OpenMRS Planet

January 12, 2019

Ayush Goyal

January 06, 2019

Gayan Weerakutti

Install Unity3D on Linux

I’ve been running Unity on my Debian machine, and I’m pretty amazed by how well everything works, though it is not listed as an officially supported distro. It should also work for any other distro, Ubuntu, Fedora and the like.

The preferred way of installing Unity on Linux is by first installing Unity Hub.

Install & Run Unity Hub on Linux

You can find the Unity Hub setup file in here:

You can also refer to Unity Hub sub-forum in to make sure that you’re downloading the latest available version.

Once downloaded, you may need to give execute permission to the UnityHubSetup.AppImage

cd /path/to/download/dir
sudo chmod +x UnityHubSetup.AppImage

Then run the setup file. Either run it from the terminal or just open the file from a file manager.

Install Unity from Unity Hub

Running Unity Hub

In the Installs section of Unity Hub application, you can choose a preferred version of Unity that you want to install. Unity Hub will automatically download and install it for you. Unity Hub also helps us to easily switch between different versions of Unity.

Unity Crash

If your Unity crashes, most probably your graphics driver is to blame.

If you have an Intel graphic card that is 2007 or newer, try uninstalling xserver-xorg-video-intel Your system will then default to use the builtin modesetting driver instead.

dpkg -l xserver-xorg-video-intel
sudo apt-get purge xserver-xorg-video-intel

If that still not fix your issue, try asking in the forums.

If it’s not a known issue, you could also send a bug report, which will open an issue in Issue Tracker and Unity team will get back to you.

I’ve been running Unity on my Debian machine, and I’m pretty amazed by how well everything works, though it is not listed as an officially supported distro. It should also work for any other distro, Ubuntu, Fedora and the like.

by Gayan Weerakutti at January 06, 2019 05:02 PM

Ridmal Liyanagamge

How to clone a deep object in react-native

I was stuck in a error which saying “Attempted to assign to readonly property” when i tried to add new element in the clone object of the redux state.I used spread operator , And it work properly in the emulator ( in my case ) . But when it comes to real devices it don’t work.

const userData = {… reduxState.UserData}

So i was searching for the solution. And this spread operator cannot clone “deep objects”. What i meant by the “deep objects”. Here is one example for Deep object.

example for deep Object.

So what we gonna do ?

I found many alternative from the Internet for this problem. But the the best option is lodash CloneDeep method. :) .It can be very costly option which will take some time to execute. But it can perfectly clone the deep object and help to handle read only objects.(Mainly you work with redux states)

import _ from “lodash”;

Var newObject = _.cloneDeep(deepObj);

newObject will be a exact clone of the deep Object and it will be not equal to the deepObj.

by Ridmal Madushanka at January 06, 2019 01:38 PM

December 02, 2018

Robby O'Connor

OpenMRS Worldwide Summit 2015 Wrapup

    I have been around the OpenMRS Community in one form or another since 2008 when Burke Mamlin and Paul Biondich came by the Java IRC channel on freenode to recruit for Google Summer of Code and I was drawn by the fact that I could write code that saved lives. I went on to do the first two of my three Google Summer of Code stints with OpenMRS. My first Google Summer of Code was under Burke Mamlin and Ben Wolfe; my second was under Mike Seaton and Darius Jazayeri. Recently, I am currently Manager of Identity Systems, and also am a member of the OpenMRS Infrastructure Team and am having a blast.

   Three weeks ago (8-14 Dec) I got to meet all of my Google Summer of Code mentors but Ben Wolfe in person for the first time at the first annual OpenMRS Worldwide Summit in Singapore. This wasn't even the highlight. OpenMRS is a special community, one which I have yet to encounter anything similar. I was lucky enough and eternally grateful for the OpenMRS Inc. Travel Grant Program, which covered my hotel costs partially so that I could attend this amazing event.

   I arrived in Singapore, quite tired a little bit after 10:00 PM SGT on 6 December, and after getting through immigration and customs and grabbed my checked bags; I grabbed the shuttle for $9 SGD, which is reasonably cheap. 

  I spent most of the day following sleeping off jet lag, and then ran to the mall to troubleshoot what wound up being a case of PEBKAC with my simcard; and then met up with Michael Downey and Kaweesi  and grabbed some food and then headed for a preview of Wonder Full, an amazing water and light show which is amazing to see, the group of us from the summit as a whole went to see it on Friday, 11 December. One of the things that made me chuckle was the crosswalks telling me to wait for the green man...I saw that and snapped a photo as I was headed back to meet up with Michael Downey:

  I volunteered and helped out with registration and general event logistics such as set-up and breakdown each day, as well as helping out with registration. On Tuesday morning, I helped bring things to the event venue (Singapore Management University). Tuesday-Wednesday (8 Dec to 9 Dec) was tutorials, either day-long or half-day. Thursday-Saturday ( 8-12 Dec) was main Conference, with both formal talks and unconference sessions(more round-table discussion), my favorite of which was a cause which I feel strongly about is the Women in Technology session, which was an amazing session. Notes from the talk can be found in the link above. Hearing about the strategic goals of OpenMRS, as well as the the talks about the OpenMRS Governance, which was amazing. 

Photo by James Arbaugh, via OpenMRS Talk
   The lightning talks were amazing. I originally was not going to give a talk since I did not prepare slides, but last second I typed up some notes and gave a talk trying to recruit more people to mentor for Google Code-In, and I feel extremely passionate about this program. This year and last were by far my favorite years! It's exhilarating to look at the work of these students and just be amazed. We are fostering young open source developers, some as young as 13! I got so many compliments from people saying they loved my lightning talk. I just wish more people gave talks. The ones who did, hit it out of the park.
CV6R1e3WcAIsxGd.jpg (600×800)
 Photo Credit: Jan Flowers, via Twitter

   The after-hours activities were a chance to bond with the awesome community. There was an Informal Group Dinner at Maxwell Food Centre, The Pre-Summit BBQ at the Labrador Nature Reserve, Powerpoint Karaoke at Thoughtworks(I went with the "this is going to go bad" theme and it worked...), Chinatown Food Crawl. We also took a trip to the Marina Bay Sands for Wonder Full and a light show by Gardens By The Bay, which you can't get enough of. I had a way better seat for it this time! The after-hours activities were closed out by a fun trip to Little India, followed by a group dinner for those who went. Afterward, some of us headed to the Mustafa Centre and then met up with a group that were enjoying the beautiful Clark Quay night-life; we wound up closing out the night at Life of Liquor (LoL). The after-hours events gave the community a chance to bond.

Little India group shot (Photo from Mayank Sharma)

Photo Credit Hong Phuc Dang

Photo Credit Hong Phuc Dang

Photo Credit Hong Phuc Dang

Photo Credit Hong Phuc Dang
    On Wednesday, 9 December, Burke, Paul, Mayank and I took a walk to the Funan Tech Mall to get the prize for the scavenger hunt and grabbed lunch there. It was amazing to spend time with such amazing people. 
Mayank, Paul, Burke, and myself (from left to right) (from Mayank Sharma)

   One of my favorite moments was when we waiting for the light show at Gardens By the Bay, Burke spotted a kid with a Rubik's cube, pulled his out and well this was the end result, it was about as awkward and funny as it looks. Photo Credit to Mayank Sharma though, this picture needs to be included somewhere official, it's an epic battle, the kid forfeited, so I guess Burke wins by default? It's one of those you had to be there to appreciate it, but hopefully this still works somewhat. 

Photo Credit to Mayank Sharma

  It is also amazing that Mayank Sharma, Michael Downey, and myself (whom form 3/4 of the OpenMRS Infrastructure Team) were able to be together. Ryan Yates was missing sadly. Would have been pretty awesome to have all four of us.

Photo from Mayank Sharma

    I would like to thank OpenMRS, Inc for the Travel Grant to attend. I would also like to thank Michael Downey for the Korean BBQ on Sunday (12 Dec). Though one thing I'm sad about: I never got to try the infamous Durian, the only thing which doesn't seem to a carry a fine, nobody seems to know what actually happens...This sign was found in the MRT station.

by Robert O'Connor ( at December 02, 2018 09:21 AM

November 05, 2018

Jude Niroshan

How OAuth 2.0 works?

OAuth is a specification and it is being used to Authorization of resources for different outside people. We are using OAuth 2.0 as the standard specification by the time of writing this post. OAuth is a very simple workflow which has defined to allow the facility for the resource owner to share resources in a more controlled manner.

Today, almost all the giants in software industry adhere to this specification so that other software systems can easily share resources in between the system.

OAuth 2.0 is a HTTPS-based protocol which enables a resource owner (the end-user), using a user-agent (typically a browser), lets a client (typically an API consumer) access a protected resource on a resource server (typically an API provider) using credentials stored on an authorization server. Access to the protected resource is authorized by an access token.

Clients are assigned secrets that are shared with the authorization server.

1. Authorization Flows

There are 4 flows available.

1.1. Authorization Code flow

The Authorization Code flow is used when the client is a third-party server or web application, which performs the access to the protected resource.

The client does not have access to the resource owner credentials.

The user-agent connects to a URL hosted by the client. The client redirects the user-agent to the authorization server, including information identifying itself (a client id), the request (scope — the permissions being requested), and a URL pointing back to the client (redirect URL — it is referred to as an URI in the spec though it is always a HTTP URL).

The authorization server authorizes the resource owner, and may perform authentication such as username/password verification, and confirmation of the action requested. On success, it directs the user-agent back to the client through the provided redirect URL, adding an authorization code to the URL.

The redirect URL typically points to a server-side script that requests the access token through a POST to the authorization server. The POST is authenticated by the client secret, and provides the authorization code received as proof that the resource owner has indeed authorized the request. The server responds with the access token and an expiration time in the POST response.

1.2. Implicit Grant flow

The Implicit Grant flow is used when the user-agent will access the protected resource directly, such as in a rich web application or a mobile app. The client secret is not used.

The user-agent connects to a URL on the authorization server. This could either be a direct connection, or through a redirect made from the client. The request contains the client id, the request scope, and the redirect URL. If the authorization server passes the request, it performs a redirect to the redirect URL with the access token and expiration time in the fragment (after the hash #).

While the redirect URL points to the client, code inside the client (that is, the server-side app) does not see it. Instead, the URL may be used to load JavaScript that takes the access token from the URL and uses it. Or, a mobile app can capture the redirect, extract the access token and use it in its code, in which case the URL may just point to static content.

1.3. Resource Owner Password Credentials flow

The resource owner password credentials flow is used when the resource owner trusts the client to get its username and password. The client obtains the credentials through other means that are out of scope, then passes them directly to the authorization server to request an access token. This flow can be used to migrate traditional username/password authentication schemes.

1.4. Client Credentials flow

The client credentials flow obtains the access token purely based on the client shared secret.

2. Access to the Protected Resource

Once the client or user-agent (in the implicit grant flow) has the access token, it may use it to access the protected resource. There are 2 standard ways of sending the credentials, though more can be defined.

2.1. Bearer Token

The access token is should be placed in the Authorization HTTP header, and may only be placed in a POST request body, or the GET URL parameters as a fallback option.

2.2. MAC

A cryptographic MAC (Message Authentication Code) is computed using elements of the request and sent in the Authorization header. The Resource Owner computes and compares the MAC upon receiving the request.

The access token may only be placed in the Authorization HTTP header

3. Refresh Tokens

In the Authorization Code and Resource Owner Credentials flows, the authorization server implementation may choose to issue a refresh token. This refresh token may be used to obtain a new access token without requesting authorization again.

by Jude Niroshan at November 05, 2018 06:09 AM

October 11, 2018

Alexis Duque

PhD Defense Presentation Slides

Slides of my PhD defense “Bidirectional Visible Light Communications for the Internet of Things” are available here: slides

I will share the manuscript very soon.

October 11, 2018 04:44 PM

October 10, 2018

Ayush Goyal

Using a GPS module(neo-7m) with Raspberry Pi 3

Recently, I got an opportunity to work on an awesome project which included hardware and software development. The project was about Tractor Telematics. For starters, we needed to track the location of a tractor in real time. So, we the one and only way for it was to use Raspberry Pi and a GPS module. While trying to make things work, I faced a lot of problems in the configuration and there was no one-stop guide for it. Hence, I decided that I will write a blog about how I did it and what problems I faced along with their solutions.

NOTE: All of these steps were done on a Raspberry Pi 3 model B and ublox neo-7m GPS module but it should work on other models too.

Configuring UART

sudo raspi-config

Select -> Interfacing Options

After selecting Interfacing option, select Serial option to enable UART

Then it will ask for login shell to be accessible over Serial, select No shown as follows.

At the end, it will ask for enabling Hardware Serial port, select Yes,

Finally, our UART is enabled for Serial Communication on RX and TX pin of Raspberry Pi 3.

Then, reboot the Raspberry Pi.

Hardware connections

In the GPS module I have there were total 4 connections to be made as follows:

  1. VCC — 5v(pin 2)
  2. GND — Pi’s ground(pin 6)
  3. RX — Pi’s TX
  4. TX — Pi’s RX

Note that Pin 1 is the one facing the memory card slot and Pin2 is just adjacent to it. Refer to following images for better understanding.

GPIO Pins numbering

Installing GPS Applications

sudo apt-get install gpsd gpsd-clients

Now, run the GPSD client

sudo gpsd /dev/ttyS0 -F /var/run/gpsd.sock

Here, ttyS0 is my serial port where GPS data is received, for other Raspberry Pi models this might be different. So, just replace ‘XXX’ in ttyXXX with appropriate name.

Now, type the following code to check the connections.

cat /dev/ttyS0

You should see a continuous stream of data. It is raw GPS data in NMEA format. If you see something like $GPTXT,01,01,01,NMEA unknown msg*58 a lot then check your serial port configuration. If the ‘echo’ option is enabled that will cause this problem. Just do stty -F /dev/ttyS0 -echo to disable echo then cat the gps serial device and those messages should stop.

Now, after this type cgps and you should see something like below.

After some time the data will be shown here.

If the cat command shows data but you get nothing in cgps at all do the following :

  1. Check if port 2947 is open in firewall.
  2. Open the file /etc/default/gps in sudo with any text editor and change DEVICES=”” to DEVICES=”/dev/ttyS0" and then type sudo systemctl restart gpsd

Note : It may take sometime for GPS module to receive data. So it time or anything else is shown in cgps that means configurations are all ok but module is not receiving GPS signals. So, just wait for sometime.

Some troubleshooting steps if cgps does not get a fix

1. Check GPS data stream

cat /dev/ttyS0

You should see the NMEA stream

2. Check GPS data with gpsmon

gpsmon /dev/ttyS0

It should run properly with the data stream

Note : It first two steps didn’t work, check you connections and configurations properly.

3. Run gpsd in debug mode

sudo gpsd /dev/ttyS0 -N -D3 -F /var/run/gpsd.sock

It should say that it is already running

4. Now type the following lines.

sudo systemctl stop gpsd.socket
sudo systemctl disable gpsd.socket

5. Now, launch gpsd again

sudo gpsd /dev/ttyS0 -F /var/run/gpsd.sock

Now, cgps should get a fix and no timeout.

After all the proper configurations, you need to run sudo gpsd /dev/ttyS0 -F /var/run/gpsd.sock every time the pi is rebooted. If you are using it as an IOT project you might want to automate everything.


Create a file at /etc/rc.local

sudo nano /etc/rc.local

Add following contents to the file

#!/bin/sh -e
sudo gpsd /dev/ttyS0 -F /var/run/gpsd.sock
exit 0

This will run our sudo command on every boot.

Using python to get Latitude and Longitude

I used a simple python script to get latitude and longitude from the gps module.

Here, I print the Latitude and Longitude but you can actually do whatever you like with them and later on make this script to run every time on boot using cron job.

To make a cron job first type crontab -e and in the window that appears write the following command.

@reboot cd /home/pi/ && python

Change the path and file name accordingly.

Small Issue

Now, after everything was setup the system was working pretty nice. But after 2–3 trial runs I found that something was crashing and I was not able to get the coordinates on my web server.

Now, there could be only two problems, either the GPS module is not configuring properly on every startup or my internet connection had some issues on boot. After hours of hit-and-try, and trying several permutations and combinations of different things on the internet I did the following to make it work.

I made a shell script and added the following lines of code to it.

sudo gpsd /dev/ttyS0 -F /var/run/gpsd.sock
stty -F /dev/ttyS0 -echo
sudo systemctl stop gpsd.socket
sudo systemctl disable gpsd.socket
sudo killall gpsd
sudo systemctl stop gpsd.socket
sudo systemctl disable gpsd.socket
sudo gpsd /dev/ttyS0 -F /var/run/gpsd.sock
sleep 10s
nohup python /home/pi/ > pylog.test &

Then I made it an executable.

sudo chmod 755 ./

After added it as cronjob to be executed on every startup and everything ran without any problems. My crontab file looked like this.

@reboot cd /home/pi/ && sh

Note : I know some of the lines in are redundant and may not be necessary but due to time crunch I was not able to further test it and make it more simpler. If you are reading this and have a more optimal foolproof solution kindly let me know in the comments or at .

by Ayush Goyal at October 10, 2018 01:03 PM

October 04, 2018

Alexis Duque

PhD Defense on Monday 9th October

After 3 year of intensive at Rtone and in the AGORA of the CITI Lab, I’m proud to announce that I will defend my PhD thesis “Bidirectional Visible Light Communications for the Internet of Things”.

It will take place on Tuesday October 9th starting at 2PM, at the Amphitheater CHAPPE - Department TC, INSA de Lyon, 6 avenue des arts, Villeurbanne.

You can find an abstract of the thesis and the jury in the following.

The jury will be composed of:

  • Emmanuel CHAPUT, Professeur des Universités, INP Toulouse, Rapporteur
  • Anne JULIEN-VERGONJANNE, Professeur des Universités Univ. Limoges, Rapporteur
  • Josep PARADELLS ASPAS, Professeur UPC, Rapporteur
  • Luc CHASSAGNE, Professeur des Universités UVSQ, Examinateur
  • Valeria LOSCRI, Chargé de Recherche INRIA Lille, Examinateur
  • Hervé RIVANO, Professeur des Universités INSA Lyon, Directeur de thèse
  • Razvan STANICA, Maître de Conférences INSA Lyon, co Directeur de thèse


With the exponential growth of the Internet of Things, people now expect every household appliance to be smart and connected. At the same time, smartphones have become ubiquitous in our daily life. Their continuous performance improvement and their compatibility with a broad range of radio protocols as WiFi, Bluetooth Low Energy (BLE) or NFC make them the most convenient way to interact with these smart objects. However, providing wireless connectivity with BLE or NFC means adding an extra chipset and an antenna, increasing the object size and price. Previous works already have demonstrated the possibility of receiving information through visible light using an unmodified smartphone thanks to its camera. Also, LED-to-LED communication for smart devices like toys has been shown previously. However, past efforts in LED to camera communication for IoT device communication have been limited.

In this work, we design LightIoT, a bidirectional visible-light communication (VLC) system between a low-cost, low-power colored LED that is part of an IoT device and an off-the-shelf smartphone. The IoT device is thus able to send and receive information through its LED, while the smartphone uses its camera to receive data and its flashlight to send information. We implement and experimentally evaluate a LED-to-camera VLC system, designed specifically for small LEDs. The proposed solution exploits the rolling shutter effect of unmodified smartphone cameras and an original decoding algorithm, achieving a throughput of nearly 2 kb/s. Based on the insight gained from an extensive experimental study, we model, for the first time in the literature, the LED-to-camera communication channel. We propose a Markov-modulated Bernoulli process model, which allows us to easily study the performance of different message retransmission strategies. We further exploit this model to implement a simulator for LED-to- Camera communications performance evaluation.

In order to achieve bi-directional communications, we evaluate flashlight-to- LED communications using non-rooted smartphones and small LEDs. With these constraints, our implementation achieves a throughput of 30 bits/second. While limited, this is enough for a feed-back channel coming to support the required redundancy mechanisms. Some of these redundancy mechanisms are based on random linear coding, never tested previously in VLC. Therefore, we design and implement, for the first time in the literature, a pseudo random linear coding scheme especially fitted for line-of-sight LED-to-camera conditions. Experimental evaluation highlights that this type of approach increases the goodput up to twice compared to classical retransmission strategies.

Finally, we compare the energy consumption of LightIoT with the one of a BLE module with similar activity. Our results show that using the LED for communication purposes reduces the energy consumption under a normal usage behavior.

October 04, 2018 10:06 AM

October 03, 2018

Jude Niroshan

What is CSRF Double Submit Cookies Pattern

It’s a type of web application vulnerability. At the most basic level, the reason for a CSRF is that browser’s do not understand how to distinguish if an action was performed deliberately by a user (like say by clicking a button on a form, or clicking a hyperlink etc.) or if the user unknowingly performed the action (like say user visited a page from some domain, say, and sent a request to while the user was already logged into

Now let’s replace above with And let’s assume that when a user, logged into, posts a comment on his wall, there is an HTTP GET request that gets sent, of the form say,

https: //

Now let’s assume that the user, while he is still logged in to, visits a page on Now belongs to an attacker where he has coded the following on

Now as soon as the user’s browser loads the contents of this page on, a request also gets sent to as :

https: //

because the browser tries to render the img tag. To do so it needs to fetch the resource specified in src and hence it sends the above HTTP GET request. So essentially the attacker could actually submit a request to on behalf of the user without him actually knowing this.

Now what could have potentially prevented this attack ?

If only there was some way to identify if the request was made by the user intentionally. So to do this, anti-CSRF token came into the picture. It is just a random, unique string generated by the server ( in our example above) and sent over to the user and set in the browser of the user as a cookie. Now for every request involving some sensitive action (like posting a comment in our facebook example above) the browser will send this random string also along with the request and the server before performing the action would verify if the random string is the one that it had sent to the browser or not.

The idea is that this random string will not be known to the attacker. So even if the attacker creates a img src as shown above, and the user visits, the action (of posting a comment in our example above) will not be performed, because for the action to be performed, apart from the URL, an additional thing is also required, which is the random string, which the attacker does not have.

But setting this random string in a cookie again has a HUGE flaw

Because of the way cookies are designed and the way in which browsers handle cookies, setting this random string (the anti-CSRF token) in the cookie will not serve our purpose. By design, cookies are automatically sent to the server with every request that the client makes to that server (simply put, and details ommited for simplicity. For more details refer : RFC2965)

So, in our example above, the attacker does not really need to know the random string. The posting comment action will still be completed because as soon as the user visits and loads the post comment URL (as explained above) the random anti-CSRF token (present in the cookie) will automatically accompany the request.

So what is the solution then ?

Instead of putting the anti-CSRF token in the cookie, the server ( needs to put it as a hidden parameter in a form and make when the user requests for posting a comment this form (holding the anti-CSRF token) should also be posted.

Now the attacker has no way of performing this sensitive action on behalf of the user (unless he somehow finds out the random anti-CSRF token itself)

Now coming to the problem of login CSRF and double submit cookie

A lot of times websites would protect themselves against CSRF attacks by deploying some form of anti_CSRF token architecture. But a lot of times websites do not care much about protecting their login form against CSRF attacks. Why ? — Because even a login form is vulnerable to CSRF and an attacker tries exploiting it by framing a login request to ( through his domain (, the the user would still need to enter his valid credentials to get loggedinto These credentials are available only with the genuine user and not the attacker and hence the attacker can not frame a successful login request.

So what is the attack opportunity for the attacker here ?

The attacker can create his own account with He now has a valid set of credentials for himself. Now he frames the login request to, with his login credentials, and on his domain ( Now when the user visits the page,, the user is logged into my account. I as an attacked can later see all the activities performed by the user on the account possibly disclosing sensitive info as well (like say friend requests sent if the user chooses to send new friend requests, messages sent to someone, again if the user does so after logging into my account. All of these possibilities depend on how convinced the user is that he has logged into this own account, which again the attacker can take care of by making his own facebook page look as close to the victim’s as possible to con him into believing that it is his account)

So now what is the mitigation technique against this?

It is a double submit cookie that we need now here.

What exactly does this mean

Double submitting cookies is defined as sending a random value in both a cookie and as a request parameter, with the server verifying if the cookie value and request value are equal.

How does it help mitigate the attack ?

As per the implementation principle of a double cookie, when an anonymous user (not logged in user) visits a login page the server sets a cookie with some random string in the user’s browser and also sets the same in a request parameter as well (say a form hidden field). When user submits the login request, these things get submitted with the request — the user credentials, the random string in the hidden form field and the cookie holding the random string (that gets sent automatically of course).

Now an attacker will have access to his own credentials, the random string set by the server in cookie and in the hidden form field for the attacker. When the attacker sends this crafted login request to the user (the victim), and the user tries to make this request, the user is still not logged in and is an anonymous user for the server so far. So the server will set a cookie on the user’s browser with a different (from the attacker’s) random value. Now when the user makes the request for login through the attacker’s crafted link, the request will contain the attacker’s credentials, the attacker’s random string in the hidden form field, but the user’s random string in the cookie (coming from the user’s browser). Now when this request reaches the server, the random strings in the cookie and the hidden form field would not match and thus would be flagged as an exception and handled accordingly.

So this the reason for the the return of the encrypted value with the form as well. Hope it clears the concept.


by Jude Niroshan at October 03, 2018 04:05 AM

September 15, 2018

Alexis Duque

2nd Summer School on Security & Correctness in the IoT


From September 3 to 7, I attended for the second time the Summer School on Security & Correctness in the Internet of Things 2018 organized by IAIK, in Graz, Austria.

This year, the school was collocated with the IoT Security Week.

Top level speakers in the field of security gave presentations about software/hardware attacks and countermeasures: binary exploitation, code reuses/injection, hardware side channels, cache covert channels, formal analysis, lightweight cryptography (LWC), etc.

St Martin

September 15, 2018 04:44 PM

September 10, 2018

Jude Niroshan

What is CSRF Synchronizer Token Pattern?

CSRF or Cross-Site Request Forgery is a well known security attack that is listed in OWASP security risks. CSRF is basically running malicious JavaScript code pieces to a targeted website without the knowledge of the browser user. It is more target centric attack where intruder has to know what s/he wants to perform.

Synchronizer Token Pattern is a very simple concept to mitigate the risk of being attacked through CSRF. In most web applications, servers are using HTTP session objects to identify the logged in users. In this case, session is generated in the server side and pass the session ID to the client. This session ID is most of the time is saved in a client side cookie file.

Because of this session ID is being saved in client side cookie file, if the cookie is not protect with advanced configurations(httponly, samesite, secure, etc), it is possible to access this cookie from another page that has open in the client browser. That is probably in a different browser tab.

It is possible that in JavaScript we can access dynamically create an html form without a UI and submit it to a given endpoint. This way, intruder can even withdraw money from your account without your awareness. You can be happy visiting an intruder web page, but it will internally withdraw money from your fakebank account.

There is a nice StackOverflow question and an answer on Synchronizer Token Pattern.

How is using Synchronizer Token Pattern to prevent CSRF safe?

I have implement how this pattern can avoid CSRF in the below github repository. It analogues with the StackOverflow question.

The tricky part is on 6. point. Legit user has a hidden token which was generated in the server side. There is a mapping between the session ID and this generated CSRF token. Therefore, when we make the 6. withdraw call, server will check whether client has provided that particular CSRF token embedded in the HTML form. End user has no clue that there was a hidden form field in that HTML form.

On the other hand, intruder doesn’t know that there is a CSRF token associated with the session ID. So, when s/he tries to withdraw the money, server will compromise that it is a malicious request.

Note: It is possible to think why in the world that intruder just obtain that particular CSRF token and make the request? Simple answer is, it is because this whole thing happens in someone’s browser. It is not happened in intruder’s premises. Refer to the above Stack Overflow question for more details.

by Jude Niroshan at September 10, 2018 08:39 AM

September 04, 2018

Ayush Goyal

This is really awesome.

This is really awesome. A couple of suggestions, the narration of embedded hyperlinks will be very useful, giving more stress on the headlines to distinguish them from the description will also be helpful and lastly, I feel for the directly written website address skipping the “https://” part will make the listening more engaging.

On the whole great work!

by Ayush Goyal at September 04, 2018 05:37 PM

September 01, 2018

Ayush Goyal

Django redirect with custom context

While working on a recent Django project, I was stuck when I needed to send custom context in redirect request. I googled a lot and still didn’t find any way to do so. Hence I devised my way to do so.

This blog is more of a reminder of how I managed to do so.

Since you are facing this issue, I am assuming you have a basic idea on the working of Django. So, we will not go into details.

Assuming you following two views in your views file.

def view1(request) : 
context = {
return render(request, "../../xyz.html", context=context)
def view2(request) : 
context = {
return render(request, "../../abc.html", context=context)

Now, if you want to redirect to view1 from view2 along with its context, you can modify your functions like this.

def view1(request, newContext={}) : 
context = {
return render(request, "../../xyz.html", context=context)
def view2(request) : 
context = {
response = view1(request, context)
return response

So, what happens here is, since in view1 the newContext parameter is already initialised, the normal calling of it in the Django architecture will not be hampered and the context.update(newContext) has no effect and when view2 calls view1, a response is returned so it can be directly returned from view2.

Note that this will not change the URL.

by Ayush Goyal at September 01, 2018 05:42 PM

August 26, 2018

Dileka Weerasuriya

August 17, 2018

Ridmal Liyanagamge

Google Summer of Code with OpenMRS — Final Report

Project — Enhancements of Attachments Module.

Primary mentor : @mksd ( Dimitri R)
Backup mentor : Muhammad Ahmed Memon , chine zoheir
Student: Ridmal Madushanka
Project wiki: Link


OpenMRS is an open source configurable software platform that provides health facilities with the ability to customize their electronic medical records (EMR) system with no programming knowledge. The Attachments Open-MRS add-on module (in short: ‘Attachments’) enables to view and manage file attachments. With it users (with the appropriate privileges) can upload , view and delete attachments associate with a patient record. Attachments both integrates on OpenMRS Clinician Facing Patient dashboard and Visits & Encounters Patient dashboard.


Main objective of this GSOC program is to enhance Attachments to qualify it for a 2.0 release. So it consist of two main objectives.

  1. Attachments to become 100% RESTful.

See JIRA tickets : ATT-24 , ATT-27

  • Design and implement a reusable Java API. Essentially by implementing the new Attachments Service that helps to fetch attachments based on a set of query parameters.
  • Develop test cases for each method of Attachment Service’s implementation.
  • Extend the existing file upload REST endpoint to have it allow to specify the (clinical) encounter parameter.
  • Implement the search method in Attachment Resource.
  • Develop one lightweight test class(using Mockito mock and spies) to test Attachment Resource’s search method.

2. Segregate Attachment UI to Open Web APP ( research part ).

My mentor and I did discuss the possible approaches to do this, but we decided that there was not enough time to finalise such a large piece of UI code migration and refactoring.

GSoC Contributions:

The descriptions of all contributions can be found in the below blog posts. Flowing Commits are my contributions to Attachments in this GSOC program.

Other Resources:

Mid-Term Presentation :

Weekly Blog posts :

OpenMRS talk thread :

All the things i have been working on from the beginning of the GSOC program are recorded in the OpenMRS Talk threads below.

Further Works:

The segregate of Attachments UI to an Open Web App has not yet started. This will require more design and development time and I hope to continue this work beyond the GSOC program.


Actually this is my first time with GSOC and it was really awesome experience to me. Able to work with top level developers and gain more knowledge with the help of them. The most amazing thing in the GSOC program is that we can get more things we didn’t expected. For example Attachment module is used test driven development for its implementations and because of that i am able to learn and practice test driven development strategies first time.

And i loved every moment i worked in this GSOC program. Most specially i would like to thanks @mksd who help me a lot in this time period. He gave me lot of knowledge , motivate me , Kind to me and always correct my mistakes. He work with very patient and he always allow me to talk anytime to him even he is very busy with other works.I am very glad to meet him in this GSOC program. Also i would like to thank all the others including my backup mentors who helped me in this time period.And I wish to continue my work with this awesome Organization and “ Write code to Save lives”. :-)

by Ridmal Madushanka at August 17, 2018 04:46 PM

Piyush Kundnani

GSoC with OpenMRS Final Evaluation

Hello Everyone! This was the last week of the Google Summer of Codes program and we were supposed to submit the final evaluations containing details of all the work, documentation etc. Below I shall try to give you all an overview of what the project was, how I went about it and what was achieved finally.

The HTML Form Entry module of OpenMRS module family allows people with basic HTML skills to develop forms and enter data into the system via these forms using the OpenMRS UI. The HTML Form Entry module being very old, even predating the REST API, uses a generic HTML Form Submission process to create and edit encounters and obs. There were requirements in recent times where people wanted to be able to submit these same forms using a REST API (each one having their own specific use cases ranging from bulk entry to offline form entry)

Primary Objective

Extend the HTML Form Entry Module to allow submission of HTML forms via RESTful APIs therby Restifying all the current API endpoints.
Develop a proof of concept OWA (Open Web App) allowing basic data entry to submit HTML forms through the API so that the API can be thoroughly tested.

Due to lack of time, only the first objective could be achieved.


The project was all about making the existing HTML form entry module services available over REST. We started with studying about the controllers in the HFE module and tried to figure out the flow of how things integrate with the UI. Later on we decided on what all features are required to have REST access and also decided on the format of the API request and responses. The flow from here on was pretty much learning about spring annotations by reading the openmrs docs and implementing the controllers which internally used the HFE module’s services. There were some blockers when it came to writing tests and figuring out what all tests should be written, and also in setting up the openmrs testing environment. Writing Tests is still under progress and I aim to get it done in the following days. The state of the project as per my knowledge and expectation is that the APIs can be used by simply integrating the module with openmrs but may or may not ensure consistency according to user expectations as extensive testing is still to be done.

Contributions: The github repository for the module can be found at the below link.

Brief documentation of the REST APIs can be found at:

Thoughts on GSoC:

GSoC has been a great learning opportunity for me. Got to learn a lot of new technologies, learnt to read and understand big codebases, etc. OpenSource is the core of the computer science community, development community etc. and more and more people should contribute to it.
Thank you OpenMRS for giving me this opportunity and Special thanks to my mentors for guiding me all the way.
I hope to keep in touch with the community as and when I find time to contribute whenever possible.

A Short Demo explaining how the APIs work:

The project wiki can be found at the below link:

GSoC with OpenMRS Final Evaluation was originally published in piyush.kundnani on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Piyush Kundnani at August 17, 2018 07:34 AM

August 16, 2018

Suthagar Kailayapathy

Location Based Access Control — GSoC 2018 with OpenMRS

Google Summer of Code 2018 — Final Report

I am very excited to work with OpenMRS once again through this year Google Summer of Code(GSoC). Yes, I was selected to work on a project called Location Based access control in OpenMRS under the guidance of Daniel Kayiwa.

A little bit about OpenMRS

OpenMRS is an open source platform which enables the design of a customized medical records system without any of the software development experience (although it required medical and system’s analysis knowledge to use the system). OpenMRS is also a community of people working to apply health information technologies to solve problems, primarily in resource-poor environments.

OpenMRS Core is the baseline of the OpenMRS development and other modules are allowed to integrate with OpenMRS Core to expand their services and features. There are multiple distributions around the world based on the OpenMRS platform.

What is Location Based Access Control?

Currently, OpenMRS has user privileges based access control. So the user needs to have the required privilege to access some of the OpenMRS service. Anyway, OpenMRS doesn’t have any proper location control for their services. Even anyone from any location can access the stored data(eg: Patients information, Encounters, etc)in the OpenMRS. Actually, still, they haven’t concerned about the location management inside the OpenMRS. But we should prepare the OpenMRS to support the access control based on the locations. It will add more value to the data security also and accessibility also.

Like the privileges based access control, we decided to implement a Location based Access control system for the OpenMRS. It will manage the access to all services based on the locations. Some implementations want to register the users and patients (the persons also) in certain selected locations. Then access them based on the location that someone has logged in. That way, if someone is logged in a certain location, they should see only those encounters, observations, and patients registered in that location.

Anyway, the user who has multiple locations access (like Admin in our privilege based access control system) should be able to see patients in all locations. We can allocate multiple locations access to the System Developer or System administrator.

Project Plan and Deliverables

As we planned, I have started to work on this project. As the first step, We decided to implement this feature as a separate module which can be attached to any OpenMRS distributions easily. The first phase of this project is planned to carry out through the Google Summer of Code period, and later on, it will be continued with more features.

These are the deliverables from the first phase of this project through the GSoC time,

  • ✅ Assign users to locations on registration
  • ✅ Assign patients to locations on registration
  • ✅ During an encounter, observation, and patient searches, return only those in the logged in location
  • ✅ Ability to move patients from one location to another by an administrator
  • ✅ Ability to assign locations to already existing patients
  • ✅ Ability to assign locations to already existing users
  • ✅ The login screen should not require users to select locations because, on login, you know the location to which a user belongs.
  • ✅ When reports and other tools are run by a user in a certain location, they should include only those patients registered in the logged in location
  • ✅ REST calls while in a certain location should return only those results in the logged in location


I have to work for 12 weeks to complete the goal of Google Summer of Code program with OpenMRS. As the first step, I have worked on the Spring Aspect-Oriented programming(AOP) with OpenMRS which is the core part of our module. We decided to track the OpenMRS major services methods which are dealing with patients, users, persons, encounters, and cohorts to restrict by the locations.

1. Restrict the patients by the locations

The first plan of our project is to restrict the patients by their locations. So I wanted to allow the users to register the patients with the location property which will be used to track them by the locations later. OpenMRS patient dashboard can be customized to include more fields using the app definition properties. So I used this feature to attach a location selector with the Patient Registration dashboard. After this, I worked to bring this feature for the Patient EditSection which can allow users to assign the location to the existing patients. So We have provided a basic implementation to assign the locations for the patients. Then I have worked to restrict the patients by the locations using the AOP techniques. I have added the AOP Advices to track the PatientService methods which are directly dealing with the patient objects.

So as the result,

  1. Super Admin can only access the patients from different locations since he is the only one who responsible for the OpenMRS objects.
  2. Daemon threads also can access the patients from different locations since those are used to track the patients in the background to increase the system usability
  3. The users from Location-1 can only see the patients from the Location-1. They can’t get the information from the Location-2
Customized Patient Dashboard with Patient Location SelectorCustomized Location edit section for the patientsPatient Location Information the Patient Dashboard

2. Restrict the users by the locations

The second phase of this project was to restrict the users by the locations. The ultimate target of this goal is to avoid the location selector from the login screens while logging-in to the OpenMRS. The user registration was done in the OpenMRS AdminUI module, and I can’t make any required changes on that dashboard to assign the locations during the registrations. So we decided to add more feasibility to the user registration dashboard to customize the registration fields using the OpenMRS extension configurations which can easily decouple the modules from the AdminUI. So I worked to implement this feature in the AdminUI module — User registration dashboard, and added support to autosave the field values with the dashboard updates for Person Attributes and User properties (the third party module doesn’t need to handle the update of that field information if it configured as a personAttribute or user property, it will be automatically saved by the Account dashboard itself).

So as the result,

  • Modules can create the extensions to include the custom field to the user registration dashboard(person info section or user info section)
  • Modules can create the separate extensions to include the custom view fragments to view the custom field information.

Adding custom fragments to Manage Account dashboard - Documentation - OpenMRS Wiki

Finally, I have used this feature to include a custom location selector in the user registration dashboard to allow the users for selecting the locations during the registrations. I configured to save that location information as the user property for that respected user.

Customized user registration dashboard with location selectorCustomized user view section with the assigned location

3. Login without location selection

Currently, OpenMRS requires to select the locations during each user logins and that location is kept as a session variable in the web layer for the future usage. Since I have already added the feature to assign the locations to the users by the location properties, It can be able to fetch the user location again from the user property. So no more requirement to select the locations during each login. Finally, I have removed the location selection from the login screen.

So as the results,

  • If the user contains the location user property, the login method will fetch that location as the session location
  • If the user doesn’t contain the location user property(for existing users who haven’t the location user property) will be redirected to select the locations again.
OpenMRS login screen without the location selector

4. Add more restrictions to the objects

So I have almost completed the location assignment part for the patients and users during the registrations. Now the time to add more restrictions for those objects by the location properties. So I wanted to figure out the solutions for,

  • Restrict the encounters and observations by the locations
  • Restrict the OpenMRS Reporting by the locations
  • Restrict the OpenMRS Cohorts by the locations
  • Restrict the OpenMRS REST Service by the locations
  • OpenMRS Data Export feature should only export the information from the logged in location.

So I have worked with my mentor to analyze those scenarios and added solutions to restrict those by the locations.

The user is able to see the Patient — Suthagar in the Inpatient WardThe user couldn’t see the patient — Suthagar in the Isolation Ward

5. Module First Release — v0.1.0-beta

As we completed the first phase of this project, we decided to release the very first beta version of this module for the public usage. You can get the module from the OpenMRS Add-Ons or Bintray using this following link,



Detail module deployment guidelines can be found from this link,

Location Based Access Control - Deployment Steps - Documentation - OpenMRS Wiki

JIRA Tickets and Pull Requests

Location based access control project Link to the OpenMRS JIRA : LBAC

I wanted to work on multiple components in the OpenMRS to address the location based control implementation. I have listed those tickets below,
LBAC — Location Based Access Control
RA — Reference Application
EA — EMR API module
RCM — Reporting Compatibility module

We had a brief discussion about each and every pull requests for the tickets and my mentor reviewed those pull requests as soon as possible to hurry the project implementation. Actually, he worked me to review each and every line of the pull requests to improve the code quality. I was able to learn much about the code quality and the techniques through those pull request reviews.

  • LBAC-1 : Abstract design for the location based access control project.

LBAC-1 Changed the module structure based on the classes by suthagar23 · Pull Request #24 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-2 : Assign users to the locations on registration

LBAC-2 Added implementation to add the locations to the users on registration by suthagar23 · Pull Request #17 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-3 : Assign patients to locations on registration

LBAC-3 Added implementation for assigning the patients to the locations on registration by suthagar23 · Pull Request #4 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-4 : Create basic module structure for the project

Created new module for Location based access control project by suthagar23 · Pull Request #5 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-5 : Allow to edit the patient’s locations through the patient dashboard

LBAC-5 Added implementation to edit the patient's locations though patient dashboard by suthagar23 · Pull Request #8 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-7 : Select the session location as default to the fragment location selector

LBAC-7 Added fix to select the session locaion in the location selector by suthagar23 · Pull Request #9 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-8 : Failed to filer the patients who listed in the findPatients page before searching

LBAC-8 Fixed to restrict the patients on findPatients initial view by suthagar23 · Pull Request #10 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-9 : Failed to restrict the patient by location when searched using the UUID

LBAC-9 Added AOP Advice to getPatientByUuid method in the PatientService by suthagar23 · Pull Request #11 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-10 : Failed to get the location property from the Daemon thread user

LBAC-10 Added exception for Daemon thread user to access the methods covered with AOP Advices by suthagar23 · Pull Request #13 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-11 : Allow system administrator to access all the patients in the system

LBAC-12 Added fix to show the patient location in the patient dashboard by suthagar23 · Pull Request #15 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-12 : Indicate the patient location information in the patient dashboard

LBAC-12 Added fix to show the patient location in the patient dashboard by suthagar23 · Pull Request #15 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-13 : Create RefApp Location Global property while starting the module to change the login screen

LBAC-13 Added implementation to create RefApp location glopal property by suthagar23 · Pull Request #19 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-14 : Add restrictions to the PersonService methods to restrict them by the locations

LBAC-14 Added restrictions to the PersonService methods to restrict them by the locations by suthagar23 · Pull Request #20 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-15 : Add restrictions to the UserService methods to restrict them by the location

LBAC-15 Added restrictions to the UserService methods to restrict them by the location by suthagar23 · Pull Request #22 · openmrs/openmrs-module-locationbasedaccess

  • LBAC-16 : Failed to restrict the encounters of the patients from other locations

LBAC-16 Added implementation to restrict the encounters of the patients from other locations by suthagar23 · Pull Request #23 · openmrs/openmrs-module-locationbasedaccess

  • RA-1503 : [AppUI] Store the session location information into the UserContext to extend the API usage

RA-1503 Added implementation to store the session location in userContext by suthagar23 · Pull Request #19 · openmrs/openmrs-module-appui

  • RA-1511 : [Registration App]Allow users to customize the info message while editing the patients through section

RA-1511 Added fix to support the custom fragment info message for editSection by suthagar23 · Pull Request #33 · openmrs/openmrs-module-registrationapp

  • EA-138 : Failed to load all the patients if one patient is missing in the lastViewedPatient list.
  • RA-1513 : [Admin UI] Add new account/Edit account dashboards should allow the extensions to add the custom fragments to the dashboard

RA-1513 Added support to allow the extensions to add the custom fragments to the Manage Account dashboard by suthagar23 · Pull Request #44 · openmrs/openmrs-module-adminui

  • RA-1516 : [Reference Application] Add support to select the location from the userProperty in the Login Screen

RA-1516 Added support to select the location from the userProperty in the Login Screen by suthagar23 · Pull Request #47 · openmrs/openmrs-module-referenceapplication

  • RCM-108 : Add restrictions to the ReportService methods to restrict them by the location

LBAC-17 Added restrictions to the ReportService methods to restrict them by the location by suthagar23 · Pull Request #25 · openmrs/openmrs-module-locationbasedaccess

  • RCM-109 : Need to add patient verification to return Cohorts objects for the serviceMethods

RCM-109 Added patient verification to return Cohorts objects for the serviceMethods by suthagar23 · Pull Request #39 · openmrs/openmrs-module-reportingcompatibility

Weekly Reports and Presentation

This is the mid-term presentation for OpenMRS about the project. I have added some demonstrations about the project in this video.

Weekly Reports are listed below,

  1. Week-1 : Introduction to Location Based Access Control
  2. Week-2 : Aspect Oriented Programming (AOP)
  3. Week-3 : Customizing the OpenMRS Patient Dashboard with Access Location Information
  4. Week-4 : Location based access control for patients
  5. Week-5 : First Evaluations — GSoC 2018
  6. Week-6 : Touching the Target of Phase — 1 for Location Based access control to the Patients
  7. Week-7 : Adding restrictions to the users to view the patient without location
  8. Week-8 : Allow users to edit the patient location through the patient dashboard
  9. Week-9 : Second Evaluations — GSoC 2018
  10. Week-10 : Assign Locations to the Users through the Location Based Access Control Module — OpenMRS
  11. Week-11 : Say Goodbye to OpenMRS login location selection
  12. Week-12 : Adding more location restrictions to the OpenMRS Services — Location Based Access Control

Learning through the GSoC

Not like last, This time I was able to dive more into the OpenMRS. Yes, I had a chance to make a new module for OpenMRS this time. I have worked with Java, Spring, and Angular during the project time, and got a lot of experience for the better programming and about the quality of the code. I would like to thank my awesome mentor Daniel Kayiwa who helped me a lot during the last three months. I never felt about the remove working during the GSoC time, Since I was able to get the reply for each questions and discussions quickly from my mentor.

The OpenMRS community also helped me a lot to clarify my problems and issues during the development time in the multiple components of OpenMRS.

Again a change to…. Write Code, Save Lives….!

by Kailayapathy Suthagar at August 16, 2018 04:20 PM

August 14, 2018

Gayan Weerakutti

Recovering corrupted NTFS partitions in a Linux machine

What if my partition is not showing up or gone missing?

In that case, TestDisk could help. It is a disk utility designed to help people recover their lost partitions.

To install it, here in my case on Debian, I’ll do

$ sudo apt-get install testdisk
$ testdisk

TestDisk has a QUICK SEARCH option which can search and list all your missing partitions if there’s any. Most probably your missing partitions should have appeared by now. If not, try running a DEEPER SEARCH. Once it found any, use the WRITE option of TestDisk which will re-write the partition table for you.

Restart your computer and your missing partitions should now show up.

I won’t go into detail. For a more thorough guide, follow the Step By Step guide from the official Wiki.

How to fix when my NTFS goes RAW?

It’s better to use Windows utilities when it comes to dealing with NTFS.

  1. Boot into a Windows Recovery Disk.
  2. Then go into ‘System Recovery Options’ menu.
  3. Open the command prompt window.
  4. Use one or more of the following commands to find out the label of your corrupted partition.

     diskpart list disk
     diskpart select disk
     diskpart list volumes
  5. Once done exit from diskpart and run

     chkdsk /f /r D:
     where D: is the drive letter of the corrupted partition. 

If you have got better solutions, let us know in the comment section.

What if my partition is not showing up or gone missing?

by Gayan Weerakutti at August 14, 2018 05:12 AM

Fixing JHBuild Errors

Fixing no native package found errors

JHBuild uses apt-file to locate packages in which a given file belongs to.

When apt-file cannot locate the relevant packages for you, JHBuild would give you with informational warnings such as:

I: Installing dependencies on system: libsystemd-journal libtiff
I: Using apt-file to search for providers; this may be slow. Please wait.
I: No native package found for libsystemd-journal (/libsystemd-journal.pc)
I: No native package found for libtiff (/usr/include/tiff.h)

In such cases, first make sure that your apt-file database is up-to-date.

sudo apt-file update

Then re-run the process. JHBuild might still fails to complete the process. This could be due to several reasons. So for instance if apt-file finds several packages which includes the same file, JHBuild would fail to decide on which package to install. In that case we’d have to find the most appropriate pacakge and install it manaully. Also the actual package name can be sligtly different from the name stated in the warning.

To find the relevant package which includes the given file, you could run:

apt-file search path/to/missing.file

You could also use Ubuntu’s package archive search on web, instead of apt-file. But apt-file usually is more convenient.

  1. Go to
  2. Search the contents of packages which include the missing file.
  3. Find the relevant package for your distribution and install it.

For example here the missing libsystemd.pc belongs to the package named ‘libsystemd-dev’

Therefore running apt-get install libsystemd-dev should fix it.

Fixing No matching system package installed

This type of errors can be quite tricky as your distribution might not have a package that is newer than the required version.

Example cases:

libsystemd-journal (libsystemd-journal.pc, required=201)

Ubuntu’s Launchpad provides compatibility package for libsystemd-journal-dev (>201) which includes the required .pc file. Downloading and installing latest binary .deb file for your distribution should fix it.

Fixing configure errors: Package requirements (package-name) were not met

In that case do,

apt-cache search package-name

This will list down all the packages for the given keyword: package-name

Find the required development package from the list and install it. On a Debian based system the package name would probably contain a *-dev suffix. For Fedora, look for ‘-devel’

For example to fix “configure: error: Package requirements (libselinux >= 2.0) were not met”

Run the following in a terminal

apt-cache search libselinux

On my system the output is,

libselinux1 - SELinux runtime shared libraries
libselinux1-dev - SELinux development headers
libsemanage1 - SELinux policy management library

So installing ‘libselinux1-dev’ should fix the configure error.

apt-get install libselinux1-dev
Fixing no native package found errors

by Gayan Weerakutti at August 14, 2018 05:12 AM

August 13, 2018

Piyush Kundnani

GSoC with OpenMRS week 10

Hello World! This week was very hectic as I had been undergoing training at the company that I recently started working for. Could only dedicate the weekend to the project. I played around with mockito and in memory database to try to figure out how the module could be tested. once after figuring out how the tests worked, I realised that i had to refactor the code quiet a bit to make it testable. Spent the rest of the time in refactoring and writing tests. Thats all for the update. Thanks for reading.

GSoC with OpenMRS week 10 was originally published in piyush.kundnani on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Piyush Kundnani at August 13, 2018 09:21 PM

Isuranga Perera

Bahmni — Notification on Patient Events


Bahmni is built for point-of-care use, and healthcare workers use it directly as they are seeing patients in resource-limited settings). This works for many workflows (e.g. seeing patients in the order they are queued), but adding a notification would allow for some improved workflows, by not requiring the doctor to actively remember to check on things.

For example:

  1. A doctor requests lab tests for a patients, and wants to be notified as soon as the results are ready (or perhaps only if there are abnormal results)
  2. A doctor wants to know if one of their patients is revisiting the facility (to provide followup care, because the patient is participating in a research study, etc)


The main objective of this project is to provide ability for healthcare providers to be able to subscribe (unsubscribe) to and get notifications of specific events for patients of their special interest.


  1. As a doctor i am doing my final year thesis and i have identified a set of patients. I would like to meet the patient whenever the patient is visiting the hospital.
  2. (1) doctor sees the patient and orders a lab test, (2) patient goes back to the waiting room, (3) doctor continues seeing more patients out of the queue (i.e. still at hospital in the same consult room, sitting by the computer), (4) lab result is ready, and doctor gets notified, (5) doctor sees the original patient next, before returning to the queue.
  3. (1) doctor sees patient in outpatient clinic in the morning, and orders some lab tests, (2) in the afternoon doctor is rounding in the inpatient wards (i.e. still at the hospital, but somewhere else, not in front of a computer), (3) lab result is ready, and doctor gets notified, (4) doctor advises nurse on what action to take
  4. (1) doctor sees patient, and orders a lab test that takes days to complete, (2) patient goes home, (3) result is ready, doctor is notified, (4) doctor works with registration clerk to track down patient.

Project Design

This project is composed from 2 major components.

  1. Subscriptions management module — users create new notification subscriptions , covering the following workflow.

I create a new notification rule -> I choose a patient -> I select one or more predefined events -> I choose a notification type -> I start getting notification whenever the event happens.

2. Microservice to read Bahmni atom feed — This module keep polling the Bahmni atom feed and determines whether anything notifiable has happened.

Subscriptions Management Module

Subscription management module expose UIs which allows users to create/modify subscriptions for notifications by associating various events (patient visit, lab result arrival etc.)

This module is composed of three layers

  1. OWA — Frontend of the application. Expose relevant UIs to manage subscriptions.
  2. API — Dao entities and service layer of the application. Expose a set of APIs
  3. OMOD — Expose endpoints to service layer operations. OWA deals with this component

Flow of creating new subscriptions

Feed Reader Microservice

Atom Feed Processor microservice is responsible for polling the atom feed for new notifications(events) and process them in order to identify if there are events that users are subscribed for. To be precise there are 2 layers of filters at the Atom Feed Processor.

  1. Layer 01 — Filter new notification based on subscriptions. Notification which are not relevant (No user has subscribed to these notifications) are rejected. Only those relevant events are directed to the next filtering layer (Layer 2)
  2. Layer 02 — Search for patients involved with the received notification. Notifications are accepted only if the notification relates to a patient to whom users have subscribed for.
  3. This is an optional layer of filtering which associated with lab results. This filtering is called after layer 01 & layer 02 filtering only. This checks if the lab results are normal or not. Notification is accepted only if the lab result is abnormal; otherwise rejected.

Activity diagram of microservice

Activity flow diagram

Technologies used for the microservice

  1. Java
  2. JavaSpark Framework
  3. Hibernate
  4. MySQL

Interim Presentation

Final Project Demonstration

Future Work

This module was developed as a proof of concept. Therefore notifications icon and logic behind it only appears in notifications owa. However this can be easily moved to Bahmni header whenever needed.

Currently, the module supports two predefined events (patient visit & lab report arrival). However, using predefined events make the module less flexible. When a user needs to add more events he has to modify the code base. Therefore having an alternative way to define events is much suitable. This can be achieved by specifying a custom schema/configuration (JSON or XML). The module should be able to parse the configuration provided by the user and add the new event.

In addition to that microservice module can be improved to handle failed events and resend them whenever the relevant user becomes available.
One of the most important things is using a graph database to specify relationships among entities/events (patient visit event has patients and the user etc.). By using a graph database we can support events with more complex relationships.

Final Words

The community has been quite supportive throughout this time, and I’d like to say thank you all! Plus, we should definitely add more documentation for the resources available — like the UI Commons library.

And a special thank you to @danfuterman for always checking on my work and motivating me to do my best.

It’s been a privilege working with the OpenMRS community, and I hope to be part of it in the future as well. Thank you for a summer well spent


  1. Subscription management module project repository
  2. Microservice project repository
  3. JIRA board
  4. Project Description

by Isuranga Perera at August 13, 2018 07:51 PM

Dileka Weerasuriya

GSoC 2018 — Patient Clinical Summary Enhancement

  • Primary mentor : Sam Mbuga
  • Backup mentor : Martin Were
  • Student : Dileka Madushan
  • Project Wiki: Link


The Patient Clinical Summary generates a summary that is being displayed on the patient dashboard which is helpful for the clinicians to make clinical decisions without going through numerous encounters/observations. It would also be helpful for clinicians access these reports off-line specially when they visit patients in rural areas.


  • Generating Patient clinical summaries using SQL data set definitions.
  • Creating scheduled tasks to generate patient clinical reports.
  • Creating user interface to create report configurations.
  • Creating back-end infrastructure to implement functionality.
  • Creating endpoints to consume reports from Muzima Android App.
  • Modifying Muzima Android app to display reports to the user.

GSoC Contributions

Mid Evaluation Presentation

Video Presentation.mp4

Other Resources:

Thoughts on GSoC:

It has been a wonderful experience for me for the last 12 weeks to work with OpenMRS and GSoC community. I gained lots of valuable technical knowledge. I had the opportunity to dive deep into Spring and Android in development phase. It was a real pleasure working with the likes of my mentor whom had a lot to offer me 😆.

Though GSoC is coming to an end, my contributions to the open source community starts from this year and I hope to continue it for a long time to come 😅!

by Dileka Madushan at August 13, 2018 05:20 PM

Chathuranga Muthukuda

Final Report of OpenMRS Android Client

Hello Everyone,

It has been more than 4 months and still, it feels like the beginning. Time has flown away and eventually, we all have come to the end of this year's Google Summer of Code programme.
I think I have made some great progress during my internship period and below, you all can find the summary of what I have done in this project.

OpenMRS Android Client 3.x Project

This project was basically targeted the Android client of the OpenMRS system and IT has a lot of useful features in parallel to the web application where users can easily use the features using their Android smartphones.

The main objectives of this project were to improve the existing Android client by doing various feature implementations and bug fixes.Since it was an Android project I was mainly involved in developing, using Java programming language with the help of Android SDK.

While working in the objectives, My mentor Shivang was very helpful and we had skype calls frequently to discuss the progress of the project and he was always guiding me to the correct path by suggesting new ways to overcome some hard obstacles I have faced during my developments.
Other than my mentor Daniel Kayiwa was also very helpful as usual to solve some general problems regarding the system. I thank them both because without their help I may not be able to come this far.

Main Objectives

  • Provider Module Implementation
  • Visual Improvements:
    • Make improvements to the way that charts are being displayed
    • Progress Dialog Improvements
    • Replace RangedEditText with seekbar
    • Use TextInputLayout instead of the normal EditText
  • Security Improvements:

    • Encrypt the database using the details derived from the username and password of the user
    • Password Change detection and log out the user
    • Forgot password option
  • Application tour
  • OpenMRS Analytics tool implementation
Since the project was actively developed by the opensource developer community, It was implemented as a Github repository.
All the issues and features were solved as a separate branch and then Pushed to the main repository by creating a pull request to review the code to mentors.

PR list

Blog posts

Mid-term presentation

Talk thread discussion 

That's the wrap of all the works I have completed during this years programme and initially I was so worried about how to do all those works because at that time I was a noobie to the programming and also to the opensource contributing but thanks to the great organization the OpenMRS, I have learnt a lot about how a project should be implemented according to the standards under the guidance of very smart and knowledgeable people and It was really a great privilege for me.

It was really a positive one and for the feedback I want you guys to give more opportunities to the students like me where they can learn and improve their programming knowledge while also earning a good amount of stipend.

I wish good luck to everyone and This won't be the end of my affiliate with OpenMRS and I hope to be in touch with you all while contributing to the Opensource community where we can make wonderful products as a group collaboration. So let's Write Codes and Save Lives.

by chathuranga ( at August 13, 2018 04:42 PM

Jude Niroshan

Trust based routing protocols framework — GSoC 2018 with NS-3

Google Summer of Code final report

Project : Trust based routing protocols framework

NS-3 is a discrete-event network simulator for Internet systems, targeted primarily for research and educational use. NS-3 is a free and open source software which is publicly available for research, development, and use. It has thousands of users which is backed by a active community. NS-3 participated in Google Summer of Code in 2018 and I was privileged enough to contribute to NS-3 with a great passion. I worked on developing a new trust based routing protocols framework to NS-3. I was really lucky enough to be guided by my mentor Tommaso Pecorella and Tom Henderson who is the executive director for the NS-3 Consortium.

Why trust based routing protocols?

Networks are susceptible to attacks by malicious nodes that could easily bring down the whole network. Therefore, it is important to have a reliable mechanism for detecting and isolating malicious nodes before they can do any harm to the network. Usually, routing protocols discover usable multi-hop routes between source and destination nodes. However, some of the routes found and used may not be as reliable or trust-worthy as expected. Thus, finding a trusted route is an important component for enhancing the security of communication.

Trust value will be calculated based on different routing parameters(rreq, rply, err, etc) or routing metrics(bandwidth, cost, etc). Therefore, trust will become a routing metric which can be used to determine the optimal route for forwarding packets. Eventually trust value can be considered as a security factor for making the routing decision.

Trust based routing protocols have great demand and researchers trying out many variations of them. There are quite a lot of research publications have presented on this topic and more are yet to be published. Therefore, it would be beneficial to facilitate for those developers who wish to try out any trust based routing protocol simulations on ns-3. This project has initiated the framework with a basic infrastructure.

Why need a trust based framework?

Trust is a subjective measurement. There are many research papers have published which has various methodologies of calculating the trust value for the same routing protocol.

For e.g.: If we consider AODV routing protocol; following papers have came up with different approaches for trust value calculation.

Li, X., Lyu, M.R. and Liu, J., 2004, March. A trust model based routing protocol for secure ad hoc networks. In Aerospace Conference, 2004. Proceedings. 2004 IEEE (Vol. 2, pp. 1286–1295). IEEE.

Marchang, N. and Datta, R., 2012. Light-weight trust-based routing protocol for mobile ad hoc networks. IET information security, 6(2), pp.77–83.

Pushpa, A.M., 2009, December. Trust based secure routing in AODV routing protocol. In Internet Multimedia Services Architecture and Applications (IMSAA), 2009 IEEE International Conference on (pp. 1–6). IEEE.

Current NS-3 version(ns-3.28) does not welcome trust based routing protocols by default. If someone wants to simulate a trust based protocol in NS-3, there are lot of changes needs to be done in many concrete level classes. This is cumbersome and it’s against the conventions that we follow from the maintenance point of view. NS-3 cannot define only one way of calculating trust value as each of the above mentioned methods/approaches have written to serve specific concerns/issues. Therefore, it’s clear that allowing any custom trust calculation run through a framework is a better move from NS-3. This will help the developers to try out trust based frameworks in NS-3 with minimal amount of coding.

Trust framework has developed with no modifications to the existing protocols and ns-3 core modules. It has been developed as a third-party ns-3 application. Anyone who wish to use the framework can simple use the “trust-routing” module. We have planned to push Trust framework to ns-3 app store and it will be publicly available soon for anyone.

trust-routing/trust framework alone cannot transform a protocol into a trust based protocol. Usually, trust based routing protocols have different favors in terms of the algorithm and trust value calculation. Therefore, framework does provide only the abstract classes and a basic trust table. It is the responsibility of the trust framework consumer to provide a suitable trust protocol implementation to run on it. Trust framework acts as a mediator between a concrete trust based protocol and ns-3 core modules.

trust framework integration

As you can see in the diagram, trust-aodv, trust-dsr and trust-dsdv are few of those such implementations provided to trust framework. Implementation modules contains all the different behaviors and how the entire protocol manipulation defined. Some could say that the trust-routing is an umbrella module that facilitates different trust implementations.


Similar to any other NS-3 modules, trust-routing module also have a common module structure. Sphinx documentation is available under the ‘doc’ folder. trust-manager-helper is resides inside the helper folder. Under the model, we have only three classes at the moment. Those are trust-entry, trust-table and trust-manager. Inside the test folder, test case for trust table have written.


Each record in the trust table is represented by a trust-entry instance. This includes only 3 attributes. ns3::Address, double m_trustValue, ns3::Time m_timestamp.


trust table contains the trust entry objects which includes the trust values. Intended design is to have one trust table per node in the network. This will be very similar to the routing table except that it has only trust values for different destination route nodes within the network.


trust-table provide basic operations to add, update, remove trust-entry records from the trust table. These methods have been covered from the test case available inside the test folder. There is also another method called AddOrUpdateTrustTableEntry() which in fact taken into discussion whether we could keep this method or not. Because it is simply a combination of AddRecord and UpdateRecord methods in the same class. This has provide for the ease of developers and achieve the task with less number of lines. But this is an controversial with the philosophical point of view of class trust-table.


In order to define the most essential operations for any trust based routing protocol, this manager has been used. It is an abstract class which forces the implementer to provide an implementation to CalculateTrust().

trust-manager -> ns3::Application

It is worth to mention that trust-manager extends from ns3::Application. This allows the developers to simply install any of the trust-manager implementations as an application to different hosts in the network. It made the usage of trust based routing protocol variations a lot easier when it comes to using them in multiple simulation setups.


Helper classes in ns-3 are usually the entry point to install the relevant applications and access other utilities. In trust framework, trust-manager-help does the same actions. This is some what like a replica to ipv4-routing-helper / ipv6-routing-helper. Currently the main usage of this class is to print the trust tables. In future there are other utilities methods can be placed inside this class.

As mentioned above in this post, trust-routing is the trust framework. Framework has developed with the intention of facilitating different types of trust based routing protocol implementations. In order to demonstrate the usage of trust framework, we have also developed a separate trust based routing protocol. We have chosen the well-known wireless routing protocol; AODV.


Transforming the traditional AODV protocol into a trust based version is implemented in this module. This is an example of how to use the trust framework and the advantages of using it. This implementation has not more focused on developing an optimal trust based routing protocol, but rather it is for the demonstration of the trust framework. Therefore, please feel free to improve it further.

This model was written as an example demonstration for transforming the
traditional AODV protocol into a trust-based AODV protocol which uses trust
to delegate packets within the network. It used trust framework(trust-routing) to access the ns-3 core modules.

trust-aodv has direct dependencies on trust-routing and aodv modules. Class
ns3::trustaodv::SimpleAodvTrustManager is the implementation to
ns3::trustrouting::TrustManager which defined in trust framework. This class includes the trust calculation logic and how the promiscuous callback function should react upon receiving intended packets to network nodes. It also holds trust parameter table which consists of ns3::trustaodv::AodvTrustEntry objects. trust parameter table is a different table to trust table. It contains parameters that can be considered when calculating the trust value. As we can see almost all the trust based routing protocols have different mechanisms to calculate the trust value. Therefore, this table is to manage such attributes for the trust value. Even though we have number of rreq, reply, error and hello counters, in our demonstration we have only used m_rreq and m_rrep.

There are 2 different types of aodv-protocol overriden files are available
under the model folder. ns3::maliciousaodv::RoutingProtocol and
ns3::selfishaodv::RoutingProtocol. These two protocol classes are used
to simulate a malicious node behavior in our provided example. Malicious AODV implementation is able to modify the number of hops which sends out in RREP message. It is done by simply reducing 1 from the available hops counts in a RREP packet. With regard to selfish node behaviors, it will randomly drop RREP packets without forwarding to the next hop.

For each of the above mentioned routing protocol overridden versions we have separate helper classes inside the helper folder. These helpers can be used in any simulation examples. Those have been used in trust-aodv-example simulation to install the intended overridden routing protocols.

10, 000 feet overview on trust-routing & trust-aodv

According to the above design now anyone can implement a new trust based module and plug it into the trust-routing framework to see how it works in a simulation.

trust-routing does have direct compile time dependencies on core and network modules. It is because the manager class that it holds actually inherited from ns3::Application. It helps to install the any concrete trust-manager as an application. (For e.g: SimpleAodvTrustManager)


If you run the example of which is available in trust-aodv module, you can observe the utilization of trust values within the traditional AODV protocol.

We have configured a simulation network setup as shown above. It is available under src/trust-aodv/examples/. As you can see there are 7 nodes and one node which marked in blue color is the malicious node in the network. It manipulates the hops counts of RREP packets that receives to that node(

Simulation default configurations are set as 100s for the runtime. It has broken into 2 phases where 1st phase goes from 0–50 seconds. 2nd phase is from 60–70 seconds. 1st phase will send ping messages from one node to rest of the nodes in the network. It will iterate the same for all 7 nodes.

In 2nd phase we make a single ping message from node 0 to node 5. This is where the RREQ and RREP process take place again over the network.

We have observed both routing table and trust table at 55th second and 75th second respectively to cover both phases of the simulation. These table are all from node 0 in different moments in time.

routing table — (55th second)trust table — (55th second)

after making a single ping request,

routing table — (75th second)trust table — (75th second)

You can see that in trust table, trust value for node 7 (mac address of 04–04–0a:00:00:07) has reduced because of it’s RREP hop count change and random RREP packet drop behaviour.

As this is a pilot demonstration project, it is true that there are some scientific concerns with calculating the trust values based on the AODV control packets. But as we mentioned, this is to demonstration of usage for trust framework.

GitHub repository:


This is a fork I took from the NS-3 mainline master branch. The release of the new trust framework is yet to be discussed in the community.


Google summer of Code is a wonderful program which is hosted by Google. It’s a great honor to be a part of this program. I was so lucky enough that I could work on NS-3 which is really awesome! NS-3 is a reputed open source community among network researchers.

The project I worked on actually initiated with the concept I had. My mentor Tommaso helped me to point out that instead of implementing it as a concrete solution, make it as a framework so that other NS-3 developers will also get benefited out of it. He is the best mentor I’ve ever had.

This is my last time that I could participate in Google Summer of Code. I never worked on such a big C++ project ever and I learnt alot from this project. I also got the opportunity to interact with Tommaso and Tom which is the best part of this GSoC.

I know the framework is still lacking some of the major things. So I want to make it more reliable and people will use it to get their trust based protocols being implemented on NS-3

by Jude Niroshan at August 13, 2018 04:33 PM

Harisu Fanyui

Reset Password via Email Project

Primary Mentor: Wyclif Luyima.

Backup Mentor: Burke Mamlin.

Student: Harisu fanyui

Project Wiki:


This project aims at adding new feature into openmrs, ie that of which to allow users to perform self service resetting of password. This is going to do away with the bottle neck on the admins of having to carryout the password reset for other users by generating temporal password so when they log in they can reset. Or by allowing the users to provide some secret answers to secret questions that were previously provided. This new feature will allow users to request for password reset to be done via email and most importantly it should work and allow all these actions to be carried via reset webservice.

Work still to be done.

Create a page for the reference app for requesting a password reset
Update the reference app pages that are used for resetting password and the controllers to display a different form when there is an activation key present in the request parameter.

Update the legacy ui such that when creating a user we have the possibility of adding an email field. as well as not showing the other field when there is an activation key present in the request for reseting a password.


  • Incorporate JSR 919 mail capability into the OpenMRS Platform

  • Add the ability for an administrator to configure the mail functionality via the REST API

  • Add to the users table within the Platform along with the ability to set and retrieve a user's email address via the REST API

  • Add the ability for a temporary token to be generated for a user that, until it expires, can be used to reset their password. This should be able to be triggered by the user or an admin via the REST API.

  • Add support for an email template to be used for password reset messages (should support localization).

  • Add support for a REST API method that, given a  valid username and reset token along with a new password, will reset the user's password.


Blog for project progress :


Doing  GSoC 2018 in OpenMRS is my first time and one of my most memorable time in my life as i pursue my software engineering career. I most say A big thank you to openmrs for the opportunity she gave me to be part of their community by doing gsoc. I always taught i know how to code but working with the OpenMRS community and with the guidance of Wyclif Luyima and Burke Mamlin i was made to understand that it not all about code but the quality and maintainability of the code that matters. That i most capitalize if there is one think am grateful about is knowing how to write quality code that should be maintained by others. I will also say thank you to my mentors for always being there to review and merge my pull requests for i am quite sure they at one point became annoyed with my careless mistakes. Not forgetting the interactive community on irc that was always there for any blockers during the summer. I also enjoyed the aspect of weekly blog post and  midterm evaluation by making a demo on how far progress has been done on the project. as this makes sure one is on track in his way with the project. Hoping to put into practice most of the attributes learnt  and even learn more from the community even after the summer.
Thank You OpenMRS.

by Harisu fanyui ( at August 13, 2018 04:04 PM

Eunice Amoh

GSoC 2018 Final Progress Update

Project : FHIR Swagger Codegen Integration and Strategic Improvements

Project Wiki :
Mentor :- Harsha Kumara
Backup Mentor :- Sanatt Abrol

Source Code Repository

Project Description

The purpose of this project is to expand the capabilities and functions of the OpenMRS FHIR module. OpenMRS has recently undertaken a commitment to implement FHIR in order to ensure better interoperability between healthcare systems. The OpenMRS FHIR module was developed as part of these efforts. FHIR specification is continuously subjecting to several development iterations which improves the usability. Swagger also becoming more popular these days. Swagger provides client side library generation functionality which allows users to quickly build the clients for many languages.


  • Upgrading HAPI FHIR Library to it’s updated version
  • Upgrading DSTU2 resources to DSTU3
  • Swagger document generation improvements after library upgrade
  • Integrate the swagger codegen library which allow users to generate client with selected languages
  • Research on new FHIR resources which can support for OpenMRS
  • Improve the test coverage

GSoC 2018 Contributions

  1. Upgrade HAPI FHIR Library version

Issue :

Pull Request :

2. Add Swagger SDK generation backend implementation

Issue :

Pull Request :

3. Add Swagger SDK generation frontend implementation

Issue :

Pull Request :

4. Add all language support and tests

Issue :

Pull Request :

5. Add security definition section to swagger definition

Issue :

Pull Request :

New Documentations


Midterm Presentation

Pending Works

  • Most of the target objectives are achieved as planned in the GSoC. Improving the test coverage is one of area that can further enhance.


GSoC 2018 is my first contribution to an open source software. I gain massive experience and it is really an amazing. I got to know about how open source community build a open source project and the open source culture. In these past few months I have improved myself in programming skills, communication skills ans several other skills. I would like to thank my mentor Harsha Kumara and backup mentor Sanatt Abrol for their guidance and support. I would like to thank OpenMRS community for accepting me and helping me. Finally for Google for organizing the GSoC.

by Eunice Amoh at August 13, 2018 03:34 PM

Samuel Male

Merge Patient Data Project - GSoC FINAL REPORT

 Project : Merge Patient Data From Multiple Installations


There are individual installations where each installation is based at a facility (no guarantee of a consistent Internet connection), and is at the same version (OpenMRS, HTML forms, concepts and other metadata) - but there is a need to bring the patient records (or extracts) together to a central database. Site level users and metadata are not synced, neither are concepts and forms, as they are expected to be similar. The merged data (father instance) would be read-only, used reporting and analysis purposes.


  • Merge Patients      --> Achieved
  • Merge Encounters --> Achieved
  • Merge Obs             --> Achieved

Extra Credit

  • Encrypt Data During Transfer --> Achieved 


While working on this project, I developed a new Openmrs module.
If you wanna use this module, what you simply want is to build this project,  install your .OMOD on your running Openmrs instance and your set.

While working, I felt comfortable managing my progress using trello, I setup my dashboard before my second evaluation. I worked on the following cards.

Commits on the github project can be found here.


This is a quick documentation on how to deploy the module with a steps and guidelines in a convention of 'How To' approach available here.

Talk Discussions

A more detailed Presentation


Well, this was my first time participating in GSoC, and it has been fun working with Openmrs. I have been able to learn lots of stuff, both programing stuff and communication skills. 

With communication I learnt working with a community which is typically OpenSource, which is made up by an ecosystem of volunteers. 

As for programming, I learned of new Libraries like js-grid. On working with js-grid, I ended up learning of Hibernate Pagination. I don't think I can exhaust all new stuff I hit upon while in the Epic. Just know, I learnt lot in, JS, Java, Spring . etc..

I thank Openmrs for participating in such a resourceful a program. This has given lots of confidence and insight to students aspiring to become advanced devs. Me as a First year student pursuing a Bachelor's of Info Systems, I have been greatly motivated that however much I was/am a newbie to everything, I can do some work. I thank my mentors,  Musoke Steve and Daniel Kayiwa. These guys were like parents to me. Due to my lil understanding of most aspects, these guys have always shown me the right path towards how to implement stuff and for long I looked at them like impossible ideals.    

by Male Samuel ( at August 13, 2018 11:02 AM

August 11, 2018

Jeyasumangala Rasanayagam

Improved Built-in Reports module — GSoC 2018 with OpenMRS

Google Summer of Code final report

Project : Improved Built-in Reports Module

  • Primary Mentor — Rafal Korytkowski
  • Backup Mentor — Joseph Kaweesi
  • Student — Jeyasumangala Rasanayagam


The concept of the Built In Reports for OpenMRS Reference applications was initiated during the Google Summer of Code last year(2017) . The objectives achieved in Google summer of code 2017 were,

  • Reach out to implementations to determine the most useful reports to include in the module
  • Implement various reports using the Reporting module API
  • Access those reports through Reporting REST API
  • Create a new Basic Reports Open Web App UI
  • Add charts to visualize data for some of the implemented reports

Now it is the time to extend the features and improve the usability of this project. We need to improve the existing view of the reports and to add more new reports to this module which are crucial for administrative decisions within a clinical environment. There are some new objectives mentioned in the project scope which are completed during this summer period.

The objectives of this project(Google Summer of Code 2018) are:

  • Improve the existing Built In Report OWA issues and fix it to work properly (Headers, Breadcrumbs, and Routers)
  • Implement a new view which shows a very detailed view of a patient.
  • Add more information to improve the List of providers report. It should able to show the patients who worked with that providers also
  • Add improvements to the List of diagnosis report. It should also able to show the patients who affected by the respected diagnosis
  • Add improvements to the Number of Patient registrations.
  • Add improvements to the Number of Admissions reports.
  • Add improvements to the Number of Discharges reports.
  • Add improvements to the Number of Transfers reports.
  • Add improvements to the Number of Visits reports.
  • Add improvements to the Number of Visit notes reports.

I spent time to analyze the existing reports in the Built In reports, and prepared some ideas to improve those reports with some more information. I have added some of those ideas into my project proposal, and I was able to figureout some more ideas during the actual development time.

I am very happy to say. I was able to complete about the 95% of the objectives during the Google Summer of Code — 12 weeks of time.

Demo presentation for the Mid term

This was demonstrated by me for the OpenMRS mid term presentations, and hosted in the You Tube. You can see some of the work which I have completed during the second evaluations in this video presentation.


Fix the issues in the Built In Reports OWA to work properly

The existing OWA was implemented with some issues in the headers, breadcrumbs, and the routings. So I have added the following fixes to the OWA,

  1. Added logout functionality through the OpenMRS REST services to the logout in the OWA.
  2. Added redirection from the My Account label to the OpenMRS account page.
  3. Added location switcher functionalities through the OpenMRS REST services to the OWA header. So users will able to switch the location through this OWA also.
  4. Added fix to fetch the default active session information from the appui/session to show the active location.
  5. Removed the hashRouter from the existing OWA, and replaced with the browserRouter to improve the routing functionalities.

Improvement to the List of Diagnosis report.

The List of Diagnosis report only shows the diagnosis name and the counts of the encounters in the view. So I was assigned to create, once a table row is being clicked, it should redirect to a new view which shows the patients who was recorded as this disease was affected. I have added following changes to this report,

  1. Added more information to the List of Diagnosis report(included diagnosis id and Uuid) which wanted to track the respected diagnosis.
  2. Added new report called “List of Patients for Diagnosis” which will show the patients who affected by the respected diagnosis.
  3. Changed the module — ReportAsTableView component to support the row clicks and auto redirections to the respected pages. So any of the reports in this module can use this customized component for the row click and redirections.
  4. Added redirections from the List of Patients for Diagnosis report to the patient dashboard. So the users can easily click on the patient name to go to the patient dashboard which will show more detail about the patient.
View of the improved List of Diagnosis reportView of the new List of patients affected by the diagnosis report

Improvements to the Number of Visits Report

The existing number of Visit reports was implemented to show only the total count of visits for the given date period. Actually this report did not contain the sufficient information to achieve the target of this module. So I decided to add more improvements as follows,

  1. The report table is customized to show the total number of visits grouped by visit types against the total counts.
  2. Location selector is added to this report. So the users can select the location to get the visits respected for that location.
  3. Pi chart was added into the bottom of the report to illustrate the table view as the Graph view to the user.
  4. Added Active visit switcher support to include the active visits or exclude the active visits into the report. So users can include the active visits which doesn’t have the end date up to the selected date to this report.
  5. Fixed the end date selection problem to support up to the end of the current day
Improved List of Visits report without Active visitsImproved List of Visits report with Active Visits

Improvement to the Number of visit notes

The number of visit notes report was implemented to show only the total number of visit notes for the given date period. It also not contains the sufficient information for a report. So I have added these following improvements to this report,

  1. The report table is customized to show the total number of visit notes grouped by visit types against the total counts.
  2. Location selector is added to this report. So the users can select the location to get the visit notes respected for that location.
  3. Pi chart was added into the bottom of the report to illustrate the table view as the Graph view to the user.
  4. Added Active visit switcher support to include the active visit notes or exclude the active visit notes into the report.
Before without any improvementsAfter including improvementsAfter including improvements

Improvement in the List of providers report

The List of Providers reports was implemented to show the table with Provider and the creation date to the users. It also does not contain the sufficient information for a report and I have decided to add these following new features to this report,

  1. Added more fields to the Provider’s report such as Demographics(Family Name, Given Name), Provider Information and Role Name, and Uuid.
  2. Added new report called “List of Patients worked with Provider” which can show the top 10 number of patients with their information who recently worked with that provider.
  3. Added tabled row hyper links from the List Of provider to the List of Patients worked with Provider report. So users can simply click on the provider name to get the patient list who recently worked with that provider.
  4. Added redirections from the List of Patients worked with Provider to the patient dashboard. So the users can easily click on the patient name to go to the patient dashboard which will show more detail about the patient.

Improvements in the Number of Admission report

The Number of Admissions report was implemented to show only the total count of the Admissions on that day. It is also doesn’t contain the sufficient information about the admissions. So I have added these following improvements to this report,

  1. The report is restructured to show the total count of the admissions against the locations in the system. So users can able to get the admission’s count with the locations.
  2. Added total count of the admissions to the bottom of the table.
  3. Pi chart was added into the bottom of the report to illustrate the table view as the Graph view to the user.

Improvement in the Number of Discharges report

The Number of Discharges report was implemented to show only the total count of the Discharges on that day. It is also doesn’t contain the sufficient information about the discharges. So I have added these following improvements to this report,

  1. The report is restructured to show the total count of the discharges against the locations in the system. So users can able to get the discharge count with the locations.
  2. Added total count of the discharges to the bottom of the table.
  3. Pi chart was added into the bottom of the report to illustrate the table view as the Graph view to the user.

Improvement in the Number of Transfers report

The Number of Transfers report was implemented to show only the total count of the Transfers on that day. It is also doesn’t contain the sufficient information about the transfers. So I have added these following improvements to this report,

  1. The report is restructured to show the total count of the transfers against the locations in the system. So users can able to get the transfer’s count with the locations.
  2. Added total count of the discharges to the bottom of the table.
  3. Pi chart was added into the bottom of the report to illustrate the table view as the Graph view to the user.

OpenMRS JIRA Tickets Information

I wanted to work on the two projects which are interconnected to produce the reports. Those are,

  1. ReferenceMetaData Module — The report generation module in the OpenMRS back end based on Java.
  2. Build In Reports Module — The customized view of the reports based on the React

I have created these following tickets and worked during this project time. All of these tickets are completed by now and the next release is planned to soon after this week. You can find the JIRA project for this module here.

  1. BIR-1 — Improve the Diagnosis Report in the Built-in-Reports module
    Pull Request : #2
  2. BIR-2 — Change the ReportAsTableclass to support the hyper link for required reports. Built-in-reports module uses the react-data-grid to show the reports as the tables.All reports use a common table class called as ReportAsTable. So it is modified to support with hyper links for some required reports.
    Pull Request : #1
  3. BIR-3 — Browser router failed to redirect while refreshing the pages.
    (Built-in-reports module uses Browser Router for the routing. It’s fail while refreshing the web page or pressing back button in the browser. It should be fixed with Hash Router to resolve this issue while we are using the React Router V4.
    Pull Request : #3
  4. BIR — 4 -Added More Improvements to the Number of Admissions report.
    Pull Request : #8
  5. BIR-5— Change the view of New patient Registrations view and Number of patient registrations bar chart.
    Pull Request : #5
  6. BIR-7— Add Number of Discharges for all Locations Reports to the Module.
    Pull Request : #12
  7. BIR — 8 — Add Number of Transfers Report for all Locations to the Module.
    Pull Request : #13
  8. BIR — 9 — Improve Number of Visits with visit type for given location and date report.
    Pull Request : #9
  9. BIR — 10— Improve Number of Visit Notes with visit type for given location and date report
    Pull Request: #10
  10. BIR-11 — Improve the List of Providers Report in the Built-in-Reports module.
    ( Once the user clicks on a row in the table of List of Providers report, user should be able to see more detailed page about the provider.)
    Pull Request: #11
  11. BIR-13 — Need to add location switcher to the buildin reports OWA header
    Pull Request : #commit
  12. RA-1499 — Create Patients affected by Diagnosis report for given Diagnosis ID. It display the information about patients affected by given diagnosis UUID.
    Pull Request : #30
  13. RA-1500 — Remove the duplicate data from the List of New Patient Registrations
    (List of New Patient Registrations report shows some duplicate rows in the table view. The SQL query which is used to fetch the data from the database should be attached with grouping query to avoid this issue.)
    Pull Request : #31
  14. RA-1501 — Create Number of Registrations for all locations Report.
    Pull Request : #32
  15. RA-1505— Create Number of Discharges for all locations Report.
    Pull Request : #33
  16. RA-1506 — Create Number of Transfers for all locations Report.
    Pull Request : #34
  17. RA-1508 — Create Number of Visits with visit type for given location and date report.
    Pull Request : #35
  18. RA-1509 — Improve Number of Visit Notes with visit type for given location and date report.
    Pull Request : #36
  19. RA-1514 — Create List of Patients Report who worked with given Provider.
    ( Create a new report to display the information about the patients who worked with the given provider. It should contain these information)
    Pull Request : #37

Release — Version 1.0.0

The last recent release of the Built-In report module was 0.94 which was considered as the unstable distribution of the module under the development. So we have decided to release the v1.0.0 of the Built-In reports module after the improvements during the GSoC 2018 period.

Now is the time to release the v1.0.0. So I have discussed with my mentors and decided to release on time. The beta version of this release can be found here.

Prepared for the release of v1.0.0


OpenMRS Talk discussions

I have used the OpenMRS talk thread to discuss about the project, implementation plans, and updates. Sp you can get more information about the project process and work flow through this talk thread,

GSoC 2018 - Improved built-in reports project

Weekly Blog posts

The following are my weekly blogs regarding my project progress. You can get it on medium.


Yes!, This is the first time for getting involved into the Google Summer of Code project. I was able to learn much from this amazing program and I was able to improve my potential about the industries. I have worked on React, Java, REST Services, HTML, and CSS for this projects. The learned techniques and the experience are very very helpful for my future.

I feel very excited and I am happy that I was able to travel through the last 3 months without any major issues. Yahh!! I successfully completed my tasks and the major part of the project. My mentor Rafal Korytkowski gave me the feedbacks and reviews quickly and help me to clear my issues regarding this project and other community members in the OpenMRS helped me from the beginning of the GSoC and they helped a lot to complete this project.

I wish thank to all for their wonderful helps and time, specially thanks to my mentor Rafal Korytkowski who gave me this great opportunity and for his guidance and the support and I wish to say a special thanks to Suthagar Kailayapathy who gave me the support and encourage me to achieve this goal for this Project.

by Jeyasumangala Rasanayagam at August 11, 2018 06:41 AM

August 08, 2018

Ridmal Liyanagamge

GSOC 2018 with OpenMRS — Week 12

In this week i mainly focus on the mock testing with Mokito for Attachment Resource DoSearch() method. I finish the implementation of the do Search method with some modifications such as create separate context independent search method inside the AttachmentResource which will help to fetch the Attachments using AttachmentService based on the given Parameters. And also this Search method was created for help the mock testing implementation since it is context independent.

So Basically inside the Mock Test class, it test the newly added Search method with the different scenarios ( By changing the parameters ) and verify that relevant methods in the AttachmentService is triggered.Since we already developed the unit test for each method in the AttachmentService , we avoided testing the accuracy of the search method again by using Attachments. We just verify that relevant methods in the AttachmentService will triggered when we call the Search method with different parameters. All the new modifications are send to the mentor for review and wait for his feedbacks.

by Ridmal Madushanka at August 08, 2018 07:20 PM

Eunice Amoh

Twelfth Week of GSoC @ OpenMRS

GSoC is ending during this week. I have worked on testing the module and the documentation. I have added project documentation in I’ll add a detail post soon with final progress update.

by Eunice Amoh at August 08, 2018 02:46 PM

August 06, 2018

Samuel Male

Week 12

Hi all,

This is the last week of the Epic. If you missed last week's update, then you wanna look at it here.

Work done

  • The week started off swiftly with a quick fix of last week's Hibernate issue. Wycliff's advice worked like a charm.
  • After fixing this, I thought I was set to go after-all the module worked fine with my small Patient dataset. I then resorted to cleaning the codebase, implementing  most of the TODOs.
  • As the week was almost ending, I realized something was not fine. I asked the community to help me out test the module on a more realistic hospital dataset, this is when I realized we had Memory issues.
    • I had to increase my JVM heap space.
    • I had to optimize my codebase.
      • Looked for memory leaks. While doing this, I realized I was Merging Concepts which Daniel claimed shouldn't me Merged since they are expected to be similar. However, I'm still blocked from here.   

Challenges Encountered

I didn't expect to have such a blocker by this time, probably the mistake I made was to test out the module on a serious dataset late. Regardless of whether I'm getting nervous and hairy, we should come up with a fix for this.

Before, I used to test out the module on a server with around 60 Patients, and all was cool. Now with a server containing around 2000+ Patients, I hit upon Memory issues. This could be no worry, probably it could have a configurable workaround but its not the case. On exporting data, a file of around 1GB is produced. This far way large!

Looking at the codebase, I tried to hunt down memory leaks and found that Concepts are consuming more memory space than expected. This is fully addressed here.


How can one identify General Concepts(eg- those already include in the Concept Dictionary) from Customized Concepts?


Samuel Male

by Male Samuel ( at August 06, 2018 08:30 PM

Suthagar Kailayapathy

Adding more location restrictions to the OpenMRS Services — Location Based Access Control

Week 12 [July 31, 2018 — Aug 06, 2018]

Now the time to add more locations restrictions to the OpenMRS services and Metadata. OpenMRS Service methods are directly accessing the data access object(DAO) to get from the database. So I wanted to add the location restrictions to the following service's methods as the first step,

  1. PatientService Methods — Contains methods to get/set the Patient and the related information
  2. Person Service Methods — Contains methods to get/set the Person and the related information
  3. User Service Methods — Contains methods to get/set the User and the related information
  4. Encounter Service Methods — Contains methods to get/set the Encounters and the related information
The user is able to see the Patient — Suthagar in the Inpatient WardThe user couldn’t see the patient — Suthagar in the Isolation Ward

These are the tickets related to the task which I have worked on the last week,

After that, I wanted to work with other OpenMRS components to verify those are working along with the location restrictions.

  • OpenMRS Cohort Builder
  • OpenMRS Reporting Module
  • OpenMRS Data Export

OpenMRS Cohort builder failed to address the location restrictions since it’s used an own service to access the DAO to get the patient information. So I wanted to add the fixes to reporting-compatibility module to work along with the location restrictions (And it’s should not depend on each other modules). After adding the fix, I can see the Cohort builder is working with the locations restrictions.

Admin user can able to see all the patients in the Cohort BuilderDoctor (not Admin) can only see the patients belong to the logged-in location in Cohort Builder

Data Export feature uses the reporting-compatibility module to export the data. Since we added the fix to the reporting-compatibility module for the Cohorts, Data Export also addressed the location restrictions.

[RCM-109] Need to add patient verification to return Cohorts objects for the serviceMethods - OpenMRS Issues

Reporting module fetches the data directly from the database through the SQL queries. So We can’t add any locations based restrictions to those methods since we haven’t any query based restrictions methods. So we skip this part for the initial release and decided to address this issue in the next release as the main target.

Status of the Project Road Map

This is the last week of the Google Summer of Code, the project roadmap including the objectives and extra credits are given below with the status.


  1. COMPLETED : Assign users to locations on registration (LBAC-2)
  2. COMPLETED : Assign patients to locations on registration (LBAC-3)
  3. COMPLETED : During the encounter, observation, and patient searches, return only those in the logged in location (LBAC-8, LBAC-9, LBAC-14,LBAC-15, LBAC-16)
  4. COMPLETED : Ability to move patients from one location to another by an administrator (LBAC-5LBAC-11)
  5. COMPLETED : Ability to assign locations to already existing patients (LBAC-5)
  6. COMPLETED : Ability to assign locations to already existing users (LBAC-2)
  7. COMPLETED : Login screen should not require users to select locations because, on login, you know the location to which a user belongs. (LBAC-13)

Extra Credit

  1. COMPLETED : When reports and other tools are run by a user in a certain location, they should include only those patients registered in the logged in location (LBAC-8, LBAC-9, LBAC-14,LBAC-15, LBAC-16)
  2. COMPLETED : REST calls while in a certain location should return only those results in the logged in location (LBAC-8, LBAC-9, LBAC-14,LBAC-15, LBAC-16)
Now the time to release the 0.1-beta version of the module … :-)

by Kailayapathy Suthagar at August 06, 2018 05:35 PM

Prabodh Kotasthane

Week 12 – OWA is done, looking forward to documentation

Finally I am done with OWA. Feels great to tell you all that now I am done with most of my coding work! Some testing is pending, which i will be doing in this week. Except that, I am now looking forward to get all the documentation of the project ready. Also I will be now working on my final presentation.

Wish me luck for the final evaluation and see you all next week! 😀

Cheers! 🙂

by Prabodh Kotasthane at August 06, 2018 08:11 AM

Chathuranga Muthukuda

Final week of GSoC

Hello guys,

The end of this year's programme has come and we all have worked hard to achieve the objectives of the individual projects that have been assigned to us. I have completed more 80% of the objectives of my project and currently wrapping them up by testing and documenting everything so I can transfer all my developments to the future contributors in a good way.
Here I would like to thank all those who have helped in many different ways to make this project a success including my mentor Shivang Nagaria and the Daniel Kayiwa who was always there to help everyone.
I will write a separate blog post with the finalized description of my overall project and until then see you all.

by chathuranga ( at August 06, 2018 03:53 AM

August 05, 2018

Harisu Fanyui

Week Twelve

Week 12.

This week commenced and i fully worked on making sure all the hanging pull request with respect to the core have been merged and closed. I accomplished these by hastening up my speed in fixing reviews, then i created new branches called general fix where all the light works related to renaming adding exception modifying exception messages and as well writing tests.

Rest webservice.

After sucessfully finishing with the core and everything merged, I went straight away to the  rest webservice module where i added 2 endpoint to handle the get with provided activation and a post with new credentials  password and activation key. this i did before consulting my mentor and  after consulting him. There was alot of other design changes such. i had to send and email message to my two mentors ie primary mentor and backup mentor. I also posted on talk here  from this talk post i received many criticism and all of them were positively to my benefits in finishing up with the rest webservice first pull request on the restwebservice is located .  My backup mentor Burke assisted alot by providing with a sequence diagram  which is presented below.

Link to original image is passwordreset sequence diagram

Also the talk discussion for the design with respect to the webservice is starting as from

Add the current changes and endpoint proposed in the sequence diagram.
Write Unit test for the endpoints.

by Harisu fanyui ( at August 05, 2018 09:50 PM

Dileka Weerasuriya

Google Summer of Code 2018 with OpenMRS

12th week of Coding

In this week I developed muzima Android app to display patient reports. I had to try out different methods this week. here is a brief description of how I approached my task.

I used the functions of muzima api to call the server. Those middle-ware was developed by muzima developers, so my work was easier 😆! The muzima api calls the server asynchronously, so I had to wait until the report is fetched to muzima app. So I created a background process which listens for the message

When the download is complete I receive the message and then displays the report to the user.

The above code snippet shows how the view is loaded when the message is received. I am hoping to complete the functionality in the coming week 😯!

by Dileka Madushan at August 05, 2018 03:04 PM

August 01, 2018

Ridmal Liyanagamge

GSOC 2018 with OpenMRS — Week 11

In this week i did some Modifications to the ATT-24 issue. We mistakenly used includeRetired for includeVoided parameter in the java API implementation. So all the occurrences of includeRetired are modified to the includeVoided.

And I started to research on mock testing for Attachment resource for test the search() method. Because After discussion with my mentor he decided to go for mock Testing which can be used to implement test cases without any dependency.Some existing implementation can be found here ( In Bahmni-core module ). And I did some modifications to the ATT-27 issue and able to close the issue.

by Ridmal Madushanka at August 01, 2018 10:10 AM

July 30, 2018

Suthagar Kailayapathy

Say Goodbye to OpenMRS login location selection

Week 11 [July 24, 2018 — July 30, 2018]

Yes, now the time to say Goodbye to the location selector from the OpenMRS Login screen. Just log in with your login credentials such as username and password only!

The actual OpenMRS login page contains the location selector with the login credentials section to assign the users to the location during the login. So the user can select any location from the location selector to enter the OpenMRS. The location will be stored in the session and will be used in the further activities.

Now, I have added the solution to assign the users for a location through the location user property. So the user will have a location property, and it will be automatically fetched from the user property during each login. It will be assigned as the user login location into the session also.

This feature will be executed in these following ways,

  • When the user requests the login page, it doesn’t contain the location selector.
  • When the user enters the login credentials, then it will check for the location user property
  • If the user has the location user property, then the login location will be fetched from that value.
  • If the user hasn’t the location user property, then the login page will be redirected to the usual login screen to select the location property again.

If the implementers want to remove this feature form their implementations to have the usual login screen, just need to delete the global property named as “referenceapplication.locationUserPropertyName” form their systems.

So the end would be,

OpenMRS can remember your location now !

by Kailayapathy Suthagar at July 30, 2018 05:50 PM

Jeyasumangala Rasanayagam

GSoC 2018: Week 11[July 23, 2018 — July 29, 2018]

During the last week, I finished the below-mentioned objective and send the PR for the review.

  1. BIR-8 — Added total number of transfers for all locations reports. This PR contains these improvements for Number of Transfers report,
  • Removed the location selector from the report
  • Added Total Count to the bottom of the table

2. BIR-7- Added total number of Discharges for all locations reports. This PR contains these improvements for Number of Discharges report,

  • Removed the location selector from the report
  • Added Total Count to the bottom of the table

And, According to my project, I completed the following tasks up to now.

  1. OpenMRS header has to work properly(changing the unit, should reflect the changes in the reports, log out function should work properly, clicking on the OpenMRS logo should navigate to the OpenMRS home page)
  2. In the List of Diagnosis report, once a table row is being clicked, it should redirect to a new view which shows the patients who were recorded as this disease was affected. It should also display the severity of this disease spread within the clinical environment. Compared to the other disease numbers.
  3. New patient Registrations view and Number of patient registrations view , bar chart should have the flexibility to change the view, Like, see by dates, by weeks, by months etc.
  4. Number of Admissions/Discharges/Transfers views should have to change in way to provide more information to the user(come up with your own ideas to visualize data)
  5. Number of visit notes/ number of visits views should have to change in a way to provide more information to the user(come up with your own ideas to visualize data)
  6. And I just finished the following task, In List of Providers, once the user clicks on a row in the table, user should be able to see more detailed page about the provider. (Who created this provider? Which unit this provider is being assigned to work? Top 10 patients who was recently worked with this provider.)

I have not started the following task, Implement a new view which shows a very detailed view of a given patient. Similar to patient dashboard, but more analytical information such as past recorded diseases, visits, etc.(use graphs in more meaningful ways).

I would like to start the following task in the upcoming week, “Implement a new view which shows a very detailed view of a given patient. Similar to patient dashboard, but more analytical information such as past recorded diseases, visits, etc.”

by Jeyasumangala Rasanayagam at July 30, 2018 04:46 PM

Samuel Male

Week 11

Hi all,

This the end of week 11, and we a heading week 12 which basically the last week of work.
If you missed last week's blog, you probably wanna see it here.

Work done this week.

By the end of this week, the module could ably merge Patient, Location, Encounter and Obs resource.
However, I had to tested it on larger dataset of Patient data. I discovered that with large data I faced java.lang.OutOfMemoryError issues. So I had to make sure my code optimizes memory which I think was solved.

I also done more work on the Audition and done a few changes on the UI.

Challenges Encountered

When you download data from a server with many patient, the file is amazingly big. I of recent downloaded a file of 100mb. Now uploading such a file to another server, I ended in such an error

org.springframework.web.multipart.MaxUploadSizeExceededException: Maximum upload size of
75000000 bytes exceeded; nested exception is org.apache.commons.fileupload.FileUploadBase$SizeLimitExceededException

This calls for overriding the 'maxUploadSize ' property of 'CommonsMultipartResolver'

But I have failed to do this in Openmrs module dev and I posted this on talk here.

I'm also facing another Hibernate issue.

Context of the Hibernate Issue

Like for instance you are merging Patients from serverA to B which a new server with Patients. However, data comes with primary keys and foreign keys set yet we use key Generator class of hibernate. Ok I tried as possible to set all these IDs like patientId to null to tell hibernate that this is a new Object. However, there some culprit id values that I could be missing to set to null which make Hibernate think that we are updating it ending up with StaleStateException

Proposed solution

Check the Hibernate logs to see which row Hibernate is trying to updated or retrieve but I don’t know how to turn the Hibernate logging so I started this talk thread but got no help as yet.

How to Contribute?

If your reading this blog, you could want help me on the following critical blockers that are blocking my progress

Samuel Male

by Male Samuel ( at July 30, 2018 04:45 PM

Piyush Kundnani

GSoC with OpenMRS week 11

Hello World! The intern has almost come to an end and this was the most productive week until now. To start with I made a note of what kind of test cases I would be writing for the controllers, later on I wrote stub for a few controllers and tried to use mockito on a sample code. I have planned to finish all the test by this friday and then finally write the documentation over the weekend. Finally later on in the week I added some required error handling in some controllers which would otherwise hamper the user experience with the endpoints. Thats all for the update. Thanks for reading.

GSoC with OpenMRS week 11 was originally published in piyush.kundnani on Medium, where people are continuing the conversation by highlighting and responding to this story.

by Piyush Kundnani at July 30, 2018 04:29 PM

Eunice Amoh

Eleventh Week of GSoC @ OpenMRS

This week, I revisited my feature and added test case for enhancement that I made in the last week. Since next week is the last week, I’m continue to test the feature and looking for possible improvements that I can make to my feature.

Below is get patients by id operation generated automatically by the swagger SDK generator.

* Build call for patientIdGet
* @param id Id of the Patient resource (required)
* @param progressListener Progress listener
* @param progressRequestListener Progress request listener
* @return Call to execute
* @throws ApiException If fail to serialize the request body object
public com.squareup.okhttp.Call patientIdGetCall(String id, final ProgressResponseBody.ProgressListener progressListener, final ProgressRequestBody.ProgressRequestListener progressRequestListener) throws ApiException {
Object localVarPostBody = null;
// create path and map variables
String localVarPath = "/Patient/{id}"
.replaceAll("\\{" + "id" + "\\}", apiClient.escapeString(id.toString()));
List < Pair > localVarQueryParams = new ArrayList < Pair > ();
List < Pair > localVarCollectionQueryParams = new ArrayList < Pair > ();
Map < String, String > localVarHeaderParams = new HashMap < String, String > ();
Map < String, Object > localVarFormParams = new HashMap < String, Object > ();
final String[] localVarAccepts = {
final String localVarAccept = apiClient.selectHeaderAccept(localVarAccepts);
if (localVarAccept != null) localVarHeaderParams.put("Accept", localVarAccept);
final String[] localVarContentTypes = {
final String localVarContentType = apiClient.selectHeaderContentType(localVarContentTypes);
localVarHeaderParams.put("Content-Type", localVarContentType);
if (progressListener != null) {
apiClient.getHttpClient().networkInterceptors().add(new com.squareup.okhttp.Interceptor() {
public com.squareup.okhttp.Response intercept(com.squareup.okhttp.Interceptor.Chain chain) throws IOException {
com.squareup.okhttp.Response originalResponse = chain.proceed(chain.request());
return originalResponse.newBuilder()
.body(new ProgressResponseBody(originalResponse.body(), progressListener))
String[] localVarAuthNames = new String[] {};
return apiClient.buildCall(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarFormParams, localVarAuthNames, progressRequestListener);

by Eunice Amoh at July 30, 2018 10:34 AM

Chathuranga Muthukuda

Finalizing the Security features

Hi everyone,

We are in the last 2 weeks of the Google Summer of Code programme and I have been busy this week finalizing the Security related tasks of the project.
What I have done in this week is I have started to work in the feature which is implementing a way to detect user credential changes in the web app and log out the user automatically if there are any changes happened.
There are many different approaches that can be used to achieve this and I have chosen to create a separate service which is sending requests to the server periodically to verify the login credentials.
The service is automatically stopped when the app is killed and start again after app becomes active.
In this way, we can minimize the resources utilization while achieving our target.

That's all for this week and let's meet on next week with the more interesting news. Until then see you.

by chathuranga ( at July 30, 2018 03:54 AM

July 29, 2018

Harisu Fanyui

Week Eleven

Gsoc Week 11,

This week commenced and was interleaved with a lot of assorted activities which i under took some of which were not directly related to the my gsoc activities. This week i while still working on and fixing a the pending reviews on the pull request i made, i created off a branch from my supposed master reference which in this case is passwordreset then i added some code to receive the new password along side the activation key and creates an updates the user password if the activation key provided in the request is proven to belong to the user and is valid as the constraint provided in the method that will be invoke to get the user using the email. which are make sure that the user activation key exist and is not expired, make sure the activation key is linked to a user. After adding this method i had to also as usual write test to make sure that  the user password is updated if activation key is correct and one to make sure that the password is not updated if the activation key expired and as well one to make sure that the password is not updated if the activation key is not correct. The addition of this method to update the user password and writing of the tests made me notice a bug in the previous method which i wrote to get the user by activation key. This method which worked perfectly when provided with the correct activation key misbehaves when the activation key is wrong. This is because the method returns a null LoginCredential object and i tried getting the activationKey and splitting it so that i can get the expired time. and i didn't notice that it could generate a null pointer exception until now. So i had to move the getting of the activationkey into a conditional which only happens when the LoginCredential object is not null and hence This fixed the bug which escaped during the first.

This week i also had the chance to play and manipulate the rest web service module and as such got use to the way things are done with respect to rest web service

Extra curricular activities.

Aside from doing the above work i also in addition took some permission from my mentor and did some preparation for and exam which i had to write on Friday the 27/07/2018. I also in addition had a weekly call with my mentor on Thursday 26/07/2018. These marked the end of the activities for week 11.

To do activities.

The following week, I plan on getting into the rest web service module and providing the endpoints for the interaction with the API and test the work done on the api.

by Harisu fanyui ( at July 29, 2018 08:23 PM

Dileka Weerasuriya

Google Summer of Code 2018 with OpenMRS

11th week of Coding

The GSoC 2018 was reaching its end, so I had to steam in to finish on time 😅. In this week I engaged in displaying the data(MuzimaGeneratedReport) that is fetched from the server.

I first tried to create a view containing a list of the reports of a particular patient. I followed the procedure to create a list as you normally follow in Android.

I created a layout file named report_list_view and created a list as follows.

Then I created an Android Activity named PatientReportListViewActivity and used the following code 😆

As at this moment I was unable to bring patient reports from the server, I created a list of dummy values for now 😅. When a user selects a report name, the report should be loaded. The report is a HTML page. So I am going to load the report using WebView in Android as follows

The PatientReportWebActivity that is triggered on item click takes the user to the WebView where report is displayed.

This was successful 😆. But in muzima-android there is a preferred way to create this work-flow. In the next week I will be doing this in that way. This was just to get my head in 😅. See you next week with more!

by Dileka Madushan at July 29, 2018 01:38 PM

Prabodh Kotasthane

Week 11 – Into the final tasks

The pre final week of GSoC 2018 was a little hectic for me. Placements season is started in our college and thus I had to study for the same. Also I studied about OWA development and discussed with Sanatt about the design and implementation of the OWA. I also did some research on how we can migrate to Spring Security OAuth2 Version 2.x . Although I did worked less this week but I hope I will cover that up in the coming week. Once I get sorted with these two tasks, I would then write tests for the controllers in the coming week.

The final week is here and I hope to finish well!

Happy coding! 😀

by Prabodh Kotasthane at July 29, 2018 12:48 PM

Dileka Weerasuriya

Google Summer of Code 2018 with OpenMRS

10th week of Coding

This week was also a successful week as I completed the job of finalizing the end points in muzimacore module. This endpoint would be used by the muzima android app to download patient reports.

First I had to add a change to the existing database because the design team had requested to add a new field priority to muzima_generated_report. This attribute was set as a tiny_int and the default value was set to 0. So if the user wants to create a report_cohort_config with high priority priority the check box in the following diagram should be ticked, so that priority column in the SQL table is set to one.

Then I worked on the REST endpoint which returns the last patient report created due to a cohort report mapping set to high priority 😃. The endpoint requires the uuid of the patient as the only parameter.

I am hoping to get these reports into muzima android app in the coming weeks 😯.

by Dileka Madushan at July 29, 2018 12:27 AM

July 25, 2018

Isuranga Perera

GSoC @OpenMRS 10th week

This week was mostly about continue the implementation of the Bahmni atom feed reader microservice. Currently, it polls the patients’ atom feed and triggers when a new event occurs.

Next week I’ll be working on a webhook to display notifications on the frontend of the application. This works as follows

  • Microservice reads a new event and call the relevant endpoint at Bahmni backend (this is a POST call with all event related information)
  • Backend triggers the webhook. If webhook is successfully triggered notification is displayed to the user. Otherwise, the event is stored in the DB while the user becomes active.

You can find the current implementation of the microservice here.

by Isuranga Perera at July 25, 2018 05:52 PM

July 24, 2018

Ridmal Liyanagamge

GSOC 2018 with OpenMRS — Week 10

In this week I did some modifications in ATT-27 after review of my mentor. I modify separate test cases for upload method ( Attachment upload ) to test attachment upload with encounter , visit and without any encounter or visit.

And most importantly i created my mid term presentation which described the progress of my works in GSOC program. And i continue my research on OWA modification. And I started to implement the doSearch method in Attachment resource which will help to fetch the attachments from the rest services. It fetch the the data using Attachment Java API and user able to fetch ( search) Attachments based on the several parameters such as Patient, encounter , visit etc. And also user will able to fetch the encounter less attachment using rest services.

by Ridmal Madushanka at July 24, 2018 05:03 PM

Suthagar Kailayapathy

Assign Locations to the Users through the Location Based Access Control Module — OpenMRS

Week 10[ July 17, 2018 — July 23, 2018]

Assigning the Location to the patient almost done and it’s working as expected. So as the next milestone, I have started to work on assigning the location to the users during the registration process.

Users can be registered from the Manage Accounts page in the OpenMRS Administration page. So there should be a location selector to assign the locations during the registration. Since the location based access control is a separate module from others, I can’t make any direct changes in the Register New User dashboard. So we decided to add the custom fragment support to the Manage Accounts — User management dashboard (in the AdminUI module)which needs to allow the custom fragments to customize the user registration dashboard.

  • It should allow the custom fragments with Id as “createUser.manageAccountPersonFragments”, and it should be added to the person sections.
Added Location Selector as the custom fragment to Person Section
  • It should allow the custom fragments with fragment Id as “createUser.manageAccountUserFragments”, and it should be added to the user sections.
Added Location Selector as the custom fragment to User Section

Addition to this, the Manage Account dashboard should support the custom view fragments to view this information into the respected dashboard and it should allow editing the properties through the usual ways.

So I have added implementation in Manage Accounts to support the Add/Edit custom fragments and support to the custom view fragments.

Added Location View as the custom fragment to User Section


  • The person information from the custom fragments will be saved automatically if the type is person attribute. If the custom fragment contains some other different metadata type, then it should handle the save and update actions itself.
  • The user information from the custom fragments will be saved automatically if the type is user property. If the custom fragment contains some other different metadata type, then it should handle the save and update actions itself.

These are the tickets which contain the works related to this part,

See you in the next week..!

by Kailayapathy Suthagar at July 24, 2018 03:12 PM

Prabodh Kotasthane

Week 10 – Configuration changes not needed to be done, OWA development started

This past week I researched on how the configuration can be migrated from the current xml-based configuration to java annotation-based. After much of study and efforts in doing this me and Sanatt came to conclusion that it is better to keep the configuration xml-based only for the sake of simplicity. Also wherever required the configuration is done using annotations.

At the end of the week I started my work on OWA which supports the SMART functionality in the reference application. I took the help from Suthagar on getting started with the OWA generator. This week I aim at building an OWA which would do the job. Also I am planning to write tests for the controllers.

That’s all for this week!

See y’all next week. 🙂

by Prabodh Kotasthane at July 24, 2018 09:36 AM

July 23, 2018

Jeyasumangala Rasanayagam

GSoC 2018: Week 10[July 16, 2018 — July 22, 2018]

During the 9th work I started working on the objective “List of Providers, once the user clicks on a row in the table, user should be able to see more detailed page about the provider”. I finished this task on the 10th week of the GSoC 2018.

RA-1514 , BIR-11 — This PR contains the implementation for the Patients who worked with Providers report for given Provider id, Provider Information and top 10 patient information who was recently worked with this provider.

These are the features added in the above mentioned objective.

  1. Provider Information in the header (Full name, role, and when created)
  2. Top 10 patient information who was recently worked with this provider
  3. Link to the patient dashboard from the patient list (Just need to click the row to goto the patient dashboard)
  4. Usual bar chart in the bottom of the report (Count of patients vs date)

Following images shows the improvement,

And, According to my mentor’s suggestion on my mid term presentation, I worked on the number of admission report and made few changes. The changes are :

  • Removed the location selector from the report
  • Added Total Count to the bottom of the table.

Following images show the above mentioned changes in the Number of Admission report.

by Jeyasumangala Rasanayagam at July 23, 2018 06:44 PM

Samuel Male

Week 10

Hi all,

Its now the end of week 10 since the program started.  Incase you missed out last week's feed, you could want to check it out here .

Work done this week.

For this week, I have been working on a few Tickets. These are all about Mapping Patient metadata in a MergeAble format. I finished work on  Mapping Concepts OBS and Encounters  now am assembling everything to get sense out my work. In a nutshell, am now using the Mapping to add support for Encounters.

Challenges Encountered.

In every development stage, there are always challenges and its those challenges that make one learn.

Handling database Table Ids for Merged Data 😕 

For instance we have two servers ie:- Server A and B. A has 50 patients while B has 5 Patients. Regardless of the DBMS, Every row needs an Id. Well while merging data, we could want to merge a Patient from the last row of server A to B. Let me assume that the Patient has an Id of 50. When this Patient is merged, the Patient in Server B may look something like below
5 Male Samuel
6 Kenny
7 Kaddu Ronnie
8 Another One
9 Some Patient
50   From Server A
Like you can see, it looks dirty within the database.

Proposed Solution

We could first make first make a check to the database to see whether the Patient we are trying to Merge already exists or not, if it exists, the update it otherwise set the id to null and register it as a new Patient. For a few metadata, this is simple but with other metadata like Encounters, Obs, Locations and Concepts that reference the original Patient id it becomes hard to handle this. You could want to advise me on this modal. Please leave a comment of advice.


Samuel Male

by Male Samuel ( at July 23, 2018 06:27 AM

Chathuranga Muthukuda

10th week of GSoC

Hi guys,

It's almost the 10th week and eventually, we are closing to the end of this year's Google Summer of Code programme and every student including myself has been doing our best to complete the tasks within the available time frame.
In the previous week, I didn't get much time to involve in the project because of some personal matters but I have started to implement the forgot password task and hopefully, I can finish it during the next week so I can move into the final task set of the programme. Up to now, that is the progress and let's meet in the next week with the more interesting news.

by chathuranga ( at July 23, 2018 03:19 AM

Eunice Amoh

Tenth Week of GSoC @ OpenMRS

Time flew so fast as GSoC is coming to a end after two weeks. I have added my GSoC midterm presentation to youtube. If you interested please watch following video.

During this week I have made an improvement to FHIR module. Swagger definition of FHIR module doesn’t contain security definitions section. This is an issue when Swagger SDK generation. Because basic authentication scheme isn’t present, client can’t invoke with basic authentication headers. I have added the fix in

Then I add demo client which uses generated Java SDK in Here is very small piece of code to get patient by id.

package org.openmrs.demo.client;

import io.swagger.client.ApiClient;
import io.swagger.client.ApiException;
import io.swagger.client.api.DefaultApi;
import io.swagger.client.model.Patient;

public class DemoClient {
public static void main(String[] args) {
DefaultApi apiInstance = new DefaultApi();
String id = "892b89a2-6823-403b-899c-d7045c0d9b5e"; // String | The ID of the resource
try {
ApiClient apiClient = apiInstance.getApiClient();
apiClient.addDefaultHeader("Authorization", "Basic YWRtaW46QWRtaW4xMjM=");
apiClient.addDefaultHeader("Accept-Encoding", "*/*");
Patient result = apiInstance.patientIdGet(id);
} catch (ApiException e) {
System.err.println("Exception when calling DefaultApi#allergyIntoleranceGet");

I’m currently working on improvements to this feature.

by Eunice Amoh at July 23, 2018 01:28 AM

July 22, 2018

Harisu Fanyui

Week 10

Gsoc Week 10.
This week started off with a continuation of addressing the pending reviews still on the pull request which did not get merged the following week.
I went further and continued writing some tests. I also during this week had to make a presentiation of the work i've done so fare till date. This i made following some reviews of past works that i saw in past gsoc students. I started by creating a youtube channel then i went further to create a power point presentation after i got the presentation working. I had as a next challenge in making a video explaining what my presentation is talking about. Below is a front page of my presentation of the work i did.
and the complete power point presentation of th work can be found here 
.Aslso the link to the you tube presentaion can be found here Password Reset Via email Project -gsoc midterm presentation.

Also the link to the openmrs talk page can be found here  talk page

By the end of this week i still couldn't get the pull request merged but the stage at which i left it was at about 98% done so hopefully the first few hours of next monday the pull request should be merged and work commence on providing the rest webservice methods and endpoints to consume the core api as was suggested by my mentor @burke on the discurssion page on talk

by Harisu fanyui ( at July 22, 2018 09:37 PM

July 17, 2018

Jeyasumangala Rasanayagam

Second Evaluations

GSoC 2018: Week 9[July 9, 2018 — July 15, 2018]

Last week was our second evaluation period of the Google Summer of Code 2018. We need to submit the video presentation about our project and it’s information and demonstration in order to pass the second evaluation. I attach my video presentation here,

And I I have already started to work on the following task, List of Providers, once the user clicks on a row in the table, user should be able to see more detailed page about the provider. (Who created this provider? Which unit this provider is being assigned to work? Top 10 patients who was recently worked with this provider.)

This is similar to the Diagnosis report improvements which I done at very first time. So I thought to follow those conventions and elements to improve the List of Providers report also. These are the new elements which will be added into this report,

  1. Provider Information in the header
  2. Which unit this provider is being assigned to work
  3. Top 10 patient information who was recently worked with this provider
  4. Usual bar chart in the bottom of the report (Count of patients vs date)

by Jeyasumangala Rasanayagam at July 17, 2018 01:06 PM

Prabodh Kotasthane

Week 9 – Second Evaluations done!

This past week, I completed and passed my second evaluations. We all were needed to submit a presentation to OpenMRS community. I completed both the evaluations and presentation on time. Now the remaining major tasks in the final phase are migration from xml based configuration to annotation based configuration, testing the untested code. Also we are planning to migrate to Spring Security OAuth2 2.x release. As a bonus deliverable, we are planning to build an OWA which will facilitate the functionality of SMART apps to the latest OpenMRS Reference Application. I have started to plan things out and will start working on these in the coming week.

That’s all for now! Happy coding! 🙂

by Prabodh Kotasthane at July 17, 2018 09:34 AM

Samuel Male

Week 9

Hi all,

This is the 9th week since the game started. If you missed out about last week's update, you could want to check it out here .

Work Done this week

This was the week were I had my second evaluation. I was making ends meet to seeing myself pass the evaluation. And do you what, I passed the evaluation and thanks to my mentors 😊 

Currently, the module codebase ain't found in the Openmrs repo. Its still within my repo but Steven told me we will just transit it later to the Openmrs repo. So I couldn't use JIRA for PM. But just as a good practice, I came up with a Trello dashboard(MPD) to help me keep track of progress.

So currently I have been working on Mapping Concepts and 85% of the work is complete.
After that I will proceed to Mapping OBS. Note that these are all subtasks for Adding Support for Encounters as a Resource.

Challenges Encountered

I have faced a challenge of Mapping Concepts since they are soo wide and have a complex hierarchy.
I need your tech support in this. But what I believe is that my current implementation(pending) will be able to give the expected performance. What confuses me is "I wonder how to distinguish a Concept from the dictionary from a customized one! "

Otherwise, I expect significant progress due this week.


Samuel Male

by Male Samuel ( at July 17, 2018 09:31 AM

Ridmal Liyanagamge

GSOC 2018 OpenMRS — week 9

In this week also i worked with the ATT-27 issue which is modify the Attachment REST end point for file upload to Allow the upload attachments based on the specific encounter. And i do some modifictions to the current implementation and add exception handling inside the upload method.

Since my mentor was busy in last week, i was not able to start a new work ( waiting for his review for my previous work). But i dis some research about OWA ( Open Web App ). Because my next task is to Segerate attachment UI to an OWA. Challenges of this task is that integrate OWA to open MRS main dashborad since attachment module need to be displayed in two places in the Open MRS dashboard. ( Clinician Facing Patient Dashboard and on the Visits & Encounters Patient Dashboard)

by Ridmal Madushanka at July 17, 2018 04:11 AM