO THE SERVER! """ app.logger.info( "Save the donor nickname to the database" ) nickname = request.form.get( "nickname", None ) if nickname != None and len( nickname ) != 0: try: nickname = do_encrypt_user_session( nickname ) sql = "UPDATE submissions SET nickname = %s WHERE uuid = %s" config.db.query( sql, ( nickname, submission_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: app.logger.error( "Database error" ) return jsonify( { "error": True, "message": "DB error" } ) else: app.logger.error( "No nickname in the post request" ) return jsonify( { "error": True, "message": "No new nickname in the POST request" } ) @app.route( baseurl + "/submission/list" ) @submission_has_access def submission_list(): """ Get the list of all submissions folder for the currently logged submitter. """ app.logger.info( "Get all submissions for '{}'".format( session[ "username" ] ) ) sql = "SELECT * FROM submissions WHERE submitter_id = %s ORDER BY created_time DESC" q = config.db.query_fetchall( sql, ( session[ "user_id" ], ) ) donors = [] for donor in q: donors.append( { "id": donor.get( "id", None ), "email": do_decrypt_user_session( donor.get( "email_aes", None ) ), "nickname": do_decrypt_user_session( donor.get( "nickname", None ) ), "uuid": donor.get( "uuid", None ) } ) app.logger.debug( "uuid: {}".format( donor[ "uuid" ] ) ) app.logger.info( "{} submissions found".format( len( donors ) ) ) return my_render_template( "submission/list.html", donors = donors ) @app.route( baseurl + "/submission//mark/list" ) @app.route( baseurl + "/submission//mark/list/" ) @submission_has_access def submission_mark_list( submission_id, mark_type = "all" ): """ Get the list of mark for a particular submission folder. """ app.logger.info( "Get the list of mark for the submission '{}'".format( submission_id ) ) app.logger.debug( "mark_type: {}".format( mark_type ) ) if mark_type in [ "target", "incidental", "all" ]: sql = "SELECT id, nickname FROM submissions WHERE uuid = %s" case_id, nickname = config.db.query_fetchone( sql, ( submission_id, ) ) nickname = do_decrypt_user_session( nickname ) sql = """ SELECT files.uuid, files.filename, files.size, files.creation_time FROM files LEFT JOIN files_type ON files.type = files_type.id WHERE folder = %s AND """ if mark_type == "target": sql += " files_type.name = 'mark_target'" elif mark_type == "incidental": sql += " files_type.name = 'mark_incidental'" elif mark_type == "all": sql += " ( files_type.name = 'mark_target' OR files_type.name = 'mark_incidental' )" sql += " ORDER BY files.id DESC" files = config.db.query_fetchall( sql, ( case_id, ) ) for _, v in enumerate( files ): v[ "filename" ] = do_decrypt_user_session( v[ "filename" ] ) v[ "size" ] = round( ( float( v[ "size" ] ) / ( 1024 * 1024 ) ) * 100 ) / 100 app.logger.debug( "{} marks for '{}'".format( len( files ), submission_id ) ) return my_render_template( "submission/mark_list.html", submission_id = submission_id, mark_type = mark_type, files = files, nickname = nickname ) else: return abort( 403 ) @app.route( baseurl + "/submission//mark/" ) @submission_has_access def submission_mark( submission_id, mark_id ): """ Serve the page to edit a particular mark image. """ app.logger.info( "Serve the mark page edit" ) app.logger.debug( "submission {}".format( submission_id ) ) app.logger.debug( "mark {}".format( mark_id ) ) sql = "SELECT id, nickname FROM submissions WHERE uuid = %s" submission_folder_id, nickname = config.db.query_fetchone( sql, ( submission_id, ) ) nickname = do_decrypt_user_session( nickname ) sql = """ SELECT files.uuid, files.filename, files.note, files.format, files.resolution, files.width, files.height, files.size, files.creation_time, files.type, files_type.name as file_type FROM files LEFT JOIN files_type ON files.type = files_type.id WHERE folder = %s AND files.uuid = %s """ mark = config.db.query_fetchone( sql, ( submission_folder_id, mark_id, ) ) mark[ "size" ] = round( 100 * float( mark[ "size" ] ) / ( 1024 * 1024 ) ) / 100 mark[ "filename" ] = do_decrypt_user_session( mark[ "filename" ] ) mark[ "note" ] = do_decrypt_user_session( mark[ "note" ] ) mark[ "file_type" ] = mark[ "file_type" ].replace( "mark_", "" ) return my_render_template( "submission/mark.html", submission_id = submission_id, nickname = nickname, file = mark ) @app.route( baseurl + "/submission//mark//pfsp" ) @submission_has_access def submission_mark_pfsp( submission_id, mark_id ): """ Serve the page to set the PFSP information (location on the finger or the palm print) for the mark. """ app.logger.info( "Serve the PFSP edit page" ) app.logger.debug( "submission {}".format( submission_id ) ) app.logger.debug( "mark {}".format( mark_id ) ) sql = "SELECT id, nickname FROM submissions WHERE uuid = %s" submission_folder_id, nickname = config.db.query_fetchone( sql, ( submission_id, ) ) nickname = do_decrypt_user_session( nickname ) sql = """ SELECT files.uuid, files.filename, files.note, files.format, files.resolution, files.width, files.height, files.size, files.creation_time, files.type, files_type.name as file_type FROM files LEFT JOIN files_type ON files.type = files_type.id WHERE folder = %s AND files.uuid = %s """ mark = config.db.query_fetchone( sql, ( submission_folder_id, mark_id, ) ) mark[ "size" ] = round( 100 * float( mark[ "size" ] ) / ( 1024 * 1024 ) ) / 100 mark[ "filename" ] = do_decrypt_user_session( mark[ "filename" ] ) mark[ "note" ] = do_decrypt_user_session( mark[ "note" ] ) mark[ "file_type" ] = mark[ "file_type" ].replace( "mark_", "" ) app.logger.debug( "file size: {}Mo".format( mark[ "size" ] ) ) sql = "SELECT pfsp FROM mark_info WHERE uuid = %s" try: current_pfsp = config.db.query_fetchone( sql, ( mark_id, ) )[ "pfsp" ] except: current_pfsp = None app.logger.debug( "Current PFSP: {}".format( current_pfsp ) ) for z in pfsp.zones: if z[ "desc" ] == current_pfsp: current_pfsp = ",".join( z[ "sel" ] ) return my_render_template( "submission/mark_pfsp.html", submission_id = submission_id, nickname = nickname, file = mark, pfsp_zones = pfsp.zones, current_pfsp = current_pfsp ) @app.route( baseurl + "/submission//mark//set/pfsp", methods = [ "POST" ] ) @submission_has_access def submission_mark_pfsp_set( submission_id, mark_id ): """ Save the PFSP information relative to a mark. """ app.logger.info( "Save the PFSP for submission '{}' mark '{}'".format( submission_id, mark_id ) ) try: pfsp = request.form.get( "pfsp" ) sql = "SELECT id FROM mark_info WHERE uuid = %s" q = config.db.query_fetchone( sql, ( mark_id, ) ) if q == None: sql = utils.sql.sql_insert_generate( "mark_info", [ "uuid", "pfsp" ] ) config.db.query( sql, ( mark_id, pfsp, ) ) else: sql = "UPDATE mark_info SET pfsp = %s WHERE uuid = %s" config.db.query( sql, ( pfsp, mark_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/submission//mark//delete" ) @submission_has_access def submission_mark_delete( submission_id, mark_id ): """ Delete a mark from the database. """ app.logger.info( "Delete mark '{}' from submission '{}'".format( mark_id, submission_id ) ) sql = "SELECT id FROM submissions WHERE submitter_id = %s AND uuid = %s" q = config.db.query( sql, ( session[ "user_id" ], submission_id, ) ) if q != None: sql = "DELETE FROM files WHERE creator = %s AND uuid = %s" config.db.query( sql, ( session[ "user_id" ], mark_id, ) ) config.db.commit() return jsonify( { "error": False } ) else: return jsonify( { "error": True } ) ################################################################################ # Submission deletion @app.route( baseurl + "/submission//delete" ) @submission_has_access def submission_delete( submission_id ): """ Delete the empty submission. A submission can not be deleted after the upload of the consent form and the creation of the donor user. """ app.logger.info( "Delete the submission '{}' for user '{}'".format( submission_id, session[ "username" ] ) ) sql = "SELECT consent_form FROM submissions WHERE submitter_id = %s AND uuid = %s" cf = config.db.query_fetchone( sql, ( session[ "user_id" ], submission_id, ) )[ "consent_form" ] if not cf: sql = "DELETE FROM submissions WHERE submitter_id = %s AND uuid = %s" config.db.query( sql, ( session[ "user_id" ], submission_id, ) ) config.db.commit() return jsonify( { "error": False } ) else: app.logger.error( "Can not delete a submission with consent form" ) return jsonify( { "error": True, "message": "Can not delete if a consent form is already uploaded" } ) ################################################################################ # Image processing def get_submission_uuid_for_file( file_uuid ): """ Get the related submission uuid for a file uuid. """ sql = """ SELECT submissions.uuid FROM submissions LEFT JOIN files ON submissions.id = files.folder WHERE files.uuid = %s """ return config.db.query_fetchone( sql, ( file_uuid, ) )[ "uuid" ] @app.route( baseurl + "/image/file//preview" ) @login_required def image_file_serve( file_id ): """ Function to get an image from the database and return it as PNG preview image. """ app.logger.info( "Serve a preview for the file '{}'".format( file_id ) ) try: submission_id = get_submission_uuid_for_file( file_id ) app.logger.debug( "submission id: '{}'".format( submission_id ) ) img, _ = image_serve( "thumbnails", file_id, submission_id ) if img == None: app.logger.debug( "No image in the 'thumnnails' database. Recreating the thumbnail" ) img, _ = image_serve( "files", file_id, submission_id ) if img == None: return abort( 404 ) app.logger.debug( "Image from the 'files' table: {}".format( img ) ) img = create_thumbnail( file_id, img, submission_id ) app.logger.debug( "Thumbnail image: {}".format( img ) ) buff = utils.images.pil2buffer( img, "PNG" ) return send_file( buff, mimetype = "image/png" ) except: app.logger.error( "Error while creating the thumbnail. Serving a 'no preview' image" ) return send_file( no_preview_image(), mimetype = "image/png" ) @app.route( baseurl + "/image/segment//" ) @login_required def image_segment_serve( tenprint_id, pc ): """ Serve a preview for a segment image. """ app.logger.info( "Serving a segment image for the tenprint '{}', pc '{}'".format( tenprint_id, pc ) ) try: submission_id = get_submission_uuid_for_file( tenprint_id ) app.logger.debug( "submission id: {}".format( submission_id ) ) img, file_segment_id = image_serve( "files_segments", ( tenprint_id, pc ), submission_id ) img = create_thumbnail( file_segment_id, img, submission_id ) app.logger.debug( "image: {}".format( img ) ) buff = utils.images.pil2buffer( img, "PNG" ) return send_file( buff, mimetype = "image/png" ) except: app.logger.error( "Error while creating the thumbnail. Serving a 'no preview' image" ) return send_file( no_preview_image(), mimetype = "image/png" ) @app.route( baseurl + "/image/template//" ) @app.route( baseurl + "/image/template///" ) @login_required def image_tp_template( tenprint_id, side, action = "full" ): """ Serve a template image, full-resolution or preview. """ app.logger.info( "Serve the tenprint template image for {}, {}".format( tenprint_id, side ) ) if side in [ "front", "back" ]: img, _ = image_serve( "tenprint_cards", ( tenprint_id, side ), None ) if img == None: return send_file( no_preview_image(), mimetype = "image/png" ) if action == "preview": img.thumbnail( ( 500, 500 ) ) app.logger.debug( "image: {}".format( img ) ) buff = utils.images.pil2buffer( img, "PNG" ) return send_file( buff, mimetype = "image/png" ) else: return abort( 403 ) def image_serve( table, image_id, submission_id ): """ Backend function to get the image from the database. """ app.logger.info( "Serve the image '{}' for submission '{}' from table '{}'".format( image_id, submission_id, table ) ) need_to_decrypt = True if table == "files_segments": if isinstance( image_id, tuple ): tp, pc = image_id sql = "SELECT data, uuid FROM {} WHERE tenprint = %s AND pc = %s".format( table ) p = ( tp, pc, ) else: sql = "SELECT data, uuid FROM {} WHERE uuid = %s".format( table ) p = ( image_id, ) elif table in [ "files", "thumbnails" ]: sql = "SELECT data, uuid FROM {} WHERE uuid = %s".format( table ) p = ( image_id, ) elif table == "tenprint_cards": image_id, t = image_id sql = "SELECT image_{}, id FROM {} WHERE id = %s".format( t, table ) p = ( image_id, ) need_to_decrypt = False else: app.logger.error( "table '{}' not authorized".format( table ) ) raise Exception( "table not authorized" ) app.logger.debug( "sql: {}".format( sql ) ) app.logger.debug( "params: {}".format( p ) ) data = config.db.query_fetchone( sql, p ) if data == None: return None, None else: img, rid = data if img == None: return None, None app.logger.debug( "image: {}...".format( img[ 0:20 ] ) ) app.logger.debug( "need_to_decrypt: {}".format( need_to_decrypt ) ) if need_to_decrypt: img = do_decrypt_dek( img, submission_id ) img = str2img( img ) app.logger.debug( "image: {}".format( img ) ) return img, rid def str2img( data ): """ Convert a base64 string image to a PIL image. """ app.logger.info( "Convert string image to PIL format" ) if data == None: return None else: img = base64.b64decode( data ) buff = StringIO() buff.write( img ) buff.seek( 0 ) img = Image.open( buff ) app.logger.debug( "string: {}".format( data[ 0:20 ] ) ) app.logger.debug( "image: {}".format( img ) ) return img @app.route( baseurl + "/image/file//info" ) @login_required def img_info( image_id ): """ Get and return the metadata for a particular image. See do_img_info() for more informations. """ app.logger.info( "Serve image informations for image '{}'".format( image_id ) ) d = do_img_info( image_id ) if d != None: return jsonify( d ) else: return abort( 404 ) def do_img_info( image_id ): """ Retrieve the metadata for a particular image from the database. """ app.logger.debug( "Get image information from database for '{}'".format( image_id ) ) sql = "SELECT size, width, height, resolution, format FROM files WHERE uuid = %s" d = config.db.query_fetchone( sql, ( image_id, ) ) for key, value in d.iteritems(): app.logger.debug( "{}: {}".format( key, value ) ) if d != None: return dict( d ) else: return None def create_thumbnail( file_uuid, img, submission_id ): """ Generate a thumbnail image for a PIL image passed in argument. """ app.logger.info( "Creating a thumbnail for the file '{}', submission '{}'".format( file_uuid, submission_id ) ) app.logger.debug( "Input image: {}".format( img ) ) img.thumbnail( ( 1000, 1000 ) ) width, height = img.size app.logger.debug( "Thumbnail: {}".format( img ) ) buff = StringIO() img.save( buff, format = img.format ) img_size = buff.tell() buff.seek( 0 ) app.logger.debug( "Encrypt the thumnbnail with DEK" ) img_data = buff.getvalue() img_data = base64.b64encode( img_data ) img_data = do_encrypt_dek( img_data, submission_id ) app.logger.debug( "Saving thumnbail to database" ) sql = utils.sql.sql_insert_generate( "thumbnails", [ "uuid", "width", "height", "size", "format", "data" ] ) data = ( file_uuid, width, height, img_size, img.format, img_data, ) config.db.query( sql, data ) config.db.commit() return img @app.route( baseurl + "/image/segment//start" ) @login_required def image_tenprint_segmentation( tenprint_id ): """ Route to start the segmentation of a tenprint image into segments (fingers or palm images). """ app.logger.info( "Start segmentations for '{}'".format( tenprint_id ) ) ret = do_image_tenprint_segmentation( tenprint_id ) return jsonify( { "error": False, "data": ret } ) def do_image_tenprint_segmentation( tenprint_id ): """ Backend function to create all the segments images for a tenprint souce image. """ sql = "SELECT size, resolution, type, format, data FROM files WHERE uuid = %s" img = config.db.query_fetchone( sql, ( tenprint_id, ) ) for key, value in img.iteritems(): if isinstance( value, str ) and len( value ) > 20: value = "{}...".format( value[ 0:20 ] ) app.logger.debug( "{}: {}".format( key, value ) ) res = img[ "resolution" ] img_format = img[ "format" ] side = { 1: "front", 2: "back" }[ img[ "type" ] ] app.logger.debug( "side: {}".format( side ) ) submission_id = get_submission_uuid_for_file( tenprint_id ) app.logger.debug( "Decrypt data with DEK" ) img = do_decrypt_dek( img[ "data" ], submission_id ) img = base64.b64decode( img ) buff = StringIO() buff.write( img ) buff.seek( 0 ) img = Image.open( buff ) app.logger.debug( "image: {}".format( img ) ) sql = "SELECT template FROM file_template WHERE file = %s" template_id = config.db.query_fetchone( sql, ( tenprint_id, ) )[ "template" ] zones = get_tenprint_template_zones( template_id, side ) app.logger.debug( "Use '{}' as tenprint template".format( template_id ) ) for z in zones: app.logger.debug( "Segmenting fpc '{}' ({})".format( z[ "pc" ], z[ "pc_name" ] ) ) tl_x, tl_y, br_x, br_y = map( lambda v: v * res / 2.54 , [ z[ "tl_x" ], z[ "tl_y" ], z[ "br_x" ], z[ "br_y" ] ] ) tmp = img.crop( ( tl_x, tl_y, br_x, br_y ) ) buff = StringIO() tmp.save( buff, format = img_format ) buff.seek( 0 ) app.logger.debug( "Encrypting segment image with DEK" ) file_data = buff.getvalue() file_data = base64.b64encode( file_data ) file_data = do_encrypt_dek( file_data, submission_id ) sql = "SELECT id FROM files_segments WHERE tenprint = %s AND pc = %s" q = config.db.query_fetchone( sql, ( tenprint_id, z[ "pc" ], ) ) if q == None: app.logger.debug( "Inserting to the database" ) sql = utils.sql.sql_insert_generate( "files_segments", [ "tenprint", "uuid", "pc", "data" ] ) data = ( tenprint_id, str( uuid4() ), z[ "pc" ], file_data ) config.db.query( sql, data ) else: app.logger.debug( "Updating the database" ) sql = "UPDATE files_segments SET data = %s WHERE tenprint = %s AND pc = %s" data = ( file_data, tenprint_id, z[ "pc" ] ) config.db.query( sql, data ) config.db.commit() return True ################################################################################ # Donor tenprints @app.route( baseurl + "/submission//tenprint/list" ) @submission_has_access def submission_tenprint_list( submission_id ): """ Serve the page with the list of tenprint images, splitted by front, back and NIST format. """ app.logger.info( "Get the list of tenprint for the submission '{}'".format( submission_id ) ) sql = "SELECT id, nickname FROM submissions WHERE uuid = %s" submission_folder_id, nickname = config.db.query_fetchone( sql, ( submission_id, ) ) nickname = do_decrypt_user_session( nickname ) sql = """ SELECT id, filename, uuid, type, creation_time FROM files WHERE folder = %s AND ( type = 1 OR type = 2 OR type = 5 ) ORDER BY creation_time DESC """ q = config.db.query_fetchall( sql, ( submission_folder_id, ) ) tenprint_cards = { "1": [], "2": [], "5": [] } nb = 0 for tenprint in q: app.logger.debug( "tenprint: '{}'".format( tenprint[ "id" ] ) ) nb += 1 tenprint_cards[ str( tenprint[ "type" ] ) ].append( { "id": tenprint.get( "id", None ), "filename": do_decrypt_user_session( tenprint.get( "filename", None ) ), "uuid": tenprint.get( "uuid", None ), "type": tenprint.get( "type", None ) } ) app.logger.info( "{} tenprint(s) for the submission '{}'".format( nb, submission_id ) ) return my_render_template( "submission/tenprint_list.html", tenprint_cards_front = tenprint_cards[ "1" ], tenprint_cards_back = tenprint_cards[ "2" ], tenprint_cards_nist = tenprint_cards[ "5" ], submission_id = submission_id, nickname = nickname ) @app.route( baseurl + "/submission//tenprint/" ) @submission_has_access def submission_tenprint( submission_id, tenprint_id ): """ Serve the page to see and edit a tenprint file. """ app.logger.info( "Serve tenprint edit page for '{}', submission '{}'".format( tenprint_id, submission_id ) ) sql = "SELECT id, nickname FROM submissions WHERE uuid = %s" submission_folder_id, nickname = config.db.query_fetchone( sql, ( submission_id, ) ) nickname = do_decrypt_user_session( nickname ) sql = """ SELECT files.uuid, files.filename, files.note, files.format, files.resolution, files.width, files.height, files.size, files.creation_time, files.type, file_template.template, files.quality FROM files LEFT JOIN file_template ON files.uuid = file_template.file WHERE folder = %s AND files.uuid = %s """ tenprint_file = config.db.query_fetchone( sql, ( submission_folder_id, tenprint_id, ) ) app.logger.debug( "tenprint type: {}".format( tenprint_file[ "type" ] ) ) if tenprint_file[ "type" ] == 5: app.logger.debug( "Redirect to the segments list page" ) return redirect( url_for( "submission_tenprint_segments_list", submission_id = submission_id, tenprint_id = tenprint_id ) ) else: tenprint_file[ "size" ] = round( 100 * float( tenprint_file[ "size" ] ) / ( 1024 * 1024 ) ) / 100 tenprint_file[ "filename" ] = do_decrypt_user_session( tenprint_file[ "filename" ] ) tenprint_file[ "note" ] = do_decrypt_user_session( tenprint_file[ "note" ] ) if tenprint_file[ "type" ] == 1: side = "front" elif tenprint_file[ "type" ] == 2: side = "back" ############################################################################ try: sql = "SELECT width, height, image_resolution FROM tenprint_cards WHERE id = %s LIMIT 1" tmp = config.db.query_fetchone( sql, ( tenprint_file[ "template" ], ) ) card_info = { "width": int( round( float( tmp[ "width" ] ) / 2.54 * tmp[ "image_resolution" ] ) ), "height": int( round( float( tmp[ "height" ] ) / 2.54 * tmp[ "image_resolution" ] ) ), "width_cm": tmp[ "width" ], "height_cm": tmp[ "height" ] } except: card_info = { "width": 0, "height": 0, "width_cm": 0, "height_cm": 0 } ############################################################################ sql = "SELECT id, country_code, name, width, height, size_display FROM tenprint_cards ORDER BY name" tenprint_templates = config.db.query_fetchall( sql ) ############################################################################ sql = "SELECT id, name FROM quality_type" quality_type = config.db.query_fetchall( sql ) ############################################################################ zones = get_tenprint_template_zones( tenprint_file[ "template" ], side ) datacolumns = [ "tl_x", "tl_y", "br_x", "br_y", "angle" ] ############################################################################ sql = "SELECT width, height, resolution FROM files WHERE uuid = %s LIMIT 1" img_info = config.db.query_fetchone( sql, ( tenprint_id, ) ) svg_hw_factor = float( img_info[ "width" ] ) / float( img_info[ "height" ] ) return my_render_template( "submission/tenprint.html", submission_id = submission_id, file = tenprint_file, nickname = nickname, card_info = card_info, img_info = img_info, svg_hw_factor = svg_hw_factor, zones = zones, datacolumns = datacolumns, tenprint_templates = tenprint_templates, quality_type = quality_type ) @app.route( baseurl + "/submission//tenprint//delete" ) @submission_has_access def submission_tenprint_delete( submission_id, tenprint_id ): """ Endpoint to delete a tenprint image. """ app.logger.info( "Delete tenprint '{}' from submission '{}'".format( tenprint_id, submission_id ) ) try: sql = "DELETE FROM files WHERE creator = %s AND uuid = %s" config.db.query( sql, ( session[ "user_id" ], tenprint_id, ) ) sql = "DELETE FROM files_segments WHERE tenprint = %s" config.db.query( sql, ( tenprint_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/submission//tenprint//set/template", methods = [ "POST" ] ) @submission_has_access def submission_tenprint_set_template( submission_id, tenprint_id ): """ Set the template id for a tenprint image. """ try: template = request.form.get( "template" ) app.logger.info( "Set tenprint template id to '{}' for '{}', submission id '{}'".format( template, tenprint_id, submission_id ) ) sql = "SELECT id FROM file_template WHERE file = %s" q = config.db.query_fetchone( sql, ( tenprint_id, ) ) if q == None: sql = utils.sql.sql_insert_generate( "file_template", [ "file", "template" ] ) config.db.query( sql, ( tenprint_id, template, ) ) config.db.commit() else: sql = "UPDATE file_template SET template = %s WHERE file = %s" config.db.query( sql, ( template, tenprint_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/submission////set/note", methods = [ "POST" ] ) @submission_has_access def submission_file_set_note( submission_id, file_type, tenprint_id ): """ Store the user encrypted notes for a tenprint image. """ try: app.logger.info( "Add note for tenprint '{}', '{}', submission id '{}'".format( tenprint_id, file_type, submission_id ) ) note = request.form.get( "note" ) note = do_encrypt_user_session( note ) sql = "UPDATE files SET note = %s WHERE uuid = %s RETURNING id" config.db.query( sql, ( note, tenprint_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/submission//tenprint//set/quality", methods = [ "POST" ] ) @submission_has_access def submission_tenprint_set_quality( submission_id, tenprint_id ): """ Store the quality for a tenprint image. """ try: quality = request.form.get( "quality" ) app.logger.info( "Set the quality to '{}' for tenprint '{}', submission id '{}'".format( quality, tenprint_id, submission_id ) ) sql = "UPDATE files SET quality = %s WHERE uuid = %s RETURNING id" config.db.query( sql, ( quality, tenprint_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) ################################################################################ # Tenprint segments @app.route( baseurl + "/submission//tenprint//segment/list" ) @submission_has_access def submission_tenprint_segments_list( submission_id, tenprint_id ): """ Serve the page with the list of segments for a tenprint image. """ app.logger.info( "Get the list of segments for tenprint '{}', submission id '{}'".format( tenprint_id, submission_id ) ) sql = "SELECT id, nickname FROM submissions WHERE uuid = %s" submission_folder_id, nickname = config.db.query_fetchone( sql, ( submission_id, ) ) nickname = do_decrypt_user_session( nickname ) sql = "SELECT uuid, filename FROM files WHERE folder = %s AND files.uuid = %s" tenprint_file = config.db.query_fetchone( sql, ( submission_folder_id, tenprint_id, ) ) filename = do_decrypt_user_session( tenprint_file[ "filename" ] ) tenprint_id = tenprint_file[ "uuid" ] ############################################################################ sql = """ SELECT files_segments.pc, files_segments.data, pc.name FROM files_segments LEFT JOIN pc ON pc.id = files_segments.pc WHERE tenprint = %s """ segments = config.db.query_fetchall( sql, ( tenprint_id, ) ) nb_segments = len( segments ) app.logger.debug( "{} segments stored in database".format( nb_segments ) ) ############################################################################ return my_render_template( "submission/segment_list.html", submission_id = submission_id, tenprint_id = tenprint_id, nickname = nickname, filename = filename, segments = segments, nb_segments = nb_segments ) @app.route( baseurl + "/submission//tenprint//segment/" ) @submission_has_access def submission_segment( submission_id, tenprint_id, pc ): """ Serve the page to edit the information relative to a segment image. """ app.logger.info( "Serve the edit page for segment '{}'".format( pc ) ) pc = int( pc ) if not pc in config.all_fpc: app.logger.error( "'{}' not in the pc_list".format( pc ) ) return redirect( url_for( "submission_tenprint_segments_list", submission_id = submission_id, tenprint_id = tenprint_id ) ) else: app.logger.debug( "Retrieving data for submission '{}', pc '{}'".format( submission_id, pc ) ) sql = "SELECT id, nickname FROM submissions WHERE uuid = %s" submission_folder_id, nickname = config.db.query_fetchone( sql, ( submission_id, ) ) nickname = do_decrypt_user_session( nickname ) sql = "SELECT uuid, filename, type FROM files WHERE folder = %s AND files.uuid = %s" tp_file = config.db.query_fetchone( sql, ( submission_folder_id, tenprint_id, ) ) tp_filename = do_decrypt_user_session( tp_file[ "filename" ] ) sql = "SELECT name FROM pc WHERE id = %s" pc_name = config.db.query_fetchone( sql, ( pc, ) )[ "name" ] sql = """ SELECT gp.div_name FROM donor_fingers_gp LEFT JOIN submissions ON donor_fingers_gp.donor_id = submissions.donor_id LEFT JOIN gp ON donor_fingers_gp.gp = gp.id WHERE submissions.uuid = %s AND donor_fingers_gp.fpc = %s """ try: current_gp = config.db.query_fetchone( sql, ( submission_id, pc, ) )[ "div_name" ] except: current_gp = None if pc in xrange( 1, 10 ): next_pc = pc + 1 tp_type = "finger" elif pc == 10: next_pc = None tp_type = "finger" elif pc == 25: next_pc = 27 tp_type = "palm" elif pc == 27: next_pc = None tp_type = "palm" else: return abort( 404 ) app.logger.debug( "pc: {}".format( pc ) ) app.logger.debug( "tp_type: {}".format( tp_type ) ) app.logger.debug( "next pc: {}".format( next_pc ) ) return my_render_template( "submission/segment.html", submission_id = submission_id, nickname = nickname, pc_name = pc_name, tp_filename = tp_filename, tenprint_id = tenprint_id, pc = pc, next_pc = next_pc, current_gp = current_gp, tp_type = tp_type ) @app.route( baseurl + "/submission//tenprint/segment//set/gp", methods = [ "POST" ] ) @submission_has_access def submission_segment_set_gp( submission_id, pc ): """ Set the general pattern of a fingerprint segment image (FPC 1-10). """ try: pc = int( pc ) gp = request.form.get( "gp" ) app.logger.info( "Set general pattern for '{}', pc '{}' to '{}'".format( submission_id, pc, gp ) ) sql = "SELECT id FROM gp WHERE name = %s" r = config.db.query_fetchone( sql, ( gp, ) ) if r == None: app.logger.error( "General pattern not recognized" ) return jsonify( { "error": True, "message": "General pattern not recognized" } ) gp_id = r[ "id" ] sql = """ SELECT count( * ) FROM donor_fingers_gp LEFT JOIN submissions ON donor_fingers_gp.donor_id = submissions.donor_id WHERE submissions.uuid = %s AND donor_fingers_gp.fpc = %s GROUP BY donor_fingers_gp.id """ nb = config.db.query_fetchone( sql, ( submission_id, pc, ) ) sql = "SELECT donor_id FROM submissions WHERE uuid = %s" donor_id = config.db.query_fetchone( sql, ( submission_id, ) )[ "donor_id" ] if nb == 0 or nb == None: app.logger.debug( "Insert general pattern in database" ) sql = utils.sql.sql_insert_generate( "donor_fingers_gp", [ "donor_id", "fpc", "gp" ] ) config.db.query( sql, ( donor_id, pc, gp_id, ) ) else: app.logger.debug( "Update general patern in database" ) sql = "UPDATE donor_fingers_gp SET gp = %s WHERE donor_id = %s AND fpc = %s" config.db.query( sql, ( gp_id, donor_id, pc, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) ################################################################################ # User profile @app.route( baseurl + "/user/myprofile/dek" ) @login_required def user_myprofile_dek(): """ Serve the page to manadge the Data Encryption Key of a donor. """ app.logger.info( "Serve the donor DEK page" ) sql = """ SELECT dek, salt FROM donor_dek WHERE donor_name = %s """ data = config.db.query_fetchone( sql, ( session[ "username" ], ) ) has_dek = data[ "dek" ] != None has_salt = data[ "salt" ] != None app.logger.debug( "username: {}".format( session[ "username" ] ) ) app.logger.debug( "has_dek: {}".format( has_dek ) ) app.logger.debug( "has_salt: {}".format( has_salt ) ) return my_render_template( "users/profile/dek.html", has_dek = has_dek, has_salt = has_salt ) @app.route( baseurl + "/user/myprofile/tenprint" ) @login_required def user_myprofile_tenprint(): """ Serve the page to see all the information related to the current user. This page is the summary of all informations related to the current logged user, i.e. the tenprint cards and mark images. The consent form, beeing mendatory to upload the tenprint and mark images, and beeing encrypted in the database, is not accessible by the user via this interface. The consent form has been sent the the donor by email anyways before uploading any of the images. """ app.logger.info( "Serve the page with all tenprint to the donor" ) sql = """ SELECT files.id, files.uuid FROM users LEFT JOIN submissions ON users.email = submissions.email_hash LEFT JOIN files ON files.folder = submissions.id WHERE users.id = %s AND ( files.type = 1 OR files.type = 2 OR files.type = 5 ) """ tenprint_cards = config.db.query_fetchall( sql, ( session[ "user_id" ], ) ) app.logger.debug( "{} tenprint(s) stored in database".format( len( tenprint_cards ) ) ) return my_render_template( "users/profile/tenprint.html", tenprint_cards = tenprint_cards ) ################################################################################ # Tenprint templates @app.route( baseurl + "/template/tenprint/list" ) @admin_required def template_tenprint_list(): """ Serve the page with the list of templates. """ app.logger.info( "Serve the list of tenprint templates" ) sql = "SELECT id, country_code, name FROM tenprint_cards ORDER BY name ASC" tp_templates = config.db.query_fetchall( sql ) app.logger.debug( "{} tenmplates found".format( len( tp_templates ) ) ) return my_render_template( "tp_template/list.html", tp_templates = tp_templates ) @app.route( baseurl + "/template/tenprint/new" ) @admin_required def template_tenprint_new_meta(): """ Serve the page to create a new tenprint template. """ app.logger.info( "Create a new tenprint template" ) return my_render_template( "tp_template/new_meta.html" ) @app.route( baseurl + "/template/tenprint/new//images" ) @admin_required def template_tenprint_new_images( template_id ): """ Add new images to a tenprint template. """ app.logger.info( "Add a new image to the tenprint template '{}'".format( template_id ) ) sql = "SELECT id, name, country_code FROM tenprint_cards WHERE id = %s" card = config.db.query_fetchone( sql, ( template_id, ) ) return my_render_template( "tp_template/new_images.html", card = card ) @app.route( baseurl + "/template/tenprint/new/insert", methods = [ "POST" ] ) @admin_required def template_tenprint_new_do(): """ Save the tenprint template to the database. """ try: app.logger.info( "Save the tenprint template to the database" ) name = request.form.get( "name" ) country_code = request.form.get( "country_code" ) app.logger.debug( "name: {}".format( name ) ) app.logger.debug( "country code: {}".format( country_code ) ) sql = utils.sql.sql_insert_generate( "tenprint_cards", [ "name", "country_code" ], "id" ) template_id = config.db.query_fetchone( sql, ( name, country_code, ) )[ "id" ] app.logger.debug( "Set all zones values to 0 for FPC in {}".format( config.all_fpc ) ) for pc in config.all_fpc: sql = utils.sql.sql_insert_generate( "tenprint_zones", [ "card", "pc", "angle", "tl_x", "tl_y", "br_x", "br_y" ] ) config.db.query( sql, ( template_id, pc, 0, 0, 0, 0, 0 ) ) config.db.commit() return jsonify( { "error": False, "id": template_id } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/template/tenprint/new//upload_image", methods = [ "POST" ] ) @admin_required def template_tenprint_new_uploadimage( template_id ): """ Save the front and back images for a tenprint template to the database. """ app.logger.info( "Upload new image for the tenprint template '{}'".format( template_id ) ) side = request.form.get( "card_face" ) if side in [ "front", "back" ]: data = request.files[ "file" ] img = Image.open( data ) image_width, image_height = img.size try: res = img.info[ "dpi" ][ 0 ] width = round( image_width * 2.54 / float( res ) ) height = round( image_height * 2.54 / float( res ) ) except: res = 0 width = 0 height = 0 app.logger.debug( "side: {}".format( side ) ) app.logger.debug( "image: {}".format( img ) ) app.logger.debug( "width: {}".format( width ) ) app.logger.debug( "height: {}".format( height ) ) app.logger.debug( "resolution: {}".format( res ) ) fp = StringIO() img.save( fp, format = "JPEG" ) fp.seek( 0 ) data = fp.getvalue() data = base64.b64encode( data ) app.logger.debug( "Saving the image to the database" ) sql = """ UPDATE tenprint_cards SET image_{0} = %s, image_{0}_width = %s, image_{0}_height = %s, image_resolution = %s, image_format = %s, width = %s, height = %s WHERE id = %s""".format( side ) config.db.query( sql, ( data, image_width, image_height, res, "JPEG", width, height, template_id, ) ) config.db.commit() # If the resolution is set to 0 (hence not correclty set in the image), # the user need to perform an action to set it correctly. The storage # of the image data has to be done before. if res != 0: return jsonify( { "error": False } ) else: return jsonify( { "need_action": True, "action": "set_resolution" } ) else: return abort( 403 ) @app.route( baseurl + "/template/tenprint//set/resolution", methods = [ "POST" ] ) @admin_required def template_tenprint_new_setresolution( template_id ): """ Set the resolution for a tenprint template image. """ res = request.form.get( "resolution" ) app.logger.info( "Set the resolution of the tenprint template '{}' to '{}'".format( template_id, res ) ) try: sql = "UPDATE tenprint_cards SET image_resolution = %s WHERE id = %s" config.db.query( sql, ( res, template_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) def get_tenprint_template_zones( template_id, side ): """ Get all the segments zones for a template passed in parameter. """ app.logger.info( "Get all zones for the tenprint template '{}'".format( template_id, side ) ) sql = """ SELECT tenprint_zones.pc, tl_x, tl_y, br_x, br_y, angle, pc.name FROM tenprint_zones JOIN tenprint_zones_location ON tenprint_zones.pc = tenprint_zones_location.pc JOIN pc ON tenprint_zones.pc = pc.id WHERE card = %s AND tenprint_zones_location.side = %s ORDER BY pc """ r = config.db.query_fetchall( sql, ( template_id, side, ) ) zones = [] for pc, tl_x, tl_y, br_x, br_y, angle, pc_name in r: tl_x = utils.misc.float_or_null( tl_x ) tl_y = utils.misc.float_or_null( tl_y ) br_x = utils.misc.float_or_null( br_x ) br_y = utils.misc.float_or_null( br_y ) zones.append( { "pc": pc, "tl_x": tl_x, "tl_y": tl_y, "br_x": br_x, "br_y": br_y, "angle": angle, "pc_name": pc_name } ) app.logger.debug( "{} zones for the tenprint template '{}'".format( len( zones ), template_id ) ) return zones @app.route( baseurl + "/template/tenprint//" ) @login_required def template_tenprint( template_id, side ): """ Serve the tenprint template page. """ app.logger.info( "Serve the tenprint template edit page for '{}', '{}'".format( template_id, side ) ) if side in [ "front", "back" ]: sql = """ SELECT tenprint_zones.pc, tl_x, tl_y, br_x, br_y, angle, pc.name FROM tenprint_zones JOIN tenprint_zones_location ON tenprint_zones.pc = tenprint_zones_location.pc JOIN pc ON tenprint_zones.pc = pc.id WHERE card = %s AND tenprint_zones_location.side = %s ORDER BY pc """ r = config.db.query_fetchall( sql, ( template_id, side, ) ) zones = [] for pc, tl_x, tl_y, br_x, br_y, angle, pc_name in r: tl_x = utils.misc.float_or_null( tl_x ) tl_y = utils.misc.float_or_null( tl_y ) br_x = utils.misc.float_or_null( br_x ) br_y = utils.misc.float_or_null( br_y ) zones.append( { "pc": pc, "tl_x": tl_x, "tl_y": tl_y, "br_x": br_x, "br_y": br_y, "angle": angle, "pc_name": pc_name } ) app.logger.debug( "{} zones for '{}'".format( len( zones ), template_id ) ) datacolumns = [ "tl_x", "tl_y", "br_x", "br_y", "angle" ] sql = """ SELECT id, name, country_code, width, height, size_display, image_{0}_width, image_{0}_height, image_resolution FROM tenprint_cards WHERE id = %s LIMIT 1 """.format( side ) img_info = config.db.query_fetchone( sql, ( template_id, ) ) card_info = { "width": int( round( float( img_info[ "width" ] ) / 2.54 * img_info[ "image_resolution" ] ) ), "height": int( round( float( img_info[ "height" ] ) / 2.54 * img_info[ "image_resolution" ] ) ), } app.logger.debug( "card width: {}".format( card_info[ "width" ] ) ) app.logger.debug( "card height: {}".format( card_info[ "height" ] ) ) svg_h = float( img_info[ "image_{}_height".format( side ) ] ) svg_w = float( img_info[ "image_{}_width".format( side ) ] ) svg_hw_factor = svg_w / svg_h app.logger.debug( "svg width: {}".format( svg_w ) ) app.logger.debug( "svg height: {}".format( svg_h ) ) return my_render_template( "tp_template/template.html", zones = zones, img_info = img_info, card_info = card_info, svg_hw_factor = svg_hw_factor, card_id = template_id, side = side, datacolumns = datacolumns, **config.misc ) else: app.logger.error( "{} not allowed".format( side ) ) return abort( 403 ) @app.route( baseurl + "/template/tenprint//set/zones", methods = [ "POST" ] ) @login_required def update_zone_coordinates( template_id ): """ Update the segments zones coordinates in the database. """ app.logger.info( "Set zones for '{}'".format( template_id ) ) template_id = int( template_id ) data = request.form.get( "data" ) if data != None: data = json.loads( data ) for pc, value in data.iteritems(): pc = int( pc ) app.logger.debug( "{}: {}".format( pc, value ) ) for coordinate, v in value.iteritems(): sql = "UPDATE tenprint_zones SET {} = %s WHERE card = %s AND pc = %s".format( coordinate ) data = ( v, template_id, pc, ) config.db.query( sql, data ) config.db.commit() return jsonify( { "error": False } ) else: return abort( 403 ) @app.route( baseurl + "/template/tenprint//delete/zone", methods = [ "POST" ] ) @login_required def delete_zone_coordinates( template_id ): """ Delete a unused segment zone for a template (for example FPC 25 and 27 on the front-page, ...) """ pc = request.form.get( "pc" ) app.logger.info( "Delete zone '{}' for template '{}'".format( pc, template_id ) ) try: sql = "DELETE FROM tenprint_zones WHERE card = %s AND pc = %s" config.db.query( sql, ( template_id, pc, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/template/tenprint//set/", methods = [ "POST" ] ) @login_required def update_tptemplate_var( template_id, varname ): """ Update the name, country_code or displayed size variable for a tenprint template. """ app.logger.info( "Setting variable '{}' to template '{}'".format( varname, template_id ) ) if not varname in [ "name", "country_code", "size_display" ]: app.logger.error( "'{}' not allowed".format( varname ) ) return jsonify( { "error": True } ) else: try: data = request.form.get( varname ) data = str( data ) sql = "UPDATE tenprint_cards SET {} = %s WHERE id = %s".forat( varname ) config.db.query( sql, ( data, template_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/template/tenprint//set/hw", methods = [ "POST" ] ) @login_required def update_tptemplate_heightwidth( template_id ): """ Set the image size of a template. """ app.logger.info( "Setting the height and width for tenprint template '{}'".format( template_id ) ) try: height = request.form.get( "height" ) width = request.form.get( "width" ) height = float( height ) width = float( width ) app.logger.debug( "height: {}".format( height ) ) app.logger.debug( "wigth: {}".format( width ) ) sql = "UPDATE tenprint_cards SET height = %s, width = %s WHERE id = %s" config.db.query( sql, ( height, width, template_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) @app.route( baseurl + "/template/tenprint//set/resolution" ) @login_required def update_tptemplate_res( template_id ): """ Update the resolution of the image for a template. """ app.logger.info( "Setting the resolution for tenprint template '{}'".format( template_id ) ) try: res = request.form.get( "resolution" ) res = float( res ) app.logger.debug( "resolution: {}".format( res ) ) sql = "UPDATE tenprint_cards SET image_resolution = %s WHERE id = %s" config.db.query( sql, ( res, template_id, ) ) config.db.commit() return jsonify( { "error": False } ) except: return jsonify( { "error": True } ) ################################################################################ # PiAnoS API @app.route( baseurl + "/pianos_api" ) @admin_required def pianos_actions(): """ Serve the page with all actions related to the dedicated PiAnoS server. """ app.logger.info( "Serve the PiAnoS actions page" ) return my_render_template( "PiAnoS/actions.html" ) @app.route( baseurl + "/pianos_api/add_user/all" ) @admin_required def pianos_update_all_accounts(): """ serve the function to update the users in PiAnoS """ app.logger.info( "Copy all accounts to PiAnoS" ) return jsonify( { "error": not do_pianos_update_all_accounts() } ) def do_pianos_update_all_accounts(): """ Copy/update the credentials for all users. This function keep the credentials in sync between ICNML and PiAnoS. """ try: sql = """ SELECT users.username, users.password, account_type.name as g FROM users LEFT JOIN account_type ON users.type = account_type.id WHERE users.password IS NOT NULL """ nb = 0 for user in config.db.query_fetchall( sql ): nb += 1 username, h, group_name = user app.logger.debug( "Copy the user '{}' to PiAnoS".format( username ) ) groupid = config.pianosdb.create_group( group_name ) pianos_user_id = config.pianosdb.create_user( username = username, hash = h, groupid = groupid ) config.pianosdb.reset_user( username, hash = h ) config.pianosdb.create_folder( "{}'s folder".format( username ), pianos_user_id, None, pianos_user_id ) config.pianosdb.commit() app.logger.info( "{} users copied to PiAnoS".format( nb ) ) return True except: return False @app.route( baseurl + "/pianos_api/add_segments/all" ) @admin_required def pianos_copy_all_segments(): """ Route to push all segments to PiAnoS. """ app.logger.info( "Copy all segments to PiAnoS" ) return jsonify( { "error": not do_pianos_copy_all_segments() } ) def do_pianos_copy_all_segments(): """ Copy all segments images to PiAnoS. If the case already exists, the image is not pushed to PiAnoS. """ try: folder_id = config.pianosdb.create_folder( "Annotation" ) img = Image.new( "L", ( 200, 200 ), 255 ) empty_img_res = 500 empty_img_id = config.pianosdb.create_image( "PRINT", img, empty_img_res, "empty" ) sql = """ SELECT files_segments.uuid, files_segments.data, files_v.resolution FROM files_segments LEFT JOIN files_v ON files_segments.tenprint = files_v.uuid """ for segment in config.db.query_fetchall( sql ): img = str2img( segment[ "data" ] ) app.logger.debug( "{}: {}".format( segment[ "uuid" ], img ) ) try: config.pianosdb.create_exercise( folder_id, segment[ "uuid" ], "", img, segment[ "resolution" ], empty_img_id, empty_img_res ) except caseExistsInDB: continue except: raise config.pianosdb.commit() return True except: return False ################################################################################ # Home page @app.route( baseurl + "/" ) @login_required def home(): """ Serve the homepage to all users. """ if session[ "account_type_name" ] == "Donor": return redirect( url_for( "user_myprofile_dek" ) ) elif session[ "account_type_name" ] == "Submitter": return redirect( url_for( "submission_list" ) ) else: return my_render_template( "index.html" ) ################################################################################ # Main application configuration gpg = gnupg.GPG( **config.gpg_options ) for key_file in os.listdir( config.keys_folder ): with open( config.keys_folder + "/" + key_file, "r" ) as fp: gpg.import_keys( fp.read() ) account_type_id_name = {} sql = "SELECT id, name FROM account_type" for at in config.db.query_fetchall( sql ): account_type_id_name[ at[ "id" ] ] = at[ "name" ]