From 74c70c7fa02c1a7fb14d46aec14edae5ead7b96b Mon Sep 17 00:00:00 2001
From: Jose Olarte III <brownspank@anomalistdesign.com>
Date: Wed, 20 Aug 2025 19:56:34 +0800
Subject: [PATCH] fix(DIDView): validate DID format before processing URL
 parameters

- Add DID validation using isDid() function to prevent invalid DIDs from loading current user's info
- Show error message and redirect to HomeView for invalid DID formats (e.g., /did/0)
- Import NOTIFY_CONTACT_INVALID_DID constant for consistent error messaging

Resolves: DIDView loading current user's info for invalid DID parameters
---
 src/views/DIDView.vue                 | 21 +++++++++++++++------
 test-playwright/00-noid-tests.spec.ts | 14 ++++++++++++++
 2 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/src/views/DIDView.vue b/src/views/DIDView.vue
index a6212ece..ca929467 100644
--- a/src/views/DIDView.vue
+++ b/src/views/DIDView.vue
@@ -273,6 +273,7 @@ import {
   didInfoForContact,
   displayAmount,
   getHeaders,
+  isDid,
   register,
   setVisibilityUtil,
 } from "../libs/endorserServer";
@@ -289,6 +290,7 @@ import {
   NOTIFY_REGISTRATION_ERROR,
   NOTIFY_SERVER_ACCESS_ERROR,
   NOTIFY_NO_IDENTITY_ERROR,
+  NOTIFY_CONTACT_INVALID_DID,
 } from "@/constants/notifications";
 
 /**
@@ -379,22 +381,29 @@ export default class DIDView extends Vue {
 
   /**
    * Determines which DID to display based on URL parameters
-   * Falls back to active DID if no parameter provided
+   * Validates DID format and shows error for invalid DIDs
    */
   private async determineDIDToDisplay() {
     const pathParam = window.location.pathname.substring("/did/".length);
     let showDid = pathParam;
 
     if (!showDid) {
+      // No DID provided in URL, use active DID
       showDid = this.activeDid;
-      if (showDid) {
-        this.notifyDefaultToActiveDID();
+      this.notifyDefaultToActiveDID();
+    } else {
+      // DID provided in URL, validate it
+      const decodedDid = decodeURIComponent(showDid);
+      if (!isDid(decodedDid)) {
+        // Invalid DID format - show error and redirect
+        this.notify.error(NOTIFY_CONTACT_INVALID_DID.message, TIMEOUTS.LONG);
+        this.$router.push({ name: "home" });
+        return;
       }
+      showDid = decodedDid;
     }
 
-    if (showDid) {
-      this.viewingDid = decodeURIComponent(showDid);
-    }
+    this.viewingDid = showDid;
   }
 
   /**
diff --git a/test-playwright/00-noid-tests.spec.ts b/test-playwright/00-noid-tests.spec.ts
index 5218c330..9514daa2 100644
--- a/test-playwright/00-noid-tests.spec.ts
+++ b/test-playwright/00-noid-tests.spec.ts
@@ -70,6 +70,7 @@
 
 import { test, expect } from '@playwright/test';
 import { deleteContact, generateAndRegisterEthrUser, importUser } from './testUtils';
+import { NOTIFY_CONTACT_INVALID_DID } from '../src/constants/notifications';
 
 test('Check activity feed - check that server is running', async ({ page }) => {
   // Load app homepage
@@ -169,6 +170,19 @@ test('Confirm test API setting (may fail if you are running your own Time Safari
   await expect(page.locator('#apiServerInput')).toHaveValue(endorserServer);
 });
 
+test('Check invalid DID shows error and redirects', async ({ page }) => {
+  await importUser(page, '00');
+  
+  // Navigate to an invalid DID URL
+  await page.goto('./did/0');
+  
+  // Should show error message about invalid DID format
+  await expect(page.getByText(NOTIFY_CONTACT_INVALID_DID.message)).toBeVisible();
+  
+  // Should redirect to contacts page
+  await expect(page).toHaveURL(/.*\/contacts$/);
+});
+
 test('Check User 0 can register a random person', async ({ page }) => {
   await importUser(page, '00');
   const newDid = await generateAndRegisterEthrUser(page);
-- 
2.30.2