22628823407

Committed 03 Mar 2026 02:59PM UTC coverage: 44.11% (+0.2%) from 43.895%

Build # 22628823407

Build Type

Pull #80

github

Committed by

web-flow

Commit Message

Merge branch 'main' into authenticon-2

Pull Request Pull Request #80: make nonce optional and improve jwt mapping

Coverage Stats

12 of 39 new or added lines in 3 files covered. (30.77%)

79 existing lines in 1 file now uncovered.

1685 of 3820 relevant lines covered (44.11%)

0.5 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

33.64

/openapi/api_frontend.go

/*
 * vcverifier
 *
 * Backend component to verify credentials
 *
 * API version: 0.0.1
 * Generated by: OpenAPI Generator (https://openapi-generator.tech)
 */

package openapi

import (
        "html/template"
        "net/http"
        "slices"

        "github.com/fiware/VCVerifier/logging"
        "github.com/fiware/VCVerifier/verifier"
        "github.com/google/uuid"

        "github.com/gin-gonic/gin"
)

const DEFAULT_REQUEST_MODE = verifier.REQUEST_MODE_BY_REFERENCE

var frontendVerifier verifier.Verifier
var requestObjectClient *verifier.RequestObjectClient

func getFrontendVerifier() verifier.Verifier {
        if frontendVerifier == nil {
                frontendVerifier = verifier.GetVerifier()
        }
        return frontendVerifier
}

func getRequestObjectClient() *verifier.RequestObjectClient {
        if requestObjectClient == nil {
                requestObjectClient = verifier.NewRequestObjectClient()
        }
        return requestObjectClient
}

// VerifierPageDisplayQRSIOP - Presents a qr as starting point for the auth process
func VerifierPageDisplayQRSIOP(c *gin.Context) {

        state, stateExists := c.GetQuery("state")
        if !stateExists {
                c.AbortWithStatusJSON(http.StatusBadRequest, ErrorMessageNoState)
                // early exit
                return
        }

        callback, callbackExists := c.GetQuery("client_callback")
        if !callbackExists {
                c.AbortWithStatusJSON(http.StatusBadRequest, ErrorMessageNoCallback)
                // early exit
                return
        }

        clientId, clientIdExists := c.GetQuery("client_id")
        if !clientIdExists {
                logging.Log().Infof("Start a login flow for a not specified client.")
        }

        nonce, nonceExists := c.GetQuery("nonce")
        if !nonceExists {
                nonce = ""
        }

        requestMode, requestModeExists := c.GetQuery("request_mode")
        if !requestModeExists {
                logging.Log().Infof("Using default request mode %s.", DEFAULT_REQUEST_MODE)
                requestMode = DEFAULT_REQUEST_MODE
        }

        qr, err := getFrontendVerifier().ReturnLoginQR(c.Request.Host, "https", callback, state, clientId, nonce, requestMode)
        if err != nil {
                c.AbortWithStatusJSON(http.StatusInternalServerError, ErrorMessage{"qr_generation_error", err.Error()})
                return
        }

        c.HTML(http.StatusOK, "verifier_present_qr", gin.H{"qrcode": qr})
}

// VerifierLoginQr - Presents a qr as starting point for the auth process
func VerifierLoginQr(c *gin.Context) {

        state, stateExists := c.GetQuery("state")
        if !stateExists {
                c.AbortWithStatusJSON(http.StatusBadRequest, ErrorMessageNoState)
                // early exit
                return
        }

        redirectUri, redirectUriExists := c.GetQuery("redirect_uri")
        requestUri, requestUriExists := c.GetQuery("request_uri")

        if !redirectUriExists && !requestUriExists {
                c.AbortWithStatusJSON(http.StatusBadRequest, ErrorMessageNoRedircetUri)
                // early exit
                return
        }

        clientId, clientIdExists := c.GetQuery("client_id")
        if !clientIdExists {
                logging.Log().Infof("Start a login flow for a not specified client.")
        }

        scope, scopeExists := c.GetQuery("scope")
        if !scopeExists {
                logging.Log().Infof("Start a login flow with default scope.")
                scope = ""
        }

        if requestUriExists {
                logging.Log().Debug("Requesting the client for its request object.")
                cro, err := getRequestObjectClient().GetClientRequestObject(requestUri)
                if err != nil {
                        logging.Log().Warnf("Was not able to get request object. Err: %v", err)
                        c.AbortWithStatusJSON(http.StatusInternalServerError, ErrorMessageUnresolvableRequestObject)
                        return
                }
                if !slices.Contains(cro.Aud, getFrontendVerifier().GetHost()) {
                        c.AbortWithStatusJSON(http.StatusInternalServerError, ErrorMessageInvalidAudience)
                        return
                }

                clientId = cro.ClientId
                scope = cro.Scope
                redirectUri = cro.RedirectUri
        }

        nonce, nonceExists := c.GetQuery("nonce")
        if !nonceExists {
                nonce = uuid.NewString()
        }

        requestMode, requestModeExists := c.GetQuery("request_mode")
        if !requestModeExists {
                logging.Log().Infof("Using default request mode %s.", DEFAULT_REQUEST_MODE)
                requestMode = DEFAULT_REQUEST_MODE
        }

        qrInfo, err := getFrontendVerifier().ReturnLoginQRV2(c.Request.Host, "https", redirectUri, state, clientId, scope, nonce, requestMode)
        if err != nil {
                c.AbortWithStatusJSON(500, ErrorMessage{"qr_generation_error", err.Error()})
                return
        }

        c.HTML(http.StatusOK, "verifier_present_qr_v2", gin.H{
                "qrcode":      template.URL(qrInfo.QR),
                "wsUrl":       getFrontendVerifier().GetHost() + "/ws?state=" + state,
                "qrExpireAt":  qrInfo.ExpireAt.UnixMilli(),
                "qrDuration":  qrInfo.TotalDuration,
                "authRequest": template.URL(qrInfo.AuthenticationRequest),
        })
}

// VerifierPageLoginExpired - Presents a page when the login session is expired
func VerifierPageLoginExpired(c *gin.Context) {
        c.JSON(http.StatusOK, gin.H{})
}

1	/*
2	* vcverifier
3	*
4	* Backend component to verify credentials
5	*
6	* API version: 0.0.1
7	* Generated by: OpenAPI Generator (https://openapi-generator.tech)
8	*/
9
10	package openapi
11
12	import (
13	"html/template"
14	"net/http"
15	"slices"
16
17	"github.com/fiware/VCVerifier/logging"
18	"github.com/fiware/VCVerifier/verifier"
19	"github.com/google/uuid"
20
21	"github.com/gin-gonic/gin"
22	)
23
24	const DEFAULT_REQUEST_MODE = verifier.REQUEST_MODE_BY_REFERENCE
25
26	var frontendVerifier verifier.Verifier
27	var requestObjectClient *verifier.RequestObjectClient
28
29	func getFrontendVerifier() verifier.Verifier {	1✔
30	if frontendVerifier == nil {	1✔
31	frontendVerifier = verifier.GetVerifier()	×
32	}	×
33	return frontendVerifier	1✔
34	}
35
36	func getRequestObjectClient() *verifier.RequestObjectClient {	×
37	if requestObjectClient == nil {	×
38	requestObjectClient = verifier.NewRequestObjectClient()	×
39	}	×
40	return requestObjectClient	×
41	}
42
43	// VerifierPageDisplayQRSIOP - Presents a qr as starting point for the auth process
44	func VerifierPageDisplayQRSIOP(c *gin.Context) {	1✔
45		1✔
46	state, stateExists := c.GetQuery("state")	1✔
47	if !stateExists {	2✔
48	c.AbortWithStatusJSON(http.StatusBadRequest, ErrorMessageNoState)	1✔
49	// early exit	1✔
50	return	1✔
51	}	1✔
52
53	callback, callbackExists := c.GetQuery("client_callback")	1✔
54	if !callbackExists {	2✔
55	c.AbortWithStatusJSON(http.StatusBadRequest, ErrorMessageNoCallback)	1✔
56	// early exit	1✔
57	return	1✔
58	}	1✔
59
60	clientId, clientIdExists := c.GetQuery("client_id")	1✔
61	if !clientIdExists {	2✔
62	logging.Log().Infof("Start a login flow for a not specified client.")	1✔
63	}	1✔
64
65	nonce, nonceExists := c.GetQuery("nonce")	1✔
66	if !nonceExists {	2✔
67	nonce = ""	1✔
68	}	1✔
69
70	requestMode, requestModeExists := c.GetQuery("request_mode")	1✔
71	if !requestModeExists {	2✔
72	logging.Log().Infof("Using default request mode %s.", DEFAULT_REQUEST_MODE)	1✔
73	requestMode = DEFAULT_REQUEST_MODE	1✔
74	}	1✔
75
76	qr, err := getFrontendVerifier().ReturnLoginQR(c.Request.Host, "https", callback, state, clientId, nonce, requestMode)	1✔
77	if err != nil {	2✔
78	c.AbortWithStatusJSON(http.StatusInternalServerError, ErrorMessage{"qr_generation_error", err.Error()})	1✔
79	return	1✔
80	}	1✔
81
82	c.HTML(http.StatusOK, "verifier_present_qr", gin.H{"qrcode": qr})	1✔
83	}
84
85	// VerifierLoginQr - Presents a qr as starting point for the auth process
86	func VerifierLoginQr(c *gin.Context) {	×
87		×
88	state, stateExists := c.GetQuery("state")	×
89	if !stateExists {	×
90	c.AbortWithStatusJSON(http.StatusBadRequest, ErrorMessageNoState)	×
91	// early exit	×
92	return	×
93	}	×
94
95	redirectUri, redirectUriExists := c.GetQuery("redirect_uri")	×
96	requestUri, requestUriExists := c.GetQuery("request_uri")	×
97		×
98	if !redirectUriExists && !requestUriExists {	×
99	c.AbortWithStatusJSON(http.StatusBadRequest, ErrorMessageNoRedircetUri)	×
100	// early exit	×
101	return	×
102	}	×
103
104	clientId, clientIdExists := c.GetQuery("client_id")	×
105	if !clientIdExists {	×
106	logging.Log().Infof("Start a login flow for a not specified client.")	×
107	}	×
108
109	scope, scopeExists := c.GetQuery("scope")	×
110	if !scopeExists {	×
111	logging.Log().Infof("Start a login flow with default scope.")	×
112	scope = ""	×
113	}	×
114
115	if requestUriExists {	×
116	logging.Log().Debug("Requesting the client for its request object.")	×
117	cro, err := getRequestObjectClient().GetClientRequestObject(requestUri)	×
118	if err != nil {	×
119	logging.Log().Warnf("Was not able to get request object. Err: %v", err)	×
120	c.AbortWithStatusJSON(http.StatusInternalServerError, ErrorMessageUnresolvableRequestObject)	×
121	return	×
122	}	×
123	if !slices.Contains(cro.Aud, getFrontendVerifier().GetHost()) {	×
124	c.AbortWithStatusJSON(http.StatusInternalServerError, ErrorMessageInvalidAudience)	×
125	return	×
126	}	×
127
128	clientId = cro.ClientId	×
129	scope = cro.Scope	×
130	redirectUri = cro.RedirectUri	×
131	}
132
133	nonce, nonceExists := c.GetQuery("nonce")	×
134	if !nonceExists {	×
NEW 135	nonce = uuid.NewString()	×
136	}	×
137
138	requestMode, requestModeExists := c.GetQuery("request_mode")	×
139	if !requestModeExists {	×
140	logging.Log().Infof("Using default request mode %s.", DEFAULT_REQUEST_MODE)	×
141	requestMode = DEFAULT_REQUEST_MODE	×
142	}	×
143
144	qrInfo, err := getFrontendVerifier().ReturnLoginQRV2(c.Request.Host, "https", redirectUri, state, clientId, scope, nonce, requestMode)	×
145	if err != nil {	×
146	c.AbortWithStatusJSON(500, ErrorMessage{"qr_generation_error", err.Error()})	×
147	return	×
148	}	×
149
150	c.HTML(http.StatusOK, "verifier_present_qr_v2", gin.H{	×
151	"qrcode": template.URL(qrInfo.QR),	×
152	"wsUrl": getFrontendVerifier().GetHost() + "/ws?state=" + state,	×
153	"qrExpireAt": qrInfo.ExpireAt.UnixMilli(),	×
154	"qrDuration": qrInfo.TotalDuration,	×
155	"authRequest": template.URL(qrInfo.AuthenticationRequest),	×
156	})	×
157	}
158
159	// VerifierPageLoginExpired - Presents a page when the login session is expired
160	func VerifierPageLoginExpired(c *gin.Context) {	×
161	c.JSON(http.StatusOK, gin.H{})	×
162	}	×

FIWARE / VCVerifier / 22628823407

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous