def test_invalid_operation_without_none_constraint():
# ConstraintListField without None in field CONSTRAINT
invalid_auth_rule_operation = generate_auth_rule_operation()
invalid_auth_rule_operation[CONSTRAINT] = None
with pytest.raises(TypeError, match="Fields {} and {} are required and should not "
"be an empty list.".format(AUTH_CONSTRAINTS, CONSTRAINT)):
validator.validate(invalid_auth_rule_operation)
def _generate_operation(self, constraint):
return generate_auth_rule_operation(auth_action=self.action.prefix,
auth_type=self.action.txn_type,
field=self.action.field,
new_value=self.action.new_value,
old_value=self.action.old_value,
constraint=constraint.as_dict)
def test_auth_rule_static_validation_failed_with_incorrect_key(auth_rule_request,
auth_rule_handler: AuthRuleHandler):
auth_rule_request.operation = generate_auth_rule_operation(auth_action=ADD_PREFIX,
auth_type="wrong_type",
field=ROLE, new_value=ENDORSER)
with pytest.raises(InvalidClientRequest, match="key .* is not found in authorization map"):
auth_rule_handler.static_validation(auth_rule_request)
def test_invalid_operation_with_empty_constraint_list():
# ClientAuthRuleOperation with empty list of constraints
invalid_auth_rule_operation = generate_auth_rule_operation(constraint=[])
with pytest.raises(TypeError,
match="Fields {} and {} are required and should not "
"be an empty list.".format(AUTH_CONSTRAINTS,
CONSTRAINT)):
validator.validate(invalid_auth_rule_operation)
def test_invalid_operation_auth_constraints():
# ConstraintListField without required field 'auth_constraints'
invalid_auth_rule_operation = generate_auth_rule_operation(constraint=generate_constraint_list(
auth_constraints=[generate_constraint_entity(),
generate_constraint_entity()]))
del invalid_auth_rule_operation[CONSTRAINT][AUTH_CONSTRAINTS]
with pytest.raises(TypeError, match=AUTH_CONSTRAINTS):
validator.validate(invalid_auth_rule_operation)
def get_default_auth_rule(self):
constraint = auth_map.get(self.action_id)
operation = generate_auth_rule_operation(auth_action=self.action.prefix,
auth_type=self.action.txn_type,
field=self.action.field,
old_value=self.action.old_value if self.action.prefix == EDIT_PREFIX else None,
new_value=self.action.new_value,
constraint=constraint.as_dict)
return sdk_gen_request(operation, identifier=self.trustee_wallet[1])
def test_invalid_operation_with_empty_auth_constraints():
# ConstraintListField without empty list in auth_constraints
invalid_auth_rule_operation = generate_auth_rule_operation(constraint=generate_constraint_list(
auth_constraints=[generate_constraint_entity(),
generate_constraint_list(
auth_constraints=[])]))
with pytest.raises(TypeError, match="Fields {} should not be an empty "
"list.".format(AUTH_CONSTRAINTS)):
validator.validate(invalid_auth_rule_operation)
def test_invalid_operation_constraint_id_with_large_constraint():
# ConstraintListField without required field CONSTRAINT_ID on the 2nd level
invalid_auth_rule_operation = generate_auth_rule_operation(constraint=generate_constraint_list(
auth_constraints=[generate_constraint_entity(),
generate_constraint_list(
auth_constraints=[generate_constraint_entity(),
generate_constraint_entity()])]))
del invalid_auth_rule_operation[CONSTRAINT][AUTH_CONSTRAINTS][1][CONSTRAINT_ID]
with pytest.raises(TypeError, match=CONSTRAINT_ID):
validator.validate(invalid_auth_rule_operation)
def test_invalid_entity_role_in_extra_large_constraint():
# ConstraintEntityField without required field 'role'
invalid_auth_rule_operation = generate_auth_rule_operation(constraint=generate_constraint_list(
auth_constraints=[generate_constraint_entity(),
generate_constraint_list(
auth_constraints=[generate_constraint_entity(),
generate_constraint_entity()])]))
del invalid_auth_rule_operation[CONSTRAINT][AUTH_CONSTRAINTS][1][AUTH_CONSTRAINTS][0][ROLE]
with pytest.raises(TypeError, match=ROLE):
validator.validate(invalid_auth_rule_operation)
def get_changed_auth_rule(self):
constraint = AuthConstraint(role=None,
sig_count=1,
need_to_be_owner=False)
operation = generate_auth_rule_operation(auth_action=EDIT_PREFIX,
auth_type=AUTH_RULE,
field='*',
old_value='*',
new_value='*',
constraint=constraint.as_dict)
return sdk_gen_request(operation, identifier=self.trustee_wallet[1])
def get_changed_auth_rule(self):
constraint = AuthConstraint(role=TRUSTEE,
sig_count=1,
need_to_be_owner=False)
operation = generate_auth_rule_operation(auth_action=EDIT_PREFIX,
auth_type=NYM,
field=VERKEY,
old_value='*',
new_value='*',
constraint=constraint.as_dict)
return sdk_gen_request(operation, identifier=self.creator_wallet[1])
def get_changed_auth_rule(self):
self.new_default_wallet = sdk_add_new_nym(self.looper, self.sdk_pool_handle, self.trustee_wallet, role=IDENTITY_OWNER)
constraint = AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=False)
operation = generate_auth_rule_operation(auth_action=ADD_PREFIX,
auth_type=SCHEMA,
field='*',
new_value='*',
constraint=constraint.as_dict)
return sdk_gen_request(operation, identifier=self.trustee_wallet[1])
def get_changed_auth_rule(self):
self.new_default_wallet = self.add_revoc_reg_def.new_default_wallet
constraint = AuthConstraint(role=IDENTITY_OWNER,
sig_count=1,
need_to_be_owner=False)
operation = generate_auth_rule_operation(auth_action=EDIT_PREFIX,
auth_type=REVOC_REG_DEF,
field='*',
old_value='*',
new_value='*',
constraint=constraint.as_dict)
return sdk_gen_request(operation, identifier=self.trustee_wallet[1])
def get_default_auth_rule(self):
action = AuthActionEdit(txn_type=AUTH_RULE,
field='*',
old_value='*',
new_value='*')
constraint = auth_map.auth_map.get(action.get_action_id())
operation = generate_auth_rule_operation(auth_action=EDIT_PREFIX,
auth_type=AUTH_RULE,
field='*',
old_value='*',
new_value='*',
constraint=constraint.as_dict)
return sdk_gen_request(operation, identifier=self.new_default_wallet[1])
def get_changed_auth_rule(self):
new_role = random.choice(list(self.other_roles))
self.new_who_can_wallet = self.env.role_to_wallet[new_role]
constraint = AuthConstraint(role=new_role,
sig_count=1,
need_to_be_owner=False)
operation = generate_auth_rule_operation(
auth_action=self.action.prefix,
auth_type=self.action.txn_type,
field=self.action.field,
old_value=self.action.old_value,
new_value=self.action.new_value,
constraint=constraint.as_dict)
return sdk_gen_request(operation, identifier=self.trustee_wallet[1])
def test_reqnack_auth_rule_edit_transaction_with_wrong_format(
looper, sdk_wallet_trustee, sdk_pool_handle):
op = generate_auth_rule_operation(auth_action=EDIT_PREFIX)
op.pop(OLD_VALUE)
req_obj = sdk_gen_request(op, identifier=sdk_wallet_trustee[1])
req = sdk_sign_and_submit_req_obj(looper, sdk_pool_handle,
sdk_wallet_trustee, req_obj)
with pytest.raises(RequestNackedException) as e:
sdk_get_and_check_replies(looper, [req])
e.match("InvalidClientRequest")
e.match("Transaction for change authentication "
"rule for {}={} must contain field {}".format(
AUTH_ACTION, EDIT_PREFIX, OLD_VALUE))
def test_reqnack_auth_rule_edit_transaction_with_wrong_format(
looper, sdk_wallet_trustee, sdk_pool_handle):
op = generate_auth_rule_operation(auth_action=EDIT_PREFIX)
op.pop(OLD_VALUE)
req_obj = sdk_gen_request(op, identifier=sdk_wallet_trustee[1])
req_json = json.dumps(req_obj.as_dict)
with pytest.raises(RequestNackedException) as e:
sdk_send_and_check_req_json(
looper,
sdk_pool_handle,
sdk_wallet_trustee,
req_json,
)
e.match("client request invalid")
e.match("Transaction for change authentication "
"rule for {}={} must contain field {}".format(
AUTH_ACTION, EDIT_PREFIX, OLD_VALUE))
def auth_rule_request(creator):
return Request(identifier=creator,
reqId=5,
signature="sig",
operation=generate_auth_rule_operation())
def test_invalid_entity_role():
# ConstraintEntityField without required field 'role'
invalid_auth_rule_operation = generate_auth_rule_operation()
del invalid_auth_rule_operation[CONSTRAINT][ROLE]
with pytest.raises(TypeError, match=ROLE):
validator.validate(invalid_auth_rule_operation)
def test_invalid_operation_action():
# must be ADD_PREFIX or EDIT_PREFIX
invalid_auth_rule_operation = generate_auth_rule_operation(
auth_action="auth_action")
with pytest.raises(TypeError, match=AUTH_ACTION):
validator.validate(invalid_auth_rule_operation)
import pytest
from indy_common.constants import CONSTRAINT, AUTH_ACTION
from indy_common.types import ClientAuthRuleOperation
from indy_node.test.helper import generate_constraint_entity
from indy_node.test.auth_rule.helper import generate_constraint_list, \
generate_auth_rule_operation
from indy_common.authorize.auth_constraints import ROLE, AUTH_CONSTRAINTS, CONSTRAINT_ID
validator = ClientAuthRuleOperation()
valid_auth_rule_operation_small = generate_auth_rule_operation()
valid_auth_rule_operation_large = generate_auth_rule_operation(
constraint=generate_constraint_list(auth_constraints=[
generate_constraint_entity(),
generate_constraint_entity()
]))
valid_auth_rule_operation_extra_large = generate_auth_rule_operation(
constraint=generate_constraint_list(auth_constraints=[
generate_constraint_entity(),
generate_constraint_list(auth_constraints=[
generate_constraint_entity(),
generate_constraint_entity()
])
]))
def test_valid():
validator.validate(valid_auth_rule_operation_small)
validator.validate(valid_auth_rule_operation_large)
validator.validate(valid_auth_rule_operation_extra_large)
