Skip to content

Commit

Permalink
INDY-1856: applying new validation rules
Browse files Browse the repository at this point in the history 
Signed-off-by: ArtObr <[email protected]>
  • Loading branch information
@ArtObr
ArtObr committed Dec 26, 2018
1 parent 2848f8e commit 294e222
Show file tree
Hide file tree
Showing 6 changed files with 79 additions and 120 deletions.
40 changes: 14 additions & 26 deletions indy_node/server/request_handlers/domain_req_handlers/claim_def_handler.py
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,24 @@
from indy_common.auth import Authoriser
from indy_common.authorize.auth_actions import AuthActionAdd
from indy_common.authorize.auth_request_validator import WriteRequestValidator

from indy_common.state import domain

from indy_common.constants import CLAIM_DEF, REF, SCHEMA
from indy_node.server.request_handlers.write_request_handler import WriteRequestHandler

from plenum.common.constants import DOMAIN_LEDGER_ID
from plenum.common.exceptions import UnauthorizedClientRequest, UnknownIdentifier, InvalidClientRequest
from plenum.common.exceptions import InvalidClientRequest
from plenum.common.request import Request
from plenum.common.roles import Roles
from plenum.common.txn_util import get_type
from plenum.common.txn_util import get_request_data
from plenum.server.database_manager import DatabaseManager
from plenum.server.request_handlers.handler_interfaces.write_request_handler import WriteRequestHandler


class ClaimDefHandler(WriteRequestHandler):

def __init__(self, database_manager: DatabaseManager):
super().__init__(database_manager, CLAIM_DEF, DOMAIN_LEDGER_ID)
def __init__(self, database_manager: DatabaseManager,
write_request_validator: WriteRequestValidator):
super().__init__(database_manager, CLAIM_DEF, DOMAIN_LEDGER_ID,
write_request_validator)

def static_validation(self, request: Request):
pass
Expand All @@ -25,7 +27,7 @@ def dynamic_validation(self, request: Request):
# we can not add a Claim Def with existent ISSUER_DID
# sine a Claim Def needs to be identified by seqNo
self._validate_request_type(request)
identifier, req_id, operation = request.identifier, request.reqId, request.operation
identifier, req_id, operation = get_request_data(request)
ref = operation[REF]
try:
txn = self.ledger.getBySeqNo(ref)
Expand All @@ -37,26 +39,12 @@ def dynamic_validation(self, request: Request):
raise InvalidClientRequest(identifier,
req_id,
"Mentioned seqNo ({}) isn't seqNo of the schema.".format(ref))
try:
origin_role = self.database_manager.idr_cache.getRole(
identifier, isCommitted=False) or None
except BaseException:
raise UnknownIdentifier(
identifier,
req_id)
# only owner can update claim_def,
# because his identifier is the primary key of claim_def
r, msg = Authoriser.authorised(typ=CLAIM_DEF,
actorRole=origin_role,
isActorOwnerOfSubject=True)
if not r:
raise UnauthorizedClientRequest(
identifier,
req_id,
"{} cannot add claim def".format(
Roles.nameFromValue(origin_role)
if origin_role else "Person without role")
)
self.write_req_validator.validate(request,
[AuthActionAdd(txn_type=CLAIM_DEF,
field='*',
value='*')])

def gen_txn_path(self, txn):
self._validate_txn_type(txn)
Expand Down
94 changes: 33 additions & 61 deletions indy_node/server/request_handlers/domain_req_handlers/nym_handler.py
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,29 @@
from binascii import hexlify

from common.serializers.serialization import domain_state_serializer
from indy_common.authorize.auth_actions import AuthActionAdd, AuthActionEdit
from indy_common.authorize.auth_request_validator import WriteRequestValidator
from indy_common.state import domain
from indy_common.roles import Roles
from indy_common.constants import NYM
from indy_common.auth import Authoriser
from indy_node.server.request_handlers.write_request_handler import WriteRequestHandler
from ledger.util import F

from plenum.common.constants import ROLE, TARGET_NYM, TRUSTEE, VERKEY, DOMAIN_LEDGER_ID, TXN_TIME

from plenum.common.exceptions import InvalidClientRequest, UnknownIdentifier, UnauthorizedClientRequest
from plenum.common.constants import ROLE, TARGET_NYM, VERKEY, DOMAIN_LEDGER_ID, TXN_TIME
from plenum.common.exceptions import InvalidClientRequest
from plenum.common.request import Request
from plenum.common.txn_util import get_payload_data, get_seq_no, get_txn_time, get_request_data, get_from
from plenum.common.types import f
from plenum.server.database_manager import DatabaseManager
from plenum.server.request_handlers.handler_interfaces.write_request_handler import WriteRequestHandler
from plenum.server.request_handlers.utils import nym_to_state_key, get_nym_details


class NymHandler(WriteRequestHandler):
state_serializer = domain_state_serializer

def __init__(self, database_manager: DatabaseManager):
super().__init__(database_manager, NYM, DOMAIN_LEDGER_ID)
def __init__(self, database_manager: DatabaseManager,
write_request_validator: WriteRequestValidator):
super().__init__(database_manager, NYM, DOMAIN_LEDGER_ID, write_request_validator)

def static_validation(self, request: Request):
self._validate_request_type(request)
Expand All @@ -42,21 +43,14 @@ def static_validation(self, request: Request):

def dynamic_validation(self, request: Request):
self._validate_request_type(request)
identifier, req_id, operation = get_request_data(request)
try:
origin_role = self.database_manager.idr_cache.getRole(
identifier, isCommitted=False) or None
except BaseException:
raise UnknownIdentifier(
identifier,
req_id)
operation = request.operation

nym_data = self.database_manager.idr_cache.getNym(operation[TARGET_NYM], isCommitted=False)
if not nym_data:
# If nym does not exist
self._validate_new_nym(identifier, req_id, operation, origin_role)
self._validate_new_nym(request, operation)
else:
self._validate_existing_nym(identifier, req_id, operation, origin_role, nym_data)
self._validate_existing_nym(request, operation, nym_data)

def gen_txn_path(self, txn):
self._validate_txn_type(txn)
Expand Down Expand Up @@ -96,48 +90,26 @@ def _update_state_with_single_txn(self, txn, is_committed=True):
isCommitted=is_committed)
return existing_data

def _validate_new_nym(self, identifier, req_id, operation, origin_role):
def _validate_new_nym(self, request, operation):
role = operation.get(ROLE)
r, msg = Authoriser.authorised(NYM,
origin_role,
field=ROLE,
oldVal=None,
newVal=role)
if not r:
raise UnauthorizedClientRequest(
identifier,
req_id,
"{} cannot add {}".format(
Roles.nameFromValue(origin_role),
Roles.nameFromValue(role))
)

def _validate_existing_nym(self, identifier, req_id, op, origin_role, nym_data):
unauthorized = False
reason = None
owner = self.database_manager.idr_cache.getOwnerFor(op[TARGET_NYM], isCommitted=False)
is_owner = identifier == owner

if not origin_role == TRUSTEE and not is_owner:
reason = '{} is neither Trustee nor owner of {}' \
.format(identifier, op[TARGET_NYM])
unauthorized = True

if not unauthorized:
update_keys = [ROLE, VERKEY]
for key in update_keys:
if key in op:
new_val = op[key]
old_val = nym_data.get(key)
if old_val != new_val:
r, msg = Authoriser.authorised(NYM, origin_role, field=key,
oldVal=old_val, newVal=new_val,
isActorOwnerOfSubject=is_owner)
if not r:
unauthorized = True
reason = "{} cannot update {}". \
format(Roles.nameFromValue(origin_role), key)
break
if unauthorized:
raise UnauthorizedClientRequest(
identifier, req_id, reason)
self.write_req_validator.validate(request,
[AuthActionAdd(txn_type=NYM,
field=ROLE,
value=role)])

def _validate_existing_nym(self, request, operation, nym_data):
origin = request.identifier
owner = self.idrCache.getOwnerFor(operation[TARGET_NYM], isCommitted=False)
is_owner = origin == owner

updateKeys = [ROLE, VERKEY]
for key in updateKeys:
if key in operation:
newVal = operation[key]
oldVal = nym_data.get(key)
self.write_req_validator.validate(request,
[AuthActionEdit(txn_type=NYM,
field=key,
old_value=oldVal,
new_value=newVal,
is_owner=is_owner)])
39 changes: 13 additions & 26 deletions indy_node/server/request_handlers/domain_req_handlers/schema_handler.py
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,25 @@
from indy_common.authorize.auth_actions import AuthActionAdd
from indy_common.authorize.auth_request_validator import WriteRequestValidator
from indy_common.state import domain

from indy_common.roles import Roles

from indy_common.auth import Authoriser

from indy_common.constants import SCHEMA

from indy_common.req_utils import get_write_schema_name, get_write_schema_version
from indy_node.server.request_handlers.read_req_handlers.get_schema_handler import GetSchemaHandler
from indy_node.server.request_handlers.write_request_handler import WriteRequestHandler
from plenum.common.constants import DOMAIN_LEDGER_ID
from plenum.common.exceptions import InvalidClientRequest, UnknownIdentifier, UnauthorizedClientRequest
from plenum.common.exceptions import InvalidClientRequest

from plenum.common.request import Request
from plenum.common.txn_util import get_type, get_request_data
from plenum.common.txn_util import get_request_data
from plenum.server.database_manager import DatabaseManager
from plenum.server.request_handlers.handler_interfaces.write_request_handler import WriteRequestHandler


class SchemaHandler(WriteRequestHandler):

def __init__(self, database_manager: DatabaseManager, get_schema_handler: GetSchemaHandler):
super().__init__(database_manager, SCHEMA, DOMAIN_LEDGER_ID)
def __init__(self, database_manager: DatabaseManager, get_schema_handler: GetSchemaHandler,
write_request_validator: WriteRequestValidator):
super().__init__(database_manager, SCHEMA, DOMAIN_LEDGER_ID, write_request_validator)
self.get_schema_handler = get_schema_handler

def static_validation(self, request: Request):
Expand All @@ -33,7 +32,7 @@ def dynamic_validation(self, request: Request):
identifier, req_id, operation = get_request_data(request)
schema_name = get_write_schema_name(request)
schema_version = get_write_schema_version(request)
schema, _, _, _ = self.get_schema_handler.getSchema(
schema, _, _, _ = self.get_schema_handler.get_schema(
author=identifier,
schemaName=schema_name,
schemaVersion=schema_version,
Expand All @@ -43,22 +42,10 @@ def dynamic_validation(self, request: Request):
'{} can have one and only one SCHEMA with '
'name {} and version {}'
.format(identifier, schema_name, schema_version))
try:
origin_role = self.database_manager.idr_cache.getRole(
identifier, isCommitted=False) or None
except BaseException:
raise UnknownIdentifier(
identifier,
req_id)
r, msg = Authoriser.authorised(typ=SCHEMA,
actorRole=origin_role)
if not r:
raise UnauthorizedClientRequest(
identifier,
req_id,
"{} cannot add schema".format(
Roles.nameFromValue(origin_role))
)
self.write_req_validator.validate(request,
[AuthActionAdd(txn_type=SCHEMA,
field='*',
value='*')])

def gen_txn_path(self, txn):
self._validate_txn_type(txn)
Expand Down
12 changes: 6 additions & 6 deletions indy_node/server/request_handlers/read_req_handlers/get_schema_handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@

class GetSchemaHandler(ReadRequestHandler):

def getSchema(self,
author: str,
schemaName: str,
schemaVersion: str,
isCommitted=True,
with_proof=True) -> (str, int, int, list):
def get_schema(self,
author: str,
schemaName: str,
schemaVersion: str,
isCommitted=True,
with_proof=True) -> (str, int, int, list):
assert author is not None
assert schemaName is not None
assert schemaVersion is not None
Expand Down
12 changes: 12 additions & 0 deletions indy_node/server/request_handlers/write_request_handler.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
from indy_common.authorize.auth_request_validator import WriteRequestValidator
from plenum.server.database_manager import DatabaseManager
from plenum.server.request_handlers.handler_interfaces.write_request_handler import \
WriteRequestHandler as PWriteRequestHandler


class WriteRequestHandler(PWriteRequestHandler):

def __init__(self, database_manager: DatabaseManager, txn_type, ledger_id,
write_request_validator: WriteRequestValidator):
super().__init__(database_manager, txn_type, ledger_id)
self.write_request_validator = write_request_validator
2 changes: 1 addition & 1 deletion indy_node/test/request_handlers/test_schema_handler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ def make_schema_exist(handler, is_exist: bool):
def exist(author, schemaName, schemaVersion, with_proof):
return is_exist, None, None, None

handler.getSchema = exist
handler.get_schema = exist


def test_schema_dynamic_validation_failed_existing_schema(schema_request, schema_handler):
Expand Down

0 comments on commit 294e222

Please sign in to comment.