def send_secret_code (username, code, mode) :
"""
if phone exist we send and SMS
if not we send an email
return : 'sms' or 'email' or None
"""
data = ns.get_data_from_username(username, mode)
if not data :
logging.error('cannot send secret code')
return None
if not data['phone'] :
try :
subject = 'Talao : Email authentification '
Talao_message.messageHTML(subject, data['email'], 'code_auth', {'code' : code}, mode)
logging.info('code sent by email')
return 'email'
except :
logging.error('sms failed, no phone')
return None
try :
sms.send_code(data['phone'], code, mode)
logging.info('code sent by sms')
return 'sms'
except :
subject = 'Talao : Email authentification '
try :
Talao_message.messageHTML(subject, data['email'], 'code_auth', {'code' : code}, mode)
logging.info('sms failed, code sent by email')
return 'email'
except :
logging.error('sms failed, email failed')
return None
def cci_password(mode):
if not session.get('email') :
return redirect(mode.server + 'create_company_cci/')
session['password'] = request.form['password']
session['code'] = str(random.randint(10000, 99999))
session['code_delay'] = datetime.now() + timedelta(seconds= 180)
session['try_number'] = 0
subject = 'Talao : Email authentification '
Talao_message.messageHTML(subject, session['email'], 'code_auth', {'code' : session['code']}, mode)
print("Warning : code sent =" + session['code'])
return render_template("CCI/create_company_cci_code.html", message_class='text-info', message = '')
def forgot_password(mode) :
"""
@app.route('/forgot_password/', methods = ['GET', 'POST'])
This function is called from the login view.
build JWE to store timestamp, username and email, we use Talao RSA key
"""
if request.method == 'GET' :
return render_template('./login/forgot_password_init.html')
if request.method == 'POST' :
username = request.form.get('username')
if not ns.username_exist(username, mode) :
flash("Username not found", "warning")
return render_template('./login/login_password.html')
email= ns.get_data_from_username(username, mode)['email']
private_rsa_key = privatekey.get_key(mode.owner_talao, 'rsa_key', mode)
RSA_KEY = RSA.import_key(private_rsa_key)
public_rsa_key = RSA_KEY.publickey().export_key('PEM').decode('utf-8')
expired = datetime.timestamp(datetime.now()) + 180 # 3 minutes live
# build JWE
jwe = JsonWebEncryption()
header = {'alg': 'RSA1_5', 'enc': 'A256GCM'}
json_string = json.dumps({'username' : username, 'email' : email, 'expired' : expired})
payload = bytes(json_string, 'utf-8')
token = jwe.serialize_compact(header, payload, public_rsa_key)
link = mode.server + 'forgot_password_token/?'+ urlencode({'token' : token.decode('utf-8')}, doseq=True)
subject = "Renew your password"
if Talao_message.messageHTML(subject, email, 'forgot_password', {'link': link}, mode):
flash("You are going to receive an email to renew your password.", "success")
return render_template('./login/login_password.html')
def issue_credential_workflow(mode):
"""
@route /company/issue_credential_workflow/?id=xxxx
call = (created, user_name, reviewer_name, issuer_name, status, credential, id)
update = update_verifiable_credential(id, host_name, reviewer_username, issuer_username, status, credential, mode)
"""
if request.method == 'GET':
session['credential_id'] = request.args['id']
credential = company.Credential(session['host'], mode)
session['call'] = credential.get_by_id(session['credential_id'])
# credential cannot be updated if already signed
field = "disabled" if session['call'][4] == 'signed' or session[
'role'] in ['admin', 'creator'] else ""
# credential is loaded as dict
my_credential = json.loads(session['call'][5])['credentialSubject']
if my_credential["credentialCategory"] != 'experience':
flash('view not yet available', 'warning')
return redirect(mode.server + 'company/dashboard/')
skills_str = ""
for skill in my_credential['skills']:
skills_str += skill['description'] + ','
return render_template(
'./issuer/issue_experience_credential_workflow.html',
credential_id=request.args['id'],
picturefile=session['picture'],
clipboard=mode.server + "board/?did=" + session['did'],
**my_credential,
scoreRecommendation=my_credential["reviewRecommendation"]
["reviewRating"]["ratingValue"],
questionRecommendation=my_credential["reviewRecommendation"]
["reviewBody"],
scoreSchedule=my_credential["reviewSchedule"]["reviewRating"]
["ratingValue"],
questionSchedule=my_credential["reviewSchedule"]["reviewBody"],
scoreCommunication=my_credential["reviewCommunication"]
["reviewRating"]["ratingValue"],
questionCommunication=my_credential["reviewCommunication"]
["reviewBody"],
scoreDelivery=my_credential["reviewDelivery"]["reviewRating"]
["ratingValue"],
questionDelivery=my_credential["reviewDelivery"]["reviewBody"],
skills_str=skills_str,
field=field,
)
if request.method == 'POST':
# credential is removed from database
if request.form['exit'] == 'delete':
credential = company.Credential(session['host'], mode)
credential.delete(session['credential_id'])
del session['credential_id']
del session['call']
return redirect(mode.server + 'company/dashboard/')
# nothing is done
if request.form['exit'] == 'back':
del session['credential_id']
del session['call']
return redirect(mode.server + 'company/dashboard/')
# get form data to update credential
my_credential = json.loads(session['call'][5])
get_form_data(my_credential, request.form)
# update without review and signature
if request.form.get('exit') == 'update':
credential = company.Credential(session['host'], mode)
credential.update(
session['credential_id'],
session['call'][2],
session['call'][3],
session['call'][4],
json.dumps(my_credential),
)
# credential has been signed by issuer
elif request.form.get('exit') == 'sign':
# sign credential with company key
manager_workspace_contract = ns.get_data_from_username(
session['username'], mode)['identity_workspace_contract']
my_credential['credentialSubject'][
'managerSignature'] = json.loads(
ns.get_personal(manager_workspace_contract,
mode))['signature']
my_credential["issuanceDate"] = datetime.utcnow().replace(
microsecond=0).isoformat() + "Z"
my_credential['issuer'] = ns.get_did(session['workspace_contract'],
mode)
signed_credential = vc_signature.sign(my_credential,
session['private_key_value'],
my_credential['issuer'])
if not signed_credential:
flash('Operation failed ', 'danger')
logging.error('credential signature failed')
del session['credential_id']
del session['call']
return redirect(mode.server + 'company/dashboard/')
# update local company database
credential = company.Credential(session['host'], mode)
credential.update(
session['credential_id'],
session['call'][2],
session['employee'],
"signed",
signed_credential,
)
# ulpoad credential to repository with company key signature
subject_username = session['call'][1]
subject = ns.get_data_from_username(subject_username, mode)
my_certificate = Document('certificate')
doc_id = my_certificate.add(session['address'],
session['workspace_contract'],
subject['address'],
subject['workspace_contract'],
session['private_key_value'],
json.loads(signed_credential),
mode,
privacy='public',
synchronous=False)[0]
if not doc_id:
flash('Operation failed ', 'danger')
logging.error('certificate to repository failed')
else:
flash('The credential has been added to the user repository',
'success')
"""
# send an email to user
link = mode.server + 'guest/certificate/?certificate_id=did:talao:' + mode.BLOCKCHAIN + ':' + subject['workspace_contract'][2:] + ':document:' + str(doc_id)
try :
Talao_message.messageHTML('Your professional credential has been issued.', subject['email'], 'certificate_issued', {'username': session['name'], 'link': link}, mode)
except :
logging.error('email to subject failed')
"""
# store signed credential on server
try:
filename = session['credential_id'] + '_credential.jsonld'
path = "./signed_credentials/"
with open(path + filename, 'w') as outfile:
json.dump(json.loads(signed_credential),
outfile,
indent=4,
ensure_ascii=False)
except:
logging.error('signed credential not stored')
# send email to user
try:
signature = '\r\n\r\n\r\n\r\nThe Talao team.\r\nhttps://talao.io/'
text = "\r\nHello\r\nYou will find attached your professional credential signed by your issuer." + signature
Talao_message.message_file(subject['email'], text,
"Your professional credential",
[filename], path, mode)
except:
logging.error('email credential to subject failed')
# credential has been reviewed
elif request.form['exit'] == 'validate':
# update local database
credential = company.Credential(session['host'], mode)
credential.update(
session['credential_id'],
session['employee'],
session['call'][3],
"reviewed",
json.dumps(my_credential, ensure_ascii=False),
)
# send an email to issuer to go forward
issuer_email = ns.get_data_from_username(
session['referent'] + '.' + session['host'], mode)['email']
subject_name = my_credential['credentialSubject']['name']
subject = 'You have received a professional credential from ' + subject_name + ' to issue'
try:
Talao_message.messageHTML(subject, issuer_email,
'request_certificate', {
'name': subject_name,
'link': 'https://talao.co'
}, mode)
except:
logging.error('email error')
flash('Credential has been reviewed and validated', 'success')
# all exits except delete and back
del session['credential_id']
del session['call']
return redirect(mode.server + 'company/dashboard/')
def request_experience_credential(mode):
""" Basic request for experience credential
@app.route('/user/request_experience_certificate/', methods=['POST'])
"""
check_login()
# check if campaign exist
reference = request.form['reference']
campaign = company.Campaign(session['credential_issuer_username'], mode)
if not campaign.get(reference.split(':')[0]):
flash('This reference does not exist.', 'warning')
logging.warning('campaign does ot exist')
return render_template('./issuer/request_experience_credential.html',
**session['menu'],
select=session['select'])
# load templates for verifiable credential template
unsigned_credential = json.load(
open('./verifiable_credentials/experience.jsonld', 'r'))
# update credential with form data
id = str(uuid.uuid1())
unsigned_credential["id"] = "data:" + id
unsigned_credential["credentialSubject"]["id"] = ns.get_did(
session['workspace_contract'], mode)
unsigned_credential["credentialSubject"]["name"] = session['name']
unsigned_credential["credentialSubject"]["title"] = request.form['title']
unsigned_credential["credentialSubject"]["description"] = request.form[
'description']
unsigned_credential["credentialSubject"]["startDate"] = request.form[
'start_date']
unsigned_credential["credentialSubject"]["endDate"] = request.form[
'end_date']
unsigned_credential["credentialSubject"]["skills"] = list()
for skill in request.form['skills'].split(','):
unsigned_credential["credentialSubject"]["skills"].append({
"@type":
"DefinedTerm",
"description":
skill
})
unsigned_credential["credentialSubject"]["companyLogo"] = session[
'issuer_explore']['picture']
unsigned_credential["credentialSubject"]["companyName"] = session[
'issuer_explore']['name']
unsigned_credential["credentialSubject"]["managerName"] = ""
unsigned_credential["credentialSubject"]["reviewerName"] = ""
# update local issuer database
manager_username = ns.get_data_from_username(
request.form['reviewer_username'] + '.' +
session['credential_issuer_username'], mode)['referent']
credential = company.Credential(session['credential_issuer_username'],
mode)
credential.add(session['username'], request.form['reviewer_username'],
manager_username, "drafted", id,
json.dumps(unsigned_credential), reference)
# send an email to reviewer for workflow
reviewer_email = ns.get_data_from_username(
request.form['reviewer_username'] + '.' +
session['credential_issuer_username'], mode)['email']
subject = 'You have received a professional credential from ' + session[
'name'] + ' to review'
try:
Talao_message.messageHTML(subject, reviewer_email,
'request_certificate', {
'name': session['name'],
'link': 'https://talao.co'
}, mode)
except:
logging.error('email failed')
# send email to user
flash(
'Your request for an experience credential has been registered for review.',
'success')
# clean up and return
issuer_username = session['credential_issuer_username']
del session['select']
return redirect(mode.server + 'user/issuer_explore/?issuer_username=' +
issuer_username)