Handle LRP tokens in flows

------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=130679951
2025-05-13 07:57:13 +02:00 · 2016-08-18 14:11:53 -07:00 · 2016-08-18 14:11:53 -07:00 · 1894b2308b
commit 1894b2308b
parent 5ff8b9377c
9 changed files with 256 additions and 5 deletions
--- a/java/google/registry/flows/domain/BaseDomainCreateFlow.java
+++ b/java/google/registry/flows/domain/BaseDomainCreateFlow.java
@ -41,6 +41,7 @@ import static google.registry.util.CollectionUtils.nullToEmpty;

 import com.google.common.base.Optional;
 import com.google.common.net.InternetDomainName;
+import com.googlecode.objectify.Key;
 import com.googlecode.objectify.Work;
 import google.registry.flows.EppException;
 import google.registry.flows.EppException.ParameterValuePolicyErrorException;
@ -49,10 +50,12 @@ import google.registry.flows.EppException.ParameterValueSyntaxErrorException;
 import google.registry.flows.EppException.StatusProhibitsOperationException;
 import google.registry.flows.EppException.UnimplementedOptionException;
 import google.registry.flows.ResourceCreateFlow;
+import google.registry.flows.ResourceFlowUtils.BadAuthInfoForResourceException;
 import google.registry.model.domain.DomainBase;
 import google.registry.model.domain.DomainBase.Builder;
 import google.registry.model.domain.DomainCommand.Create;
 import google.registry.model.domain.DomainResource;
+import google.registry.model.domain.LrpToken;
 import google.registry.model.domain.fee.FeeTransformCommandExtension;
 import google.registry.model.domain.launch.LaunchCreateExtension;
 import google.registry.model.domain.launch.LaunchNotice;
@ -90,6 +93,7 @@ public abstract class BaseDomainCreateFlow<R extends DomainBase, B extends Build
  protected SignedMark signedMark;
  protected boolean isAnchorTenantViaReservation;
  protected TldState tldState;
+  protected Optional<LrpToken> lrpToken;

  @Override
  public final void initResourceCreateOrMutateFlow() throws EppException {
@ -183,6 +187,13 @@ public abstract class BaseDomainCreateFlow<R extends DomainBase, B extends Build
    // The TLD should always be the parent of the requested domain name.
    isAnchorTenantViaReservation = matchesAnchorTenantReservation(
        domainLabel, tld, command.getAuthInfo().getPw().getValue());
+    boolean isLrpApplication =
+        registry.getLrpTldStates().contains(tldState)
+            && !command.getAuthInfo().getPw().getValue().isEmpty()
+            && !isAnchorTenantViaReservation;
+    lrpToken = isLrpApplication
+        ? TldSpecificLogicProxy.getMatchingLrpToken(command)
+        : Optional.<LrpToken>absent();
    // Superusers can create reserved domains, force creations on domains that require a claims
    // notice without specifying a claims key, and override blocks on registering premium domains.
    if (!isSuperuser) {
@ -191,6 +202,9 @@ public abstract class BaseDomainCreateFlow<R extends DomainBase, B extends Build
      if (!isAnchorTenantViaReservation) {
        verifyNotReserved(domainName, isSunriseApplication);
      }
+      if (isLrpApplication && !lrpToken.isPresent()) {
+          throw new BadAuthInfoForResourceException();
+      }
      boolean isClaimsPeriod = now.isBefore(registry.getClaimsPeriodEnd());
      boolean isClaimsCreate = launchCreate != null && launchCreate.getNotice() != null;
      if (isClaimsPeriod) {
@ -231,6 +245,15 @@ public abstract class BaseDomainCreateFlow<R extends DomainBase, B extends Build
    verifyDomainCreateIsAllowed();
  }

+  @Override
+  protected void modifyCreateRelatedResources() {
+    if (lrpToken.isPresent()) {
+      ofy().save().entity(lrpToken.get().asBuilder()
+          .setRedemptionHistoryEntry(Key.create(historyEntry))
+          .build());
+    }
+  }
+
  /** Validate the secDNS extension, if present. */
  private void validateSecDnsExtension() throws EppException {
    if (secDnsCreate != null) {
--- a/java/google/registry/flows/domain/DomainApplicationCreateFlow.java
+++ b/java/google/registry/flows/domain/DomainApplicationCreateFlow.java
@ -52,9 +52,10 @@ import javax.inject.Inject;
 * An EPP flow that creates a new application for a domain resource.
 *
 * @error {@link google.registry.flows.EppException.UnimplementedExtensionException}
- * @error {@link google.registry.flows.ResourceFlow.BadCommandForRegistryPhaseException}
- * @error {@link google.registry.flows.domain.DomainFlowUtils.NotAuthorizedForTldException}
 * @error {@link google.registry.flows.ResourceCreateFlow.ResourceAlreadyExistsException}
+ * @error {@link google.registry.flows.ResourceFlow.BadCommandForRegistryPhaseException}
+ * @error {@link google.registry.flows.ResourceFlowUtils.BadAuthInfoForResourceException}
+ * @error {@link google.registry.flows.domain.DomainFlowUtils.NotAuthorizedForTldException}
 * @error {@link BaseDomainCreateFlow.AcceptedTooLongAgoException}
 * @error {@link BaseDomainCreateFlow.ClaimsPeriodEndedException}
 * @error {@link BaseDomainCreateFlow.ExpiredClaimException}
--- a/java/google/registry/model/domain/LrpToken.java
+++ b/java/google/registry/model/domain/LrpToken.java
@ -40,8 +40,8 @@ public class LrpToken extends BackupGroupRoot implements Buildable {
  String token;

  /**
-   * The token's assignee (additional metadata for identifying the owner of the token, which may
-   * vary from TLD to TLD).
+   * The token's assignee (additional metadata for identifying the owner of the token, the details
+   * of which might differ from TLD to TLD).
   */
  @Index
  String assignee;
--- a/java/google/registry/pricing/TldSpecificLogicProxy.java
+++ b/java/google/registry/pricing/TldSpecificLogicProxy.java
@ -16,12 +16,16 @@ package google.registry.pricing;

 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkState;
+import static google.registry.model.ofy.ObjectifyService.ofy;
 import static google.registry.pricing.PricingEngineProxy.getPricesForDomainName;
 import static google.registry.util.PreconditionsUtils.checkArgumentNotNull;

 import com.google.common.base.Optional;
 import com.google.common.collect.ImmutableList;
+import com.googlecode.objectify.Key;
 import google.registry.model.ImmutableObject;
+import google.registry.model.domain.DomainCommand.Create;
+import google.registry.model.domain.LrpToken;
 import google.registry.model.domain.fee.EapFee;
 import google.registry.model.domain.fee.Fee;
 import google.registry.model.pricing.PremiumPricingEngine.DomainPrices;
@ -146,4 +150,26 @@ public final class TldSpecificLogicProxy {
  public static Optional<String> getFeeClass(String domainName, DateTime date) {
    return getPricesForDomainName(domainName, date).getFeeClass();
  }
+
+  /**
+   * Checks whether a {@link Create} command has a valid {@link LrpToken} for a particular TLD, and
+   * return that token (wrapped in an {@link Optional}) if one exists.
+   * 
+   * <p>This method has no knowledge of whether or not an auth code (interpreted here as an LRP
+   * token) has already been checked against the reserved list for QLP (anchor tenant), as auth
+   * codes are used for both types of registrations.
+   */
+  public static Optional<LrpToken> getMatchingLrpToken(Create createCommand) {
+    // Note that until the actual per-TLD logic is built out, what's being done here is a basic
+    // domain-name-to-assignee match.
+    String lrpToken = createCommand.getAuthInfo().getPw().getValue();
+    LrpToken token = ofy().load().key(Key.create(LrpToken.class, lrpToken)).now();
+    if (token != null) {
+      if (token.getAssignee().equalsIgnoreCase(createCommand.getFullyQualifiedDomainName())
+          && token.getRedemptionHistoryEntry() == null) {
+        return Optional.of(token);
+      }
+    }
+    return Optional.<LrpToken>absent();
+  }
 }
--- a/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java
@ -39,10 +39,12 @@ import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSortedMap;
+import com.googlecode.objectify.Key;
 import google.registry.flows.EppException.UnimplementedExtensionException;
 import google.registry.flows.ResourceCreateFlow.ResourceAlreadyExistsException;
 import google.registry.flows.ResourceFlow.BadCommandForRegistryPhaseException;
 import google.registry.flows.ResourceFlowTestCase;
+import google.registry.flows.ResourceFlowUtils.BadAuthInfoForResourceException;
 import google.registry.flows.domain.BaseDomainCreateFlow.AcceptedTooLongAgoException;
 import google.registry.flows.domain.BaseDomainCreateFlow.ClaimsPeriodEndedException;
 import google.registry.flows.domain.BaseDomainCreateFlow.ExpiredClaimException;
@ -100,6 +102,7 @@ import google.registry.flows.domain.DomainFlowUtils.TrailingDashException;
 import google.registry.flows.domain.DomainFlowUtils.UnsupportedFeeAttributeException;
 import google.registry.model.domain.DomainApplication;
 import google.registry.model.domain.GracePeriod;
+import google.registry.model.domain.LrpToken;
 import google.registry.model.domain.launch.ApplicationStatus;
 import google.registry.model.domain.launch.LaunchNotice;
 import google.registry.model.domain.launch.LaunchPhase;
@ -867,6 +870,127 @@ public class DomainApplicationCreateFlowTest
    doSuccessfulTest("domain_create_landrush_response.xml", false, 2);
  }

+  @Test
+  public void testSuccess_landrushLrpApplication() throws Exception {
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH))
+        .build());
+    LrpToken token = persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest")
+        .setAssignee("test-validate.tld")
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    doSuccessfulTest("domain_create_landrush_response.xml", false);
+    assertThat(ofy().load().entity(token).now().getRedemptionHistoryEntry()).isNotNull();
+  }
+
+  @Test
+  public void testSuccess_landrush_duringLrpWithMissingToken() throws Exception {
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH))
+        .build());
+    setEppInput("domain_create_landrush.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    doSuccessfulTest("domain_create_landrush_response.xml", false);
+  }
+
+  @Test
+  public void testSuccess_landrushLrpApplication_superuser() throws Exception {
+    // Using an LRP token as superuser should still mark the token as redeemed (i.e. same effect
+    // as non-superuser).
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH))
+        .build());
+    LrpToken token = persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest")
+        .setAssignee("test-validate.tld")
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    runSuperuserFlow("domain_create_landrush_response.xml");
+    assertThat(ofy().load().entity(token).now().getRedemptionHistoryEntry()).isNotNull();
+  }
+
+  @Test
+  public void testFailure_landrushLrpApplication_badToken() throws Exception {
+    thrown.expect(BadAuthInfoForResourceException.class);
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH))
+        .build());
+    persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest2")
+        .setAssignee("test-validate.tld")
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    runFlow();
+  }
+
+  @Test
+  public void testFailure_landrushLrpApplication_usedToken() throws Exception {
+    thrown.expect(BadAuthInfoForResourceException.class);
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH))
+        .build());
+    persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest")
+        .setAssignee("test-validate.tld")
+        .setRedemptionHistoryEntry(Key.create(HistoryEntry.class, "1")) // as long as it's not null
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    runFlow();
+  }
+
+  @Test
+  public void testSuccess_landrushApplicationWithLrpToken_notInLrp() throws Exception {
+    createTld("tld", TldState.LANDRUSH);
+    LrpToken token = persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest")
+        .setAssignee("test-validate.tld")
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    // Application should continue as normal, since the LRP token will just be ignored
+    doSuccessfulTest("domain_create_landrush_response.xml", false);
+    // Token should not be marked as used, since this isn't an LRP state
+    assertThat(ofy().load().entity(token).now().getRedemptionHistoryEntry()).isNull();
+  }
+
+  @Test
+  public void testSuccess_landrushApplicationWithLrpToken_differentLrpState() throws Exception {
+    createTld("tld");
+    persistResource(Registry.get("tld").asBuilder()
+        .setLrpTldStates(ImmutableSet.of(TldState.SUNRISE))
+        .setTldStateTransitions(ImmutableSortedMap.of(
+            START_OF_TIME, TldState.SUNRISE,
+            clock.nowUtc(), TldState.LANDRUSH))
+        .build());
+    LrpToken token = persistResource(new LrpToken.Builder()
+        .setToken("lrptokentest")
+        .setAssignee("test-validate.tld")
+        .build());
+    setEppInput("domain_create_landrush_lrp.xml");
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    // Application should continue as normal, since the LRP token will just be ignored
+    doSuccessfulTest("domain_create_landrush_response.xml", false);
+    // Token should not be marked as used, since this isn't an LRP state
+    assertThat(ofy().load().entity(token).now().getRedemptionHistoryEntry()).isNull();
+  }
+
  @Test
  public void testFailure_landrushWithPeriodInMonths() throws Exception {
    thrown.expect(BadPeriodUnitException.class);
--- a/javatests/google/registry/flows/domain/DomainCreateFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainCreateFlowTest.java
@ -17,6 +17,7 @@ package google.registry.flows.domain;
 import static com.google.common.io.BaseEncoding.base16;
 import static com.google.common.truth.Truth.assertThat;
 import static google.registry.model.domain.fee.Fee.FEE_EXTENSION_URIS;
+import static google.registry.model.ofy.ObjectifyService.ofy;
 import static google.registry.pricing.PricingEngineProxy.getPricesForDomainName;
 import static google.registry.testing.DatastoreHelper.assertBillingEvents;
 import static google.registry.testing.DatastoreHelper.createTld;
@ -102,6 +103,7 @@ import google.registry.model.billing.BillingEvent.Flag;
 import google.registry.model.billing.BillingEvent.Reason;
 import google.registry.model.domain.DomainResource;
 import google.registry.model.domain.GracePeriod;
+import google.registry.model.domain.LrpToken;
 import google.registry.model.domain.launch.ApplicationStatus;
 import google.registry.model.domain.launch.LaunchNotice;
 import google.registry.model.domain.rgp.GracePeriodStatus;
@ -785,6 +787,34 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
    runFlow();
  }

+  @Test
+  public void testSuccess_anchorTenantViaAuthCode_matchingLrpToken() throws Exception {
+    // This is definitely a corner case, as (without superuser) anchor tenants may only register
+    // via auth code during GA, and LRP will almost never be a GA offering. We're running this
+    // as superuser to bypass the state checks, though anchor tenant code checks and LRP token
+    // redemption still happen regardless.
+    createTld("tld", TldState.LANDRUSH);
+    persistResource(Registry.get("tld").asBuilder()
+        .setReservedLists(persistReservedList(
+            "tld-reserved",
+            "anchor,RESERVED_FOR_ANCHOR_TENANT,2fooBAR"))
+        .build());
+    LrpToken token = persistResource(new LrpToken.Builder()
+        .setToken("2fooBAR")
+        .setAssignee("anchor.tld")
+        .build());
+    setEppInput("domain_create_anchor_authcode.xml");
+    persistContactsAndHosts();
+    runFlowAssertResponse(
+        CommitMode.LIVE,
+        UserPrivileges.SUPERUSER,
+        readFile("domain_create_anchor_response.xml"));
+    assertSuccessfulCreate("tld", true);
+    // Token should not be marked as used, since interpreting the authcode as anchor tenant should
+    // take precedence.
+    assertThat(ofy().load().entity(token).now().getRedemptionHistoryEntry()).isNull();
+  }
+
  @Test
  public void testSuccess_anchorTenantViaAuthCode() throws Exception {
    setEppInput("domain_create_anchor_authcode.xml");
--- a/javatests/google/registry/flows/domain/testdata/domain_create_anchor_response.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_anchor_response.xml
@ -0,0 +1,19 @@
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <response>
+    <result code="1000">
+      <msg>Command completed successfully</msg>
+    </result>
+    <resData>
+      <domain:creData
+       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>anchor.tld</domain:name>
+        <domain:crDate>1999-04-03T22:00:00Z</domain:crDate>
+        <domain:exDate>2001-04-03T22:00:00Z</domain:exDate>
+      </domain:creData>
+    </resData>
+    <trID>
+      <clTRID>ABC-12345</clTRID>
+      <svTRID>server-trid</svTRID>
+    </trID>
+  </response>
+</epp>
--- a/javatests/google/registry/flows/domain/testdata/domain_create_landrush.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_landrush.xml
@ -13,7 +13,7 @@
        <domain:contact type="admin">sh8013</domain:contact>
        <domain:contact type="tech">sh8013</domain:contact>
        <domain:authInfo>
-          <domain:pw>2fooBAR</domain:pw>
+          <domain:pw></domain:pw>
        </domain:authInfo>
      </domain:create>
    </create>
--- a/javatests/google/registry/flows/domain/testdata/domain_create_landrush_lrp.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_landrush_lrp.xml
@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <command>
+    <create>
+      <domain:create
+       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>test-validate.tld</domain:name>
+        <domain:ns>
+          <domain:hostObj>ns1.example.net</domain:hostObj>
+          <domain:hostObj>ns2.example.net</domain:hostObj>
+        </domain:ns>
+        <domain:registrant>jd1234</domain:registrant>
+        <domain:contact type="admin">sh8013</domain:contact>
+        <domain:contact type="tech">sh8013</domain:contact>
+        <domain:authInfo>
+          <domain:pw>lrptokentest</domain:pw>
+        </domain:authInfo>
+      </domain:create>
+    </create>
+    <extension>
+      <launch:create
+       xmlns:launch="urn:ietf:params:xml:ns:launch-1.0">
+        <launch:phase>landrush</launch:phase>
+     </launch:create>
+    </extension>
+    <clTRID>ABC-12345</clTRID>
+  </command>
+</epp>