From 098da9b4a6e8d808def0b5b88771e185570b2aba Mon Sep 17 00:00:00 2001
From: Wout Slakhorst <wout.slakhorst@nedap.com>
Date: Mon, 16 Dec 2024 12:02:03 +0100
Subject: [PATCH] fix VDR V1 CreateDID passing KeyFlags (#3614)

---
 docs/_static/vdr/v1.yaml     | 25 +++++++++++++++++--------
 docs/pages/release_notes.rst | 11 +++++++++++
 vdr/api/v1/api.go            | 12 +++---------
 vdr/api/v1/api_test.go       |  3 ++-
 4 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/docs/_static/vdr/v1.yaml b/docs/_static/vdr/v1.yaml
index a2c5db203d..30404706dd 100644
--- a/docs/_static/vdr/v1.yaml
+++ b/docs/_static/vdr/v1.yaml
@@ -11,10 +11,12 @@ paths:
   /internal/vdr/v1/did:
     post:
       summary: Creates a new Nuts DID
+      deprecated: true
       description: |
-        The DID Document will be created according to the given request. If a combination of options is not allowed, a 400 is returned.
-        The default values for selfControl, assertionMethod, keyAgreement, and capabilityInvocation are true. The default for controllers is an empty list. All other options default to false.
-        Only a single keypair will be generated. All enabled methods will reuse the same key pair. A seperate keypair will be generated to generate the DID if SelfControl is false.
+        Starting with v6.0.0, the entire body will be ignored and default values will be used.
+        The default values are: selfControl = true, assertionMethod = true, keyAgreement = true, capabilityInvocation = true, capabilityDelegation = true, authentication = true and controllers = [].
+        
+        Only a single keypair will be generated. All enabled methods will reuse the same key pair.
 
         error returns:
         * 400 - Invalid (combination of) options
@@ -272,7 +274,7 @@ components:
         authentication:
           type: boolean
           description: indicates if the generated key pair can be used for authentication.
-          default: false
+          default: true
         capabilityInvocation:
           type: boolean
           description: |
@@ -288,6 +290,17 @@ components:
           type: boolean
           description: indicates if the generated key pair can be used for Key agreements.
           default: true
+        selfControl:
+          type: boolean
+          description: whether the generated DID Document can be altered with its own capabilityInvocation key.
+          default: true
+        controllers:
+          type: array
+          items:
+            type: string
+          description: |
+            List of DID controllers. The DID controllers are the entities that can alter the DID Document.
+            default: []
     VerificationMethodRelationship:
       properties:
         assertionMethod:
@@ -313,10 +326,6 @@ components:
           type: boolean
           description: indicates if the generated key pair can be used for Key agreements.
           default: true
-        selfControl:
-          type: boolean
-          description: whether the generated DID Document can be altered with its own capabilityInvocation key.
-          default: true
   securitySchemes:
     jwtBearerAuth:
       type: http
diff --git a/docs/pages/release_notes.rst b/docs/pages/release_notes.rst
index 17b54fcd27..2c8ade3393 100644
--- a/docs/pages/release_notes.rst
+++ b/docs/pages/release_notes.rst
@@ -2,6 +2,17 @@
 Release notes
 #############
 
+***************
+Peanut (v6.0.6)
+***************
+
+Release date: 2024-12-16
+
+- `#3610 <https://github.com/nuts-foundation/nuts-node/issues/3610>`_: Fix DID Creation with VDR V1 API.
+  The Body for POST /internal/vdr/v1/did is now completely ignored, defaults are used.
+
+**Full Changelog**: https://github.com/nuts-foundation/nuts-node/compare/v6.0.5...v6.0.6
+
 ***************
 Peanut (v6.0.5)
 ***************
diff --git a/vdr/api/v1/api.go b/vdr/api/v1/api.go
index 92fd91d7be..c648bd20ec 100644
--- a/vdr/api/v1/api.go
+++ b/vdr/api/v1/api.go
@@ -125,15 +125,9 @@ func (a *Wrapper) Routes(router core.EchoRouter) {
 }
 
 // CreateDID creates a new DID Document and returns it.
-func (a *Wrapper) CreateDID(ctx context.Context, request CreateDIDRequestObject) (CreateDIDResponseObject, error) {
-	options := didsubject.DefaultCreationOptions()
-
-	defaultKeyFlags := didnuts.DefaultKeyFlags()
-	keyFlags := request.Body.VerificationMethodRelationship.ToFlags(defaultKeyFlags)
-	if keyFlags != defaultKeyFlags {
-		options = options.With(keyFlags)
-	}
-	options = options.With(didsubject.NutsLegacyNamingOption{})
+func (a *Wrapper) CreateDID(ctx context.Context, _ CreateDIDRequestObject) (CreateDIDResponseObject, error) {
+	// request body is ignored, defaults are used.
+	options := didsubject.DefaultCreationOptions().With(didsubject.NutsLegacyNamingOption{})
 
 	docs, _, err := a.SubjectManager.Create(ctx, options)
 	// if this operation leads to an error, it may return a 500
diff --git a/vdr/api/v1/api_test.go b/vdr/api/v1/api_test.go
index 69d384007c..75e955053e 100644
--- a/vdr/api/v1/api_test.go
+++ b/vdr/api/v1/api_test.go
@@ -22,6 +22,7 @@ package v1
 import (
 	"context"
 	"errors"
+	"github.com/nuts-foundation/nuts-node/core/to"
 	"github.com/nuts-foundation/nuts-node/storage/orm"
 	"github.com/nuts-foundation/nuts-node/vdr/didsubject"
 	"net/http"
@@ -48,7 +49,7 @@ func TestWrapper_CreateDID(t *testing.T) {
 
 	t.Run("ok - defaults", func(t *testing.T) {
 		ctx := newMockContext(t)
-		request := DIDCreateRequest{}
+		request := DIDCreateRequest{SelfControl: to.Ptr(false)} // SelfControl value is overwritten with default
 		ctx.subjectManager.EXPECT().Create(gomock.Any(), didsubject.DefaultCreationOptions().With(didsubject.NutsLegacyNamingOption{})).Return([]did.Document{*didDoc}, "subject", nil)
 
 		response, err := ctx.client.CreateDID(nil, CreateDIDRequestObject{Body: &request})