From 017a6b9bc1ede351f205209474c2d9e6e9365819 Mon Sep 17 00:00:00 2001 From: Anna Shaleva Date: Mon, 5 Sep 2022 17:30:54 +0300 Subject: [PATCH] nns: require admin signature for subdomain registration Port https://github.com/nspcc-dev/neofs-contract/pull/139/commits/14fc08629180e9d53d7efe431fb20b245c6ecf78. --- examples/nft-nd-nns/nns.go | 4 ++++ examples/nft-nd-nns/nns_test.go | 25 +++++++++++++++---------- internal/basicchain/basic.go | 3 ++- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/examples/nft-nd-nns/nns.go b/examples/nft-nd-nns/nns.go index c1df13dca..f9aaadb44 100644 --- a/examples/nft-nd-nns/nns.go +++ b/examples/nft-nd-nns/nns.go @@ -263,6 +263,10 @@ func Register(name string, owner interop.Hash160) bool { if parentExpired(ctx, 1, fragments) { panic("one of the parent domains has expired") } + parentKey := getTokenKey([]byte(fragments[1])) + nsBytes := storage.Get(ctx, append([]byte{prefixName}, parentKey...)) + ns := std.Deserialize(nsBytes.([]byte)).(NameState) + ns.checkAdmin() } if !isValid(owner) { diff --git a/examples/nft-nd-nns/nns_test.go b/examples/nft-nd-nns/nns_test.go index bb7edd9ac..983db3474 100644 --- a/examples/nft-nd-nns/nns_test.go +++ b/examples/nft-nd-nns/nns_test.go @@ -95,13 +95,14 @@ func TestExpiration(t *testing.T) { acc := e.NewAccount(t) cAcc := c.WithSigners(acc) + cAccCommittee := c.WithSigners(acc, c.Committee) // acc + committee signers for ".com"'s subdomains registration c.Invoke(t, true, "register", "com", c.CommitteeHash) - cAcc.Invoke(t, true, "register", "first.com", acc.ScriptHash()) + cAccCommittee.Invoke(t, true, "register", "first.com", acc.ScriptHash()) cAcc.Invoke(t, stackitem.Null{}, "setRecord", "first.com", int64(nns.TXT), "sometext") b1 := e.TopBlock(t) - tx := cAcc.PrepareInvoke(t, "register", "second.com", acc.ScriptHash()) + tx := cAccCommittee.PrepareInvoke(t, "register", "second.com", acc.ScriptHash()) b2 := e.NewUnsignedBlock(t, tx) b2.Index = b1.Index + 1 b2.PrevHash = b1.Hash() @@ -315,6 +316,7 @@ func TestSetAdmin(t *testing.T) { owner := e.NewAccount(t) cOwner := c.WithSigners(owner) + cOwnerCommittee := c.WithSigners(owner, c.Committee) admin := e.NewAccount(t) cAdmin := c.WithSigners(admin) guest := e.NewAccount(t) @@ -322,7 +324,8 @@ func TestSetAdmin(t *testing.T) { c.Invoke(t, true, "register", "com", c.CommitteeHash) - cOwner.Invoke(t, true, "register", "neo.com", owner.ScriptHash()) + cOwner.InvokeFail(t, "not witnessed by admin", "register", "neo.com", owner.ScriptHash()) // admin is committee + cOwnerCommittee.Invoke(t, true, "register", "neo.com", owner.ScriptHash()) cGuest.InvokeFail(t, "not witnessed", "setAdmin", "neo.com", admin.ScriptHash()) // Must be witnessed by both owner and admin. @@ -350,11 +353,12 @@ func TestTransfer(t *testing.T) { from := e.NewAccount(t) cFrom := c.WithSigners(from) + cFromCommittee := c.WithSigners(from, c.Committee) to := e.NewAccount(t) cTo := c.WithSigners(to) c.Invoke(t, true, "register", "com", c.CommitteeHash) - cFrom.Invoke(t, true, "register", "neo.com", from.ScriptHash()) + cFromCommittee.Invoke(t, true, "register", "neo.com", from.ScriptHash()) cFrom.Invoke(t, stackitem.Null{}, "setRecord", "neo.com", int64(nns.A), "1.2.3.4") cFrom.InvokeFail(t, "token not found", "transfer", to.ScriptHash(), "not.exists", nil) c.Invoke(t, false, "transfer", to.ScriptHash(), "neo.com", nil) @@ -387,14 +391,14 @@ func TestTokensOf(t *testing.T) { e := c.Executor acc1 := e.NewAccount(t) - cAcc1 := c.WithSigners(acc1) + cAcc1Committee := c.WithSigners(acc1, c.Committee) acc2 := e.NewAccount(t) - cAcc2 := c.WithSigners(acc2) + cAcc2Committee := c.WithSigners(acc2, c.Committee) tld := []byte("com") c.Invoke(t, true, "register", tld, c.CommitteeHash) - cAcc1.Invoke(t, true, "register", "neo.com", acc1.ScriptHash()) - cAcc2.Invoke(t, true, "register", "nspcc.com", acc2.ScriptHash()) + cAcc1Committee.Invoke(t, true, "register", "neo.com", acc1.ScriptHash()) + cAcc2Committee.Invoke(t, true, "register", "nspcc.com", acc2.ScriptHash()) testTokensOf(t, c, tld, [][]byte{[]byte("neo.com")}, acc1.ScriptHash().BytesBE()) testTokensOf(t, c, tld, [][]byte{[]byte("nspcc.com")}, acc2.ScriptHash().BytesBE()) @@ -434,13 +438,14 @@ func TestResolve(t *testing.T) { acc := e.NewAccount(t) cAcc := c.WithSigners(acc) + cAccCommittee := c.WithSigners(acc, c.Committee) c.Invoke(t, true, "register", "com", c.CommitteeHash) - cAcc.Invoke(t, true, "register", "neo.com", acc.ScriptHash()) + cAccCommittee.Invoke(t, true, "register", "neo.com", acc.ScriptHash()) cAcc.Invoke(t, stackitem.Null{}, "setRecord", "neo.com", int64(nns.A), "1.2.3.4") cAcc.Invoke(t, stackitem.Null{}, "setRecord", "neo.com", int64(nns.CNAME), "alias.com") - cAcc.Invoke(t, true, "register", "alias.com", acc.ScriptHash()) + cAccCommittee.Invoke(t, true, "register", "alias.com", acc.ScriptHash()) cAcc.Invoke(t, stackitem.Null{}, "setRecord", "alias.com", int64(nns.TXT), "sometxt") c.Invoke(t, "1.2.3.4", "resolve", "neo.com", int64(nns.A)) diff --git a/internal/basicchain/basic.go b/internal/basicchain/basic.go index 8cf016f1f..f6683bf2f 100644 --- a/internal/basicchain/basic.go +++ b/internal/basicchain/basic.go @@ -158,6 +158,7 @@ func Init(t *testing.T, rootpath string, e *neotest.Executor) { _, _, nsHash := deployContractFromPriv0(t, nsPath, nsPath, nsConfigPath, 4) // block #11 nsCommitteeInvoker := e.CommitteeInvoker(nsHash) nsPriv0Invoker := e.NewInvoker(nsHash, acc0) + nsPriv0CommitteeInvoker := e.NewInvoker(nsHash, acc0, e.Committee) // Block #12: transfer funds to committee for further NS record registration. gasValidatorInvoker.Invoke(t, true, "transfer", @@ -167,7 +168,7 @@ func Init(t *testing.T, rootpath string, e *neotest.Executor) { nsCommitteeInvoker.Invoke(t, true, "register", "com", nsCommitteeInvoker.CommitteeHash) // block #13 // Block #14: register `neo.com` via NNS. - registerTxH := nsPriv0Invoker.Invoke(t, true, "register", + registerTxH := nsPriv0CommitteeInvoker.Invoke(t, true, "register", "neo.com", priv0ScriptHash) // block #14 res := e.GetTxExecResult(t, registerTxH) require.Equal(t, 1, len(res.Events)) // transfer