Add trust check to token fetch in cic-eth task

apps/cic-eth/admin_requirements.txt

@@ -1,5 +1,5 @@
 SQLAlchemy==1.3.20
-cic-eth-registry>=0.6.1a3,<0.7.0
+cic-eth-registry>=0.6.1a5,<0.7.0
 hexathon~=0.0.1a8
 chainqueue>=0.0.4a6,<0.1.0
 eth-erc20>=0.1.2a2,<0.2.0

apps/cic-eth/cic_eth/admin/token.py

@@ -7,11 +7,16 @@ from chainlib.connection import RPCConnection
 from chainlib.chain import ChainSpec
 from cic_eth_registry.erc20 import ERC20Token
 from hexathon import add_0x
+from eth_address_declarator import Declarator
+from cic_eth_registry import CICRegistry
+from okota.token_index import to_identifier
 
 # local imports
 from cic_eth.task import (
         BaseTask,
         )
+from cic_eth.db.models.role import AccountRole
+from cic_eth.error import TrustError
 
 celery_app = celery.current_app
 logg = logging.getLogger()
@@ -31,8 +36,18 @@ def default_token(self):
 def token(self, tokens, chain_spec_dict):
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     rpc = RPCConnection.connect(chain_spec, 'default')
+    declarator = Declarator(chain_spec)
 
-    r = []
+    session = self.create_session()
+    sender_address = AccountRole.get_address('DEFAULT', session)
+    sender_address = AccountRole.get_address('DEFAULT', session)
+
+    registry = CICRegistry(chain_spec, rpc)
+    declarator_address = registry.by_name('AddressDeclarator', sender_address=sender_address)
+
+    have_proof = False
+
+    result_data = []
     for token in tokens:
         token_chain_object = ERC20Token(chain_spec, rpc, add_0x(token['address']))
         token_chain_object.load(rpc)
@@ -41,7 +56,26 @@ def token(self, tokens, chain_spec_dict):
             'name': token_chain_object.name,
             'symbol': token_chain_object.symbol,
             'address': token_chain_object.address,
+            'declaration': {},
                 }
-        r.append(token_data)
 
-    return r
+        token_proof_hex = to_identifier(token_chain_object.symbol)
+        logg.debug('token proof to match is {}'.format(token_proof_hex))
+
+        for trusted_address in self.trusted_addresses:
+            o = declarator.declaration(declarator_address, trusted_address, token_chain_object.address, sender_address=sender_address)
+            r = rpc.do(o)
+            declarations = declarator.parse_declaration(r)
+            token_data['declaration'][trusted_address] = declarations
+            logg.debug('declarations for {} by {}: {}'.format(token_chain_object.address, trusted_address, declarations))
+            for declaration in declarations:
+                if declaration == token_proof_hex:
+                    logg.debug('have token proof {} match for trusted address {}'.format(declaration, trusted_address))
+                    have_proof = True
+
+        if not have_proof:
+            raise TrustError('no proof found for token {}'.format(token_chain_object.symbol))
+
+        result_data.append(token_data)
+
+    return result_data

apps/cic-eth/cic_eth/error.py

@@ -48,8 +48,6 @@ class RoleMissingError(Exception):
     pass
 
 
-
-
 class IntegrityError(Exception):
     """Exception raised to signal irregularities with deduplication and ordering of tasks
 
@@ -85,3 +83,8 @@ class RoleAgencyError(SeppukuError):
 class YouAreBrokeError(Exception):
     """Exception raised when a value transfer is attempted without access to sufficient funds
     """
+
+
+class TrustError(Exception):
+    """Exception raised when required trust proofs are missing for a request
+    """

apps/cic-eth/cic_eth/pytest/fixtures_celery.py

@@ -16,6 +16,10 @@ def init_celery_tasks(
     contract_roles, 
         ):
     BaseTask.call_address = contract_roles['DEFAULT']
+    BaseTask.trusted_addresses = [
+            contract_roles['TRUSTED_DECLARATOR'],
+            contract_roles['CONTRACT_DEPLOYER'],
+            ]
 
 
 # celery fixtures

apps/cic-eth/cic_eth/runnable/daemons/tasker.py

@@ -210,6 +210,7 @@ def main():
     default_token.load(conn)
     BaseTask.default_token_decimals = default_token.decimals
     BaseTask.default_token_name = default_token.name
+    BaseTask.trusted_addresses = trusted_addresses
 
     BaseTask.run_dir = config.get('CIC_RUN_DIR')
     logg.info('default token set to {} {}'.format(BaseTask.default_token_symbol, BaseTask.default_token_address))

apps/cic-eth/cic_eth/task.py

@@ -28,6 +28,7 @@ class BaseTask(celery.Task):
 
     session_func = SessionBase.create_session
     call_address = ZERO_ADDRESS
+    trusted_addresses = []
     create_nonce_oracle = RPCNonceOracle
     create_gas_oracle = RPCGasOracle
     default_token_address = None

apps/cic-eth/services_requirements.txt

@@ -6,10 +6,11 @@ redis==3.5.3
 hexathon~=0.0.1a8
 pycryptodome==3.10.1
 liveness~=0.0.1a7
-eth-address-index>=0.2.3a4,<0.3.0
+eth-address-index>=0.2.4a1,<0.3.0
 eth-accounts-index>=0.1.2a3,<0.2.0
-cic-eth-registry>=0.6.1a3,<0.7.0
+cic-eth-registry>=0.6.1a5,<0.7.0
 erc20-faucet>=0.3.2a2,<0.4.0
 erc20-transfer-authorization>=0.3.5a2,<0.4.0
 sarafu-faucet>=0.0.7a2,<0.1.0
 moolb~=0.1.1b2
+okota>=0.2.4a6,<0.3.0

apps/cic-eth/tests/task/api/test_app_noncritical.py

@@ -1,7 +1,13 @@
+# standard imports
+import logging
+
 # local imports
 from cic_eth.api.api_task import Api
 from cic_eth.task import BaseTask
 
+logg = logging.getLogger()
+
+
 def test_default_token(
         default_chain_spec,
         foo_token,

apps/cic-eth/tools_requirements.txt

@@ -1,6 +1,6 @@
-crypto-dev-signer>=0.4.15a7,<=0.4.15
+crypto-dev-signer>=0.4.15rc2,<=0.4.15
 chainqueue>=0.0.5a1,<0.1.0
-cic-eth-registry>=0.6.1a3,<0.7.0
+cic-eth-registry>=0.6.1a6,<0.7.0
 redis==3.5.3
 hexathon~=0.0.1a8
 pycryptodome==3.10.1