Browse Source

fix(DIDView): validate DID format before processing URL parameters

- Add DID validation using isDid() function to prevent invalid DIDs from loading current user's info
- Show error message and redirect to HomeView for invalid DID formats (e.g., /did/0)
- Import NOTIFY_CONTACT_INVALID_DID constant for consistent error messaging

Resolves: DIDView loading current user's info for invalid DID parameters
didview-invalid-did-handling
Jose Olarte III 2 days ago
parent
commit
74c70c7fa0
  1. 19
      src/views/DIDView.vue
  2. 14
      test-playwright/00-noid-tests.spec.ts

19
src/views/DIDView.vue

@ -273,6 +273,7 @@ import {
didInfoForContact, didInfoForContact,
displayAmount, displayAmount,
getHeaders, getHeaders,
isDid,
register, register,
setVisibilityUtil, setVisibilityUtil,
} from "../libs/endorserServer"; } from "../libs/endorserServer";
@ -289,6 +290,7 @@ import {
NOTIFY_REGISTRATION_ERROR, NOTIFY_REGISTRATION_ERROR,
NOTIFY_SERVER_ACCESS_ERROR, NOTIFY_SERVER_ACCESS_ERROR,
NOTIFY_NO_IDENTITY_ERROR, NOTIFY_NO_IDENTITY_ERROR,
NOTIFY_CONTACT_INVALID_DID,
} from "@/constants/notifications"; } from "@/constants/notifications";
/** /**
@ -379,22 +381,29 @@ export default class DIDView extends Vue {
/** /**
* Determines which DID to display based on URL parameters * Determines which DID to display based on URL parameters
* Falls back to active DID if no parameter provided * Validates DID format and shows error for invalid DIDs
*/ */
private async determineDIDToDisplay() { private async determineDIDToDisplay() {
const pathParam = window.location.pathname.substring("/did/".length); const pathParam = window.location.pathname.substring("/did/".length);
let showDid = pathParam; let showDid = pathParam;
if (!showDid) { if (!showDid) {
// No DID provided in URL, use active DID
showDid = this.activeDid; showDid = this.activeDid;
if (showDid) {
this.notifyDefaultToActiveDID(); this.notifyDefaultToActiveDID();
} else {
// DID provided in URL, validate it
const decodedDid = decodeURIComponent(showDid);
if (!isDid(decodedDid)) {
// Invalid DID format - show error and redirect
this.notify.error(NOTIFY_CONTACT_INVALID_DID.message, TIMEOUTS.LONG);
this.$router.push({ name: "home" });
return;
} }
showDid = decodedDid;
} }
if (showDid) { this.viewingDid = showDid;
this.viewingDid = decodeURIComponent(showDid);
}
} }
/** /**

14
test-playwright/00-noid-tests.spec.ts

@ -70,6 +70,7 @@
import { test, expect } from '@playwright/test'; import { test, expect } from '@playwright/test';
import { deleteContact, generateAndRegisterEthrUser, importUser } from './testUtils'; import { deleteContact, generateAndRegisterEthrUser, importUser } from './testUtils';
import { NOTIFY_CONTACT_INVALID_DID } from '../src/constants/notifications';
test('Check activity feed - check that server is running', async ({ page }) => { test('Check activity feed - check that server is running', async ({ page }) => {
// Load app homepage // Load app homepage
@ -169,6 +170,19 @@ test('Confirm test API setting (may fail if you are running your own Time Safari
await expect(page.locator('#apiServerInput')).toHaveValue(endorserServer); await expect(page.locator('#apiServerInput')).toHaveValue(endorserServer);
}); });
test('Check invalid DID shows error and redirects', async ({ page }) => {
await importUser(page, '00');
// Navigate to an invalid DID URL
await page.goto('./did/0');
// Should show error message about invalid DID format
await expect(page.getByText(NOTIFY_CONTACT_INVALID_DID.message)).toBeVisible();
// Should redirect to contacts page
await expect(page).toHaveURL(/.*\/contacts$/);
});
test('Check User 0 can register a random person', async ({ page }) => { test('Check User 0 can register a random person', async ({ page }) => {
await importUser(page, '00'); await importUser(page, '00');
const newDid = await generateAndRegisterEthrUser(page); const newDid = await generateAndRegisterEthrUser(page);

Loading…
Cancel
Save