feat: do not allow set anonnymous for controllers

Signed-off-by: David Dal Busco <[email protected]>

src/mission_control/src/controllers/mission_control.rs

@@ -2,7 +2,9 @@ use crate::controllers::store::{delete_controllers, get_admin_controllers, set_c
 use crate::store::get_user;
 use ic_cdk::id;
 use shared::constants::MAX_NUMBER_OF_MISSION_CONTROL_CONTROLLERS;
-use shared::controllers::{assert_max_number_of_controllers, into_controller_ids};
+use shared::controllers::{
+    assert_max_number_of_controllers, assert_no_anonymous_controller, into_controller_ids,
+};
 use shared::ic::update_canister_controllers;
 use shared::types::interface::SetController;
 use shared::types::state::{ControllerId, ControllerScope, Controllers};
@@ -22,6 +24,8 @@ pub async fn set_mission_control_controllers(
         }
     }
 
+    assert_no_anonymous_controller(controllers)?;
+
     set_controllers(controllers, controller);
 
     // We update the IC controllers because it is possible that an existing controller was updated.

src/orbiter/src/lib.rs

@@ -41,7 +41,9 @@ use ic_stable_structures::writer::Writer;
 #[allow(unused)]
 use ic_stable_structures::Memory as _;
 use shared::constants::MAX_NUMBER_OF_SATELLITE_CONTROLLERS;
-use shared::controllers::{assert_max_number_of_controllers, init_controllers};
+use shared::controllers::{
+    assert_max_number_of_controllers, assert_no_anonymous_controller, init_controllers,
+};
 use shared::types::interface::{DeleteControllersArgs, SegmentArgs, SetControllersArgs};
 use shared::types::state::{ControllerScope, Controllers, SatelliteId};
 use std::mem;
@@ -219,6 +221,8 @@ fn set_controllers(
         }
     }
 
+    assert_no_anonymous_controller(&controllers).unwrap_or_else(|e| trap(&e));
+
     set_controllers_store(&controllers, &controller);
     get_controllers()
 }

src/satellite/src/lib.rs

@@ -58,7 +58,9 @@ use ic_stable_structures::writer::Writer;
 #[allow(unused)]
 use ic_stable_structures::Memory as _;
 use shared::constants::MAX_NUMBER_OF_SATELLITE_CONTROLLERS;
-use shared::controllers::{assert_max_number_of_controllers, init_controllers};
+use shared::controllers::{
+    assert_max_number_of_controllers, assert_no_anonymous_controller, init_controllers,
+};
 use shared::types::interface::{DeleteControllersArgs, SegmentArgs, SetControllersArgs};
 use shared::types::state::{ControllerScope, Controllers};
 use std::mem;
@@ -233,6 +235,8 @@ fn set_controllers(
         }
     }
 
+    assert_no_anonymous_controller(&controllers).unwrap_or_else(|e| trap(&e));
+
     set_controllers_store(&controllers, &controller);
     get_controllers()
 }

src/shared/src/controllers.rs

@@ -1,7 +1,7 @@
 use crate::env::{CONSOLE, OBSERVATORY};
 use crate::types::interface::SetController;
 use crate::types::state::{Controller, ControllerId, ControllerScope, Controllers, UserId};
-use crate::utils::{principal_equal, principal_not_anonymous};
+use crate::utils::{principal_anonymous, principal_equal, principal_not_anonymous};
 use candid::Principal;
 use ic_cdk::api::time;
 use std::collections::HashMap;
@@ -102,6 +102,17 @@ pub fn assert_max_number_of_controllers(
     Ok(())
 }
 
+pub fn assert_no_anonymous_controller(controllers_ids: &[ControllerId]) -> Result<(), String> {
+    let has_anonymous = controllers_ids
+        .iter()
+        .any(|controller_id| principal_anonymous(controller_id.clone()));
+
+    match has_anonymous {
+        true => Err("Anonymous controller not allowed.".to_string()),
+        false => Ok(()),
+    }
+}
+
 pub fn caller_is_console(caller: UserId) -> bool {
     let console = Principal::from_text(CONSOLE).unwrap();
 

src/shared/src/utils.rs

@@ -13,6 +13,10 @@ pub fn principal_not_anonymous(p: Principal) -> bool {
     principal_not_equal(p, Principal::anonymous())
 }
 
+pub fn principal_anonymous(p: Principal) -> bool {
+    principal_equal(p, Principal::anonymous())
+}
+
 pub fn account_identifier_equal(x: AccountIdentifier, y: AccountIdentifier) -> bool {
     x == y
 }