[feature] #4212: Prevent account registration without signatures

Signed-off-by: Daniil Polyakov <arjentix@gmail.com>
hyperledger · Feb 26, 2024 · 41c08b4 · 41c08b4
1 parent 5fc67f1
commit 41c08b4
Show file tree

Hide file tree

Showing 44 changed files with 319 additions and 162 deletions.
diff --git a/cli/src/lib.rs b/cli/src/lib.rs
@@ -472,7 +472,7 @@ enum TelemetryStartStatus {
 }
 
 fn genesis_account(public_key: PublicKey) -> Account {
-    Account::new(iroha_genesis::GENESIS_ACCOUNT_ID.clone(), [public_key])
+    Account::new(iroha_genesis::GENESIS_ACCOUNT_ID.clone(), public_key)
         .build(&iroha_genesis::GENESIS_ACCOUNT_ID)
 }
 

diff --git a/client/benches/torii.rs b/client/benches/torii.rs
@@ -64,7 +64,7 @@ fn query_requests(criterion: &mut Criterion) {
     let create_domain = Register::domain(Domain::new(domain_id.clone()));
     let account_id = AccountId::new(domain_id.clone(), "account".parse().expect("Valid"));
     let (public_key, _) = KeyPair::generate().into();
-    let create_account = Register::account(Account::new(account_id.clone(), [public_key]));
+    let create_account = Register::account(Account::new(account_id.clone(), public_key));
     let asset_definition_id = AssetDefinitionId::new(domain_id, "xor".parse().expect("Valid"));
     let create_asset =
         Register::asset_definition(AssetDefinition::quantity(asset_definition_id.clone()));
@@ -164,7 +164,7 @@ fn instruction_submits(criterion: &mut Criterion) {
     let create_domain: InstructionBox = Register::domain(Domain::new(domain_id.clone())).into();
     let account_id = AccountId::new(domain_id.clone(), "account".parse().expect("Valid"));
     let (public_key, _) = KeyPair::generate().into();
-    let create_account = Register::account(Account::new(account_id.clone(), [public_key])).into();
+    let create_account = Register::account(Account::new(account_id.clone(), public_key)).into();
     let asset_definition_id = AssetDefinitionId::new(domain_id, "xor".parse().expect("Valid"));
     let client_config = iroha_client::samples::get_client_config(
         get_chain_id(),

diff --git a/client/benches/tps/utils.rs b/client/benches/tps/utils.rs
@@ -158,8 +158,7 @@ impl MeasurerUnit {
         let account_id = account_id(self.name);
         let asset_id = asset_id(self.name);
 
-        let register_me =
-            Register::account(Account::new(account_id, [keypair.public_key().clone()]));
+        let register_me = Register::account(Account::new(account_id, keypair.public_key().clone()));
         self.client.submit_blocking(register_me)?;
 
         let mint_a_rose = Mint::asset_quantity(1_u32, asset_id);

diff --git a/client/examples/million_accounts_genesis.rs b/client/examples/million_accounts_genesis.rs
@@ -3,6 +3,7 @@ use std::{thread, time::Duration};
 
 use iroha::samples::{construct_executor, get_config};
 use iroha_client::data_model::prelude::*;
+use iroha_crypto::KeyPair;
 use iroha_data_model::isi::InstructionBox;
 use iroha_genesis::{GenesisNetwork, RawGenesisBlock, RawGenesisBlockBuilder};
 use iroha_primitives::unique_vec;
@@ -77,7 +78,11 @@ fn create_million_accounts_directly() {
             format!("bob-{i}").parse().expect("Valid"),
         );
         let create_domain: InstructionBox = Register::domain(Domain::new(domain_id)).into();
-        let create_account = Register::account(Account::new(normal_account_id.clone(), [])).into();
+        let create_account = Register::account(Account::new(
+            normal_account_id.clone(),
+            KeyPair::generate().into_raw_parts().0,
+        ))
+        .into();
         if test_client
             .submit_all([create_domain, create_account])
             .is_err()

diff --git a/client/examples/tutorial.rs b/client/examples/tutorial.rs
@@ -120,7 +120,7 @@ fn account_registration_test(config: Config) -> Result<(), Error> {
 
     // #region register_account_generate
     // Generate a new account
-    let create_account = Register::account(Account::new(account_id, [public_key]));
+    let create_account = Register::account(Account::new(account_id, public_key));
     // #endregion register_account_generate
 
     // #region register_account_prepare_tx

diff --git a/client/tests/integration/add_account.rs b/client/tests/integration/add_account.rs
@@ -5,6 +5,8 @@ use iroha_client::{client, data_model::prelude::*};
 use iroha_config::parameters::actual::Root as Config;
 use test_network::*;
 
+use crate::integration::new_account_with_random_public_key;
+
 #[test]
 // This test suite is also covered at the UI level in the iroha_client_cli tests
 // in test_register_accounts.py
@@ -16,14 +18,18 @@ fn client_add_account_with_name_length_more_than_limit_should_not_commit_transac
     let pipeline_time = Config::pipeline_time();
 
     let normal_account_id: AccountId = "bob@wonderland".parse().expect("Valid");
-    let create_account = Register::account(Account::new(normal_account_id.clone(), []));
+    let create_account = Register::account(new_account_with_random_public_key(
+        normal_account_id.clone(),
+    ));
     test_client.submit(create_account)?;
 
     let too_long_account_name = "0".repeat(2_usize.pow(14));
     let incorrect_account_id: AccountId = (too_long_account_name + "@wonderland")
         .parse()
         .expect("Valid");
-    let create_account = Register::account(Account::new(incorrect_account_id.clone(), []));
+    let create_account = Register::account(new_account_with_random_public_key(
+        incorrect_account_id.clone(),
+    ));
     test_client.submit(create_account)?;
 
     thread::sleep(pipeline_time * 2);

diff --git a/client/tests/integration/asset.rs b/client/tests/integration/asset.rs
@@ -271,7 +271,7 @@ fn find_rate_and_make_exchange_isi_should_succeed() {
     let buyer_keypair = KeyPair::generate();
 
     let register_account = |account_id: AccountId, signature: PublicKey| {
-        Register::account(Account::new(account_id, [signature]))
+        Register::account(Account::new(account_id, signature))
     };
 
     let grant_alice_asset_transfer_permission = |asset_id: AssetId, owner_keypair: KeyPair| {
@@ -448,19 +448,17 @@ fn asset_id_new(definition_name: &str, definition_domain: &str, account_id: Acco
 
 mod register {
     use super::*;
+    use crate::integration::new_account_with_random_public_key;
 
     pub fn domain(name: &str) -> Register<Domain> {
         Register::domain(Domain::new(DomainId::from_str(name).expect("Valid")))
     }
 
     pub fn account(account_name: &str, domain_name: &str) -> Register<Account> {
-        Register::account(Account::new(
-            AccountId::new(
-                domain_name.parse().expect("Valid"),
-                account_name.parse().expect("Valid"),
-            ),
-            [],
-        ))
+        Register::account(new_account_with_random_public_key(AccountId::new(
+            domain_name.parse().expect("Valid"),
+            account_name.parse().expect("Valid"),
+        )))
     }
 
     pub fn asset_definition(asset_name: &str, domain_name: &str) -> Register<AssetDefinition> {

diff --git a/client/tests/integration/asset_propagation.rs b/client/tests/integration/asset_propagation.rs
@@ -32,7 +32,7 @@ fn client_add_asset_quantity_to_existing_asset_should_increase_asset_amount_on_a
         Register::domain(Domain::new(DomainId::from_str("domain")?)).into();
     let account_id = AccountId::from_str("account@domain")?;
     let (public_key, _) = KeyPair::generate().into();
-    let create_account = Register::account(Account::new(account_id.clone(), [public_key])).into();
+    let create_account = Register::account(Account::new(account_id.clone(), public_key)).into();
     let asset_definition_id = AssetDefinitionId::from_str("xor#domain")?;
     let create_asset =
         Register::asset_definition(AssetDefinition::quantity(asset_definition_id.clone())).into();

diff --git a/client/tests/integration/burn_public_keys.rs b/client/tests/integration/burn_public_keys.rs
@@ -52,7 +52,7 @@ fn public_keys_cannot_be_burned_to_nothing() {
     let charlie_initial_keypair = KeyPair::generate();
     let register_charlie = Register::account(Account::new(
         charlie_id.clone(),
-        [charlie_initial_keypair.public_key().clone()],
+        charlie_initial_keypair.public_key().clone(),
     ));
 
     let (tx_hash, res) = submit(&client, [register_charlie], None);

diff --git a/client/tests/integration/domain_owner_permissions.rs b/client/tests/integration/domain_owner_permissions.rs
@@ -6,6 +6,8 @@ use iroha_client::{
 use serde_json::json;
 use test_network::*;
 
+use super::new_account_with_random_public_key;
+
 #[test]
 fn domain_owner_domain_permissions() -> Result<()> {
     let chain_id = ChainId::from("0");
@@ -23,7 +25,7 @@ fn domain_owner_domain_permissions() -> Result<()> {
     test_client.submit_blocking(Register::domain(kingdom))?;
 
     let bob_keypair = KeyPair::generate();
-    let bob = Account::new(bob_id.clone(), [bob_keypair.public_key().clone()]);
+    let bob = Account::new(bob_id.clone(), bob_keypair.public_key().clone());
     test_client.submit_blocking(Register::account(bob))?;
 
     // Asset definitions can't be registered by "bob@kingdom" by default
@@ -96,7 +98,7 @@ fn domain_owner_account_permissions() -> Result<()> {
     let mad_hatter_keypair = KeyPair::generate();
     let mad_hatter = Account::new(
         mad_hatter_id.clone(),
-        [mad_hatter_keypair.public_key().clone()],
+        mad_hatter_keypair.public_key().clone(),
     );
     test_client.submit_blocking(Register::account(mad_hatter))?;
 
@@ -158,10 +160,10 @@ fn domain_owner_asset_definition_permissions() -> Result<()> {
     test_client.submit_blocking(Register::domain(kingdom))?;
 
     let bob_keypair = KeyPair::generate();
-    let bob = Account::new(bob_id.clone(), [bob_keypair.public_key().clone()]);
+    let bob = Account::new(bob_id.clone(), bob_keypair.public_key().clone());
     test_client.submit_blocking(Register::account(bob))?;
 
-    let rabbit = Account::new(rabbit_id.clone(), []);
+    let rabbit = new_account_with_random_public_key(rabbit_id.clone());
     test_client.submit_blocking(Register::account(rabbit))?;
 
     // Grant permission to register asset definitions to "bob@kingdom"
@@ -228,7 +230,7 @@ fn domain_owner_asset_permissions() -> Result<()> {
     test_client.submit_blocking(Register::domain(kingdom))?;
 
     let bob_keypair = KeyPair::generate();
-    let bob = Account::new(bob_id.clone(), [bob_keypair.public_key().clone()]);
+    let bob = Account::new(bob_id.clone(), bob_keypair.public_key().clone());
     test_client.submit_blocking(Register::account(bob))?;
 
     // Grant permission to register asset definitions to "bob@kingdom"
@@ -293,7 +295,7 @@ fn domain_owner_trigger_permissions() -> Result<()> {
     test_client.submit_blocking(Register::domain(kingdom))?;
 
     let bob_keypair = KeyPair::generate();
-    let bob = Account::new(bob_id.clone(), [bob_keypair.public_key().clone()]);
+    let bob = Account::new(bob_id.clone(), bob_keypair.public_key().clone());
     test_client.submit_blocking(Register::account(bob))?;
 
     let asset_definition_id = "rose#wonderland".parse()?;
@@ -354,7 +356,7 @@ fn domain_owner_transfer() -> Result<()> {
     test_client.submit_blocking(Register::domain(kingdom))?;
 
     let bob_keypair = KeyPair::generate();
-    let bob = Account::new(bob_id.clone(), [bob_keypair.public_key().clone()]);
+    let bob = Account::new(bob_id.clone(), bob_keypair.public_key().clone());
     test_client.submit_blocking(Register::account(bob))?;
 
     let domain = test_client.request(FindDomainById::new(kingdom_id.clone()))?;

diff --git a/client/tests/integration/extra_functional/multiple_blocks_created.rs b/client/tests/integration/extra_functional/multiple_blocks_created.rs
@@ -31,7 +31,7 @@ fn long_multiple_blocks_created() -> Result<()> {
     let create_domain: InstructionBox = Register::domain(Domain::new("domain".parse()?)).into();
     let account_id: AccountId = "account@domain".parse()?;
     let (public_key, _) = KeyPair::generate().into();
-    let create_account = Register::account(Account::new(account_id.clone(), [public_key])).into();
+    let create_account = Register::account(Account::new(account_id.clone(), public_key)).into();
     let asset_definition_id: AssetDefinitionId = "xor#domain".parse()?;
     let create_asset =
         Register::asset_definition(AssetDefinition::quantity(asset_definition_id.clone())).into();

diff --git a/client/tests/integration/extra_functional/unregister_peer.rs b/client/tests/integration/extra_functional/unregister_peer.rs
@@ -108,7 +108,7 @@ fn init() -> Result<(
     let create_domain = Register::domain(Domain::new("domain".parse()?));
     let account_id: AccountId = "account@domain".parse()?;
     let (public_key, _) = KeyPair::generate().into();
-    let create_account = Register::account(Account::new(account_id.clone(), [public_key]));
+    let create_account = Register::account(Account::new(account_id.clone(), public_key));
     let asset_definition_id: AssetDefinitionId = "xor#domain".parse()?;
     let create_asset =
         Register::asset_definition(AssetDefinition::quantity(asset_definition_id.clone()));

diff --git a/client/tests/integration/mod.rs b/client/tests/integration/mod.rs
@@ -1,3 +1,6 @@
+use iroha_crypto::KeyPair;
+use iroha_data_model::account::{Account, AccountId, NewAccount};
+
 mod add_account;
 mod add_domain;
 mod asset;
@@ -20,3 +23,7 @@ mod triggers;
 mod tx_history;
 mod tx_rollback;
 mod upgrade;
+
+fn new_account_with_random_public_key(account_id: AccountId) -> NewAccount {
+    Account::new(account_id, KeyPair::generate().into_raw_parts().0)
+}
diff --git a/client/tests/integration/permissions.rs b/client/tests/integration/permissions.rs
@@ -206,7 +206,7 @@ fn permissions_differ_not_only_by_names() {
     // Registering mouse
     let outfit_domain: DomainId = "outfit".parse().unwrap();
     let create_outfit_domain = Register::domain(Domain::new(outfit_domain.clone()));
-    let new_mouse_account = Account::new(mouse_id.clone(), [mouse_keypair.public_key().clone()]);
+    let new_mouse_account = Account::new(mouse_id.clone(), mouse_keypair.public_key().clone());
     client
         .submit_all_blocking([
             InstructionBox::from(create_outfit_domain),
@@ -306,7 +306,7 @@ fn stored_vs_granted_token_payload() -> Result<()> {
         Register::asset_definition(AssetDefinition::store(asset_definition_id.clone()));
     let mouse_id: AccountId = "mouse@wonderland".parse().expect("Valid");
     let mouse_keypair = KeyPair::generate();
-    let new_mouse_account = Account::new(mouse_id.clone(), [mouse_keypair.public_key().clone()]);
+    let new_mouse_account = Account::new(mouse_id.clone(), mouse_keypair.public_key().clone());
     let instructions: [InstructionBox; 2] = [
         Register::account(new_mouse_account).into(),
         create_asset.into(),

diff --git a/client/tests/integration/queries/account.rs b/client/tests/integration/queries/account.rs
@@ -7,6 +7,8 @@ use iroha_client::{
 };
 use test_network::*;
 
+use crate::integration::new_account_with_random_public_key;
+
 #[test]
 fn find_accounts_with_asset() -> Result<()> {
     let (_rt, _peer, test_client) = <PeerBuilder>::new().with_port(10_760).start_with_runtime();
@@ -40,7 +42,7 @@ fn find_accounts_with_asset() -> Result<()> {
         .iter()
         .skip(1) // Alice has already been registered in genesis
         .cloned()
-        .map(|account_id| Register::account(Account::new(account_id, [])))
+        .map(|account_id| Register::account(new_account_with_random_public_key(account_id)))
         .collect::<Vec<_>>();
     test_client.submit_all_blocking(register_accounts)?;
 

diff --git a/client/tests/integration/queries/asset.rs b/client/tests/integration/queries/asset.rs
@@ -41,7 +41,7 @@ fn find_asset_total_quantity() -> Result<()> {
         .skip(1) // Alice has already been registered in genesis
         .cloned()
         .zip(keys.iter().map(KeyPair::public_key).cloned())
-        .map(|(account_id, public_key)| Register::account(Account::new(account_id, [public_key])))
+        .map(|(account_id, public_key)| Register::account(Account::new(account_id, public_key)))
         .collect::<Vec<_>>();
     test_client.submit_all_blocking(register_accounts)?;
 

diff --git a/client/tests/integration/roles.rs b/client/tests/integration/roles.rs
@@ -9,6 +9,8 @@ use iroha_client::{
 use serde_json::json;
 use test_network::*;
 
+use crate::integration::new_account_with_random_public_key;
+
 #[test]
 fn register_empty_role() -> Result<()> {
     let (_rt, _peer, test_client) = <PeerBuilder>::new().with_port(10_695).start_with_runtime();
@@ -58,7 +60,7 @@ fn register_and_grant_role_for_metadata_access() -> Result<()> {
     let mouse_key_pair = KeyPair::generate();
     let register_mouse = Register::account(Account::new(
         mouse_id.clone(),
-        [mouse_key_pair.public_key().clone()],
+        mouse_key_pair.public_key().clone(),
     ));
     test_client.submit_blocking(register_mouse)?;
 
@@ -110,7 +112,7 @@ fn unregistered_role_removed_from_account() -> Result<()> {
     let mouse_id: AccountId = "mouse@wonderland".parse().expect("Valid");
 
     // Registering Mouse
-    let register_mouse = Register::account(Account::new(mouse_id.clone(), []));
+    let register_mouse = Register::account(new_account_with_random_public_key(mouse_id.clone()));
     test_client.submit_blocking(register_mouse)?;
 
     // Register root role

diff --git a/client/tests/integration/sorting.rs b/client/tests/integration/sorting.rs
@@ -17,6 +17,8 @@ use iroha_client::{
 use iroha_data_model::isi::InstructionBox;
 use test_network::*;
 
+use crate::integration::new_account_with_random_public_key;
+
 #[test]
 fn correct_pagination_assets_after_creating_new_one() {
     let (_rt, _peer, test_client) = <PeerBuilder>::new().with_port(10_635).start_with_runtime();
@@ -201,7 +203,8 @@ fn correct_sorting_of_entities() {
                 MetadataLimits::new(10, 28),
             )
             .expect("Valid");
-        let account = Account::new(account_id.clone(), []).with_metadata(account_metadata.clone());
+        let account = new_account_with_random_public_key(account_id.clone())
+            .with_metadata(account_metadata.clone());
 
         accounts.push(account_id);
         metadata_of_accounts.push(account_metadata);
@@ -342,7 +345,7 @@ fn sort_only_elements_which_have_sorting_key() -> Result<()> {
     for i in 0..n {
         let account_id = AccountId::from_str(&format!("charlie{i}@wonderland")).expect("Valid");
         let account = if skip_set.contains(&i) {
-            let account = Account::new(account_id.clone(), []);
+            let account = new_account_with_random_public_key(account_id.clone());
             accounts_b.push(account_id);
             account
         } else {
@@ -354,7 +357,8 @@ fn sort_only_elements_which_have_sorting_key() -> Result<()> {
                     MetadataLimits::new(10, 28),
                 )
                 .expect("Valid");
-            let account = Account::new(account_id.clone(), []).with_metadata(account_metadata);
+            let account = new_account_with_random_public_key(account_id.clone())
+                .with_metadata(account_metadata);
             accounts_a.push(account_id);
             account
         };

diff --git a/client/tests/integration/transfer_asset.rs b/client/tests/integration/transfer_asset.rs
@@ -184,5 +184,5 @@ fn generate_two_ids() -> (AccountId, AccountId) {
 
 fn create_mouse(mouse_id: AccountId) -> Register<Account> {
     let (mouse_public_key, _) = KeyPair::generate().into();
-    Register::account(Account::new(mouse_id, [mouse_public_key]))
+    Register::account(Account::new(mouse_id, mouse_public_key))
 }