Skip to content

test: integration test for verifyApiKey #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gregorydemay merged 1 commit into from
Apr 29, 2025
Merged

test: integration test for verifyApiKey #82

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions canister/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,8 +347,7 @@ fn http_request(request: HttpRequest) -> HttpResponse {
name = "verifyApiKey",
hidden = true
)]
async fn verify_api_key(api_key: (SupportedRpcProviderId, Option<String>)) {
let (provider, api_key) = api_key;
async fn verify_api_key((provider, api_key): (SupportedRpcProviderId, Option<String>)) {
let api_key = api_key.map(|key| TryFrom::try_from(key).expect("Invalid API key"));
if read_state(|state| state.get_api_key(&provider)) != api_key {
panic!("API key does not match input")
Expand Down
11 changes: 10 additions & 1 deletion integration_tests/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,6 @@ impl Setup {
self
}

// TODO XC-329: remove verifyApiKey endpoint
pub async fn verify_api_key(&self, api_key: (SupportedRpcProviderId, Option<String>)) {
let runtime = self.new_pocket_ic_runtime();
runtime
Expand Down Expand Up @@ -217,6 +216,10 @@ impl Setup {
pub fn controller(&self) -> Principal {
self.controller
}

pub fn sol_rpc_canister_id(&self) -> CanisterId {
self.sol_rpc_canister_id
}
}

async fn tick_until_http_request(env: &PocketIc) -> Vec<CanisterHttpRequest> {
Expand Down Expand Up @@ -250,6 +253,12 @@ fn wallet_wasm() -> Vec<u8> {
ic_test_utilities_load_wasm::load_wasm(PathBuf::new(), "wallet", &[])
}

impl AsRef<PocketIc> for Setup {
fn as_ref(&self) -> &PocketIc {
&self.env
}
}

#[derive(Clone)]
pub struct PocketIcRuntime<'a> {
env: &'a PocketIc,
Expand Down
32 changes: 32 additions & 0 deletions integration_tests/tests/tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -597,6 +597,8 @@ mod retrieve_logs_tests {

mod update_api_key_tests {
use super::*;
use candid::{encode_args, Principal};
use pocket_ic::{ErrorCode, RejectCode, RejectResponse};

#[tokio::test]
async fn should_update_api_key() {
Expand Down Expand Up @@ -651,6 +653,36 @@ mod update_api_key_tests {
)])
.await;
}

#[tokio::test]
async fn should_prevent_unauthorized_call_to_verify_api_key() {
let setup = Setup::new().await.with_mock_api_keys().await;
let args = (SupportedRpcProviderId::AlchemyMainnet, Some("test-key"));

for unauthorized_principal in [Principal::anonymous(), DEFAULT_CALLER_TEST_ID] {
let result = setup
.as_ref()
.query_call(
setup.sol_rpc_canister_id(),
unauthorized_principal,
"verifyApiKey",
encode_args(args).unwrap(),
)
.await;

assert_eq!(
result,
Err(RejectResponse {
reject_code: RejectCode::CanisterReject,
reject_message: "You are not authorized".to_string(),
error_code: ErrorCode::CanisterRejectedMessage,
certified: false,
})
);
}

setup.drop().await;
}
}

mod canister_upgrade_tests {
Expand Down