Don't allow non-active registrars to create domains or applications

Specifically, this prevents suspended registrars from creating domains or applications. Pending registrars already can't perform these actions because they get an error message when attempting to log in. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=170481338
2025-05-13 16:07:15 +02:00 · 2017-09-29 07:42:40 -07:00 · 2017-09-29 07:42:40 -07:00 · 1c4e79f99e
commit 1c4e79f99e
parent d09bd89629
14 changed files with 89 additions and 21 deletions
--- a/java/google/registry/flows/domain/DomainApplicationCreateFlow.java
+++ b/java/google/registry/flows/domain/DomainApplicationCreateFlow.java
@ -35,6 +35,7 @@ import static google.registry.flows.domain.DomainFlowUtils.verifyLaunchPhaseMatc
 import static google.registry.flows.domain.DomainFlowUtils.verifyNoCodeMarks;
 import static google.registry.flows.domain.DomainFlowUtils.verifyNotReserved;
 import static google.registry.flows.domain.DomainFlowUtils.verifyPremiumNameIsNotBlocked;
+import static google.registry.flows.domain.DomainFlowUtils.verifyRegistrarIsActive;
 import static google.registry.flows.domain.DomainFlowUtils.verifyRegistryStateAllowsLaunchFlows;
 import static google.registry.flows.domain.DomainFlowUtils.verifyUnitIsYears;
 import static google.registry.model.EppResourceUtils.createDomainRepoId;
@ -147,6 +148,7 @@ import org.joda.time.DateTime;
 * @error {@link DomainFlowUtils.NotAuthorizedForTldException}
 * @error {@link DomainFlowUtils.PremiumNameBlockedException}
 * @error {@link DomainFlowUtils.RegistrantNotAllowedException}
+ * @error {@link DomainFlowUtils.RegistrarMustBeActiveToCreateDomainsException}
 * @error {@link DomainFlowTmchUtils.SignedMarksMustBeEncodedException}
 * @error {@link DomainFlowTmchUtils.SignedMarkCertificateExpiredException}
 * @error {@link DomainFlowTmchUtils.SignedMarkCertificateInvalidException}
@ -194,6 +196,7 @@ public final class DomainApplicationCreateFlow implements TransactionalFlow {
    customLogic.beforeValidation();
    extensionManager.validate();
    validateClientIsLoggedIn(clientId);
+    verifyRegistrarIsActive(clientId);
    DateTime now = ofy().getTransactionTime();
    Create command = cloneAndLinkReferences((Create) resourceCommand, now);
    // Fail if the domain is already registered (e.g. this is a landrush application but the domain
--- a/java/google/registry/flows/domain/DomainCreateFlow.java
+++ b/java/google/registry/flows/domain/DomainCreateFlow.java
@ -35,6 +35,7 @@ import static google.registry.flows.domain.DomainFlowUtils.verifyLaunchPhaseMatc
 import static google.registry.flows.domain.DomainFlowUtils.verifyNoCodeMarks;
 import static google.registry.flows.domain.DomainFlowUtils.verifyNotReserved;
 import static google.registry.flows.domain.DomainFlowUtils.verifyPremiumNameIsNotBlocked;
+import static google.registry.flows.domain.DomainFlowUtils.verifyRegistrarIsActive;
 import static google.registry.flows.domain.DomainFlowUtils.verifyUnitIsYears;
 import static google.registry.model.EppResourceUtils.createDomainRepoId;
 import static google.registry.model.eppcommon.StatusValue.SERVER_TRANSFER_PROHIBITED;
@ -155,6 +156,7 @@ import org.joda.time.Duration;
 * @error {@link NameserversNotSpecifiedForTldWithNameserverWhitelistException}
 * @error {@link DomainFlowUtils.PremiumNameBlockedException}
 * @error {@link DomainFlowUtils.RegistrantNotAllowedException}
+ * @error {@link DomainFlowUtils.RegistrarMustBeActiveToCreateDomainsException}
 * @error {@link DomainFlowUtils.TldDoesNotExistException}
 * @error {@link DomainFlowUtils.TooManyDsRecordsException}
 * @error {@link DomainFlowUtils.TooManyNameserversException}
@ -196,6 +198,7 @@ public class DomainCreateFlow implements TransactionalFlow {
    customLogic.beforeValidation();
    extensionManager.validate();
    validateClientIsLoggedIn(clientId);
+    verifyRegistrarIsActive(clientId);
    DateTime now = ofy().getTransactionTime();
    Create command = cloneAndLinkReferences((Create) resourceCommand, now);
    Period period = command.getPeriod();
--- a/java/google/registry/flows/domain/DomainFlowUtils.java
+++ b/java/google/registry/flows/domain/DomainFlowUtils.java
@ -102,6 +102,7 @@ import google.registry.model.eppoutput.EppResponse.ResponseExtension;
 import google.registry.model.host.HostResource;
 import google.registry.model.poll.PollMessage;
 import google.registry.model.registrar.Registrar;
+import google.registry.model.registrar.Registrar.State;
 import google.registry.model.registry.Registry;
 import google.registry.model.registry.Registry.TldState;
 import google.registry.model.registry.label.ReservationType;
@ -753,6 +754,19 @@ public class DomainFlowUtils {
    }
  }

+  /**
+   * Check that the registrar with the given client ID is active.
+   *
+   * <p>Non-active registrars are not allowed to create domain applications or domain resources.
+   */
+  static void verifyRegistrarIsActive(String clientId)
+      throws RegistrarMustBeActiveToCreateDomainsException {
+    Registrar registrar = Registrar.loadByClientIdCached(clientId).get();
+    if (registrar.getState() != State.ACTIVE) {
+      throw new RegistrarMustBeActiveToCreateDomainsException();
+    }
+  }
+
  /** Check that the registry phase is not incompatible with launch extension flows. */
  static void verifyRegistryStateAllowsLaunchFlows(Registry registry, DateTime now)
      throws BadCommandForRegistryPhaseException {
@ -1426,4 +1440,12 @@ public class DomainFlowUtils {
          MAX_REGISTRATION_YEARS));
    }
  }
+
+  /** Registrar must be active in order to create domains or applications. */
+  static class RegistrarMustBeActiveToCreateDomainsException extends AuthorizationErrorException {
+    public RegistrarMustBeActiveToCreateDomainsException() {
+      super("Registrar must be active in order to create domains or applications");
+    }
+  }
+
 }