#564 - Added delegated grant support for RecordsDelete (#609)

* Added delegated grant support for RecordsDelete * Merged mainline positive and negative cases of delegated grants into one test to reduce context switching.
TBD54566975 · Nov 16, 2023 · 2081a2e · 2081a2e
1 parent 3f8b405
commit 2081a2e
Show file tree

Hide file tree

Showing 6 changed files with 137 additions and 166 deletions.
diff --git a/json-schemas/interface-methods/records-delete.json b/json-schemas/interface-methods/records-delete.json
@@ -9,7 +9,7 @@
   ],
   "properties": {
     "authorization": {
-      "$ref": "https://identity.foundation/dwn/json-schemas/authorization.json"
+      "$ref": "https://identity.foundation/dwn/json-schemas/authorization-delegated-grant.json"
     },
     "descriptor": {
       "type": "object",

diff --git a/src/core/protocol-authorization.ts b/src/core/protocol-authorization.ts
@@ -468,7 +468,7 @@ export class ProtocolAuthorization {
     if (matchingMessages.length === 0) {
       throw new DwnError(
         DwnErrorCode.ProtocolAuthorizationMissingRole,
-        `No role record found for protocol path ${protocolRole}`
+        `No matching role record found for protocol path ${protocolRole}`
       );
     }
   }

diff --git a/src/interfaces/records-delete.ts b/src/interfaces/records-delete.ts
@@ -1,8 +1,10 @@
+import type { DelegatedGrantMessage } from '../types/delegated-grant-message.js';
 import type { Signer } from '../types/signer.js';
 import type { RecordsDeleteDescriptor, RecordsDeleteMessage } from '../types/records-types.js';
 
 import { AbstractMessage } from '../core/abstract-message.js';
 import { Message } from '../core/message.js';
+import { Records } from '../utils/records.js';
 import { Time } from '../utils/time.js';
 import { DwnInterfaceName, DwnMethodName } from '../enums/dwn-interface-method.js';
 
@@ -11,12 +13,23 @@ export type RecordsDeleteOptions = {
   messageTimestamp?: string;
   protocolRole?: string;
   signer: Signer;
+
+  /**
+   * The delegated grant to sign on behalf of the logical author, which is the grantor (`grantedBy`) of the delegated grant.
+   */
+  delegatedGrant?: DelegatedGrantMessage;
 };
 
 export class RecordsDelete extends AbstractMessage<RecordsDeleteMessage> {
 
   public static async parse(message: RecordsDeleteMessage): Promise<RecordsDelete> {
-    await Message.validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor);
+    let signaturePayload;
+    if (message.authorization !== undefined) {
+      signaturePayload = await Message.validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor);
+    }
+
+    Records.validateDelegatedGrantReferentialIntegrity(message, signaturePayload);
+
     Time.validateTimestamp(message.descriptor.messageTimestamp);
 
     const recordsDelete = new RecordsDelete(message);
@@ -41,8 +54,9 @@ export class RecordsDelete extends AbstractMessage<RecordsDeleteMessage> {
 
     const authorization = await Message.createAuthorization({
       descriptor,
-      signer       : options.signer,
-      protocolRole : options.protocolRole,
+      signer         : options.signer,
+      protocolRole   : options.protocolRole,
+      delegatedGrant : options.delegatedGrant
     });
     const message: RecordsDeleteMessage = { descriptor, authorization };
 

diff --git a/src/utils/records.ts b/src/utils/records.ts
@@ -1,7 +1,7 @@
 import type { DerivedPrivateJwk } from './hd-key.js';
 import type { Readable } from 'readable-stream';
 import type { Filter, GenericSignaturePayload, RangeFilter } from '../types/message-types.js';
-import type { RangeCriterion, RecordsFilter, RecordsQueryMessage, RecordsReadMessage, RecordsWriteDescriptor, RecordsWriteMessage } from '../types/records-types.js';
+import type { RangeCriterion, RecordsDeleteMessage, RecordsFilter, RecordsQueryMessage, RecordsReadMessage, RecordsWriteDescriptor, RecordsWriteMessage } from '../types/records-types.js';
 
 import { Encoder } from './encoder.js';
 import { Encryption } from './encryption.js';
@@ -296,7 +296,7 @@ export class Records {
    *                         Usage of this property is purely for performance optimization so we don't have to decode the signature payload again.
    */
   public static validateDelegatedGrantReferentialIntegrity(
-    message: RecordsReadMessage | RecordsQueryMessage | RecordsWriteMessage,
+    message: RecordsReadMessage | RecordsQueryMessage | RecordsWriteMessage | RecordsDeleteMessage,
     signaturePayload: GenericSignaturePayload | undefined
   ): void {
     // `deletedGrantId` in the payload of the message signature and `authorDelegatedGrant` in `authorization` must both exist or be both undefined