fix(authz)!: prunning: unable to execute authorization

CHANGELOG.md

@@ -177,6 +177,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
   ibc-denom.
 * [\#10593](https://github.com/cosmos/cosmos-sdk/pull/10593) Update swagger-ui to v4.1.0 to fix xss vulnerability.
 * [\#10674](https://github.com/cosmos/cosmos-sdk/pull/10674) Fix issue with `Error.Wrap` and `Error.Wrapf` usage with `errors.Is`.
+* (x/authz) [\#10633](https://github.com/cosmos/cosmos-sdk/pull/10633) Fixed authorization not found error when executing message
 
 ### State Machine Breaking
 

x/authz/client/testutil/tx.go

@@ -548,7 +548,7 @@ func (s *IntegrationTestSuite) TestExecAuthorizationWithExpiration() {
 		fmt.Sprintf("--%s=true", flags.FlagSkipConfirmation),
 	})
 	s.Require().NoError(err)
-	s.Require().Contains(res.String(), "authorization not found")
+	s.Require().Contains(res.String(), "authorization expired")
 }
 
 func (s *IntegrationTestSuite) TestNewExecGenericAuthorized() {

x/authz/keeper/grpc_query.go

@@ -33,29 +33,35 @@ func (k Keeper) Grants(c context.Context, req *authz.QueryGrantsRequest) (*authz
 	if err != nil {
 		return nil, err
 	}
-	ctx := sdk.UnwrapSDKContext(c)
-
-	store := ctx.KVStore(k.storeKey)
-	key := grantStoreKey(grantee, granter, "")
-	authStore := prefix.NewStore(store, key)
 
+	ctx := sdk.UnwrapSDKContext(c)
 	if req.MsgTypeUrl != "" {
-		authorization, expiration := k.GetCleanAuthorization(ctx, grantee, granter, req.MsgTypeUrl)
-		if authorization == nil {
+		grant, found := k.getGrant(ctx, grantStoreKey(grantee, granter, req.MsgTypeUrl))
+		if !found {
 			return nil, status.Errorf(codes.NotFound, "no authorization found for %s type", req.MsgTypeUrl)
 		}
+
+		authorization, err := getAuthorization(grant)
+		if err != nil {
+			return nil, err
+		}
+
 		authorizationAny, err := codectypes.NewAnyWithValue(authorization)
 		if err != nil {
 			return nil, status.Errorf(codes.Internal, err.Error())
 		}
 		return &authz.QueryGrantsResponse{
 			Grants: []*authz.Grant{{
 				Authorization: authorizationAny,
-				Expiration:    expiration,
+				Expiration:    grant.Expiration,
 			}},
 		}, nil
 	}
 
+	store := ctx.KVStore(k.storeKey)
+	key := grantStoreKey(grantee, granter, "")
+	authStore := prefix.NewStore(store, key)
+
 	var authorizations []*authz.Grant
 	pageRes, err := query.FilteredPaginate(authStore, req.Pagination, func(key []byte, value []byte, accumulate bool) (bool, error) {
 		auth, err := unmarshalAuthorization(k.cdc, value)

x/authz/keeper/keeper.go

@@ -87,10 +87,20 @@ func (k Keeper) DispatchActions(ctx sdk.Context, grantee sdk.AccAddress, msgs []
 
 		// if granter != grantee then check authorization.Accept, otherwise we implicitly accept.
 		if !granter.Equals(grantee) {
-			authorization, _ := k.GetCleanAuthorization(ctx, grantee, granter, sdk.MsgTypeURL(msg))
-			if authorization == nil {
+			grant, found := k.getGrant(ctx, grantStoreKey(grantee, granter, sdk.MsgTypeURL(msg)))
+			if !found {
 				return nil, sdkerrors.ErrUnauthorized.Wrap("authorization not found")
 			}
+
+			if grant.Expiration.Before(ctx.BlockHeader().Time) {
+				return nil, sdkerrors.ErrUnauthorized.Wrap("authorization expired")
+			}
+
+			authorization, err := getAuthorization(grant)
+			if err != nil {
+				return nil, err
+			}
+
 			resp, err := authorization.Accept(ctx, msg)
 			if err != nil {
 				return nil, err
@@ -183,22 +193,6 @@ func (k Keeper) GetAuthorizations(ctx sdk.Context, grantee sdk.AccAddress, grant
 	return authorizations
 }
 
-// GetCleanAuthorization returns an `Authorization` and it's expiration time for
-// (grantee, granter, message name) grant. If there is no grant `nil` is returned.
-// If the grant is expired, the grant is revoked, removed from the storage, and `nil` is returned.
-func (k Keeper) GetCleanAuthorization(ctx sdk.Context, grantee sdk.AccAddress, granter sdk.AccAddress, msgType string) (cap authz.Authorization, expiration time.Time) {
-	grant, found := k.getGrant(ctx, grantStoreKey(grantee, granter, msgType))
-	if !found {
-		return nil, time.Time{}
-	}
-	if grant.Expiration.Before(ctx.BlockHeader().Time) {
-		k.DeleteGrant(ctx, grantee, granter, msgType)
-		return nil, time.Time{}
-	}
-
-	return grant.GetAuthorization(), grant.Expiration
-}
-
 // IterateGrants iterates over all authorization grants
 // This function should be used with caution because it can involve significant IO operations.
 // It should not be used in query or msg services without charging additional gas.
@@ -256,3 +250,12 @@ func (k Keeper) InitGenesis(ctx sdk.Context, data *authz.GenesisState) {
 		}
 	}
 }
+
+func getAuthorization(g authz.Grant) (authz.Authorization, error) {
+	a, ok := g.Authorization.GetCachedValue().(authz.Authorization)
+	if !ok {
+		return nil, sdkerrors.ErrInvalidType.Wrapf("expected %T, got %T", (authz.Authorization)(nil), g.Authorization.GetCachedValue())
+	}
+
+	return a, nil
+}