diff --git a/oidc4vp/models.py b/oidc4vp/models.py index e26464a..5432aa3 100644 --- a/oidc4vp/models.py +++ b/oidc4vp/models.py @@ -75,6 +75,12 @@ class Authorization(models.Model): The Verifier need to do a redirection to the user to Wallet. The code we use as a soft foreing key between Authorization and OAuth2VPToken. """ + nonce = models.CharField(max_length=50) + expected_credentials = models.CharField(max_length=255) + expected_contents = models.TextField() + action = models.TextField() + response_or_redirect = models.CharField(max_length=255) + code = models.CharField(max_length=24, default=set_code) created = models.DateTimeField(auto_now=True) presentation_definition = models.CharField(max_length=250) @@ -142,3 +148,25 @@ class OAuth2VPToken(models.Model): def verifing(self): pass + +class VPVerifyRequest(models.Model): + """ + `nonce` is an opaque random string used to lookup verification requests. URL-safe. + Example: "UPBQ3JE2DGJYHP5CPSCRIGTHRTCYXMQPNQ" + `expected_credentials` is a JSON list of credential types that must be present in this VP. + Example: ["FinancialSituationCredential", "HomeConnectivitySurveyCredential"] + `expected_contents` is a JSON object that places optional constraints on the contents of the + returned VP. + Example: [{"FinancialSituationCredential": {"financial_vulnerability_score": "7"}}] + `action` is (for now) a JSON object describing the next steps to take if this verification + is successful. For example "send mail to with and " + Example: {"action": "send_mail", "params": {"to": "orders@somconnexio.coop", "subject": "New client", "body": ...} + `response` is a URL that the user's wallet will redirect the user to. + `submitted_on` is used (by a cronjob) to purge old entries that didn't complete verification + """ + nonce = models.CharField(max_length=50) + expected_credentials = models.CharField(max_length=255) + expected_contents = models.TextField() + action = models.TextField() + response_or_redirect = models.CharField(max_length=255) + submitted_on = models.DateTimeField(auto_now=True) diff --git a/oidc4vp/views.py b/oidc4vp/views.py index 42e1a58..486f4f7 100644 --- a/oidc4vp/views.py +++ b/oidc4vp/views.py @@ -1,17 +1,49 @@ -from django.shortcuts import render +import json -class PeopleEditView(People, FormView): - template_name = "idhub/admin/user_edit.html" - form_class = ProfileForm - success_url = reverse_lazy('idhub:admin_people_list') +from django.core.mail import send_mail +from django.http import HttpResponse, HttpResponseRedirect + +from utils.idhub_ssikit import verify_presentation +from .models import VPVerifyRequest +from django.shortcuts import get_object_or_404 +from more_itertools import flatten, unique_everseen - def form_valid(self, form): - user = form.save() - messages.success(self.request, _('The credential was sended successfully')) - # Event.set_EV_USR_UPDATED_BY_ADMIN(user) - # Event.set_EV_USR_UPDATED(user) - - return super().form_valid(form) - +def verify(request): + assert request.method == "POST" + # TODO: incorporate request.POST["presentation_submission"] as schema definition + (presentation_valid, _) = verify_presentation(request.POST["vp_token"]) + if not presentation_valid: + raise Exception("Failed to verify signature on the given Verifiable Presentation.") + vp = json.loads(request.POST["vp_token"]) + nonce = vp["nonce"] + # "vr" = verification_request + vr = get_object_or_404(VPVerifyRequest, nonce=nonce) # TODO: return meaningful error, not 404 + # Get a list of all included verifiable credential types + included_credential_types = unique_everseen(flatten([ + vc["type"] for vc in vp["verifiableCredential"] + ])) + # Check that it matches what we requested + for requested_vc_type in json.loads(vr.expected_credentials): + if requested_vc_type not in included_credential_types: + raise Exception("You're missing some credentials we requested!") # TODO: return meaningful error + # Perform whatever action we have to do + action = json.loads(vr.action) + if action["action"] == "send_mail": + subject = action["params"]["subject"] + to_email = action["params"]["to"] + from_email = "noreply@verifier-portal" + body = request.POST["vp-token"] + send_mail( + subject, + body, + from_email, + [to_email] + ) + elif action["action"] == "something-else": + pass + else: + raise Exception("Unknown action!") + # OK! Your verifiable presentation was successfully presented. + return HttpResponseRedirect(vr.response_or_redirect)