Require abuse WHOIS contact when adding TLDs from web

We do not enforce this for non-REAL registrars or in any environment other than UNITTEST or PRODUCTION. This is similar but separate to [] since we can add allowed TLDs in either location. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=239602978
2025-05-13 16:07:15 +02:00 · 2019-03-21 08:48:55 -07:00 · 2019-03-21 08:48:55 -07:00 · 06adc9739a
commit 06adc9739a
parent 7ff6667bdf
3 changed files with 39 additions and 4 deletions
--- a/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java
+++ b/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java
@ -22,6 +22,7 @@ import static google.registry.export.sheet.SyncRegistrarsSheetAction.enqueueRegi
 import static google.registry.model.ofy.ObjectifyService.ofy;
 import static google.registry.security.JsonResponseHelper.Status.ERROR;
 import static google.registry.security.JsonResponseHelper.Status.SUCCESS;
+import static google.registry.util.PreconditionsUtils.checkArgumentPresent;

 import com.google.auto.value.AutoValue;
 import com.google.common.base.Ascii;
@ -330,6 +331,16 @@ public class RegistrarSettingsAction implements Runnable, JsonActionRunner.JsonA
    if (!Sets.difference(initialRegistrar.getAllowedTlds(), updatedAllowedTlds).isEmpty()) {
      throw new ForbiddenException("Can't remove allowed TLDs using the console.");
    }
+    if (!Sets.difference(updatedAllowedTlds, initialRegistrar.getAllowedTlds()).isEmpty()) {
+      // If a REAL registrar isn't in compliance with regards to having an abuse contact set,
+      // prevent addition of allowed TLDs until that's fixed.
+      if (Registrar.Type.REAL.equals(initialRegistrar.getType())
+          && RegistryEnvironment.PRODUCTION.equals(registryEnvironment)) {
+        checkArgumentPresent(
+            initialRegistrar.getWhoisAbuseContact(),
+            "Cannot add allowed TLDs if there is no WHOIS abuse contact set.");
+      }
+    }
    builder.setAllowedTlds(updatedAllowedTlds);
    return checkNotChangedUnlessAllowed(builder, initialRegistrar, Role.ADMIN);
  }
--- a/javatests/google/registry/model/registrar/RegistrarTest.java
+++ b/javatests/google/registry/model/registrar/RegistrarTest.java
@ -467,7 +467,7 @@ public class RegistrarTest extends EntityTestCase {
      // Make sure the TLD we want to create doesn't exist yet.
      // This is also important because getTlds fills out the cache when used.
      assertThat(Registries.getTlds()).doesNotContain("newtld");
-      // We can't use createTld here because it failes when the cache is used.
+      // We can't use createTld here because it fails when the cache is used.
      persistResource(newRegistry("newtld", "NEWTLD"));
      // Make sure we set up the cache correctly, so the newly created TLD isn't in the cache
      assertThat(Registries.getTlds()).doesNotContain("newtld");
--- a/javatests/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java
+++ b/javatests/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java
@ -30,6 +30,7 @@ import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSetMultimap;
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
+import google.registry.config.RegistryEnvironment;
 import google.registry.export.sheet.SyncRegistrarsSheetAction;
 import google.registry.model.registrar.Registrar;
 import google.registry.request.auth.AuthenticatedRegistrarAccessor;
@ -245,7 +246,7 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase
   * Makes sure a field update succeeds IF AND ONLY IF we have the "correct" role.
   *
   * Each of the Registrar fields can be changed only by a single {@link Role}. We make sure that
-   * trying to update the field works if the user has the "correct" role, but failes if it doesn't.
+   * trying to update the field works if the user has the "correct" role, but fails if it doesn't.
   */
  private <T> void doTestUpdate(
      Role correctRole,
@ -253,7 +254,7 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase
      T newValue,
      BiFunction<Registrar.Builder, T, Registrar.Builder> setter) {
    doTestUpdateWithCorrectRole_succeeds(correctRole, getter, newValue, setter);
-    doTestUpdateWithoutCorrectRole_failes(correctRole, getter, newValue, setter);
+    doTestUpdateWithoutCorrectRole_fails(correctRole, getter, newValue, setter);
  }

  private <T> void doTestUpdateWithCorrectRole_succeeds(
@ -293,7 +294,7 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase
    assertMetric(CLIENT_ID, "update", String.format("[%s]", role), "SUCCESS");
  }

-  private <T> void doTestUpdateWithoutCorrectRole_failes(
+  private <T> void doTestUpdateWithoutCorrectRole_fails(
      Role correctRole,
      Function<Registrar, T> getter,
      T newValue,
@ -405,6 +406,29 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase
        (builder, s) -> builder.setAllowedTlds(s));
  }

+  @Test
+  public void testUpdate_allowedTlds_failedWhenNoWhoisAbuseContactExists() {
+    setUserAdmin();
+    action.registryEnvironment = RegistryEnvironment.PRODUCTION;
+    Map<String, Object> args = Maps.newHashMap(loadRegistrar(CLIENT_ID).toJsonMap());
+    args.put("allowedTlds", ImmutableList.of("newtld", "currenttld"));
+
+    Map<String, Object> response =
+        action.handleJsonRequest(
+            ImmutableMap.of(
+                "op", "update",
+                "id", CLIENT_ID,
+                "args", args));
+
+    assertThat(response)
+        .containsExactly(
+            "status", "ERROR",
+            "results", ImmutableList.of(),
+            "message", "Cannot add allowed TLDs if there is no WHOIS abuse contact set.");
+    assertMetric(CLIENT_ID, "update", "[ADMIN]", "ERROR: IllegalArgumentException");
+    assertNoTasksEnqueued("sheet");
+  }
+
  @Test
  public void testUpdate_allowedTlds_failedWhenTldNotExist() {
    setUserAdmin();