diff --git a/.github/workflows/tee-worker-ci.yml b/.github/workflows/tee-worker-ci.yml index 581c43bf73..81ceb761f5 100644 --- a/.github/workflows/tee-worker-ci.yml +++ b/.github/workflows/tee-worker-ci.yml @@ -58,6 +58,7 @@ jobs: build-parachain-docker: runs-on: ubuntu-latest needs: check-file-change + if: needs.check-file-change.outputs.src == 'true' steps: - uses: actions/checkout@v3 @@ -78,6 +79,7 @@ jobs: build-test: runs-on: ubuntu-20.04 needs: check-file-change + if: needs.check-file-change.outputs.src == 'true' strategy: fail-fast: false matrix: @@ -140,6 +142,7 @@ jobs: clippy: runs-on: ubuntu-latest needs: check-file-change + if: needs.check-file-change.outputs.src == 'true' container: "integritee/integritee-dev:0.1.9" steps: - uses: actions/checkout@v3 @@ -175,6 +178,7 @@ jobs: fmt: runs-on: ubuntu-latest needs: check-file-change + if: needs.check-file-change.outputs.src == 'true' steps: - uses: actions/checkout@v3 - name: init rust diff --git a/pallets/identity-management-mock/src/mock.rs b/pallets/identity-management-mock/src/mock.rs index 20cd46aa83..5a1e59bc89 100644 --- a/pallets/identity-management-mock/src/mock.rs +++ b/pallets/identity-management-mock/src/mock.rs @@ -16,7 +16,7 @@ #![cfg(test)] -use crate::{ +pub use crate::{ self as pallet_identity_management_mock, key::{aes_encrypt_default, tee_encrypt}, ChallengeCode, @@ -32,7 +32,7 @@ use frame_support::{ traits::{ConstU128, ConstU16, ConstU32, ConstU64, Everything}, }; use frame_system as system; -use mock_tee_primitives::{ +pub use mock_tee_primitives::{ EthereumSignature, EvmNetwork, Identity, IdentityHandle, IdentityMultiSignature, IdentityWebType, SubstrateNetwork, TwitterValidationData, UserShieldingKeyType, ValidationData, Web2Network, Web2ValidationData, Web3CommonValidationData, Web3Network, Web3ValidationData, @@ -142,11 +142,11 @@ pub fn new_test_ext() -> sp_io::TestExternalities { ext } -pub fn create_mock_twitter_identity() -> Identity { +pub fn create_mock_twitter_identity(twitter_handle: &[u8]) -> Identity { Identity { web_type: IdentityWebType::Web2(Web2Network::Twitter), handle: IdentityHandle::String( - b"aliceTwitterHandle".to_vec().try_into().expect("convert to BoundedVec failed"), + twitter_handle.to_vec().try_into().expect("convert to BoundedVec failed"), ), } } diff --git a/pallets/identity-management-mock/src/tests.rs b/pallets/identity-management-mock/src/tests.rs index 4a88c52154..0f71ba40dd 100644 --- a/pallets/identity-management-mock/src/tests.rs +++ b/pallets/identity-management-mock/src/tests.rs @@ -16,8 +16,9 @@ use crate::{mock::*, Error}; +use codec::Encode; use frame_support::assert_noop; -use sp_core::{Pair, H256}; +use sp_core::{blake2_256, Pair, H256}; #[test] fn unpriveledged_origin_call_fails() { @@ -50,7 +51,7 @@ fn set_user_shielding_key_works() { fn link_twitter_identity_works() { new_test_ext().execute_with(|| { System::set_block_number(5); - setup_link_identity(2, create_mock_twitter_identity(), 5); + setup_link_identity(2, create_mock_twitter_identity(b"alice"), 5); }); } @@ -78,7 +79,7 @@ fn link_eth_identity_works() { fn verify_twitter_identity_works() { new_test_ext().execute_with(|| { System::set_block_number(3); - setup_verify_twitter_identity(2, create_mock_twitter_identity(), 3); + setup_verify_twitter_identity(2, create_mock_twitter_identity(b"alice"), 3); }); } @@ -99,3 +100,53 @@ fn verify_eth_identity_works() { setup_verify_eth_identity(2, p, 4); }); } + +#[test] +fn double_link_twitter_identity_works() { + new_test_ext().execute_with(|| { + // link and verify the first twitter handle + System::set_block_number(3); + setup_verify_twitter_identity(2, create_mock_twitter_identity(b"alice"), 3); + // link second twitter handle works + System::set_block_number(4); + setup_link_identity(2, create_mock_twitter_identity(b"bob"), 4); + }); +} + +#[test] +fn wrong_polkadot_verification_message_fails() { + new_test_ext().execute_with(|| { + System::set_block_number(3); + let p = sp_core::sr25519::Pair::from_string("//Alice", None).unwrap(); + let identity = create_mock_polkadot_identity(p.public().0); + let who = 2; + setup_link_identity(who, identity.clone(), 3); + + System::set_block_number(4); + let encrypted_identity = tee_encrypt(identity.encode().as_slice()); + + // intentionally construct a wrong verification message + let wrong_msg = blake2_256(&[0u8; 16]).to_vec(); + let sig = p.sign(&wrong_msg); + let common_validation_data = Web3CommonValidationData { + message: wrong_msg.try_into().unwrap(), + signature: IdentityMultiSignature::Sr25519(sig), + }; + + let validation_data = match &identity.web_type { + IdentityWebType::Web3(Web3Network::Substrate(SubstrateNetwork::Polkadot)) => + ValidationData::Web3(Web3ValidationData::Substrate(common_validation_data)), + _ => panic!("unxpected web_type"), + }; + + assert_noop!( + IdentityManagementMock::verify_identity( + Origin::signed(who), + H256::random(), + encrypted_identity, + tee_encrypt(validation_data.encode().as_slice()), + ), + Error::::UnexpectedMessage + ); + }); +}