Skip to content

Commit

Permalink
Merge branch 'main' into Issue-1539
Browse files Browse the repository at this point in the history
  • Loading branch information
ianco authored Dec 23, 2021
2 parents 475aecd + d7abd7c commit f94184d
Show file tree
Hide file tree
Showing 12 changed files with 75 additions and 8 deletions.
10 changes: 9 additions & 1 deletion aries_cloudagent/admin/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,15 @@ async def check_token(request: web.Request, handler):
header_admin_api_key = request.headers.get("x-api-key")
valid_key = const_compare(self.admin_api_key, header_admin_api_key)

if valid_key or is_unprotected_path(request.path):
# We have to allow OPTIONS method access to paths without a key since
# browsers performing CORS requests will never include the original
# x-api-key header from the method that triggered the preflight
# OPTIONS check.
if (
valid_key
or is_unprotected_path(request.path)
or (request.method == "OPTIONS")
):
return await handler(request)
else:
raise web.HTTPUnauthorized()
Expand Down
25 changes: 25 additions & 0 deletions aries_cloudagent/admin/tests/test_admin_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -340,6 +340,31 @@ async def test_visit_secure_mode(self):
) as response:
assert response.status == 200

# Make sure that OPTIONS requests used by browsers for CORS
# are allowed without a x-api-key even when x-api-key security is enabled
async with self.client_session.options(
f"http://127.0.0.1:{self.port}/status",
headers={
"Access-Control-Request-Headers": "x-api-key",
"Access-Control-Request-Method": "GET",
"Connection": "keep-alive",
"Host": f"http://127.0.0.1:{self.port}/status",
"Origin": "http://localhost:3000",
"Referer": "http://localhost:3000/",
"Sec-Fetch-Dest": "empty",
"Sec-Fetch-Mode": "cors",
"Sec-Fetch-Site": "same-site",
},
) as response:
assert response.status == 200
assert response.headers["Access-Control-Allow-Credentials"] == "true"
assert response.headers["Access-Control-Allow-Headers"] == "X-API-KEY"
assert response.headers["Access-Control-Allow-Methods"] == "GET"
assert (
response.headers["Access-Control-Allow-Origin"]
== "http://localhost:3000"
)

async with self.client_session.ws_connect(
f"http://127.0.0.1:{self.port}/ws", headers={"x-api-key": "test-api-key"}
) as ws:
Expand Down
6 changes: 5 additions & 1 deletion aries_cloudagent/ledger/multiple_ledger/base_manager.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
from ...core.error import BaseError
from ...core.profile import Profile
from ...ledger.base import BaseLedger
from ...messaging.valid import IndyDID


class MultipleLedgerManagerError(BaseError):
Expand Down Expand Up @@ -44,4 +45,7 @@ async def lookup_did_in_configured_ledgers(

def extract_did_from_identifier(self, identifier: str) -> str:
"""Return did from record identifier (REV_REG_ID, CRED_DEF_ID, SCHEMA_ID)."""
return identifier.split(":")[0]
if bool(IndyDID.PATTERN.match(identifier)):
return identifier.split(":")[-1]
else:
return identifier.split(":")[0]
Original file line number Diff line number Diff line change
Expand Up @@ -428,6 +428,14 @@ def test_extract_did_from_identifier(self):
)
== "WgWxqztrNooG92RXvxSTWv"
)
assert (
self.manager.extract_did_from_identifier("WgWxqztrNooG92RXvxSTWv")
== "WgWxqztrNooG92RXvxSTWv"
)
assert (
self.manager.extract_did_from_identifier("did:sov:WgWxqztrNooG92RXvxSTWv")
== "WgWxqztrNooG92RXvxSTWv"
)

async def test_get_production_ledgers(self):
assert len(await self.manager.get_prod_ledgers()) == 2
Expand Down
1 change: 1 addition & 0 deletions aries_cloudagent/protocols/connections/v1_0/routes.py
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,7 @@ async def connections_list(request: web.BaseRequest):
"my_did",
"their_did",
"request_id",
"invitation_key",
):
if param_name in request.query and request.query[param_name] != "":
tag_filter[param_name] = request.query[param_name]
Expand Down
13 changes: 12 additions & 1 deletion aries_cloudagent/protocols/connections/v1_0/tests/test_routes.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import json

from unittest.mock import ANY
from asynctest import TestCase as AsyncTestCase
from asynctest import mock as async_mock

Expand Down Expand Up @@ -30,6 +31,7 @@ async def test_connections_list(self):
"invitation_id": "dummy", # exercise tag filter assignment
"their_role": ConnRecord.Role.REQUESTER.rfc160,
"connection_protocol": ConnRecord.Protocol.RFC_0160.aries_protocol,
"invitation_key": "some-invitation-key",
}

STATE_COMPLETED = ConnRecord.State.COMPLETED
Expand All @@ -40,7 +42,7 @@ async def test_connections_list(self):
test_module, "ConnRecord", autospec=True
) as mock_conn_rec:
mock_conn_rec.query = async_mock.CoroutineMock()
mock_conn_rec.Role = async_mock.MagicMock(return_value=ROLE_REQUESTER)
mock_conn_rec.Role = ConnRecord.Role
mock_conn_rec.State = async_mock.MagicMock(
COMPLETED=STATE_COMPLETED,
INVITATION=STATE_INVITATION,
Expand Down Expand Up @@ -85,6 +87,15 @@ async def test_connections_list(self):
test_module.web, "json_response"
) as mock_response:
await test_module.connections_list(self.request)
mock_conn_rec.query.assert_called_once_with(
ANY,
{"invitation_id": "dummy", "invitation_key": "some-invitation-key"},
post_filter_positive={
"their_role": [v for v in ConnRecord.Role.REQUESTER.value],
"connection_protocol": ConnRecord.Protocol.RFC_0160.aries_protocol,
},
alt=True,
)
mock_response.assert_called_once_with(
{
"results": [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ class Meta:

RECORD_TYPE = "discovery_exchange_v10"
RECORD_ID_NAME = "discovery_exchange_id"
RECORD_TOPIC = "dicover_feature"
RECORD_TOPIC = "discover_feature"
TAG_NAMES = {"~thread_id" if UNENCRYPTED_TAGS else "thread_id", "connection_id"}

def __init__(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ class Meta:

RECORD_TYPE = "discovery_exchange_v20"
RECORD_ID_NAME = "discovery_exchange_id"
RECORD_TOPIC = "dicover_feature"
RECORD_TOPIC = "discover_feature_v2_0"
TAG_NAMES = {"~thread_id" if UNENCRYPTED_TAGS else "thread_id", "connection_id"}

def __init__(
Expand Down
4 changes: 4 additions & 0 deletions aries_cloudagent/protocols/out_of_band/v1_0/manager.py
Original file line number Diff line number Diff line change
Expand Up @@ -500,6 +500,10 @@ async def receive_invitation(
await conn_rec.metadata_delete(
session=session, key="reuse_msg_state"
)
# refetch connection for accurate state after handshake
conn_rec = await ConnRecord.retrieve_by_id(
session=session, record_id=conn_rec.connection_id
)
except asyncio.TimeoutError:
# If no reuse_accepted or problem_report message was received within
# the 15s timeout then a new connection to be created
Expand Down
4 changes: 3 additions & 1 deletion demo/run_bdd
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,9 @@ if [ ! -z "$DOCKERHOST" ]; then
# provided via APPLICATION_URL environment variable
export RUNMODE="docker"
elif [ -z "${PWD_HOST_FQDN}" ]; then
DOCKERHOST=`docker run --rm --net=host eclipse/che-ip`
# getDockerHost; for details refer to https://github.com/bcgov/DITP-DevOps/tree/main/code/snippets#getdockerhost
. /dev/stdin <<<"$(cat <(curl -s --raw https://raw.githubusercontent.com/bcgov/DITP-DevOps/main/code/snippets/getDockerHost))"
export DOCKERHOST=$(getDockerHost)
export RUNMODE="docker"
else
PWD_HOST="${PWD_HOST_FQDN}"
Expand Down
4 changes: 3 additions & 1 deletion demo/run_demo
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,9 @@ if [ ! -z "$DOCKERHOST" ]; then
# provided via APPLICATION_URL environment variable
export RUNMODE="docker"
elif [ -z "${PWD_HOST_FQDN}" ]; then
DOCKERHOST=`docker run --rm --net=host eclipse/che-ip`
# getDockerHost; for details refer to https://github.com/bcgov/DITP-DevOps/tree/main/code/snippets#getdockerhost
. /dev/stdin <<<"$(cat <(curl -s --raw https://raw.githubusercontent.com/bcgov/DITP-DevOps/main/code/snippets/getDockerHost))"
export DOCKERHOST=$(getDockerHost)
export RUNMODE="docker"
else
PWD_HOST="${PWD_HOST_FQDN}"
Expand Down
4 changes: 3 additions & 1 deletion docker/manage
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
#!/bin/bash
export MSYS_NO_PATHCONV=1
export DOCKERHOST=${APPLICATION_URL-$(docker run --rm --net=host eclipse/che-ip)}
# getDockerHost; for details refer to https://github.com/bcgov/DITP-DevOps/tree/main/code/snippets#getdockerhost
. /dev/stdin <<<"$(cat <(curl -s --raw https://raw.githubusercontent.com/bcgov/DITP-DevOps/main/code/snippets/getDockerHost))"
export DOCKERHOST=$(getDockerHost)
set -e

SCRIPT_HOME="$(cd "$(dirname "$0")" && pwd)"
Expand Down

0 comments on commit f94184d

Please sign in to comment.