merge ssi

oidc4vp/models.py

@@ -75,6 +75,12 @@ class Authorization(models.Model):
       The Verifier need to do a redirection to the user to Wallet.
       The code we use as a soft foreing key between Authorization and OAuth2VPToken.
     """
+    nonce = models.CharField(max_length=50)
+    expected_credentials = models.CharField(max_length=255)
+    expected_contents = models.TextField()
+    action = models.TextField()
+    response_or_redirect = models.CharField(max_length=255)
+
     code = models.CharField(max_length=24, default=set_code)
     created = models.DateTimeField(auto_now=True)
     presentation_definition = models.CharField(max_length=250)
@@ -142,3 +148,25 @@ class OAuth2VPToken(models.Model):
     def verifing(self):
         pass
 
+
+class VPVerifyRequest(models.Model):
+    """
+    `nonce` is an opaque random string used to lookup verification requests. URL-safe.
+      Example: "UPBQ3JE2DGJYHP5CPSCRIGTHRTCYXMQPNQ"
+    `expected_credentials` is a JSON list of credential types that must be present in this VP.
+      Example: ["FinancialSituationCredential", "HomeConnectivitySurveyCredential"]
+    `expected_contents` is a JSON object that places optional constraints on the contents of the
+      returned VP.
+      Example: [{"FinancialSituationCredential": {"financial_vulnerability_score": "7"}}]
+    `action` is (for now) a JSON object describing the next steps to take if this verification
+      is successful. For example "send mail to <destination> with <subject> and <body>"
+      Example: {"action": "send_mail", "params": {"to": "orders@somconnexio.coop", "subject": "New client", "body": ...}
+    `response` is a URL that the user's wallet will redirect the user to.
+    `submitted_on` is used (by a cronjob) to purge old entries that didn't complete verification
+    """
+    nonce = models.CharField(max_length=50)
+    expected_credentials = models.CharField(max_length=255)
+    expected_contents = models.TextField()
+    action = models.TextField()
+    response_or_redirect = models.CharField(max_length=255)
+    submitted_on = models.DateTimeField(auto_now=True)

oidc4vp/views.py

@@ -1,17 +1,49 @@
-from django.shortcuts import render
+import json
 
-class PeopleEditView(People, FormView):
-    template_name = "idhub/admin/user_edit.html"
-    form_class = ProfileForm
-    success_url = reverse_lazy('idhub:admin_people_list')
+from django.core.mail import send_mail
+from django.http import HttpResponse, HttpResponseRedirect
+
+from utils.idhub_ssikit import verify_presentation
+from .models import VPVerifyRequest
+from django.shortcuts import get_object_or_404
+from more_itertools import flatten, unique_everseen
 
 
-    def form_valid(self, form):
-        user = form.save()
-        messages.success(self.request, _('The credential was sended successfully'))
-        # Event.set_EV_USR_UPDATED_BY_ADMIN(user)
-        # Event.set_EV_USR_UPDATED(user)
-
-        return super().form_valid(form)
-
+def verify(request):
+    assert request.method == "POST"
+    # TODO: incorporate request.POST["presentation_submission"] as schema definition
+    (presentation_valid, _) = verify_presentation(request.POST["vp_token"])
+    if not presentation_valid:
+        raise Exception("Failed to verify signature on the given Verifiable Presentation.")
+    vp = json.loads(request.POST["vp_token"])
+    nonce = vp["nonce"]
+    # "vr" = verification_request
+    vr = get_object_or_404(VPVerifyRequest, nonce=nonce)  # TODO: return meaningful error, not 404
+    # Get a list of all included verifiable credential types
+    included_credential_types = unique_everseen(flatten([
+        vc["type"] for vc in vp["verifiableCredential"]
+    ]))
+    # Check that it matches what we requested
+    for requested_vc_type in json.loads(vr.expected_credentials):
+        if requested_vc_type not in included_credential_types:
+            raise Exception("You're missing some credentials we requested!")  # TODO: return meaningful error
+    # Perform whatever action we have to do
+    action = json.loads(vr.action)
+    if action["action"] == "send_mail":
+        subject = action["params"]["subject"]
+        to_email = action["params"]["to"]
+        from_email = "noreply@verifier-portal"
+        body = request.POST["vp-token"]
+        send_mail(
+            subject,
+            body,
+            from_email,
+            [to_email]
+        )
+    elif action["action"] == "something-else":
+        pass
+    else:
+        raise Exception("Unknown action!")
+    # OK! Your verifiable presentation was successfully presented.
+    return HttpResponseRedirect(vr.response_or_redirect)