From 5febfbbbf6f103c5eb6deab22ab34e475175911e Mon Sep 17 00:00:00 2001 From: mtls-bot Date: Thu, 4 Jun 2026 05:07:40 +0300 Subject: [PATCH] fix: reject kyc remove vc through did --- x/did/keeper/msg_server.go | 5 ++ .../msg_server_reserved_service_test.go | 51 +++++++++++++++++++ x/did/types/errors.go | 2 + 3 files changed, 58 insertions(+) create mode 100644 x/did/keeper/msg_server_reserved_service_test.go diff --git a/x/did/keeper/msg_server.go b/x/did/keeper/msg_server.go index c4a56dbd6..b3ab61da6 100755 --- a/x/did/keeper/msg_server.go +++ b/x/did/keeper/msg_server.go @@ -7,6 +7,7 @@ import ( "cosmossdk.io/errors" sdk "github.com/cosmos/cosmos-sdk/types" "github.com/openmetaearth/me-hub/x/did/types" + kyctypes "github.com/openmetaearth/me-hub/x/kyc/types" ) type msgServer struct { @@ -214,6 +215,10 @@ func (m msgServer) UpdateVC(goCtx context.Context, msg *types.MsgUpdateVC) (*typ func (m msgServer) RemoveVC(goCtx context.Context, msg *types.MsgRemoveVC) (*types.MsgRemoveVCResponse, error) { ctx := sdk.UnwrapSDKContext(goCtx) + if msg.Sid == kyctypes.ModuleName { + return &types.MsgRemoveVCResponse{}, types.ErrReservedCredentialService + } + // check credential service svc, found := m.GetService(ctx, msg.Sid) if !found || svc.Status != types.SERVICE_STATUS_ACTIVE { diff --git a/x/did/keeper/msg_server_reserved_service_test.go b/x/did/keeper/msg_server_reserved_service_test.go new file mode 100644 index 000000000..271245880 --- /dev/null +++ b/x/did/keeper/msg_server_reserved_service_test.go @@ -0,0 +1,51 @@ +package keeper_test + +import ( + "testing" + + errorsmod "cosmossdk.io/errors" + sdk "github.com/cosmos/cosmos-sdk/types" + keepertest "github.com/openmetaearth/me-hub/testutil/keeper" + didkeeper "github.com/openmetaearth/me-hub/x/did/keeper" + didtypes "github.com/openmetaearth/me-hub/x/did/types" + kyctypes "github.com/openmetaearth/me-hub/x/kyc/types" + "github.com/stretchr/testify/require" +) + +func TestMsgServerRemoveVCRejectsKycReservedSid(t *testing.T) { + k, ctx := keepertest.DidKeeper(t) + msgServer := didkeeper.NewMsgServerImpl(k) + + issuerAddr := sdk.MustAccAddressFromBech32("me1kjnt3ypezt3yf58w8upujvejdtt5xsvkq5dpk4") + issuerDid := "0000000000000001" + holderDid := "1000000000000001" + regionFilter := []byte("me_earth") + + k.SetDID(ctx, issuerAddr, issuerDid) + k.SetDidInfo(ctx, issuerDid, didtypes.DidInfo{ + Did: issuerDid, + Status: didtypes.DID_STATUS_ACTIVE, + }) + k.SetDidInfo(ctx, holderDid, didtypes.DidInfo{ + Did: holderDid, + Status: didtypes.DID_STATUS_ACTIVE, + }) + k.SetService(ctx, kyctypes.ModuleName, didtypes.Service{ + Sid: kyctypes.ModuleName, + Issuers: []string{issuerDid}, + Status: didtypes.SERVICE_STATUS_ACTIVE, + }) + + credential := didtypes.NewCredential(holderDid, kyctypes.ModuleName, "hash", "uri", regionFilter) + k.SetCredential(ctx, holderDid, kyctypes.ModuleName, credential) + k.AddFilters(ctx, holderDid, kyctypes.ModuleName, [][]byte{regionFilter}, credential) + + _, err := msgServer.RemoveVC(ctx, didtypes.NewMsgRemoveVC(issuerAddr.String(), holderDid, kyctypes.ModuleName)) + + require.Error(t, err) + require.True(t, errorsmod.IsOf(err, didtypes.ErrReservedCredentialService)) + require.True(t, k.HasCredential(ctx, holderDid, kyctypes.ModuleName)) + filters, found := k.GetFilters(ctx, holderDid, kyctypes.ModuleName) + require.True(t, found) + require.Equal(t, [][]byte{regionFilter}, filters) +} diff --git a/x/did/types/errors.go b/x/did/types/errors.go index 9d3af4c93..115622752 100755 --- a/x/did/types/errors.go +++ b/x/did/types/errors.go @@ -31,4 +31,6 @@ var ( ErrCredentialExists = errors.Register(ModuleName, 150, "credential already exists") ErrCredentialNotFound = errors.Register(ModuleName, 151, "credential not found") + + ErrReservedCredentialService = errors.Register(ModuleName, 160, "reserved credential service") )