[INDY-1554] fixed errors in domain req handler and cleaned up tests

Signed-off-by: Cam Parra <[email protected]>

indy_node/server/domain_req_handler.py

@@ -271,9 +271,9 @@ def _validate_revoc_reg_def(self, req: Request):
         assert revoc_def_type
         tags = cred_def_id.split(":")
 
-        revoc_def, _, _, _ = self.lookup(operation[REVOC_REG_DEF_ID], isCommitted=False, with_proof=False)
+        cred_def, _, _, _ = self.lookup(cred_def_id, isCommitted=False, with_proof=False)
 
-        if revoc_def is None:
+        if cred_def is None:
             self.write_req_validator.validate(req,
                                               [AuthActionAdd(txn_type=REVOC_REG_DEF,
                                                              field='*',
@@ -291,7 +291,6 @@ def _validate_revoc_reg_def(self, req: Request):
                                        "Format of {} field is not acceptable. "
                                        "Expected: 'did:marker:signature_type:schema_ref' or "
                                        "'did:marker:signature_type:schema_ref:tag'".format(CRED_DEF_ID))
-        cred_def, _, _, _ = self.lookup(cred_def_id, isCommitted=False, with_proof=False)
         if cred_def is None:
             raise InvalidClientRequest(req.identifier,
                                        req.reqId,
@@ -310,18 +309,29 @@ def _get_current_revoc_entry_and_revoc_def(self, author_did, revoc_reg_def_id, r
 
     def _validate_revoc_reg_entry(self, req: Request):
         author_did = req.identifier
+        rev_reg_tags = req.operation[REVOC_REG_DEF_ID]
         current_entry, revoc_def = self._get_current_revoc_entry_and_revoc_def(
             author_did=author_did,
             revoc_reg_def_id=req.operation[REVOC_REG_DEF_ID],
             req_id=req.reqId
         )
-        is_owner = revoc_def[f.IDENTIFIER.nm] == author_did
 
-        self.write_req_validator.validate(req,
-                                          [AuthActionAdd(txn_type=REVOC_REG_ENTRY,
-                                                         field='*',
-                                                         value='*',
-                                                         is_owner=is_owner)])
+        cred_did = rev_reg_tags.split(":", 1)[0]
+        is_owner = cred_did == author_did
+
+        if current_entry:
+            self.write_req_validator.validate(req,
+                                              [AuthActionEdit(txn_type=REVOC_REG_DEF,
+                                                              field='*',
+                                                              old_value='*',
+                                                              new_value='*',
+                                                              is_owner=is_owner)])
+        else:
+            self.write_req_validator.validate(req,
+                                              [AuthActionAdd(txn_type=REVOC_REG_ENTRY,
+                                                             field='*',
+                                                             value='*',
+                                                             is_owner=is_owner)])
 
         validator_cls = self.get_revocation_strategy(revoc_def[VALUE][ISSUANCE_TYPE])
         validator = validator_cls(self.state)

indy_node/test/write_permission/test_revocation_write_permission.py

@@ -20,70 +20,90 @@ def tconf(tconf):
     tconf.ANYONE_CAN_WRITE = OLD_ANYONE_CAN_WRITE
 
 
-@pytest.fixture(scope="module")
-def trust_anchor_sends_revoc_reg_def(looper,
-                                     txnPoolNodeSet,
-                                     sdk_wallet_trust_anchor,
-                                     sdk_pool_handle,
-                                     build_revoc_def_by_trust_anchor,
-                                     claim_def, tconf):
+def send_revoc_reg_def(looper, txnPoolNodeSet, sdk_pool_handle, build_revoc,
+                       claim_def, wallet):
     # We need to have claim_def to send revocation txns
     # must be signed by trust anchor since ANYONE_CAN_WRITE is false
 
-    claim_def_req = sdk_sign_request_from_dict(looper, sdk_wallet_trust_anchor, claim_def)
+    claim_def_req = sdk_sign_request_from_dict(looper, wallet, claim_def)
     sdk_send_and_check([json.dumps(claim_def_req)], looper, txnPoolNodeSet, sdk_pool_handle)
 
-    _, author_did = sdk_wallet_trust_anchor
-    revoc_reg = build_revoc_def_by_trust_anchor
+    _, author_did = wallet
+    revoc_reg = build_revoc
     revoc_reg['operation'][CRED_DEF_ID] = \
         make_state_path_for_claim_def(author_did,
                                       str(claim_def_req['operation'][CLAIM_DEF_SCHEMA_REF]),
                                       claim_def_req['operation'][CLAIM_DEF_SIGNATURE_TYPE],
                                       claim_def_req['operation'][CLAIM_DEF_TAG]
                                       ).decode()
-    revoc_req = sdk_sign_request_from_dict(looper, sdk_wallet_trust_anchor, revoc_reg['operation'])
+    revoc_req = sdk_sign_request_from_dict(looper, wallet, revoc_reg['operation'])
     _, revoc_reply = sdk_send_and_check([json.dumps(revoc_req)], looper, txnPoolNodeSet, sdk_pool_handle)[0]
     return revoc_req
 
 
 def test_client_cant_send_revoc_reg_def(looper,
                                         txnPoolNodeSet,
                                         sdk_wallet_client,
-                                        sdk_wallet_trust_anchor,
                                         sdk_pool_handle,
-                                        build_revoc_def_by_client,
+                                        build_revoc_def_by_default,
                                         claim_def, tconf):
-    # when ANYONE_CAN_WRITE is false only trustee, steward, and trust_anchor can write
-
-    claim_def_req = sdk_sign_request_from_dict(looper, sdk_wallet_trust_anchor, claim_def)
-    sdk_send_and_check([json.dumps(claim_def_req)], looper, txnPoolNodeSet, sdk_pool_handle)
-
-    _, author_did = sdk_wallet_client
-    revoc_reg = build_revoc_def_by_client
-    revoc_reg['operation'][CRED_DEF_ID] = \
-        make_state_path_for_claim_def(author_did,
-                                      str(claim_def_req['operation'][CLAIM_DEF_SCHEMA_REF]),
-                                      claim_def_req['operation'][CLAIM_DEF_SIGNATURE_TYPE],
-                                      claim_def_req['operation'][CLAIM_DEF_TAG]
-                                      ).decode()
-    revoc_req = sdk_sign_request_from_dict(looper, sdk_wallet_client, revoc_reg['operation'])
     with pytest.raises(RequestRejectedException):
-        _, revoc_reply = sdk_send_and_check([json.dumps(revoc_req)], looper, txnPoolNodeSet, sdk_pool_handle)[0]
-
-
-def test_trust_anchor_cant_send_revoc_reg_entry(looper,
-                                                trust_anchor_sends_revoc_reg_def,
-                                                sdk_wallet_trust_anchor,
+        send_revoc_reg_def(looper, txnPoolNodeSet, sdk_pool_handle, build_revoc_def_by_default,
+                           claim_def, sdk_wallet_client)
+
+
+def test_allowed_roles_can_send_revoc_reg_def(looper,
+                                              txnPoolNodeSet,
+                                              sdk_wallet_trustee,
+                                              sdk_wallet_trust_anchor,
+                                              sdk_wallet_steward,
+                                              sdk_pool_handle,
+                                              build_revoc_def_by_default,
+                                              claim_def, tconf):
+    # trust anchor
+    send_revoc_reg_def(looper, txnPoolNodeSet, sdk_pool_handle, build_revoc_def_by_default,
+                       claim_def, sdk_wallet_trust_anchor)
+    # steward
+    send_revoc_reg_def(looper, txnPoolNodeSet, sdk_pool_handle, build_revoc_def_by_default,
+                       claim_def, sdk_wallet_steward)
+    # trustee
+    send_revoc_reg_def(looper, txnPoolNodeSet, sdk_pool_handle, build_revoc_def_by_default,
+                       claim_def, sdk_wallet_trustee)
+
+
+def test_allowed_roles_can_send_revoc_reg_entry(looper,
                                                 txnPoolNodeSet,
-                                                sdk_pool_handle):
-    revoc_def_req = trust_anchor_sends_revoc_reg_def
-    rev_reg_entry = build_revoc_reg_entry_for_given_revoc_reg_def(revoc_def_req)
-    rev_reg_entry[VALUE][REVOKED] = [1, 2, 3, 4, 5]
-    del rev_reg_entry[VALUE][PREV_ACCUM]
-    rev_entry_req = sdk_sign_request_from_dict(looper, sdk_wallet_trust_anchor, rev_reg_entry)
-    with pytest.raises(RequestRejectedException):
-        sdk_send_and_check([json.dumps(rev_entry_req)], looper, txnPoolNodeSet, sdk_pool_handle)
-
-
-def test_rev_reg_def_only_trustee_steward_trust_anchor_can_create():
-    pass
+                                                sdk_wallet_trustee,
+                                                sdk_wallet_trust_anchor,
+                                                sdk_wallet_steward,
+                                                sdk_pool_handle,
+                                                build_revoc_def_by_default,
+                                                claim_def, tconf):
+    # trust anchor
+    revoc_def_req_trust_anchor = send_revoc_reg_def(looper, txnPoolNodeSet, sdk_pool_handle, build_revoc_def_by_default,
+                                                    claim_def, sdk_wallet_trust_anchor)
+
+    rev_reg_entry_trust_anchor = build_revoc_reg_entry_for_given_revoc_reg_def(revoc_def_req_trust_anchor)
+    rev_reg_entry_trust_anchor[VALUE][REVOKED] = [1, 2, 3, 4, 5]
+    del rev_reg_entry_trust_anchor[VALUE][PREV_ACCUM]
+    rev_entry_req_trust_anchor = sdk_sign_request_from_dict(looper, sdk_wallet_trust_anchor, rev_reg_entry_trust_anchor)
+    sdk_send_and_check([json.dumps(rev_entry_req_trust_anchor)], looper, txnPoolNodeSet, sdk_pool_handle)
+
+    # steward
+    revoc_def_req_steward = send_revoc_reg_def(looper, txnPoolNodeSet, sdk_pool_handle,
+                                               build_revoc_def_by_default, claim_def, sdk_wallet_steward)
+    rev_reg_entry_steward = build_revoc_reg_entry_for_given_revoc_reg_def(revoc_def_req_steward)
+    rev_reg_entry_steward[VALUE][REVOKED] = [1, 2, 3, 4, 5]
+    del rev_reg_entry_steward[VALUE][PREV_ACCUM]
+    rev_entry_req_steward = sdk_sign_request_from_dict(looper, sdk_wallet_steward, rev_reg_entry_steward)
+    sdk_send_and_check([json.dumps(rev_entry_req_steward)], looper, txnPoolNodeSet, sdk_pool_handle)
+
+    # trustee
+    revoc_def_req_trustee = send_revoc_reg_def(looper, txnPoolNodeSet, sdk_pool_handle,
+                                               build_revoc_def_by_default, claim_def, sdk_wallet_trustee)
+
+    rev_reg_entry_trustee = build_revoc_reg_entry_for_given_revoc_reg_def(revoc_def_req_trustee)
+    rev_reg_entry_trustee[VALUE][REVOKED] = [1, 2, 3, 4, 5]
+    del rev_reg_entry_trustee[VALUE][PREV_ACCUM]
+    rev_entry_req_trustee = sdk_sign_request_from_dict(looper, sdk_wallet_trustee, rev_reg_entry_trustee)
+    sdk_send_and_check([json.dumps(rev_entry_req_trustee)], looper, txnPoolNodeSet, sdk_pool_handle)