merge ssi
This commit is contained in:
Cayo Puigdefabregas
parent
bc177bbd62
commit
545bf76f46
|
|
@ -75,6 +75,12 @@ class Authorization(models.Model):
|
||||||
The Verifier need to do a redirection to the user to Wallet.
|
The Verifier need to do a redirection to the user to Wallet.
|
||||||
The code we use as a soft foreing key between Authorization and OAuth2VPToken.
|
The code we use as a soft foreing key between Authorization and OAuth2VPToken.
|
||||||
"""
|
"""
|
||||||
|
nonce = models.CharField(max_length=50)
|
||||||
|
expected_credentials = models.CharField(max_length=255)
|
||||||
|
expected_contents = models.TextField()
|
||||||
|
action = models.TextField()
|
||||||
|
response_or_redirect = models.CharField(max_length=255)
|
||||||
|
|
||||||
code = models.CharField(max_length=24, default=set_code)
|
code = models.CharField(max_length=24, default=set_code)
|
||||||
created = models.DateTimeField(auto_now=True)
|
created = models.DateTimeField(auto_now=True)
|
||||||
presentation_definition = models.CharField(max_length=250)
|
presentation_definition = models.CharField(max_length=250)
|
||||||
|
|
@ -142,3 +148,25 @@ class OAuth2VPToken(models.Model):
|
||||||
def verifing(self):
|
def verifing(self):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class VPVerifyRequest(models.Model):
|
||||||
|
"""
|
||||||
|
`nonce` is an opaque random string used to lookup verification requests. URL-safe.
|
||||||
|
Example: "UPBQ3JE2DGJYHP5CPSCRIGTHRTCYXMQPNQ"
|
||||||
|
`expected_credentials` is a JSON list of credential types that must be present in this VP.
|
||||||
|
Example: ["FinancialSituationCredential", "HomeConnectivitySurveyCredential"]
|
||||||
|
`expected_contents` is a JSON object that places optional constraints on the contents of the
|
||||||
|
returned VP.
|
||||||
|
Example: [{"FinancialSituationCredential": {"financial_vulnerability_score": "7"}}]
|
||||||
|
`action` is (for now) a JSON object describing the next steps to take if this verification
|
||||||
|
is successful. For example "send mail to <destination> with <subject> and <body>"
|
||||||
|
Example: {"action": "send_mail", "params": {"to": "orders@somconnexio.coop", "subject": "New client", "body": ...}
|
||||||
|
`response` is a URL that the user's wallet will redirect the user to.
|
||||||
|
`submitted_on` is used (by a cronjob) to purge old entries that didn't complete verification
|
||||||
|
"""
|
||||||
|
nonce = models.CharField(max_length=50)
|
||||||
|
expected_credentials = models.CharField(max_length=255)
|
||||||
|
expected_contents = models.TextField()
|
||||||
|
action = models.TextField()
|
||||||
|
response_or_redirect = models.CharField(max_length=255)
|
||||||
|
submitted_on = models.DateTimeField(auto_now=True)
|
||||||
|
|
|
||||||
|
|
@ -1,17 +1,49 @@
|
||||||
from django.shortcuts import render
|
import json
|
||||||
|
|
||||||
class PeopleEditView(People, FormView):
|
from django.core.mail import send_mail
|
||||||
template_name = "idhub/admin/user_edit.html"
|
from django.http import HttpResponse, HttpResponseRedirect
|
||||||
form_class = ProfileForm
|
|
||||||
success_url = reverse_lazy('idhub:admin_people_list')
|
from utils.idhub_ssikit import verify_presentation
|
||||||
|
from .models import VPVerifyRequest
|
||||||
|
from django.shortcuts import get_object_or_404
|
||||||
|
from more_itertools import flatten, unique_everseen
|
||||||
|
|
||||||
|
|
||||||
def form_valid(self, form):
|
def verify(request):
|
||||||
user = form.save()
|
assert request.method == "POST"
|
||||||
messages.success(self.request, _('The credential was sended successfully'))
|
# TODO: incorporate request.POST["presentation_submission"] as schema definition
|
||||||
# Event.set_EV_USR_UPDATED_BY_ADMIN(user)
|
(presentation_valid, _) = verify_presentation(request.POST["vp_token"])
|
||||||
# Event.set_EV_USR_UPDATED(user)
|
if not presentation_valid:
|
||||||
|
raise Exception("Failed to verify signature on the given Verifiable Presentation.")
|
||||||
return super().form_valid(form)
|
vp = json.loads(request.POST["vp_token"])
|
||||||
|
nonce = vp["nonce"]
|
||||||
|
# "vr" = verification_request
|
||||||
|
vr = get_object_or_404(VPVerifyRequest, nonce=nonce) # TODO: return meaningful error, not 404
|
||||||
|
# Get a list of all included verifiable credential types
|
||||||
|
included_credential_types = unique_everseen(flatten([
|
||||||
|
vc["type"] for vc in vp["verifiableCredential"]
|
||||||
|
]))
|
||||||
|
# Check that it matches what we requested
|
||||||
|
for requested_vc_type in json.loads(vr.expected_credentials):
|
||||||
|
if requested_vc_type not in included_credential_types:
|
||||||
|
raise Exception("You're missing some credentials we requested!") # TODO: return meaningful error
|
||||||
|
# Perform whatever action we have to do
|
||||||
|
action = json.loads(vr.action)
|
||||||
|
if action["action"] == "send_mail":
|
||||||
|
subject = action["params"]["subject"]
|
||||||
|
to_email = action["params"]["to"]
|
||||||
|
from_email = "noreply@verifier-portal"
|
||||||
|
body = request.POST["vp-token"]
|
||||||
|
send_mail(
|
||||||
|
subject,
|
||||||
|
body,
|
||||||
|
from_email,
|
||||||
|
[to_email]
|
||||||
|
)
|
||||||
|
elif action["action"] == "something-else":
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
raise Exception("Unknown action!")
|
||||||
|
# OK! Your verifiable presentation was successfully presented.
|
||||||
|
return HttpResponseRedirect(vr.response_or_redirect)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue