Skip to content

Commit 1a5eb05

Browse files
authored
Connection based verification (#802)
* Initial POC of connection based verification Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Applied black formatting Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Removed assertion to ensure we didn't use oob Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Added problem reports on failed connections Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Add connection verification testing Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> 1. Updated timestamps in models to use UTC for consistency across the application. 2. Added comprehensive tests for ACA-Py webhook handler, covering various scenarios including connection status changes, presentation request handling, and error reporting. 3. Introduced new dependencies in the `pyproject.toml` for HTTP handling in tests. 4. Improved mocking strategies in test cases for better isolation and reliability. These changes ensure better adherence to time standards and robustness in handling connection-based verification's and related testing. * Improve test coverage Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Use multi_use keyword rather than ephemeral and only delete multi_use auth_sessions Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Remove NEW comments and removed depreciated create_invitation Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> - Removed commented-out code for the depreciated create_invitation method - Changed comments in the acapy_handler and oidc router modules to remove "NEW" indicators for clarification. * Fix: removed "pending-" prefix and error reporting with invi_msg_id Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> - Removed the hardcoded "pending-" prefix from the session ID lookup when searching by `pres_exch_id` in `acapy_handler.py`, allowing for more flexible ID matching. - Added a check in `oidc.py` to raise an HTTP 500 error if the invitation message ID is missing, ensuring proper error handling and clearer diagnostics when creating an OOB invitation message. * Removed pointless "assert False" that was left over from testing Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Remove unnecessary dependencies and group allocations in poetry.lock and pyproject.toml Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> - Removed 'httpx' packages from pyproject.toml as they were not needed. * Restore httpx dependancy Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Change logging type Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Corrected inconsistent expiry and creation timestamps Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Handle timezone aware comparison datetimes Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> * Add USE_CONNECTION_BASED_VERIFICATION to docker compose Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> --------- Signed-off-by: Gavin Jaeger-Freeborn <gavinfreeborn@gmail.com> Signed-off-by: Gavinok <34443260+Gavinok@users.noreply.github.com>
1 parent 5093a84 commit 1a5eb05

File tree

20 files changed

+2785
-36
lines changed

20 files changed

+2785
-36
lines changed

docker/docker-compose.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ services:
3636
- ST_ACAPY_ADMIN_API_KEY=${AGENT_ADMIN_API_KEY}
3737
- ST_ACAPY_ADMIN_API_KEY_NAME=${ST_ACAPY_ADMIN_API_KEY_NAME}
3838
- USE_OOB_LOCAL_DID_SERVICE=${USE_OOB_LOCAL_DID_SERVICE}
39+
- USE_CONNECTION_BASED_VERIFICATION=${USE_CONNECTION_BASED_VERIFICATION}
3940
- WALLET_DEEP_LINK_PREFIX=${WALLET_DEEP_LINK_PREFIX}
4041
- INVITATION_LABEL=${INVITATION_LABEL}
4142
ports:

docker/manage

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -189,6 +189,7 @@ configureEnvironment() {
189189
export INVITATION_LABEL=${INVITATION_LABEL:-"VC-AuthN"}
190190
export SET_NON_REVOKED="True"
191191
export USE_OOB_LOCAL_DID_SERVICE=${USE_OOB_LOCAL_DID_SERVICE:-"true"}
192+
export USE_CONNECTION_BASED_VERIFICATION=${USE_CONNECTION_BASED_VERIFICATION:-"true"}
192193
export WALLET_DEEP_LINK_PREFIX=${WALLET_DEEP_LINK_PREFIX:-"bcwallet://aries_proof-request"}
193194

194195
# agent

oidc-controller/api/authSessions/crud.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,12 @@ async def create(self, auth_session: AuthSessionCreate) -> AuthSession:
2727
result = col.insert_one(jsonable_encoder(auth_session))
2828
return AuthSession(**col.find_one({"_id": result.inserted_id}))
2929

30+
async def get_by_connection_id(self, connection_id: str) -> AuthSession | None:
31+
"""Get auth session by connection ID for connection-based verification."""
32+
col = self._db.get_collection(COLLECTION_NAMES.AUTH_SESSION)
33+
result = col.find_one({"connection_id": connection_id})
34+
return AuthSession(**result) if result else None
35+
3036
async def get(self, id: str) -> AuthSession:
3137
if not PyObjectId.is_valid(id):
3238
raise HTTPException(

oidc-controller/api/authSessions/models.py

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
from datetime import datetime, timedelta
1+
from datetime import datetime, timedelta, UTC
22
from enum import StrEnum, auto
33

44
from api.core.models import UUIDModel
@@ -17,18 +17,21 @@ class AuthSessionState(StrEnum):
1717

1818

1919
class AuthSessionBase(BaseModel):
20-
pres_exch_id: str
20+
pres_exch_id: str | None = None # Optional for connection-based flow
2121
expired_timestamp: datetime = Field(
22-
default=datetime.now()
22+
default_factory=lambda: datetime.now(UTC)
2323
+ timedelta(seconds=settings.CONTROLLER_PRESENTATION_EXPIRE_TIME)
2424
)
2525
ver_config_id: str
2626
request_parameters: dict
2727
pyop_auth_code: str
2828
response_url: str
2929
presentation_request_msg: dict | None = None
30+
connection_id: str | None = None # Track connection ID
31+
proof_request: dict | None = None # Store proof request for later use
32+
multi_use: bool = False # Track if connection is multi-use (default: single-use)
3033
model_config = ConfigDict(populate_by_name=True)
31-
created_at: datetime = Field(default_factory=datetime.utcnow)
34+
created_at: datetime = Field(default_factory=lambda: datetime.now(UTC))
3235

3336

3437
class AuthSession(AuthSessionBase, UUIDModel):
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
"""AuthSession tests package."""

0 commit comments

Comments
 (0)