def test_plugin_complex_with_or_rule_with_not_allowed_trustee_no_endorser(
        write_auth_req_validator, write_request_validation, signatures,
        is_owner, off_ledger_signature, amount):
    validate(auth_constraint=AuthConstraintOr(auth_constraints=[
        AuthConstraintForbidden(),
        AuthConstraint(role="*",
                       sig_count=1,
                       need_to_be_owner=False,
                       off_ledger_signature=off_ledger_signature,
                       metadata={PLUGIN_FIELD: 2})
    ]),
             valid_actions=[
                 Action(author=TRUSTEE,
                        endorser=None,
                        sigs={TRUSTEE: s1},
                        is_owner=owner,
                        amount=2,
                        extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1)
                 for owner in [True, False]
             ],
             author=TRUSTEE,
             endorser=None,
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
def test_write_same_object_with_different_reqid_fails(looper, sdk_pool_handle,
                                                      sdk_wallet_endorser,
                                                      txn_type, rs_type,
                                                      content):
    request1 = sdk_build_rich_schema_request(looper,
                                             sdk_wallet_endorser,
                                             txn_type,
                                             rs_id=randomString(),
                                             rs_name=randomString(),
                                             rs_version='1.0',
                                             rs_type=rs_type,
                                             rs_content=json.dumps(content))
    req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_endorser,
                                  request1)
    sdk_get_and_check_replies(looper, [req])

    request2 = json.loads(request1)
    request2[TXN_PAYLOAD_METADATA_REQ_ID] = random.randint(10, 1000000000)
    request2 = json.dumps(request2)

    with pytest.raises(RequestRejectedException,
                       match=str(AuthConstraintForbidden())):
        req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_endorser,
                                      request2)
        sdk_get_and_check_replies(looper, [req])
def test_dynamic_validation_for_existing(handler_and_request):
    handler, request = handler_and_request
    make_rich_schema_object_exist(handler, request)
    add_to_idr(handler.database_manager.idr_cache, request.identifier, TRUSTEE)
    add_to_idr(handler.database_manager.idr_cache, request.endorser, ENDORSER)

    with pytest.raises(UnauthorizedClientRequest,
                       match=str(AuthConstraintForbidden())):
        handler.dynamic_validation(request, 0)
Esempio n. 4
0
def test_incorrect_auth_rule(helpers, addresses, looper, sdk_wallet_trustee,
                             sdk_pool_handle):
    set_fees(helpers, {NYM_FEES_ALIAS: 5})
    constraint = AuthConstraintForbidden().as_dict
    constraint[METADATA] = {FEES_FIELD_NAME: NYM_FEES_ALIAS}
    sdk_send_and_check_auth_rule_invalid_request(looper,
                                                 sdk_pool_handle,
                                                 sdk_wallet_trustee,
                                                 constraint=constraint)
Esempio n. 5
0
def constraints():
    role_constraints = [
        AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True),
        AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True)
    ]
    and_constraint = AuthConstraintAnd(role_constraints)
    or_constraint = AuthConstraintOr(role_constraints)
    forbidden_constraint = AuthConstraintForbidden()
    return role_constraints[
        0], and_constraint, or_constraint, forbidden_constraint
Esempio n. 6
0
def test_plugin_simple_rule_not_allowed(write_auth_req_validator,
                                        write_request_validation, signatures,
                                        is_owner, amount):
    validate(auth_constraint=AuthConstraintForbidden(),
             valid_actions=[],
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
def test_can_not_send_same_schema(looper, sdk_pool_handle,
                                  sdk_wallet_endorser):
    sdk_write_schema_and_check(looper, sdk_pool_handle, sdk_wallet_endorser,
                               ["attrib1", "attrib2", "attrib3"], "business",
                               "1.8")

    with pytest.raises(RequestRejectedException,
                       match=str(AuthConstraintForbidden())):
        resp = sdk_write_schema_and_check(looper, sdk_pool_handle,
                                          sdk_wallet_endorser,
                                          ["attrib1", "attrib2", "attrib3"],
                                          "business", "1.8")
        validate_write_reply(resp)
Esempio n. 8
0
def test_get_one_disabled_auth_rule_transaction(looper,
                                                sdk_wallet_trustee,
                                                sdk_pool_handle):
    key = generate_key(auth_action=EDIT_PREFIX, auth_type=SCHEMA,
                       field='*', old_value='*', new_value='*')
    req, resp = sdk_send_and_check_get_auth_rule_request(looper,
                                                         sdk_pool_handle,
                                                         sdk_wallet_trustee,
                                                         **key)[0]
    result = resp["result"][DATA]
    assert len(result) == 1
    _check_key(key, result[0])
    assert result[0][CONSTRAINT] == AuthConstraintForbidden().as_dict
Esempio n. 9
0
def test_dynamic_validation_for_existing(handler_and_request):
    handler, request = handler_and_request
    make_rich_schema_object_exist(handler, request)
    add_to_idr(handler.database_manager.idr_cache, request.identifier, TRUSTEE)
    add_to_idr(handler.database_manager.idr_cache, request.endorser, ENDORSER)

    # default auth rules allow editing of CredDef and PresDef by the owner
    if isinstance(handler, RichSchemaCredDefHandler) or isinstance(
            handler, RichSchemaPresDefHandler):
        handler.dynamic_validation(request, 0)
    else:
        with pytest.raises(UnauthorizedClientRequest,
                           match=str(AuthConstraintForbidden())):
            handler.dynamic_validation(request, 0)
def test_forbid_set_fees(helpers, fees, addresses, looper, sdk_wallet_trustee,
                         sdk_pool_handle):
    """
    1. Send a SET_FEES txn.
    2. Forbid SET_FEES via the auth rule for editing SET_FEES.
    3. Send a SET_FEES txn and check that action forbidden.
    4. Change the auth rule to a default value.
    6. Send and check a SET_FEES txn.
    """
    set_fees(helpers, fees)

    sdk_send_and_check_auth_rule_request(
        looper,
        sdk_pool_handle,
        sdk_wallet_trustee,
        auth_action=EDIT_PREFIX,
        auth_type=SET_FEES,
        field='*',
        old_value='*',
        new_value='*',
        constraint=AuthConstraintForbidden().as_dict)

    with pytest.raises(RequestRejectedException,
                       match=str(AuthConstraintForbidden())):
        set_fees(helpers, fees)

    sdk_send_and_check_auth_rule_request(
        looper,
        sdk_pool_handle,
        sdk_wallet_trustee,
        auth_action=EDIT_PREFIX,
        auth_type=SET_FEES,
        field='*',
        old_value='*',
        new_value='*',
        constraint=sovtokenfees_auth_map[edit_fees.get_action_id()].as_dict)
    set_fees(helpers, fees)
def test_plugin_complex_with_and_rule_with_not_allowed(write_auth_req_validator, write_request_validation,
                                                       signatures, is_owner, off_ledger_signature, amount):
    validate(
        auth_constraint=AuthConstraintAnd(auth_constraints=[
            AuthConstraintForbidden(),
            AuthConstraint(role="*", sig_count=1, need_to_be_owner=False,
                           off_ledger_signature=off_ledger_signature,
                           metadata={PLUGIN_FIELD: 2})
        ]),
        valid_actions=[],
        author=TRUSTEE, endorser=None,
        all_signatures=signatures, is_owner=is_owner, amount=amount,
        write_auth_req_validator=write_auth_req_validator,
        write_request_validation=write_request_validation
    )
Esempio n. 12
0
def test_can_not_send_same_rs_schema(looper, sdk_pool_handle,
                                     sdk_wallet_endorser):
    _, identifier = sdk_wallet_endorser
    authors_did, name, version, type = identifier, "ISO18023_Drivers_License", "1.3", "8"
    _id = identifier + ':' + type + ':' + name + ':' + version
    schema = {'@id': _id, '@type': "0od"}
    request_json = build_rs_schema_request(identifier, schema, name, version)
    sdk_write_rs_schema_and_check(looper, sdk_pool_handle, sdk_wallet_endorser,
                                  request_json)

    with pytest.raises(RequestRejectedException,
                       match=str(AuthConstraintForbidden())):
        request_json = build_rs_schema_request(identifier, schema, name,
                                               version)
        sdk_write_rs_schema_and_check(looper, sdk_pool_handle,
                                      sdk_wallet_endorser, request_json)
def test_plugin_complex_with_or_rule_with_not_allowed(write_auth_req_validator,
                                                      write_request_validation,
                                                      signatures, is_owner,
                                                      amount):
    validate(auth_constraint=AuthConstraintOr(auth_constraints=[
        AuthConstraintForbidden(),
        AuthConstraint(role="*",
                       sig_count=1,
                       need_to_be_owner=False,
                       metadata={PLUGIN_FIELD: 2})
    ]),
             valid_actions=[(signature, owner, 2) for signature in signatures
                            if signature for owner in [True, False]],
             all_signatures=signatures,
             is_owner=is_owner,
             amount=amount,
             write_auth_req_validator=write_auth_req_validator,
             write_request_validation=write_request_validation)
Esempio n. 14
0
def test_write_same_context_with_different_reqid_fails(looper, sdk_pool_handle, sdk_wallet_endorser):
    sdk_write_context_and_check(
        looper, sdk_pool_handle,
        sdk_wallet_endorser,
        SCHEMA_ORG_CONTEXT,
        "Base_Context3",
        "1.0",
        1234
    )
    with pytest.raises(RequestRejectedException,
                       match=str(AuthConstraintForbidden())):
        resp = sdk_write_context_and_check(
            looper, sdk_pool_handle,
            sdk_wallet_endorser,
            SCHEMA_ORG_CONTEXT,
            "Base_Context3",
            "1.0",
            2345
        )
        validate_write_reply(resp)
Esempio n. 15
0
def test_check_equal(constraints):
    same_role, same_and, same_or, same_forbidden = constraints
    """
    The same constraints as from fixture but should have not the same id
    """
    role_constraints = [
        AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True),
        AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True)
    ]
    and_constraint = AuthConstraintAnd(role_constraints)
    or_constraint = AuthConstraintOr(role_constraints)
    forbidden_constraint = AuthConstraintForbidden()

    assert id(same_role) != id(role_constraints[0])
    assert id(same_or) != id(or_constraint)
    assert id(same_and) != id(and_constraint)
    assert id(same_forbidden) != id(forbidden_constraint)
    assert same_role == role_constraints[0]
    assert same_or == or_constraint
    assert same_and == and_constraint
    assert same_forbidden == forbidden_constraint
def test_send_rich_schema_obj(looper, sdk_pool_handle, sdk_wallet_endorser,
                              txn_type, rs_type, content, rs_id):
    # 1. check that write is successful
    request = sdk_build_rich_schema_request(looper, sdk_wallet_endorser,
                                            txn_type, rs_id=rs_id, rs_name=randomString(),
                                            rs_version='1.0', rs_type=rs_type,
                                            rs_content=json.dumps(content))
    req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_endorser, request)
    rep1 = sdk_get_and_check_replies(looper, [req])

    # 2. check that sending the same request gets the same reply
    req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_endorser, request)
    rep2 = sdk_get_and_check_replies(looper, [req])
    assert rep1 == rep2

    # 3. check that using a different reqId for the same request gets an error
    request2 = json.loads(request)
    request2[TXN_PAYLOAD_METADATA_REQ_ID] = random.randint(10, 1000000000)
    request2 = json.dumps(request2)

    with pytest.raises(RequestRejectedException,
                       match=str(AuthConstraintForbidden())):
        req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_endorser, request2)
        sdk_get_and_check_replies(looper, [req])
Esempio n. 17
0
def test_schema_dynamic_validation_failed_existing_schema(
        schema_request, schema_handler):
    make_schema_exist(schema_request, schema_handler)
    with pytest.raises(UnauthorizedClientRequest,
                       match=str(AuthConstraintForbidden())):
        schema_handler.dynamic_validation(schema_request)
Esempio n. 18
0
            ],
            invalid_requests=[RequestParams(fees=0, wallets={STEWARD: 1})]),
 # 13
 InputParam(auth_constraint=AuthConstraintOr([
     AuthConstraint(STEWARD, 1, metadata={FEES_FIELD_NAME: fee_5[0]}),
     AuthConstraint(STEWARD, 1),
 ]),
            valid_requests=[
                RequestParams(fees=fee_5[1], wallets={STEWARD: 1}),
                RequestParams(fees=0, wallets={STEWARD: 1})
            ],
            invalid_requests=[
                RequestParams(fees=0, wallets={IDENTITY_OWNER: 2})
            ]),
 # 14
 InputParam(auth_constraint=AuthConstraintForbidden(),
            valid_requests=[],
            invalid_requests=[
                RequestParams(fees=0, wallets={IDENTITY_OWNER: 2}),
                RequestParams(fees=fee_5[1], wallets={STEWARD: 1}),
                RequestParams(fees=0, wallets={STEWARD: 1})
            ]),
 # 15
 InputParam(auth_constraint=AuthConstraintAnd([
     AuthConstraintForbidden(),
     AuthConstraint(STEWARD, 1),
 ]),
            valid_requests=[],
            invalid_requests=[
                RequestParams(fees=fee_5[1], wallets={STEWARD: 1}),
                RequestParams(fees=0, wallets={STEWARD: 1}),
Esempio n. 19
0
def test_str_for_auth_constraint_forbidden():
    constraint = AuthConstraintForbidden()
    assert str(constraint) == 'The action is forbidden'
Esempio n. 20
0
def test_context_dynamic_validation_failed_existing_context(
        context_request, context_handler):
    make_context_exist(context_request, context_handler)
    with pytest.raises(UnauthorizedClientRequest,
                       match=str(AuthConstraintForbidden())):
        context_handler.dynamic_validation(context_request)
Esempio n. 21
0
edit_revoc_reg_def = AuthActionEdit(txn_type=REVOC_REG_DEF,
                                    field='*',
                                    old_value='*',
                                    new_value='*')

edit_revoc_reg_entry = AuthActionEdit(txn_type=REVOC_REG_ENTRY,
                                      field='*',
                                      old_value='*',
                                      new_value='*')

# Anyone constraint
anyone_constraint = AuthConstraint(role='*', sig_count=1)

# No one constraint
no_one_constraint = AuthConstraintForbidden()

# Owner constraint
owner_constraint = AuthConstraint(role='*', sig_count=1, need_to_be_owner=True)

# Steward owner constraint
steward_owner_constraint = AuthConstraint(STEWARD, 1, need_to_be_owner=True)

# One Trustee constraint
one_trustee_constraint = AuthConstraint(TRUSTEE, 1)

# Steward or Trustee constraint
steward_or_trustee_constraint = AuthConstraintOr(
    [AuthConstraint(STEWARD, 1),
     AuthConstraint(TRUSTEE, 1)])