Use configured middleware address for middleware authentication (#1144)

* add validation for middleware url in middleware auth * validate middleware url in facility serializer the url should start with http and should not end with /
ohcnetwork · Jan 12, 2023 · 5e3aac2 · 5e3aac2
1 parent 51b7899
commit 5e3aac2
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/care/facility/api/serializers/facility.py b/care/facility/api/serializers/facility.py
@@ -119,6 +119,14 @@ class Meta:
         ]
         read_only_fields = ("modified_date", "created_date")
 
+    def validate_middleware_address(self, value):
+        value = value.strip()
+        if not value or not value.startswith("http"):
+            raise serializers.ValidationError("Invalid URL")
+        if value.endswith("/"):
+            raise serializers.ValidationError("URL should not end with /")
+        return value
+
     def create(self, validated_data):
         validated_data["created_by"] = self.context["request"].user
         return super().create(validated_data)

diff --git a/config/authentication.py b/config/authentication.py
@@ -69,13 +69,11 @@ def authenticate(self, request):
             facility = Facility.objects.get(external_id=external_id)
         except (Facility.DoesNotExist, ValidationError) as e:
             raise InvalidToken({"detail": "Invalid Facility", "messages": []}) from e
-
-        open_id_url = "http://localhost:8090"
-
-        if facility.middleware_address:
-            open_id_url = f"https://{facility.middleware_address}"
 
-        open_id_url += "/.well-known/openid-configuration/"
+        if not facility.middleware_address:
+            raise InvalidToken({"detail": "Facility not connected to a middleware"})
+
+        open_id_url = f"{facility.middleware_address}/.well-known/openid-configuration/"
 
         validated_token = self.get_validated_token(open_id_url, raw_token)