Return kUndefinedNodeId if get the NodeID from a group or PASE session.

Author: yufengwangca

src/app/clusters/commissioner-control-server/commissioner-control-server.cpp

@@ -38,6 +38,32 @@ using chip::Protocols::InteractionModel::Status;
 
 namespace {
 
+NodeId getNodeId(const app::CommandHandler * commandObj)
+{
+    if (nullptr == commandObj || nullptr == commandObj->GetExchangeContext())
+    {
+        ChipLogError(Zcl, "Cannot access ExchangeContext of Command Object for Node ID");
+        return kUndefinedNodeId;
+    }
+
+    if (!commandObj->GetExchangeContext()->HasSessionHandle())
+    {
+        ChipLogError(Zcl, "Cannot access session of Command Object for Node ID");
+        return kUndefinedNodeId;
+    }
+
+    auto descriptor = commandObj->GetExchangeContext()->GetSessionHandle()->GetSubjectDescriptor();
+
+    // Return kUndefinedNodeId if get the NodeID from a group or PASE session.
+    if (descriptor.authMode != Access::AuthMode::kCase)
+    {
+        ChipLogError(Zcl, "Cannot get Node ID from non-CASE session of Command Object");
+        return kUndefinedNodeId;
+    }
+
+    return descriptor.subject;
+}
+
 void AddReverseOpenCommissioningWindowResponse(CommandHandler * commandObj, const ConcreteCommandPath & path,
                                                const Clusters::CommissionerControl::CommissioningWindowParams & params)
 {
@@ -147,8 +173,7 @@ bool emberAfCommissionerControlClusterRequestCommissioningApprovalCallback(
 
     ChipLogProgress(Zcl, "Received command to request commissioning approval");
 
-    auto descriptor   = commandObj->GetSubjectDescriptor();
-    auto sourceNodeId = descriptor.subject;
+    auto sourceNodeId = getNodeId(commandObj);
     auto fabricIndex  = commandObj->GetAccessingFabricIndex();
     auto requestId    = commandData.requestId;
     auto vendorId     = commandData.vendorId;
@@ -194,8 +219,7 @@ bool emberAfCommissionerControlClusterCommissionNodeCallback(
 
     ChipLogProgress(Zcl, "Received command to commission node");
 
-    auto descriptor   = commandObj->GetSubjectDescriptor();
-    auto sourceNodeId = descriptor.subject;
+    auto sourceNodeId = getNodeId(commandObj);
     auto requestId    = commandData.requestId;
 
     auto info       = std::make_unique<Clusters::CommissionerControl::CommissionNodeInfo>();
@@ -209,8 +233,8 @@ bool emberAfCommissionerControlClusterCommissionNodeCallback(
     VerifyOrExit(delegate != nullptr, err = CHIP_ERROR_INCORRECT_STATE);
 
     // Handle commissioning approval request, the ipAddress assigned from commandData need to be stored in
-    // CommissionerControl::Delegate which ensure that the backing buffer of ipAddress has a valid lifespan until the deferred task
-    // is executed.
+    // CommissionerControl::Delegate which ensure that the backing buffer of ipAddress has a valid lifespan
+    // until the deferred task is executed.
     err = delegate->ValidateCommissionNodeCommand(sourceNodeId, requestId, info->params);
     SuccessOrExit(err == CHIP_NO_ERROR);
 

src/app/clusters/commissioner-control-server/commissioner-control-server.h

@@ -53,13 +53,55 @@ struct CommissionNodeInfo
 class Delegate
 {
 public:
-    // Command Delegates
+    /**
+     * @brief Handle a commissioning approval request.
+     *
+     * This command is sent by a client to request approval for a future CommissionNode call.
+     * The server SHALL always return SUCCESS to a correctly formatted RequestCommissioningApproval
+     * command, and then send a CommissioningRequestResult event once the result is ready.
+     *
+     * @param request The commissioning approval request to handle.
+     * @return CHIP_ERROR indicating the success or failure of the operation.
+     */
     virtual CHIP_ERROR HandleCommissioningApprovalRequest(const CommissioningApprovalRequest & request) = 0;
+
+    /**
+     * @brief Validate a commission node command.
+     *
+     * This command is sent by a client to request that the server begins commissioning a previously
+     * approved request.
+     *
+     * The server SHALL return FAILURE if the CommissionNode command is not sent from the same
+     * NodeId as the RequestCommissioningApproval or if the provided RequestId to CommissionNode
+     * does not match the value provided to RequestCommissioningApproval.
+     *
+     * The validation SHALL fail if the client Node ID is kUndefinedNodeId, such as getting the NodeID from
+     * a group or PASE session.
+     *
+     * @param clientNodeId The NodeId of the client.
+     * @param requestId The request ID to validate.
+     * @param outParams Parameters to be used in the commissioning window.
+     * @return CHIP_ERROR indicating the success or failure of the operation.
+     */
     virtual CHIP_ERROR ValidateCommissionNodeCommand(NodeId clientNodeId, uint64_t requestId,
-                                                     CommissioningWindowParams & outParams)             = 0;
+                                                     CommissioningWindowParams & outParams) = 0;
+
+    /**
+     * @brief Reverse the commission node process.
+     *
+     * When received within the timeout specified by CommissionNode, the client SHALL open a
+     * commissioning window on the node which the client called RequestCommissioningApproval to
+     * have commissioned.
+     *
+     * @param params The parameters for the commissioning window.
+     * @param ipAddress Optional IP address for the commissioning window.
+     * @param port Optional port for the commissioning window.
+     * @return CHIP_ERROR indicating the success or failure of the operation.
+     */
     virtual CHIP_ERROR ReverseCommissionNode(const CommissioningWindowParams & params, const Optional<ByteSpan> & ipAddress,
-                                             const Optional<uint16_t> & port)                           = 0;
-    virtual ~Delegate()                                                                                 = default;
+                                             const Optional<uint16_t> & port) = 0;
+
+    virtual ~Delegate() = default;
 };
 
 class CommissionerControlServer