def test_plugin_complex_with_or_rule_with_not_allowed_trustee_no_endorser( write_auth_req_validator, write_request_validation, signatures, is_owner, off_ledger_signature, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraintForbidden(), AuthConstraint(role="*", sig_count=1, need_to_be_owner=False, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: 2}) ]), valid_actions=[ Action(author=TRUSTEE, endorser=None, sigs={TRUSTEE: s1}, is_owner=owner, amount=2, extra_sigs=True) for s1 in range(1, MAX_SIG_COUNT + 1) for owner in [True, False] ], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_write_same_object_with_different_reqid_fails(looper, sdk_pool_handle, sdk_wallet_endorser, txn_type, rs_type, content): request1 = sdk_build_rich_schema_request(looper, sdk_wallet_endorser, txn_type, rs_id=randomString(), rs_name=randomString(), rs_version='1.0', rs_type=rs_type, rs_content=json.dumps(content)) req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_endorser, request1) sdk_get_and_check_replies(looper, [req]) request2 = json.loads(request1) request2[TXN_PAYLOAD_METADATA_REQ_ID] = random.randint(10, 1000000000) request2 = json.dumps(request2) with pytest.raises(RequestRejectedException, match=str(AuthConstraintForbidden())): req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_endorser, request2) sdk_get_and_check_replies(looper, [req])
def test_dynamic_validation_for_existing(handler_and_request): handler, request = handler_and_request make_rich_schema_object_exist(handler, request) add_to_idr(handler.database_manager.idr_cache, request.identifier, TRUSTEE) add_to_idr(handler.database_manager.idr_cache, request.endorser, ENDORSER) with pytest.raises(UnauthorizedClientRequest, match=str(AuthConstraintForbidden())): handler.dynamic_validation(request, 0)
def test_incorrect_auth_rule(helpers, addresses, looper, sdk_wallet_trustee, sdk_pool_handle): set_fees(helpers, {NYM_FEES_ALIAS: 5}) constraint = AuthConstraintForbidden().as_dict constraint[METADATA] = {FEES_FIELD_NAME: NYM_FEES_ALIAS} sdk_send_and_check_auth_rule_invalid_request(looper, sdk_pool_handle, sdk_wallet_trustee, constraint=constraint)
def constraints(): role_constraints = [ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True) ] and_constraint = AuthConstraintAnd(role_constraints) or_constraint = AuthConstraintOr(role_constraints) forbidden_constraint = AuthConstraintForbidden() return role_constraints[ 0], and_constraint, or_constraint, forbidden_constraint
def test_plugin_simple_rule_not_allowed(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintForbidden(), valid_actions=[], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_can_not_send_same_schema(looper, sdk_pool_handle, sdk_wallet_endorser): sdk_write_schema_and_check(looper, sdk_pool_handle, sdk_wallet_endorser, ["attrib1", "attrib2", "attrib3"], "business", "1.8") with pytest.raises(RequestRejectedException, match=str(AuthConstraintForbidden())): resp = sdk_write_schema_and_check(looper, sdk_pool_handle, sdk_wallet_endorser, ["attrib1", "attrib2", "attrib3"], "business", "1.8") validate_write_reply(resp)
def test_get_one_disabled_auth_rule_transaction(looper, sdk_wallet_trustee, sdk_pool_handle): key = generate_key(auth_action=EDIT_PREFIX, auth_type=SCHEMA, field='*', old_value='*', new_value='*') req, resp = sdk_send_and_check_get_auth_rule_request(looper, sdk_pool_handle, sdk_wallet_trustee, **key)[0] result = resp["result"][DATA] assert len(result) == 1 _check_key(key, result[0]) assert result[0][CONSTRAINT] == AuthConstraintForbidden().as_dict
def test_dynamic_validation_for_existing(handler_and_request): handler, request = handler_and_request make_rich_schema_object_exist(handler, request) add_to_idr(handler.database_manager.idr_cache, request.identifier, TRUSTEE) add_to_idr(handler.database_manager.idr_cache, request.endorser, ENDORSER) # default auth rules allow editing of CredDef and PresDef by the owner if isinstance(handler, RichSchemaCredDefHandler) or isinstance( handler, RichSchemaPresDefHandler): handler.dynamic_validation(request, 0) else: with pytest.raises(UnauthorizedClientRequest, match=str(AuthConstraintForbidden())): handler.dynamic_validation(request, 0)
def test_forbid_set_fees(helpers, fees, addresses, looper, sdk_wallet_trustee, sdk_pool_handle): """ 1. Send a SET_FEES txn. 2. Forbid SET_FEES via the auth rule for editing SET_FEES. 3. Send a SET_FEES txn and check that action forbidden. 4. Change the auth rule to a default value. 6. Send and check a SET_FEES txn. """ set_fees(helpers, fees) sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=EDIT_PREFIX, auth_type=SET_FEES, field='*', old_value='*', new_value='*', constraint=AuthConstraintForbidden().as_dict) with pytest.raises(RequestRejectedException, match=str(AuthConstraintForbidden())): set_fees(helpers, fees) sdk_send_and_check_auth_rule_request( looper, sdk_pool_handle, sdk_wallet_trustee, auth_action=EDIT_PREFIX, auth_type=SET_FEES, field='*', old_value='*', new_value='*', constraint=sovtokenfees_auth_map[edit_fees.get_action_id()].as_dict) set_fees(helpers, fees)
def test_plugin_complex_with_and_rule_with_not_allowed(write_auth_req_validator, write_request_validation, signatures, is_owner, off_ledger_signature, amount): validate( auth_constraint=AuthConstraintAnd(auth_constraints=[ AuthConstraintForbidden(), AuthConstraint(role="*", sig_count=1, need_to_be_owner=False, off_ledger_signature=off_ledger_signature, metadata={PLUGIN_FIELD: 2}) ]), valid_actions=[], author=TRUSTEE, endorser=None, all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation )
def test_can_not_send_same_rs_schema(looper, sdk_pool_handle, sdk_wallet_endorser): _, identifier = sdk_wallet_endorser authors_did, name, version, type = identifier, "ISO18023_Drivers_License", "1.3", "8" _id = identifier + ':' + type + ':' + name + ':' + version schema = {'@id': _id, '@type': "0od"} request_json = build_rs_schema_request(identifier, schema, name, version) sdk_write_rs_schema_and_check(looper, sdk_pool_handle, sdk_wallet_endorser, request_json) with pytest.raises(RequestRejectedException, match=str(AuthConstraintForbidden())): request_json = build_rs_schema_request(identifier, schema, name, version) sdk_write_rs_schema_and_check(looper, sdk_pool_handle, sdk_wallet_endorser, request_json)
def test_plugin_complex_with_or_rule_with_not_allowed(write_auth_req_validator, write_request_validation, signatures, is_owner, amount): validate(auth_constraint=AuthConstraintOr(auth_constraints=[ AuthConstraintForbidden(), AuthConstraint(role="*", sig_count=1, need_to_be_owner=False, metadata={PLUGIN_FIELD: 2}) ]), valid_actions=[(signature, owner, 2) for signature in signatures if signature for owner in [True, False]], all_signatures=signatures, is_owner=is_owner, amount=amount, write_auth_req_validator=write_auth_req_validator, write_request_validation=write_request_validation)
def test_write_same_context_with_different_reqid_fails(looper, sdk_pool_handle, sdk_wallet_endorser): sdk_write_context_and_check( looper, sdk_pool_handle, sdk_wallet_endorser, SCHEMA_ORG_CONTEXT, "Base_Context3", "1.0", 1234 ) with pytest.raises(RequestRejectedException, match=str(AuthConstraintForbidden())): resp = sdk_write_context_and_check( looper, sdk_pool_handle, sdk_wallet_endorser, SCHEMA_ORG_CONTEXT, "Base_Context3", "1.0", 2345 ) validate_write_reply(resp)
def test_check_equal(constraints): same_role, same_and, same_or, same_forbidden = constraints """ The same constraints as from fixture but should have not the same id """ role_constraints = [ AuthConstraint(role=TRUSTEE, sig_count=1, need_to_be_owner=True), AuthConstraint(role=STEWARD, sig_count=1, need_to_be_owner=True) ] and_constraint = AuthConstraintAnd(role_constraints) or_constraint = AuthConstraintOr(role_constraints) forbidden_constraint = AuthConstraintForbidden() assert id(same_role) != id(role_constraints[0]) assert id(same_or) != id(or_constraint) assert id(same_and) != id(and_constraint) assert id(same_forbidden) != id(forbidden_constraint) assert same_role == role_constraints[0] assert same_or == or_constraint assert same_and == and_constraint assert same_forbidden == forbidden_constraint
def test_send_rich_schema_obj(looper, sdk_pool_handle, sdk_wallet_endorser, txn_type, rs_type, content, rs_id): # 1. check that write is successful request = sdk_build_rich_schema_request(looper, sdk_wallet_endorser, txn_type, rs_id=rs_id, rs_name=randomString(), rs_version='1.0', rs_type=rs_type, rs_content=json.dumps(content)) req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_endorser, request) rep1 = sdk_get_and_check_replies(looper, [req]) # 2. check that sending the same request gets the same reply req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_endorser, request) rep2 = sdk_get_and_check_replies(looper, [req]) assert rep1 == rep2 # 3. check that using a different reqId for the same request gets an error request2 = json.loads(request) request2[TXN_PAYLOAD_METADATA_REQ_ID] = random.randint(10, 1000000000) request2 = json.dumps(request2) with pytest.raises(RequestRejectedException, match=str(AuthConstraintForbidden())): req = sdk_sign_and_submit_req(sdk_pool_handle, sdk_wallet_endorser, request2) sdk_get_and_check_replies(looper, [req])
def test_schema_dynamic_validation_failed_existing_schema( schema_request, schema_handler): make_schema_exist(schema_request, schema_handler) with pytest.raises(UnauthorizedClientRequest, match=str(AuthConstraintForbidden())): schema_handler.dynamic_validation(schema_request)
], invalid_requests=[RequestParams(fees=0, wallets={STEWARD: 1})]), # 13 InputParam(auth_constraint=AuthConstraintOr([ AuthConstraint(STEWARD, 1, metadata={FEES_FIELD_NAME: fee_5[0]}), AuthConstraint(STEWARD, 1), ]), valid_requests=[ RequestParams(fees=fee_5[1], wallets={STEWARD: 1}), RequestParams(fees=0, wallets={STEWARD: 1}) ], invalid_requests=[ RequestParams(fees=0, wallets={IDENTITY_OWNER: 2}) ]), # 14 InputParam(auth_constraint=AuthConstraintForbidden(), valid_requests=[], invalid_requests=[ RequestParams(fees=0, wallets={IDENTITY_OWNER: 2}), RequestParams(fees=fee_5[1], wallets={STEWARD: 1}), RequestParams(fees=0, wallets={STEWARD: 1}) ]), # 15 InputParam(auth_constraint=AuthConstraintAnd([ AuthConstraintForbidden(), AuthConstraint(STEWARD, 1), ]), valid_requests=[], invalid_requests=[ RequestParams(fees=fee_5[1], wallets={STEWARD: 1}), RequestParams(fees=0, wallets={STEWARD: 1}),
def test_str_for_auth_constraint_forbidden(): constraint = AuthConstraintForbidden() assert str(constraint) == 'The action is forbidden'
def test_context_dynamic_validation_failed_existing_context( context_request, context_handler): make_context_exist(context_request, context_handler) with pytest.raises(UnauthorizedClientRequest, match=str(AuthConstraintForbidden())): context_handler.dynamic_validation(context_request)
edit_revoc_reg_def = AuthActionEdit(txn_type=REVOC_REG_DEF, field='*', old_value='*', new_value='*') edit_revoc_reg_entry = AuthActionEdit(txn_type=REVOC_REG_ENTRY, field='*', old_value='*', new_value='*') # Anyone constraint anyone_constraint = AuthConstraint(role='*', sig_count=1) # No one constraint no_one_constraint = AuthConstraintForbidden() # Owner constraint owner_constraint = AuthConstraint(role='*', sig_count=1, need_to_be_owner=True) # Steward owner constraint steward_owner_constraint = AuthConstraint(STEWARD, 1, need_to_be_owner=True) # One Trustee constraint one_trustee_constraint = AuthConstraint(TRUSTEE, 1) # Steward or Trustee constraint steward_or_trustee_constraint = AuthConstraintOr( [AuthConstraint(STEWARD, 1), AuthConstraint(TRUSTEE, 1)])