Out of bounds marketplace application #41
Conversation
…ketplace pallet to validate the fields and custodian fields inputs before setting up an application. It throws an `InsufficientCustodianFields` error if the lengths of `fields` and `custodian_fields` do not match, and a `FieldsNotProvided` error if custodian fields are absent but fields are present. - Incorporated the newly-created `validate_fields` helper function into the `create_marketplace` and `enroll_marketplace` functions in the Gated Marketplace pallet's `#[pallet::call]` section. This addition incorporates additional checks and enhances data accuracy. Also introduced a new type of error, `FieldsNotProvided`, in the pallet to handle scenarios where fields are not provided for the application. - Performed a minor cleanup in the RBAC pallet configuration in mock.rs, reordering the fields for better clarity. Swapped the places of `RemoveOrigin` and `WeightInfo` fields to maintain consistent code order. No functionality was changed in this commit.
… the Gated Marketplace pallet. Changed the condition to trigger the `FieldsNotProvided` error when `fields` are empty and `custodian_fields` are None, ensuring that the fields are provided when necessary. - Performed a minor clean-up in mock.rs, removing an unnecessary import of `RawOrigin` from the `frame_system` crate. This change promotes better code hygiene and optimizes imports.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| @@ -1,5 +1,4 @@ | |||
| use crate as pallet_gated_marketplace; | |||
|
GPT summary of e97d36e: Error: couldn't generate summary |
|
GPT summary of e89fe52: Error: couldn't generate summary PR summary so far: Error: couldn't generate summary |
didiermis
changed the title
sebastianmontero
left a comment
sebastianmontero
left a comment
There was a problem hiding this comment.
Para los PRs que arreglan un issue, primero deberiamos de desarrollar un prueba que descubre el issue, y después desarrollar el codigo que lo arregla, para asegurarnos de que el issue esta arreglado.
Por lo que veo tambien faltan pruebas para el caso en el que el custodian fields es None, ya que este es un caso valido, y el nuevo metodo de validate_fields lanza un error en este caso, sin embargo todas las pruebas pasan.
| } | ||
| None => { | ||
| if fields.is_empty() { | ||
| return Err(Error::<T>::FieldsNotProvided.into()) |
There was a problem hiding this comment.
Por que se manda un error cuando el campo es None? Es un caso valido el no tener custodian fields.
There was a problem hiding this comment.
En el caso donde custodian_fields es None, está cubierto en el test apply_to_marketplace_works
assert_ok!(GatedMarketplace::apply(
RuntimeOrigin::signed(3),
m_id,
create_application_fields(2),
None
));There was a problem hiding this comment.
Eliminé la función validate_fields y moví la lógica a la función set_up_application debido a que cambié el tipo de retorno de ésta última. La razón inicial de separarlo fue que una devolvía un dipatchresult y la otra una tupla.
pallets/gated-marketplace/src/lib.rs
Outdated
| ) -> DispatchResult { | ||
| let who = ensure_signed(origin)?; | ||
|
|
||
| Self::validate_fields(&fields, &custodian_fields)?; |
There was a problem hiding this comment.
creo que el metodo validate_fields se deberia de llamar dentro de set_up_application, que es donde se encuentra el codigo que causa el issue
There was a problem hiding this comment.
Movi la validación hacia set_up_application y también hice un update en el tipo de retorno para dicha función.
…ce pallet. Removed the separate `validate_fields` function and integrated its validation logic directly into `set_up_application`, providing field validation in the same context as application setup. This resulted in more streamlined validation, ensuring a non-empty fields list and correct matching of fields and custodian fields sizes directly in the application setup. Added error handling for the case that the number of application fields exceeds the maximum limit. - Adjusted the Gated Marketplace pallet structure and error definitions. Added the `ExceedMaxFilesApplication` error to handle scenarios where the number of application files surpasses the allowable maximum. This new error is now part of the error returns in the `enroll_application` and `enroll_self_managed_application` functions, improving the robustness and user feedback of our enrollment operations.
…ate the functionality and error handling of the `apply` function. The test `apply_with_mismatched_number_of_files_and_custodian_files_shouldnt_work` ensures the function returns an error when the number of files and custodian files provided do not match. Similarly, the `apply_with_custodian_but_no_custodian_files_shouldnt_work` test verifies that `apply` correctly rejects applications where a custodian is specified but no files are provided. These tests improve the overall coverage and robustness of our testing for the Gated Marketplace pallet.
| !<ApplicationsByAccount<T>>::contains_key(new_user.clone(), marketplace_id), | ||
| Error::<T>::AlreadyApplied | ||
| ); | ||
| // ensure the origin is owner or admin |
| /// User is already blocked | ||
| UserAlreadyBlocked, | ||
| /// The owner of the NFT is not in the marketplace | ||
| OwnerNotInMarketplace, |
|
GPT summary of 34bfd70: Error: couldn't generate summary |
|
GPT summary of 3d96012: Error: couldn't generate summary PR summary so far: Error: couldn't generate summary |
…work`, to the Gated Marketplace pallet. This test verifies that an application without any fields leads to the `FieldsNotProvided` error. It enhances the test coverage for the `apply` function, ensuring it robustly catches instance where application fields are not provided as intended.
|
GPT summary of 0b8e196: Error: couldn't generate summary PR summary so far: Error: couldn't generate summary |
| } | ||
|
|
||
| #[test] | ||
| fn apply_with_mismatched_number_of_files_and_custodian_files_shouldnt_work() { |
There was a problem hiding this comment.
Nada mas para mantener la consistencia cambiaria "files" por "fields" en el nombre de la prueba
There was a problem hiding this comment.
Falta cambiar el nombre de esta prueba
| } | ||
|
|
||
| #[test] | ||
| fn apply_with_custodian_but_no_custodian_files_shouldnt_work() { |
There was a problem hiding this comment.
Nada mas para mantener la consistencia cambiaria "files" por "fields" en el nombre de la prueba
|
GPT summary of a92088c: Error: couldn't generate summary PR summary so far: Error: couldn't generate summary |
| } | ||
|
|
||
| #[test] | ||
| fn apply_with_mismatched_number_of_files_and_custodian_files_shouldnt_work() { |
There was a problem hiding this comment.
Falta cambiar el nombre de esta prueba
| GatedMarketplace::applicants_by_marketplace(m_id, ApplicationStatus::Pending).len() == | ||
| 1 | ||
| ); | ||
| }); |
|
GPT summary of ae9340d: Error: couldn't generate summary PR summary so far: Error: couldn't generate summary |
didiermis
requested review from
sebastianmontero
and removed request for
tlacloc
Validation Fixes and Tests in Gated Marketplace
Overview
The changes implemented focus on enhancing the gated marketplace pallet by introducing error handling for application setup and enforcing validation checks. The motivation behind these changes is to ensure that applications to the marketplace meet specific criteria, such as having the required fields and adhering to the constraints for custodian relationships. This improvement in validation prevents potential runtime errors and enhances the overall robustness of the marketplace application process.
Tickets
Implementation notes
The implementation involves modifying the
set_up_applicationfunction to return aResulttype, enabling the function to handle errors gracefully by leveraging Rust's error handling paradigm. Additional checks are introduced to ensure that:fieldsprovided for an application are not empty.These checks are accomplished using the
ensure!macro for concise assertions and the.map_errmethod to transform errors from thetry_frommethod into pallet-specific errors.Furthermore, corresponding changes are made in the callers of
set_up_applicationwithin the module to handle theResultreturned by theInteresting/controversial decisions
The decision to enforce strict validation at the application setup stage could be seen as restrictive, especially in scenarios where marketplace dynamics might demand more flexibility.
Test coverage
New tests were added in
tests.rsto cover scenarios involving the new validations. These include tests for applying without fields, applying with mismatched numbers of fields and custodian fields, and exceeding the maximum allowed fields. The tests verify that the system correctly rejects invalid or incomplete applications, and they help ensure that the validations work as intended.