pallets/did/src/origin.rs

-Original file line number
+Diff line change
@@ Expand Up / @@ -18,7 +18,7 @@ @@
     use frame_support::{
     	codec::{Decode, Encode},
-    	traits::EnsureOrigin,
+    	traits::{EnsureOrigin, EnsureOriginWithArg},
     };
     use kilt_support::traits::CallSources;
     use parity_scale_codec::MaxEncodedLen;
@@ Expand Down Expand Up / @@ -66,6 +66,38 @@ where @@
     	}
     }
+    impl<OuterOrigin, DidIdentifier, AccountId> EnsureOriginWithArg<OuterOrigin, DidIdentifier>
+    	for EnsureDidOrigin<DidIdentifier, AccountId>
+    where
+    	OuterOrigin: Into<Result<DidRawOrigin<DidIdentifier, AccountId>, OuterOrigin>>
+    		+ From<DidRawOrigin<DidIdentifier, AccountId>>
+    		+ Clone,
+    	DidIdentifier: PartialEq<DidIdentifier> + Clone,
+    	AccountId: Clone + Decode,
+    {
+    	type Success = DidRawOrigin<DidIdentifier, AccountId>;
+    	fn try_origin(o: OuterOrigin, a: &DidIdentifier) -> Result<Self::Success, OuterOrigin> {
+    		let did_origin: DidRawOrigin<DidIdentifier, AccountId> = o.clone().into()?;
+    		if did_origin.id == *a {
+    			Ok(did_origin)
+    		} else {
+    			Err(o)
+    		}
+    	}
+    	#[cfg(feature = "runtime-benchmarks")]
+    	fn try_successful_origin(a: &DidIdentifier) -> Result<OuterOrigin, ()> {
+    		let zero_account_id = AccountId::decode(&mut sp_runtime::traits::TrailingZeroInput::zeroes())
+    			.expect("infinite length input; no invalid inputs for type; qed");
+    		Ok(OuterOrigin::from(DidRawOrigin {
+    			id: a.clone(),
+    			submitter: zero_account_id,
+    		}))
+    	}
+    }
     impl<DidIdentifier: Clone, AccountId: Clone> CallSources<AccountId, DidIdentifier>
     	for DidRawOrigin<DidIdentifier, AccountId>
     {
@@ Expand Down @@

pallets/pallet-dip-consumer/src/lib.rs

-Original file line number
+Diff line change
@@ Expand Up @@
     pub mod pallet {
     	use super::*;
-    	use frame_support::{dispatch::Dispatchable, pallet_prelude::*, traits::Contains, Twox64Concat};
+    	use frame_support::{
+    		dispatch::Dispatchable,
+    		pallet_prelude::*,
+    		traits::{Contains, EnsureOriginWithArg},
+    		Twox64Concat,
+    	};
     	use frame_system::pallet_prelude::*;
     	use parity_scale_codec::{FullCodec, MaxEncodedLen};
     	use scale_info::TypeInfo;
@@ Expand All / @@ -56,7 +61,11 @@ pub mod pallet { @@
     		/// computations.
     		type DipCallOriginFilter: Contains<RuntimeCallOf<Self>>;
     		/// The origin check for the `dispatch_as` call.
-    		type DispatchOriginCheck: EnsureOrigin<<Self as frame_system::Config>::RuntimeOrigin, Success = Self::AccountId>;
+    		type DispatchOriginCheck: EnsureOriginWithArg<
+    			<Self as frame_system::Config>::RuntimeOrigin,
+    			Self::Identifier,
+    			Success = Self::AccountId,
+    		>;
     		/// The identifier of a subject, e.g., a DID.
     		type Identifier: Parameter + MaxEncodedLen;
     		/// The details stored in this pallet associated with any given subject.
@@ Expand Down Expand Up / @@ -98,7 +107,7 @@ pub mod pallet { @@
     			proof: IdentityProofOf<T>,
     			call: Box<RuntimeCallOf<T>>,
     		) -> DispatchResult {
-    			let submitter = T::DispatchOriginCheck::ensure_origin(origin)?;
+    			let submitter = T::DispatchOriginCheck::ensure_origin(origin, &identifier)?;
     			ensure!(T::DipCallOriginFilter::contains(&*call), Error::<T>::Filtered);
     			let mut identity_entry = IdentityEntries::<T>::get(&identifier);
     			let proof_verification_result = T::ProofVerifier::verify_proof_for_call_against_details(
@@ Expand Down @@

pallets/pallet-dip-provider/src/lib.rs

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -31,7 +31,7 @@ pub use crate::{
  
    pub mod pallet {

    	use super::*;

    	use frame_support::{pallet_prelude::*, traits::EnsureOrigin};

    	use frame_support::{pallet_prelude::*, traits::EnsureOriginWithArg};

    	use frame_system::pallet_prelude::*;

    	use crate::traits::{IdentityCommitmentGenerator, IdentityProvider, ProviderHooks, SubmitterInfo};

    @@ -47,7 +47,7 @@ pub mod pallet {
  
    	#[pallet::config]

    	pub trait Config: frame_system::Config {

    		type CommitOriginCheck: EnsureOrigin<Self::RuntimeOrigin, Success = Self::CommitOrigin>;

    		type CommitOriginCheck: EnsureOriginWithArg<Self::RuntimeOrigin, Self::Identifier, Success = Self::CommitOrigin>;

    		type CommitOrigin: SubmitterInfo<Submitter = Self::AccountId>;

    		type Identifier: Parameter + MaxEncodedLen;

    		type IdentityCommitmentGenerator: IdentityCommitmentGenerator<Self>;

    @@ -103,8 +103,8 @@ pub mod pallet {
  
    			identifier: T::Identifier,

    			version: Option<IdentityCommitmentVersion>,

    		) -> DispatchResult {

    			let dispatcher =

    				T::CommitOriginCheck::ensure_origin(origin).map(|e: <T as Config>::CommitOrigin| e.submitter())?;

    			let dispatcher = T::CommitOriginCheck::ensure_origin(origin, &identifier)

    				.map(|e: <T as Config>::CommitOrigin| e.submitter())?;

    			let commitment_version = version.unwrap_or(LATEST_COMMITMENT_VERSION);

    			let identity = T::IdentityProvider::retrieve(&identifier)

    @@ -148,8 +148,8 @@ pub mod pallet {
  
    			identifier: T::Identifier,

    			version: Option<IdentityCommitmentVersion>,

    		) -> DispatchResult {

    			let dispatcher =

    				T::CommitOriginCheck::ensure_origin(origin).map(|e: <T as Config>::CommitOrigin| e.submitter())?;

    			let dispatcher = T::CommitOriginCheck::ensure_origin(origin, &identifier)

    				.map(|e: <T as Config>::CommitOrigin| e.submitter())?;

    			let commitment_version = version.unwrap_or(LATEST_COMMITMENT_VERSION);

    			let commitment = Self::delete_identity_commitment_storage_entry(&identifier, commitment_version)?;

fix: origin checks for provider and consumer pallets #581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

ntn-x2 merged 1 commit into aa/dip from aa/dip-provider-origin-check-fix

Nov 21, 2023

-Original file line number
+Diff line change
@@ Expand Up / @@ -18,7 +18,7 @@ @@
     use frame_support::{
     	codec::{Decode, Encode},
-    	traits::EnsureOrigin,
+    	traits::{EnsureOrigin, EnsureOriginWithArg},
     };
     use kilt_support::traits::CallSources;
     use parity_scale_codec::MaxEncodedLen;
@@ Expand Down Expand Up / @@ -66,6 +66,38 @@ where @@
     	}
     }
+    impl<OuterOrigin, DidIdentifier, AccountId> EnsureOriginWithArg<OuterOrigin, DidIdentifier>
+    	for EnsureDidOrigin<DidIdentifier, AccountId>
+    where
+    	OuterOrigin: Into<Result<DidRawOrigin<DidIdentifier, AccountId>, OuterOrigin>>
+    		+ From<DidRawOrigin<DidIdentifier, AccountId>>
+    		+ Clone,
+    	DidIdentifier: PartialEq<DidIdentifier> + Clone,
+    	AccountId: Clone + Decode,
+    {
+    	type Success = DidRawOrigin<DidIdentifier, AccountId>;
+    	fn try_origin(o: OuterOrigin, a: &DidIdentifier) -> Result<Self::Success, OuterOrigin> {
+    		let did_origin: DidRawOrigin<DidIdentifier, AccountId> = o.clone().into()?;
+    		if did_origin.id == *a {
+    			Ok(did_origin)
+    		} else {
+    			Err(o)
+    		}
+    	}
+    	#[cfg(feature = "runtime-benchmarks")]
+    	fn try_successful_origin(a: &DidIdentifier) -> Result<OuterOrigin, ()> {
+    		let zero_account_id = AccountId::decode(&mut sp_runtime::traits::TrailingZeroInput::zeroes())
+    			.expect("infinite length input; no invalid inputs for type; qed");
+    		Ok(OuterOrigin::from(DidRawOrigin {
+    			id: a.clone(),
+    			submitter: zero_account_id,
+    		}))
+    	}
+    }
     impl<DidIdentifier: Clone, AccountId: Clone> CallSources<AccountId, DidIdentifier>
     	for DidRawOrigin<DidIdentifier, AccountId>
     {
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up @@
     pub mod pallet {
     	use super::*;
-    	use frame_support::{dispatch::Dispatchable, pallet_prelude::*, traits::Contains, Twox64Concat};
+    	use frame_support::{
+    		dispatch::Dispatchable,
+    		pallet_prelude::*,
+    		traits::{Contains, EnsureOriginWithArg},
+    		Twox64Concat,
+    	};
     	use frame_system::pallet_prelude::*;
     	use parity_scale_codec::{FullCodec, MaxEncodedLen};
     	use scale_info::TypeInfo;
@@ Expand All / @@ -56,7 +61,11 @@ pub mod pallet { @@
     		/// computations.
     		type DipCallOriginFilter: Contains<RuntimeCallOf<Self>>;
     		/// The origin check for the `dispatch_as` call.
-    		type DispatchOriginCheck: EnsureOrigin<<Self as frame_system::Config>::RuntimeOrigin, Success = Self::AccountId>;
+    		type DispatchOriginCheck: EnsureOriginWithArg<
+    			<Self as frame_system::Config>::RuntimeOrigin,
+    			Self::Identifier,
+    			Success = Self::AccountId,
+    		>;
     		/// The identifier of a subject, e.g., a DID.
     		type Identifier: Parameter + MaxEncodedLen;
     		/// The details stored in this pallet associated with any given subject.
@@ Expand Down Expand Up / @@ -98,7 +107,7 @@ pub mod pallet { @@
     			proof: IdentityProofOf<T>,
     			call: Box<RuntimeCallOf<T>>,
     		) -> DispatchResult {
-    			let submitter = T::DispatchOriginCheck::ensure_origin(origin)?;
+    			let submitter = T::DispatchOriginCheck::ensure_origin(origin, &identifier)?;
     			ensure!(T::DipCallOriginFilter::contains(&*call), Error::<T>::Filtered);
     			let mut identity_entry = IdentityEntries::<T>::get(&identifier);
     			let proof_verification_result = T::ProofVerifier::verify_proof_for_call_against_details(
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: origin checks for provider and consumer pallets #581

Uh oh!

Diff view

Diff view

There are no files selected for viewing