Skip to content

test: verify create_package auth via real Soroban AuthorizedInvocation#326

Merged
kilodesodiq-arch merged 2 commits into
ChainForgee:mainfrom
xJeffx23:test/soroban-authorization-invariants
Jul 17, 2026
Merged

test: verify create_package auth via real Soroban AuthorizedInvocation#326
kilodesodiq-arch merged 2 commits into
ChainForgee:mainfrom
xJeffx23:test/soroban-authorization-invariants

Conversation

@xJeffx23

Copy link
Copy Markdown
Contributor

Summary

Adds tests/authorization.rs to verify create_package's authorization checks against Soroban's real AuthorizedInvocation model instead of the blanket mock_all_auths() bypass used elsewhere in the suite. Closes #___

mock_all_auths() makes every Address::require_auth() call succeed unconditionally, which means no existing test would catch require_admin_or_distributor silently losing its operator.require_auth() call (e.g. via a refactor, or a reentrant token-transfer callback attempting to bypass it). This PR adds tests that construct explicit MockAuth/MockAuthInvoke trees (or zero authorization entries) so a missing or misdirected auth check in create_package actually fails CI.

No changes to src/lib.rsrequire_admin_or_distributor already called operator.require_auth() correctly; this PR only closes the test gap.

Note on acceptance criteria: the issue expected try_create_package to return Error::NotAuthorized when called with zero operator auth. Verified empirically against soroban-sdk 23.4.1: with no authorization entries present, the host traps inside require_auth() itself before the contract can return anything, so the actual result is Err(Err(InvokeError::Abort)), not our contract's Error::NotAuthorized. This is documented in the test file. The literal Error::NotAuthorized return path is covered instead by a second test: an operator who does provide valid self-authorization but holds neither the admin nor distributor role.

Testing

cd app/onchain
cargo test -p aid_escrow --test authorization
cargo test -p aid_escrow   # full suite, no regressions
cargo fmt -p aid_escrow -- --check
cargo clippy -p aid_escrow --tests

All 3 new tests pass. Regression-detection manually verified: temporarily commented out operator.require_auth() in require_admin_or_distributor — create_package_without_any_auth_is_rejected_by_the_host failed as expected, confirming the test actually guards the check (then reverted, no net change to src/lib.rs). Full aid_escrow suite (89 existing tests across all test files) still passes unmodified.

Screenshots

N/A — backend/smart-contract test-only change, no UI surface.

Checklist

  • Tests added or updated for new/changed behavior
  • Existing tests pass
  • No secrets, keys, or seed phrases committed
  • Follows the coding conventions in the relevant service README
  • PR is focused on a single concern

Closes #229

xJeffx23 and others added 2 commits July 15, 2026 14:14
ethnum 1.5.2 relied on mem::transmute(()) to construct a
TryFromIntError, which newer rustc (1.97.0, used by Contract CI)
rejects with E0512 since the type is no longer zero-sized. Upstream
fixed this in 1.5.3 by using a safe constructor instead.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>

Copy link
Copy Markdown
Contributor

Awesome work on this! Thanks for the contribution 🚀 Merging now.

@kilodesodiq-arch
kilodesodiq-arch merged commit 7f0239a into ChainForgee:main Jul 17, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add AuthorizedInvocation tests for distributor role-gating

2 participants