Merge branch 'develop' into MESH-1806-verify_did_in_treasury_disburse…

…ment
PolymeshAssociation · Apr 18, 2022 · 56618a8 · 56618a8
2 parents 3aa372b + e5c9b3c
commit 56618a8
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 2 deletions.
diff --git a/pallets/multisig/src/lib.rs b/pallets/multisig/src/lib.rs
@@ -656,6 +656,8 @@ decl_error! {
         SignerAlreadyLinkedToMultisig,
         /// Signer is an account key that is already associated with an identity.
         SignerAlreadyLinkedToIdentity,
+        /// Multisig not allowed to add itself as a signer.
+        MultisigNotAllowedToLinkToItself,
         /// Current DID is missing
         MissingCurrentIdentity,
         /// The function can only be called by the primary key of the did
@@ -1057,7 +1059,10 @@ impl<T: Config> Module<T> {
                 );
                 // Don't allow a multisig to add itself as a signer to itself
                 // NB - you can add a multisig as a signer to a different multisig
-                ensure!(key != &multisig, Error::<T>::SignerAlreadyLinkedToMultisig);
+                ensure!(
+                    key != &multisig,
+                    Error::<T>::MultisigNotAllowedToLinkToItself
+                );
             }
 
             let ms_identity = <MultiSigToIdentity<T>>::get(&multisig);

diff --git a/pallets/runtime/tests/src/identity_test.rs b/pallets/runtime/tests/src/identity_test.rs
@@ -1113,6 +1113,35 @@ fn add_secondary_keys_with_authorization_too_many_sks() {
     });
 }
 
+#[test]
+fn secondary_key_with_bad_permissions() {
+    ExtBuilder::default()
+        .balance_factor(1_000)
+        .monied(true)
+        .cdd_providers(vec![
+            AccountKeyring::Eve.to_account_id(),
+            AccountKeyring::Ferdie.to_account_id(),
+        ])
+        .build()
+        .execute_with(|| {
+            let cdd1 = AccountKeyring::Eve.to_account_id();
+            let alice = User::new(AccountKeyring::Alice);
+            let bob = User::new_with(alice.did, AccountKeyring::Bob);
+
+            test_with_bad_perms(bob.did, |perms| {
+                let bob_sk = SecondaryKey::new(bob.signatory_acc(), perms);
+                assert_noop!(
+                    Identity::cdd_register_did(
+                        Origin::signed(cdd1.clone()),
+                        alice.acc(),
+                        vec![bob_sk]
+                    ),
+                    pallet_base::Error::<TestStorage>::TooLong
+                );
+            });
+        });
+}
+
 #[test]
 fn adding_authorizations_bad_perms() {
     ExtBuilder::default().build().execute_with(|| {

diff --git a/pallets/runtime/tests/src/multisig.rs b/pallets/runtime/tests/src/multisig.rs
@@ -1,6 +1,9 @@
 use super::{
     next_block,
-    storage::{get_last_auth_id, register_keyring_account, set_curr_did, Call, TestStorage, User},
+    storage::{
+        add_secondary_key, get_last_auth_id, register_keyring_account, set_curr_did, Call,
+        TestStorage, User,
+    },
     ExtBuilder,
 };
 use frame_support::{assert_noop, assert_ok};
@@ -46,6 +49,11 @@ fn join_multisig() {
         let alice = Origin::signed(AccountKeyring::Alice.to_account_id());
         let bob = Origin::signed(AccountKeyring::Bob.to_account_id());
         let bob_signer = Signatory::Account(AccountKeyring::Bob.to_account_id());
+        let charlie = User::new(AccountKeyring::Charlie);
+
+        // Add dave's key as a secondary key of charlie.
+        let dave = User::new_with(charlie.did, AccountKeyring::Dave);
+        add_secondary_key(charlie.did, dave.acc());
 
         let ms_address = MultiSig::get_next_multisig_address(AccountKeyring::Alice.to_account_id());
 
@@ -101,6 +109,40 @@ fn join_multisig() {
             MultiSig::accept_multisig_signer_as_key(bob.clone(), bob_auth_id2),
             Error::SignerAlreadyLinkedToMultisig
         );
+
+        assert_ok!(MultiSig::create_multisig(
+            alice.clone(),
+            vec![Signatory::from(alice_did), dave.signatory_acc()],
+            1,
+        ));
+
+        // Testing signer key that is already a secondary key on another identity.
+        let dave_auth_id = get_last_auth_id(&dave.signatory_acc());
+        set_curr_did(Some(alice_did));
+        assert_noop!(
+            MultiSig::accept_multisig_signer_as_key(dave.origin(), dave_auth_id),
+            Error::SignerAlreadyLinkedToIdentity
+        );
+
+        set_curr_did(None);
+        assert_ok!(MultiSig::create_multisig(
+            alice.clone(),
+            vec![Signatory::Account(ms_address.clone())],
+            1,
+        ));
+
+        // Testing that a multisig can't add itself as a signer.
+        let ms_auth_id = Identity::add_auth(
+            alice_did,
+            Signatory::Account(ms_address.clone()),
+            AuthorizationData::AddMultiSigSigner(ms_address.clone()),
+            None,
+        );
+
+        assert_noop!(
+            MultiSig::accept_multisig_signer_as_key(Origin::signed(ms_address.clone()), ms_auth_id),
+            Error::MultisigNotAllowedToLinkToItself
+        );
     });
 }