Fixed credentials for use case. Added check also for download endpoint.

ocean_provider/routes/consume.py

@@ -337,9 +337,9 @@ def download():
     # the datatoken address
     asset = get_asset_from_metadatastore(get_metadata_url(), did)
 
-    # consumable, message = check_asset_consumable(asset, consumer_address, logger)
-    # if not consumable:
-    #     return error_response(message, 400, logger)
+    consumable, message = check_asset_consumable(asset, consumer_address, logger)
+    if not consumable:
+        return error_response(message, 400, logger)
 
     service = asset.get_service_by_id(service_id)
 

ocean_provider/utils/credentials.py

@@ -105,10 +105,9 @@ def get_address_entry_of_class(self, access_class: str = "allow") -> Optional[di
             credentials = json.loads(self.asset.credentials)
         else:
             credentials = self.asset.credentials
+
         entries = credentials.get(access_class, [])
-        address_entries = [
-            entry for entry in entries if json.loads(entry).get("type") == "address"
-        ]
+        address_entries = [entry for entry in entries if entry.get("type") == "address"]
         return address_entries[0] if address_entries else None
 
 

ocean_provider/validation/algo.py

@@ -310,27 +310,14 @@ def preliminary_algo_validation(self):
             self.message = "file_unavailable"
             return False
 
-        # consumable, message = check_asset_consumable(
-        #     algo_ddo, self.consumer_address, logger, service.service_endpoint
-        # )
-        #
-        # if not consumable:
-        #     self.resource += ".credentials"
-        #     self.message = message
-        #     return False
-
-        # try:
-        #     manager = AddressCredential(algo_ddo)
-        #
-        #     if manager.requires_credential():
-        #         manager.validate_access(
-        #             {"type": "address", "value": self.consumer_address}
-        #         )
-        #
-        # except Exception:
-        #     self.resource += ".credentials"
-        #     self.message = "restricted_access_for_algo"
-        #     return False
+        consumable, message = check_asset_consumable(
+            algo_ddo, self.consumer_address, logger, service.service_endpoint
+        )
+
+        if not consumable:
+            self.resource += ".credentials"
+            self.message = message
+            return False
 
         return True
 
@@ -438,15 +425,6 @@ def validate(self):
             self.message = message
             return False
 
-        # code = AddressCredential(self.asset).validate_access(
-        #     {"type": "address", "value": self.consumer_address}
-        # )
-        #
-        # if code != ConsumableCodes.OK:
-        #     self.resource += ".credentials"
-        #     self.message = "restricted_access_for_algo"
-        #     return False
-
         if self.service.type not in ["access", "compute"]:
             self.resource += ".serviceId"
             self.message = "service_not_access_compute"

tests/test_compute.py

@@ -664,7 +664,7 @@ def test_algo_credentials(
 
     algo_credentials = {
         "allow": [],
-        "deny": {"type": "address", "values": [consumer_wallet.address]},
+        "deny": [{"type": "address", "values": [consumer_wallet.address]}],
     }
 
     ddo, tx_id, alg_ddo, alg_tx_id = build_and_send_ddo_with_compute_service(
@@ -708,5 +708,8 @@ def test_algo_credentials(
     response = client.get(
         sa_compute.service_endpoint + download_endpoint, query_string=payload
     )
-    print(f"response: {response.data}")
     assert response.status_code == 400, f"{response.data}"
+    assert (
+        response.json["error"]
+        == f"Error: Access to asset {alg_ddo.did} was denied with code: ConsumableCodes.CREDENTIAL_IN_DENY_LIST."
+    )