allow code

This commit is contained in:
Cayo Puigdefabregas 2023-12-07 18:10:04 +01:00
parent 753e1f6d1a
commit 914d408ded
8 changed files with 277 additions and 144 deletions

View File

@ -9,6 +9,7 @@ from django.core.exceptions import ValidationError
from utils.idhub_ssikit import create_verifiable_presentation from utils.idhub_ssikit import create_verifiable_presentation
from oidc4vp.models import Organization from oidc4vp.models import Organization
from idhub.models import VerificableCredential
class AuthorizeForm(forms.Form): class AuthorizeForm(forms.Form):
@ -17,12 +18,14 @@ class AuthorizeForm(forms.Form):
self.data = kwargs.get('data', {}).copy() self.data = kwargs.get('data', {}).copy()
self.user = kwargs.pop('user', None) self.user = kwargs.pop('user', None)
self.org = kwargs.pop('org', None) self.org = kwargs.pop('org', None)
self.code = kwargs.pop('code', None)
self.presentation_definition = kwargs.pop('presentation_definition', []) self.presentation_definition = kwargs.pop('presentation_definition', [])
reg = r'({})'.format('|'.join(self.presentation_definition)) reg = r'({})'.format('|'.join(self.presentation_definition))
self.credentials = self.user.vcredentials.filter( self.credentials = self.user.vcredentials.filter(
schema__type__iregex=reg schema__type__iregex=reg,
status=VerificableCredential.Status.ISSUED.value
) )
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
for vp in self.presentation_definition: for vp in self.presentation_definition:
@ -46,6 +49,10 @@ class AuthorizeForm(forms.Form):
self.list_credentials.append(c) self.list_credentials.append(c)
if not self.code:
txt = _("There isn't code in request")
raise ValidationError(txt)
return data return data
def save(self, commit=True): def save(self, commit=True):
@ -55,7 +62,7 @@ class AuthorizeForm(forms.Form):
self.get_verificable_presentation() self.get_verificable_presentation()
if commit: if commit:
return self.org.send(self.vp) return self.org.send(self.vp, self.code)
return return

View File

@ -4,8 +4,10 @@ import secrets
from django.conf import settings from django.conf import settings
from django.http import QueryDict from django.http import QueryDict
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from django.shortcuts import get_object_or_404
from idhub_auth.models import User from idhub_auth.models import User
from django.db import models from django.db import models
from utils.idhub_ssikit import verify_presentation
SALT_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" SALT_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
@ -63,7 +65,7 @@ class Organization(models.Model):
max_length=250 max_length=250
) )
def send(self, vp): def send(self, vp, code):
""" """
Send the verificable presentation to Verifier Send the verificable presentation to Verifier
""" """
@ -72,6 +74,9 @@ class Organization(models.Model):
) )
auth = (self.my_client_id, self.my_client_secret) auth = (self.my_client_id, self.my_client_secret)
data = {"vp_token": vp} data = {"vp_token": vp}
if code:
data["code"] = code
return requests.post(url, data=data, auth=auth) return requests.post(url, data=data, auth=auth)
def demand_authorization(self): def demand_authorization(self):
@ -100,13 +105,8 @@ class Authorization(models.Model):
The Verifier need to do a redirection to the user to Wallet. The Verifier need to do a redirection to the user to Wallet.
The code we use as a soft foreing key between Authorization and OAuth2VPToken. The code we use as a soft foreing key between Authorization and OAuth2VPToken.
""" """
# nonce = models.CharField(max_length=50)
# expected_credentials = models.CharField(max_length=255)
# expected_contents = models.TextField()
# action = models.TextField()
# response_or_redirect = models.CharField(max_length=255)
code = models.CharField(max_length=24, default=set_code) code = models.CharField(max_length=24, default=set_code)
code_used = models.BooleanField()
created = models.DateTimeField(auto_now=True) created = models.DateTimeField(auto_now=True)
presentation_definition = models.CharField(max_length=250) presentation_definition = models.CharField(max_length=250)
organization = models.ForeignKey( organization = models.ForeignKey(
@ -121,19 +121,24 @@ class Authorization(models.Model):
null=True, null=True,
) )
def authorize(self): def authorize(self, path=None):
data = { data = {
"response_type": "vp_token", "response_type": "vp_token",
"response_mode": "direct_post", "response_mode": "direct_post",
"client_id": self.organization.my_client_id, "client_id": self.organization.my_client_id,
"presentation_definition": self.presentation_definition, "presentation_definition": self.presentation_definition,
"code": self.code,
"nonce": gen_salt(5), "nonce": gen_salt(5),
} }
query_dict = QueryDict('', mutable=True) query_dict = QueryDict('', mutable=True)
query_dict.update(data) query_dict.update(data)
response_uri = self.organization.response_uri.strip("/")
if path:
response_uri = "{}/{}".format(response_uri, path.strip("/"))
url = '{response_uri}/authorize?{params}'.format( url = '{response_uri}/authorize?{params}'.format(
response_uri=self.organization.response_uri.strip("/"), response_uri=response_uri,
params=query_dict.urlencode() params=query_dict.urlencode()
) )
return url return url
@ -145,9 +150,8 @@ class OAuth2VPToken(models.Model):
and the result of verify. and the result of verify.
""" """
created = models.DateTimeField(auto_now=True) created = models.DateTimeField(auto_now=True)
code = models.CharField(max_length=250) result_verify = models.CharField(max_length=255)
result_verify = models.BooleanField(max_length=250) vp_token = models.TextField()
presentation_definition = models.CharField(max_length=250)
organization = models.ForeignKey( organization = models.ForeignKey(
Organization, Organization,
on_delete=models.CASCADE, on_delete=models.CASCADE,
@ -163,31 +167,54 @@ class OAuth2VPToken(models.Model):
authorization = models.ForeignKey( authorization = models.ForeignKey(
Authorization, Authorization,
on_delete=models.SET_NULL, on_delete=models.SET_NULL,
related_name='oauth2vptoken',
null=True, null=True,
) )
def __init__(self, *args, **kwargs):
code = kwargs.pop("code", None)
super().__init__(*args, **kwargs)
self.authorization = get_object_or_404(
Authorization,
code=code
)
def verifing(self): def verifing(self):
pass self.result_verify = verify_presentation(self.vp_token)
def get_response_verify(self):
response = {
"verify": ',',
"redirect_uri": "",
"response": "",
}
verification = json.loads(self.result_verify)
if verification.get('errors') or verification.get('warnings'):
response["verify"] = "Error, Verification Failed"
return response
response["verify"] = "Ok, Verification correct"
response["redirect_uri"] = self.get_redirect_url()
return response
class VPVerifyRequest(models.Model): def get_redirect_url(self):
""" data = {
`nonce` is an opaque random string used to lookup verification requests. URL-safe. "code": self.authorization.code,
Example: "UPBQ3JE2DGJYHP5CPSCRIGTHRTCYXMQPNQ" }
`expected_credentials` is a JSON list of credential types that must be present in this VP. query_dict = QueryDict('', mutable=True)
Example: ["FinancialSituationCredential", "HomeConnectivitySurveyCredential"] query_dict.update(data)
`expected_contents` is a JSON object that places optional constraints on the contents of the
returned VP. response_uri = settings.ALLOW_CODE_URI
Example: [{"FinancialSituationCredential": {"financial_vulnerability_score": "7"}}]
`action` is (for now) a JSON object describing the next steps to take if this verification url = '{response_uri}?{params}'.format(
is successful. For example "send mail to <destination> with <subject> and <body>" response_uri=response_uri,
Example: {"action": "send_mail", "params": {"to": "orders@somconnexio.coop", "subject": "New client", "body": ...} params=query_dict.urlencode()
`response` is a URL that the user's wallet will redirect the user to. )
`submitted_on` is used (by a cronjob) to purge old entries that didn't complete verification return url
"""
nonce = models.CharField(max_length=50) def get_user_info(self):
expected_credentials = models.CharField(max_length=255) tk = json.loads(self.vp_token)
expected_contents = models.TextField() self.user_info = tk.get(
action = models.TextField() "verifiableCredential", [{}]
response_or_redirect = models.CharField(max_length=255) )[-1].get("credentialSubject")
submitted_on = models.DateTimeField(auto_now=True)

View File

@ -18,13 +18,6 @@ from oidc4vp.forms import AuthorizeForm
from utils.idhub_ssikit import verify_presentation from utils.idhub_ssikit import verify_presentation
# from django.core.mail import send_mail
# from django.http import HttpResponse, HttpResponseRedirect
# from oidc4vp.models import VPVerifyRequest
# from more_itertools import flatten, unique_everseen
class AuthorizeView(UserView, FormView): class AuthorizeView(UserView, FormView):
title = _("My wallet") title = _("My wallet")
section = "MyWallet" section = "MyWallet"
@ -37,10 +30,14 @@ class AuthorizeView(UserView, FormView):
def get_form_kwargs(self): def get_form_kwargs(self):
kwargs = super().get_form_kwargs() kwargs = super().get_form_kwargs()
kwargs['user'] = self.request.user kwargs['user'] = self.request.user
vps = self.request.GET.get('presentation_definition') try:
vps = json.loads(self.request.GET.get('presentation_definition'))
except:
vps = []
# import pdb; pdb.set_trace() # import pdb; pdb.set_trace()
kwargs['presentation_definition'] = json.loads(vps) kwargs['presentation_definition'] = vps
kwargs["org"] = self.get_org() kwargs["org"] = self.get_org()
kwargs["code"] = self.request.GET.get('code')
return kwargs return kwargs
def form_valid(self, form): def form_valid(self, form):
@ -90,11 +87,35 @@ class VerifyView(View):
organization=org, organization=org,
presentation_definition=presentation_definition presentation_definition=presentation_definition
) )
authorization.save()
res = json.dumps({"redirect_uri": authorization.authorize()}) res = json.dumps({"redirect_uri": authorization.authorize()})
return HttpResponse(res) return HttpResponse(res)
def validate(self, request): def post(self, request, *args, **kwargs):
# import pdb; pdb.set_trace() # import pdb; pdb.set_trace()
code = self.request.POST.get("code")
vp_tk = self.request.POST.get("vp_token")
if not vp_tk or not code:
raise Http404("Page not Found!")
org = self.validate(request)
vp_token = OAuth2VPToken(
vp_token = vp_tk,
organization=org,
code=code
)
vp_token.verifing()
response = vp_token.get_response_verify()
vp_token.save()
if response["redirect_uri"]:
response["response"] = "Validation Code 255255255"
return JsonResponse(response)
def validate(self, request):
auth_header = request.headers.get('Authorization', b'') auth_header = request.headers.get('Authorization', b'')
auth_data = auth_header.split() auth_data = auth_header.split()
@ -111,62 +132,21 @@ class VerifyView(View):
raise Http404("Page not Found!") raise Http404("Page not Found!")
def post(self, request, *args, **kwargs):
org = self.validate(request) class AllowCodeView(View):
vp_token = self.request.POST.get("vp_token") def get(self, request, *args, **kwargs):
if not vp_token: code = self.request.GET.get("code")
if not code:
raise Http404("Page not Found!")
self.authorization = get_object_or_404(
Authorization,
code=code,
code_used=False
)
if not self.authorization.promotions:
raise Http404("Page not Found!") raise Http404("Page not Found!")
response = self.get_response_verify() promotion = self.authorization.promotions[0]
result = verify_presentation(request.POST["vp_token"]) return redirect(promotion.get_url(code))
verification = json.loads(result)
if verification.get('errors') or verification.get('warnings'):
response["verify"] = "Error, Verification Failed"
return HttpResponse(response)
response["verify"] = "Ok, Verification correct"
response["response"] = "Validation Code 255255255"
return JsonResponse(response)
def get_response_verify(self):
return {
"verify": ',',
"redirect_uri": "",
"response": "",
}
# import pdb; pdb.set_trace()
# # TODO: incorporate request.POST["presentation_submission"] as schema definition
# (presentation_valid, _) = verify_presentation(request.POST["vp_token"])
# if not presentation_valid:
# raise Exception("Failed to verify signature on the given Verifiable Presentation.")
# vp = json.loads(request.POST["vp_token"])
# nonce = vp["nonce"]
# # "vr" = verification_request
# vr = get_object_or_404(VPVerifyRequest, nonce=nonce) # TODO: return meaningful error, not 404
# # Get a list of all included verifiable credential types
# included_credential_types = unique_everseen(flatten([
# vc["type"] for vc in vp["verifiableCredential"]
# ]))
# # Check that it matches what we requested
# for requested_vc_type in json.loads(vr.expected_credentials):
# if requested_vc_type not in included_credential_types:
# raise Exception("You're missing some credentials we requested!") # TODO: return meaningful error
# # Perform whatever action we have to do
# action = json.loads(vr.action)
# if action["action"] == "send_mail":
# subject = action["params"]["subject"]
# to_email = action["params"]["to"]
# from_email = "noreply@verifier-portal"
# body = request.POST["vp-token"]
# send_mail(
# subject,
# body,
# from_email,
# [to_email]
# )
# elif action["action"] == "something-else":
# pass
# else:
# raise Exception("Unknown action!")
# # OK! Your verifiable presentation was successfully presented.
# return HttpResponseRedirect(vr.response_or_redirect)

View File

@ -9,51 +9,55 @@ from django.utils.translation import gettext_lazy as _
from django.core.exceptions import ValidationError from django.core.exceptions import ValidationError
from utils.idhub_ssikit import create_verifiable_presentation from utils.idhub_ssikit import create_verifiable_presentation
from oidc4vp.models import Organization from oidc4vp.models import Organization, Authorization
class WalletForm(forms.Form): class WalletForm(forms.Form):
organization = forms.ChoiceField(choices=[])
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
self.presentation_definition = kwargs.pop('presentation_definition', []) self.presentation_definition = kwargs.pop('presentation_definition', [])
reg = r'({})'.format('|'.join(self.presentation_definition))
self.credentials = self.user.vcredentials.filter(
schema__type__iregex=reg
)
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
for vp in self.presentation_definition: self.fields['organization'].choices = [
vp = vp.lower() (x.id, x.name) for x in Organization.objects.filter()
choices = [ if x.response_uri != settings.RESPONSE_URI
(str(x.id), x.schema.type.lower()) for x in self.credentials.filter( ]
schema__type__iexact=vp)
]
self.fields[vp.lower()] = forms.ChoiceField(
widget=forms.RadioSelect,
choices=choices
)
def clean(self):
data = super().clean()
self.list_credentials = []
for c in self.credentials:
if str(c.id) == data.get(c.schema.type.lower()):
if c.status is not c.Status.ISSUED.value or not c.data:
txt = _('There are some problems with this credentials')
raise ValidationError(txt)
self.list_credentials.append(c)
return data
def save(self, commit=True): def save(self, commit=True):
if not self.list_credentials: self.org = Organization.objects.filter(
id=self.data['organization']
)
if not self.org.exists():
return return
self.get_verificable_presentation() self.org = self.org[0]
self.authorization = Authorization(
organization=self.org,
presentation_definition=self.presentation_definition,
)
self.promotion = Promotion(
discount = Promotion.Types.VULNERABLE.value,
authorize = self.authorization
)
if commit: if commit:
return self.org.send(self.vp) self.authorization.save()
self.promotion.save()
return return self.authorization.authorize()
return
class ContractForm(forms.Form):
nif = forms.CharField()
name = forms.CharField()
first_last_name = forms.CharField()
second_last_name = forms.CharField()
email = forms.CharField()
email_repeat = forms.CharField()
telephone = forms.CharField()
birthday = forms.CharField()
gen = forms.CharField()
lang = forms.CharField()

View File

@ -1,3 +1,26 @@
from django.db import models from django.db import models
from django.urls import reverse_lazy
from django.utils.translation import gettext_lazy as _
from oidc4vp.models import Authorization
# Create your models here.
class Promotion(models.Model):
class Types(models.IntegerChoices):
VULNERABLE = 1, _("Financial vulnerability")
name = models.CharField(max_length=250)
discount = models.PositiveSmallIntegerField(
choices=Types.choices,
)
authorize = models.ForeignKey(
Authorization,
on_delete=models.CASCADE,
related_name='promotions',
null=True,
)
def get_url(self, code):
url = "{}?code={}".format(
reverse_lazy("promotion:show_promotion"),
code
)

View File

@ -528,6 +528,32 @@ bt_experiments["19676"] = {"name":"A\/B Test Home 3 variants (oct. 2013)","conve
<article id="single-blocks" class="single-page-article wpex-clr"> <article id="single-blocks" class="single-page-article wpex-clr">
<div><h2><a href="{% url 'promotion:select_wallet' %}">Contractar amb credencial</a></h2></div> <div><h2><a href="{% url 'promotion:select_wallet' %}">Contractar amb credencial</a></h2></div>
{% load i18n %}
{% load django_bootstrap5 %}
<form role="form" method="post">
{% csrf_token %}
{% if form.errors %}
<div class="alert alert-danger alert-icon alert-icon-border alert-dismissible" role="alert">
<div class="icon"><span class="mdi mdi-close-circle-o"></span></div>
<div class="message">
{% for field, error in form.errors.items %}
{{ error }}<br />
{% endfor %}
<button class="btn-close" type="button" data-dismiss="alert" aria-label="Close"></button>
</div>
</div>
{% endif %}
<div class="row">
<div class="col-sm-4">
{% bootstrap_form form %}
</div>
</div>
<div class="form-actions-no-box">
<a class="btn btn-grey" href="{% url 'promotion:show_promotion' %}">{% trans "Cancel" %}</a>
<input class="btn btn-green-admin" type="submit" name="submit" value="{% trans 'Save' %}" />
</div>
</form>
</article> </article>
</div> </div>

File diff suppressed because one or more lines are too long

View File

@ -1,9 +1,12 @@
import json
from django.views.generic.edit import View, FormView from django.views.generic.edit import View, FormView
from django.shortcuts import redirect
from django.template.loader import get_template from django.template.loader import get_template
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.http import HttpResponse from django.http import HttpResponse
from promotion.forms import WalletForm from promotion.forms import WalletForm, ContractForm
class PromotionView(View): class PromotionView(View):
@ -16,15 +19,77 @@ class PromotionView(View):
return HttpResponse(template) return HttpResponse(template)
class PromotionMobile1View(FormView):
template_name = "somconnexio_contract.html"
promotion = None
vp_tokens = None
authorization = None
form_class = ContractForm
def get(self, request, *args, **kwargs):
code = self.request.GET.get("code")
self.get_discount(code)
self.context = {
"promotion": self.promotion,
"verificable_presentation": self.vp_token
}
template = get_template(
self.template_name,
).render()
return HttpResponse(template)
def get_form_kwargs(self):
kwargs = super().get_form_kwargs()
self.vp_token.get_user_info()
kwargs['verificable_presentation'] = self.vp_token
kwargs["nif"] = self.vp_token.user_info.get("nif", '')
kwargs["name"] = self.vp_token.user_info.get("name", '')
kwargs["first_last_name"] = self.vp_token.user_info.get("first_last_name", '')
kwargs["second_last_name"] = self.vp_token.user_info.get("second_last_name", '')
kwargs["email"] = self.vp_token.user_info.get("email", '')
kwargs["email_repeat"] = self.vp_token.user_info.get("email", '')
kwargs["telephone"] = self.vp_token.user_info.get("telephone", '')
kwargs["birthday"] = self.vp_token.user_info.get("birthday", '')
kwargs["gen"] = self.vp_token.user_info.get("gen", '')
kwargs["lang"] = self.vp_token.user_info.get("lang", '')
return kwargs
def form_valid(self, form):
url = form.save()
return redirect(url)
def get_discount(self, code):
self.authorization = Authorization.objects.filter(
code=code,
code_unused=False
).first()
if self.authorization:
if self.authorization.promotions:
self.promotion = self.authorization.promotionsp[-1]
if self.authorization.vp_tokens:
self.vp_tokens = self.authorization.vp_tokens[-1]
class SelectWalletView(FormView): class SelectWalletView(FormView):
template_name = "select_wallet.html" template_name = "select_wallet.html"
form_class = WalletForm form_class = WalletForm
success_url = reverse_lazy('promotion:select_wallet') success_url = reverse_lazy('promotion:select_wallet')
def get(self, request, *args, **kwargs): # def get(self, request, *args, **kwargs):
self.context = {} # self.context = {'form': fo}
template = get_template( # template = get_template(
self.template_name, # self.template_name,
# context # # context
).render() # ).render()
return HttpResponse(template) # return HttpResponse(template)
# def post(self, request, *args, **kwargs):
# super().post(request, *args, **kwargs)
def get_form_kwargs(self):
kwargs = super().get_form_kwargs()
kwargs['presentation_definition'] = json.dumps(["MemberShipCard"])
return kwargs
def form_valid(self, form):
url = form.save()
return redirect(url)