verify

2023-12-04 15:47:48 +01:00 · 2023-12-04 15:47:48 +01:00 · e511393fee
parent b7dfb6dcfb
commit e511393fee
2 changed files with 55 additions and 12 deletions
--- a/oidc4vp/models.py
+++ b/oidc4vp/models.py
@ -71,8 +71,8 @@ class Organization(models.Model):
            url=self.response_uri.strip("/"),
        )
        auth = (self.my_client_id, self.my_client_secret)
-        # import pdb; pdb.set_trace()
-        return requests.post(url, data=vp, auth=auth)
+        data = {"vp_token": vp}
+        return requests.post(url, data=data, auth=auth)

    def demand_authorization(self):
        """
--- a/oidc4vp/views.py
+++ b/oidc4vp/views.py
@ -5,6 +5,8 @@ from django.conf import settings
 from django.views.generic.edit import View, FormView
 from django.http import HttpResponse, Http404
 from django.shortcuts import get_object_or_404, redirect
+from django.views.decorators.csrf import csrf_exempt
+from django.utils.decorators import method_decorator
 from django.utils.translation import gettext_lazy as _
 from django.urls import reverse_lazy
 from django.contrib import messages
@ -13,12 +15,12 @@ from oidc4vp.models import Authorization, Organization
 from idhub.mixins import UserView

 from oidc4vp.forms import AuthorizeForm
+from utils.idhub_ssikit import verify_presentation


 # from django.core.mail import send_mail
 # from django.http import HttpResponse, HttpResponseRedirect

-# from utils.idhub_ssikit import verify_presentation
 # from oidc4vp.models import VPVerifyRequest
 # from more_itertools import flatten, unique_everseen

@ -43,10 +45,29 @@ class AuthorizeView(UserView, FormView):
    
    def form_valid(self, form):
        authorization = form.save()
-        if authorization:
-            return redirect(authorization)
-        else:
+        import pdb; pdb.set_trace()
+        if not authorization or authorization.status_code != 200:
            messages.error(self.request, _("Error sending credential!"))
+            return super().form_valid(form)
+        try:
+            authorization = json.loads(authorization.text)
+        except:
+            messages.error(self.request, _("Error sending credential!"))
+            return super().form_valid(form)
+
+        verify = authorization.get('verify')
+        result, msg = verify.split(",")
+        if 'error' in result.lower():
+            messages.error(self.request, msg)
+        if 'ok' in result.lower():
+            messages.success(self.request, msg)
+
+        if authorization.get('redirect_uri'):
+            return redirect(authorization.get('redirect_uri'))
+        elif authorization.get('response'):
+            txt = authorization.get('response')
+            messages.success(self.request, txt)
+                
        return super().form_valid(form)

    def get_org(self):
@ -61,6 +82,7 @@ class AuthorizeView(UserView, FormView):
        return org
 

+@method_decorator(csrf_exempt, name='dispatch')
 class VerifyView(View):
    def get(self, request, *args, **kwargs):
        org = self.validate(request)
@ -73,6 +95,7 @@ class VerifyView(View):
        return HttpResponse(res)

    def validate(self, request):
+        # import pdb; pdb.set_trace()
        auth_header = request.headers.get('Authorization', b'')
        auth_data = auth_header.split()

@ -81,17 +104,37 @@ class VerifyView(View):
            client_id, client_secret = decoded_auth.split(':', 1)
            org_url = request.GET.get('demand_uri')
            org = get_object_or_404(
-                Organization,
-                response_uri=org_url,
-                client_id=client_id,
-                client_secret=client_secret
-            )
+                    Organization,
+                    client_id=client_id,
+                    client_secret=client_secret
+                )
            return org

-        raise Http404("Organization not found!")
+        raise Http404("Page not Found!")

    def post(self, request, *args, **kwargs):
        org = self.validate(request)
+        vp_token = self.request.POST.get("vp_token")
+        if not vp_token:
+            raise Http404("Page not Found!")
+
+        response = self.get_response_verify()
+        result = verify_presentation(request.POST["vp_token"])
+        verification = json.loads(result)
+        if verification.get('errors') or verification.get('warnings'):
+            response["verify"] = "Error, Verification Failed"
+            return HttpResponse(response)
+        
+        response["verify"] = "Ok, Verification correct"
+        response["response"] = "Validation Code 255255255"
+        return HttpResponse(json.dumps(response))
+
+    def get_response_verify(self):
+        return {
+            "verify": ',',
+            "redirect_uri": "",
+            "response": "",
+        }
        # import pdb; pdb.set_trace()
        # # TODO: incorporate request.POST["presentation_submission"] as schema definition
        # (presentation_valid, _) = verify_presentation(request.POST["vp_token"])