Add revocable_by_others to the credential registry template; test it …

…for all combination of parameters
Concordium · Aug 30, 2023 · 800998b · 800998b
1 parent 61071f8
commit 800998b
Show file tree

Hide file tree

Showing 4 changed files with 204 additions and 45 deletions.
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -112,6 +112,46 @@ jobs:
           cd ${{ runner.temp }}/$PROJECT_NAME
           cargo test
 
+  # The credential-registry template generated with the `cargo-generate` command for all combination of parameters
+  # and it is checked that the 'cargo test' command can be executed without errors on the generated smart contract.
+  cargo-generate-templates:
+    name: Credential registry template generation
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        restorable: ["true", "false"]
+        revocable_by_others: ["true", "false"]
+    env:
+      PROJECT_NAME: my-project
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Run cargo-generate
+        uses: cargo-generate/[email protected]
+        with:
+          name: ${{ env.PROJECT_NAME }}
+          template: templates/credential-registry
+          other: "-d description=myProject -d restorable=${{ matrix.restorable }} -d revocable_by_others=${{ matrix.revocable_by_others }}"
+
+      - name: Install toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+
+      # we need to move the generated project to a temp folder, away from the template project
+      # otherwise `cargo` runs would fail
+      # see https://github.com/rust-lang/cargo/issues/9922
+      # Run all tests, including doc tests.
+      - name: Run cargo test
+        run: |
+          mv $PROJECT_NAME ${{ runner.temp }}/
+          cd ${{ runner.temp }}/$PROJECT_NAME
+          cargo test
+
   # All templates are generated with the `cargo-generate` command
   # and it is checked that the schemas can be built as part of the 'clippy' command.
   clippy-template:
@@ -142,7 +182,7 @@ jobs:
         with:
           name: ${{ env.PROJECT_NAME }}
           template: ${{ matrix.crates }}
-          other: "-d description=myProject -d tokenMetadataBaseURL=https://some.example/token/ -d restorable=true"
+          other: "-d description=myProject -d tokenMetadataBaseURL=https://some.example/token/ -d restorable=true -d revocable_by_others=true"
 
       - name: Install toolchain with clippy available
         uses: actions-rs/toolchain@v1

diff --git a/examples/credential-registry/src/lib.rs b/examples/credential-registry/src/lib.rs
@@ -163,9 +163,12 @@ enum ContractError {
     CredentialNotFound,
     CredentialAlreadyExists,
     IncorrectStatusBeforeRevocation,
+
     IncorrectStatusBeforeRestoring,
+
     KeyAlreadyExists,
     KeyDoesNotExist,
+
     NotAuthorized,
     NonceMismatch,
     WrongContract,
@@ -208,8 +211,8 @@ impl<S: HasStateApi> State<S> {
             issuer_key,
             issuer_metadata,
             revocation_keys: state_builder.new_map(),
-            credentials: state_builder.new_map(),
             all_revocation_keys: state_builder.new_set(),
+            credentials: state_builder.new_map(),
             credential_type,
             credential_schema,
         }
@@ -618,6 +621,7 @@ fn init<S: HasStateApi>(
 ) -> InitResult<State<S>> {
     let parameter: InitParams = ctx.parameter_cursor().get()?;
     logger.log(&CredentialEvent::IssuerMetadata(parameter.issuer_metadata.clone()))?;
+
     let mut state = State::new(
         state_builder,
         parameter.issuer_account.unwrap_or_else(|| ctx.init_origin()),
@@ -626,13 +630,15 @@ fn init<S: HasStateApi>(
         parameter.credential_type.clone(),
         parameter.schema.clone(),
     );
+
     for pk in parameter.revocation_keys {
         state.register_revocation_key(pk)?;
         logger.log(&CredentialEvent::RevocationKey(RevocationKeyEvent {
             key:    pk,
             action: RevocationKeyAction::Register,
         }))?;
     }
+
     logger.log(&CredentialEvent::Schema(CredentialSchemaRefEvent {
         credential_type: parameter.credential_type,
         schema_ref:      parameter.schema,
@@ -925,9 +931,9 @@ fn authorize_with_signature(
 /// entrypoint with the holder's public key. The public key is used as the
 /// credential identifier.
 ///
-/// Note that nonce is used as a general way to prevent replay attacks. In this
-/// particular case, the revocation can be reversed by the issuer by restoring
-/// the revoked credential.
+/// Note that nonce is used as a general way to prevent replay attacks. The
+/// issuer can choose to implement a function that restores the revoked
+/// credential.
 ///
 /// Logs `CredentialEvent::Revoke` with `Holder` as the revoker.
 ///
@@ -1648,6 +1654,7 @@ mod tests {
             to_bytes(&CredentialEvent::IssuerMetadata(issuer_metadata())),
             "Incorrect issuer metadata event logged"
         );
+
         claim_eq!(
             logger.logs[1],
             to_bytes(&CredentialEvent::RevocationKey(RevocationKeyEvent {
@@ -1656,6 +1663,7 @@ mod tests {
             })),
             "Incorrect revocation key event logged"
         );
+
         claim_eq!(
             logger.logs[2],
             to_bytes(&CredentialEvent::Schema(CredentialSchemaRefEvent {

diff --git a/templates/credential-registry/cargo-generate.toml b/templates/credential-registry/cargo-generate.toml
@@ -3,4 +3,5 @@ cargo_generate_version = ">= 0.16.0, < 0.19.0"
 
 [placeholders]
 description = { type="string", prompt="Description for the project?" }
+revocable_by_others = { type="bool", prompt="Can credentials be revoked by someone other than the issuer or the holder?", default=true }
 restorable = { type="bool", prompt="Can revocation be canceled?", default=false }