fix(DIDView): validate DID format before processing URL parameters

- Add DID validation using isDid() function to prevent invalid DIDs from loading current user's info - Show error message and redirect to HomeView for invalid DID formats (e.g., /did/0) - Import NOTIFY_CONTACT_INVALID_DID constant for consistent error messaging Resolves: DIDView loading current user's info for invalid DID parameters
2025-08-20 19:56:34 +08:00
parent 8db07465ed
commit 74c70c7fa0
2 changed files with 29 additions and 6 deletions
--- a/src/views/DIDView.vue
+++ b/src/views/DIDView.vue
@@ -273,6 +273,7 @@ import {
  didInfoForContact,
  displayAmount,
  getHeaders,
+  isDid,
  register,
  setVisibilityUtil,
 } from "../libs/endorserServer";
@@ -289,6 +290,7 @@ import {
  NOTIFY_REGISTRATION_ERROR,
  NOTIFY_SERVER_ACCESS_ERROR,
  NOTIFY_NO_IDENTITY_ERROR,
+  NOTIFY_CONTACT_INVALID_DID,
 } from "@/constants/notifications";

 /**
@@ -379,22 +381,29 @@ export default class DIDView extends Vue {

  /**
   * Determines which DID to display based on URL parameters
-   * Falls back to active DID if no parameter provided
+   * Validates DID format and shows error for invalid DIDs
   */
  private async determineDIDToDisplay() {
    const pathParam = window.location.pathname.substring("/did/".length);
    let showDid = pathParam;

    if (!showDid) {
+      // No DID provided in URL, use active DID
      showDid = this.activeDid;
-      if (showDid) {
      this.notifyDefaultToActiveDID();
+    } else {
+      // DID provided in URL, validate it
+      const decodedDid = decodeURIComponent(showDid);
+      if (!isDid(decodedDid)) {
+        // Invalid DID format - show error and redirect
+        this.notify.error(NOTIFY_CONTACT_INVALID_DID.message, TIMEOUTS.LONG);
+        this.$router.push({ name: "home" });
+        return;
      }
+      showDid = decodedDid;
    }

-    if (showDid) {
-      this.viewingDid = decodeURIComponent(showDid);
-    }
+    this.viewingDid = showDid;
  }

  /**
--- a/test-playwright/00-noid-tests.spec.ts
+++ b/test-playwright/00-noid-tests.spec.ts
@@ -70,6 +70,7 @@

 import { test, expect } from '@playwright/test';
 import { deleteContact, generateAndRegisterEthrUser, importUser } from './testUtils';
+import { NOTIFY_CONTACT_INVALID_DID } from '../src/constants/notifications';

 test('Check activity feed - check that server is running', async ({ page }) => {
  // Load app homepage
@@ -169,6 +170,19 @@ test('Confirm test API setting (may fail if you are running your own Time Safari
  await expect(page.locator('#apiServerInput')).toHaveValue(endorserServer);
 });

+test('Check invalid DID shows error and redirects', async ({ page }) => {
+  await importUser(page, '00');
+  
+  // Navigate to an invalid DID URL
+  await page.goto('./did/0');
+  
+  // Should show error message about invalid DID format
+  await expect(page.getByText(NOTIFY_CONTACT_INVALID_DID.message)).toBeVisible();
+  
+  // Should redirect to contacts page
+  await expect(page).toHaveURL(/.*\/contacts$/);
+});
+
 test('Check User 0 can register a random person', async ({ page }) => {
  await importUser(page, '00');
  const newDid = await generateAndRegisterEthrUser(page);