From 6dbd5d18a57ef4f43f1ca1123a3fe3d7b8cb5d39 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Mon, 25 Mar 2024 13:18:30 +0100 Subject: [PATCH 1/5] save in session redirect_uri --- promotion/views.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/promotion/views.py b/promotion/views.py index 2ecac4c..822e7ea 100644 --- a/promotion/views.py +++ b/promotion/views.py @@ -106,6 +106,7 @@ class SelectWalletView(FormView): success_url = reverse_lazy('promotion:select_wallet') def get_form_kwargs(self): + self.get_response_uri() kwargs = super().get_form_kwargs() kwargs['presentation_definition'] = json.dumps(settings.SUPPORTED_CREDENTIALS) return kwargs @@ -114,3 +115,14 @@ class SelectWalletView(FormView): url = form.save() return redirect(url) + def get_response_uri(self): + path = self.request.get_full_path().split("?") + if len(path) < 2: + return + + args = path[1] + response_uri = dict( + [x.split("=") for x in args.split("&")] + ).get('response_uri') + + self.request.session["response_uri"] = response_uri From 59c99d82794291daf116b2daae4e0eb24cf583dd Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Mon, 25 Mar 2024 16:19:40 +0100 Subject: [PATCH 2/5] send to api --- oidc4vp/views.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/oidc4vp/views.py b/oidc4vp/views.py index 0f60e94..31332aa 100644 --- a/oidc4vp/views.py +++ b/oidc4vp/views.py @@ -1,6 +1,7 @@ import json import base64 import logging +import requests from django.template import loader from django.core.mail import EmailMultiAlternatives @@ -149,10 +150,16 @@ class VerifyView(View): for user in User.objects.filter(is_admin=True): self.send_email(user) + self.send_api() response["response"] = "Validation Code {}".format(code) return JsonResponse(response) + def send_api(self): + data = {"vp": self.vp_token.vp_token, "code": self.vp_token.code} + url = self.vp_token.org.response_uri + requests.post(url, data=data) + def validate(self, request): auth_header = request.headers.get('Authorization', b'') auth_data = auth_header.split() From 082cf2528314a12f2569142d9bdc1234281b65c5 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Tue, 26 Mar 2024 18:50:42 +0100 Subject: [PATCH 3/5] add api flow for webhook --- oidc4vp/views.py | 46 +++++++++++++++++++++++++++++++++++++++------- promotion/views.py | 22 ++++++++++++++++------ 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/oidc4vp/views.py b/oidc4vp/views.py index 31332aa..93cde90 100644 --- a/oidc4vp/views.py +++ b/oidc4vp/views.py @@ -7,7 +7,7 @@ from django.template import loader from django.core.mail import EmailMultiAlternatives from django.conf import settings from django.views.generic.edit import View, FormView -from django.http import HttpResponse, Http404, JsonResponse +from django.http import HttpResponse, Http404, JsonResponse, QueryDict from django.shortcuts import get_object_or_404, redirect from django.views.decorators.csrf import csrf_exempt from django.utils.decorators import method_decorator @@ -150,16 +150,10 @@ class VerifyView(View): for user in User.objects.filter(is_admin=True): self.send_email(user) - self.send_api() response["response"] = "Validation Code {}".format(code) return JsonResponse(response) - def send_api(self): - data = {"vp": self.vp_token.vp_token, "code": self.vp_token.code} - url = self.vp_token.org.response_uri - requests.post(url, data=data) - def validate(self, request): auth_header = request.headers.get('Authorization', b'') auth_data = auth_header.split() @@ -228,6 +222,7 @@ class VerifyView(View): def get_verification(self): return self.vp_token.get_user_info_all() + class AllowCodeView(View): def get(self, request, *args, **kwargs): code = self.request.GET.get("code") @@ -239,6 +234,9 @@ class AllowCodeView(View): code=code, code_used=False ) + if self.request.session.get("response_uri"): + url = self.send_api() + return redirect(url) promotion = self.authorization.promotions.first() if not promotion: @@ -246,6 +244,40 @@ class AllowCodeView(View): return redirect(promotion.get_url(code)) + def send_api(self): + vp = self.get_vp_token() + if not vp: + return + + data = { + "vp_token": vp, + "code": self.authorization.code + } + url = self.request.session.get("response_uri") + result = requests.post(url, data=data) + return result.json().get('redirect_uri') + + def get_vp_token(self): + vp = self.authorization.vp_tokens.first() + if not vp: + return + return base64.b64encode(vp.vp_token.encode()).decode() + + def get_response_uri(self): + data = { + "code": self.authorization.code, + } + query_dict = QueryDict('', mutable=True) + query_dict.update(data) + + response_uri = self.request.session.get("response_uri") + + url = '{response_uri}?{params}'.format( + response_uri=response_uri, + params=query_dict.urlencode() + ) + return url + class ReceivedCodeView(View): template_name = "received_code.html" diff --git a/promotion/views.py b/promotion/views.py index 822e7ea..e1eb8ae 100644 --- a/promotion/views.py +++ b/promotion/views.py @@ -39,6 +39,7 @@ class ContractView(FormView): success_url = reverse_lazy('promotion:thanks') def get_context_data(self, **kwargs): + import pdb; pdb.set_trace() self.context = super().get_context_data(**kwargs) code = self.request.GET.get("code") self.get_discount(code) @@ -106,9 +107,13 @@ class SelectWalletView(FormView): success_url = reverse_lazy('promotion:select_wallet') def get_form_kwargs(self): - self.get_response_uri() + presentation = self.get_response_uri() + if not presentation: + presentation = json.dumps( + settings.SUPPORTED_CREDENTIALS + ) kwargs = super().get_form_kwargs() - kwargs['presentation_definition'] = json.dumps(settings.SUPPORTED_CREDENTIALS) + kwargs['presentation_definition'] = presentation return kwargs def form_valid(self, form): @@ -120,9 +125,14 @@ class SelectWalletView(FormView): if len(path) < 2: return - args = path[1] - response_uri = dict( - [x.split("=") for x in args.split("&")] - ).get('response_uri') + args = dict( + [x.split("=") for x in path[1].split("&")] + ) + response_uri = args.get('response_uri') self.request.session["response_uri"] = response_uri + presentation = args.get('presentation_definition') + + for x in settings.SUPPORTED_CREDENTIALS: + if x in presentation: + return json.dumps([x]) From 43aad9e187741058e6c5cc1b7d2420b3971143c9 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Tue, 26 Mar 2024 18:53:17 +0100 Subject: [PATCH 4/5] remove pdbs --- promotion/views.py | 1 - 1 file changed, 1 deletion(-) diff --git a/promotion/views.py b/promotion/views.py index e1eb8ae..4b8aecb 100644 --- a/promotion/views.py +++ b/promotion/views.py @@ -39,7 +39,6 @@ class ContractView(FormView): success_url = reverse_lazy('promotion:thanks') def get_context_data(self, **kwargs): - import pdb; pdb.set_trace() self.context = super().get_context_data(**kwargs) code = self.request.GET.get("code") self.get_discount(code) From 1746d44dec0dd26944140f98feb4d84cbd8ce267 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Wed, 27 Mar 2024 17:33:39 +0100 Subject: [PATCH 5/5] fix url empty --- oidc4vp/views.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oidc4vp/views.py b/oidc4vp/views.py index 93cde90..dd06cbe 100644 --- a/oidc4vp/views.py +++ b/oidc4vp/views.py @@ -236,7 +236,8 @@ class AllowCodeView(View): ) if self.request.session.get("response_uri"): url = self.send_api() - return redirect(url) + if url: + return redirect(url) promotion = self.authorization.promotions.first() if not promotion: