[ssi] reconciliate holder and resource owner

malach-it · Nov 27, 2024 · dd0a2e4 · dd0a2e4
1 parent d81c924
commit dd0a2e4
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 9 deletions.
diff --git a/apps/boruta_admin/assets/src/components/Forms/BackendForm.vue b/apps/boruta_admin/assets/src/components/Forms/BackendForm.vue
@@ -315,7 +315,7 @@
             <a class="ui blue fluid button" @click="addVerifiableCredential()">Add a verifiable credential</a>
           </div>
           <h2>Verifiable presentations</h2>
-          <div v-for="presentation in backend.verifiable_presentations" class="ui presentation-field segment">
+          <div v-for="presentation in backend.verifiable_presentations" class="ui presentation-field segment" :index="presentation.presentation_identifier">
             <i class="ui large close icon" @click="deleteVerifiablePresentation(presentation)"></i>
             <h3>Verifiable presentation</h3>
             <div class="field" :class="{ 'error': backend.errors?.verifiable_presentations }">

diff --git a/apps/boruta_admin/assets/src/components/Forms/TextEditor.vue b/apps/boruta_admin/assets/src/components/Forms/TextEditor.vue
@@ -28,6 +28,7 @@ export default {
       this.$emit('codeUpdate', code)
     })
 
+    editor.updateCode(this.content)
     this.editor = editor
   },
   watch: {

diff --git a/apps/boruta_admin/assets/src/components/Header.vue b/apps/boruta_admin/assets/src/components/Header.vue
@@ -68,6 +68,12 @@ export default {
   .main.menu {
     border-radius: 0;
   }
+  .item.email {
+    max-width: 200px;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    display: inline-block;
+  }
   @media screen and (max-width: 768px) {
     .item.email {
       display: none;

diff --git a/apps/boruta_identity/lib/boruta_identity/accounts/backends/wallet.ex b/apps/boruta_identity/lib/boruta_identity/accounts/backends/wallet.ex
@@ -18,6 +18,11 @@ defmodule BorutaIdentity.Accounts.Wallet do
     {replace, impl_user_params} =
       case metadata do
         %{} = metadata ->
+          metadata = Enum.map(metadata, fn {key, value} ->
+            {key, %{"value" => value, "display" => [], "status" => "valid"}}
+          end)
+          |> Enum.into(%{})
+
           {[:username, :metadata, :group], Map.put(impl_user_params, :metadata, metadata)}
 
         _ ->

diff --git a/apps/boruta_identity/lib/boruta_identity/resource_owners.ex b/apps/boruta_identity/lib/boruta_identity/resource_owners.ex
@@ -83,7 +83,7 @@ defmodule BorutaIdentity.ResourceOwners do
   @impl Boruta.Oauth.ResourceOwners
   def authorized_scopes(%ResourceOwner{sub: sub}) when not is_nil(sub) do
     Accounts.get_user_scopes(sub) ++
-      Enum.flat_map(Accounts.get_user_roles(sub), fn %{scopes: scopes} -> scopes end)
+      Enum.flat_map(Accounts.get_user_roles(sub), fn %{scopes: scopes} -> scopes end) |> dbg
   end
 
   def authorized_scopes(_), do: []
@@ -102,14 +102,24 @@ defmodule BorutaIdentity.ResourceOwners do
     end
   end
 
+  @impl Boruta.Oauth.ResourceOwners
+  def from_holder(%{presentation_claims: presentation_claims, sub: sub, scope: scope}) do
+    get_by(sub: presentation_claims["boruta_uid"], scope: scope)
+  end
+
   @spec metadata(user :: User.t(), scope :: String.t()) :: metadata :: map()
-  def metadata(%User{metadata: %{} = metadata}, _scope) when metadata == %{}, do: %{}
+  def metadata(%User{metadata: %{} = metadata} = user, _scope) when metadata == %{}, do: %{
+    "boruta_uid" => user.id,
+    "boruta_username" => user.username
+  }
 
   def metadata(user, scope) do
     user.metadata
     |> User.metadata_filter(user.backend)
     |> metadata_scope_filter(scope, user.backend)
     |> Enum.into(%{})
+    |> Map.put("boruta_uid", user.id)
+    |> Map.put("boruta_username", user.username)
   end
 
   defp merge_claims(

diff --git a/apps/boruta_web/lib/boruta_web/controllers/oauth/token_controller.ex b/apps/boruta_web/lib/boruta_web/controllers/oauth/token_controller.ex
@@ -11,6 +11,7 @@ defmodule BorutaWeb.Oauth.TokenController do
   alias Boruta.Oauth.TokenResponse
   alias Boruta.Openid
   alias BorutaIdentity.Accounts.Sessions
+  alias BorutaIdentity.Accounts.Users
   alias BorutaIdentity.Accounts.Wallet
   alias BorutaIdentity.IdentityProviders
   alias BorutaWeb.OauthView
@@ -110,11 +111,8 @@ defmodule BorutaWeb.Oauth.TokenController do
 
   @impl Boruta.Openid.DirectPostApplication
   def direct_post_success(conn, callback_uri, token) do
-    user = Wallet.domain_user!(token.resource_owner, IdentityProviders.get_identity_provider_by_client_id(token.client.id).backend)
-    token = %{token|resource_owner: %ResourceOwner{sub: user.id}}
-    ecto_token = struct(Boruta.Ecto.Token, Map.from_struct(token))
-    Boruta.Ecto.TokenStore.invalidate(ecto_token)
-    {:ok, ecto_token} = Ecto.Changeset.change(ecto_token, %{sub: user.id}) |> BorutaAuth.Repo.update()
+    # user = Wallet.domain_user!(token.resource_owner, IdentityProviders.get_identity_provider_by_client_id(token.client.id).backend)
+    user = Users.get_user(token.resource_owner.sub)
     {:ok, _user, session_token} = Sessions.create_user_session(user)
 
     PresentationServer.authenticated(token.previous_code, "#{token.redirect_uri}#access_token=#{token.value}&id_token=#{IdToken.generate(%{token: token}, token.nonce).value}&expires_in=#{token.expires_at - :os.system_time(:second)}&state=#{token.state}" |> dbg, session_token)

diff --git a/mix.lock b/mix.lock
@@ -2,7 +2,7 @@
   "argon2_elixir": {:hex, :argon2_elixir, "2.4.1", "edb27bdd326bc738f3e4614eddc2f73507be6fedc9533c6bcc6f15bbac9c85cc", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "0e21f52a373739d00bdfd5fe6da2f04eea623cb4f66899f7526dd9db03903d9f"},
   "asn1_compiler": {:hex, :asn1_compiler, "0.1.1", "64a4e52b59d1f225878445ace2c75cd2245b13a5a81182304fd9dc5acfc8994e", [:mix], [], "hexpm", "c250d24c22f1a3f305d88864400f9ac2df55c6886e1e3a030e2946efeb94695e"},
   "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"},
-  "boruta": {:git, "https://github.com/malach-it/boruta_auth.git", "6f439518798671a1e928036bc0b917591214459c", [branch: "poc-hybrid-vp-token"]},
+  "boruta": {:git, "https://github.com/malach-it/boruta_auth.git", "a2a74a968a3575fe705be02f6540a80cc40b7a13", [branch: "poc-hybrid-vp-token"]},
   "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"},
   "bypass": {:hex, :bypass, "2.1.0", "909782781bf8e20ee86a9cabde36b259d44af8b9f38756173e8f5e2e1fabb9b1", [:mix], [{:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: false]}, {:ranch, "~> 1.3", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "d9b5df8fa5b7a6efa08384e9bbecfe4ce61c77d28a4282f79e02f1ef78d96b80"},
   "castore": {:hex, :castore, "1.0.9", "5cc77474afadf02c7c017823f460a17daa7908e991b0cc917febc90e466a375c", [:mix], [], "hexpm", "5ea956504f1ba6f2b4eb707061d8e17870de2bee95fb59d512872c2ef06925e7"},