IdHub/oidc4vp/views.py

import json
import base64

from django.conf import settings
from django.views.generic.edit import View, FormView
from django.http import HttpResponse, Http404, JsonResponse
from django.shortcuts import get_object_or_404, redirect
from django.views.decorators.csrf import csrf_exempt
from django.utils.decorators import method_decorator
from django.utils.translation import gettext_lazy as _
from django.urls import reverse_lazy
from django.contrib import messages

from oidc4vp.models import Authorization, Organization, OAuth2VPToken
from idhub.mixins import UserView
from idhub.models import Event

from oidc4vp.forms import AuthorizeForm
from utils.idhub_ssikit import verify_presentation


class AuthorizeView(UserView, FormView):
    title = _("My wallet")
    section = "MyWallet"
    template_name = "credentials_presentation.html"
    subtitle = _('Credential presentation')
    icon = 'bi bi-patch-check-fill'
    form_class = AuthorizeForm
    success_url = reverse_lazy('idhub:user_demand_authorization')

    def get(self, request, *args, **kwargs):
        response = super().get(request, *args, **kwargs)
        if self.request.session.get('next_url'):
            return redirect(reverse_lazy('idhub:user_credentials_request'))
        return response
            
    def get_form_kwargs(self):
        kwargs = super().get_form_kwargs()
        kwargs['user'] = self.request.user
        try:
            vps = json.loads(self.request.GET.get('presentation_definition'))
        except:
            vps = []
        kwargs['presentation_definition'] = vps
        kwargs["org"] = self.get_org()
        kwargs["code"] = self.request.GET.get('code')
        enc_pw = self.request.session["key_did"]
        kwargs['pw'] = self.request.user.decrypt_data(
            enc_pw,
            self.request.user.password+self.request.session._session_key
        )
        return kwargs

    def get_form(self, form_class=None):
        form = super().get_form(form_class=form_class)
        if form.all_credentials.exists() and not form.credentials.exists():
            self.request.session['next_url'] = self.request.get_full_path()
        return form
    
    def form_valid(self, form):
        authorization = form.save()
        if not authorization or authorization.status_code != 200:
            messages.error(self.request, _("Error sending credential!"))
            return redirect(self.success_url)
        try:
            authorization = authorization.json()
        except:
            messages.error(self.request, _("Error sending credential!"))
            return redirect(self.success_url)

        verify = authorization.get('verify')
        result, msg = verify.split(",")
        if 'error' in result.lower():
            messages.error(self.request, msg)
        if 'ok' in result.lower():
            messages.success(self.request, msg)

        cred = form.credentials.first()
        verifier = form.org.name
        if cred and verifier:
            Event.set_EV_CREDENTIAL_PRESENTED(cred, verifier)

        if authorization.get('redirect_uri'):
            return redirect(authorization.get('redirect_uri'))
        elif authorization.get('response'):
            txt = authorization.get('response')
            messages.success(self.request, txt)
            txt2 = f"Verifier {verifier} send: " + txt
            Event.set_EV_USR_SEND_VP(txt2, self.request.user)
            url = reverse_lazy('idhub:user_dashboard')
            return redirect(url)
                
        return redirect(self.success_url)

    def get_org(self):
        client_id = self.request.GET.get("client_id")
        if not client_id:
            raise Http404("Organization not found!")

        org = get_object_or_404(
            Organization,
            client_id=client_id,
        )
        return org
 

@method_decorator(csrf_exempt, name='dispatch')
class VerifyView(View):
    def get(self, request, *args, **kwargs):
        org = self.validate(request)
        presentation_definition = json.dumps(settings.SUPPORTED_CREDENTIALS)
        authorization = Authorization(
            organization=org,
            presentation_definition=presentation_definition
        )
        authorization.save()
        res = json.dumps({"redirect_uri": authorization.authorize()})
        return HttpResponse(res)

    def post(self, request, *args, **kwargs):
        code = self.request.POST.get("code")
        vp_tk = self.request.POST.get("vp_token")

        if not vp_tk or not code:
            raise Http404("Page not Found!")

        org = self.validate(request)

        vp_token = OAuth2VPToken(
            vp_token = vp_tk,
            organization=org,
            code=code
        )
        if not vp_token.authorization:
            raise Http404("Page not Found!")

        vp_token.verifing()
        response = vp_token.get_response_verify()
        vp_token.save()
        response["response"] = "Validation Code {}".format(code)

        return JsonResponse(response)

    def validate(self, request):
        auth_header = request.headers.get('Authorization', b'')
        auth_data = auth_header.split()

        if len(auth_data) == 2 and auth_data[0].lower() == 'basic':
            decoded_auth = base64.b64decode(auth_data[1]).decode('utf-8')
            client_id, client_secret = decoded_auth.split(':', 1)
            org_url = request.GET.get('demand_uri')
            org = get_object_or_404(
                    Organization,
                    client_id=client_id,
                    client_secret=client_secret
                )
            return org

        raise Http404("Page not Found!")

        
class AllowCodeView(View):
    def get(self, request, *args, **kwargs):
        code = self.request.GET.get("code")

        if not code:
            raise Http404("Page not Found!")
        self.authorization = get_object_or_404(
                Authorization,
                code=code,
                code_used=False
        )

        promotion = self.authorization.promotions.first()
        if not promotion:
            raise Http404("Page not Found!")

        return redirect(promotion.get_url(code))
merge ssi 2023-11-27 09:59:30 +00:00			`import json`
first step of oidc 2023-11-28 16:33:24 +00:00			`import base64`
add oidc4vp module 2023-11-24 15:36:05 +00:00
suport credentials defined in settings 2023-11-29 11:06:53 +00:00			`from django.conf import settings`
first step authorize 2023-11-29 12:21:49 +00:00			`from django.views.generic.edit import View, FormView`
fix json request 2023-12-04 16:12:12 +00:00			`from django.http import HttpResponse, Http404, JsonResponse`
first step authorize 2023-11-29 12:21:49 +00:00			`from django.shortcuts import get_object_or_404, redirect`
verify 2023-12-04 14:47:48 +00:00			`from django.views.decorators.csrf import csrf_exempt`
			`from django.utils.decorators import method_decorator`
first step authorize 2023-11-29 12:21:49 +00:00			`from django.utils.translation import gettext_lazy as _`
			`from django.urls import reverse_lazy`
get the credentials from form 2023-12-01 16:10:21 +00:00			`from django.contrib import messages`
add oidc4vp module 2023-11-24 15:36:05 +00:00
fixing 2023-12-11 14:38:16 +00:00			`from oidc4vp.models import Authorization, Organization, OAuth2VPToken`
first step authorize 2023-11-29 12:21:49 +00:00			`from idhub.mixins import UserView`
fix decrypt creds and add Events 2024-01-21 12:45:08 +00:00			`from idhub.models import Event`
view demand 2023-11-28 09:48:57 +00:00
add type in schemas 2023-11-29 16:29:31 +00:00			`from oidc4vp.forms import AuthorizeForm`
verify 2023-12-04 14:47:48 +00:00			`from utils.idhub_ssikit import verify_presentation`
add type in schemas 2023-11-29 16:29:31 +00:00
demand authorization 2023-11-28 08:39:02 +00:00
first step authorize 2023-11-29 12:21:49 +00:00			`class AuthorizeView(UserView, FormView):`
			`title = _("My wallet")`
			`section = "MyWallet"`
			`template_name = "credentials_presentation.html"`
			`subtitle = _('Credential presentation')`
			`icon = 'bi bi-patch-check-fill'`
add type in schemas 2023-11-29 16:29:31 +00:00			`form_class = AuthorizeForm`
first step authorize 2023-11-29 12:21:49 +00:00			`success_url = reverse_lazy('idhub:user_demand_authorization')`

simplify flow from promotion web 2023-12-13 16:52:18 +00:00			`def get(self, request, args, *kwargs):`
			`response = super().get(request, args, *kwargs)`
			`if self.request.session.get('next_url'):`
			`return redirect(reverse_lazy('idhub:user_credentials_request'))`
			`return response`

first step authorize 2023-11-29 12:21:49 +00:00			`def get_form_kwargs(self):`
			`kwargs = super().get_form_kwargs()`
			`kwargs['user'] = self.request.user`
allow code 2023-12-07 17:10:04 +00:00			`try:`
			`vps = json.loads(self.request.GET.get('presentation_definition'))`
			`except:`
			`vps = []`
			`kwargs['presentation_definition'] = vps`
send a verificable presentation 2023-12-04 08:51:08 +00:00			`kwargs["org"] = self.get_org()`
allow code 2023-12-07 17:10:04 +00:00			`kwargs["code"] = self.request.GET.get('code')`
fix decrypt creds and add Events 2024-01-21 12:45:08 +00:00			`enc_pw = self.request.session["key_did"]`
			`kwargs['pw'] = self.request.user.decrypt_data(`
			`enc_pw,`
			`self.request.user.password+self.request.session._session_key`
			`)`
first step authorize 2023-11-29 12:21:49 +00:00			`return kwargs`
simplify flow from promotion web 2023-12-13 16:52:18 +00:00
			`def get_form(self, form_class=None):`
			`form = super().get_form(form_class=form_class)`
			`if form.all_credentials.exists() and not form.credentials.exists():`
			`self.request.session['next_url'] = self.request.get_full_path()`
			`return form`
first step authorize 2023-11-29 12:21:49 +00:00
			`def form_valid(self, form):`
			`authorization = form.save()`
verify 2023-12-04 14:47:48 +00:00			`if not authorization or authorization.status_code != 200:`
first step authorize 2023-11-29 12:21:49 +00:00			`messages.error(self.request, _("Error sending credential!"))`
fix decrypt creds and add Events 2024-01-21 12:45:08 +00:00			`return redirect(self.success_url)`
verify 2023-12-04 14:47:48 +00:00			`try:`
fix json request 2023-12-04 16:12:12 +00:00			`authorization = authorization.json()`
verify 2023-12-04 14:47:48 +00:00			`except:`
			`messages.error(self.request, _("Error sending credential!"))`
fix decrypt creds and add Events 2024-01-21 12:45:08 +00:00			`return redirect(self.success_url)`
verify 2023-12-04 14:47:48 +00:00
			`verify = authorization.get('verify')`
			`result, msg = verify.split(",")`
			`if 'error' in result.lower():`
			`messages.error(self.request, msg)`
			`if 'ok' in result.lower():`
			`messages.success(self.request, msg)`

fix redirect_url next to verify vp 2024-01-21 12:58:13 +00:00			`cred = form.credentials.first()`
			`verifier = form.org.name`
			`if cred and verifier:`
			`Event.set_EV_CREDENTIAL_PRESENTED(cred, verifier)`

verify 2023-12-04 14:47:48 +00:00			`if authorization.get('redirect_uri'):`
			`return redirect(authorization.get('redirect_uri'))`
			`elif authorization.get('response'):`
			`txt = authorization.get('response')`
			`messages.success(self.request, txt)`
fix decrypt creds and add Events 2024-01-21 12:45:08 +00:00			`txt2 = f"Verifier {verifier} send: " + txt`
			`Event.set_EV_USR_SEND_VP(txt2, self.request.user)`
			`url = reverse_lazy('idhub:user_dashboard')`
			`return redirect(url)`
verify 2023-12-04 14:47:48 +00:00
fix decrypt creds and add Events 2024-01-21 12:45:08 +00:00			`return redirect(self.success_url)`
add authorization endpoint 2023-11-29 11:27:20 +00:00
send a verificable presentation 2023-12-04 08:51:08 +00:00			`def get_org(self):`
			`client_id = self.request.GET.get("client_id")`
			`if not client_id:`
			`raise Http404("Organization not found!")`

			`org = get_object_or_404(`
			`Organization,`
			`client_id=client_id,`
			`)`
			`return org`

add authorization endpoint 2023-11-29 11:27:20 +00:00
verify 2023-12-04 14:47:48 +00:00			`@method_decorator(csrf_exempt, name='dispatch')`
view demand 2023-11-28 09:48:57 +00:00			`class VerifyView(View):`
			`def get(self, request, args, *kwargs):`
first step of oidc 2023-11-28 16:33:24 +00:00			`org = self.validate(request)`
suport credentials defined in settings 2023-11-29 11:06:53 +00:00			`presentation_definition = json.dumps(settings.SUPPORTED_CREDENTIALS)`
demand authorization get to verifier 2023-11-28 11:49:28 +00:00			`authorization = Authorization(`
			`organization=org,`
fix credentials 2023-11-29 10:18:12 +00:00			`presentation_definition=presentation_definition`
demand authorization get to verifier 2023-11-28 11:49:28 +00:00			`)`
allow code 2023-12-07 17:10:04 +00:00			`authorization.save()`
fix credentials 2023-11-29 10:18:12 +00:00			`res = json.dumps({"redirect_uri": authorization.authorize()})`
view demand 2023-11-28 09:48:57 +00:00			`return HttpResponse(res)`
demand authorization 2023-11-28 08:39:02 +00:00
allow code 2023-12-07 17:10:04 +00:00			`def post(self, request, args, *kwargs):`
			`code = self.request.POST.get("code")`
			`vp_tk = self.request.POST.get("vp_token")`

			`if not vp_tk or not code:`
			`raise Http404("Page not Found!")`

			`org = self.validate(request)`

			`vp_token = OAuth2VPToken(`
			`vp_token = vp_tk,`
			`organization=org,`
			`code=code`
			`)`
fix render user info 2023-12-11 17:40:37 +00:00			`if not vp_token.authorization:`
			`raise Http404("Page not Found!")`
allow code 2023-12-07 17:10:04 +00:00
			`vp_token.verifing()`
			`response = vp_token.get_response_verify()`
			`vp_token.save()`
fix setem fluw 2024-02-02 08:18:15 +00:00			`response["response"] = "Validation Code {}".format(code)`
allow code 2023-12-07 17:10:04 +00:00
			`return JsonResponse(response)`

			`def validate(self, request):`
first step of oidc 2023-11-28 16:33:24 +00:00			`auth_header = request.headers.get('Authorization', b'')`
			`auth_data = auth_header.split()`

fix validate credentials 2023-11-29 10:42:20 +00:00			`if len(auth_data) == 2 and auth_data[0].lower() == 'basic':`
first step of oidc 2023-11-28 16:33:24 +00:00			`decoded_auth = base64.b64decode(auth_data[1]).decode('utf-8')`
			`client_id, client_secret = decoded_auth.split(':', 1)`
			`org_url = request.GET.get('demand_uri')`
			`org = get_object_or_404(`
verify 2023-12-04 14:47:48 +00:00			`Organization,`
			`client_id=client_id,`
			`client_secret=client_secret`
			`)`
first step of oidc 2023-11-28 16:33:24 +00:00			`return org`

verify 2023-12-04 14:47:48 +00:00			`raise Http404("Page not Found!")`
first step authorize 2023-11-29 12:21:49 +00:00
allow code 2023-12-07 17:10:04 +00:00
			`class AllowCodeView(View):`
			`def get(self, request, args, *kwargs):`
			`code = self.request.GET.get("code")`

			`if not code:`
			`raise Http404("Page not Found!")`
			`self.authorization = get_object_or_404(`
			`Authorization,`
			`code=code,`
			`code_used=False`
			`)`
clean 2024-01-21 13:27:21 +00:00
			`promotion = self.authorization.promotions.first()`
			`if not promotion:`
verify 2023-12-04 14:47:48 +00:00			`raise Http404("Page not Found!")`

allow code 2023-12-07 17:10:04 +00:00			`return redirect(promotion.get_url(code))`
verify 2023-12-04 14:47:48 +00:00