bugfix domain issues

fixes #141
force add var DOMAIN
get, post from users are verified against var DOMAIN
This commit is contained in:
Cayo Puigdefabregas 2024-02-29 20:07:34 +01:00
parent 6d76ece816
commit b9c5f3fc73
4 changed files with 14 additions and 4 deletions

View File

@ -4,6 +4,7 @@ from django.core.exceptions import PermissionDenied
from django.urls import reverse_lazy, resolve from django.urls import reverse_lazy, resolve
from django.shortcuts import redirect from django.shortcuts import redirect
from django.core.cache import cache from django.core.cache import cache
from django.conf import settings
class Http403(PermissionDenied): class Http403(PermissionDenied):
@ -32,6 +33,10 @@ class UserView(LoginRequiredMixin):
] ]
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
err_txt = "User domain is {} which does not match server domain {}".format(
request.get_host(), settings.DOMAIN
)
assert request.get_host() == settings.DOMAIN, err_txt
self.admin_validated = cache.get("KEY_DIDS") self.admin_validated = cache.get("KEY_DIDS")
response = super().get(request, *args, **kwargs) response = super().get(request, *args, **kwargs)
@ -50,6 +55,10 @@ class UserView(LoginRequiredMixin):
return url or response return url or response
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
err_txt = "User domain is {} which does not match server domain {}".format(
request.get_host(), settings.DOMAIN
)
assert request.get_host() == settings.DOMAIN, err_txt
self.admin_validated = cache.get("KEY_DIDS") self.admin_validated = cache.get("KEY_DIDS")
response = super().post(request, *args, **kwargs) response = super().post(request, *args, **kwargs)
url = self.check_gdpr() url = self.check_gdpr()

View File

@ -475,7 +475,7 @@ class DID(models.Model):
if self.type == self.Types.KEY: if self.type == self.Types.KEY:
self.did = keydid_from_controller_key(new_key_material) self.did = keydid_from_controller_key(new_key_material)
elif self.type == self.Types.WEB: elif self.type == self.Types.WEB:
didurl, document = webdid_from_controller_key(new_key_material) didurl, document = webdid_from_controller_key(new_key_material, settings.DOMAIN)
self.did = didurl self.did = didurl
self.didweb_document = document self.didweb_document = document

View File

@ -35,7 +35,8 @@ DEBUG = config('DEBUG', default=False, cast=bool)
ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='', cast=Csv()) ALLOWED_HOSTS = config('ALLOWED_HOSTS', default='', cast=Csv())
CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='', cast=Csv()) CSRF_TRUSTED_ORIGINS = config('CSRF_TRUSTED_ORIGINS', default='', cast=Csv())
DOMAIN = config("DOMAIN", "http://localhost") DOMAIN = config("DOMAIN")
assert DOMAIN not in [None, ''], "DOMAIN var is MANDATORY"
DEFAULT_FROM_EMAIL = config( DEFAULT_FROM_EMAIL = config(
'DEFAULT_FROM_EMAIL', default='webmaster@localhost') 'DEFAULT_FROM_EMAIL', default='webmaster@localhost')

View File

@ -30,7 +30,7 @@ def resolve_did(keydid):
return asyncio.run(inner()) return asyncio.run(inner())
def webdid_from_controller_key(key): def webdid_from_controller_key(key, domain):
""" """
Se siguen los pasos para generar un webdid a partir de un keydid. Se siguen los pasos para generar un webdid a partir de un keydid.
Documentado en la docu de spruceid. Documentado en la docu de spruceid.
@ -38,7 +38,7 @@ def webdid_from_controller_key(key):
keydid = keydid_from_controller_key(key) # "did:key:<...>" keydid = keydid_from_controller_key(key) # "did:key:<...>"
pubkeyid = keydid.rsplit(":")[-1] # <...> pubkeyid = keydid.rsplit(":")[-1] # <...>
document = json.loads(resolve_did(keydid)) # Documento DID en terminos "key" document = json.loads(resolve_did(keydid)) # Documento DID en terminos "key"
domain = urllib.parse.urlencode({"domain": settings.DOMAIN})[7:] # domain = urllib.parse.urlencode({"domain": settings.DOMAIN})[7:]
webdid_url = f"did:web:{domain}:did-registry:{pubkeyid}" # nueva URL: "did:web:idhub.pangea.org:<...>" webdid_url = f"did:web:{domain}:did-registry:{pubkeyid}" # nueva URL: "did:web:idhub.pangea.org:<...>"
webdid_url_owner = webdid_url + "#owner" webdid_url_owner = webdid_url + "#owner"
# Reemplazamos los campos del documento DID necesarios: # Reemplazamos los campos del documento DID necesarios: