Skip to content

Commit

Permalink
Disallow setting FactorSource for ROLA to one with an unsupported/dis…
Browse files Browse the repository at this point in the history
…allowed FactorSourceKind - add query methods which can query which kinds are supported/if a kind is supported
  • Loading branch information
Sajjon committed Dec 20, 2024
1 parent 8d0d109 commit 717cd3d
Show file tree
Hide file tree
Showing 3 changed files with 152 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,29 @@ impl SecurityShieldBuilder {

#[uniffi::export]
impl SecurityShieldBuilder {
/// "Statically" queries which FactorSourceKinds are disallowed for authentication signing.
pub fn disallowed_factor_source_kinds_for_authentication_signing(
&self,
) -> Vec<FactorSourceKind> {
sargon::SecurityShieldBuilder::disallowed_factor_source_kinds_for_authentication_signing().into_type()
}

/// "Statically" queries which FactorSourceKinds are allowed for authentication signing.
pub fn allowed_factor_source_kinds_for_authentication_signing(
&self,
) -> Vec<FactorSourceKind> {
sargon::SecurityShieldBuilder::allowed_factor_source_kinds_for_authentication_signing().into_type()
}

/// "Statically" queries if `factor_source_kind`` is allowed for authentication signing.
pub fn is_allowed_factor_source_kind_for_authentication_signing(
&self,
factor_source_kind: FactorSourceKind,
) -> bool {
sargon::SecurityShieldBuilder::is_allowed_factor_source_kind_for_authentication_signing(
factor_source_kind.clone().into())
}

pub fn addition_of_factor_source_of_kind_to_primary_threshold_is_fully_valid(
&self,
factor_source_kind: FactorSourceKind,
Expand Down Expand Up @@ -561,6 +584,35 @@ mod tests {
#[allow(clippy::upper_case_acronyms)]
type SUT = SecurityShieldBuilder;

#[test]
fn rola() {
let sut = SUT::new();
assert_eq!(sut.disallowed_factor_source_kinds_for_authentication_signing().len(), sargon::SecurityShieldBuilder::disallowed_factor_source_kinds_for_authentication_signing().len());

assert_eq!(sut.allowed_factor_source_kinds_for_authentication_signing().len(), sargon::SecurityShieldBuilder::allowed_factor_source_kinds_for_authentication_signing().len());

assert!(
sut.is_allowed_factor_source_kind_for_authentication_signing(
FactorSourceKind::Device
)
);
assert!(
!sut.is_allowed_factor_source_kind_for_authentication_signing(
FactorSourceKind::Password
)
);
assert!(
!sut.is_allowed_factor_source_kind_for_authentication_signing(
FactorSourceKind::TrustedContact
)
);
assert!(
!sut.is_allowed_factor_source_kind_for_authentication_signing(
FactorSourceKind::SecurityQuestions
)
);
}

#[test]
fn test() {
let sut = SUT::new();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -120,11 +120,26 @@ impl SecurityShieldBuilder {
self
}

/// Sets the ROLA (authentication signing) factor to `new` if and only if
/// `new` is not Some(invalid), where invalid is defined by `allowed_factor_source_kinds_for_authentication_signing`,
/// that is, it checks the `FactorSourceKind` of the factor, according to the
/// rules defined in [doc][doc].
///
/// [doc]: https://radixdlt.atlassian.net/wiki/spaces/AT/pages/3758063620/MFA+Rules+for+Factors+and+Security+Shield
pub fn set_authentication_signing_factor(
&self,
new: impl Into<Option<FactorSourceID>>,
) -> &Self {
*self.authentication_signing_factor.write().unwrap() = new.into();
let new = new.into();
if let Some(new) = new.as_ref() {
if !Self::is_allowed_factor_source_kind_for_authentication_signing(
new.get_factor_source_kind(),

Check warning on line 136 in crates/sargon/src/profile/mfa/security_structures/security_shield_builder.rs

View check run for this annotation

Codecov / codecov/patch

crates/sargon/src/profile/mfa/security_structures/security_shield_builder.rs#L135-L136

Added lines #L135 - L136 were not covered by tests
) {
warn!("Invalid FactorSourceKind for ROLA");
return self;
}
}
*self.authentication_signing_factor.write().unwrap() = new;
self
}

Expand Down Expand Up @@ -295,6 +310,30 @@ impl SecurityShieldBuilder {
}

impl SecurityShieldBuilder {
pub fn disallowed_factor_source_kinds_for_authentication_signing(
) -> IndexSet<FactorSourceKind> {
IndexSet::from_iter([
FactorSourceKind::Password,
FactorSourceKind::SecurityQuestions,
FactorSourceKind::TrustedContact,
])
}

pub fn allowed_factor_source_kinds_for_authentication_signing(
) -> IndexSet<FactorSourceKind> {
let all = FactorSourceKind::all();
let disallowed =
Self::disallowed_factor_source_kinds_for_authentication_signing();
all.difference(&disallowed).cloned().collect()
}

pub fn is_allowed_factor_source_kind_for_authentication_signing(
factor_source_kind: FactorSourceKind,
) -> bool {
Self::allowed_factor_source_kinds_for_authentication_signing()
.contains(&factor_source_kind)
}

/// Returns `true` for `Ok` and `Err(NotYetValid)`.
pub fn addition_of_factor_source_of_kind_to_primary_threshold_is_valid_or_can_be(
&self,
Expand Down Expand Up @@ -583,6 +622,49 @@ mod tests {
assert_eq!(sut.get_threshold(), 42);
}

#[test]
fn allowed_rola() {
let allowed =
SUT::allowed_factor_source_kinds_for_authentication_signing();
assert_eq!(
allowed,
IndexSet::<FactorSourceKind>::from_iter([
FactorSourceKind::LedgerHQHardwareWallet,
FactorSourceKind::ArculusCard,
FactorSourceKind::OffDeviceMnemonic,
FactorSourceKind::Device,
])
);
}

#[test]
fn is_allowed_rola() {
let disallowed =
SUT::disallowed_factor_source_kinds_for_authentication_signing();
assert!(disallowed.iter().all(|k| {
!SUT::is_allowed_factor_source_kind_for_authentication_signing(*k)
}));
}

#[test]
fn test_invalid_rola_kind_does_not_change_rola() {
let sut = SUT::new();
assert!(sut.get_authentication_signing_factor().is_none());
let valid = FactorSourceID::sample_device();
sut.set_authentication_signing_factor(valid);
assert_eq!(sut.get_authentication_signing_factor().unwrap(), valid);

let invalid_factors = vec![
FactorSourceID::sample_password(),
FactorSourceID::sample_security_questions(),
FactorSourceID::sample_trusted_contact(),
];
for invalid in invalid_factors {
sut.set_authentication_signing_factor(invalid); // should not have changed anything
}
assert_eq!(sut.get_authentication_signing_factor().unwrap(), valid);
}

#[test]
fn test() {
let sut = SUT::default();
Expand Down
22 changes: 17 additions & 5 deletions crates/sargon/src/profile/v100/factors/factor_source_kind.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ use crate::prelude::*;
Eq,
Hash,
PartialOrd,
enum_iterator::Sequence,
Ord,
)]
pub enum FactorSourceKind {
Expand Down Expand Up @@ -93,6 +94,13 @@ pub enum FactorSourceKind {
TrustedContact,
}

impl FactorSourceKind {
/// All FactorSourceKind
pub fn all() -> IndexSet<Self> {
enum_iterator::all::<Self>().collect()
}
}

impl FactorSourceKind {
pub fn discriminant(&self) -> String {
// We do `to_value.as_str` instead of `to_string(_pretty)` to avoid unwanted quotation marks around the string.
Expand Down Expand Up @@ -168,6 +176,15 @@ mod tests {
#[allow(clippy::upper_case_acronyms)]
type SUT = FactorSourceKind;

#[test]
fn ord() {
assert!(SUT::Device < SUT::TrustedContact);
let unsorted = SUT::all(); // is in fact sorted
let mut sorted = unsorted.clone();
sorted.sort();
assert_eq!(unsorted, sorted);
}

#[test]
fn string_roundtrip() {
use FactorSourceKind::*;
Expand Down Expand Up @@ -214,11 +231,6 @@ mod tests {
);
}

#[test]
fn ord() {
assert!(SUT::Device < SUT::TrustedContact);
}

#[test]
fn discriminant() {
assert_eq!(SUT::Device.discriminant(), "device");
Expand Down

0 comments on commit 717cd3d

Please sign in to comment.