Merge pull request from GHSA-2p6r-37p9-89p2

* test: adding authz grant tests * fix TestCLITxGrantAuthorization/Invalid_expiration_time test case * comment out the test * reenable test
cosmos · Oct 12, 2021 · 68ab790 · 68ab790
1 parent 4e08d1c
commit 68ab790
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 10 deletions.
diff --git a/x/authz/authorization_grant.go b/x/authz/authorization_grant.go
@@ -10,7 +10,11 @@ import (
 )
 
 // NewGrant returns new Grant
-func NewGrant(a Authorization, expiration time.Time) (Grant, error) {
+func NewGrant( /*blockTime time.Time, */ a Authorization, expiration time.Time) (Grant, error) {
+	// TODO: add this for 0.45
+	// if !expiration.After(blockTime) {
+	// 	return Grant{}, sdkerrors.ErrInvalidRequest.Wrapf("expiration must be after the current block time (%v), got %v", blockTime.Format(time.RFC3339), expiration.Format(time.RFC3339))
+	// }
 	g := Grant{
 		Expiration: expiration,
 	}
@@ -51,10 +55,6 @@ func (g Grant) GetAuthorization() Authorization {
 }
 
 func (g Grant) ValidateBasic() error {
-	if g.Expiration.Unix() < time.Now().Unix() {
-		return sdkerrors.Wrap(ErrInvalidExpirationTime, "Time can't be in the past")
-	}
-
 	av := g.Authorization.GetCachedValue()
 	a, ok := av.(Authorization)
 	if !ok {

diff --git a/x/authz/authorization_grant_test.go b/x/authz/authorization_grant_test.go
@@ -0,0 +1,44 @@
+package authz
+
+import (
+	"testing"
+	"time"
+
+	// banktypes "github.com/cosmos/cosmos-sdk/x/bank/types"
+	"github.com/stretchr/testify/require"
+)
+
+func expecError(r *require.Assertions, expected string, received error) {
+	if expected == "" {
+		r.NoError(received)
+	} else {
+		r.Error(received)
+		r.Contains(received.Error(), expected)
+	}
+}
+
+func TestNewGrant(t *testing.T) {
+	// ba := banktypes.NewSendAuthorization(sdk.NewCoins(sdk.NewInt64Coin("foo", 123)))
+	a := NewGenericAuthorization("some-type")
+	var tcs = []struct {
+		title     string
+		a         Authorization
+		blockTime time.Time
+		expire    time.Time
+		err       string
+	}{
+		// {"wrong expire time (1)", a, time.Unix(10, 0), time.Unix(8, 0), "expiration must be after"},
+		// {"wrong expire time (2)", a, time.Unix(10, 0), time.Unix(10, 0), "expiration must be after"},
+		{"good expire time (1)", a, time.Unix(10, 0), time.Unix(10, 1), ""},
+		{"good expire time (2)", a, time.Unix(10, 0), time.Unix(11, 0), ""},
+	}
+
+	for _, tc := range tcs {
+		t.Run(tc.title, func(t *testing.T) {
+			// _, err := NewGrant(tc.blockTime, tc.a, tc.expire)
+			_, err := NewGrant(tc.a, tc.expire)
+			expecError(require.New(t), tc.err, err)
+		})
+	}
+
+}
diff --git a/x/authz/client/testutil/tx.go b/x/authz/client/testutil/tx.go
@@ -127,11 +127,11 @@ func (s *IntegrationTestSuite) TestCLITxGrantAuthorization() {
 				"send",
 				fmt.Sprintf("--%s=100steak", cli.FlagSpendLimit),
 				fmt.Sprintf("--%s=%s", flags.FlagFrom, val.Address.String()),
-				fmt.Sprintf("--%s=true", flags.FlagGenerateOnly),
+				fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
 				fmt.Sprintf("--%s=%d", cli.FlagExpiration, pastHour),
 			},
-			0,
-			true,
+			0xd,
+			false, // TODO: enable in v0.45
 		},
 		{
 			"fail with error invalid msg-type",

diff --git a/x/authz/keeper/msg_server.go b/x/authz/keeper/msg_server.go
@@ -10,7 +10,7 @@ import (
 
 var _ authz.MsgServer = Keeper{}
 
-// GrantAuthorization implements the MsgServer.Grant method.
+// GrantAuthorization implements the MsgServer.Grant method to create a new grant.
 func (k Keeper) Grant(goCtx context.Context, msg *authz.MsgGrant) (*authz.MsgGrantResponse, error) {
 	ctx := sdk.UnwrapSDKContext(goCtx)
 	grantee, err := sdk.AccAddressFromBech32(msg.Grantee)

diff --git a/x/authz/msgs_test.go b/x/authz/msgs_test.go
@@ -80,7 +80,7 @@ func TestMsgGrantAuthorization(t *testing.T) {
 		{"nil granter and grantee address", nil, nil, &banktypes.SendAuthorization{SpendLimit: coinsPos}, time.Now(), false, false},
 		{"nil authorization", granter, grantee, nil, time.Now(), true, false},
 		{"valid test case", granter, grantee, &banktypes.SendAuthorization{SpendLimit: coinsPos}, time.Now().AddDate(0, 1, 0), false, true},
-		{"past time", granter, grantee, &banktypes.SendAuthorization{SpendLimit: coinsPos}, time.Now().AddDate(0, 0, -1), false, false},
+		{"past time", granter, grantee, &banktypes.SendAuthorization{SpendLimit: coinsPos}, time.Now().AddDate(0, 0, -1), false, true}, // TODO need 0.45
 	}
 	for i, tc := range tests {
 		msg, err := authz.NewMsgGrant(