digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-09-20 01:07:18 +03:00
Code Issues Projects Releases Wiki Activity

use domain.Party instead of String in json-api tests (#15329)

Browse Source 
* use domain.Party instead of String in jwtForParties, headersWithPartyAuth

CHANGELOG_BEGIN
CHANGELOG_END

* use domain.Party instead of String in headersWithPartyAuth

* fix sharedAccountCreateCommand and some corners
This commit is contained in:
Stephen Compall 2022-10-25 11:31:26 -04:00 committed by GitHub
parent 8da0a84183
commit 7e7a8f2f2e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 103 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ledger-service/http-json-testing/src/main/scala/com/daml/http/HttpServiceTestFixture.scala
View File

@ -318,8 +318,8 @@ object HttpServiceTestFixture extends LazyLogging with Assertions with Inside {
private val noTlsConfig = TlsConfiguration(enabled = false, None, None, None)
def jwtForParties(
actAs: List[String],
readAs: List[String],
actAs: List[domain.Party],
readAs: List[domain.Party],
ledgerId: Option[String] = None,
withoutNamespace: Boolean = false,
admin: Boolean = false,
@ -330,11 +330,11 @@ object HttpServiceTestFixture extends LazyLogging with Assertions with Inside {
CustomDamlJWTPayload(
ledgerId = ledgerId,
applicationId = Some("test"),
actAs = actAs,
actAs = domain.Party unsubst actAs,
participantId = None,
exp = None,
admin = admin,
readAs = readAs,
readAs = domain.Party unsubst readAs,
)
val payloadJson = customJwtPayload.toJson
if (withoutNamespace) {
@ -360,8 +360,8 @@ object HttpServiceTestFixture extends LazyLogging with Assertions with Inside {
}
def headersWithPartyAuth(
actAs: List[String],
readAs: List[String],
actAs: List[domain.Party],
readAs: List[domain.Party],
ledgerId: Option[String],
withoutNamespace: Boolean = false,
): List[Authorization] = {
@ -516,20 +516,20 @@ object HttpServiceTestFixture extends LazyLogging with Assertions with Inside {
}
def sharedAccountCreateCommand(
owners: Seq[String],
owners: Seq[domain.Party],
number: String,
time: v.Value.Sum.Timestamp = TimestampConversion.roundInstantToMicros(Instant.now),
): domain.CreateCommand[v.Record, domain.ContractTypeId.Template.OptionalPkg] = {
val templateId = domain.ContractTypeId.Template(None, "Account", "SharedAccount")
val timeValue = v.Value(time)
val ownersEnc = v.Value(
v.Value.Sum.List(v.List(domain.Party.unsubst(owners).map(o => v.Value(v.Value.Sum.Party(o)))))
)
val enabledVariantValue =
v.Value(v.Value.Sum.Variant(v.Variant(None, "Enabled", Some(timeValue))))
val arg = v.Record(
fields = List(
v.RecordField(
"owners",
Some(v.Value(v.Value.Sum.List(v.List(owners.map(o => v.Value(v.Value.Sum.Party(o))))))),
),
v.RecordField("owners", Some(ownersEnc)),
v.RecordField("number", Some(v.Value(v.Value.Sum.Text(number)))),
v.RecordField("status", Some(enabledVariantValue)),
)

15
ledger-service/http-json-testing/src/main/scala/com/daml/http/HttpServiceUserFixture.scala
View File

@ -26,8 +26,8 @@ trait HttpServiceUserFixture extends AkkaBeforeAndAfterAll { this: Suite =>
ImplicitPreference[ExecutionContext, this.type](system.dispatcher)
def jwtForParties(uri: Uri)(
actAs: List[String],
readAs: List[String],
actAs: List[domain.Party],
readAs: List[domain.Party],
ledgerId: String,
withoutNamespace: Boolean = false,
admin: Boolean = false,
@ -55,8 +55,8 @@ object HttpServiceUserFixture {
}
override final def jwtForParties(uri: Uri)(
actAs: List[String],
readAs: List[String],
actAs: List[domain.Party],
readAs: List[domain.Party],
ledgerId: String,
withoutNamespace: Boolean = false,
admin: Boolean = false,
@ -73,8 +73,8 @@ object HttpServiceUserFixture {
override final def jwtForParties(
uri: Uri
)(
actAs: List[String],
readAs: List[String],
actAs: List[domain.Party],
readAs: List[domain.Party],
ledgerId: String = "",
withoutNamespace: Boolean = true,
admin: Boolean = false,
@ -89,8 +89,7 @@ object HttpServiceUserFixture {
Option
.when(admin)(domain.ParticipantAdmin)
.toList ++
actAs.map(it => domain.CanActAs(domain.Party(it))) ++
readAs.map(it => domain.CanReadAs(domain.Party(it)))
actAs.map(domain.CanActAs) ++ readAs.map(domain.CanReadAs)
),
)
import spray.json._, json.JsonProtocol._

46
ledger-service/http-json/src/failurelib/scala/http/FailureTests.scala
View File

@ -43,7 +43,7 @@ abstract class FailureTests
protected override final def testId = getClass.getSimpleName
private def headersWithParties(actAs: List[String]) =
private def headersWithParties(actAs: List[domain.Party]) =
Future successful headersWithPartyAuth(actAs, List(), Some(ledgerId().unwrap))
// TEST_EVIDENCE: Availability: Command submission succeeds after reconnect
@ -51,7 +51,7 @@ abstract class FailureTests
(uri, encoder, _, client) =>
for {
p <- allocateParty(client, "Alice")
(status, _) <- headersWithParties(List(p.unwrap)).flatMap(
(status, _) <- headersWithParties(List(p)).flatMap(
postCreateCommand(
accountCreateCommand(p, "23"),
encoder,
@ -61,7 +61,7 @@ abstract class FailureTests
)
_ = status shouldBe StatusCodes.OK
_ = proxy.disable()
(status, output) <- headersWithParties(List(p.unwrap))
(status, output) <- headersWithParties(List(p))
.flatMap(postCreateCommand(accountCreateCommand(p, "24"), encoder, uri, _))
_ = status shouldBe StatusCodes.ServiceUnavailable
(status, out) <- getRequestEncoded(uri.withPath(Uri.Path("/readyz")))
@ -80,7 +80,7 @@ abstract class FailureTests
// eventually doesnt handle Futures in the version of scalatest were using.
_ <- RetryStrategy.constant(5, 2.seconds)((_, _) =>
for {
(status, _) <- headersWithParties(List(p.unwrap)).flatMap(
(status, _) <- headersWithParties(List(p)).flatMap(
postCreateCommand(
accountCreateCommand(p, "25"),
encoder,
@ -100,7 +100,7 @@ abstract class FailureTests
import json.JsonProtocol._
for {
p <- allocateParty(client, "Alice")
(status, _) <- headersWithParties(List(p.unwrap)).flatMap(
(status, _) <- headersWithParties(List(p)).flatMap(
postCreateCommand(
accountCreateCommand(p, "23"),
encoder,
@ -114,7 +114,7 @@ abstract class FailureTests
body <- FutureUtil.toFuture(
encoder.encodeCreateCommand(accountCreateCommand(p, "24"))
): Future[JsValue]
(status, output) <- headersWithParties(List(p.unwrap)).flatMap(
(status, output) <- headersWithParties(List(p)).flatMap(
postJsonStringRequestEncoded(
uri.withPath(Uri.Path("/v1/create")),
body.compactPrint,
@ -125,7 +125,7 @@ abstract class FailureTests
_ =
output shouldBe "The server was not able to produce a timely response to your request.\r\nPlease try again in a short while!"
_ = proxy.toxics().get("timeout").remove()
(status, _) <- headersWithParties(List(p.unwrap)).flatMap(
(status, _) <- headersWithParties(List(p)).flatMap(
postCreateCommand(
accountCreateCommand(p, "25"),
encoder,
@ -136,7 +136,7 @@ abstract class FailureTests
_ = status shouldBe StatusCodes.OK
// Server -> Client connection
_ = proxy.toxics().timeout("timeout", ToxicDirection.DOWNSTREAM, 0)
(status, output) <- headersWithParties(List(p.unwrap)).flatMap(
(status, output) <- headersWithParties(List(p)).flatMap(
postJsonStringRequestEncoded(
uri.withPath(Uri.Path("/v1/create")),
body.compactPrint,
@ -154,7 +154,7 @@ abstract class FailureTests
(uri, encoder, _, client) =>
for {
p <- allocateParty(client, "Alice")
(status, _) <- headersWithParties(List(p.unwrap)).flatMap(
(status, _) <- headersWithParties(List(p)).flatMap(
postCreateCommand(
accountCreateCommand(p, "23"),
encoder,
@ -162,7 +162,7 @@ abstract class FailureTests
_,
)
)
(status, output) <- headersWithParties(List(p.unwrap)).flatMap(
(status, output) <- headersWithParties(List(p)).flatMap(
getRequest(
uri = uri.withPath(Uri.Path("/v1/query")),
_,
@ -174,7 +174,7 @@ abstract class FailureTests
}
}
_ = proxy.disable()
(status, output) <- headersWithParties(List(p.unwrap)).flatMap(
(status, output) <- headersWithParties(List(p)).flatMap(
getRequest(
uri = uri.withPath(Uri.Path("/v1/query")),
_,
@ -196,7 +196,7 @@ abstract class FailureTests
(uri, encoder, _, client) =>
for {
p <- allocateParty(client, "Alice")
(status, _) <- headersWithParties(List(p.unwrap)).flatMap(
(status, _) <- headersWithParties(List(p)).flatMap(
postCreateCommand(
accountCreateCommand(p, "23"),
encoder,
@ -206,7 +206,7 @@ abstract class FailureTests
)
_ = status shouldBe StatusCodes.OK
query = jsObject("""{"templateIds": ["Account:Account"]}""")
(status, output) <- headersWithParties(List(p.unwrap)).flatMap(
(status, output) <- headersWithParties(List(p)).flatMap(
postRequest(
uri = uri.withPath(Uri.Path("/v1/query")),
query,
@ -220,7 +220,7 @@ abstract class FailureTests
}
}
_ = proxy.disable()
(status, output) <- headersWithParties(List(p.unwrap)).flatMap(
(status, output) <- headersWithParties(List(p)).flatMap(
postRequest(
uri = uri.withPath(Uri.Path("/v1/query")),
query,
@ -238,7 +238,7 @@ abstract class FailureTests
// eventually doesnt handle Futures in the version of scalatest were using.
_ <- RetryStrategy.constant(5, 2.seconds)((_, _) =>
for {
(status, output) <- headersWithParties(List(p.unwrap)).flatMap(
(status, output) <- headersWithParties(List(p)).flatMap(
postRequest(
uri = uri.withPath(Uri.Path("/v1/query")),
query,
@ -260,7 +260,7 @@ abstract class FailureTests
"/v1/query POST succeeds after reconnect to DB" in withHttpService { (uri, encoder, _, client) =>
for {
p <- allocateParty(client, "Alice")
(status, _) <- headersWithParties(List(p.unwrap)).flatMap(
(status, _) <- headersWithParties(List(p)).flatMap(
postCreateCommand(
accountCreateCommand(p, "23"),
encoder,
@ -270,7 +270,7 @@ abstract class FailureTests
)
_ = status shouldBe StatusCodes.OK
query = jsObject("""{"templateIds": ["Account:Account"]}""")
(status, output) <- headersWithParties(List(p.unwrap)).flatMap(
(status, output) <- headersWithParties(List(p)).flatMap(
postRequest(
uri = uri.withPath(Uri.Path("/v1/query")),
query,
@ -284,7 +284,7 @@ abstract class FailureTests
}
}
_ = dbProxy.disable()
(status, output) <- headersWithParties(List(p.unwrap)).flatMap(
(status, output) <- headersWithParties(List(p)).flatMap(
postRequest(
uri = uri.withPath(Uri.Path("/v1/query")),
query,
@ -309,7 +309,7 @@ abstract class FailureTests
// eventually doesnt handle Futures in the version of scalatest were using.
_ <- RetryStrategy.constant(5, 2.seconds)((_, _) =>
for {
(status, output) <- headersWithParties(List(p.unwrap)).flatMap(
(status, output) <- headersWithParties(List(p)).flatMap(
postRequest(
uri = uri.withPath(Uri.Path("/v1/query")),
query,
@ -373,7 +373,7 @@ abstract class FailureTests
for {
p <- allocateParty(client, "p")
(status, r) <- headersWithParties(List(p.unwrap)).flatMap(
(status, r) <- headersWithParties(List(p)).flatMap(
postCreateCommand(
accountCreateCommand(p, "abc123"),
encoder,
@ -383,7 +383,7 @@ abstract class FailureTests
)
_ = status shouldBe a[StatusCodes.Success]
cid = getContractId(getResult(r))
jwt <- jwtForParties(uri)(List(p.unwrap), List(), ledgerId().unwrap)
jwt <- jwtForParties(uri)(List(p), List(), ledgerId().unwrap)
r <- (singleClientQueryStream(
jwt,
uri,
@ -395,7 +395,7 @@ abstract class FailureTests
}
offset <- offset.future
_ = proxy.enable()
(status, r) <- headersWithParties(List(p.unwrap)).flatMap(
(status, r) <- headersWithParties(List(p)).flatMap(
postCreateCommand(
accountCreateCommand(p, "abc456"),
encoder,
@ -405,7 +405,7 @@ abstract class FailureTests
)
cid = getContractId(getResult(r))
_ = status shouldBe a[StatusCodes.Success]
jwt <- jwtForParties(uri)(List(p.unwrap), List(), ledgerId().unwrap)
jwt <- jwtForParties(uri)(List(p), List(), ledgerId().unwrap)
(stop, source) = singleClientQueryStream(
jwt,
uri,

2
ledger-service/http-json/src/it/scala/http/HttpServiceIntegrationTestUserManagement.scala
View File

@ -36,7 +36,7 @@ class HttpServiceIntegrationTestUserManagementNoAuth
this: AsyncTestSuite with Matchers with Inside =>
override def jwt(uri: Uri)(implicit ec: ExecutionContext): Future[Jwt] =
jwtForParties(uri)(List("Alice"), List())
jwtForParties(uri)(domain.Party subst List("Alice"), List())
def createUser(ledgerClient: DamlLedgerClient)(
userId: Ref.UserId,

3
ledger-service/http-json/src/it/scala/http/WebsocketServiceOffsetTickIntTest.scala
View File

@ -10,7 +10,6 @@ import org.scalatest._
import org.scalatest.freespec.AsyncFreeSpec
import org.scalatest.matchers.should.Matchers
import scalaz.\/-
import scalaz.syntax.tag._
import scala.concurrent.duration._
@ -56,7 +55,7 @@ abstract class WebsocketServiceOffsetTickIntTest
aliceHeaders <- fixture.getUniquePartyAndAuthHeaders("Alice")
(party, headers) = aliceHeaders
_ <- initialIouCreate(uri, party, headers)
jwt <- jwtForParties(uri)(List(party.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(party), List(), testId)
msgs <- singleClientQueryStream(jwt, uri, """{"templateIds": ["Iou:Iou"]}""")
.take(10)
.runWith(collectResultsAsTextMessage)

32
ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala
View File

@ -51,11 +51,11 @@ trait AbstractHttpServiceIntegrationTestFunsCustomToken
import json.JsonProtocol._
protected def jwt(uri: Uri)(implicit ec: ExecutionContext): Future[Jwt] =
jwtForParties(uri)(List("Alice"), List(), testId)
jwtForParties(uri)(domain.Party subst List("Alice"), List(), testId)
protected def headersWithPartyAuthLegacyFormat(
actAs: List[String],
readAs: List[String] = List(),
actAs: List[domain.Party],
readAs: List[domain.Party] = List(),
) =
HttpServiceTestFixture.headersWithPartyAuth(
actAs,
@ -95,7 +95,13 @@ trait AbstractHttpServiceIntegrationTestFunsCustomToken
val input: JsValue = encoder.encodeCreateCommand(command).valueOr(e => fail(e.shows))
val headers = HttpServiceTestFixture.authorizationHeader(
HttpServiceTestFixture.jwtForParties(List("Alice"), List("Bob"), None, false, false)
HttpServiceTestFixture.jwtForParties(
domain.Party subst List("Alice"),
domain.Party subst List("Bob"),
None,
false,
false,
)
)
fixture
@ -206,7 +212,7 @@ abstract class QueryStoreAndAuthDependentIntegrationTest
)
.map(acl => acl.size shouldBe 1)
_ <- fixture
.headersWithPartyAuth(List(alice.unwrap, bob.unwrap))
.headersWithPartyAuth(List(alice, bob))
.flatMap(headers =>
searchExpectOk(
List(),
@ -260,7 +266,7 @@ abstract class QueryStoreAndAuthDependentIntegrationTest
"""{"templateIds": ["Iou:Iou", "UnknownModule:UnknownEntity"], "query": {"currency": "EUR"}}"""
)
fixture
.headersWithPartyAuth(List("UnknownParty"))
.headersWithPartyAuth(domain.Party subst List("UnknownParty"))
.flatMap(headers =>
search(List(), query, fixture, headers).map { response =>
inside(response) { case domain.OkResponse(acl, warnings, StatusCodes.OK) =>
@ -712,12 +718,12 @@ abstract class QueryStoreAndAuthDependentIntegrationTest
"should support multi-party command submissions" in withHttpService { fixture =>
import fixture.{client, encoder}
val knownParties @ List(alice, bob, charlie, david) =
List("Alice", "Bob", "Charlie", "David").map(getUniqueParty).map(_.unwrap)
List("Alice", "Bob", "Charlie", "David").map(getUniqueParty)
val partyManagement = client.partyManagementClient
for {
_ <- knownParties
.traverse { p =>
partyManagement.allocateParty(Some(p), Some(s"${p} & Co. LLC"))
partyManagement.allocateParty(Some(p.unwrap), Some(s"${p} & Co. LLC"))
}
// multi-party actAs on create
cid <- fixture
@ -1072,7 +1078,7 @@ abstract class QueryStoreAndAuthDependentIntegrationTest
val exerciseJson: JsValue = encodeExercise(encoder)(exercise)
fixture
.headersWithPartyAuth(actAs = List(actAs.unwrap))
.headersWithPartyAuth(actAs = List(actAs))
.flatMap(headers =>
fixture.postJsonRequest(Uri.Path("/v1/exercise"), exerciseJson, headers)
)
@ -1089,7 +1095,7 @@ abstract class QueryStoreAndAuthDependentIntegrationTest
}""")
fixture
.headersWithPartyAuth(actAs = List(fromPerspectiveOfParty.unwrap))
.headersWithPartyAuth(actAs = List(fromPerspectiveOfParty))
.flatMap(headers => fixture.postJsonRequest(Uri.Path("/v1/query"), query, headers))
.parseResponse[JsValue]
.map(inside(_) { case domain.OkResponse(_, _, StatusCodes.OK) =>
@ -1106,7 +1112,7 @@ abstract class QueryStoreAndAuthDependentIntegrationTest
}
users <- commands.traverse { case (party, command) =>
val fut = fixture
.headersWithPartyAuth(actAs = List(party.unwrap))
.headersWithPartyAuth(actAs = List(party))
.flatMap(headers =>
postCreateCommand(
command,
@ -1180,7 +1186,7 @@ abstract class AbstractHttpServiceIntegrationTestQueryStoreIndependent
_ <- fixture.searchAllExpectOk(aliceHeaders).map(cs => cs should have size 1)
_ <- fixture.searchAllExpectOk(bobHeaders).map(cs => cs should have size 1)
_ <- fixture
.headersWithPartyAuth(List(alice.unwrap, bob.unwrap))
.headersWithPartyAuth(List(alice, bob))
.flatMap(headers => fixture.searchAllExpectOk(headers))
.map(cs => cs should have size 2)
} yield succeed
@ -1224,7 +1230,7 @@ abstract class AbstractHttpServiceIntegrationTestQueryStoreIndependent
command = iouCreateCommand(alice)
input: JsValue = encoder.encodeCreateCommand(command).valueOr(e => fail(e.shows))
headers <- fixture
.headersWithPartyAuth(actAs = List(alice.unwrap), readAs = List("Bob"))
.headersWithPartyAuth(actAs = List(alice), readAs = List(domain.Party("Bob")))
activeContractResponse <- fixture
.postJsonRequest(
Uri.Path("/v1/create"),

20
ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTestFuns.scala
View File

@ -218,9 +218,9 @@ trait AbstractHttpServiceIntegrationTestFuns
def getUniquePartyAndAuthHeaders(
name: String
): Future[(domain.Party, List[HttpHeader])] = {
val party @ domain.Party(partyName) = getUniqueParty(name)
val party = getUniqueParty(name)
for {
headers <- headersWithPartyAuth(List(partyName), List.empty, "")
headers <- headersWithPartyAuth(List(party), List.empty, "")
request = domain.AllocatePartyRequest(
Some(party),
None,
@ -238,8 +238,8 @@ trait AbstractHttpServiceIntegrationTestFuns
jwt(uri)(ec).map(authorizationHeader)
def headersWithPartyAuth(
actAs: List[String],
readAs: List[String] = List.empty,
actAs: List[domain.Party],
readAs: List[domain.Party] = List.empty,
ledgerId: String = "",
withoutNamespace: Boolean = false,
admin: Boolean = false,
@ -536,8 +536,8 @@ trait AbstractHttpServiceIntegrationTestFuns
)
}
protected def multiPartyCreateCommand(ps: List[String], value: String) = {
val psv = lfToApi(VAx.seq(VAx.partyStr).inj(ps)).sum
protected def multiPartyCreateCommand(ps: List[domain.Party], value: String) = {
val psv = lfToApi(VAx.seq(VAx.partyDomain).inj(ps)).sum
val payload = recordFromFields(
ShRecord(
parties = psv,
@ -551,8 +551,8 @@ trait AbstractHttpServiceIntegrationTestFuns
)
}
protected def multiPartyAddSignatories(cid: lar.ContractId, ps: List[String]) = {
val psv = lfToApi(VAx.seq(VAx.partyStr).inj(ps)).sum
protected def multiPartyAddSignatories(cid: lar.ContractId, ps: List[domain.Party]) = {
val psv = lfToApi(VAx.seq(VAx.partyDomain).inj(ps)).sum
val argument = boxedRecord(recordFromFields(ShRecord(newParties = psv)))
domain.ExerciseCommand(
reference = domain.EnrichedContractId(Some(TpId.Test.MultiPartyContract), cid),
@ -566,14 +566,14 @@ trait AbstractHttpServiceIntegrationTestFuns
protected def multiPartyFetchOther(
cid: lar.ContractId,
fetchedCid: lar.ContractId,
actors: List[String],
actors: List[domain.Party],
) = {
val argument = v.Value(
v.Value.Sum.Record(
recordFromFields(
ShRecord(
cid = v.Value.Sum.ContractId(fetchedCid.unwrap),
actors = lfToApi(VAx.seq(VAx.partyStr).inj(actors)).sum,
actors = lfToApi(VAx.seq(VAx.partyDomain).inj(actors)).sum,
)
)
)

48
ledger-service/http-json/src/itlib/scala/http/AbstractWebsocketServiceIntegrationTest.scala
View File

@ -225,7 +225,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
aliceHeaders <- fixture.getUniquePartyAndAuthHeaders("Alice")
(alice, headers) = aliceHeaders
_ <- initialIouCreate(uri, alice, headers)
jwt <- jwtForParties(uri)(List(alice.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(alice), List(), testId)
clientMsg <- singleClientQueryStream(
jwt,
uri,
@ -245,7 +245,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
aliceHeaders <- fixture.getUniquePartyAndAuthHeaders("Alice")
(alice, headers) = aliceHeaders
_ <- initialAccountCreate(fixture, alice, headers)
jwt <- jwtForParties(uri)(List(alice.unwrap), Nil, testId)
jwt <- jwtForParties(uri)(List(alice), Nil, testId)
fetchRequest = s"""[{"templateId": "Account:Account", "key": ["$alice", "abc123"]}]"""
clientMsg <- singleClientFetchStream(jwt, uri, fetchRequest)
.take(2)
@ -389,7 +389,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
for {
(alice, aliceAuthHeaders) <- fixture.getUniquePartyAndAuthHeaders("Alice")
jwt <- jwtForParties(uri)(List(alice.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(alice), List(), testId)
(kill, source) = singleClientQueryStream(
jwt,
uri,
@ -415,7 +415,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
(alice, headers) = aliceHeaders
_ <- initialIouCreate(uri, alice, headers)
clientMsg <- jwtForParties(uri)(List(alice.unwrap), List(), testId)
clientMsg <- jwtForParties(uri)(List(alice), List(), testId)
.flatMap(
singleClientQueryStream(
_,
@ -439,7 +439,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
(alice, headers) = aliceHeaders
_ <- initialAccountCreate(fixture, alice, headers)
clientMsg <- jwtForParties(uri)(List(alice.unwrap), List(), testId).flatMap(
clientMsg <- jwtForParties(uri)(List(alice), List(), testId).flatMap(
singleClientFetchStream(
_,
uri,
@ -548,7 +548,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
(party, headers) = aliceHeaders
creation <- initialIouCreate(uri, party, headers)
iouCid = resultContractId(creation)
jwt <- jwtForParties(uri)(List(party.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(party), List(), testId)
(kill, source) = singleClientQueryStream(jwt, uri, query)
.viaMat(KillSwitches.single)(Keep.right)
.preMaterialize()
@ -657,7 +657,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
(party, headers) = aliceHeaders
creation <- initialIouCreate(uri, party, headers)
iouCid = resultContractId(creation)
jwt <- jwtForParties(uri)(List(party.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(party), List(), testId)
(kill, source) = singleClientQueryStream(jwt, uri, query)
.viaMat(KillSwitches.single)(Keep.right)
.preMaterialize()
@ -760,7 +760,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
r2 <- f2
cid2 = resultContractId(r2)
jwt <- jwtForParties(uri)(List(alice.unwrap, bob.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(alice, bob), List(), testId)
(kill, source) = singleClientQueryStream(
jwt,
uri,
@ -771,7 +771,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
lastSeen.unwrap should be > liveStart.unwrap
liveStart
}
rescan <- jwtForParties(uri)(List(alice.unwrap), List(), testId).flatMap(jwt =>
rescan <- jwtForParties(uri)(List(alice), List(), testId).flatMap(jwt =>
(singleClientQueryStream(
jwt,
uri,
@ -865,7 +865,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
r2 <- f2
cid2 = resultContractId(r2)
jwt <- jwtForParties(uri)(List(alice.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(alice), List(), testId)
(kill, source) = singleClientFetchStream(jwt, uri, fetchRequest(None))
.viaMat(KillSwitches.single)(Keep.right)
.preMaterialize()
@ -971,7 +971,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
r2 <- f2
cid2 = resultContractId(r2)
jwt <- jwtForParties(uri)(List(alice.unwrap, bob.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(alice, bob), List(), testId)
(kill, source) = singleClientFetchStream(
jwt,
uri,
@ -1000,7 +1000,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
for {
aliceHeaders <- fixture.getUniquePartyAndAuthHeaders("Alice")
(alice, headers) = aliceHeaders
jwt <- jwtForParties(uri)(List(alice.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(alice), List(), testId)
create = (account: String) =>
for {
r <- postCreateCommand(
@ -1144,7 +1144,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
_ = pruned should ===(PruneGrpc.PruneResponse())
// now query again with a pruned offset
jwt <- jwtForParties(uri)(List(alice.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(alice), List(), testId)
query = s"""[{"templateIds": ["Iou:Iou"]}]"""
streamError <- singleClientQueryStream(jwt, uri, query, Some(offsetBeforeArchive))
.runWith(Sink.seq)
@ -1217,7 +1217,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
val query = """[{"templateIds": ["Iou:Iou"]}]"""
for {
jwt <- jwtForParties(uri)(List(party.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(party), List(), testId)
(kill, source) =
singleClientQueryStream(jwt, uri, query)
.viaMat(KillSwitches.single)(Keep.right)
@ -1237,7 +1237,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
"""[
{"templateIds": ["Iou:Iou"]}
]"""
jwt <- jwtForParties(uri)(List(alice.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(alice), List(), testId)
(kill, source) =
singleClientQueryStream(jwt, uri, query)
.viaMat(KillSwitches.single)(Keep.right)
@ -1336,7 +1336,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
def test(
expectedContractId: String,
expectedParties: Vector[JsString],
expectedParties: Vector[domain.Party],
killSwitch: UniqueKillSwitch,
): Sink[JsValue, Future[ShouldHaveEnded]] = {
val dslSyntax = Consume.syntax[JsValue]
@ -1347,10 +1347,12 @@ abstract class AbstractWebsocketServiceIntegrationTest
_ = sharedAccountId shouldBe expectedContractId
ContractDelta(Vector(), _, Some(offset)) <- readOne
_ = inside(sharedAccount) { case JsObject(obj) =>
inside((obj get "owners", obj get "number")) {
case (Some(JsArray(owners)), Some(JsString(number))) =>
owners should contain theSameElementsAs expectedParties
number shouldBe "4444"
import json.JsonProtocol._
inside(
(obj get "owners" map (SprayJson.decode[Vector[domain.Party]](_)), obj get "number")
) { case (Some(\/-(owners)), Some(JsString(number))) =>
owners should contain theSameElementsAs expectedParties
number shouldBe "4444"
}
}
ContractDelta(Vector(), _, Some(_)) <- readOne
@ -1369,7 +1371,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
for {
aliceAndBob @ List(alice, bob) <- List("Alice", "Bob").traverse { p =>
fixture.getUniquePartyAndAuthHeaders(p).map(_._1.unwrap)
fixture.getUniquePartyAndAuthHeaders(p).map(_._1)
}
jwtForAliceAndBob <-
jwtForParties(uri)(actAs = aliceAndBob, readAs = Nil, ledgerId = testId)
@ -1393,7 +1395,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
.preMaterialize()
result <- source via parseResp runWith test(
expectedContractId.unwrap,
Vector(JsString(alice), JsString(bob)),
Vector(alice, bob),
killSwitch,
)
} yield inside(result) { case ShouldHaveEnded(_, 2, _) =>
@ -1408,7 +1410,7 @@ abstract class AbstractWebsocketServiceIntegrationTest
for {
aliceHeaders <- fixture.getUniquePartyAndAuthHeaders("Alice")
(alice, headers) = aliceHeaders
jwt <- jwtForParties(uri)(List(alice.unwrap), List(), testId)
jwt <- jwtForParties(uri)(List(alice), List(), testId)
createIouCommand = (currency: String) => s"""{
| "templateId": "Iou:Iou",
| "payload": {

4
ledger-service/http-json/src/test/scala/com/digitalasset/http/CommandServiceTest.scala
View File

@ -83,8 +83,8 @@ object CommandServiceTest {
readAs = domain.Party subst List("baz", "quux"),
)
private lazy val multiPartyJwt = jwtForParties(
actAs = domain.Party unsubst multiPartyJwp.submitter.toList,
readAs = domain.Party unsubst multiPartyJwp.readAs,
actAs = multiPartyJwp.submitter.toList,
readAs = multiPartyJwp.readAs,
ledgerId = Some(multiPartyJwp.ledgerId.unwrap),
)
private val tplId = domain.ContractTypeId.Template("Foo", "Bar", "Baz")

8
security-evidence.md
View File

@ -20,7 +20,7 @@
- accept user tokens: [TestMiddleware.scala](triggers/service/auth/src/test/scala/com/daml/auth/middleware/oauth2/TestMiddleware.scala#L152)
- auth and auth-* should not be set together for the trigger service: [CliConfigTest.scala](triggers/service/src/test-suite/scala/com/daml/lf/engine/trigger/CliConfigTest.scala#L40)
- badly-authorized create is rejected: [AuthorizationSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/AuthorizationSpec.scala#L60)
- badly-authorized create is rejected: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L1507)
- badly-authorized create is rejected: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L1513)
- badly-authorized exercise is rejected: [AuthorizationSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/AuthorizationSpec.scala#L158)
- badly-authorized exercise/create (create is unauthorized) is rejected: [AuthPropagationSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/AuthPropagationSpec.scala#L273)
- badly-authorized exercise/create (exercise is unauthorized) is rejected: [AuthPropagationSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/AuthPropagationSpec.scala#L241)
@ -35,7 +35,7 @@
- error on specifying both authCommonUri and authInternalUri/authExternalUri for the trigger service: [AuthorizationConfigTest.scala](triggers/service/src/test-suite/scala/com/daml/lf/engine/trigger/AuthorizationConfigTest.scala#L24)
- error on specifying only authInternalUri and no authExternalUri for the trigger service: [AuthorizationConfigTest.scala](triggers/service/src/test-suite/scala/com/daml/lf/engine/trigger/AuthorizationConfigTest.scala#L52)
- exercise with no controllers is rejected: [AuthorizationSpec.scala](daml-lf/engine/src/test/scala/com/digitalasset/daml/lf/engine/AuthorizationSpec.scala#L148)
- fetch fails when readAs not authed, even if prior fetch succeeded: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L827)
- fetch fails when readAs not authed, even if prior fetch succeeded: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L833)
- forbid a non-authorized party to check the status of a trigger: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L688)
- forbid a non-authorized party to list triggers: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L678)
- forbid a non-authorized party to start a trigger: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L667)
@ -43,7 +43,7 @@
- forbid a non-authorized user to upload a DAR: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L720)
- multiple websocket requests over the same WebSocket connection are NOT allowed: [AbstractWebsocketServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractWebsocketServiceIntegrationTest.scala#L132)
- refresh a token after expiry on the server side: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L745)
- reject requests with missing auth header: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L1203)
- reject requests with missing auth header: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L1209)
- request a fresh token after expiry on user request: [TriggerServiceTest.scala](triggers/service/src/test/scala/com/digitalasset/daml/lf/engine/trigger/TriggerServiceTest.scala#L730)
- return the token from a cookie: [TestMiddleware.scala](triggers/service/auth/src/test/scala/com/daml/auth/middleware/oauth2/TestMiddleware.scala#L96)
- return unauthorized on an expired token: [TestMiddleware.scala](triggers/service/auth/src/test/scala/com/daml/auth/middleware/oauth2/TestMiddleware.scala#L139)
@ -72,7 +72,7 @@
- /v1/stream/query can reconnect: [FailureTests.scala](ledger-service/http-json/src/failurelib/scala/http/FailureTests.scala#L332)
- Command submission succeeds after reconnect: [FailureTests.scala](ledger-service/http-json/src/failurelib/scala/http/FailureTests.scala#L49)
- Tail call optimization: Tail recursion does not blow the scala JVM stack.: [TailCallTest.scala](daml-lf/interpreter/src/test/scala/com/digitalasset/daml/lf/speedy/TailCallTest.scala#L16)
- archiving a large number of contracts should succeed: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L944)
- archiving a large number of contracts should succeed: [AbstractHttpServiceIntegrationTest.scala](ledger-service/http-json/src/itlib/scala/http/AbstractHttpServiceIntegrationTest.scala#L950)
- command submission timeout is applied: [FailureTests.scala](ledger-service/http-json/src/failurelib/scala/http/FailureTests.scala#L98)
- creating and listing 20K users should be possible: [HttpServiceIntegrationTestUserManagement.scala](ledger-service/http-json/src/it/scala/http/HttpServiceIntegrationTestUserManagement.scala#L555)
- fromStartupMode should not succeed for any input when the db connection is broken: [FailureTests.scala](ledger-service/http-json/src/failurelib/scala/http/FailureTests.scala#L435)