code.vegaprotocol.io/vega@v0.79.0/wallet/api/admin_purge_permissions_test.go (about)

     1  // Copyright (C) 2023 Gobalsky Labs Limited
     2  //
     3  // This program is free software: you can redistribute it and/or modify
     4  // it under the terms of the GNU Affero General Public License as
     5  // published by the Free Software Foundation, either version 3 of the
     6  // License, or (at your option) any later version.
     7  //
     8  // This program is distributed in the hope that it will be useful,
     9  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    10  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11  // GNU Affero General Public License for more details.
    12  //
    13  // You should have received a copy of the GNU Affero General Public License
    14  // along with this program.  If not, see <http://www.gnu.org/licenses/>.
    15  
    16  package api_test
    17  
    18  import (
    19  	"context"
    20  	"fmt"
    21  	"testing"
    22  
    23  	"code.vegaprotocol.io/vega/libs/jsonrpc"
    24  	vgrand "code.vegaprotocol.io/vega/libs/rand"
    25  	"code.vegaprotocol.io/vega/wallet/api"
    26  	"code.vegaprotocol.io/vega/wallet/api/mocks"
    27  	"code.vegaprotocol.io/vega/wallet/wallet"
    28  
    29  	"github.com/golang/mock/gomock"
    30  	"github.com/stretchr/testify/assert"
    31  	"github.com/stretchr/testify/require"
    32  )
    33  
    34  func TestAdminPurgePermissions(t *testing.T) {
    35  	t.Run("Documentation matches the code", testAdminPurgePermissionsSchemaCorrect)
    36  	t.Run("Purging permissions with invalid params fails", testPurgingPermissionsWithInvalidParamsFails)
    37  	t.Run("Purging permissions with valid params succeeds", testPurgingPermissionsWithValidParamsSucceeds)
    38  	t.Run("Purging permissions from wallet that does not exists fails", testPurgingPermissionsFromWalletThatDoesNotExistsFails)
    39  	t.Run("Getting internal error during wallet verification fails", testAdminPurgePermissionsGettingInternalErrorDuringWalletVerificationFails)
    40  	t.Run("Getting internal error during wallet retrieval fails", testAdminPurgePermissionsGettingInternalErrorDuringWalletRetrievalFails)
    41  	t.Run("Getting internal error during wallet saving fails", testAdminPurgePermissionsGettingInternalErrorDuringWalletSavingFails)
    42  }
    43  
    44  func testAdminPurgePermissionsSchemaCorrect(t *testing.T) {
    45  	assertEqualSchema(t, "admin.purge_permissions", api.AdminPurgePermissionsParams{}, nil)
    46  }
    47  
    48  func testPurgingPermissionsWithInvalidParamsFails(t *testing.T) {
    49  	tcs := []struct {
    50  		name          string
    51  		params        interface{}
    52  		expectedError error
    53  	}{
    54  		{
    55  			name:          "with nil params",
    56  			params:        nil,
    57  			expectedError: api.ErrParamsRequired,
    58  		}, {
    59  			name:          "with wrong type of params",
    60  			params:        "test",
    61  			expectedError: api.ErrParamsDoNotMatch,
    62  		}, {
    63  			name: "with empty name",
    64  			params: api.AdminPurgePermissionsParams{
    65  				Wallet: "",
    66  			},
    67  			expectedError: api.ErrWalletIsRequired,
    68  		},
    69  	}
    70  
    71  	for _, tc := range tcs {
    72  		t.Run(tc.name, func(tt *testing.T) {
    73  			// given
    74  			ctx := context.Background()
    75  
    76  			// setup
    77  			handler := newPurgePermissionsHandler(tt)
    78  
    79  			// when
    80  			errorDetails := handler.handle(t, ctx, tc.params)
    81  
    82  			// then
    83  			assertInvalidParams(tt, errorDetails, tc.expectedError)
    84  		})
    85  	}
    86  }
    87  
    88  func testPurgingPermissionsWithValidParamsSucceeds(t *testing.T) {
    89  	// given
    90  	ctx := context.Background()
    91  	expectedWallet, firstKey := walletWithKey(t)
    92  	hostname1 := vgrand.RandomStr(5)
    93  	if err := expectedWallet.UpdatePermissions(hostname1, wallet.Permissions{
    94  		PublicKeys: wallet.PublicKeysPermission{
    95  			Access: "read",
    96  			AllowedKeys: []string{
    97  				firstKey.PublicKey(),
    98  			},
    99  		},
   100  	}); err != nil {
   101  		t.Fatalf("could not update permissions for test: %v", err)
   102  	}
   103  	hostname2 := vgrand.RandomStr(5)
   104  	if err := expectedWallet.UpdatePermissions(hostname2, wallet.Permissions{
   105  		PublicKeys: wallet.PublicKeysPermission{
   106  			Access: "read",
   107  			AllowedKeys: []string{
   108  				firstKey.PublicKey(),
   109  			},
   110  		},
   111  	}); err != nil {
   112  		t.Fatalf("could not update permissions for test: %v", err)
   113  	}
   114  
   115  	// setup
   116  	handler := newPurgePermissionsHandler(t)
   117  	// -- expected calls
   118  	handler.walletStore.EXPECT().WalletExists(ctx, expectedWallet.Name()).Times(1).Return(true, nil)
   119  	handler.walletStore.EXPECT().IsWalletAlreadyUnlocked(ctx, expectedWallet.Name()).Times(1).Return(true, nil)
   120  	handler.walletStore.EXPECT().GetWallet(ctx, expectedWallet.Name()).Times(1).Return(expectedWallet, nil)
   121  	handler.walletStore.EXPECT().UpdateWallet(ctx, expectedWallet).Times(1).Return(nil)
   122  
   123  	// when
   124  	errorDetails := handler.handle(t, ctx, api.AdminPurgePermissionsParams{
   125  		Wallet: expectedWallet.Name(),
   126  	})
   127  
   128  	// then
   129  	require.Nil(t, errorDetails)
   130  	assert.Equal(t, wallet.DefaultPermissions(), expectedWallet.Permissions(hostname1))
   131  	assert.Equal(t, wallet.DefaultPermissions(), expectedWallet.Permissions(hostname2))
   132  }
   133  
   134  func testPurgingPermissionsFromWalletThatDoesNotExistsFails(t *testing.T) {
   135  	// given
   136  	ctx := context.Background()
   137  	name := vgrand.RandomStr(5)
   138  
   139  	// setup
   140  	handler := newPurgePermissionsHandler(t)
   141  	// -- expected calls
   142  	handler.walletStore.EXPECT().WalletExists(ctx, name).Times(1).Return(false, nil)
   143  
   144  	// when
   145  	errorDetails := handler.handle(t, ctx, api.AdminPurgePermissionsParams{
   146  		Wallet: name,
   147  	})
   148  
   149  	// then
   150  	require.NotNil(t, errorDetails)
   151  	assertInvalidParams(t, errorDetails, api.ErrWalletDoesNotExist)
   152  }
   153  
   154  func testAdminPurgePermissionsGettingInternalErrorDuringWalletVerificationFails(t *testing.T) {
   155  	// given
   156  	ctx := context.Background()
   157  	name := vgrand.RandomStr(5)
   158  
   159  	// setup
   160  	handler := newPurgePermissionsHandler(t)
   161  	// -- expected calls
   162  	handler.walletStore.EXPECT().WalletExists(ctx, name).Times(1).Return(false, assert.AnError)
   163  
   164  	// when
   165  	errorDetails := handler.handle(t, ctx, api.AdminPurgePermissionsParams{
   166  		Wallet: name,
   167  	})
   168  
   169  	// then
   170  	require.NotNil(t, errorDetails)
   171  	assertInternalError(t, errorDetails, fmt.Errorf("could not verify the wallet exists: %w", assert.AnError))
   172  }
   173  
   174  func testAdminPurgePermissionsGettingInternalErrorDuringWalletRetrievalFails(t *testing.T) {
   175  	// given
   176  	ctx := context.Background()
   177  	name := vgrand.RandomStr(5)
   178  
   179  	// setup
   180  	handler := newPurgePermissionsHandler(t)
   181  	// -- expected calls
   182  	handler.walletStore.EXPECT().WalletExists(ctx, name).Times(1).Return(true, nil)
   183  	handler.walletStore.EXPECT().IsWalletAlreadyUnlocked(ctx, name).Times(1).Return(true, nil)
   184  	handler.walletStore.EXPECT().GetWallet(ctx, name).Times(1).Return(nil, assert.AnError)
   185  
   186  	// when
   187  	errorDetails := handler.handle(t, ctx, api.AdminPurgePermissionsParams{
   188  		Wallet: name,
   189  	})
   190  
   191  	// then
   192  	require.NotNil(t, errorDetails)
   193  	assertInternalError(t, errorDetails, fmt.Errorf("could not retrieve the wallet: %w", assert.AnError))
   194  }
   195  
   196  func testAdminPurgePermissionsGettingInternalErrorDuringWalletSavingFails(t *testing.T) {
   197  	// given
   198  	ctx := context.Background()
   199  	expectedWallet, _, err := wallet.NewHDWallet(vgrand.RandomStr(5))
   200  	if err != nil {
   201  		t.Fatal(err)
   202  	}
   203  
   204  	// setup
   205  	handler := newPurgePermissionsHandler(t)
   206  	// -- expected calls
   207  	handler.walletStore.EXPECT().WalletExists(ctx, expectedWallet.Name()).Times(1).Return(true, nil)
   208  	handler.walletStore.EXPECT().IsWalletAlreadyUnlocked(ctx, expectedWallet.Name()).Times(1).Return(true, nil)
   209  	handler.walletStore.EXPECT().GetWallet(ctx, expectedWallet.Name()).Times(1).Return(expectedWallet, nil)
   210  	handler.walletStore.EXPECT().UpdateWallet(ctx, expectedWallet).Times(1).Return(assert.AnError)
   211  
   212  	// when
   213  	errorDetails := handler.handle(t, ctx, api.AdminPurgePermissionsParams{
   214  		Wallet: expectedWallet.Name(),
   215  	})
   216  
   217  	// then
   218  	require.NotNil(t, errorDetails)
   219  	assertInternalError(t, errorDetails, fmt.Errorf("could not save the wallet: %w", assert.AnError))
   220  }
   221  
   222  type purgePermissionsHandler struct {
   223  	*api.AdminPurgePermissions
   224  	ctrl        *gomock.Controller
   225  	walletStore *mocks.MockWalletStore
   226  }
   227  
   228  func (h *purgePermissionsHandler) handle(t *testing.T, ctx context.Context, params jsonrpc.Params) *jsonrpc.ErrorDetails {
   229  	t.Helper()
   230  
   231  	rawResult, err := h.Handle(ctx, params)
   232  	require.Empty(t, rawResult)
   233  	return err
   234  }
   235  
   236  func newPurgePermissionsHandler(t *testing.T) *purgePermissionsHandler {
   237  	t.Helper()
   238  
   239  	ctrl := gomock.NewController(t)
   240  	walletStore := mocks.NewMockWalletStore(ctrl)
   241  
   242  	return &purgePermissionsHandler{
   243  		AdminPurgePermissions: api.NewAdminPurgePermissions(walletStore),
   244  		ctrl:                  ctrl,
   245  		walletStore:           walletStore,
   246  	}
   247  }