Attempt to upload unsecure patient document was declined over CLIENT API

nem · June 23, 2021, 11:44pm

Situation
I’m trying to POST patient documents over a Client API and I’m getting a 404 response along with the logs stating that “Attempt to upload unsecure patient document was declined”.

Running it through python.
I simply converted the curl example in the docs to use the python Request lib.

def _post_document(self, pid, path, file):
print(open(file, 'rb'))
file = {
       'document': (file, open(file, 'rb')),
}
url = self.url + "/patient/" + str(pid) + "/document&path=/" + path
return self.session.post(url, files=file)

I’m also testing with txt/pdf files which are both whitelisted files.

Based on the logs, I’m failing one of these conditions in document_services.php

// Ensure filetype is allowed
if ($GLOBALS['secure_upload'] && !isWhiteFile($fileData["tmp_name"])) {
    error_log("OpenEMR API Error: Attempt to upload unsecure patient document was declined");
    return false;
}

EDIT:

Ok, I’ve confirmed that $fileData is coming in empty all the way from so _rest_routes.inc.php
Leading me to believe that $_FILES isn’t properly storing the document. This leads to the logs I’ve been receiving because anytime $fileData[“tmp_name”] is checked it fails due to not existing.

"POST /api/patient/:pid/document" => function ($pid) {
        RestConfig::scope_check("user", "document", "write");
        $return = (new DocumentRestController())->postWithPath($pid, $_GET['path'], $_FILES['document']);
        RestConfig::apiLog($return);
        return $return;

Modifications I’ve made:

/etc/php/7.4/apache2/php.ini
    upload_tmp_dir = /var/tmp
    upload_max_filesize = 100M
    enable_post_data_reading = On

/etc/apache2/apache2.conf
    <Directory "/var/tmp">
        AllowOverride
        Require all granted
    </Directory>

$_FILES being empty seems to be a common problem with php due to a plethora of reasons.
I’m not sure what the case may be here but maybe someone else who has dealt with this can shine some light on my situation.

OpenEMR Version
I’m using OpenEMR version 6.0.2

Browser:
I’m using: Chrome

Operating System
I’m using: Win10

Logs

OpenEMR API Error: Attempt to upload unsecure patient document was declined