IdHub/idhub/views.py

144 lines
5.1 KiB
Python
Raw Normal View History

import base64
import json
2024-01-19 09:59:35 +00:00
import uuid
2024-02-02 14:40:52 +00:00
import logging
import zlib
2024-01-19 19:37:17 +00:00
import pyroaring
2024-01-17 11:40:54 +00:00
from django.conf import settings
2024-01-19 19:37:17 +00:00
from django.urls import reverse_lazy
from django.views.generic.base import TemplateView
2023-10-09 08:49:56 +00:00
from django.contrib.auth import views as auth_views
2023-11-21 14:20:15 +00:00
from django.contrib.auth import login as auth_login
2024-01-19 19:37:17 +00:00
from django.utils.translation import gettext_lazy as _
from django.shortcuts import get_object_or_404, redirect
from django.contrib.auth.mixins import LoginRequiredMixin
from django.http import HttpResponseRedirect, HttpResponse, Http404
2024-01-15 09:34:42 +00:00
from idhub.models import DID, VerificableCredential
2024-01-19 19:37:17 +00:00
from idhub.email.views import NotifyActivateUserByEmail
2023-09-28 09:01:14 +00:00
2024-02-02 14:40:52 +00:00
logger = logging.getLogger(__name__)
2023-10-09 08:49:56 +00:00
class LoginView(auth_views.LoginView):
2023-09-29 16:06:17 +00:00
template_name = 'auth/login.html'
extra_context = {
'title': _('Login'),
2023-10-09 08:49:56 +00:00
'success_url': reverse_lazy('idhub:user_dashboard'),
2024-02-20 18:20:49 +00:00
'commit_id': settings.COMMIT,
2023-09-29 16:06:17 +00:00
}
2023-09-28 09:01:14 +00:00
2023-10-16 17:08:18 +00:00
def get(self, request, *args, **kwargs):
2024-01-12 16:22:28 +00:00
self.extra_context['success_url'] = request.GET.get(
'next',
reverse_lazy('idhub:user_dashboard')
)
2024-01-30 18:35:29 +00:00
if not self.request.user.is_anonymous:
if self.request.user.is_admin:
return redirect(reverse_lazy('idhub:admin_dashboard'))
else:
return redirect(reverse_lazy('idhub:user_dashboard'))
2023-10-16 17:08:18 +00:00
return super().get(request, *args, **kwargs)
2023-11-21 14:20:15 +00:00
def form_valid(self, form):
user = form.get_user()
2024-01-06 18:18:59 +00:00
auth_login(self.request, user)
if user.is_anonymous:
return redirect(reverse_lazy("idhub:login"))
2024-01-06 18:18:59 +00:00
if user.is_admin:
if settings.ENABLE_2FACTOR_AUTH:
2024-01-19 19:37:17 +00:00
self.request.session["2fauth"] = str(uuid.uuid4())
return redirect(reverse_lazy('idhub:confirm_send_2f'))
2024-01-03 19:14:04 +00:00
admin_dashboard = reverse_lazy('idhub:admin_dashboard')
self.extra_context['success_url'] = admin_dashboard
return redirect(self.extra_context['success_url'])
2024-01-15 09:34:42 +00:00
2024-01-04 11:43:24 +00:00
class PasswordResetConfirmView(auth_views.PasswordResetConfirmView):
template_name = 'auth/password_reset_confirm.html'
success_url = reverse_lazy('idhub:password_reset_complete')
def form_valid(self, form):
2024-02-02 14:40:52 +00:00
password = form.cleaned_data.get("new_password1")
user = form.user
user.set_password(password)
2024-01-04 11:43:24 +00:00
user.save()
return HttpResponseRedirect(self.success_url)
2024-01-17 13:11:47 +00:00
2024-02-02 14:40:52 +00:00
class PasswordResetView(auth_views.PasswordResetView):
template_name = 'auth/password_reset.html'
email_template_name = 'auth/password_reset_email.txt'
html_email_template_name = 'auth/password_reset_email.html'
subject_template_name = 'auth/password_reset_subject.txt'
success_url = reverse_lazy('idhub:password_reset_done')
def form_valid(self, form):
try:
return super().form_valid(form)
except Exception as err:
logger.error(err)
# url_error = reverse_lazy('idhub:password_reset_error')
# return HttpResponseRedirect(url_error)
return HttpResponseRedirect(self.success_url)
def ServeDidView(request, did_id):
2024-03-07 14:34:08 +00:00
domain = settings.DOMAIN
2024-02-05 18:44:54 +00:00
id_did = f'did:web:{domain}:did-registry:{did_id}'
2024-01-16 13:00:59 +00:00
did = get_object_or_404(DID, did=id_did)
# Deserialize the base DID from JSON storage
document = json.loads(did.didweb_document)
# Has this DID issued any Verifiable Credentials? If so, we need to add a Revocation List "service"
# entry to the DID document.
2024-02-05 18:44:54 +00:00
revoked_credentials = did.vcredentials.filter(status=VerificableCredential.Status.REVOKED)
revoked_credential_indexes = []
for credential in revoked_credentials:
revoked_credential_indexes.append(credential.id)
# revoked_credential_indexes.append(credential.revocationBitmapIndex)
# TODO: Conditionally add "service" to DID document only if the DID has issued any VC
revocation_bitmap = pyroaring.BitMap(revoked_credential_indexes)
2024-02-14 17:35:34 +00:00
encoded_revocation_bitmap = base64.b64encode(
zlib.compress(
revocation_bitmap.serialize()
)
).decode('utf-8')
2024-02-05 18:44:54 +00:00
revocation_service = [{ # This is an object within a list.
"id": f"{id_did}#revocation",
"type": "RevocationBitmap2022",
"serviceEndpoint": f"data:application/octet-stream;base64,{encoded_revocation_bitmap}"
}]
document["service"] = revocation_service
# Serialize the DID + Revocation list in preparation for sending
document = json.dumps(document)
2024-01-15 09:34:42 +00:00
retval = HttpResponse(document)
retval.headers["Content-Type"] = "application/json"
return retval
2024-01-19 19:37:17 +00:00
class DobleFactorSendView(LoginRequiredMixin, NotifyActivateUserByEmail, TemplateView):
template_name = 'auth/2fadmin.html'
subject_template_name = 'auth/2fadmin_email_subject.txt'
email_template_name = 'auth/2fadmin_email.txt'
html_email_template_name = 'auth/2fadmin_email.html'
def get(self, request, *args, **kwargs):
if not request.user.is_admin:
raise Http404
f2auth = self.request.session.get("2fauth")
if not f2auth:
raise Http404
self.send_email(self.request.user, token=f2auth)
return super().get(request, *args, **kwargs)