fix: Do not allow creating Permissioned Domains if credentials are no…

…t enabled (#5275) If the permissioned domains amendment XLS-80 is enabled before credentials XLS-70, then the permissioned domain users will not be able to match any credentials. The changes here prevent the creation of any permissioned domain objects if credentials are not enabled.
XRPLF · Feb 7, 2025 · 0968cdf · 0968cdf
1 parent d9e4009
commit 0968cdf
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/src/test/app/PermissionedDomains_test.cpp b/src/test/app/PermissionedDomains_test.cpp
@@ -54,9 +54,10 @@ exceptionExpected(Env& env, Json::Value const& jv)
 
 class PermissionedDomains_test : public beast::unit_test::suite
 {
-    FeatureBitset withFeature_{
-        supported_amendments() | featurePermissionedDomains};
     FeatureBitset withoutFeature_{supported_amendments()};
+    FeatureBitset withFeature_{
+        supported_amendments()  //
+        | featurePermissionedDomains | featureCredentials};
 
     // Verify that each tx type can execute if the feature is enabled.
     void
@@ -77,6 +78,21 @@ class PermissionedDomains_test : public beast::unit_test::suite
         env(pdomain::deleteTx(alice, domain));
     }
 
+    // Verify that PD cannot be created or updated if credentials are disabled
+    void
+    testCredentialsDisabled()
+    {
+        auto amendments = supported_amendments();
+        amendments.set(featurePermissionedDomains);
+        amendments.reset(featureCredentials);
+        testcase("Credentials disabled");
+        Account const alice("alice");
+        Env env(*this, amendments);
+        env.fund(XRP(1000), alice);
+        pdomain::Credentials credentials{{alice, "first credential"}};
+        env(pdomain::setTx(alice, credentials), ter(temDISABLED));
+    }
+
     // Verify that each tx does not execute if feature is disabled
     void
     testDisabled()
@@ -556,6 +572,7 @@ class PermissionedDomains_test : public beast::unit_test::suite
     run() override
     {
         testEnabled();
+        testCredentialsDisabled();
         testDisabled();
         testSet();
         testDelete();

diff --git a/src/xrpld/app/tx/detail/PermissionedDomainSet.cpp b/src/xrpld/app/tx/detail/PermissionedDomainSet.cpp
@@ -30,8 +30,10 @@ namespace ripple {
 NotTEC
 PermissionedDomainSet::preflight(PreflightContext const& ctx)
 {
-    if (!ctx.rules.enabled(featurePermissionedDomains))
+    if (!ctx.rules.enabled(featurePermissionedDomains) ||
+        !ctx.rules.enabled(featureCredentials))
         return temDISABLED;
+
     if (auto const ret = preflight1(ctx); !isTesSuccess(ret))
         return ret;