import json import ujson import pytz import hashlib import datetime from collections import OrderedDict from django.db import models from django.conf import settings from django.core.cache import cache from django.template.loader import get_template from django.utils.translation import gettext_lazy as _ from nacl import secret from utils.idhub_ssikit import ( generate_did_controller_key, keydid_from_controller_key, sign_credential, webdid_from_controller_key, ) from idhub_auth.models import User class Event(models.Model): class Types(models.IntegerChoices): EV_USR_REGISTERED = 1, "User registered" EV_USR_WELCOME = 2, "User welcomed" EV_DATA_UPDATE_REQUESTED_BY_USER = 3, "Data update requested by user" EV_DATA_UPDATE_REQUESTED = 4, "Data update requested. Pending approval by administrator" EV_USR_UPDATED_BY_ADMIN = 5, "User's data updated by admin" EV_USR_UPDATED = 6, "Your data updated by admin" EV_USR_DELETED_BY_ADMIN = 7, "User deactivated by admin" EV_DID_CREATED_BY_USER = 8, "DID created by user" EV_DID_CREATED = 9, "DID created" EV_DID_DELETED = 10, "DID deleted" EV_CREDENTIAL_DELETED_BY_USER = 11, "Credential deleted by user" EV_CREDENTIAL_DELETED = 12, "Credential deleted" EV_CREDENTIAL_ISSUED_FOR_USER = 13, "Credential issued for user" EV_CREDENTIAL_ISSUED = 14, "Credential issued" EV_CREDENTIAL_PRESENTED_BY_USER = 15, "Credential presented by user" EV_CREDENTIAL_PRESENTED = 16, "Credential presented" EV_CREDENTIAL_ENABLED = 17, "Credential enabled" EV_CREDENTIAL_CAN_BE_REQUESTED = 18, "Credential available" EV_CREDENTIAL_REVOKED_BY_ADMIN = 19, "Credential revoked by admin" EV_CREDENTIAL_REVOKED = 20, "Credential revoked" EV_ROLE_CREATED_BY_ADMIN = 21, "Role created by admin" EV_ROLE_MODIFIED_BY_ADMIN = 22, "Role modified by admin" EV_ROLE_DELETED_BY_ADMIN = 23, "Role deleted by admin" EV_SERVICE_CREATED_BY_ADMIN = 24, "Service created by admin" EV_SERVICE_MODIFIED_BY_ADMIN = 25, "Service modified by admin" EV_SERVICE_DELETED_BY_ADMIN = 26, "Service deleted by admin" EV_ORG_DID_CREATED_BY_ADMIN = 27, "Organisational DID created by admin" EV_ORG_DID_DELETED_BY_ADMIN = 28, "Organisational DID deleted by admin" EV_USR_DEACTIVATED_BY_ADMIN = 29, "User deactivated" EV_USR_ACTIVATED_BY_ADMIN = 30, "User activated" created = models.DateTimeField(_("Date"), auto_now=True) message = models.CharField(_("Description"), max_length=350) type = models.PositiveSmallIntegerField( _("Event"), choices=Types.choices, ) user = models.ForeignKey( User, on_delete=models.CASCADE, related_name='events', null=True, ) def get_type_name(self): return self.Types(self.type).label @classmethod def set_EV_USR_REGISTERED(cls, user): msg = _("The user {username} was registered: name: {first_name}, last name: {last_name}").format( username=user.username, first_name=user.first_name, last_name=user.last_name ) cls.objects.create( type=cls.Types.EV_USR_REGISTERED, message=msg ) @classmethod def set_EV_USR_WELCOME(cls, user): msg = _("Welcome. You has been registered: name: {first_name}, last name: {last_name}").format( first_name=user.first_name, last_name=user.last_name ) cls.objects.create( type=cls.Types.EV_USR_WELCOME, message=msg, user=user ) # Is required? @classmethod def set_EV_DATA_UPDATE_REQUESTED_BY_USER(cls, user): msg = _("The user '{username}' has request the update of the following information: ") msg += "['field1':'value1', 'field2':'value2'>,...]".format( username=user.username, ) cls.objects.create( type=cls.Types.EV_DATA_UPDATE_REQUESTED_BY_USER, message=msg, ) # Is required? @classmethod def set_EV_DATA_UPDATE_REQUESTED(cls, user): msg = _("You have requested the update of the following information: ") msg += "['field1':'value1', 'field2':'value2'>,...]" cls.objects.create( type=cls.Types.EV_DATA_UPDATE_REQUESTED, message=msg, user=user ) @classmethod def set_EV_USR_UPDATED_BY_ADMIN(cls, user): msg = "The admin has updated the following user 's information: " msg += "name: {first_name}, last name: {last_name}" msg = _(msg).format( first_name=user.first_name, last_name=user.last_name ) cls.objects.create( type=cls.Types.EV_USR_UPDATED_BY_ADMIN, message=msg ) @classmethod def set_EV_USR_UPDATED(cls, user): msg = "The admin has updated your personal information: " msg += "name: {first_name}, last name: {last_name}" msg = _(msg).format( first_name=user.first_name, last_name=user.last_name ) cls.objects.create( type=cls.Types.EV_USR_UPDATED, message=msg, user=user ) @classmethod def set_EV_USR_DELETED_BY_ADMIN(cls, user): msg = _("The admin has deleted the user: username: {username}").format( username=user.username, ) cls.objects.create( type=cls.Types.EV_USR_DELETED_BY_ADMIN, message=msg ) @classmethod def set_EV_DID_CREATED_BY_USER(cls, did): msg = _("New DID with DID-ID: '{did}' created by user '{username}'").format( did=did.did, username=did.user.username ) cls.objects.create( type=cls.Types.EV_DID_CREATED_BY_USER, message=msg, ) @classmethod def set_EV_DID_CREATED(cls, did): msg = _("New DID with label: '{label}' and DID-ID: '{did}' was created'").format( label=did.label, did=did.did ) cls.objects.create( type=cls.Types.EV_DID_CREATED, message=msg, user=did.user ) @classmethod def set_EV_DID_DELETED(cls, did): msg = _("The DID with label '{label}' and DID-ID: '{did}' was deleted from your wallet").format( label=did.label, did=did.did ) cls.objects.create( type=cls.Types.EV_DID_DELETED, message=msg, user=did.user ) @classmethod def set_EV_CREDENTIAL_DELETED_BY_ADMIN(cls, cred): msg = _("The credential of type '{type}' and ID: '{id}' was deleted").format( type=cred.type(), id=cred.id, ) cls.objects.create( type=cls.Types.EV_CREDENTIAL_DELETED_BY_ADMIN, message=msg, ) @classmethod def set_EV_CREDENTIAL_DELETED(cls, cred): msg = _("The credential of type '{type}' and ID: '{id}' was deleted from your wallet").format( type=cred.type(), id=cred.id ) cls.objects.create( type=cls.Types.EV_CREDENTIAL_DELETED, message=msg, user=cred.user ) @classmethod def set_EV_CREDENTIAL_ISSUED_FOR_USER(cls, cred): msg = _("The credential of type '{type}' and ID: '{id}' was issued for user {username}").format( type=cred.type(), id=cred.id, username=cred.user.username ) cls.objects.create( type=cls.Types.EV_CREDENTIAL_ISSUED_FOR_USER, message=msg, ) @classmethod def set_EV_CREDENTIAL_ISSUED(cls, cred): msg = _("The credential of type '{type}' and ID: '{id}' was issued and stored in your wallet").format( type=cred.type(), id=cred.id ) cls.objects.create( type=cls.Types.EV_CREDENTIAL_ISSUED, message=msg, user=cred.user ) @classmethod def set_EV_CREDENTIAL_PRESENTED_BY_USER(cls, cred, verifier): msg = "The credential of type '{type}' and ID: '{id}' " msg += "was presented by user {username} to verifier '{verifier}" msg = _(msg).format( type=cred.type(), id=cred.id, username=cred.user.username, verifier=verifier ) cls.objects.create( type=cls.Types.EV_CREDENTIAL_PRESENTED_BY_USER, message=msg, ) @classmethod def set_EV_CREDENTIAL_PRESENTED(cls, cred, verifier): msg = "The credential of type '{type}' and ID: '{id}' " msg += "was presented to verifier '{verifier}'" msg = _(msg).format( type=cred.type(), id=cred.id, verifier=verifier ) cls.objects.create( type=cls.Types.EV_CREDENTIAL_PRESENTED, message=msg, user=cred.user ) @classmethod def set_EV_CREDENTIAL_ENABLED(cls, cred): msg = _("The credential of type '{type}' was enabled for user {username}").format( type=cred.type(), username=cred.user.username ) cls.objects.create( type=cls.Types.EV_CREDENTIAL_ENABLED, message=msg, ) @classmethod def set_EV_CREDENTIAL_CAN_BE_REQUESTED(cls, cred): msg = _("You can request the '{type}' credential").format( type=cred.type() ) cls.objects.create( type=cls.Types.EV_CREDENTIAL_CAN_BE_REQUESTED, message=msg, user=cred.user ) @classmethod def set_EV_CREDENTIAL_REVOKED_BY_ADMIN(cls, cred): msg = _("The credential of type '{type}' and ID: '{id}' was revoked for ").format( type=cred.type(), id=cred.id ) cls.objects.create( type=cls.Types.EV_CREDENTIAL_REVOKED_BY_ADMIN, message=msg, ) @classmethod def set_EV_CREDENTIAL_REVOKED(cls, cred): msg = _("The credential of type '{type}' and ID: '{id}' was revoked by admin").format( type=cred.type(), id=cred.id ) cls.objects.create( type=cls.Types.EV_CREDENTIAL_REVOKED, message=msg, user=cred.user ) @classmethod def set_EV_ROLE_CREATED_BY_ADMIN(cls): msg = _('A new role was created by admin') cls.objects.create( type=cls.Types.EV_ROLE_CREATED_BY_ADMIN, message=msg, ) @classmethod def set_EV_ROLE_MODIFIED_BY_ADMIN(cls): msg = _('The role was modified by admin') cls.objects.create( type=cls.Types.EV_ROLE_MODIFIED_BY_ADMIN, message=msg, ) @classmethod def set_EV_ROLE_DELETED_BY_ADMIN(cls): msg = _('The role was removed by admin') cls.objects.create( type=cls.Types.EV_ROLE_DELETED_BY_ADMIN, message=msg, ) @classmethod def set_EV_SERVICE_CREATED_BY_ADMIN(cls): msg = _('A new service was created by admin') cls.objects.create( type=cls.Types.EV_SERVICE_CREATED_BY_ADMIN, message=msg, ) @classmethod def set_EV_SERVICE_MODIFIED_BY_ADMIN(cls): msg = _('The service was modified by admin') cls.objects.create( type=cls.Types.EV_SERVICE_MODIFIED_BY_ADMIN, message=msg, ) @classmethod def set_EV_SERVICE_DELETED_BY_ADMIN(cls): msg = _('The service was removed by admin') cls.objects.create( type=cls.Types.EV_SERVICE_DELETED_BY_ADMIN, message=msg, ) @classmethod def set_EV_ORG_DID_CREATED_BY_ADMIN(cls, did): msg = _("New Organisational DID with label: '{label}' and DID-ID: '{did}' was created").format( label=did.label, did=did.did ) cls.objects.create( type=cls.Types.EV_ORG_DID_CREATED_BY_ADMIN, message=msg, ) @classmethod def set_EV_ORG_DID_DELETED_BY_ADMIN(cls, did): msg = _("Organisational DID with label: '{label}' and DID-ID: '{did}' was removed").format( label=did.label, did=did.did ) cls.objects.create( type=cls.Types.EV_ORG_DID_DELETED_BY_ADMIN, message=msg, ) @classmethod def set_EV_USR_DEACTIVATED_BY_ADMIN(cls, user): msg = "The user '{username}' was temporarily deactivated: " msg += "[name:'{first_name}', last name:'{last_name}']" msg = _(msg).format( username=user.username, first_name=user.first_name, last_name=user.last_name ) cls.objects.create( type=cls.Types.EV_USR_DEACTIVATED_BY_ADMIN, message=msg, ) @classmethod def set_EV_USR_ACTIVATED_BY_ADMIN(cls, user): msg = "The user '{username}' was activated: " msg += "name:'{first_name}', last name:'{last_name}']" msg = _(msg).format( username=user.username, first_name=user.first_name, last_name=user.last_name ) cls.objects.create( type=cls.Types.EV_USR_ACTIVATED_BY_ADMIN, message=msg, ) class DID(models.Model): class Types(models.IntegerChoices): KEY = 1, "Key" WEB = 2, "Web" type = models.PositiveSmallIntegerField( _("Type"), choices=Types.choices, ) created_at = models.DateTimeField(auto_now=True) label = models.CharField(_("Label"), max_length=50) did = models.CharField(max_length=250) # In JWK format. Must be stored as-is and passed whole to library functions. # Example key material: # '{"kty":"OKP","crv":"Ed25519","x":"oB2cPGFx5FX4dtS1Rtep8ac6B__61HAP_RtSzJdPxqs","d":"OJw80T1CtcqV0hUcZdcI-vYNBN1dlubrLaJa0_se_gU"}' key_material = models.TextField() eidas1 = models.BooleanField(default=False) user = models.ForeignKey( User, on_delete=models.CASCADE, related_name='dids', null=True, ) didweb_document = models.TextField() def get_key_material(self, password): return self.user.decrypt_data(self.key_material, password) def set_key_material(self, value, password): self.key_material = self.user.encrypt_data(value, password) @property def is_organization_did(self): if not self.user: return True return False def set_did(self, password): new_key_material = generate_did_controller_key() self.set_key_material(new_key_material, password) if self.type == self.Types.KEY: self.did = keydid_from_controller_key(new_key_material) elif self.type == self.Types.WEB: didurl, document = webdid_from_controller_key(new_key_material) self.did = didurl self.didweb_document = document def get_key(self): return json.loads(self.key_material) class Schemas(models.Model): type = models.CharField(max_length=250) file_schema = models.CharField(max_length=250) data = models.TextField() created_at = models.DateTimeField(auto_now=True) @property def get_schema(self): if not self.data: return {} return json.loads(self.data) def name(self, request=None): names = {} for name in self.get_schema.get('name', []): lang = name.get('lang') if 'ca' in lang: lang = 'ca' names[lang]= name.get('value') if request and request.LANGUAGE_CODE in names.keys(): return names[request.LANGUAGE_CODE] return names[settings.LANGUAGE_CODE] def description(self): return self.get_schema.get('description', '') class VerificableCredential(models.Model): """ Definition of Verificable Credentials """ class Status(models.IntegerChoices): ENABLED = 1, _("Enabled") ISSUED = 2, _("Issued") REVOKED = 3, _("Revoked") EXPIRED = 4, _("Expired") id_string = models.CharField(max_length=250) verified = models.BooleanField() created_on = models.DateTimeField(auto_now=True) issued_on = models.DateTimeField(null=True) data = models.TextField() csv_data = models.TextField() hash = models.CharField(max_length=260) status = models.PositiveSmallIntegerField( choices=Status.choices, default=Status.ENABLED ) user = models.ForeignKey( User, on_delete=models.CASCADE, related_name='vcredentials', ) subject_did = models.ForeignKey( DID, on_delete=models.CASCADE, related_name='subject_credentials', null=True ) issuer_did = models.ForeignKey( DID, on_delete=models.CASCADE, related_name='vcredentials', ) eidas1_did = models.ForeignKey( DID, on_delete=models.CASCADE, null=True ) schema = models.ForeignKey( Schemas, on_delete=models.CASCADE, related_name='vcredentials', ) def get_data(self, password): if not self.data: return "" if self.eidas1_did: return self.data return self.user.decrypt_data(self.data, password) def set_data(self, value, password): self.data = self.user.encrypt_data(value, password) def type(self): return self.schema.type def description(self): for des in json.loads(self.render("")).get('description', []): if settings.LANGUAGE_CODE in des.get('lang'): return des.get('value', '') return '' def get_type(self, lang=None): schema = json.loads(self.schema.data) if not schema.get('name'): return '' try: for x in schema['name']: if lang or settings.LANGUAGE_CODE in x['lang']: return x.get('value', '') except: return self.schema.type return '' def get_status(self): return self.Status(self.status).label def get_datas(self): data = json.loads(self.csv_data).items() return data def issue(self, did, password, domain=settings.DOMAIN.strip("/")): if self.status == self.Status.ISSUED: return self.status = self.Status.ISSUED self.subject_did = did self.issued_on = datetime.datetime.now().astimezone(pytz.utc) issuer_pass = cache.get("KEY_DIDS") # issuer_pass = self.user.decrypt_data( # cache.get("KEY_DIDS"), # settings.SECRET_KEY, # ) # hash of credential without sign self.hash = hashlib.sha3_256(self.render(domain).encode()).hexdigest() data = sign_credential( self.render(domain), self.issuer_did.get_key_material(issuer_pass) ) if self.eidas1_did: self.data = data else: self.data = self.user.encrypt_data(data, password) def get_context(self, domain): d = json.loads(self.csv_data) issuance_date = '' if self.issued_on: format = "%Y-%m-%dT%H:%M:%SZ" issuance_date = self.issued_on.strftime(format) cred_path = 'credentials' sid = self.id if self.eidas1_did: cred_path = 'public/credentials' sid = self.hash url_id = "{}/{}/{}".format( domain, cred_path, sid ) context = { 'vc_id': url_id, 'issuer_did': self.issuer_did.did, 'subject_did': self.subject_did and self.subject_did.did or '', 'issuance_date': issuance_date, 'firstName': self.user.first_name or "", 'lastName': self.user.last_name or "", 'email': self.user.email, 'organisation': settings.ORGANIZATION or '', } context.update(d) context['firstName'] = "" return context def render(self, domain): context = self.get_context(domain) template_name = 'credentials/{}'.format( self.schema.file_schema ) tmpl = get_template(template_name) d_ordered = ujson.loads(tmpl.render(context)) d_minimum = self.filter_dict(d_ordered) return ujson.dumps(d_minimum) def get_issued_on(self): if self.issued_on: return self.issued_on.strftime("%m/%d/%Y") return '' def filter_dict(self, dic): new_dict = OrderedDict() for key, value in dic.items(): if isinstance(value, dict): new_value = self.filter_dict(value) if new_value: new_dict[key] = new_value elif value: new_dict[key] = value return new_dict class VCTemplate(models.Model): wkit_template_id = models.CharField(max_length=250) data = models.TextField() class File_datas(models.Model): file_name = models.CharField(max_length=250) success = models.BooleanField(default=True) created_at = models.DateTimeField(auto_now=True) class Membership(models.Model): """ This model represent the relation of this user with the ecosystem. """ class Types(models.IntegerChoices): BENEFICIARY = 1, _('Beneficiary') EMPLOYEE = 2, _('Employee') MEMBER = 3, _('Member') type = models.PositiveSmallIntegerField(_('Type of membership'), choices=Types.choices) start_date = models.DateField( _('Start date'), help_text=_('What date did the membership start?'), blank=True, null=True ) end_date = models.DateField( _('End date'), help_text=_('What date will the membership end?'), blank=True, null=True ) user = models.ForeignKey( User, on_delete=models.CASCADE, related_name='memberships', ) def get_type(self): return dict(self.Types.choices).get(self.type) class Rol(models.Model): name = models.CharField(_("name"), max_length=250) description = models.CharField(_("Description"), max_length=250, null=True) def __str__(self): return self.name class Service(models.Model): domain = models.CharField(_("Domain"), max_length=250) description = models.CharField(_("Description"), max_length=250) rol = models.ManyToManyField( Rol, ) def get_roles(self): if self.rol.exists(): return ", ".join([x.name for x in self.rol.all()]) return _("None") def __str__(self): return "{} -> {}".format(self.domain, self.get_roles()) class UserRol(models.Model): user = models.ForeignKey( User, on_delete=models.CASCADE, related_name='roles', ) service = models.ForeignKey( Service, verbose_name=_("Service"), on_delete=models.CASCADE, related_name='users', ) class Meta: unique_together = ('user', 'service',)