Revert "Improve authorization checks for CN app APIs (#2509)" (#3308)

This reverts commit 0e47bd9 / PR #2509

[ci]

This is to de risk the (expedided) 0.5.4 release.

We'll undo this merge right after 0.5.4 is cut.

Signed-off-by: Martin Florian <martin.florian@digitalasset.com>

Author: martinflorian-da

apps/app/src/main/scala/org/lfdecentralizedtrust/splice/console/ScanAppReference.scala

@@ -59,7 +59,7 @@ import org.lfdecentralizedtrust.splice.codegen.java.splice.dsorules.{
   DsoRules_CloseVoteRequestResult,
   VoteRequest,
 }
-import org.lfdecentralizedtrust.splice.sv.admin.api.client.commands.HttpSvOperatorAppClient
+import org.lfdecentralizedtrust.splice.sv.admin.api.client.commands.HttpSvAdminAppClient
 
 import scala.jdk.OptionConverters.*
 import java.time.Instant
@@ -674,7 +674,7 @@ abstract class ScanAppReference(
   ): Contract[VoteRequest.ContractId, VoteRequest] = {
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.LookupVoteRequest(trackingCid)()
+        HttpSvAdminAppClient.LookupVoteRequest(trackingCid)()
       )
     }
   }

apps/app/src/main/scala/org/lfdecentralizedtrust/splice/console/SvAppReference.scala

@@ -22,13 +22,12 @@ import org.lfdecentralizedtrust.splice.http.v0.definitions
 import org.lfdecentralizedtrust.splice.sv.{SvApp, SvAppBootstrap, SvAppClientConfig}
 import org.lfdecentralizedtrust.splice.sv.admin.api.client.commands.{
   HttpSvAdminAppClient,
-  HttpSvOperatorAppClient,
-  HttpSvPublicAppClient,
+  HttpSvAppClient,
 }
 import org.lfdecentralizedtrust.splice.sv.automation.{
   DsoDelegateBasedAutomationService,
-  SvDsoAutomationService,
   SvSvAutomationService,
+  SvDsoAutomationService,
 }
 import org.lfdecentralizedtrust.splice.sv.config.SvAppBackendConfig
 import org.lfdecentralizedtrust.splice.sv.migration.{DomainDataSnapshot, SynchronizerNodeIdentities}
@@ -55,51 +54,46 @@ abstract class SvAppReference(
   def onboardValidator(validator: PartyId, secret: String, contactPoint: String): Unit =
     consoleEnvironment.run {
       httpCommand(
-        HttpSvPublicAppClient.OnboardValidator(
-          validator,
-          secret,
-          BuildInfo.compiledVersion,
-          contactPoint,
-        )
+        HttpSvAppClient.OnboardValidator(validator, secret, BuildInfo.compiledVersion, contactPoint)
       )
     }
 
   def startSvOnboarding(token: String): Unit =
     consoleEnvironment.run {
-      httpCommand(HttpSvPublicAppClient.StartSvOnboarding(token))
+      httpCommand(HttpSvAppClient.StartSvOnboarding(token))
     }
 
-  def getSvOnboardingStatus(candidate: PartyId): HttpSvPublicAppClient.SvOnboardingStatus =
+  def getSvOnboardingStatus(candidate: PartyId): HttpSvAppClient.SvOnboardingStatus =
     consoleEnvironment.run {
-      httpCommand(HttpSvPublicAppClient.getSvOnboardingStatus(candidate.toProtoPrimitive))
+      httpCommand(HttpSvAppClient.getSvOnboardingStatus(candidate.toProtoPrimitive))
     }
 
-  def getSvOnboardingStatus(candidate: String): HttpSvPublicAppClient.SvOnboardingStatus =
+  def getSvOnboardingStatus(candidate: String): HttpSvAppClient.SvOnboardingStatus =
     consoleEnvironment.run {
-      httpCommand(HttpSvPublicAppClient.getSvOnboardingStatus(candidate))
+      httpCommand(HttpSvAppClient.getSvOnboardingStatus(candidate))
     }
 
   @Help.Summary("Prepare a validator onboarding and return an onboarding secret (via client API)")
   def devNetOnboardValidatorPrepare(): String =
     consoleEnvironment.run {
-      httpCommand(HttpSvPublicAppClient.DevNetOnboardValidatorPrepare())
+      httpCommand(HttpSvAppClient.DevNetOnboardValidatorPrepare())
     }
 
-  def getDsoInfo(): HttpSvPublicAppClient.DsoInfo =
+  def getDsoInfo(): HttpSvAppClient.DsoInfo =
     consoleEnvironment.run {
-      httpCommand(HttpSvPublicAppClient.GetDsoInfo)
+      httpCommand(HttpSvAppClient.GetDsoInfo)
     }
 
   @Help.Summary("Get the CometBFT node status")
   def cometBftNodeStatus(): definitions.CometBftNodeStatusResponse =
     consoleEnvironment.run {
-      httpCommand(HttpSvPublicAppClient.GetCometBftNodeStatus())
+      httpCommand(HttpSvAppClient.GetCometBftNodeStatus())
     }
 
   @Help.Summary("Get the CometBFT node dump")
   def cometBftNodeDebugDump(): definitions.CometBftNodeDumpResponse =
     consoleEnvironment.run {
-      httpCommand(HttpSvOperatorAppClient.GetCometBftNodeDump())
+      httpCommand(HttpSvAdminAppClient.GetCometBftNodeDump())
     }
 
   @Help.Summary("Make a CometBFT Json RPC request")
@@ -109,17 +103,17 @@ abstract class SvAppReference(
       params: Map[String, io.circe.Json] = Map.empty,
   ): definitions.CometBftJsonRpcResponse =
     consoleEnvironment.run {
-      httpCommand(HttpSvPublicAppClient.CometBftJsonRpcRequest(id, method, params))
+      httpCommand(HttpSvAppClient.CometBftJsonRpcRequest(id, method, params))
     }
 
   def onboardSvPartyMigrationAuthorize(
       participantId: ParticipantId,
       candidateParty: PartyId,
-  ): HttpSvPublicAppClient.OnboardSvPartyMigrationAuthorizeResponse =
+  ): HttpSvAppClient.OnboardSvPartyMigrationAuthorizeResponse =
     consoleEnvironment
       .run {
         httpCommand(
-          HttpSvPublicAppClient.OnboardSvPartyMigrationAuthorize(
+          HttpSvAppClient.OnboardSvPartyMigrationAuthorize(
             participantId,
             candidateParty,
           )
@@ -183,7 +177,7 @@ abstract class SvAppReference(
   )(implicit tc: TraceContext): Unit = {
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.CreateVoteRequest(
+        HttpSvAdminAppClient.CreateVoteRequest(
           requester,
           action,
           reasonUrl,
@@ -199,7 +193,7 @@ abstract class SvAppReference(
   def listVoteRequests(): Seq[Contract[VoteRequest.ContractId, VoteRequest]] = {
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.ListVoteRequests
+        HttpSvAdminAppClient.ListVoteRequests
       )
     }
   }
@@ -221,7 +215,7 @@ abstract class SvAppReference(
   ): Contract[VoteRequest.ContractId, VoteRequest] = {
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.LookupVoteRequest(trackingCid)()
+        HttpSvAdminAppClient.LookupVoteRequest(trackingCid)()
       )
     }
   }
@@ -236,7 +230,7 @@ abstract class SvAppReference(
   ): Seq[DsoRules_CloseVoteRequestResult] = {
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.ListVoteRequestResults(
+        HttpSvAdminAppClient.ListVoteRequestResults(
           actionName,
           accepted,
           requester,
@@ -257,7 +251,7 @@ abstract class SvAppReference(
   ): Unit = {
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.CastVote(trackingCid, isAccepted, reasonUrl, reasonDescription)
+        HttpSvAdminAppClient.CastVote(trackingCid, isAccepted, reasonUrl, reasonDescription)
       )
     }
   }
@@ -347,31 +341,31 @@ class SvAppBackendReference(
   def listOngoingValidatorOnboardings(): Seq[ValidatorOnboarding] =
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.ListOngoingValidatorOnboardings
+        HttpSvAdminAppClient.ListOngoingValidatorOnboardings
       )
     }
 
   @Help.Summary("Prepare a validator onboarding and return an onboarding secret (via admin API)")
   def prepareValidatorOnboarding(expiresIn: FiniteDuration, partyHint: Option[String]): String =
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.PrepareValidatorOnboarding(expiresIn, partyHint)
+        HttpSvAdminAppClient.PrepareValidatorOnboarding(expiresIn, partyHint)
       )
     }
 
   @Help.Summary("Update CC price vote (via admin API)")
   def updateAmuletPriceVote(amuletPrice: BigDecimal): Unit =
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.UpdateAmuletPriceVote(amuletPrice)
+        HttpSvAdminAppClient.UpdateAmuletPriceVote(amuletPrice)
       )
     }
 
   @Help.Summary("List CC price vote (via admin API)")
   def listAmuletPriceVotes(): Seq[Contract[cp.AmuletPriceVote.ContractId, cp.AmuletPriceVote]] = {
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.ListAmuletPriceVotes
+        HttpSvAdminAppClient.ListAmuletPriceVotes
       )
     }
   }
@@ -380,27 +374,27 @@ class SvAppBackendReference(
   def listOpenMiningRounds(): Seq[Contract[OpenMiningRound.ContractId, OpenMiningRound]] = {
     consoleEnvironment.run {
       httpCommand(
-        HttpSvOperatorAppClient.ListOpenMiningRounds
+        HttpSvAdminAppClient.ListOpenMiningRounds
       )
     }
   }
 
   @Help.Summary("Get the CometBFT node debug dump")
   def cometBftNodeDump(): definitions.CometBftNodeDumpResponse =
     consoleEnvironment.run {
-      httpCommand(HttpSvOperatorAppClient.GetCometBftNodeDump())
+      httpCommand(HttpSvAdminAppClient.GetCometBftNodeDump())
     }
 
   @Help.Summary("Get the sequencer node status")
   def sequencerNodeStatus(): NodeStatus[SpliceStatus] =
     consoleEnvironment.run {
-      httpCommand(HttpSvOperatorAppClient.GetSequencerNodeStatus())
+      httpCommand(HttpSvAdminAppClient.GetSequencerNodeStatus())
     }
 
   @Help.Summary("Get the mediator node status")
   def mediatorNodeStatus(): NodeStatus[SpliceStatus] =
     consoleEnvironment.run {
-      httpCommand(HttpSvOperatorAppClient.GetMediatorNodeStatus())
+      httpCommand(HttpSvAdminAppClient.GetMediatorNodeStatus())
     }
 
   /** Remote participant this sv app is configured to interact with. */

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/BftScanConnectionIntegrationTest.scala

@@ -113,9 +113,6 @@ class BftScanConnectionIntegrationTest
     )
 
     aliceValidatorBackend.startSync()
-    onboardWalletUser(aliceValidatorWalletClient, aliceValidatorBackend)
-    val walletUserToken =
-      OAuth2BearerToken(aliceValidatorWalletClient.token.valueOrFail("No token found"))
 
     val fakeCid = new TransferInstruction.ContractId("00" + s"01" * 31 + "42")
 
@@ -140,7 +137,11 @@ class BftScanConnectionIntegrationTest
       .getTransferInstructionAcceptContext(
         fakeCid.contractId,
         GetChoiceContextRequest(None),
-        List(Authorization(walletUserToken)),
+        List(
+          Authorization(
+            OAuth2BearerToken(aliceValidatorBackend.token.valueOrFail("No token found"))
+          )
+        ),
       )
       .value
       .futureValue
@@ -162,7 +163,11 @@ class BftScanConnectionIntegrationTest
       walletClient
         .acceptTokenStandardTransfer(
           fakeCid.contractId,
-          List(Authorization(walletUserToken)),
+          List(
+            Authorization(
+              OAuth2BearerToken(aliceValidatorBackend.token.valueOrFail("No token found"))
+            )
+          ),
         )
         .value
         .futureValue

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/ScanIntegrationTest.scala

@@ -32,7 +32,7 @@ import org.lfdecentralizedtrust.splice.integration.tests.SpliceTests.{
 }
 import org.lfdecentralizedtrust.splice.scan.config.BftSequencerConfig
 import org.lfdecentralizedtrust.splice.store.Limit
-import org.lfdecentralizedtrust.splice.sv.admin.api.client.commands.HttpSvPublicAppClient
+import org.lfdecentralizedtrust.splice.sv.admin.api.client.commands.HttpSvAppClient
 import org.lfdecentralizedtrust.splice.sv.automation.delegatebased.{
   AdvanceOpenMiningRoundTrigger,
   ExpireIssuingMiningRoundTrigger,
@@ -111,7 +111,7 @@ class ScanIntegrationTest extends IntegrationTest with WalletTestUtil with TimeT
   "return dso info same as the sv app" in { implicit env =>
     val scan = sv1ScanBackend.getDsoInfo()
     inside(sv1Backend.getDsoInfo()) {
-      case HttpSvPublicAppClient.DsoInfo(
+      case HttpSvAppClient.DsoInfo(
             svUser,
             svParty,
             dsoParty,

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/SvOnboardingAddlIntegrationTest.scala

@@ -11,7 +11,7 @@ import org.lfdecentralizedtrust.splice.sv.util.{SvOnboardingToken, SvUtil}
 import com.digitalasset.canton.sequencing.GrpcSequencerConnection
 
 import scala.jdk.OptionConverters.*
-import org.lfdecentralizedtrust.splice.sv.admin.api.client.commands.HttpSvPublicAppClient.SvOnboardingStatus
+import org.lfdecentralizedtrust.splice.sv.admin.api.client.commands.HttpSvAppClient.SvOnboardingStatus
 import org.lfdecentralizedtrust.splice.util.{SvTestUtil, WalletTestUtil}
 import com.digitalasset.canton.logging.SuppressionRule
 import com.digitalasset.canton.topology.transaction.ParticipantPermission

apps/app/src/test/scala/org/lfdecentralizedtrust/splice/integration/tests/SvOnboardingIntegrationTest.scala

@@ -58,9 +58,7 @@ class SvOnboardingIntegrationTest extends SvIntegrationTestBase {
           .singleRequest(registerGet.withHeaders(tokenHeader(invalidUserToken)))
           .futureValue
         responseForInvalidUser.status should be(StatusCodes.Forbidden)
-        responseForInvalidUser.entity.getContentType().toString should be(
-          "application/json"
-        )
+        responseForInvalidUser.entity.getContentType().toString should be("application/json")
       },
       _.warningMessage should include(
         "Authorization Failed"