add Iota did and attributes

2023-11-06 13:23:47 +01:00 · 2023-11-06 13:23:47 +01:00 · ab4ec523c3
parent 20ee5ae411
commit ab4ec523c3
3 changed files with 71 additions and 0 deletions
--- a/ereuse_devicehub/config.py
+++ b/ereuse_devicehub/config.py
@ -99,6 +99,9 @@ class DevicehubConfig(Config):
    API_DLT_TOKEN = config('API_DLT_TOKEN', None)
    ID_FEDERATED = config('ID_FEDERATED', None)
    URL_MANUALS = config('URL_MANUALS', None)
+    ABAC_TOKEN = config('ABAC_TOKEN', None)
+    ABAC_COOKIE = config('ABAC_COOKIE', None)
+    ABAC_USER = config('ABAC_USER', None)

    """Definition of oauth jwt details."""
    OAUTH2_JWT_ENABLED = config('OAUTH2_JWT_ENABLED', False)
--- a/ereuse_devicehub/resources/user/models.py
+++ b/ereuse_devicehub/resources/user/models.py
@ -1,4 +1,5 @@
 import json
+import requests
 from uuid import uuid4

 from citext import CIText
@ -191,6 +192,53 @@ class User(UserMixin, Thing):
        rols = result.get('Data', {}).get('data', {})
        return [(k, k) for k, v in rols.items() if v]

+    def _call_abac(self, path):
+        abac_tk = app.config.get('ABAC_TOKEN')
+        abac_coockie = app.config.get('ABAC_COOKIE')
+        eth_pub_key = app.config.get('ABAC_USER')
+        abac_path = path
+        if not (abac_tk and eth_pub_key and abac_path):
+            return ''
+
+        header = {
+            'Authorization': f'Bearer {abac_tk}',
+            'Cookie': abac_coockie
+        }
+        domain = 'https://abac-oracle.stable.iota-ec.net/accounts/'
+        url = f'{domain}{eth_pub_key}/{abac_path}'
+        return requests.get(url, headers=header)
+
+    def get_abac_did(self):
+        try:
+            r = self._call_abac('did')
+            if not r or not r.status_code == 200:
+                return ''
+            return r.json().get('did', '')
+        except Exception:
+            return ''
+
+    def get_abac_attributes(self):
+        try:
+            r = self._call_abac('attributes')
+            if not r or not r.status_code == 200:
+                return {}
+            data = r.json()
+            if not data:
+                return {}
+            result = {}
+            for j in data:
+                k = j.get('attributeURI', '').split('/')[-1].split("#")[-1]
+                v = j.get('attributeValue', '')
+                if not (k and v):
+                    continue
+                result[k] = v
+
+            return result
+
+        except Exception:
+            return {}
+
+

 class UserInventory(db.Model):
    """Relationship between users and their inventories."""
--- a/ereuse_devicehub/templates/ereuse_devicehub/user_profile.html
+++ b/ereuse_devicehub/templates/ereuse_devicehub/user_profile.html
@ -44,6 +44,9 @@
              <a href="{{ url_for('oidc.create_client') }}" class="nav-link">OpenID Connect</a>
            </li>
            {% endif %}
+            <li class="nav-item">
+              <button class="nav-link" data-bs-toggle="tab" data-bs-target="#id_abac_attrs">Identity Attributes</button>
+            </li>
          </ul>
          <div class="tab-content pt-2">

@ -103,6 +106,23 @@
              </form><!-- End Sanitization Certificate datas Form -->
            </div>

+            <div class="tab-pane fade pt-3" id="id_abac_attrs">
+              <div class="row mb-3">
+                <label class="col-md-4 col-lg-3 col-form-label">Did</label>
+                <div class="col-md-8 col-lg-9">
+                  {{ current_user.get_abac_did() }}
+                </div>
+              </div>
+              {% for k, v in current_user.get_abac_attributes().items() %}
+              <div class="row mb-3">
+                <label class="col-md-4 col-lg-3 col-form-label">{{ k }}</label>
+                <div class="col-md-8 col-lg-9">
+                  {{ v }}
+                </div>
+              </div>
+              {% endfor %}
+            </div>
+
          </div><!-- End Bordered Tabs -->

        </div>