From 6ccffb15b61853bcbd49d4a9cc061c63d3604adc Mon Sep 17 00:00:00 2001
From: nolash <dev@holbrook.no>
Date: Fri, 8 Oct 2021 18:39:22 +0200
Subject: [PATCH] Add trust check to token fetch in cic-eth task

---
 apps/cic-eth/admin_requirements.txt           |  2 +-
 apps/cic-eth/cic_eth/admin/token.py           | 40 +++++++++++++++++--
 apps/cic-eth/cic_eth/error.py                 |  7 +++-
 .../cic-eth/cic_eth/pytest/fixtures_celery.py |  4 ++
 .../cic_eth/runnable/daemons/tasker.py        |  1 +
 apps/cic-eth/cic_eth/task.py                  |  1 +
 apps/cic-eth/services_requirements.txt        |  5 ++-
 .../tests/task/api/test_app_noncritical.py    |  6 +++
 apps/cic-eth/tools_requirements.txt           |  4 +-
 9 files changed, 60 insertions(+), 10 deletions(-)

diff --git a/apps/cic-eth/admin_requirements.txt b/apps/cic-eth/admin_requirements.txt
index 4e9b1a16..1e1957bf 100644
--- a/apps/cic-eth/admin_requirements.txt
+++ b/apps/cic-eth/admin_requirements.txt
@@ -1,5 +1,5 @@
 SQLAlchemy==1.3.20
-cic-eth-registry>=0.6.1a3,<0.7.0
+cic-eth-registry>=0.6.1a5,<0.7.0
 hexathon~=0.0.1a8
 chainqueue>=0.0.4a6,<0.1.0
 eth-erc20>=0.1.2a2,<0.2.0
diff --git a/apps/cic-eth/cic_eth/admin/token.py b/apps/cic-eth/cic_eth/admin/token.py
index ed42c0bb..e595a30a 100644
--- a/apps/cic-eth/cic_eth/admin/token.py
+++ b/apps/cic-eth/cic_eth/admin/token.py
@@ -7,11 +7,16 @@ from chainlib.connection import RPCConnection
 from chainlib.chain import ChainSpec
 from cic_eth_registry.erc20 import ERC20Token
 from hexathon import add_0x
+from eth_address_declarator import Declarator
+from cic_eth_registry import CICRegistry
+from okota.token_index import to_identifier
 
 # local imports
 from cic_eth.task import (
         BaseTask,
         )
+from cic_eth.db.models.role import AccountRole
+from cic_eth.error import TrustError
 
 celery_app = celery.current_app
 logg = logging.getLogger()
@@ -31,8 +36,18 @@ def default_token(self):
 def token(self, tokens, chain_spec_dict):
     chain_spec = ChainSpec.from_dict(chain_spec_dict)
     rpc = RPCConnection.connect(chain_spec, 'default')
+    declarator = Declarator(chain_spec)
 
-    r = []
+    session = self.create_session()
+    sender_address = AccountRole.get_address('DEFAULT', session)
+    sender_address = AccountRole.get_address('DEFAULT', session)
+
+    registry = CICRegistry(chain_spec, rpc)
+    declarator_address = registry.by_name('AddressDeclarator', sender_address=sender_address)
+
+    have_proof = False
+
+    result_data = []
     for token in tokens:
         token_chain_object = ERC20Token(chain_spec, rpc, add_0x(token['address']))
         token_chain_object.load(rpc)
@@ -41,7 +56,26 @@ def token(self, tokens, chain_spec_dict):
             'name': token_chain_object.name,
             'symbol': token_chain_object.symbol,
             'address': token_chain_object.address,
+            'declaration': {},
                 }
-        r.append(token_data)
 
-    return r
+        token_proof_hex = to_identifier(token_chain_object.symbol)
+        logg.debug('token proof to match is {}'.format(token_proof_hex))
+
+        for trusted_address in self.trusted_addresses:
+            o = declarator.declaration(declarator_address, trusted_address, token_chain_object.address, sender_address=sender_address)
+            r = rpc.do(o)
+            declarations = declarator.parse_declaration(r)
+            token_data['declaration'][trusted_address] = declarations
+            logg.debug('declarations for {} by {}: {}'.format(token_chain_object.address, trusted_address, declarations))
+            for declaration in declarations:
+                if declaration == token_proof_hex:
+                    logg.debug('have token proof {} match for trusted address {}'.format(declaration, trusted_address))
+                    have_proof = True
+
+        if not have_proof:
+            raise TrustError('no proof found for token {}'.format(token_chain_object.symbol))
+
+        result_data.append(token_data)
+
+    return result_data
diff --git a/apps/cic-eth/cic_eth/error.py b/apps/cic-eth/cic_eth/error.py
index 3e72a439..7e8dbfa6 100644
--- a/apps/cic-eth/cic_eth/error.py
+++ b/apps/cic-eth/cic_eth/error.py
@@ -48,8 +48,6 @@ class RoleMissingError(Exception):
     pass
 
 
-
-
 class IntegrityError(Exception):
     """Exception raised to signal irregularities with deduplication and ordering of tasks
 
@@ -85,3 +83,8 @@ class RoleAgencyError(SeppukuError):
 class YouAreBrokeError(Exception):
     """Exception raised when a value transfer is attempted without access to sufficient funds
     """
+
+
+class TrustError(Exception):
+    """Exception raised when required trust proofs are missing for a request
+    """
diff --git a/apps/cic-eth/cic_eth/pytest/fixtures_celery.py b/apps/cic-eth/cic_eth/pytest/fixtures_celery.py
index e0f16406..c67014ca 100644
--- a/apps/cic-eth/cic_eth/pytest/fixtures_celery.py
+++ b/apps/cic-eth/cic_eth/pytest/fixtures_celery.py
@@ -16,6 +16,10 @@ def init_celery_tasks(
     contract_roles, 
         ):
     BaseTask.call_address = contract_roles['DEFAULT']
+    BaseTask.trusted_addresses = [
+            contract_roles['TRUSTED_DECLARATOR'],
+            contract_roles['CONTRACT_DEPLOYER'],
+            ]
 
 
 # celery fixtures
diff --git a/apps/cic-eth/cic_eth/runnable/daemons/tasker.py b/apps/cic-eth/cic_eth/runnable/daemons/tasker.py
index d9d7a7f8..14a48485 100644
--- a/apps/cic-eth/cic_eth/runnable/daemons/tasker.py
+++ b/apps/cic-eth/cic_eth/runnable/daemons/tasker.py
@@ -210,6 +210,7 @@ def main():
     default_token.load(conn)
     BaseTask.default_token_decimals = default_token.decimals
     BaseTask.default_token_name = default_token.name
+    BaseTask.trusted_addresses = trusted_addresses
 
     BaseTask.run_dir = config.get('CIC_RUN_DIR')
     logg.info('default token set to {} {}'.format(BaseTask.default_token_symbol, BaseTask.default_token_address))
diff --git a/apps/cic-eth/cic_eth/task.py b/apps/cic-eth/cic_eth/task.py
index 014565dd..149e1800 100644
--- a/apps/cic-eth/cic_eth/task.py
+++ b/apps/cic-eth/cic_eth/task.py
@@ -28,6 +28,7 @@ class BaseTask(celery.Task):
 
     session_func = SessionBase.create_session
     call_address = ZERO_ADDRESS
+    trusted_addresses = []
     create_nonce_oracle = RPCNonceOracle
     create_gas_oracle = RPCGasOracle
     default_token_address = None
diff --git a/apps/cic-eth/services_requirements.txt b/apps/cic-eth/services_requirements.txt
index 64b23722..2f72c989 100644
--- a/apps/cic-eth/services_requirements.txt
+++ b/apps/cic-eth/services_requirements.txt
@@ -6,10 +6,11 @@ redis==3.5.3
 hexathon~=0.0.1a8
 pycryptodome==3.10.1
 liveness~=0.0.1a7
-eth-address-index>=0.2.3a4,<0.3.0
+eth-address-index>=0.2.4a1,<0.3.0
 eth-accounts-index>=0.1.2a3,<0.2.0
-cic-eth-registry>=0.6.1a3,<0.7.0
+cic-eth-registry>=0.6.1a5,<0.7.0
 erc20-faucet>=0.3.2a2,<0.4.0
 erc20-transfer-authorization>=0.3.5a2,<0.4.0
 sarafu-faucet>=0.0.7a2,<0.1.0
 moolb~=0.1.1b2
+okota>=0.2.4a6,<0.3.0
diff --git a/apps/cic-eth/tests/task/api/test_app_noncritical.py b/apps/cic-eth/tests/task/api/test_app_noncritical.py
index 702bd226..77a534fe 100644
--- a/apps/cic-eth/tests/task/api/test_app_noncritical.py
+++ b/apps/cic-eth/tests/task/api/test_app_noncritical.py
@@ -1,7 +1,13 @@
+# standard imports
+import logging
+
 # local imports
 from cic_eth.api.api_task import Api
 from cic_eth.task import BaseTask
 
+logg = logging.getLogger()
+
+
 def test_default_token(
         default_chain_spec,
         foo_token,
diff --git a/apps/cic-eth/tools_requirements.txt b/apps/cic-eth/tools_requirements.txt
index 401bdc8b..384ec37c 100644
--- a/apps/cic-eth/tools_requirements.txt
+++ b/apps/cic-eth/tools_requirements.txt
@@ -1,6 +1,6 @@
-crypto-dev-signer>=0.4.15a7,<=0.4.15
+crypto-dev-signer>=0.4.15rc2,<=0.4.15
 chainqueue>=0.0.5a1,<0.1.0
-cic-eth-registry>=0.6.1a3,<0.7.0
+cic-eth-registry>=0.6.1a6,<0.7.0
 redis==3.5.3
 hexathon~=0.0.1a8
 pycryptodome==3.10.1