chore: add missing principal aligment test (#134)

* chore: add missing principal aligment test * chore: add another test
storacha · Nov 17, 2022 · 5d04d16 · 5d04d16
1 parent 947e0f3
commit 5d04d16
Showing 1 changed file with 72 additions and 0 deletions.
diff --git a/packages/validator/test/lib.spec.js b/packages/validator/test/lib.spec.js
@@ -803,3 +803,75 @@ test('authorize / resolve external proof', async () => {
     ],
   })
 })
+
+test('invalid claim / principal aligment', async () => {
+  const proof = await storeAdd.delegate({
+    issuer: alice,
+    audience: bob,
+    with: alice.did(),
+  })
+
+  const nb = { link: Link.parse('bafkqaaa') }
+  const invocation = storeAdd.invoke({
+    issuer: mallory,
+    audience: w3,
+    with: alice.did(),
+    nb,
+    proofs: [proof],
+  })
+
+  const result = await access(await invocation.delegate(), {
+    principal: ed25519.Verifier,
+    capability: storeAdd,
+  })
+
+  assert.containSubset(result, {
+    name: 'Unauthorized',
+    cause: {
+      name: 'InvalidClaim',
+      message: `Claimed capability {"can":"store/add","with":"${alice.did()}","nb":${JSON.stringify(
+        nb
+      )}} is invalid
+  - Capability can not be (self) issued by '${mallory.did()}'
+  - Can not derive from prf:0 - ${proof.cid} because:
+    - Delegates to '${bob.did()}' instead of '${mallory.did()}'`,
+    },
+  })
+})
+
+test('invalid claim / invalid delegation chain', async () => {
+  const space = alice
+
+  const proof = await storeAdd.delegate({
+    issuer: space,
+    audience: w3,
+    with: space.did(),
+  })
+
+  const nb = { link: Link.parse('bafkqaaa') }
+  const invocation = storeAdd.invoke({
+    issuer: bob,
+    audience: w3,
+    with: space.did(),
+    nb,
+    proofs: [proof],
+  })
+
+  const result = await access(await invocation.delegate(), {
+    principal: ed25519.Verifier,
+    capability: storeAdd,
+  })
+
+  assert.containSubset(result, {
+    name: 'Unauthorized',
+    cause: {
+      name: 'InvalidClaim',
+      message: `Claimed capability {"can":"store/add","with":"${space.did()}","nb":${JSON.stringify(
+        nb
+      )}} is invalid
+  - Capability can not be (self) issued by '${bob.did()}'
+  - Can not derive from prf:0 - ${proof.cid} because:
+    - Delegates to '${w3.did()}' instead of '${bob.did()}'`,
+    },
+  })
+})