Merge branch 'master' into develop

Author: adabedi

README.md

@@ -12,9 +12,6 @@ Being Open Source, the application can be implemented within an organisation usi
 
 Being modular, the application can be connected to an existing openEHR repository or operated with a stand-alone repository.
 
-- [Screening question screenshot](https://github.com/AppertaFoundation/COVID-19-screening-interface/blob/master/frontend/screenshots/screening-questions.png)
-- [Screening date screenshot](https://github.com/AppertaFoundation/COVID-19-screening-interface/blob/master/frontend/screenshots/screening-questions-date.png)
-
 ## Project aims
 
 The aims of this project are:
@@ -164,35 +161,37 @@ You can engage and contribute in the following ways:
 1. Clone the repo's, make changes and create a Pull Request (PR)
 2. Raise an issue on Github
 3. Join us on Slack, contact info@apperta.org for details
-4. Share with others
-5. add to the roadmap
+4. Share details of this project with others
+5. Add to the roadmap
 
 ## Team
 
-Many people are involved in this project directly and indirectly and it builds on significant efforts of the industry and community. Some of the people in our team are:
+Many people are involved in this project directly and indirectly and it builds on significant efforts of the industry and community. Some of the people in our direct team are:
 
 ### openEHR clinical modelling
 
-- Ian McNicoll (FreshEHR)
-- Alan Fish (Apperta)
+- Ian McNicoll ([openEHR](https://www.openehr.org/),[FreshEHR](https://freshehr.com/))
+- Alan Fish ([Apperta](https://apperta.org/))
 
 ### Clinical design
 
 - Dr Alexander Davey
 
 ### System development
 
-- JJ - Architecture (OpusVL)
-- James Curtis - Developer (OpusVL)
-- Adrianna - Front-end engineer (OpusVL)
-- Darren Wilson - User Experience (UX Centric)
-- Paul - Infrastructure engineer (OpusVL)
+- James C - Developer ([OpusVL](https://opusvl.com)
+- Adrianna - Front-end engineer ([OpusVL](https://opusvl.com)
+- Darren Wilson - User Experience ([UX Centric](https://www.uxcentric.co.uk/))
+- Paul B - Infrastructure engineer ([OpusVL](https://opusvl.com)
+- Nick - Developer ([OpusVL](https://opusvl.com)
+- Paul W - Developer ([OpusVL](https://opusvl.com)
+- Matt S - Developer (RBC/community)
 
 ### Project management
 
-- David Jobling (Apperta)
-- Stuart Mackintosh (OpusVL)
-
+- David Jobling - Project co-ordinator / analyst ([Apperta](https://apperta.org/))
+- JJ - Architect / project director ([OpusVL](https://opusvl.com))
+- Stuart Mackintosh ([OpusVL](https://opusvl.com)
 
 ## Contact
 

c19-backend/C19/settings.py

@@ -25,7 +25,7 @@
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ['*']
 
 
 # Application definition
@@ -37,6 +37,8 @@
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    'mozilla_django_oidc',
+    'corsheaders',
     'rest_framework',
     'api',
 ]
@@ -49,14 +51,15 @@
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
 ]
 
 ROOT_URLCONF = 'C19.urls'
 
 TEMPLATES = [
     {
         'BACKEND': 'django.template.backends.django.DjangoTemplates',
-        'DIRS': [],
+        'DIRS': [os.path.join(BASE_DIR, 'templates')],
         'APP_DIRS': True,
         'OPTIONS': {
             'context_processors': [
@@ -107,12 +110,9 @@
 
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': [
-        # 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly',
-        # 'rest_framework.permissions.DjangoModelPermissions',
-        'rest_framework.permissions.IsAuthenticated',
+        'rest_framework.permissions.AllowAny',  # until we have OAuth
     ],
     'DEFAULT_AUTHENTICATION_CLASSES': [
-        'rest_framework_simplejwt.authentication.JWTAuthentication',
     ],
 }
 
@@ -136,5 +136,25 @@
 STATIC_URL = '/static/'
 
 EHRBASE_CONNECTION_PARAMS = dict(
-    base_url=os.environ['C19_API_EHRBASE_URL'],
+    base_url=os.environ['C19_BACKEND_EHRBASE_URL'],
 )
+
+# mozilla-django-oidc
+
+AUTHENTICATION_BACKENDS = (
+    'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
+)
+
+OIDC_RP_CLIENT_ID = os.environ['OIDC_RP_CLIENT_ID']
+OIDC_RP_CLIENT_SECRET = os.environ['OIDC_RP_CLIENT_SECRET']
+OIDC_RP_SIGN_ALGO = os.environ['OIDC_RP_SIGN_ALGO']
+OIDC_RP_IDP_SIGN_KEY = os.environ['OIDC_RP_IDP_SIGN_KEY']
+OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_OP_AUTHORIZATION_ENDPOINT']
+OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_OP_TOKEN_ENDPOINT']
+OIDC_OP_USER_ENDPOINT = os.environ['OIDC_OP_USER_ENDPOINT']
+
+LOGOUT_REDIRECT_URL = '/'
+LOGIN_REDIRECT_URL = '/'
+
+CORS_ORIGIN_WHITELIST = tuple(
+    os.environ['C19_BACKEND_CORS_ORIGIN_WHITELIST'].split('|'))

c19-backend/C19/urls.py

@@ -16,7 +16,13 @@
 from django.contrib import admin
 from django.urls import path, include
 
+from .views import HomePageView
+
+
 urlpatterns = [
+    path('oidc/', include('mozilla_django_oidc.urls')),
     path('admin/', admin.site.urls),
-    path('api/', include('api.urls'))
+    path('api/', include('api.urls')),
+    path('', HomePageView.as_view(), name='home')
+    
 ]

c19-backend/C19/views.py

@@ -0,0 +1,6 @@
+from django.views.generic.base import TemplateView
+
+
+class HomePageView(TemplateView):
+
+    template_name = "home.html"

c19-backend/api/admin.py

@@ -2,24 +2,22 @@
 from django.contrib import admin
 
 # Register your models here.
-from api.models import C19APIUserProfile
+from api.models import C19APIPatientProfile
 
-class C19APIUserProfileAdminForm(forms.ModelForm):
+class C19APIPatientProfileAdminForm(forms.ModelForm):
     class Meta:
-        model = C19APIUserProfile
+        model = C19APIPatientProfile
         fields = (
             'user',
-            'clinical_author_name',
-            'clinical_author_id',
+            'patient_nhs_number',
         )
         widgets = {
-            'clinical_author_name': forms.TextInput(),
-            'clinical_author_id': forms.TextInput(),
+            'patient_nhs_number': forms.TextInput(),
         }
 
 
-class C19APIUserProfileAdmin(admin.ModelAdmin):
-    form = C19APIUserProfileAdminForm
-    list_display = ('user', 'clinical_author_name', 'clinical_author_id')
+class C19APIPatientProfileAdmin(admin.ModelAdmin):
+    form = C19APIPatientProfileAdminForm
+    list_display = ('user', 'patient_nhs_number')
 
-admin.site.register(C19APIUserProfile, C19APIUserProfileAdmin)
+admin.site.register(C19APIPatientProfile, C19APIPatientProfileAdmin)

c19-backend/api/migrations/0002_auto_20200317_1422.py

@@ -0,0 +1,31 @@
+# Generated by Django 3.0.4 on 2020-03-17 14:22
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('api', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='C19APIPatientProfile',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('patient_nhs_number', models.TextField()),
+                ('user', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, related_name='c19_api_user_profile', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'verbose_name': 'Covid-19 API User Profile',
+                'verbose_name_plural': 'Covid-19 API User Profiles',
+            },
+        ),
+        migrations.DeleteModel(
+            name='C19APIUserProfile',
+        ),
+    ]

c19-backend/api/models.py

@@ -1,17 +1,19 @@
 from django.conf import settings
 from django.db import models
 
-class C19APIUserProfile(models.Model):
+# TODO probably won't be needed once OAuth is set up
+#  remember to generate migration if you do remove it
+class C19APIPatientProfile(models.Model):
     user = models.OneToOneField(
         settings.AUTH_USER_MODEL,
-        related_name='c19_api_user_profile',
+        related_name='c19_api_patient_profile',
         on_delete=models.CASCADE)
-    clinical_author_name = models.TextField()
-    clinical_author_id = models.TextField()
+    # Need for this might disappear once using NHS login
+    patient_nhs_number = models.TextField()
 
     def __str__(self):
         return str(self.user)
 
     class Meta:
-        verbose_name = 'Covid-19 API User Profile'
-        verbose_name_plural = 'Covid-19 API User Profiles'
+        verbose_name = 'Covid-19 API Patient Profile'
+        verbose_name_plural = 'Covid-19 API Patient Profiles'

c19-backend/api/urls.py

@@ -3,10 +3,6 @@
 from rest_framework import routers
 from api import views
 from rest_framework.urlpatterns import format_suffix_patterns
-from rest_framework_simplejwt.views import (
-    TokenObtainPairView,
-    TokenRefreshView,
-)
 
 
 router = routers.DefaultRouter()
@@ -16,12 +12,4 @@
 urlpatterns = [
     path('', include(router.urls)),
     path('0.1/covid-screenings/', views.CovidScreenListView.as_view()),
-    path(
-        '0.1/auth/token/',
-        TokenObtainPairView.as_view(),
-        name='token_obtain_pair'),
-    path(
-        '0.1/auth/token/refresh/',
-        TokenRefreshView.as_view(),
-        name='token_refresh'),
 ]

c19-backend/api/views.py

@@ -3,12 +3,23 @@
 from rest_framework.response import Response
 from rest_framework import status
 
+from ehrbase_connector.connector import OpenEHRAPI
 from . import ehrbase
 
 class CovidScreenListView(APIView):
-
     def post(self, request, format=None):
-        # serializer = Covid19Serializer(data=request.data)
-        # if serializer.is_valid():
-        #     ehrbase.CONNECTION.post(data=serializer.data)
-        return Response(data={'fakeresponse': 'foo'})
+        screening_data = request.data
+        ehr_api = OpenEHRAPI(connection=ehrbase.CONNECTION)
+        ehr_id = ehr_api.ehr_id_for_nhs_number(
+            nhs_number=screening_data['nhs_number'])
+        return Response(
+            data={
+                # TODO we probably won't send the nhs number back,
+                #  this is just for stubbing to check the code branches
+                'nhs_number': screening_data['nhs_number'],
+                'ehr_id': ehr_id,
+                '_note':
+                    'Just a fake return value for stubbing purposes for now,'
+                    ' and will probably change completely',
+            },
+        )

c19-backend/ehrbase_connector/connector.py

@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 import os
 import requests
+import requests.exceptions
 
 import attr
 
@@ -13,5 +14,70 @@ def connect(*, base_url) -> 'OpenEHRConnector':
 class OpenEHRConnector(object):
     base_url = attr.ib()
 
-    def get(self, path):
-        return requests.get(self.base_url + path)
+    def _url(self, suffix):
+        return self.base_url + suffix
+
+    def get(self, path, params=None, **kwargs):
+        # TODO also pass auth=(user, pass) once basic auth implemented
+        return requests.get(self._url(path), params=params, **kwargs)
+
+    def post(self, path, data=None, json=None, **kwargs):
+        # TODO also pass auth=(user, pass) once basic auth implemented
+        return requests.post(self._url(path), data=data, json=json, **kwargs)
+
+
+@attr.s(frozen=True)
+class OpenEHRAPI(object):
+    connection = attr.ib()
+
+    def ehr_id_for_nhs_number(self, *, nhs_number: str):
+        def ehr_already_existed(status_code):
+            return status_code == 409  # Conflict
+        nhs_number_namespace = 'uk.nhs.number'
+        creation_response = self.connection.post(
+            '/ehrbase/rest/openehr/v1/ehr',
+            json={
+                "_type": "EHR_STATUS",
+                "subject": {
+                    "external_ref": {
+                        "id": {
+                            "_type": "GENERIC_ID",
+                            "value": nhs_number,
+                            "scheme": "uk.nhs.nhs_number"
+                        },
+                        "namespace": nhs_number_namespace,
+                        "type": "PERSON"
+                    }
+                },
+                "is_modifiable": "true",
+                "is_queryable": "true",
+            },
+        )
+        if creation_response.status_code == requests.codes.ok \
+           or ehr_already_existed(status_code=creation_response.status_code)\
+        :
+            # For now even if the POST was successful we have to GET because
+            # EHRBase sends empty body with status 204 instead of 201 with some
+            # JSON
+            fetch_response = self.connection.get(
+                '/ehrbase/rest/openehr/v1/ehr',
+                params={
+                    'subject_id': nhs_number,
+                    'subject_namespace': nhs_number_namespace,
+                },
+            )
+            if fetch_response.status_code == requests.codes.ok:
+                return fetch_response.json()['ehr_id']['value']
+            else:
+                raise APIException(
+                    "HTTP status {status} during GET /ehrbase/rest/openehr/v1/ehr"
+                    .format(status=fetch_response.status_code)
+                )
+        else:
+            raise APIException(
+                "HTTP status {status} during POST /ehrbase/rest/openehr/v1/ehr"
+            )
+
+
+class APIException(Exception):
+    pass