fix #245

2a6b8c07 · bgallois · 6dec13d1 · 2a6b8c07 · 2a6b8c07 · 2a6b8c07
Unverified Commit 2a6b8c07 authored 8 months ago by bgallois
--- a/pallets/distance/src/mock.rs
+++ b/pallets/distance/src/mock.rs
@@ -243,6 +243,7 @@ impl pallet_identity::Config for Test {
    type IdtyNameValidator = IdtyNameValidatorTestImpl;
    type OnNewIdty = ();
    type OnRemoveIdty = ();
+    type OwnerKeyChangePermission = ();
    type RuntimeEvent = RuntimeEvent;
    type Signature = TestSignature;
    type Signer = UintAuthorityId;

--- a/pallets/duniter-wot/src/mock.rs
+++ b/pallets/duniter-wot/src/mock.rs
@@ -123,6 +123,7 @@ impl pallet_identity::Config for Test {
    type IdtyNameValidator = IdtyNameValidatorTestImpl;
    type OnNewIdty = DuniterWot;
    type OnRemoveIdty = DuniterWot;
+    type OwnerKeyChangePermission = ();
    type RuntimeEvent = RuntimeEvent;
    type Signature = TestSignature;
    type Signer = UintAuthorityId;

--- a/pallets/identity/src/lib.rs
+++ b/pallets/identity/src/lib.rs
@@ -132,6 +132,9 @@ pub mod pallet {
        /// The type used to check account worthiness.
        type CheckAccountWorthiness: CheckAccountWorthiness<Self>;
+        /// Handler that checks the necessary permissions for an identity's owner key change.
+        type OwnerKeyChangePermission: CheckKeyChangeAllowed<Self>;
        /// Custom data to store in each identity.
        type IdtyData: Clone
            + Codec
@@ -453,6 +456,12 @@ pub mod pallet {
                Error::<T>::OwnerKeyAlreadyUsed
            );
+            // Ensure that the key is not currently as a validator
+            ensure!(
+                T::OwnerKeyChangePermission::check_allowed(&idty_index),
+                Error::<T>::OwnerKeyUsedAsValidator
+            );
            let block_number = frame_system::Pallet::<T>::block_number();
            let maybe_old_old_owner_key =
                if let Some((old_owner_key, last_change)) = idty_value.old_owner_key {
@@ -690,6 +699,8 @@ pub mod pallet {
        AccountNotExist,
        /// Insufficient balance to create an identity.
        InsufficientBalance,
+        /// Owner key currently used as validator.
+        OwnerKeyUsedAsValidator,
    }
    // INTERNAL FUNCTIONS //

--- a/pallets/identity/src/mock.rs
+++ b/pallets/identity/src/mock.rs
@@ -116,6 +116,7 @@ impl pallet_identity::Config for Test {
    type IdtyNameValidator = IdtyNameValidatorTestImpl;
    type OnNewIdty = ();
    type OnRemoveIdty = ();
+    type OwnerKeyChangePermission = ();
    type RuntimeEvent = RuntimeEvent;
    type Signature = Signature;
    type Signer = AccountPublic;

--- a/pallets/identity/src/traits.rs
+++ b/pallets/identity/src/traits.rs
@@ -94,3 +94,15 @@ impl<AccountId, IdtyIndex> LinkIdty<AccountId, IdtyIndex> for () {
        Ok(())
    }
 }
+/// Trait for checking whether a key change is allowed for a given identity.
+pub trait CheckKeyChangeAllowed<T: Config> {
+    /// Determines if a key change is allowed for the given identity.
+    fn check_allowed(account_id: &T::IdtyIndex) -> bool;
+}
+impl<T: Config> CheckKeyChangeAllowed<T> for () {
+    fn check_allowed(_: &T::IdtyIndex) -> bool {
+        true
+    }
+}
--- a/pallets/quota/src/mock.rs
+++ b/pallets/quota/src/mock.rs
@@ -157,6 +157,7 @@ impl pallet_identity::Config for Test {
    type IdtyNameValidator = IdtyNameValidatorTestImpl;
    type OnNewIdty = ();
    type OnRemoveIdty = ();
+    type OwnerKeyChangePermission = ();
    type RuntimeEvent = RuntimeEvent;
    type Signature = Signature;
    type Signer = AccountPublic;

--- a/runtime/common/src/handlers.rs
+++ b/runtime/common/src/handlers.rs
@@ -165,3 +165,17 @@ where
        }
    }
 }
+/// Runtime handler OwnerKeyChangePermission.
+pub struct OwnerKeyChangePermissionHandler<Runtime>(core::marker::PhantomData<Runtime>);
+impl<
+        Runtime: frame_system::Config
+            + pallet_identity::Config<IdtyIndex = IdtyIndex>
+            + pallet_authority_members::Config<MemberId = IdtyIndex>,
+    > pallet_identity::traits::CheckKeyChangeAllowed<Runtime>
+    for OwnerKeyChangePermissionHandler<Runtime>
+{
+    fn check_allowed(idty_index: &IdtyIndex) -> bool {
+        !pallet_authority_members::Pallet::<Runtime>::online().contains(idty_index)
+    }
+}
--- a/runtime/common/src/pallets_config.rs
+++ b/runtime/common/src/pallets_config.rs
@@ -470,6 +470,7 @@ macro_rules! pallets_config {
            type IdtyNameValidator = IdtyNameValidatorImpl;
            type OnNewIdty = OnNewIdtyHandler<Runtime>;
            type OnRemoveIdty = OnRemoveIdtyHandler<Runtime>;
+            type OwnerKeyChangePermission = OwnerKeyChangePermissionHandler<Runtime>;
            type RuntimeEvent = RuntimeEvent;
            type Signature = Signature;
            type Signer = <Signature as sp_runtime::traits::Verify>::Signer;

--- a/runtime/gdev/tests/integration_tests.rs
+++ b/runtime/gdev/tests/integration_tests.rs
@@ -1361,6 +1361,31 @@ fn test_link_account() {
        })
 }
+/// test change owner key
+#[test]
+fn test_change_owner_key_validator_online() {
+    ExtBuilder::new(1, 3, 4).build().execute_with(|| {
+        let genesis_hash = System::block_hash(0);
+        let alice = AccountKeyring::Alice.to_account_id();
+        let ferdie = AccountKeyring::Ferdie.to_account_id();
+        let payload = (b"icok", genesis_hash, 1u32, alice.clone()).encode();
+        let signature = AccountKeyring::Alice.sign(&payload);
+        // Alice is an online validator
+        assert!(pallet_authority_members::OnlineAuthorities::<Runtime>::get().contains(&1));
+        // As an online validator she cannot change key
+        assert_noop!(
+            Identity::change_owner_key(
+                frame_system::RawOrigin::Signed(alice.clone()).into(),
+                ferdie.clone(),
+                signature.into()
+            ),
+            pallet_identity::Error::<gdev_runtime::Runtime>::OwnerKeyUsedAsValidator
+        );
+    })
+}
 /// test change owner key
 #[test]
 fn test_change_owner_key() {