signed if is authorized

2025-01-24 12:59:50 +01:00 · 2025-01-24 12:59:50 +01:00 · b6ea07cff0
parent d3d116a7e9
commit b6ea07cff0
2 changed files with 20 additions and 8 deletions
--- a/idhub/models.py
+++ b/idhub/models.py
@ -684,6 +684,14 @@ class VerificableCredential(models.Model):
        if self.status == self.Status.ISSUED:
            return

+        supported = False
+        for name in self.schema.get_schema.get("name"):
+            if name.get("value") in settings.SUPPORTED_CREDENTIALS:
+                supported = True
+
+        if not supported:
+            return
+
        self.subject_did = did
        self.issued_on = datetime.datetime.now().astimezone(pytz.utc)

--- a/webhook/views.py
+++ b/webhook/views.py
@ -5,6 +5,7 @@ from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic.edit import DeleteView
 from django.views.generic.base import View
+from django.core.cache import cache
 from django.http import JsonResponse
 from django_tables2 import SingleTableView
 from pyvckit.verify import verify_vp, verify_vc
@ -20,6 +21,10 @@ from webhook.tables import TokensTable
@csrf_exempt
 def webhook_verify(request):
    if request.method == 'POST':
+        user = User.objects.filter(is_admin=True).first()
+        if not cache.get("KEY_DIDS") or not user.accept_gdpr:
+            return JsonResponse({'error': 'Temporary out of service'}, status=400)
+
        auth_header = request.headers.get('Authorization')
        if not auth_header or not auth_header.startswith('Bearer '):
            return JsonResponse({'error': 'Invalid or missing token'}, status=401)
@ -29,10 +34,6 @@ def webhook_verify(request):
        if not tk:
            return JsonResponse({'error': 'Invalid or missing token'}, status=401)

-        user = User.objects.filter(is_admin=True).first()
-        if not user.accept_gdpr:
-            return JsonResponse({'error': 'Temporary out of service'}, status=400)
-
        try:
            data = json.loads(request.body)
        except json.JSONDecodeError:
@ -60,6 +61,10 @@ def webhook_verify(request):
@csrf_exempt
 def webhook_issue(request):
    if request.method == 'POST':
+        user = User.objects.filter(is_admin=True).first()
+        if not cache.get("KEY_DIDS") or not user.accept_gdpr:
+            return JsonResponse({'error': 'Temporary out of service'}, status=400)
+
        auth_header = request.headers.get('Authorization')
        if not auth_header or not auth_header.startswith('Bearer '):
            return JsonResponse({'error': 'Invalid or missing token'}, status=401)
@ -93,10 +98,6 @@ def webhook_issue(request):
        if not schema:
            return JsonResponse({'error': 'Invalid credential'}, status=400)

-        user = User.objects.filter(is_admin=True).first()
-        if not user.accept_gdpr:
-            return JsonResponse({'error': 'Temporary out of service'}, status=400)
-
        cred = VerificableCredential(
            csv_data=vc,
            issuer_did=did,
@ -107,6 +108,9 @@ def webhook_issue(request):
        cred.set_type()
        vc_signed = cred.issue(did, domain=request.get_host(), save=save)

+        if not vc_signed:
+            return JsonResponse({'error': 'Invalid credential'}, status=400)
+
        return JsonResponse({'status': 'success', "data": vc_signed}, status=200)

        return JsonResponse({'status': 'fail'}, status=200)