def did_auth(mode):
""" login with DID
DEPRECATED
@app.route('ssi/login/', methods = ['GET', 'POST'])
https://github.com/WebOfTrustInfo/rwot6-santabarbara/blob/master/final-documents/did-auth.md
only based on secp256k1
we use webauth more than did auth : we pass the public key to the server to verify the signature of te challenge.
we do not have the lib to verfy te signatuer from the DID document (except for ion:did and did:web)
"""
if request.method == 'GET':
session.clear()
session['challenge'] = str(uuid.uuid1())
payload = {
"did": "did:web:talao.co",
"challenge": session['challenge']
}
private_key = privatekey.get_key(mode.owner_talao, 'private_key', mode)
key = helpers.ethereum_to_jwk256k(private_key)
key = jwt.algorithms.ECAlgorithm.from_jwk(key)
JWT = jwt.encode(payload, key=key, algorithm="ES256K")
return render_template('./login/did_auth.html', request=JWT)
if request.method == 'POST':
response_dict = json.loads(request.form['response'])
publicJwk = response_dict['publicJwk']
did = publicJwk['kid']
signed_challenge = response_dict['signed_challenge']
publicKey = jwt.algorithms.ECAlgorithm.from_jwk(publicJwk)
try:
decoded = jwt.decode(signed_challenge,
key=publicKey,
algorithms=["ES256K"])
if decoded['challenge'] == session['challenge']:
logging.info('Success, Identity logged !')
wc = ns.get_workspace_contract_from_did(did, mode)
if not wc:
logging.info('User unknown')
flash('User unknown', 'warning')
else:
session['workspace_contract'] = wc
return redirect(mode.server + 'user/')
else:
logging.info(
'Key is correct but challenge failed, Identity rejected')
return redirect(mode.server + 'did_auth/')
except:
logging.info('Wrong key, Identity rejected')
return redirect(mode.server + 'did_auth/')
def well_known_did (mode) :
""" did:web
https://w3c-ccg.github.io/did-method-web/
https://identity.foundation/.well-known/resources/did-configuration/#LinkedDomains
"""
address = mode.owner_talao
# RSA
pvk = privatekey.get_key(address, 'rsa_key', mode)
key = jwk.JWK.from_pem(pvk.encode())
rsa_public = key.export_public(as_dict=True)
del rsa_public['kid']
# secp256k
pvk = privatekey.get_key(address, 'private_key', mode)
key = helpers.ethereum_to_jwk256k(pvk)
ec_public = json.loads(key)
del ec_public['d']
del ec_public['alg']
DidDocument = did_doc(address, ec_public, rsa_public, mode)
return jsonify(DidDocument)
def user_advanced(mode):
check_login()
# account
my_account = ""
if session['username'] == 'talao':
relay_eth = mode.w3.eth.getBalance(
mode.relay_address) / 1000000000000000000
talaogen_eth = mode.w3.eth.getBalance(
mode.Talaogen_public_key) / 1000000000000000000
my_account = my_account + """<br><br>
<b>Relay ETH</b> : """ + str(relay_eth) + """<br>
<b>Talao Gen ETH</b> : """ + str(talaogen_eth) + """<br>"""
# API
credentials = ns.get_credentials(session['username'], mode)
if not credentials:
my_api = """<a class="text-info">Contact [email protected] to get your API credentials.</a>"""
else:
my_api = """ <div style="height:200px;overflow:auto;overflow-x: hidden;">"""
for cred in credentials:
my_api = my_api + """
<b>client_id</b> : """ + cred['client_id'] + """<br>
<b>client_secret</b> : """ + cred['client_secret'] + """<br>
<b>client_uri</b> : """ + cred['client_uri'] + """<br>
<b>redirect_uri</b> : """ + cred['redirect_uris'][0] + """<br>
<b>scope</b> : """ + cred['scope'] + """<br>
<b>grant_types</b> : """ + " ".join(cred['grant_types']) + """<br><hr> """
my_api = my_api + """</div>"""
# Alias
if session['username'] != ns.get_username_from_resolver(
session['workspace_contract'], mode):
my_access = ""
else:
my_access = ""
access_list = ns.get_alias_list(session['workspace_contract'], mode)
for access in access_list:
if access['username'] == session['username']:
access_html = """
<span>""" + session['username'] + """ (logged)
</span>"""
else:
access_html = """
<span>""" + access['username'] + """ : """ + access['email'] + """
<a class="text-secondary" href="/user/remove_access/?username_to_remove=""" + access[
'username'] + """">
<i data-toggle="tooltip" class="fa fa-trash-o" title="Remove"> </i>
</a>
</span>"""
my_access = my_access + access_html + """<br>"""
# DID and DID document
DID = DID_Document = "No DID available"
DID = ns.get_did(session['workspace_contract'], mode)
if not DID:
logging.warning('No DID available in local database')
if DID.split(':')[1] == 'tz':
# did:tz has no driver for Universal resolver
DID_Document = json.dumps(json.loads(didkit.resolveDID(DID, '{}')),
indent=4)
else:
resolver = 'https://resolver.identity.foundation/'
#resolver = 'https://dev.uniresolver.io/1.0/identifiers/'
r = requests.get(resolver + DID)
if r.status_code == 200:
DID_Document = json.dumps(r.json(), indent=4)
else:
logging.warning(
'DID Document resolution has been rejected by Universal Resolver.'
)
# Repository data
role = session['role'] if session.get("role") else 'None'
referent = session['referent'] if session.get('referent') else 'None'
my_advanced = """
<b>Repository smart contract</b> : """ + session[
'workspace_contract'] + """<br>
<b>Repository controller</b> : """ + session['address'] + """<br>
<b>DID</b> : """ + DID + """<br>
<b>All DID attached</b> : """ + "<br>".join(
ns.get_did_list(session['workspace_contract'], mode)) + """<br>
<hr>
<b>Role</b> : """ + role + """<br>
<b>Referent</b> : """ + referent + """<br>"""
my_advanced = my_advanced + my_account
# Partners
if session['partner'] == []:
my_partner = """<a class="text-info">No Partners available</a>"""
else:
my_partner = ""
for partner in session['partner']:
partner_username = partner['username']
if partner['authorized'] == 'Pending':
partner_html = """
<span><a href="/user/issuer_explore/?issuer_username=""" + partner_username + """">""" + partner_username + """</a> (""" + partner[
'authorized'] + """ - """ + partner['status'] + """ )
<a class="text-secondary" href="/user/reject_partner/?partner_username=""" + partner_username + """&partner_workspace_contract=""" + partner[
'workspace_contract'] + """">
<i data-toggle="tooltip" class="fa fa-thumbs-o-down" title="Reject this Partnership.">   </i>
</a>
<a class="text-secondary" href="/user/authorize_partner/?partner_username=""" + partner_username + """&partner_workspace_contract=""" + partner[
'workspace_contract'] + """">
<i data-toggle="tooltip" class="fa fa-thumbs-o-up" title="Authorize this Parnership."></i>
</a>
</spn>"""
elif partner['authorized'] == 'Removed':
partner_html = """
<span><a href="/user/issuer_explore/?issuer_username=""" + partner_username + """">""" + partner_username + """</a> (""" + partner[
'authorized'] + """ - """ + partner['status'] + """ )
</spn>"""
else:
partner_html = """
<span><a href="/user/issuer_explore/?issuer_username=""" + partner_username + """">""" + partner_username + """</a> (""" + partner[
'authorized'] + """ - """ + partner['status'] + """ )
<a class="text-secondary" href="/user/remove_partner/?partner_username=""" + partner_username + """&partner_workspace_contract=""" + partner[
'workspace_contract'] + """">
<i data-toggle="tooltip" class="fa fa-trash-o" title="Remove this Partnership.">   </i>
</spn>"""
my_partner = my_partner + partner_html + """<br>"""
# Issuer for document, they have an ERC725 key 20002
if session['issuer'] == []:
my_issuer = """ <a class="text-info">No Referents available</a>"""
else:
my_issuer = ""
for one_issuer in session['issuer']:
issuer_username = ns.get_username_from_resolver(
one_issuer['workspace_contract'], mode)
issuer_username = '******' if not issuer_username else issuer_username
issuer_html = """
<span>""" + issuer_username + """
<a class="text-secondary" href="/user/remove_issuer/?issuer_username=""" + issuer_username + """&issuer_address=""" + one_issuer[
'address'] + """">
<i data-toggle="tooltip" class="fa fa-trash-o" title="Remove">   </i>
</a>
<a class="text-secondary" href="/user/issuer_explore/?issuer_username=""" + issuer_username + """">
<i data-toggle="tooltip" class="fa fa-search-plus" title="Data Check"></i>
</a>
</span>"""
my_issuer = my_issuer + issuer_html + """<br>"""
return render_template('advanced.html',
**session['menu'],
access=my_access,
private_key_value=helpers.ethereum_to_jwk256k(
session['private_key_value']),
partner=my_partner,
issuer=my_issuer,
did_doc=DID_Document,
did=DID,
api=my_api,
advanced=my_advanced)