def test_invalid_operation_without_none_constraint(): # ConstraintListField without None in field CONSTRAINT invalid_auth_rule_operation = generate_auth_rule_operation() invalid_auth_rule_operation[CONSTRAINT] = None with pytest.raises(TypeError, match="Fields {} and {} are required and should not " "be an empty list.".format(AUTH_CONSTRAINTS, CONSTRAINT)): validator.validate(invalid_auth_rule_operation)
def _generate_operation(self, constraint): return generate_auth_rule_operation(auth_action=self.action.prefix, auth_type=self.action.txn_type, field=self.action.field, new_value=self.action.new_value, old_value=self.action.old_value, constraint=constraint.as_dict)
def test_auth_rule_static_validation_failed_with_incorrect_key(auth_rule_request, auth_rule_handler: AuthRuleHandler): auth_rule_request.operation = generate_auth_rule_operation(auth_action=ADD_PREFIX, auth_type="wrong_type", field=ROLE, new_value=ENDORSER) with pytest.raises(InvalidClientRequest, match="key .* is not found in authorization map"): auth_rule_handler.static_validation(auth_rule_request)
def test_invalid_operation_with_empty_constraint_list(): # ClientAuthRuleOperation with empty list of constraints invalid_auth_rule_operation = generate_auth_rule_operation(constraint=[]) with pytest.raises(TypeError, match="Fields {} and {} are required and should not " "be an empty list.".format(AUTH_CONSTRAINTS, CONSTRAINT)): validator.validate(invalid_auth_rule_operation)
def test_invalid_operation_auth_constraints(): # ConstraintListField without required field 'auth_constraints' invalid_auth_rule_operation = generate_auth_rule_operation(constraint=generate_constraint_list( auth_constraints=[generate_constraint_entity(), generate_constraint_entity()])) del invalid_auth_rule_operation[CONSTRAINT][AUTH_CONSTRAINTS] with pytest.raises(TypeError, match=AUTH_CONSTRAINTS): validator.validate(invalid_auth_rule_operation)
def get_default_auth_rule(self): constraint = auth_map.get(self.action_id) operation = generate_auth_rule_operation(auth_action=self.action.prefix, auth_type=self.action.txn_type, field=self.action.field, old_value=self.action.old_value if self.action.prefix == EDIT_PREFIX else None, new_value=self.action.new_value, constraint=constraint.as_dict) return sdk_gen_request(operation, identifier=self.trustee_wallet[1])
def test_invalid_operation_with_empty_auth_constraints(): # ConstraintListField without empty list in auth_constraints invalid_auth_rule_operation = generate_auth_rule_operation(constraint=generate_constraint_list( auth_constraints=[generate_constraint_entity(), generate_constraint_list( auth_constraints=[])])) with pytest.raises(TypeError, match="Fields {} should not be an empty " "list.".format(AUTH_CONSTRAINTS)): validator.validate(invalid_auth_rule_operation)
def test_invalid_operation_constraint_id_with_large_constraint(): # ConstraintListField without required field CONSTRAINT_ID on the 2nd level invalid_auth_rule_operation = generate_auth_rule_operation(constraint=generate_constraint_list( auth_constraints=[generate_constraint_entity(), generate_constraint_list( auth_constraints=[generate_constraint_entity(), generate_constraint_entity()])])) del invalid_auth_rule_operation[CONSTRAINT][AUTH_CONSTRAINTS][1][CONSTRAINT_ID] with pytest.raises(TypeError, match=CONSTRAINT_ID): validator.validate(invalid_auth_rule_operation)
def test_invalid_entity_role_in_extra_large_constraint(): # ConstraintEntityField without required field 'role' invalid_auth_rule_operation = generate_auth_rule_operation(constraint=generate_constraint_list( auth_constraints=[generate_constraint_entity(), generate_constraint_list( auth_constraints=[generate_constraint_entity(), generate_constraint_entity()])])) del invalid_auth_rule_operation[CONSTRAINT][AUTH_CONSTRAINTS][1][AUTH_CONSTRAINTS][0][ROLE] with pytest.raises(TypeError, match=ROLE): validator.validate(invalid_auth_rule_operation)
def get_changed_auth_rule(self): constraint = AuthConstraint(role=None, sig_count=1, need_to_be_owner=False) operation = generate_auth_rule_operation(auth_action=EDIT_PREFIX, auth_type=AUTH_RULE, field='*', old_value='*', new_value='*', constraint=constraint.as_dict) return sdk_gen_request(operation, identifier=self.trustee_wallet[1])
def get_changed_auth_rule(self): constraint = AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=False) operation = generate_auth_rule_operation(auth_action=EDIT_PREFIX, auth_type=NYM, field=VERKEY, old_value='*', new_value='*', constraint=constraint.as_dict) return sdk_gen_request(operation, identifier=self.creator_wallet[1])
def get_changed_auth_rule(self): self.new_default_wallet = sdk_add_new_nym(self.looper, self.sdk_pool_handle, self.trustee_wallet, role=IDENTITY_OWNER) constraint = AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=False) operation = generate_auth_rule_operation(auth_action=ADD_PREFIX, auth_type=SCHEMA, field='*', new_value='*', constraint=constraint.as_dict) return sdk_gen_request(operation, identifier=self.trustee_wallet[1])
def get_changed_auth_rule(self): self.new_default_wallet = self.add_revoc_reg_def.new_default_wallet constraint = AuthConstraint(role=IDENTITY_OWNER, sig_count=1, need_to_be_owner=False) operation = generate_auth_rule_operation(auth_action=EDIT_PREFIX, auth_type=REVOC_REG_DEF, field='*', old_value='*', new_value='*', constraint=constraint.as_dict) return sdk_gen_request(operation, identifier=self.trustee_wallet[1])
def get_default_auth_rule(self): action = AuthActionEdit(txn_type=AUTH_RULE, field='*', old_value='*', new_value='*') constraint = auth_map.auth_map.get(action.get_action_id()) operation = generate_auth_rule_operation(auth_action=EDIT_PREFIX, auth_type=AUTH_RULE, field='*', old_value='*', new_value='*', constraint=constraint.as_dict) return sdk_gen_request(operation, identifier=self.new_default_wallet[1])
def get_changed_auth_rule(self): new_role = random.choice(list(self.other_roles)) self.new_who_can_wallet = self.env.role_to_wallet[new_role] constraint = AuthConstraint(role=new_role, sig_count=1, need_to_be_owner=False) operation = generate_auth_rule_operation( auth_action=self.action.prefix, auth_type=self.action.txn_type, field=self.action.field, old_value=self.action.old_value, new_value=self.action.new_value, constraint=constraint.as_dict) return sdk_gen_request(operation, identifier=self.trustee_wallet[1])
def test_reqnack_auth_rule_edit_transaction_with_wrong_format( looper, sdk_wallet_trustee, sdk_pool_handle): op = generate_auth_rule_operation(auth_action=EDIT_PREFIX) op.pop(OLD_VALUE) req_obj = sdk_gen_request(op, identifier=sdk_wallet_trustee[1]) req = sdk_sign_and_submit_req_obj(looper, sdk_pool_handle, sdk_wallet_trustee, req_obj) with pytest.raises(RequestNackedException) as e: sdk_get_and_check_replies(looper, [req]) e.match("InvalidClientRequest") e.match("Transaction for change authentication " "rule for {}={} must contain field {}".format( AUTH_ACTION, EDIT_PREFIX, OLD_VALUE))
def test_reqnack_auth_rule_edit_transaction_with_wrong_format( looper, sdk_wallet_trustee, sdk_pool_handle): op = generate_auth_rule_operation(auth_action=EDIT_PREFIX) op.pop(OLD_VALUE) req_obj = sdk_gen_request(op, identifier=sdk_wallet_trustee[1]) req_json = json.dumps(req_obj.as_dict) with pytest.raises(RequestNackedException) as e: sdk_send_and_check_req_json( looper, sdk_pool_handle, sdk_wallet_trustee, req_json, ) e.match("client request invalid") e.match("Transaction for change authentication " "rule for {}={} must contain field {}".format( AUTH_ACTION, EDIT_PREFIX, OLD_VALUE))
def auth_rule_request(creator): return Request(identifier=creator, reqId=5, signature="sig", operation=generate_auth_rule_operation())
def test_invalid_entity_role(): # ConstraintEntityField without required field 'role' invalid_auth_rule_operation = generate_auth_rule_operation() del invalid_auth_rule_operation[CONSTRAINT][ROLE] with pytest.raises(TypeError, match=ROLE): validator.validate(invalid_auth_rule_operation)
def test_invalid_operation_action(): # must be ADD_PREFIX or EDIT_PREFIX invalid_auth_rule_operation = generate_auth_rule_operation( auth_action="auth_action") with pytest.raises(TypeError, match=AUTH_ACTION): validator.validate(invalid_auth_rule_operation)
import pytest from indy_common.constants import CONSTRAINT, AUTH_ACTION from indy_common.types import ClientAuthRuleOperation from indy_node.test.helper import generate_constraint_entity from indy_node.test.auth_rule.helper import generate_constraint_list, \ generate_auth_rule_operation from indy_common.authorize.auth_constraints import ROLE, AUTH_CONSTRAINTS, CONSTRAINT_ID validator = ClientAuthRuleOperation() valid_auth_rule_operation_small = generate_auth_rule_operation() valid_auth_rule_operation_large = generate_auth_rule_operation( constraint=generate_constraint_list(auth_constraints=[ generate_constraint_entity(), generate_constraint_entity() ])) valid_auth_rule_operation_extra_large = generate_auth_rule_operation( constraint=generate_constraint_list(auth_constraints=[ generate_constraint_entity(), generate_constraint_list(auth_constraints=[ generate_constraint_entity(), generate_constraint_entity() ]) ])) def test_valid(): validator.validate(valid_auth_rule_operation_small) validator.validate(valid_auth_rule_operation_large) validator.validate(valid_auth_rule_operation_extra_large)