bugfix domain issues

fixes #141 force add var DOMAIN get, post from users are verified against var DOMAIN
2024-02-29 20:07:34 +01:00 · 2024-02-29 20:07:34 +01:00 · b9c5f3fc73
parent 6d76ece816
commit b9c5f3fc73
4 changed files with 14 additions and 4 deletions
--- a/idhub/mixins.py
+++ b/idhub/mixins.py
@ -4,6 +4,7 @@ from django.core.exceptions import PermissionDenied
 from django.urls import reverse_lazy, resolve
 from django.shortcuts import redirect
 from django.core.cache import cache
+from django.conf import settings


 class Http403(PermissionDenied):
@ -32,6 +33,10 @@ class UserView(LoginRequiredMixin):
    ]

    def get(self, request, *args, **kwargs):
+        err_txt = "User domain is {} which does not match server domain {}".format(
+            request.get_host(), settings.DOMAIN
+        )
+        assert request.get_host() == settings.DOMAIN, err_txt
        self.admin_validated = cache.get("KEY_DIDS")
        response = super().get(request, *args, **kwargs)

@ -50,6 +55,10 @@ class UserView(LoginRequiredMixin):
        return url or response
        
    def post(self, request, *args, **kwargs):
+        err_txt = "User domain is {} which does not match server domain {}".format(
+            request.get_host(), settings.DOMAIN
+        )
+        assert request.get_host() == settings.DOMAIN, err_txt
        self.admin_validated = cache.get("KEY_DIDS")
        response = super().post(request, *args, **kwargs)
        url = self.check_gdpr()
--- a/idhub/models.py
+++ b/idhub/models.py
@ -475,7 +475,7 @@ class DID(models.Model):
        if self.type == self.Types.KEY:
            self.did = keydid_from_controller_key(new_key_material)
        elif self.type == self.Types.WEB:
-            didurl, document = webdid_from_controller_key(new_key_material)
+            didurl, document = webdid_from_controller_key(new_key_material, settings.DOMAIN)
            self.did = didurl
            self.didweb_document = document

--- a/trustchain_idhub/settings.py
+++ b/trustchain_idhub/settings.py
@ -35,7 +35,8 @@ DEBUG = config('DEBUG', default=False, cast=bool)
 ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='', cast=Csv())
 CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='', cast=Csv())

-DOMAIN = config("DOMAIN", "http://localhost")
+DOMAIN = config("DOMAIN")
+assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY"

 DEFAULT_FROM_EMAIL = config(
    'DEFAULT_FROM_EMAIL', default='webmaster@localhost')
--- a/utils/idhub_ssikit/init.py
+++ b/utils/idhub_ssikit/init.py
@ -30,7 +30,7 @@ def resolve_did(keydid):
    return asyncio.run(inner())


-def webdid_from_controller_key(key):
+def webdid_from_controller_key(key, domain):
    """
    Se siguen los pasos para generar un webdid a partir de un keydid.
    Documentado en la docu de spruceid.
@ -38,7 +38,7 @@ def webdid_from_controller_key(key):
    keydid = keydid_from_controller_key(key)  # "did:key:<...>"
    pubkeyid = keydid.rsplit(":")[-1]  # <...>
    document = json.loads(resolve_did(keydid))  # Documento DID en terminos "key"
-    domain = urllib.parse.urlencode({"domain": settings.DOMAIN})[7:]
+    # domain = urllib.parse.urlencode({"domain": settings.DOMAIN})[7:]
    webdid_url = f"did:web:{domain}:did-registry:{pubkeyid}"  # nueva URL: "did:web:idhub.pangea.org:<...>"
    webdid_url_owner = webdid_url + "#owner"
    # Reemplazamos los campos del documento DID necesarios: