Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Extra Check in Primary Username Setter #4534

Merged
merged 3 commits into from
May 22, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions prdoc/pr_4534.prdoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Schema: Polkadot SDK PRDoc Schema (prdoc) v1.0.0
# See doc at https://raw.githubusercontent.com/paritytech/polkadot-sdk/master/prdoc/schema_user.json

title: Add Extra Check in Primary Username Setter

doc:
- audience: Runtime User
description: |
Setting primary usernames requires an additional verification.

crates:
- name: pallet-identity
bump: patch
4 changes: 3 additions & 1 deletion substrate/frame/identity/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1169,7 +1169,9 @@ pub mod pallet {
pub fn set_primary_username(origin: OriginFor<T>, username: Username<T>) -> DispatchResult {
// ensure `username` maps to `origin` (i.e. has already been set by an authority).
let who = ensure_signed(origin)?;
ensure!(AccountOfUsername::<T>::contains_key(&username), Error::<T>::NoUsername);
let account_of_username =
AccountOfUsername::<T>::get(&username).ok_or(Error::<T>::NoUsername)?;
ensure!(who == account_of_username, Error::<T>::InvalidUsername);
let (registration, _maybe_username) =
IdentityOf::<T>::get(&who).ok_or(Error::<T>::NoIdentity)?;
IdentityOf::<T>::insert(&who, (registration, Some(username.clone())));
Expand Down
72 changes: 71 additions & 1 deletion substrate/frame/identity/src/tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ use crate::{

use codec::{Decode, Encode};
use frame_support::{
assert_noop, assert_ok, derive_impl, parameter_types,
assert_err, assert_noop, assert_ok, derive_impl, parameter_types,
traits::{ConstU32, ConstU64, Get, OnFinalize, OnInitialize},
BoundedVec,
};
Expand Down Expand Up @@ -1491,6 +1491,76 @@ fn setting_primary_should_work() {
});
}

#[test]
fn must_own_primary() {
new_test_ext().execute_with(|| {
// set up authority
let [authority, _] = unfunded_accounts();
let suffix: Vec<u8> = b"test".to_vec();
let allocation: u32 = 10;
assert_ok!(Identity::add_username_authority(
RuntimeOrigin::root(),
authority.clone(),
suffix.clone(),
allocation
));

// Set up first user ("pi") and a username.
let pi_public = sr25519_generate(0.into(), None);
let pi_account: AccountIdOf<Test> = MultiSigner::Sr25519(pi_public).into_account().into();
let (pi_username, pi_to_sign) =
test_username_of(b"username314159".to_vec(), suffix.clone());
let encoded_pi_username = Encode::encode(&pi_to_sign.to_vec());
let pi_signature = MultiSignature::Sr25519(
sr25519_sign(0.into(), &pi_public, &encoded_pi_username).unwrap(),
);
assert_ok!(Identity::set_username_for(
RuntimeOrigin::signed(authority.clone()),
pi_account.clone(),
pi_username.clone(),
Some(pi_signature)
));

// Set up second user ("e") and a username.
let e_public = sr25519_generate(1.into(), None);
let e_account: AccountIdOf<Test> = MultiSigner::Sr25519(e_public).into_account().into();
let (e_username, e_to_sign) = test_username_of(b"username271828".to_vec(), suffix.clone());
let encoded_e_username = Encode::encode(&e_to_sign.to_vec());
let e_signature = MultiSignature::Sr25519(
sr25519_sign(1.into(), &e_public, &encoded_e_username).unwrap(),
);
assert_ok!(Identity::set_username_for(
RuntimeOrigin::signed(authority.clone()),
e_account.clone(),
e_username.clone(),
Some(e_signature)
));

// Ensure that both users have their usernames.
assert_eq!(
AccountOfUsername::<Test>::get::<&Username<Test>>(&pi_to_sign),
Some(pi_account.clone())
);
assert_eq!(
AccountOfUsername::<Test>::get::<&Username<Test>>(&e_to_sign),
Some(e_account.clone())
);

// Cannot set primary to a username that does not exist.
let (_, c_username) = test_username_of(b"speedoflight".to_vec(), suffix.clone());
assert_err!(
Identity::set_primary_username(RuntimeOrigin::signed(pi_account.clone()), c_username,),
Error::<Test>::NoUsername
);

// Cannot take someone else's username as your primary.
assert_err!(
Identity::set_primary_username(RuntimeOrigin::signed(pi_account.clone()), e_to_sign,),
Error::<Test>::InvalidUsername
);
});
}

#[test]
fn unaccepted_usernames_should_expire() {
new_test_ext().execute_with(|| {
Expand Down
Loading