Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

fix: provider/add test to (hopefully) properly create authorization #492

Merged
merged 2 commits into from
Mar 7, 2023
Merged

fix: provider/add test to (hopefully) properly create authorization #492

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d829e85
fix provider/add test to (hopefully) properly create authorization
gobengo Mar 7, 2023
6d31d28
test avoids using variable name issuer by using agent
gobengo Mar 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 35 additions & 28 deletions packages/access-api/test/provider-add.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,43 +107,38 @@ for (const accessApiVariant of /** @type {const} */ ([
) {
it('provider/add allows for access/delegate', async () => {
const space = await principal.ed25519.generate()
const issuer = await accessApiVariant.issuer
const agent = await accessApiVariant.issuer
const service = await accessApiVariant.audience
const accountDid = /** @type {const} */ ('did:mailto:example.com:foo')
const serviceSessionAttest = await ucanto.delegate({
issuer: service,
audience: issuer,

const accountAuthorizesIssuerClaim = await ucanto.delegate({
issuer: principal.Absentee.from({ id: accountDid }),
audience: agent,
capabilities: [
{
can: 'provider/add',
with: accountDid,
with: 'ucan:*',
can: '*',
},
],
})
const serviceAttestsThatAccountAuthorizesIssuer = await ucanto.delegate({
issuer: service,
audience: agent,
capabilities: [
{
can: 'access/delegate',
with: space.did(),
with: service.did(),
can: 'ucan/attest',
nb: { proof: accountAuthorizesIssuerClaim.cid },
},
],
})
const sessionProofs = [
await ucanto.delegate({
issuer: service,
audience: issuer,
capabilities: [
{
can: 'ucan/attest',
with: accountDid,
nb: {
// note: whole delegation is also included in 'proofs'
proof: serviceSessionAttest.cid,
},
},
],
}),
serviceSessionAttest,
accountAuthorizesIssuerClaim,
serviceAttestsThatAccountAuthorizesIssuer,
]
const addStorageProvider = await ucanto
.invoke({
issuer,
issuer: agent,
audience: service,
capability: {
can: 'provider/add',
Expand All @@ -154,18 +149,18 @@ for (const accessApiVariant of /** @type {const} */ ([
},
},
proofs: [
...sessionProofs,
// space says issuer can provider/add with this account
await ucanto.delegate({
issuer: space,
audience: issuer,
audience: agent,
capabilities: [
{
can: 'provider/add',
with: accountDid,
},
],
}),
...sessionProofs,
],
})
.delegate()
Expand All @@ -177,7 +172,7 @@ for (const accessApiVariant of /** @type {const} */ ([
// storage provider added. So we should be able to delegate now
const accessDelegate = await ucanto
.invoke({
issuer,
issuer: agent,
audience: service,
capability: {
can: 'access/delegate',
Expand All @@ -186,7 +181,19 @@ for (const accessApiVariant of /** @type {const} */ ([
delegations: {},
},
},
proofs: [...sessionProofs],
proofs: [
...sessionProofs,
await ucanto.delegate({
issuer: space,
audience: agent,
capabilities: [
{
can: 'access/delegate',
with: space.did(),
},
],
}),
],
})
.delegate()
const accessDelegateResult = await accessApiVariant.invoke(accessDelegate)
Expand Down