def test_ddo_credentials_addresses_both():
"""Tests DDO credentials when both deny and allow lists exist on the asset."""
sample_ddo_path = get_resource_path("ddo", "ddo_sa_sample_with_credentials.json")
assert sample_ddo_path.exists(), "{} does not exist!".format(sample_ddo_path)
ddo = V3Asset(json_filename=sample_ddo_path)
address_credential = AddressCredential(ddo)
assert address_credential.get_addresses_of_class("allow") == ["0x123", "0x456a"]
assert address_credential.get_addresses_of_class("deny") == ["0x2222", "0x333"]
assert (
address_credential.validate_access({"type": "address", "value": "0x111"})
== ConsumableCodes.CREDENTIAL_NOT_IN_ALLOW_LIST
)
assert (
address_credential.validate_access({"type": "address", "value": "0x456A"})
== ConsumableCodes.OK
)
def test_ddo_credentials_addresses_no_access_list():
"""Tests DDO credentials when neither deny, nor allow lists exist on the asset."""
sample_ddo_path = get_resource_path("ddo", "ddo_sa_sample_with_credentials.json")
assert sample_ddo_path.exists(), "{} does not exist!".format(sample_ddo_path)
# if "allow" OR "deny" exist, we need a credential,
# so remove both to test the behaviour of no credential supplied
ddo = V3Asset(json_filename=sample_ddo_path)
address_credential = AddressCredential(ddo)
ddo.credentials.pop("allow")
ddo.credentials.pop("deny")
assert address_credential.validate_access() == ConsumableCodes.OK
# test that we can use another credential if address is not required
assert (
ddo.is_consumable(
{"type": "somethingelse", "value": "test"}, with_connectivity_check=False
)
== ConsumableCodes.OK
)
def is_consumable(
self,
credential: Optional[dict] = None,
with_connectivity_check: bool = True,
provider_uri: Optional[str] = None,
) -> bool:
"""Checks whether an asset is consumable and returns a ConsumableCode."""
if self.is_disabled or self.is_retired:
return ConsumableCodes.ASSET_DISABLED
if (with_connectivity_check and provider_uri
and not DataServiceProvider.check_asset_file_info(
self.did, DataServiceProvider.get_root_uri(provider_uri))):
return ConsumableCodes.CONNECTIVITY_FAIL
# to be parameterized in the future, can implement other credential classes
manager = AddressCredential(self)
if manager.requires_credential():
return manager.validate_access(credential)
return ConsumableCodes.OK
def test_ddo_credentials_addresses_only_deny():
"""Tests DDO credentials when only the deny list exists on the asset."""
sample_ddo_path = get_resource_path("ddo", "ddo_sa_sample_with_credentials.json")
assert sample_ddo_path.exists(), "{} does not exist!".format(sample_ddo_path)
# remove allow to test the behaviour of deny
ddo = V3Asset(json_filename=sample_ddo_path)
ddo.credentials.pop("allow")
address_credential = AddressCredential(ddo)
assert address_credential.get_addresses_of_class("allow") == []
assert address_credential.get_addresses_of_class("deny") == ["0x2222", "0x333"]
assert (
address_credential.validate_access({"type": "address", "value": "0x111"})
== ConsumableCodes.OK
)
assert (
address_credential.validate_access({"type": "address", "value": "0x333"})
== ConsumableCodes.CREDENTIAL_IN_DENY_LIST
)
credential = {"type": "address", "value": ""}
with pytest.raises(MalformedCredential):
address_credential.validate_access(credential)
def remove_address_from_deny_list(self, address: str) -> None:
"""Removes address from deny list (if it exists)."""
manager = AddressCredential(self)
manager.remove_address_from_access_class(address, "deny")
def add_address_to_deny_list(self, address: str) -> None:
"""Adds an address to the denied addresses list."""
manager = AddressCredential(self)
manager.add_address_to_access_class(address, "deny")
def add_address_to_allow_list(self, address: str) -> None:
"""Adds an address to allowed addresses list."""
manager = AddressCredential(self)
manager.add_address_to_access_class(address, "allow")
def denied_addresses(self) -> list:
"""Lists addresesses that are explicitly denied in credentials."""
manager = AddressCredential(self)
return manager.get_addresses_of_class("deny")
def requires_address_credential(self) -> bool:
"""Checks if an address credential is required on this asset."""
manager = AddressCredential(self)
return manager.requires_credential()