zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-14 08:27:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

Daggerize XsrfTokenManager

Browse source 
The one-day validity period is also moved from the caller into XsrfTokenManager.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=147857716
This commit is contained in:
mountford 2017-02-17 11:13:49 -08:00 committed by Ben McIlwain
parent 4a92d97a70
commit 0417f3d3a1
18 changed files with 112 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

5
java/google/registry/loadtest/LoadTestAction.java
View file

@ -146,6 +146,8 @@ public class LoadTestAction implements Runnable {
@Inject
TaskEnqueuer taskEnqueuer;
@Inject XsrfTokenManager xsrfTokenManager;
private final String xmlContactCreateTmpl;
private final String xmlContactCreateFail;
private final String xmlContactInfo;
@ -163,7 +165,7 @@ public class LoadTestAction implements Runnable {
* <p>Note that the email address is set to empty, because the logged-in user hitting this
* endpoint will not be the same as when the tasks themselves fire and hit the epptool endpoint.
*/
private final String xsrfToken = XsrfTokenManager.generateToken("admin", "");
private final String xsrfToken;
@Inject
LoadTestAction(@Parameter("tld") String tld) {
@ -183,6 +185,7 @@ public class LoadTestAction implements Runnable {
xmlHostCreateTmpl = loadXml("host_create");
xmlHostCreateFail = xmlHostCreateTmpl.replace("%host%", EXISTING_HOST);
xmlHostInfo = loadXml("host_info").replace("%host%", EXISTING_HOST);
xsrfToken = xsrfTokenManager.generateToken("admin", "");
}
@Override

1
java/google/registry/module/backend/BUILD
View file

@ -32,6 +32,7 @@ java_library(
"//java/google/registry/request",
"//java/google/registry/request:modules",
"//java/google/registry/request/auth",
"//java/google/registry/security",
"//java/google/registry/tmch",
"//java/google/registry/util",
"@com_google_appengine_api_1_0_sdk",

6
java/google/registry/module/backend/BackendRequestHandler.java
View file

@ -17,6 +17,7 @@ package google.registry.module.backend;
import com.google.appengine.api.users.UserService;
import google.registry.request.RequestHandler;
import google.registry.request.auth.RequestAuthenticator;
import google.registry.security.XsrfTokenManager;
import javax.inject.Inject;
import javax.inject.Provider;
@ -27,7 +28,8 @@ public class BackendRequestHandler
@Inject BackendRequestHandler(
Provider<BackendRequestComponent.Builder> componentBuilderProvider,
UserService userService,
RequestAuthenticator requestAuthenticator) {
super(componentBuilderProvider, userService, requestAuthenticator);
RequestAuthenticator requestAuthenticator,
XsrfTokenManager xsrfTokenManager) {
super(componentBuilderProvider, userService, requestAuthenticator, xsrfTokenManager);
}
}

1
java/google/registry/module/frontend/BUILD
View file

@ -19,6 +19,7 @@ java_library(
"//java/google/registry/request",
"//java/google/registry/request:modules",
"//java/google/registry/request/auth",
"//java/google/registry/security",
"//java/google/registry/ui",
"//java/google/registry/ui/server/registrar",
"//java/google/registry/util",

6
java/google/registry/module/frontend/FrontendRequestHandler.java
View file

@ -17,6 +17,7 @@ package google.registry.module.frontend;
import com.google.appengine.api.users.UserService;
import google.registry.request.RequestHandler;
import google.registry.request.auth.RequestAuthenticator;
import google.registry.security.XsrfTokenManager;
import javax.inject.Inject;
import javax.inject.Provider;
@ -27,7 +28,8 @@ public class FrontendRequestHandler
@Inject FrontendRequestHandler(
Provider<FrontendRequestComponent.Builder> componentBuilderProvider,
UserService userService,
RequestAuthenticator requestAuthenticator) {
super(componentBuilderProvider, userService, requestAuthenticator);
RequestAuthenticator requestAuthenticator,
XsrfTokenManager xsrfTokenManager) {
super(componentBuilderProvider, userService, requestAuthenticator, xsrfTokenManager);
}
}

1
java/google/registry/module/tools/BUILD
View file

@ -21,6 +21,7 @@ java_library(
"//java/google/registry/request",
"//java/google/registry/request:modules",
"//java/google/registry/request/auth",
"//java/google/registry/security",
"//java/google/registry/tools/server",
"//java/google/registry/tools/server/javascrap",
"//java/google/registry/util",

6
java/google/registry/module/tools/ToolsRequestHandler.java
View file

@ -17,6 +17,7 @@ package google.registry.module.tools;
import com.google.appengine.api.users.UserService;
import google.registry.request.RequestHandler;
import google.registry.request.auth.RequestAuthenticator;
import google.registry.security.XsrfTokenManager;
import javax.inject.Inject;
import javax.inject.Provider;
@ -27,7 +28,8 @@ public class ToolsRequestHandler
@Inject ToolsRequestHandler(
Provider<ToolsRequestComponent.Builder> componentBuilderProvider,
UserService userService,
RequestAuthenticator requestAuthenticator) {
super(componentBuilderProvider, userService, requestAuthenticator);
RequestAuthenticator requestAuthenticator,
XsrfTokenManager xsrfTokenManager) {
super(componentBuilderProvider, userService, requestAuthenticator, xsrfTokenManager);
}
}

30
java/google/registry/request/RequestHandler.java
View file

@ -19,7 +19,6 @@ import static com.google.common.base.Strings.nullToEmpty;
import static com.google.common.net.HttpHeaders.LOCATION;
import static com.google.common.net.MediaType.PLAIN_TEXT_UTF_8;
import static google.registry.security.XsrfTokenManager.X_CSRF_TOKEN;
import static google.registry.security.XsrfTokenManager.validateToken;
import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
import static javax.servlet.http.HttpServletResponse.SC_METHOD_NOT_ALLOWED;
import static javax.servlet.http.HttpServletResponse.SC_MOVED_TEMPORARILY;
@ -29,6 +28,7 @@ import com.google.appengine.api.users.UserService;
import com.google.common.base.Optional;
import google.registry.request.auth.AuthResult;
import google.registry.request.auth.RequestAuthenticator;
import google.registry.security.XsrfTokenManager;
import google.registry.util.FormattingLogger;
import google.registry.util.TypeUtils.TypeInstantiator;
import java.io.IOException;
@ -36,7 +36,6 @@ import javax.annotation.Nullable;
import javax.inject.Provider;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.Duration;
/**
* Dagger-based request processor.
@ -74,12 +73,11 @@ public class RequestHandler<C, B extends RequestComponentBuilder<C, B>> {
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
private static final Duration XSRF_VALIDITY = Duration.standardDays(1);
private final Router router;
private final Provider<B> requestComponentBuilderProvider;
private final UserService userService;
private final RequestAuthenticator requestAuthenticator;
private final XsrfTokenManager xsrfTokenManager;
/**
* Constructor for subclasses to create a new request handler for a specific request component.
@ -92,13 +90,16 @@ public class RequestHandler<C, B extends RequestComponentBuilder<C, B>> {
* be used to construct new instances of the request component (with the required
* request-derived modules provided by this class)
* @param userService an instance of the App Engine UserService API
* @param requestAuthenticator an instance of the RequestAuthenticator class
* @param requestAuthenticator an instance of the {@link RequestAuthenticator} class
* @param xsrfTokenManager an instance of the {@link XsrfTokenManager} class
*/
protected RequestHandler(
Provider<B> requestComponentBuilderProvider,
UserService userService,
RequestAuthenticator requestAuthenticator) {
this(null, requestComponentBuilderProvider, userService, requestAuthenticator);
RequestAuthenticator requestAuthenticator,
XsrfTokenManager xsrfTokenManager) {
this(null, requestComponentBuilderProvider, userService, requestAuthenticator,
xsrfTokenManager);
}
/** Creates a new RequestHandler with an explicit component class for test purposes. */
@ -106,19 +107,22 @@ public class RequestHandler<C, B extends RequestComponentBuilder<C, B>> {
Class<C> component,
Provider<B> requestComponentBuilderProvider,
UserService userService,
RequestAuthenticator requestAuthenticator) {
RequestAuthenticator requestAuthenticator,
XsrfTokenManager xsrfTokenManager) {
return new RequestHandler<>(
checkNotNull(component),
requestComponentBuilderProvider,
userService,
requestAuthenticator);
requestAuthenticator,
xsrfTokenManager);
}
private RequestHandler(
@Nullable Class<C> component,
Provider<B> requestComponentBuilderProvider,
UserService userService,
RequestAuthenticator requestAuthenticator) {
RequestAuthenticator requestAuthenticator,
XsrfTokenManager xsrfTokenManager) {
// If the component class isn't explicitly provided, infer it from the class's own typing.
// This is safe only for use by subclasses of RequestHandler where the generic parameter is
// preserved at runtime, so only expose that option via the protected constructor.
@ -127,6 +131,7 @@ public class RequestHandler<C, B extends RequestComponentBuilder<C, B>> {
this.requestComponentBuilderProvider = checkNotNull(requestComponentBuilderProvider);
this.userService = checkNotNull(userService);
this.requestAuthenticator = checkNotNull(requestAuthenticator);
this.xsrfTokenManager = checkNotNull(xsrfTokenManager);
}
/** Runs the appropriate action for a servlet request. */
@ -160,10 +165,9 @@ public class RequestHandler<C, B extends RequestComponentBuilder<C, B>> {
return;
}
if (route.get().shouldXsrfProtect(method)
&& !validateToken(
&& !xsrfTokenManager.validateToken(
nullToEmpty(req.getHeader(X_CSRF_TOKEN)),
route.get().action().xsrfScope(),
XSRF_VALIDITY)) {
route.get().action().xsrfScope())) {
rsp.sendError(SC_FORBIDDEN, "Invalid " + X_CSRF_TOKEN);
return;
}

1
java/google/registry/security/BUILD
View file

@ -18,6 +18,7 @@ java_library(
"@com_google_code_findbugs_jsr305",
"@com_google_guava",
"@com_googlecode_json_simple",
"@javax_inject",
"@javax_servlet_api",
"@joda_time",
],

31
java/google/registry/security/XsrfTokenManager.java
View file

@ -14,7 +14,6 @@
package google.registry.security;
import static com.google.appengine.api.users.UserServiceFactory.getUserService;
import static com.google.common.io.BaseEncoding.base64Url;
import static google.registry.model.server.ServerSecret.getServerSecret;
import static java.nio.charset.StandardCharsets.UTF_8;
@ -25,9 +24,8 @@ import com.google.common.base.Splitter;
import com.google.common.hash.Hashing;
import google.registry.util.Clock;
import google.registry.util.FormattingLogger;
import google.registry.util.NonFinalForTesting;
import google.registry.util.SystemClock;
import java.util.List;
import javax.inject.Inject;
import org.joda.time.DateTime;
import org.joda.time.Duration;
@ -37,10 +35,18 @@ public final class XsrfTokenManager {
/** HTTP header used for transmitting XSRF tokens. */
public static final String X_CSRF_TOKEN = "X-CSRF-Token";
private static final Duration XSRF_VALIDITY = Duration.standardDays(1);
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
@NonFinalForTesting
private static Clock clock = new SystemClock();
private final Clock clock;
private final UserService userService;
@Inject
public XsrfTokenManager(Clock clock, UserService userService) {
this.clock = clock;
this.userService = userService;
}
private static String encodeToken(long creationTime, String scope, String userEmail) {
String token = Joiner.on('\t').join(getServerSecret(), userEmail, scope, creationTime);
@ -58,23 +64,22 @@ public final class XsrfTokenManager {
* any callback that doesn't have a user shouldn't be able to access any per-user resources
* anyways.
*/
public static String generateToken(String scope) {
public String generateToken(String scope) {
return generateToken(scope, getLoggedInEmailOrEmpty());
}
/** Generate an xsrf token for a given scope and user. */
public static String generateToken(String scope, String email) {
public String generateToken(String scope, String email) {
long now = clock.nowUtc().getMillis();
return Joiner.on(':').join(encodeToken(now, scope, email), now);
}
private static String getLoggedInEmailOrEmpty() {
UserService userService = getUserService();
private String getLoggedInEmailOrEmpty() {
return userService.isUserLoggedIn() ? userService.getCurrentUser().getEmail() : "";
}
/** Validate an xsrf token, given the scope it was used for and an expiration duration. */
public static boolean validateToken(String token, String scope, Duration validLifetime) {
/** Validate an xsrf token, given the scope it was used for. */
public boolean validateToken(String token, String scope) {
List<String> tokenParts = Splitter.on(':').splitToList(token);
if (tokenParts.size() != 2) {
logger.warningfmt("Malformed XSRF token: %s", token);
@ -89,7 +94,7 @@ public final class XsrfTokenManager {
logger.warningfmt("Bad timestamp in XSRF token: %s", token);
return false;
}
if (new DateTime(creationTime).plus(validLifetime).isBefore(clock.nowUtc())) {
if (new DateTime(creationTime).plus(XSRF_VALIDITY).isBefore(clock.nowUtc())) {
logger.infofmt("Expired timestamp in XSRF token: %s", token);
return false;
}
@ -100,6 +105,4 @@ public final class XsrfTokenManager {
}
return true;
}
private XsrfTokenManager() {}
}

3
java/google/registry/tools/AppEngineConnection.java
View file

@ -52,6 +52,7 @@ class AppEngineConnection implements Connection {
@Inject HttpRequestFactory requestFactory;
@Inject AppEngineConnectionFlags flags;
@Inject XsrfTokenManager xsrfTokenManager;
@Inject
AppEngineConnection() {}
@ -65,7 +66,7 @@ class AppEngineConnection implements Connection {
memoize(new Supplier<String>() {
@Override
public String get() {
return XsrfTokenManager.generateToken("admin", getUserId());
return xsrfTokenManager.generateToken("admin", getUserId());
}});
@Override

2
java/google/registry/tools/RegistryToolComponent.java
View file

@ -24,6 +24,7 @@ import google.registry.keyring.api.KeyModule;
import google.registry.request.Modules.DatastoreServiceModule;
import google.registry.request.Modules.Jackson2Module;
import google.registry.request.Modules.URLFetchServiceModule;
import google.registry.request.Modules.UserServiceModule;
import google.registry.util.SystemClock.SystemClockModule;
import google.registry.util.SystemSleeper.SystemSleeperModule;
import google.registry.whois.WhoisModule;
@ -54,6 +55,7 @@ import javax.inject.Singleton;
SystemClockModule.class,
SystemSleeperModule.class,
URLFetchServiceModule.class,
UserServiceModule.class,
VoidDnsWriterModule.class,
WhoisModule.class,
}

3
java/google/registry/ui/server/registrar/ConsoleUiAction.java
View file

@ -58,6 +58,7 @@ public final class ConsoleUiAction implements Runnable {
@Inject Response response;
@Inject SessionUtils sessionUtils;
@Inject UserService userService;
@Inject XsrfTokenManager xsrfTokenManager;
@Inject @Config("logoFilename") String logoFilename;
@Inject @Config("productName") String productName;
@Inject @Config("integrationEmail") String integrationEmail;
@ -104,7 +105,7 @@ public final class ConsoleUiAction implements Runnable {
return;
}
Registrar registrar = Registrar.loadByClientId(sessionUtils.getRegistrarClientId(req));
data.put("xsrfToken", XsrfTokenManager.generateToken(EppConsoleAction.XSRF_SCOPE));
data.put("xsrfToken", xsrfTokenManager.generateToken(EppConsoleAction.XSRF_SCOPE));
data.put("clientId", registrar.getClientId());
data.put("showPaymentLink", registrar.getBillingMethod() == Registrar.BillingMethod.BRAINTREE);