From ada42f291ac835bcfb7e358f823625d2e624228e Mon Sep 17 00:00:00 2001
From: Cayo Puigdefabregas <cayo@usody.com>
Date: Mon, 6 Nov 2023 16:48:03 +0100
Subject: [PATCH] add abac datas in session

---
 ereuse_devicehub/config.py                     |  1 -
 ereuse_devicehub/forms.py                      |  7 ++++---
 ereuse_devicehub/resources/user/models.py      | 18 +++++++++++++++---
 .../ereuse_devicehub/user_profile.html         |  8 +++++++-
 ereuse_devicehub/views.py                      |  9 ++++++++-
 5 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/ereuse_devicehub/config.py b/ereuse_devicehub/config.py
index 51dc229f..2f23a14a 100644
--- a/ereuse_devicehub/config.py
+++ b/ereuse_devicehub/config.py
@@ -101,7 +101,6 @@ class DevicehubConfig(Config):
     URL_MANUALS = config('URL_MANUALS', None)
     ABAC_TOKEN = config('ABAC_TOKEN', None)
     ABAC_COOKIE = config('ABAC_COOKIE', None)
-    ABAC_USER = config('ABAC_USER', None)
 
     """Definition of oauth jwt details."""
     OAUTH2_JWT_ENABLED = config('OAUTH2_JWT_ENABLED', False)
diff --git a/ereuse_devicehub/forms.py b/ereuse_devicehub/forms.py
index 9edf7d54..f8b62d3f 100644
--- a/ereuse_devicehub/forms.py
+++ b/ereuse_devicehub/forms.py
@@ -70,10 +70,11 @@ class LoginForm(FlaskForm):
             self.form_errors.append(self.error_messages['inactive'])
 
         if 'dpp' in app.blueprints.keys():
-            token_dlt = (
-                user.get_dlt_keys(self.password.data).get('data', {}).get('api_token')
-            )
+            dlt_keys = user.get_dlt_keys(self.password.data).get('data', {})
+            token_dlt = dlt_keys.get('api_token')
+            eth_pub_key = dlt_keys.get('eth_pub_key')
             session['token_dlt'] = token_dlt
+            session['eth_pub_key'] = eth_pub_key
             session['rols'] = user.get_rols()
 
         return user.is_active
diff --git a/ereuse_devicehub/resources/user/models.py b/ereuse_devicehub/resources/user/models.py
index fe018306..a2ea060f 100644
--- a/ereuse_devicehub/resources/user/models.py
+++ b/ereuse_devicehub/resources/user/models.py
@@ -195,7 +195,7 @@ class User(UserMixin, Thing):
     def _call_abac(self, path):
         abac_tk = app.config.get('ABAC_TOKEN')
         abac_coockie = app.config.get('ABAC_COOKIE')
-        eth_pub_key = app.config.get('ABAC_USER')
+        eth_pub_key = session.get('eth_pub_key')
         abac_path = path
         if not (abac_tk and eth_pub_key and abac_path):
             return ''
@@ -210,15 +210,26 @@ class User(UserMixin, Thing):
 
     def get_abac_did(self):
         try:
+            if session.get('iota_abac_did'):
+                return session.get('iota_abac_did')
+
             r = self._call_abac('did')
             if not r or not r.status_code == 200:
                 return ''
-            return r.json().get('did', '')
+            did = r.json().get('did', '').strip()
+            if not did:
+                return ''
+
+            session['iota_abac_did'] = did
+            return did
         except Exception:
             return ''
 
     def get_abac_attributes(self):
         try:
+            if session.get('iota_abac_attributes'):
+                return session.get('iota_abac_attributes')
+
             r = self._call_abac('attributes')
             if not r or not r.status_code == 200:
                 return {}
@@ -228,11 +239,12 @@ class User(UserMixin, Thing):
             result = {}
             for j in data:
                 k = j.get('attributeURI', '').split('/')[-1].split("#")[-1]
-                v = j.get('attributeValue', '')
+                v = j.get('attributeValue', '').strip()
                 if not (k and v):
                     continue
                 result[k] = v
 
+            session['iota_abac_attributes'] = result
             return result
 
         except Exception:
diff --git a/ereuse_devicehub/templates/ereuse_devicehub/user_profile.html b/ereuse_devicehub/templates/ereuse_devicehub/user_profile.html
index e82cfb07..82079a6b 100644
--- a/ereuse_devicehub/templates/ereuse_devicehub/user_profile.html
+++ b/ereuse_devicehub/templates/ereuse_devicehub/user_profile.html
@@ -107,17 +107,23 @@
             </div>
 
             <div class="tab-pane fade pt-3" id="id_abac_attrs">
+              {% if current_user.get_abac_did() %}
               <div class="row mb-3">
                 <label class="col-md-4 col-lg-3 col-form-label">Did</label>
                 <div class="col-md-8 col-lg-9">
-                  {{ current_user.get_abac_did() }}
+                  <a href="https://explorer.stable.iota-ec.net/custom/identity-resolver/{{ current_user.get_abac_did() }}" target="_blank">{{ current_user.get_abac_did() }}</a>
                 </div>
               </div>
+              {% endif %}
               {% for k, v in current_user.get_abac_attributes().items() %}
               <div class="row mb-3">
                 <label class="col-md-4 col-lg-3 col-form-label">{{ k }}</label>
                 <div class="col-md-8 col-lg-9">
+                  {% if v[:4] == 'http' %}
+                  <a href="{{ v }}" target="_blank">{{ v }}</a>
+                  {% else %}
                   {{ v }}
+                  {% endif %}
                 </div>
               </div>
               {% endfor %}
diff --git a/ereuse_devicehub/views.py b/ereuse_devicehub/views.py
index 4148d455..e55000c9 100644
--- a/ereuse_devicehub/views.py
+++ b/ereuse_devicehub/views.py
@@ -64,7 +64,14 @@ class LoginView(View):
 
 class LogoutView(View):
     def dispatch_request(self):
-        session_vars = ['token_dlt', 'rols', 'oidc']
+        session_vars = [
+            'token_dlt',
+            'eth_pub_key',
+            'rols',
+            'oidc',
+            'iota_abac_did',
+            'iota_abac_attributes',
+        ]
         [session.pop(i, '') for i in session_vars]
         next_url = flask.request.args.get('next')
         logout_user()