ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-19 04:57:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CORDA-4110 startFlowDynamicWithClientId restrict permissions (#6875)

Browse Source 
Restrict permissions for `startFlowDynamicWithClientId` to not work with
 `InvokeRpc.startFlow` and instead require `InvokeRpc
 .startFlowWithClientId`.
This commit is contained in:
Dan Newton 2021-02-18 14:46:09 +00:00 committed by GitHub
parent ae2bb9992f
commit 41b4f9b3aa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
node/src/integration-test/kotlin/net/corda/node/flows/FlowWithClientIdTest.kt
View File

@ -62,7 +62,7 @@ class FlowWithClientIdTest {
}
@Test(timeout = 300_000)
fun `start flow with client id permissions`() {
fun `start flow with client id permissions - StartFlow`() {
val user = User("TonyStark", "I AM IRONMAN", setOf("StartFlow.net.corda.node.flows.FlowWithClientIdTest\$ResultFlow"))
driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = emptySet())) {
val nodeA = startNode(rpcUsers = listOf(user)).getOrThrow()
@ -75,9 +75,37 @@ class FlowWithClientIdTest {
}
}
@Test(timeout = 300_000)
fun `start flow with client id permissions - InvokeRpc-startFlowWithClientId`() {
val user = User("TonyStark", "I AM IRONMAN", setOf("InvokeRpc.startFlowWithClientId"))
driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = emptySet())) {
val nodeA = startNode(rpcUsers = listOf(user)).getOrThrow()
nodeA.rpc.startFlowWithClientId(UUID.randomUUID().toString(), ::ResultFlow, 5).returnValue.getOrThrow(20.seconds)
nodeA.rpc.startFlowDynamicWithClientId(
UUID.randomUUID().toString(),
ResultFlow::class.java,
5
).returnValue.getOrThrow(20.seconds)
}
}
@Test(timeout = 300_000)
fun `start flow with client id permissions - InvokeRpc-startFlowDynamicWithClientId`() {
val user = User("TonyStark", "I AM IRONMAN", setOf("InvokeRpc.startFlowDynamicWithClientId"))
driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = emptySet())) {
val nodeA = startNode(rpcUsers = listOf(user)).getOrThrow()
nodeA.rpc.startFlowWithClientId(UUID.randomUUID().toString(), ::ResultFlow, 5).returnValue.getOrThrow(20.seconds)
nodeA.rpc.startFlowDynamicWithClientId(
UUID.randomUUID().toString(),
ResultFlow::class.java,
5
).returnValue.getOrThrow(20.seconds)
}
}
@Test(timeout = 300_000)
fun `start flow with client id without permissions`() {
val user = User("TonyStark", "I AM IRONMAN", setOf())
val user = User("TonyStark", "I AM IRONMAN", setOf("InvokeRpc.startFlow"))
driver(DriverParameters(startNodesInProcess = true, cordappsForAllNodes = emptySet())) {
val nodeA = startNode(rpcUsers = listOf(user)).getOrThrow()
assertFailsWith<PermissionException> {

4
node/src/main/kotlin/net/corda/node/internal/rpc/proxies/AuthenticatedRpcOpsProxy.kt
View File

@ -39,10 +39,12 @@ internal class AuthenticatedRpcOpsProxy(private val delegate: InternalCordaRPCOp
clientId: String,
logicType: Class<out FlowLogic<T>>,
vararg args: Any?
): FlowHandleWithClientId<T> = guard("startFlowDynamic", listOf(logicType), ::rpcContext) {
): FlowHandleWithClientId<T> = guard("startFlowDynamicWithClientId", listOf(logicType), ::rpcContext) {
delegate.startFlowDynamicWithClientId(clientId, logicType, *args)
}
private companion object {
private fun proxy(delegate: InternalCordaRPCOps, context: () -> RpcAuthContext): InternalCordaRPCOps {
val handler = PermissionsEnforcingInvocationHandler(delegate, context)