From 19e44cf52d6de6052c39f1bf389db3499a78778f Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Tue, 28 Nov 2023 09:39:02 +0100 Subject: [PATCH] demand authorization --- examples/organizations.csv | 2 + idhub/management/commands/initial_datas.py | 2 +- idhub/templates/idhub/base.html | 2 +- idhub/urls.py | 9 +- idhub/user/forms.py | 47 ++++++-- idhub/user/views.py | 30 ++++- oidc4vp/models.py | 29 +++-- .../credentials/verifiable_presentation.json | 0 oidc4vp/views.py | 105 ++++++++++++------ trustchain_idhub/settings.py | 1 + trustchain_idhub/urls.py | 1 + 11 files changed, 171 insertions(+), 57 deletions(-) rename {idhub => oidc4vp}/templates/credentials/verifiable_presentation.json (100%) diff --git a/examples/organizations.csv b/examples/organizations.csv index 61f0f82..e79edda 100644 --- a/examples/organizations.csv +++ b/examples/organizations.csv @@ -1,2 +1,4 @@ "ExO";"https://verify.exo.cat" "Somos Connexión";"https://verify.somosconexion.coop" +"test2";"http://localhost:9000/verify" +"test1";"http://localhost:8000/verify" diff --git a/idhub/management/commands/initial_datas.py b/idhub/management/commands/initial_datas.py index 5de2603..2ce6640 100644 --- a/idhub/management/commands/initial_datas.py +++ b/idhub/management/commands/initial_datas.py @@ -41,4 +41,4 @@ class Command(BaseCommand): def create_organizations(self, name, url): - Organization.objects.create(name=name, url=url) + Organization.objects.create(name=name, response_uri=url) diff --git a/idhub/templates/idhub/base.html b/idhub/templates/idhub/base.html index c8d985b..3514c33 100644 --- a/idhub/templates/idhub/base.html +++ b/idhub/templates/idhub/base.html @@ -115,7 +115,7 @@ diff --git a/idhub/urls.py b/idhub/urls.py index 80dd103..48b9214 100644 --- a/idhub/urls.py +++ b/idhub/urls.py @@ -20,7 +20,7 @@ from django.urls import path, reverse_lazy from .views import LoginView from .admin import views as views_admin from .user import views as views_user -from .verification_portal import views as views_verification_portal +# from .verification_portal import views as views_verification_portal app_name = 'idhub' @@ -85,6 +85,9 @@ urlpatterns = [ path('user/credentials/request/', views_user.CredentialsRequestView.as_view(), name='user_credentials_request'), + path('user/credentials_presentation/demand', + views_user.DemandAuthorizationView.as_view(), + name='user_demand_authorization'), path('user/credentials_presentation/', views_user.CredentialsPresentationView.as_view(), name='user_credentials_presentation'), @@ -173,6 +176,6 @@ urlpatterns = [ path('admin/import/new', views_admin.ImportAddView.as_view(), name='admin_import_add'), - path('verification_portal/verify/', views_verification_portal.verify, - name="verification_portal_verify") + # path('verification_portal/verify/', views_verification_portal.verify, + # name="verification_portal_verify") ] diff --git a/idhub/user/forms.py b/idhub/user/forms.py index 57e3d36..8bacf89 100644 --- a/idhub/user/forms.py +++ b/idhub/user/forms.py @@ -1,4 +1,6 @@ +import requests from django import forms +from django.conf import settings from idhub_auth.models import User from idhub.models import DID, VerificableCredential from oidc4vp.models import Organization @@ -56,9 +58,40 @@ class RequestCredentialForm(forms.Form): return +class DemandAuthorizationForm(forms.Form): + organization = forms.ChoiceField(choices=[]) + + def __init__(self, *args, **kwargs): + self.user = kwargs.pop('user', None) + super().__init__(*args, **kwargs) + self.fields['organization'].choices = [ + (x.id, x.name) for x in Organization.objects.filter() + if x.response_uri != settings.RESPONSE_URI + ] + + def save(self, commit=True): + self.org = Organization.objects.filter( + id=self.data['organization'] + ) + if not self.org.exists(): + return + + self.org = self.org[0] + + if commit: + url = self.org.demand_authorization() + auth = (self.org.client_id, self.org.client_secret) + # res = requests.get(url, auth=auth) + # import pdb; pdb.set_trace() + # if res.status == 200: + # return res.body + + return + + class CredentialPresentationForm(forms.Form): organization = forms.ChoiceField(choices=[]) - credential = forms.ChoiceField(choices=[]) + # credential = forms.ChoiceField(choices=[]) def __init__(self, *args, **kwargs): self.user = kwargs.pop('user', None) @@ -66,12 +99,12 @@ class CredentialPresentationForm(forms.Form): self.fields['organization'].choices = [ (x.id, x.name) for x in Organization.objects.filter() ] - self.fields['credential'].choices = [ - (x.id, x.type()) for x in VerificableCredential.objects.filter( - user=self.user, - status=VerificableCredential.Status.ISSUED - ) - ] + # self.fields['credential'].choices = [ + # (x.id, x.type()) for x in VerificableCredential.objects.filter( + # user=self.user, + # status=VerificableCredential.Status.ISSUED + # ) + # ] def save(self, commit=True): self.org = Organization.objects.filter( diff --git a/idhub/user/views.py b/idhub/user/views.py index 482b40e..f509016 100644 --- a/idhub/user/views.py +++ b/idhub/user/views.py @@ -12,7 +12,12 @@ from django.shortcuts import get_object_or_404, redirect from django.urls import reverse_lazy from django.http import HttpResponse from django.contrib import messages -from idhub.user.forms import ProfileForm, RequestCredentialForm, CredentialPresentationForm +from idhub.user.forms import ( + ProfileForm, + RequestCredentialForm, + CredentialPresentationForm, + DemandAuthorizationForm +) from idhub.mixins import UserView from idhub.models import DID, VerificableCredential, Event @@ -141,6 +146,28 @@ class CredentialsRequestView(MyWallet, FormView): return super().form_valid(form) +class DemandAuthorizationView(MyWallet, FormView): + template_name = "idhub/user/credentials_presentation.html" + subtitle = _('Credential presentation') + icon = 'bi bi-patch-check-fill' + form_class = DemandAuthorizationForm + success_url = reverse_lazy('idhub:user_demand_authorization') + + def get_form_kwargs(self): + kwargs = super().get_form_kwargs() + kwargs['user'] = self.request.user + return kwargs + + def form_valid(self, form): + authorization = form.save() + if authorization: + if authorization.get('redirect_uri'): + redirect(authorization.get('redirect_uri')) + else: + messages.error(self.request, _("Error sending credential!")) + return super().form_valid(form) + + class CredentialsPresentationView(MyWallet, FormView): template_name = "idhub/user/credentials_presentation.html" subtitle = _('Credential presentation') @@ -151,6 +178,7 @@ class CredentialsPresentationView(MyWallet, FormView): def get_form_kwargs(self): kwargs = super().get_form_kwargs() kwargs['user'] = self.request.user + kwargs['authorize'] = self.request.GET.params.get("uri") return kwargs def form_valid(self, form): diff --git a/oidc4vp/models.py b/oidc4vp/models.py index 5432aa3..2d0d224 100644 --- a/oidc4vp/models.py +++ b/oidc4vp/models.py @@ -54,12 +54,27 @@ class Organization(models.Model): """ Send the verificable presentation to Verifier """ - org = Organization.objects.get( + org = self.__class__.objects.get( response_uri=settings.RESPONSE_URI ) auth = (org.client_id, org.client_secret) return requests.post(self.url, data=vp, auth=auth) + def demand_authorization(self): + """ + Send the a request for start a process of Verifier + """ + org = self.__class__.objects.get( + response_uri=settings.RESPONSE_URI + ) + # import pdb; pdb.set_trace() + url = "{url}/?demand_uri={redirect_uri}".format( + url=self.response_uri.strip("/"), + redirect_uri=settings.RESPONSE_URI + ) + auth = (org.client_id, org.client_secret) + return requests.get(url, auth=auth) + def __str__(self): return self.name @@ -75,11 +90,11 @@ class Authorization(models.Model): The Verifier need to do a redirection to the user to Wallet. The code we use as a soft foreing key between Authorization and OAuth2VPToken. """ - nonce = models.CharField(max_length=50) - expected_credentials = models.CharField(max_length=255) - expected_contents = models.TextField() - action = models.TextField() - response_or_redirect = models.CharField(max_length=255) + # nonce = models.CharField(max_length=50) + # expected_credentials = models.CharField(max_length=255) + # expected_contents = models.TextField() + # action = models.TextField() + # response_or_redirect = models.CharField(max_length=255) code = models.CharField(max_length=24, default=set_code) created = models.DateTimeField(auto_now=True) @@ -98,7 +113,7 @@ class Authorization(models.Model): def authorize(self): response_uri = self.__class__.objects.filter( - response_uri=settings.RESPONSE_URI + response_uri=settings.ALLOW_CODE_URI ) data = { "response_type": "vp_token", diff --git a/idhub/templates/credentials/verifiable_presentation.json b/oidc4vp/templates/credentials/verifiable_presentation.json similarity index 100% rename from idhub/templates/credentials/verifiable_presentation.json rename to oidc4vp/templates/credentials/verifiable_presentation.json diff --git a/oidc4vp/views.py b/oidc4vp/views.py index 486f4f7..c217114 100644 --- a/oidc4vp/views.py +++ b/oidc4vp/views.py @@ -6,44 +6,75 @@ from django.http import HttpResponse, HttpResponseRedirect from utils.idhub_ssikit import verify_presentation from .models import VPVerifyRequest from django.shortcuts import get_object_or_404 -from more_itertools import flatten, unique_everseen +# from more_itertools import flatten, unique_everseen +from oidc4vp.models import Authorization + + +# class PeopleListView(People, TemplateView): +# template_name = "idhub/admin/people.html" +# subtitle = _('View users') +# icon = 'bi bi-person' + +# def get_context_data(self, **kwargs): +# context = super().get_context_data(**kwargs) +# context.update({ +# 'users': User.objects.filter(), +# }) +# return context + + +def DemandAuthorizationView(request): + assert request.method == "GET" + import pdb; pdb.set_trace() + params = request.GET.params + org = Organization.objects.filter( + url=params.get('redirect_uri') + ) + authorization = Authorization( + organization=org, + presentation_definition="MemberCredential" + ) + # authorization.save() + res = json.dumps({"uri": authorization.authorize()}) + return HttpResponse(res) def verify(request): - assert request.method == "POST" - # TODO: incorporate request.POST["presentation_submission"] as schema definition - (presentation_valid, _) = verify_presentation(request.POST["vp_token"]) - if not presentation_valid: - raise Exception("Failed to verify signature on the given Verifiable Presentation.") - vp = json.loads(request.POST["vp_token"]) - nonce = vp["nonce"] - # "vr" = verification_request - vr = get_object_or_404(VPVerifyRequest, nonce=nonce) # TODO: return meaningful error, not 404 - # Get a list of all included verifiable credential types - included_credential_types = unique_everseen(flatten([ - vc["type"] for vc in vp["verifiableCredential"] - ])) - # Check that it matches what we requested - for requested_vc_type in json.loads(vr.expected_credentials): - if requested_vc_type not in included_credential_types: - raise Exception("You're missing some credentials we requested!") # TODO: return meaningful error - # Perform whatever action we have to do - action = json.loads(vr.action) - if action["action"] == "send_mail": - subject = action["params"]["subject"] - to_email = action["params"]["to"] - from_email = "noreply@verifier-portal" - body = request.POST["vp-token"] - send_mail( - subject, - body, - from_email, - [to_email] - ) - elif action["action"] == "something-else": - pass - else: - raise Exception("Unknown action!") - # OK! Your verifiable presentation was successfully presented. - return HttpResponseRedirect(vr.response_or_redirect) + import pdb; pdb.set_trace() +# assert request.method == "POST" +# # TODO: incorporate request.POST["presentation_submission"] as schema definition +# (presentation_valid, _) = verify_presentation(request.POST["vp_token"]) +# if not presentation_valid: +# raise Exception("Failed to verify signature on the given Verifiable Presentation.") +# vp = json.loads(request.POST["vp_token"]) +# nonce = vp["nonce"] +# # "vr" = verification_request +# vr = get_object_or_404(VPVerifyRequest, nonce=nonce) # TODO: return meaningful error, not 404 +# # Get a list of all included verifiable credential types +# included_credential_types = unique_everseen(flatten([ +# vc["type"] for vc in vp["verifiableCredential"] +# ])) +# # Check that it matches what we requested +# for requested_vc_type in json.loads(vr.expected_credentials): +# if requested_vc_type not in included_credential_types: +# raise Exception("You're missing some credentials we requested!") # TODO: return meaningful error +# # Perform whatever action we have to do +# action = json.loads(vr.action) +# if action["action"] == "send_mail": +# subject = action["params"]["subject"] +# to_email = action["params"]["to"] +# from_email = "noreply@verifier-portal" +# body = request.POST["vp-token"] +# send_mail( +# subject, +# body, +# from_email, +# [to_email] +# ) +# elif action["action"] == "something-else": +# pass +# else: +# raise Exception("Unknown action!") +# # OK! Your verifiable presentation was successfully presented. +# return HttpResponseRedirect(vr.response_or_redirect) diff --git a/trustchain_idhub/settings.py b/trustchain_idhub/settings.py index 4d90de7..ca45d06 100644 --- a/trustchain_idhub/settings.py +++ b/trustchain_idhub/settings.py @@ -186,3 +186,4 @@ USE_L10N = True AUTH_USER_MODEL = 'idhub_auth.User' RESPONSE_URI = config('RESPONSE_URI', default="") +ALLOW_CODE_URI= config('ALLOW_CODE_URI', default="") diff --git a/trustchain_idhub/urls.py b/trustchain_idhub/urls.py index f2fdc05..1668872 100644 --- a/trustchain_idhub/urls.py +++ b/trustchain_idhub/urls.py @@ -24,4 +24,5 @@ from django.contrib.auth import views as auth_views urlpatterns = [ # path('django-admin/', admin.site.urls), path('', include('idhub.urls')), + path('oidc4vp/', include('oidc4vp.urls')), ]