atsign-foundation · gkc · Oct 17, 2024 · Oct 14, 2024 · Oct 15, 2024 · Oct 15, 2024
diff --git a/packages/at_onboarding_cli/CHANGELOG.md b/packages/at_onboarding_cli/CHANGELOG.md
@@ -1,3 +1,5 @@
+## 1.7.1
+- When submitting an enrollment request, check for write permissions of AtKeys file path.
 ## 1.7.0
 - feat: add `auto` command to the activate CLI 
 ## 1.6.4

diff --git a/packages/at_onboarding_cli/lib/src/cli/auth_cli.dart b/packages/at_onboarding_cli/lib/src/cli/auth_cli.dart
@@ -350,8 +350,16 @@ Future<void> enroll(ArgResults argResults, {AtOnboardingService? svc}) async {
   }
 
   File f = File(argResults[AuthCliArgs.argNameAtKeys]);
-  if (f.existsSync()) {
-    stderr.writeln('Error: atKeys file ${f.path} already exists');
+
+  // "_isWritable" attempts to create the directories for the given [file] if they do not exist,
+  // and then tries to open the file in write mode to verify write permissions.
+  //
+  // If the file can be opened for writing, it is immediately closed and deleted.
+  // In [AtOnboardingServiceImpl._generateAtKeysFile] method, there is a check which returns error
+  // if the file already exists. Therefore, delete the file here after checking for write permissions.
+  //
+  // Incase of any exceptions, the error is logged and returned.
+  if (isWritable(f) == false) {
     return;
   }
 
@@ -408,6 +416,52 @@ Future<void> enroll(ArgResults argResults, {AtOnboardingService? svc}) async {
   }
 }
 
+/// Checks if the specified [file] is writable.
+///
+/// This function attempts to create the directories for the given [file] if they do not exist,
+/// and then tries to open the file in write mode to verify write permissions.
+/// If the file can be opened for writing, it is immediately closed and deleted.
+///
+/// Returns:
+/// - `true` if the file is writable, or
+/// - `false` if the file is not writable due to existing files, lack of permissions,
+///   or any other exceptions encountered during the process.
+///
+/// [file]: The [File] instance to check for write access.
+///
+/// Exceptions:
+/// - If the file already exists, a [PathExistsException] is caught, and an error message is printed to stderr.
+/// - If the file does not have write permissions, a [PathAccessException] is caught, and an error message is printed to stderr.
+/// - Any other exceptions are caught and logged, indicating a failure to determine write access.
+@visibleForTesting
+bool isWritable(File file) {
+  try {
+    // If the directories do not exist, create them.
+    // "recursive" is set to true to ensure that any missing parent directories are created.
+    // "exclusive" is set to true to check if the file already exists; if it does,
+    // an error will be logged and returned.
+    file.createSync(recursive: true, exclusive: true);
+    // Try opening the file in write mode, which requires write permissions
+    RandomAccessFile raf = file.openSync(mode: FileMode.write);
+    raf.closeSync();
+    // In [AtOnboardingServiceImpl._generateAtKeysFile] method, there is a check which returns error
+    // if the file already exists. Therefore, delete the file here after checking for write permissions.
+    file.deleteSync();
+    return true;
+  } on PathExistsException {
+    stderr.writeln('Error: atKeys file ${file.path} already exists');
+    return false;
+  } on PathAccessException {
+    stderr.writeln(
+        'Error : atKeys file ${file.path} does not have write permissions');
+    return false;
+  } catch (e) {
+    // If any exception occurs, we assume the file is not writable
+    stderr.writeln('Error in writing to atKeys file: ${e.toString()}');
+    return false;
+  }
+}
+
 @visibleForTesting
 Future<void> setSpp(ArgResults argResults, AtClient atClient) async {
   String spp = argResults[AuthCliArgs.argNameSpp];

diff --git a/packages/at_onboarding_cli/pubspec.yaml b/packages/at_onboarding_cli/pubspec.yaml
@@ -1,6 +1,6 @@
 name: at_onboarding_cli
 description: Dart tools for initial client onboarding, subsequent client enrollment, and enrollment management.
-version: 1.7.0
+version: 1.7.1
 repository: https://github.com/atsign-foundation/at_libraries
 homepage: https://atsign.com
 documentation: https://docs.atsign.com/

diff --git a/packages/at_onboarding_cli/test/auth_cli_test.dart b/packages/at_onboarding_cli/test/auth_cli_test.dart
@@ -0,0 +1,43 @@
+import 'dart:io';
+
+import 'package:at_onboarding_cli/src/cli/auth_cli.dart';
+import 'package:test/test.dart';
+
+void main() {
+  final baseDirPath = 'test/keys';
+  group('A group of tests to verify write permission of apkam file path', () {
+    final dirPath = '$baseDirPath/@alice-apkam-keys.atKeys';
+
+    test(
+        'A test to verify isWritable returns false if directory has read-only permissions',
+        () async {
+      final directory = Directory(dirPath);
+      // Create the directory first to ensure it exists before calling isWritable.
+      await directory.create(recursive: true);
+      // Set permission to read only.
+      await Process.run('chmod', ['444', baseDirPath]);
+      expect(isWritable(File(dirPath)), false);
+    });
+
+    test(
+        'A test to verify isWritable returns false if file already exists in the directory',
+        () async {
+      final directory = Directory(dirPath);
+      // Create the directory first to ensure it exists before calling isWritable.
+      await directory.create(recursive: true);
+      expect(isWritable(File(dirPath)), false);
+    });
+
+    test(
+        'A test verify isWritable returns true if directory does not have a file already',
+        () {
+      expect(isWritable(File(dirPath)), true);
+    });
+  });
+
+  tearDown(() async {
+    // Set full permissions to delete the directory.
+    await Process.run('chmod', ['777', baseDirPath]);
+    Directory(baseDirPath).deleteSync(recursive: true);
+  });
+}