From ada42f291ac835bcfb7e358f823625d2e624228e Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Mon, 6 Nov 2023 16:48:03 +0100 Subject: [PATCH] add abac datas in session --- ereuse_devicehub/config.py | 1 - ereuse_devicehub/forms.py | 7 ++++--- ereuse_devicehub/resources/user/models.py | 18 +++++++++++++++--- .../ereuse_devicehub/user_profile.html | 8 +++++++- ereuse_devicehub/views.py | 9 ++++++++- 5 files changed, 34 insertions(+), 9 deletions(-) diff --git a/ereuse_devicehub/config.py b/ereuse_devicehub/config.py index 51dc229f..2f23a14a 100644 --- a/ereuse_devicehub/config.py +++ b/ereuse_devicehub/config.py @@ -101,7 +101,6 @@ class DevicehubConfig(Config): URL_MANUALS = config('URL_MANUALS', None) ABAC_TOKEN = config('ABAC_TOKEN', None) ABAC_COOKIE = config('ABAC_COOKIE', None) - ABAC_USER = config('ABAC_USER', None) """Definition of oauth jwt details.""" OAUTH2_JWT_ENABLED = config('OAUTH2_JWT_ENABLED', False) diff --git a/ereuse_devicehub/forms.py b/ereuse_devicehub/forms.py index 9edf7d54..f8b62d3f 100644 --- a/ereuse_devicehub/forms.py +++ b/ereuse_devicehub/forms.py @@ -70,10 +70,11 @@ class LoginForm(FlaskForm): self.form_errors.append(self.error_messages['inactive']) if 'dpp' in app.blueprints.keys(): - token_dlt = ( - user.get_dlt_keys(self.password.data).get('data', {}).get('api_token') - ) + dlt_keys = user.get_dlt_keys(self.password.data).get('data', {}) + token_dlt = dlt_keys.get('api_token') + eth_pub_key = dlt_keys.get('eth_pub_key') session['token_dlt'] = token_dlt + session['eth_pub_key'] = eth_pub_key session['rols'] = user.get_rols() return user.is_active diff --git a/ereuse_devicehub/resources/user/models.py b/ereuse_devicehub/resources/user/models.py index fe018306..a2ea060f 100644 --- a/ereuse_devicehub/resources/user/models.py +++ b/ereuse_devicehub/resources/user/models.py @@ -195,7 +195,7 @@ class User(UserMixin, Thing): def _call_abac(self, path): abac_tk = app.config.get('ABAC_TOKEN') abac_coockie = app.config.get('ABAC_COOKIE') - eth_pub_key = app.config.get('ABAC_USER') + eth_pub_key = session.get('eth_pub_key') abac_path = path if not (abac_tk and eth_pub_key and abac_path): return '' @@ -210,15 +210,26 @@ class User(UserMixin, Thing): def get_abac_did(self): try: + if session.get('iota_abac_did'): + return session.get('iota_abac_did') + r = self._call_abac('did') if not r or not r.status_code == 200: return '' - return r.json().get('did', '') + did = r.json().get('did', '').strip() + if not did: + return '' + + session['iota_abac_did'] = did + return did except Exception: return '' def get_abac_attributes(self): try: + if session.get('iota_abac_attributes'): + return session.get('iota_abac_attributes') + r = self._call_abac('attributes') if not r or not r.status_code == 200: return {} @@ -228,11 +239,12 @@ class User(UserMixin, Thing): result = {} for j in data: k = j.get('attributeURI', '').split('/')[-1].split("#")[-1] - v = j.get('attributeValue', '') + v = j.get('attributeValue', '').strip() if not (k and v): continue result[k] = v + session['iota_abac_attributes'] = result return result except Exception: diff --git a/ereuse_devicehub/templates/ereuse_devicehub/user_profile.html b/ereuse_devicehub/templates/ereuse_devicehub/user_profile.html index e82cfb07..82079a6b 100644 --- a/ereuse_devicehub/templates/ereuse_devicehub/user_profile.html +++ b/ereuse_devicehub/templates/ereuse_devicehub/user_profile.html @@ -107,17 +107,23 @@
+ {% if current_user.get_abac_did() %}
- {{ current_user.get_abac_did() }} + {{ current_user.get_abac_did() }}
+ {% endif %} {% for k, v in current_user.get_abac_attributes().items() %}
+ {% if v[:4] == 'http' %} + {{ v }} + {% else %} {{ v }} + {% endif %}
{% endfor %} diff --git a/ereuse_devicehub/views.py b/ereuse_devicehub/views.py index 4148d455..e55000c9 100644 --- a/ereuse_devicehub/views.py +++ b/ereuse_devicehub/views.py @@ -64,7 +64,14 @@ class LoginView(View): class LogoutView(View): def dispatch_request(self): - session_vars = ['token_dlt', 'rols', 'oidc'] + session_vars = [ + 'token_dlt', + 'eth_pub_key', + 'rols', + 'oidc', + 'iota_abac_did', + 'iota_abac_attributes', + ] [session.pop(i, '') for i in session_vars] next_url = flask.request.args.get('next') logout_user()