fix: authorized_credential elements in array not objects bug (#1744) (#…

…1747)

fixes: #1743

src/data/CassandraBackend.hpp

@@ -949,7 +949,7 @@ class BasicCassandraBackend : public BackendInterface {
     {
         std::vector<Statement> statements;
         statements.reserve(data.size());
-for (auto [mptId, holder] : data)
+        for (auto [mptId, holder] : data)
             statements.push_back(schema_->insertMPTHolder.bind(std::move(mptId), std::move(holder)));
 
         executor_.write(std::move(statements));

src/rpc/common/Validators.cpp

@@ -271,7 +271,7 @@ CustomValidator CustomValidators::CredentialTypeValidator =
             return Error{
                 Status{ClioError::rpcMALFORMED_AUTHORIZED_CREDENTIALS, std::string(key) + " greater than max length"}
             };
-}
+        }
 
         return MaybeError{};
     }};
@@ -285,7 +285,7 @@ CustomValidator CustomValidators::AuthorizeCredentialValidator =
         if (authCred.empty()) {
             return Error{Status{
                 ClioError::rpcMALFORMED_AUTHORIZED_CREDENTIALS,
-                fmt::format("Requires at least one element in authorized_credentials array")
+                fmt::format("Requires at least one element in authorized_credentials array.")
             }};
         }
 
@@ -299,12 +299,19 @@ CustomValidator CustomValidators::AuthorizeCredentialValidator =
         }
 
         for (auto const& credObj : value.as_array()) {
+            if (!credObj.is_object()) {
+                return Error{Status{
+                    ClioError::rpcMALFORMED_AUTHORIZED_CREDENTIALS,
+                    "authorized_credentials elements in array are not objects."
+                }};
+            }
             auto const& obj = credObj.as_object();
 
-            if (!obj.contains("issuer"))
+            if (!obj.contains("issuer")) {
                 return Error{
                     Status{ClioError::rpcMALFORMED_AUTHORIZED_CREDENTIALS, "Field 'Issuer' is required but missing."}
                 };
+            }
 
             // don't want to change issuer error message to be about credentials
             if (!IssuerValidator.verify(credObj, "issuer"))

tests/unit/rpc/handlers/LedgerEntryTests.cpp

@@ -222,6 +222,21 @@ generateTestValuesForParametersTest()
             "authorized_credentials not array"
         },
 
+        ParamTestCaseBundle{
+            "InvalidDepositPreauthJsonAuthorizeCredentialsMalformedString",
+            fmt::format(
+                R"({{
+                    "deposit_preauth": {{
+                        "owner": "{}",
+                        "authorized_credentials": ["C2F2A19C8D0D893D18F18FDCFE13A3ECB41767E48422DF07F2455CDA08FDF09B"]
+                    }}
+                }})",
+                ACCOUNT
+            ),
+            "malformedAuthorizedCredentials",
+            "authorized_credentials elements in array are not objects."
+        },
+
         ParamTestCaseBundle{
             "DepositPreauthBothAuthAndAuthCredentialsDoesNotExists",
             fmt::format(
@@ -273,7 +288,7 @@ generateTestValuesForParametersTest()
                 ACCOUNT
             ),
             "malformedAuthorizedCredentials",
-            "Requires at least one element in authorized_credentials array"
+            "Requires at least one element in authorized_credentials array."
         },
 
         ParamTestCaseBundle{