Remove tecINVALID_DOMAIN error code

Also remove superflous checks in CredentialHelpers
2025-11-20 11:05:54 +00:00 · 2025-03-26 17:07:49 +00:00
parent f5042df72b
commit dee06df012
6 changed files with 17 additions and 19 deletions
--- a/include/xrpl/protocol/TER.h
+++ b/include/xrpl/protocol/TER.h
@@ -346,8 +346,7 @@ enum TECcodes : TERUnderlyingType {
    tecBAD_CREDENTIALS = 193,
    tecWRONG_ASSET = 194,
    tecLIMIT_EXCEEDED = 195,
-    tecINVALID_DOMAIN = 196,
-    tecPSEUDO_ACCOUNT = 197,
+    tecPSEUDO_ACCOUNT = 196,
 };

 //------------------------------------------------------------------------------
--- a/src/libxrpl/protocol/TER.cpp
+++ b/src/libxrpl/protocol/TER.cpp
@@ -125,7 +125,6 @@ transResults()
        MAKE_ERROR(tecBAD_CREDENTIALS,               "Bad credentials."),
        MAKE_ERROR(tecWRONG_ASSET,                   "Wrong asset given."),
        MAKE_ERROR(tecLIMIT_EXCEEDED,                "Limit exceeded."),
-        MAKE_ERROR(tecINVALID_DOMAIN,                "Invalid permissioned domain."),
        MAKE_ERROR(tecPSEUDO_ACCOUNT,                "This operation is not allowed against a pseudo-account."),

        MAKE_ERROR(tefALREADY,                     "The exact transaction was already in this ledger."),
--- a/src/test/app/Vault_test.cpp
+++ b/src/test/app/Vault_test.cpp
@@ -179,10 +179,10 @@ class Vault_test : public beast::unit_test::suite
            }

            {
-                testcase(prefix + " fail to set nonexistent domain");
+                testcase(prefix + " fail to set domain on public vault");
                auto tx = vault.set({.owner = owner, .id = keylet.key});
                tx[sfDomainID] = to_string(base_uint<256>(42ul));
-                env(tx, ter(tecINVALID_DOMAIN));
+                env(tx, ter{tecNO_PERMISSION});
            }

            {
@@ -837,6 +837,13 @@ class Vault_test : public beast::unit_test::suite
            env(tx, ter{tecNO_AUTH});
        }

+        {
+            testcase("private vault cannot set non-existing domain");
+            auto tx = vault.set({.owner = owner, .id = keylet.key});
+            tx[sfDomainID] = to_string(base_uint<256>(42ul));
+            env(tx, ter{tecOBJECT_NOT_FOUND});
+        }
+
        {
            testcase("private vault set domainId");

--- a/src/xrpld/app/misc/CredentialHelpers.cpp
+++ b/src/xrpld/app/misc/CredentialHelpers.cpp
@@ -20,6 +20,7 @@
 #include <xrpld/app/misc/CredentialHelpers.h>
 #include <xrpld/ledger/View.h>

+#include <xrpl/protocol/TER.h>
 #include <xrpl/protocol/digest.h>

 #include <unordered_set>
@@ -190,17 +191,12 @@ validDomain(ReadView const& view, uint256 domainID, AccountID const& subject)
    // Note, permissioned domain objects can be deleted at any time
    auto const slePD = view.read(keylet::permissionedDomain(domainID));
    if (!slePD)
-        return tecINVALID_DOMAIN;
-    else if (!slePD->isFieldPresent(sfAcceptedCredentials))
-        return tefINTERNAL;
+        return tecOBJECT_NOT_FOUND;

    auto const closeTime = view.info().parentCloseTime;
    bool foundExpired = false;
    for (auto const& h : slePD->getFieldArray(sfAcceptedCredentials))
    {
-        if (!h.isFieldPresent(sfIssuer) || !h.isFieldPresent(sfCredentialType))
-            return tefINTERNAL;
-
        auto const issuer = h.getAccountID(sfIssuer);
        auto const type = h.getFieldVL(sfCredentialType);
        auto const keyletCredential =
@@ -324,17 +320,14 @@ verifyValidDomain(
    beast::Journal j)
 {
    auto const slePD = view.read(keylet::permissionedDomain(domainID));
-    if (!slePD || !slePD->isFieldPresent(sfAcceptedCredentials))
-        return tefINTERNAL;
+    if (!slePD)
+        return tecOBJECT_NOT_FOUND;

    // Collect all matching credentials on a side, so we can remove expired ones
    // We may finish the loop with this collection empty, it's fine.
    STVector256 credentials;
    for (auto const& h : slePD->getFieldArray(sfAcceptedCredentials))
    {
-        if (!h.isFieldPresent(sfIssuer) || !h.isFieldPresent(sfCredentialType))
-            return tefINTERNAL;
-
        auto const issuer = h.getAccountID(sfIssuer);
        auto const type = h.getFieldVL(sfCredentialType);
        auto const keyletCredential =
--- a/src/xrpld/app/tx/detail/VaultSet.cpp
+++ b/src/xrpld/app/tx/detail/VaultSet.cpp
@@ -95,12 +95,12 @@ VaultSet::preclaim(PreclaimContext const& ctx)
    {
        // We can only set domain if private flag was originally set
        if ((vault->getFlags() & tfVaultPrivate) == 0)
-            return tecINVALID_DOMAIN;
+            return tecNO_PERMISSION;

        auto const sleDomain =
            ctx.view.read(keylet::permissionedDomain(*domain));
        if (!sleDomain)
-            return tecNO_ENTRY;
+            return tecOBJECT_NOT_FOUND;

        // Sanity check only, this should be enforced by VaultCreate
        if ((sleIssuance->getFlags() & lsfMPTRequireAuth) == 0)
--- a/src/xrpld/ledger/detail/View.cpp
+++ b/src/xrpld/ledger/detail/View.cpp
@@ -2238,7 +2238,7 @@ requireAuth(
        return tesSUCCESS;
    }

-    // err = tefINTERNAL | tecINVALID_DOMAIN | tecNO_AUTH | tecEXPIRED
+    // err = tefINTERNAL | tecOBJECT_NOT_FOUND | tecNO_AUTH | tecEXPIRED
    if (auto const err =
            credentials::validDomain(view, *maybeDomainID, account);
        !isTesSuccess(err))