Check for an empty/null allocation token (#489)

* Check for an empty/null allocation token In addition, we should be returning an authorization exception for an invalid token, not a parameter syntax exception. See https://tools.ietf.org/html/draft-ietf-regext-allocation-token-04#section-2.1 * Add comment
2025-07-09 04:33:28 +02:00 · 2020-02-20 15:50:10 -05:00 · 2020-02-20 15:50:10 -05:00 · 05ed4fd849
commit 05ed4fd849
parent ecf1721755
3 changed files with 26 additions and 3 deletions
--- a/core/src/test/java/google/registry/flows/domain/token/AllocationTokenFlowUtilsTest.java
+++ b/core/src/test/java/google/registry/flows/domain/token/AllocationTokenFlowUtilsTest.java
@ -90,6 +90,22 @@ public class AllocationTokenFlowUtilsTest extends ShardableTestCase {
    assertValidateThrowsEppException(InvalidAllocationTokenException.class);
  }

+  @Test
+  public void test_validateToken_failsOnNullToken() {
+    assertAboutEppExceptions()
+        .that(
+            assertThrows(
+                InvalidAllocationTokenException.class,
+                () ->
+                    flowUtils.loadTokenAndValidateDomainCreate(
+                        createCommand("blah.tld"),
+                        null,
+                        Registry.get("tld"),
+                        "TheRegistrar",
+                        DateTime.now(UTC))))
+        .marshalsToXml();
+  }
+
  @Test
  public void test_validateToken_callsCustomLogic() {
    AllocationTokenFlowUtils failingFlowUtils =