IdHub/oidc4vp/views.py

173 lines
6.5 KiB
Python
Raw Normal View History

2023-11-27 09:59:30 +00:00
import json
2023-11-28 16:33:24 +00:00
import base64
2023-11-24 15:36:05 +00:00
2023-11-29 11:06:53 +00:00
from django.conf import settings
2023-11-29 12:21:49 +00:00
from django.views.generic.edit import View, FormView
2023-12-04 16:12:12 +00:00
from django.http import HttpResponse, Http404, JsonResponse
2023-11-29 12:21:49 +00:00
from django.shortcuts import get_object_or_404, redirect
2023-12-04 14:47:48 +00:00
from django.views.decorators.csrf import csrf_exempt
from django.utils.decorators import method_decorator
2023-11-29 12:21:49 +00:00
from django.utils.translation import gettext_lazy as _
from django.urls import reverse_lazy
2023-12-01 16:10:21 +00:00
from django.contrib import messages
2023-11-24 15:36:05 +00:00
2023-11-28 11:49:28 +00:00
from oidc4vp.models import Authorization, Organization
2023-11-29 12:21:49 +00:00
from idhub.mixins import UserView
2023-11-28 09:48:57 +00:00
2023-11-29 16:29:31 +00:00
from oidc4vp.forms import AuthorizeForm
2023-12-04 14:47:48 +00:00
from utils.idhub_ssikit import verify_presentation
2023-11-29 16:29:31 +00:00
2023-11-28 08:39:02 +00:00
2023-11-28 09:48:57 +00:00
# from django.core.mail import send_mail
# from django.http import HttpResponse, HttpResponseRedirect
# from oidc4vp.models import VPVerifyRequest
# from more_itertools import flatten, unique_everseen
2023-11-28 08:39:02 +00:00
2023-11-29 12:21:49 +00:00
class AuthorizeView(UserView, FormView):
title = _("My wallet")
section = "MyWallet"
template_name = "credentials_presentation.html"
subtitle = _('Credential presentation')
icon = 'bi bi-patch-check-fill'
2023-11-29 16:29:31 +00:00
form_class = AuthorizeForm
2023-11-29 12:21:49 +00:00
success_url = reverse_lazy('idhub:user_demand_authorization')
def get_form_kwargs(self):
kwargs = super().get_form_kwargs()
kwargs['user'] = self.request.user
2023-11-29 16:29:31 +00:00
vps = self.request.GET.get('presentation_definition')
# import pdb; pdb.set_trace()
kwargs['presentation_definition'] = json.loads(vps)
2023-12-04 08:51:08 +00:00
kwargs["org"] = self.get_org()
2023-11-29 12:21:49 +00:00
return kwargs
def form_valid(self, form):
authorization = form.save()
2023-12-04 14:47:48 +00:00
if not authorization or authorization.status_code != 200:
2023-11-29 12:21:49 +00:00
messages.error(self.request, _("Error sending credential!"))
2023-12-04 14:47:48 +00:00
return super().form_valid(form)
try:
2023-12-04 16:12:12 +00:00
authorization = authorization.json()
2023-12-04 14:47:48 +00:00
except:
messages.error(self.request, _("Error sending credential!"))
return super().form_valid(form)
verify = authorization.get('verify')
result, msg = verify.split(",")
if 'error' in result.lower():
messages.error(self.request, msg)
if 'ok' in result.lower():
messages.success(self.request, msg)
if authorization.get('redirect_uri'):
return redirect(authorization.get('redirect_uri'))
elif authorization.get('response'):
txt = authorization.get('response')
messages.success(self.request, txt)
2023-11-29 12:21:49 +00:00
return super().form_valid(form)
2023-11-29 11:27:20 +00:00
2023-12-04 08:51:08 +00:00
def get_org(self):
client_id = self.request.GET.get("client_id")
if not client_id:
raise Http404("Organization not found!")
org = get_object_or_404(
Organization,
client_id=client_id,
)
return org
2023-11-29 11:27:20 +00:00
2023-12-04 14:47:48 +00:00
@method_decorator(csrf_exempt, name='dispatch')
2023-11-28 09:48:57 +00:00
class VerifyView(View):
def get(self, request, *args, **kwargs):
2023-11-28 16:33:24 +00:00
org = self.validate(request)
2023-11-29 11:06:53 +00:00
presentation_definition = json.dumps(settings.SUPPORTED_CREDENTIALS)
2023-11-28 11:49:28 +00:00
authorization = Authorization(
organization=org,
2023-11-29 10:18:12 +00:00
presentation_definition=presentation_definition
2023-11-28 11:49:28 +00:00
)
2023-11-29 10:18:12 +00:00
res = json.dumps({"redirect_uri": authorization.authorize()})
2023-11-28 09:48:57 +00:00
return HttpResponse(res)
2023-11-28 08:39:02 +00:00
2023-11-28 16:33:24 +00:00
def validate(self, request):
2023-12-04 14:47:48 +00:00
# import pdb; pdb.set_trace()
2023-11-28 16:33:24 +00:00
auth_header = request.headers.get('Authorization', b'')
auth_data = auth_header.split()
2023-11-29 10:42:20 +00:00
if len(auth_data) == 2 and auth_data[0].lower() == 'basic':
2023-11-28 16:33:24 +00:00
decoded_auth = base64.b64decode(auth_data[1]).decode('utf-8')
client_id, client_secret = decoded_auth.split(':', 1)
org_url = request.GET.get('demand_uri')
org = get_object_or_404(
2023-12-04 14:47:48 +00:00
Organization,
client_id=client_id,
client_secret=client_secret
)
2023-11-28 16:33:24 +00:00
return org
2023-12-04 14:47:48 +00:00
raise Http404("Page not Found!")
2023-11-29 12:21:49 +00:00
2023-11-28 11:49:28 +00:00
def post(self, request, *args, **kwargs):
2023-11-29 10:18:12 +00:00
org = self.validate(request)
2023-12-04 14:47:48 +00:00
vp_token = self.request.POST.get("vp_token")
if not vp_token:
raise Http404("Page not Found!")
response = self.get_response_verify()
result = verify_presentation(request.POST["vp_token"])
verification = json.loads(result)
if verification.get('errors') or verification.get('warnings'):
response["verify"] = "Error, Verification Failed"
return HttpResponse(response)
response["verify"] = "Ok, Verification correct"
response["response"] = "Validation Code 255255255"
2023-12-04 16:12:12 +00:00
return JsonResponse(response)
2023-12-04 14:47:48 +00:00
def get_response_verify(self):
return {
"verify": ',',
"redirect_uri": "",
"response": "",
}
2023-11-29 16:29:31 +00:00
# import pdb; pdb.set_trace()
2023-11-28 11:49:28 +00:00
# # TODO: incorporate request.POST["presentation_submission"] as schema definition
# (presentation_valid, _) = verify_presentation(request.POST["vp_token"])
# if not presentation_valid:
# raise Exception("Failed to verify signature on the given Verifiable Presentation.")
# vp = json.loads(request.POST["vp_token"])
# nonce = vp["nonce"]
# # "vr" = verification_request
# vr = get_object_or_404(VPVerifyRequest, nonce=nonce) # TODO: return meaningful error, not 404
# # Get a list of all included verifiable credential types
# included_credential_types = unique_everseen(flatten([
# vc["type"] for vc in vp["verifiableCredential"]
# ]))
# # Check that it matches what we requested
# for requested_vc_type in json.loads(vr.expected_credentials):
# if requested_vc_type not in included_credential_types:
# raise Exception("You're missing some credentials we requested!") # TODO: return meaningful error
# # Perform whatever action we have to do
# action = json.loads(vr.action)
# if action["action"] == "send_mail":
# subject = action["params"]["subject"]
# to_email = action["params"]["to"]
# from_email = "noreply@verifier-portal"
# body = request.POST["vp-token"]
# send_mail(
# subject,
# body,
# from_email,
# [to_email]
# )
# elif action["action"] == "something-else":
# pass
# else:
# raise Exception("Unknown action!")
# # OK! Your verifiable presentation was successfully presented.
# return HttpResponseRedirect(vr.response_or_redirect)