From 9e97b04ad2322f95a19b92e5bc5f60bcdd3c9d2e Mon Sep 17 00:00:00 2001 From: Giuseppe De Marco Date: Tue, 4 Feb 2025 18:30:43 +0100 Subject: [PATCH] fix: trust mark id --- spid_cie_oidc/authority/models.py | 2 +- .../authority/schemas/trust_mark_status_endpoint.py | 6 +++--- spid_cie_oidc/authority/tests/settings.py | 10 +++++----- .../tests/test_02_trust_anchor_intermediary.py | 6 +++--- spid_cie_oidc/authority/views.py | 2 +- spid_cie_oidc/entity/admin.py | 2 +- spid_cie_oidc/entity/statements.py | 4 ++-- spid_cie_oidc/entity/trust_chain.py | 1 - spid_cie_oidc/entity/trust_chain_operations.py | 2 +- 9 files changed, 17 insertions(+), 18 deletions(-) diff --git a/spid_cie_oidc/authority/models.py b/spid_cie_oidc/authority/models.py index 38b3f033..69425ce4 100644 --- a/spid_cie_oidc/authority/models.py +++ b/spid_cie_oidc/authority/models.py @@ -275,7 +275,7 @@ def trust_mark_as_jws(self): @property def trust_mark(self): return { - "id": self.profile.profile_id, + "trust_mark_id": self.profile.profile_id, "trust_mark": self.trust_mark_as_jws } diff --git a/spid_cie_oidc/authority/schemas/trust_mark_status_endpoint.py b/spid_cie_oidc/authority/schemas/trust_mark_status_endpoint.py index b831b4de..cf6536d3 100644 --- a/spid_cie_oidc/authority/schemas/trust_mark_status_endpoint.py +++ b/spid_cie_oidc/authority/schemas/trust_mark_status_endpoint.py @@ -7,16 +7,16 @@ class TrustMarkRequest(BaseModel): trust_mark : Optional[constr(regex=r"^[a-zA-Z\_\-0-9]+\.[a-zA-Z\_\-0-9]+\.[a-zA-Z\_\-0-9]+")] # noqa: F722 sub : Optional[HttpUrl] - id : Optional[HttpUrl] + trust_mark_id : Optional[HttpUrl] - @validator("id", pre=True, always=True) + @validator("trust_mark_id", pre=True, always=True) def validate_id(cls, id_value, values): if (not values.get("trust_mark") and (not values.get("sub") or not id_value)): raise ValueError("sub an id must be present if not trust_mark") def example(): # pragma: no cover return TrustMarkRequest( - id= "https://www.spid.gov.it/openid-federation/agreement/op-public/", + trust_mark_id = "https://www.spid.gov.it/openid-federation/agreement/op-public/", sub= "http://127.0.0.1:8000/oidc/op", ) diff --git a/spid_cie_oidc/authority/tests/settings.py b/spid_cie_oidc/authority/tests/settings.py index 99a8f890..919c7b32 100644 --- a/spid_cie_oidc/authority/tests/settings.py +++ b/spid_cie_oidc/authority/tests/settings.py @@ -82,8 +82,8 @@ "iss": "$.issuer_sub", "sub": "$.sub", "iat": 1579621160, - "id": "https://www.spid.gov.it/certification/rp", - "mark": "https://www.agid.gov.it/themes/custom/agid/logo.svg", + "trust_mark_id": "https://www.spid.gov.it/certification/rp", + "logo_uri": "https://www.agid.gov.it/themes/custom/agid/logo.svg", "ref": "https://docs.italia.it/italia/spid/spid-regole-tecniche-oidc/it/stabile/index.html", } @@ -124,13 +124,13 @@ TRUST_MARK_REQUEST = { "sub": rp_conf["sub"], - "id" : rp_conf["sub"], + "trust_mark_id" : rp_conf["sub"], "trust_mark" : TRUST_MARK } TRUST_MARK_REQUEST_NO_SUB_ID = deepcopy(TRUST_MARK_REQUEST) TRUST_MARK_REQUEST_NO_SUB_ID.pop("sub") -TRUST_MARK_REQUEST_NO_SUB_ID.pop("id") +TRUST_MARK_REQUEST_NO_SUB_ID.pop("trust_mark_id") TRUST_MARK_REQUEST_NO_TRUST_MARK = deepcopy(TRUST_MARK_REQUEST) TRUST_MARK_REQUEST_NO_TRUST_MARK.pop("trust_mark") @@ -143,7 +143,7 @@ TRUST_MARK_REQUEST_TRUST_MARK_NO_SUB_NO_TRUST_MARK.pop("trust_mark") TRUST_MARK_REQUEST_TRUST_MARK_NO_ID_NO_TRUST_MARK = deepcopy(TRUST_MARK_REQUEST) -TRUST_MARK_REQUEST_TRUST_MARK_NO_ID_NO_TRUST_MARK.pop("id") +TRUST_MARK_REQUEST_TRUST_MARK_NO_ID_NO_TRUST_MARK.pop("trust_mark_id") TRUST_MARK_REQUEST_TRUST_MARK_NO_ID_NO_TRUST_MARK.pop("trust_mark") ADVANCED_LIST_REQUEST = { diff --git a/spid_cie_oidc/authority/tests/test_02_trust_anchor_intermediary.py b/spid_cie_oidc/authority/tests/test_02_trust_anchor_intermediary.py index 432d1c83..34fa31d2 100644 --- a/spid_cie_oidc/authority/tests/test_02_trust_anchor_intermediary.py +++ b/spid_cie_oidc/authority/tests/test_02_trust_anchor_intermediary.py @@ -294,7 +294,7 @@ def test_trust_mark_status_endpoint(self): res = c.post( url, data={ - "id": self.rp_assigned_profile.profile.profile_id, + "trust_mark_id": self.rp_assigned_profile.profile.profile_id, "sub": self.rp_assigned_profile.descendant.sub, }, ) @@ -314,7 +314,7 @@ def test_trust_mark_status_endpoint(self): res = c.get( url, data={ - "id": self.rp_assigned_profile.profile.profile_id, + "trust_mark_id": self.rp_assigned_profile.profile.profile_id, "sub": self.rp_assigned_profile.descendant.sub, } ) @@ -358,7 +358,7 @@ def test_trust_mark_status_endpoint(self): res = c.get( url, data={ - "id": self.rp_assigned_profile.profile.profile_id, + "trust_mark_id": self.rp_assigned_profile.profile.profile_id, }, ) self.assertTrue(res.status_code == 200) diff --git a/spid_cie_oidc/authority/views.py b/spid_cie_oidc/authority/views.py index 8e65c506..096109e5 100644 --- a/spid_cie_oidc/authority/views.py +++ b/spid_cie_oidc/authority/views.py @@ -243,7 +243,7 @@ def trust_mark_status(request): unpad_jwt_head(trust_mark) payload = unpad_jwt_payload(trust_mark) sub = payload["sub"] - _id = payload["id"] + _id = payload["trust_mark_id"] except Exception: return JsonResponse(failed_data) elif sub and _id: diff --git a/spid_cie_oidc/entity/admin.py b/spid_cie_oidc/entity/admin.py index 0aa6d049..df502e28 100644 --- a/spid_cie_oidc/entity/admin.py +++ b/spid_cie_oidc/entity/admin.py @@ -102,7 +102,7 @@ def update_trust_marks(modeladmin, request, queryset): # pragma: no cover obj.trust_marks.append({k:v}) else: obj.trust_marks = [ - {"id":k, "trust_mark":v} for k,v in trust_marks.items() + {"trust_mark_id":k, "trust_mark":v} for k,v in trust_marks.items() ] obj.save() diff --git a/spid_cie_oidc/entity/statements.py b/spid_cie_oidc/entity/statements.py index b07c6aa7..721c2c2a 100644 --- a/spid_cie_oidc/entity/statements.py +++ b/spid_cie_oidc/entity/statements.py @@ -75,7 +75,7 @@ def __init__(self, jwt: str, httpc_params: dict = {}): self.header = unpad_jwt_head(jwt) self.payload = unpad_jwt_payload(jwt) - self.id = self.payload["id"] + self.id = self.payload["trust_mark_id"] self.sub = self.payload["sub"] self.iss = self.payload["iss"] @@ -219,7 +219,7 @@ def validate_by_allowed_trust_marks(self) -> bool: is_valid = False for tm in self.payload["trust_marks"]: - if tm.get("id", None) not in self.filter_by_allowed_trust_marks: + if tm.get("trust_mark_id", None) not in self.filter_by_allowed_trust_marks: continue try: diff --git a/spid_cie_oidc/entity/trust_chain.py b/spid_cie_oidc/entity/trust_chain.py index aa8c0bad..42494014 100644 --- a/spid_cie_oidc/entity/trust_chain.py +++ b/spid_cie_oidc/entity/trust_chain.py @@ -250,7 +250,6 @@ def get_subject_configuration(self) -> None: if self.required_trust_marks: sc = self.subject_configuration sc.filter_by_allowed_trust_marks = self.required_trust_marks - # TODO: create a proxy function that gets tm issuers ec from # a previously populated cache # sc.trust_mark_issuers_entity_confs = [ diff --git a/spid_cie_oidc/entity/trust_chain_operations.py b/spid_cie_oidc/entity/trust_chain_operations.py index 64e829d3..617d756b 100644 --- a/spid_cie_oidc/entity/trust_chain_operations.py +++ b/spid_cie_oidc/entity/trust_chain_operations.py @@ -184,7 +184,7 @@ def get_or_create_trust_chain( parties_involved=[i.sub for i in trust_chain.trust_path], status="valid", trust_marks=[ - {"id": i.id, "trust_mark": i.jwt} + {"trust_mark_id": i.id, "trust_mark": i.jwt} for i in trust_chain.verified_trust_marks ], is_active=True,