Handle LRP tokens in flows

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=130679951

javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java

@@ -39,10 +39,12 @@ import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSortedMap;
+import com.googlecode.objectify.Key;
 import google.registry.flows.EppException.UnimplementedExtensionException;
 import google.registry.flows.ResourceCreateFlow.ResourceAlreadyExistsException;
 import google.registry.flows.ResourceFlow.BadCommandForRegistryPhaseException;
 import google.registry.flows.ResourceFlowTestCase;
+import google.registry.flows.ResourceFlowUtils.BadAuthInfoForResourceException;
 import google.registry.flows.domain.BaseDomainCreateFlow.AcceptedTooLongAgoException;
 import google.registry.flows.domain.BaseDomainCreateFlow.ClaimsPeriodEndedException;
 import google.registry.flows.domain.BaseDomainCreateFlow.ExpiredClaimException;
@@ -100,6 +102,7 @@ import google.registry.flows.domain.DomainFlowUtils.TrailingDashException;
 import google.registry.flows.domain.DomainFlowUtils.UnsupportedFeeAttributeException;
 import google.registry.model.domain.DomainApplication;
 import google.registry.model.domain.GracePeriod;
+import google.registry.model.domain.LrpToken;
 import google.registry.model.domain.launch.ApplicationStatus;
 import google.registry.model.domain.launch.LaunchNotice;
 import google.registry.model.domain.launch.LaunchPhase;
@@ -867,6 +870,127 @@ public class DomainApplicationCreateFlowTest
     doSuccessfulTest("domain_create_landrush_response.xml", false, 2);
   }
 
+  @Test
+  public void testSuccess_landrushLrpApplication() throws Exception {
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH))
+        .build());
+    LrpToken token = persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest")
+        .setAssignee("test-validate.tld")
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    doSuccessfulTest("domain_create_landrush_response.xml", false);
+    assertThat(ofy().load().entity(token).now().getRedemptionHistoryEntry()).isNotNull();
+  }
+
+  @Test
+  public void testSuccess_landrush_duringLrpWithMissingToken() throws Exception {
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH))
+        .build());
+    setEppInput("domain_create_landrush.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    doSuccessfulTest("domain_create_landrush_response.xml", false);
+  }
+
+  @Test
+  public void testSuccess_landrushLrpApplication_superuser() throws Exception {
+    // Using an LRP token as superuser should still mark the token as redeemed (i.e. same effect
+    // as non-superuser).
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH))
+        .build());
+    LrpToken token = persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest")
+        .setAssignee("test-validate.tld")
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    runSuperuserFlow("domain_create_landrush_response.xml");
+    assertThat(ofy().load().entity(token).now().getRedemptionHistoryEntry()).isNotNull();
+  }
+
+  @Test
+  public void testFailure_landrushLrpApplication_badToken() throws Exception {
+    thrown.expect(BadAuthInfoForResourceException.class);
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH))
+        .build());
+    persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest2")
+        .setAssignee("test-validate.tld")
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    runFlow();
+  }
+
+  @Test
+  public void testFailure_landrushLrpApplication_usedToken() throws Exception {
+    thrown.expect(BadAuthInfoForResourceException.class);
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH))
+        .build());
+    persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest")
+        .setAssignee("test-validate.tld")
+        .setRedemptionHistoryEntry(Key.create(HistoryEntry.class, "1")) // as long as it's not null
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    runFlow();
+  }
+
+  @Test
+  public void testSuccess_landrushApplicationWithLrpToken_notInLrp() throws Exception {
+    createTld("tld", TldState.LANDRUSH);
+    LrpToken token = persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest")
+        .setAssignee("test-validate.tld")
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    // Application should continue as normal, since the LRP token will just be ignored
+    doSuccessfulTest("domain_create_landrush_response.xml", false);
+    // Token should not be marked as used, since this isn't an LRP state
+    assertThat(ofy().load().entity(token).now().getRedemptionHistoryEntry()).isNull();
+  }
+
+  @Test
+  public void testSuccess_landrushApplicationWithLrpToken_differentLrpState() throws Exception {
+    createTld("tld");
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.SUNRISE))
+        .setTldStateTransitions(ImmutableSortedMap.of(
+            START_OF_TIME, TldState.SUNRISE,
+            clock.nowUtc(), TldState.LANDRUSH))
+        .build());
+    LrpToken token = persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest")
+        .setAssignee("test-validate.tld")
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    // Application should continue as normal, since the LRP token will just be ignored
+    doSuccessfulTest("domain_create_landrush_response.xml", false);
+    // Token should not be marked as used, since this isn't an LRP state
+    assertThat(ofy().load().entity(token).now().getRedemptionHistoryEntry()).isNull();
+  }
+
   @Test
   public void testFailure_landrushWithPeriodInMonths() throws Exception {
     thrown.expect(BadPeriodUnitException.class);

javatests/google/registry/flows/domain/DomainCreateFlowTest.java

@@ -17,6 +17,7 @@ package google.registry.flows.domain;
 import static com.google.common.io.BaseEncoding.base16;
 import static com.google.common.truth.Truth.assertThat;
 import static google.registry.model.domain.fee.Fee.FEE_EXTENSION_URIS;
+import static google.registry.model.ofy.ObjectifyService.ofy;
 import static google.registry.pricing.PricingEngineProxy.getPricesForDomainName;
 import static google.registry.testing.DatastoreHelper.assertBillingEvents;
 import static google.registry.testing.DatastoreHelper.createTld;
@@ -102,6 +103,7 @@ import google.registry.model.billing.BillingEvent.Flag;
 import google.registry.model.billing.BillingEvent.Reason;
 import google.registry.model.domain.DomainResource;
 import google.registry.model.domain.GracePeriod;
+import google.registry.model.domain.LrpToken;
 import google.registry.model.domain.launch.ApplicationStatus;
 import google.registry.model.domain.launch.LaunchNotice;
 import google.registry.model.domain.rgp.GracePeriodStatus;
@@ -785,6 +787,34 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
     runFlow();
   }
 
+  @Test
+  public void testSuccess_anchorTenantViaAuthCode_matchingLrpToken() throws Exception {
+    // This is definitely a corner case, as (without superuser) anchor tenants may only register
+    // via auth code during GA, and LRP will almost never be a GA offering. We're running this
+    // as superuser to bypass the state checks, though anchor tenant code checks and LRP token
+    // redemption still happen regardless.
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setReservedLists(persistReservedList(
+            "tld-reserved",
+            "anchor,RESERVED_FOR_ANCHOR_TENANT,2fooBAR"))
+        .build());
+    LrpToken token = persistResource(new LrpToken.Builder()
+        .setToken("2fooBAR")
+        .setAssignee("anchor.tld")
+        .build());
+    setEppInput("domain_create_anchor_authcode.xml");
+    persistContactsAndHosts();
+    runFlowAssertResponse(
+        CommitMode.LIVE,
+        UserPrivileges.SUPERUSER,
+        readFile("domain_create_anchor_response.xml"));
+    assertSuccessfulCreate("tld", true);
+    // Token should not be marked as used, since interpreting the authcode as anchor tenant should
+    // take precedence.
+    assertThat(ofy().load().entity(token).now().getRedemptionHistoryEntry()).isNull();
+  }
+
   @Test
   public void testSuccess_anchorTenantViaAuthCode() throws Exception {
     setEppInput("domain_create_anchor_authcode.xml");

javatests/google/registry/flows/domain/testdata/domain_create_anchor_response.xml

@@ -0,0 +1,19 @@
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <response>
+    <result code="1000">
+      <msg>Command completed successfully</msg>
+    </result>
+    <resData>
+      <domain:creData
+       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>anchor.tld</domain:name>
+        <domain:crDate>1999-04-03T22:00:00Z</domain:crDate>
+        <domain:exDate>2001-04-03T22:00:00Z</domain:exDate>
+      </domain:creData>
+    </resData>
+    <trID>
+      <clTRID>ABC-12345</clTRID>
+      <svTRID>server-trid</svTRID>
+    </trID>
+  </response>
+</epp>

javatests/google/registry/flows/domain/testdata/domain_create_landrush.xml

@@ -13,7 +13,7 @@
         <domain:contact type="admin">sh8013</domain:contact>
         <domain:contact type="tech">sh8013</domain:contact>
         <domain:authInfo>
-          <domain:pw>2fooBAR</domain:pw>
+          <domain:pw></domain:pw>
         </domain:authInfo>
       </domain:create>
     </create>

javatests/google/registry/flows/domain/testdata/domain_create_landrush_lrp.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <command>
+    <create>
+      <domain:create
+       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>test-validate.tld</domain:name>
+        <domain:ns>
+          <domain:hostObj>ns1.example.net</domain:hostObj>
+          <domain:hostObj>ns2.example.net</domain:hostObj>
+        </domain:ns>
+        <domain:registrant>jd1234</domain:registrant>
+        <domain:contact type="admin">sh8013</domain:contact>
+        <domain:contact type="tech">sh8013</domain:contact>
+        <domain:authInfo>
+          <domain:pw>lrptokentest</domain:pw>
+        </domain:authInfo>
+      </domain:create>
+    </create>
+    <extension>
+      <launch:create
+       xmlns:launch="urn:ietf:params:xml:ns:launch-1.0">
+        <launch:phase>landrush</launch:phase>
+     </launch:create>
+    </extension>
+    <clTRID>ABC-12345</clTRID>
+  </command>
+</epp>