Feature/lit 3017 auth unification migrate actual tests #440
Conversation
Ansonhkg
requested review from
glitch003,
joshLong145,
MaximusHaximus,
DashKash54,
FedericoAmura and
jtary
Ansonhkg
changed the base branch from
master
to
feature/lit-2958-auth-unification-ts-tests
The tests & the helper function |
There was a problem hiding this comment.
All these tests have been tested against the Auth Uni node PR by spinning up the local nodes? Have they also been tested on Manzano?
Can we add some tests for that fail due to the PKP SessionSigs not having enough resource permissions?
So to summarize this PR tests all the functionality with eoaSessionSigs, pkpSessionSigs & litActionSessionSigs?
| ability: LitAbility.LitActionExecution, | ||
| }, | ||
| ], | ||
| capabilityAuthSigs: [capacityDelegationAuthSig], |
There was a problem hiding this comment.
Is there any way of knowing whether the Capacity credit was used? It's enforced on Manzano & Habanero but I think you're these tests against local nodes where capacity credits aren't required?
There was a problem hiding this comment.
You're testing it against only the local nodes since Manzano won't have these changes? But local nodes don't enforce capacity credits so we aren't really testing this? @Ansonhkg
|
|
||
| const regex = /urn:recap:[\w+\/=]+/g; | ||
|
|
||
| const recaps = bobsSingleSessionSig.signedMessage.match(regex) || []; |
There was a problem hiding this comment.
Will EOA sessionSigs always contain Lit Action/PKP Sign resources?
There was a problem hiding this comment.
yea, if you don't provide them. It's just a helper function within the test environment so won't be used in the sdk
There was a problem hiding this comment.
I'm sorry I didn't get it. In the actual SDK does the EOA sessionSig by default have these resources? I think it's enforced by the nodes? @Ansonhkg
There was a problem hiding this comment.
no, in the actual SDK we don't have set resources by default.
There was a problem hiding this comment.
How is it different from testDelegatingCapacityCreditsNFTToAnotherWalletToExecuteJs?
What do you mean by unspecified capacity token? In case of it being specified where exactly is it specified?
There was a problem hiding this comment.
unspecified capacity token - meaning you are having the capacityTokenId field omitted in the SDK, which also mean that you are having the nft_id omitted from the node side, which means that there's no nft_id to scope into, aka. the function does not limit the scope of the query to specific NFT IDs, meaning it assumes that all NFTs owned by the user (as determined by their address) are eligible.
There was a problem hiding this comment.
To ensure that we're on the same page, can you please explain what capacityTokenId & nft_id are used for. An example would help @Ansonhkg
There was a problem hiding this comment.
capacityTokenId is the sdk param, and nft_id is the node param
|
|
||
| const appOwnersCapacityDelegationAuthSig = ( | ||
| await devEnv.litNodeClient.createCapacityDelegationAuthSig({ | ||
| dAppOwnerWallet: alice.wallet, |
There was a problem hiding this comment.
Why do we have multiple ways to create a delegationAuthSig? Wouldn't this confuse the users? Why is providing dAppOwnerWallet when you can simply create the authSig with the wallet itself?
There was a problem hiding this comment.
we do not have multiple ways to create it, those you saw are helper functions within the test.
re: dAppOwnerWallet you can simply create the authSig yourself
yes, you technically can, but this function has an explicit behaviour that matches user's intention when they call it, whereas "simply create the authSig yourself" is implicit, you can use it if you know what you're doing.
There was a problem hiding this comment.
So this is only for testing? The SDK only provides a one way to do so? @Ansonhkg
There was a problem hiding this comment.
no, the SDK now provides 3 ways using the as outlined in this PR #436
a generic one with implicit behaviour, and 2 with explicit behaviours
local-tests/tests/testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptFile.ts
Show resolved
Hide resolved
local-tests/tests/testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptFile.ts
Outdated
Show resolved
Hide resolved
local-tests/tests/testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptFile.ts
Outdated
Show resolved
Hide resolved
| Lit.Actions.claimKey({keyId: "foo"}); | ||
| Lit.Actions.claimKey({keyId: "bar"}); |
There was a problem hiding this comment.
Isn't there a step required before claiming a PKP? Someone has to make it claimable right or can anyone claim any PKP? @joshLong145
There was a problem hiding this comment.
@DashKash54 the keyId is postfixed with the ipfs id so it makes the claim unique to the Lit Action. So you are only claim in context to the lit action as the app id
There was a problem hiding this comment.
Hmm I thought the app had to do something before for making the PKP claimable. Turns out your just need to provide the keyId? @joshLong145
There was a problem hiding this comment.
@Ansonhkg Can you please double check all you interfaces against the node counter parts eg: https://github.com/LIT-Protocol/lit-assets/blob/aff82c4381139476aeaa6faa814069b184d38d39/rust/lit-node/src/models/mod.rs#L177
Note, some params are still accepted in the nodes for backwards compatible reasons but they don't need to be present in the SDK as we're not making the SDK backwards compatible with the older node versions
For instance, we don't allow passing an AuthSig for signSessionKey: https://github.com/LIT-Protocol/lit-assets/blob/aff82c4381139476aeaa6faa814069b184d38d39/rust/lit-node/src/endpoints/versions/v1.rs#L59
There are bunch of other restrictions for the v1 endpoint in the above node file. We should make the SDK interfaces compatible with those restriction as well
There was a problem hiding this comment.
@Ansonhkg this comment is remaining
There was a problem hiding this comment.
Yea has been addressed in one of the comments below, will double check again here #435
packages/lit-node-client-nodejs/src/lib/lit-node-client-nodejs.ts
Outdated
Show resolved
Hide resolved
| statement, | ||
| } = params; | ||
| // Useful log for debugging | ||
| if (!params.delegateeAddresses || params.delegateeAddresses.length === 0) { |
There was a problem hiding this comment.
How about making passing delegateeAddresses mandatory & when provided empty array that means anyone can use it?
There was a problem hiding this comment.
What do you think @Ansonhkg?
There was a problem hiding this comment.
Providing an empty array means no one can use it though, I think we should not allow an empty array instead. btw the log message has been updated in another PR that's merged to the staging. Noting it here #435
packages/lit-node-client-nodejs/src/lib/lit-node-client-nodejs.ts
Outdated
Show resolved
Hide resolved
packages/lit-node-client-nodejs/src/lib/lit-node-client-nodejs.ts
Outdated
Show resolved
Hide resolved
packages/lit-node-client-nodejs/src/lib/lit-node-client-nodejs.ts
Outdated
Show resolved
Hide resolved
packages/lit-node-client-nodejs/src/lib/lit-node-client-nodejs.ts
Outdated
Show resolved
Hide resolved
decriptedFile: Uint8Array(11) [ 72, 101, 108, 108, 111, 32, 119, 111, 114, 108, 100 ] ✔ 1. testUseValidLitActionCodeGeneratedSessionSigsToEncryptDecryptFile - Passed (5459.23 ms)
packages/types/src/lib/interfaces.ts
Outdated
| * FIXME: We should create a separate interface for JsExecutionRequestBody | ||
| * a body that the SDK accepts, and another one the node actually accepts. |
There was a problem hiding this comment.
Why can't we have a single interface?
| statement: authCallbackParams.statement, | ||
| sessionKey: params.sessionSigsParams.sessionKey, | ||
| authSpecificData = { | ||
| authSig: JSON.parse(params.authMethod.accessToken), |
There was a problem hiding this comment.
SignSessionKey no longer accepts AuthSig
|
Responded to your comments & left a couple new comments. After these are addresses this is good to merge 😄 @Ansonhkg |
There was a problem hiding this comment.
Approving the PRs though there are still some unresolved comments which aren't addressed. Please address those and resolve. Great job @Ansonhkg 🚀
…github.com/LIT-Protocol/js-sdk into feature/lit-3017-auth-unification-migrate-actual-tests
Ansonhkg
merged commit abd27c2
into
feature/lit-2958-auth-unification-ts-tests
Ansonhkg
deleted the
feature/lit-3017-auth-unification-migrate-actual-tests
branch
Description
This PR merges several other PRs #439 #438 #436, so we can run the tests as they rely on the new features introduced in those branches.
Please check this directory for all the tests
Changes
dataToHash, but it turns out that the string of the hashed access control string must be prepended before it. See 72bcd8d.node-fetchis needed when running against local tests for some reasons. The package is added a dev dependency so won't affect production. It's only being used in this test. 757d588Also want to note that we should write scenario in the test/JsDocs for more complex operations, see example
js-sdk/local-tests/tests/testDelegatingCapacityCreditsNFTToAnotherWalletToExecuteJs.ts
Lines 6 to 19 in 757d588
Type of change
How Has This Been Tested?
Checklist: