fix: trust mark id

italia · Feb 4, 2025 · 9e97b04 · 9e97b04
1 parent 6673a7c
commit 9e97b04
Show file tree

Hide file tree

Showing 9 changed files with 17 additions and 18 deletions.
diff --git a/spid_cie_oidc/authority/models.py b/spid_cie_oidc/authority/models.py
@@ -275,7 +275,7 @@ def trust_mark_as_jws(self):
     @property
     def trust_mark(self):
         return {
-            "id": self.profile.profile_id,
+            "trust_mark_id": self.profile.profile_id,
             "trust_mark": self.trust_mark_as_jws
         }
 

diff --git a/spid_cie_oidc/authority/schemas/trust_mark_status_endpoint.py b/spid_cie_oidc/authority/schemas/trust_mark_status_endpoint.py
@@ -7,16 +7,16 @@
 class TrustMarkRequest(BaseModel):
     trust_mark : Optional[constr(regex=r"^[a-zA-Z\_\-0-9]+\.[a-zA-Z\_\-0-9]+\.[a-zA-Z\_\-0-9]+")] # noqa: F722
     sub : Optional[HttpUrl]
-    id : Optional[HttpUrl]
+    trust_mark_id : Optional[HttpUrl]
 
-    @validator("id", pre=True, always=True)
+    @validator("trust_mark_id", pre=True, always=True)
     def validate_id(cls, id_value, values):
         if (not values.get("trust_mark") and (not values.get("sub") or not id_value)):
             raise ValueError("sub an id must be present if not trust_mark")
 
     def example():  # pragma: no cover
         return TrustMarkRequest(
-            id= "https://www.spid.gov.it/openid-federation/agreement/op-public/",
+            trust_mark_id = "https://www.spid.gov.it/openid-federation/agreement/op-public/",
             sub= "http://127.0.0.1:8000/oidc/op",
         )
 

diff --git a/spid_cie_oidc/authority/tests/settings.py b/spid_cie_oidc/authority/tests/settings.py
@@ -82,8 +82,8 @@
     "iss": "$.issuer_sub",
     "sub": "$.sub",
     "iat": 1579621160,
-    "id": "https://www.spid.gov.it/certification/rp",
-    "mark": "https://www.agid.gov.it/themes/custom/agid/logo.svg",
+    "trust_mark_id": "https://www.spid.gov.it/certification/rp",
+    "logo_uri": "https://www.agid.gov.it/themes/custom/agid/logo.svg",
     "ref": "https://docs.italia.it/italia/spid/spid-regole-tecniche-oidc/it/stabile/index.html",
 }
 
@@ -124,13 +124,13 @@
 
 TRUST_MARK_REQUEST = {
     "sub": rp_conf["sub"],
-    "id" : rp_conf["sub"],
+    "trust_mark_id" : rp_conf["sub"],
     "trust_mark" : TRUST_MARK
 }
 
 TRUST_MARK_REQUEST_NO_SUB_ID = deepcopy(TRUST_MARK_REQUEST)
 TRUST_MARK_REQUEST_NO_SUB_ID.pop("sub")
-TRUST_MARK_REQUEST_NO_SUB_ID.pop("id")
+TRUST_MARK_REQUEST_NO_SUB_ID.pop("trust_mark_id")
 
 TRUST_MARK_REQUEST_NO_TRUST_MARK = deepcopy(TRUST_MARK_REQUEST)
 TRUST_MARK_REQUEST_NO_TRUST_MARK.pop("trust_mark")
@@ -143,7 +143,7 @@
 TRUST_MARK_REQUEST_TRUST_MARK_NO_SUB_NO_TRUST_MARK.pop("trust_mark")
 
 TRUST_MARK_REQUEST_TRUST_MARK_NO_ID_NO_TRUST_MARK = deepcopy(TRUST_MARK_REQUEST)
-TRUST_MARK_REQUEST_TRUST_MARK_NO_ID_NO_TRUST_MARK.pop("id")
+TRUST_MARK_REQUEST_TRUST_MARK_NO_ID_NO_TRUST_MARK.pop("trust_mark_id")
 TRUST_MARK_REQUEST_TRUST_MARK_NO_ID_NO_TRUST_MARK.pop("trust_mark")
 
 ADVANCED_LIST_REQUEST = {

diff --git a/spid_cie_oidc/authority/tests/test_02_trust_anchor_intermediary.py b/spid_cie_oidc/authority/tests/test_02_trust_anchor_intermediary.py
@@ -294,7 +294,7 @@ def test_trust_mark_status_endpoint(self):
         res = c.post(
             url,
             data={
-                "id": self.rp_assigned_profile.profile.profile_id,
+                "trust_mark_id": self.rp_assigned_profile.profile.profile_id,
                 "sub": self.rp_assigned_profile.descendant.sub,
             },
         )
@@ -314,7 +314,7 @@ def test_trust_mark_status_endpoint(self):
         res = c.get(
             url,
             data={
-                "id": self.rp_assigned_profile.profile.profile_id,
+                "trust_mark_id": self.rp_assigned_profile.profile.profile_id,
                 "sub": self.rp_assigned_profile.descendant.sub,
             }
         )
@@ -358,7 +358,7 @@ def test_trust_mark_status_endpoint(self):
         res = c.get(
             url,
             data={
-                "id": self.rp_assigned_profile.profile.profile_id,
+                "trust_mark_id": self.rp_assigned_profile.profile.profile_id,
             },
         )
         self.assertTrue(res.status_code == 200)

diff --git a/spid_cie_oidc/authority/views.py b/spid_cie_oidc/authority/views.py
@@ -243,7 +243,7 @@ def trust_mark_status(request):
             unpad_jwt_head(trust_mark)
             payload = unpad_jwt_payload(trust_mark)
             sub = payload["sub"]
-            _id = payload["id"]
+            _id = payload["trust_mark_id"]
         except Exception:
             return JsonResponse(failed_data)
     elif sub and _id:

diff --git a/spid_cie_oidc/entity/admin.py b/spid_cie_oidc/entity/admin.py
@@ -102,7 +102,7 @@ def update_trust_marks(modeladmin, request, queryset):  # pragma: no cover
                         obj.trust_marks.append({k:v})
             else:
                 obj.trust_marks = [
-                    {"id":k, "trust_mark":v} for k,v in trust_marks.items()
+                    {"trust_mark_id":k, "trust_mark":v} for k,v in trust_marks.items()
                 ]
 
             obj.save()

diff --git a/spid_cie_oidc/entity/statements.py b/spid_cie_oidc/entity/statements.py
@@ -75,7 +75,7 @@ def __init__(self, jwt: str, httpc_params: dict = {}):
         self.header = unpad_jwt_head(jwt)
         self.payload = unpad_jwt_payload(jwt)
 
-        self.id = self.payload["id"]
+        self.id = self.payload["trust_mark_id"]
         self.sub = self.payload["sub"]
         self.iss = self.payload["iss"]
 
@@ -219,7 +219,7 @@ def validate_by_allowed_trust_marks(self) -> bool:
         is_valid = False
         for tm in self.payload["trust_marks"]:
 
-            if tm.get("id", None) not in self.filter_by_allowed_trust_marks:
+            if tm.get("trust_mark_id", None) not in self.filter_by_allowed_trust_marks:
                 continue
 
             try:

diff --git a/spid_cie_oidc/entity/trust_chain.py b/spid_cie_oidc/entity/trust_chain.py
@@ -250,7 +250,6 @@ def get_subject_configuration(self) -> None:
             if self.required_trust_marks:
                 sc = self.subject_configuration
                 sc.filter_by_allowed_trust_marks = self.required_trust_marks
-
                 # TODO: create a proxy function that gets tm issuers ec from
                 # a previously populated cache
                 # sc.trust_mark_issuers_entity_confs = [

diff --git a/spid_cie_oidc/entity/trust_chain_operations.py b/spid_cie_oidc/entity/trust_chain_operations.py
@@ -184,7 +184,7 @@ def get_or_create_trust_chain(
             parties_involved=[i.sub for i in trust_chain.trust_path],
             status="valid",
             trust_marks=[
-                {"id": i.id, "trust_mark": i.jwt}
+                {"trust_mark_id": i.id, "trust_mark": i.jwt}
                 for i in trust_chain.verified_trust_marks
             ],
             is_active=True,