From b9c5f3fc7377adcd4903523714658d4ba2f50f75 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Thu, 29 Feb 2024 20:07:34 +0100 Subject: [PATCH] bugfix domain issues fixes #141 force add var DOMAIN get, post from users are verified against var DOMAIN --- idhub/mixins.py | 9 +++++++++ idhub/models.py | 2 +- trustchain_idhub/settings.py | 3 ++- utils/idhub_ssikit/__init__.py | 4 ++-- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/idhub/mixins.py b/idhub/mixins.py index 6e793a8..b43f6e8 100644 --- a/idhub/mixins.py +++ b/idhub/mixins.py @@ -4,6 +4,7 @@ from django.core.exceptions import PermissionDenied from django.urls import reverse_lazy, resolve from django.shortcuts import redirect from django.core.cache import cache +from django.conf import settings class Http403(PermissionDenied): @@ -32,6 +33,10 @@ class UserView(LoginRequiredMixin): ] def get(self, request, *args, **kwargs): + err_txt = "User domain is {} which does not match server domain {}".format( + request.get_host(), settings.DOMAIN + ) + assert request.get_host() == settings.DOMAIN, err_txt self.admin_validated = cache.get("KEY_DIDS") response = super().get(request, *args, **kwargs) @@ -50,6 +55,10 @@ class UserView(LoginRequiredMixin): return url or response def post(self, request, *args, **kwargs): + err_txt = "User domain is {} which does not match server domain {}".format( + request.get_host(), settings.DOMAIN + ) + assert request.get_host() == settings.DOMAIN, err_txt self.admin_validated = cache.get("KEY_DIDS") response = super().post(request, *args, **kwargs) url = self.check_gdpr() diff --git a/idhub/models.py b/idhub/models.py index f1eea85..cc77874 100644 --- a/idhub/models.py +++ b/idhub/models.py @@ -475,7 +475,7 @@ class DID(models.Model): if self.type == self.Types.KEY: self.did = keydid_from_controller_key(new_key_material) elif self.type == self.Types.WEB: - didurl, document = webdid_from_controller_key(new_key_material) + didurl, document = webdid_from_controller_key(new_key_material, settings.DOMAIN) self.did = didurl self.didweb_document = document diff --git a/trustchain_idhub/settings.py b/trustchain_idhub/settings.py index 15b9986..090be76 100644 --- a/trustchain_idhub/settings.py +++ b/trustchain_idhub/settings.py @@ -35,7 +35,8 @@ DEBUG = config('DEBUG', default=False, cast=bool) ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='', cast=Csv()) CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='', cast=Csv()) -DOMAIN = config("DOMAIN", "http://localhost") +DOMAIN = config("DOMAIN") +assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY" DEFAULT_FROM_EMAIL = config( 'DEFAULT_FROM_EMAIL', default='webmaster@localhost') diff --git a/utils/idhub_ssikit/__init__.py b/utils/idhub_ssikit/__init__.py index d97848b..562ef25 100644 --- a/utils/idhub_ssikit/__init__.py +++ b/utils/idhub_ssikit/__init__.py @@ -30,7 +30,7 @@ def resolve_did(keydid): return asyncio.run(inner()) -def webdid_from_controller_key(key): +def webdid_from_controller_key(key, domain): """ Se siguen los pasos para generar un webdid a partir de un keydid. Documentado en la docu de spruceid. @@ -38,7 +38,7 @@ def webdid_from_controller_key(key): keydid = keydid_from_controller_key(key) # "did:key:<...>" pubkeyid = keydid.rsplit(":")[-1] # <...> document = json.loads(resolve_did(keydid)) # Documento DID en terminos "key" - domain = urllib.parse.urlencode({"domain": settings.DOMAIN})[7:] + # domain = urllib.parse.urlencode({"domain": settings.DOMAIN})[7:] webdid_url = f"did:web:{domain}:did-registry:{pubkeyid}" # nueva URL: "did:web:idhub.pangea.org:<...>" webdid_url_owner = webdid_url + "#owner" # Reemplazamos los campos del documento DID necesarios: