digitalfabrik · f1sh1918 · Apr 28, 2023 · Apr 18, 2023 · Apr 18, 2023 · Apr 19, 2023
@@ -5,13 +5,15 @@ import app.ehrenamtskarte.backend.exception.service.ProjectNotFoundException
 import app.ehrenamtskarte.backend.verification.database.CodeType
 import app.ehrenamtskarte.backend.verification.service.CardVerifier
 import app.ehrenamtskarte.backend.verification.webservice.schema.types.CardVerificationModel
+import app.ehrenamtskarte.backend.verification.webservice.schema.types.CardVerificationResultModel
 import com.expediagroup.graphql.generator.annotations.GraphQLDescription
 import graphql.schema.DataFetchingEnvironment
 import java.util.Base64
 
 @Suppress("unused")
 class CardQueryService {
-    @GraphQLDescription("Returns whether there is a card in the given project with that hash registered for that this TOTP is currently valid")
+    @Deprecated("Deprecated since May 2023 in favor of CardVerificationResultModel that return a current timestamp", ReplaceWith("verifyCardInProjectV2"))
+    @GraphQLDescription("Returns whether there is a card in the given project with that hash registered for that this TOTP is currently valid and a timestamp of the last check")
     fun verifyCardInProject(project: String, card: CardVerificationModel, dfe: DataFetchingEnvironment): Boolean {
         val context = dfe.getContext<GraphQLContext>()
         val projectConfig = context.backendConfiguration.projects.find { it.id == project } ?: throw ProjectNotFoundException(project)
@@ -24,4 +26,18 @@ class CardQueryService {
         }
         return false
     }
+
+    @GraphQLDescription("Returns whether there is a card in the given project with that hash registered for that this TOTP is currently valid and a timestamp of the last check")
+    fun verifyCardInProjectV2(project: String, card: CardVerificationModel, dfe: DataFetchingEnvironment): CardVerificationResultModel {
+        val context = dfe.getContext<GraphQLContext>()
+        val projectConfig = context.backendConfiguration.projects.find { it.id == project } ?: throw ProjectNotFoundException(project)
+        val cardHash = Base64.getDecoder().decode(card.cardInfoHashBase64)
+
+        if (card.codeType == CodeType.STATIC) {
+            return CardVerificationResultModel(card.totp == null && CardVerifier.verifyStaticCard(project, cardHash, projectConfig.timezone))
+        } else if (card.codeType == CodeType.DYNAMIC) {
+            return CardVerificationResultModel(card.totp != null && CardVerifier.verifyDynamicCard(project, cardHash, card.totp, projectConfig.timezone))
+        }
+        return CardVerificationResultModel(false)
+    }
 }
@@ -1,5 +1,7 @@
 package app.ehrenamtskarte.backend.verification.webservice.schema.types
 
+import java.time.Instant
+
 @Suppress("ktlint:enum-entry-name-case")
 enum class ActivationState {
     success,
@@ -9,5 +11,6 @@ enum class ActivationState {
 
 data class CardActivationResultModel(
     val activationState: ActivationState,
-    val totpSecret: String? = null
+    val totpSecret: String? = null,
+    val activationTimeStamp: String = Instant.now().toString()
 )
@@ -0,0 +1,8 @@
+package app.ehrenamtskarte.backend.verification.webservice.schema.types
+
+import java.time.Instant
+
+data class CardVerificationResultModel(
+    val valid: Boolean,
+    val verificationTimeStamp: String = Instant.now().toString()
+)
@@ -22,7 +22,7 @@ const localization: LocalizationType = {
             positiveVerificationDialogTitle: "Karte ist gültig",
         },
         moreActions: {
-            applyForAnotherCardTitle: "Weitere Ehrenamtskarte beantragen",
+            applyForAnotherCardTitle: "Ehrenamtskarte beantragen oder verlängern",
             applyForAnotherCardDescription: "Ihre hinterlegte Karte bleibt erhalten.",
             activateAnotherCardTitle: "Anderen Aktivierungscode einscannen",
             activateAnotherCardDescription: "Dadurch wird die hinterlegte Karte vom Gerät gelöscht.",

@@ -22,7 +22,7 @@ const localization: LocalizationType = {
             positiveVerificationDialogTitle: "Pass ist gültig",
         },
         moreActions: {
-            applyForAnotherCardTitle: "Weiteren Nürnberg-Pass beantragen",
+            applyForAnotherCardTitle: "Nürnberg-Pass beantragen oder verlängern",
             applyForAnotherCardDescription: "Ihr hinterlegter Pass bleibt erhalten.",
             activateAnotherCardTitle: "Anderen Aktivierungscode einscannen",
             activateAnotherCardDescription: "Dadurch wird der hinterlegte Pass vom Gerät gelöscht.",

@@ -1,6 +1,7 @@
 mutation ActivateCard($project: String!, $cardInfoHashBase64: String!, $activationSecretBase64: String!, $overwrite: Boolean!) {
     activateCard(project: $project, cardInfoHashBase64: $cardInfoHashBase64, activationSecretBase64: $activationSecretBase64, overwrite: $overwrite) {
         activationState,
-        totpSecret
+        totpSecret,
+        activationTimeStamp
     }
 }
@@ -1,3 +1,6 @@
 query CardVerificationByHash($project: String!, $card: CardVerificationModelInput!) {
-    cardValid: verifyCardInProject(project: $project, card: $card)
+    verifyCardInProjectV2(project: $project, card: $card){
+        valid,
+        verificationTimeStamp
+    }
 }
@@ -16,6 +16,7 @@ import 'package:ehrenamtskarte/identification/util/card_info_utils.dart';
 import 'package:ehrenamtskarte/intro_slides/intro_screen.dart';
 import 'package:ehrenamtskarte/proto/card.pb.dart';
 import 'package:ehrenamtskarte/routing.dart';
+import 'package:ehrenamtskarte/util/date_utils.dart';
 import 'package:flutter/material.dart';
 import 'package:graphql_flutter/graphql_flutter.dart';
 import 'package:provider/provider.dart';
@@ -83,6 +84,10 @@ class DevSettingsView extends StatelessWidget {
             title: const Text('Show Intro Slides'),
             onTap: () => _showIntroSlides(context),
           ),
+          ListTile(
+            title: const Text('Set expired last card verification'),
+            onTap: () => _setExpiredLastVerification(context),
+          ),
           ListTile(
             title: const Text('Log sample exception'),
             onTap: () => log("Sample exception.", error: Exception("Sample exception...")),
@@ -234,4 +239,20 @@ class DevSettingsView extends StatelessWidget {
       ),
     );
   }
+
+  // This is used to check the invalidation of a card because the verification with the backend couldn't be done lately (1 week plus UTC tolerance)
+  void _setExpiredLastVerification(BuildContext context) {
+    final provider = Provider.of<UserCodeModel>(context, listen: false);
+    final DynamicUserCode userCode = provider.userCode!;
+    final CardVerification cardVerification = CardVerification(
+        verificationTimeStamp:
+            secondsSinceEpoch(DateTime.now().toUtc().subtract(Duration(seconds: cardValidationExpireSeconds + 3600))),
+        cardValid: true);
+    provider.setCode(DynamicUserCode(
+        info: userCode.info,
+        ecSignature: userCode.ecSignature,
+        pepper: userCode.pepper,
+        totpSecret: userCode.totpSecret,
+        cardVerification: cardVerification));
+  }
 }
@@ -15,6 +15,7 @@ import 'package:ehrenamtskarte/identification/user_code_model.dart';
 import 'package:ehrenamtskarte/identification/util/card_info_utils.dart';
 import 'package:ehrenamtskarte/identification/verification_workflow/verification_qr_code_processor.dart';
 import 'package:ehrenamtskarte/proto/card.pb.dart';
+import 'package:ehrenamtskarte/util/date_utils.dart';
 import 'package:ehrenamtskarte/widgets/app_bars.dart';
 import 'package:flutter/widgets.dart';
 import 'package:graphql_flutter/graphql_flutter.dart';
@@ -97,12 +98,14 @@ class ActivationCodeScannerPage extends StatelessWidget {
           throw const ActivationInvalidTotpSecretException();
         }
         final totpSecret = const Base64Decoder().convert(activationResult.totpSecret!);
-        final userCode = DynamicUserCode(
-          info: activationCode.info,
-          pepper: activationCode.pepper,
-          totpSecret: totpSecret,
-        );
-        provider.setCode(userCode);
+
+        provider.setCode(DynamicUserCode(
+            info: activationCode.info,
+            pepper: activationCode.pepper,
+            totpSecret: totpSecret,
+            cardVerification: CardVerification(
+                cardValid: true,
+                verificationTimeStamp: secondsSinceEpoch(DateTime.parse(activationResult.activationTimeStamp)))));
         break;
       case ActivationState.failed:
         await QrParsingErrorDialog.showErrorDialog(

@@ -3,6 +3,7 @@ import 'package:ehrenamtskarte/graphql/graphql_api.dart';
 import 'package:ehrenamtskarte/identification/card_detail_view/more_actions_dialog.dart';
 import 'package:ehrenamtskarte/identification/card_detail_view/verification_code_view.dart';
 import 'package:ehrenamtskarte/identification/id_card/id_card.dart';
+import 'package:ehrenamtskarte/identification/util/card_info_utils.dart';
 import 'package:ehrenamtskarte/proto/card.pb.dart';
 import 'package:flutter/material.dart';
 import 'package:graphql_flutter/graphql_flutter.dart';
@@ -45,11 +46,14 @@ class CardDetailView extends StatelessWidget {
         final paddedCard = Padding(
           padding: const EdgeInsets.all(8),
           child: IdCard(
-            cardInfo: userCode.info,
-            region: region != null ? Region(region.prefix, region.name) : null,
-          ),
+              cardInfo: userCode.info,
+              region: region != null ? Region(region.prefix, region.name) : null,
+              isExpired: isCardExpired(userCode.info)),
         );
-        final richQrCode = RichQrCode(userCode: userCode, onMoreActionsPressed: () => _onMoreActionsPressed(context));
+        final richQrCode = RichQrCode(
+            userCode: userCode,
+            onMoreActionsPressed: () => _onMoreActionsPressed(context),
+            isExpired: isCardExpired(userCode.info));
 
         return orientation == Orientation.landscape
             ? SafeArea(
@@ -102,11 +106,20 @@ class RichQrCode extends StatelessWidget {
   final VoidCallback onMoreActionsPressed;
   final DynamicUserCode userCode;
   final bool compact;
+  final bool isExpired;
 
-  const RichQrCode({super.key, required this.onMoreActionsPressed, required this.userCode, this.compact = false});
+  const RichQrCode(
+      {super.key,
+      required this.onMoreActionsPressed,
+      required this.userCode,
+      this.compact = false,
+      required this.isExpired});
 
   @override
   Widget build(BuildContext context) {
+    final wasCardVerifiedLately = cardWasVerifiedLately(userCode.cardVerification);
+    final isCardInvalid = !userCode.cardVerification.cardValid;
+
     return Padding(
       padding: const EdgeInsets.symmetric(horizontal: 4),
       child: Column(
@@ -115,13 +128,15 @@ class RichQrCode extends StatelessWidget {
           Container(
             padding: const EdgeInsets.only(bottom: 4),
             constraints: const BoxConstraints(maxWidth: 300),
-            child: const Text(
-              "Mit diesem QR-Code können Sie sich"
-              " bei Akzeptanzstellen ausweisen:",
+            child: Text(
+              getCardInfoText(wasCardVerifiedLately, isCardInvalid, context),
               textAlign: TextAlign.center,
             ),
           ),
-          Flexible(child: VerificationCodeView(userCode: userCode)),
+          Flexible(
+              child: (isExpired || isCardInvalid)
+                  ? Container()
+                  : VerificationCodeView(userCode: userCode, isCardVerificationExpired: !wasCardVerifiedLately)),
           Container(
             alignment: Alignment.center,
             child: TextButton(
@@ -136,4 +151,18 @@ class RichQrCode extends StatelessWidget {
       ),
     );
   }
+
+  String getCardInfoText(bool wasCardVerifiedLately, bool isCardInvalid, BuildContext context) {
+    if (isExpired) {
+      return "Ihre Karte ist abgelaufen.\nUnter \"Weitere Aktionen\" können Sie einen Antrag auf Verlängerung stellen.";
+    }
+    if (isCardInvalid) {
+      return 'Ihre Karte ist ungültig.\nSie wurde entweder widerrufen oder auf einem anderen Gerät aktiviert.';
+    }
+    if (!wasCardVerifiedLately) {
+      return 'Ihre Karte konnte nicht auf ihre Gültigkeit geprüft werden. Bitte stellen Sie sicher, dass eine Verbindung mit dem Internet besteht und prüfen Sie erneut.';
+    }
+
+    return 'Mit diesem QR-Code können Sie sich bei Akzeptanzstellen ausweisen:';
+  }
 }
@@ -19,37 +19,39 @@ class MoreActionsDialog extends StatelessWidget {
     return AlertDialog(
       contentPadding: const EdgeInsets.only(top: 12),
       title: const Text("Weitere Aktionen"),
-      content: Column(
-        mainAxisSize: MainAxisSize.min,
-        children: [
-          ListTile(
-            title: Text(localization.applyForAnotherCardTitle),
-            subtitle: Text(localization.applyForAnotherCardDescription),
-            leading: const Icon(Icons.assignment, size: 36),
-            onTap: () {
-              Navigator.pop(context);
-              startApplication();
-            },
-          ),
-          ListTile(
-            title: Text(localization.activateAnotherCardTitle),
-            subtitle: Text(localization.activateAnotherCardDescription),
-            leading: const Icon(Icons.add_card, size: 36),
-            onTap: () {
-              Navigator.pop(context);
-              startActivation();
-            },
-          ),
-          ListTile(
-            title: Text(localization.verifyTitle),
-            subtitle: Text(localization.verifyDescription),
-            leading: const Icon(Icons.verified, size: 36),
-            onTap: () {
-              Navigator.pop(context);
-              startVerification();
-            },
-          ),
-        ],
+      content: SingleChildScrollView(
+        child: Column(
+          mainAxisSize: MainAxisSize.min,
+          children: [
+            ListTile(
+              title: Text(localization.applyForAnotherCardTitle),
+              subtitle: Text(localization.applyForAnotherCardDescription),
+              leading: const Icon(Icons.assignment, size: 36),
+              onTap: () {
+                Navigator.pop(context);
+                startApplication();
+              },
+            ),
+            ListTile(
+              title: Text(localization.activateAnotherCardTitle),
+              subtitle: Text(localization.activateAnotherCardDescription),
+              leading: const Icon(Icons.add_card, size: 36),
+              onTap: () {
+                Navigator.pop(context);
+                startActivation();
+              },
+            ),
+            ListTile(
+              title: Text(localization.verifyTitle),
+              subtitle: Text(localization.verifyDescription),
+              leading: const Icon(Icons.verified, size: 36),
+              onTap: () {
+                Navigator.pop(context);
+                startVerification();
+              },
+            ),
+          ],
+        ),
       ),
       actions: [TextButton(onPressed: () => Navigator.pop(context), child: const Text("Abbrechen"))],
     );