Set correct auth settings for all actions

A test has been added to RequestHandlerTest, making sure that, while we merely log errors for the time being, the correct dummy AuthResult is being created. Most actions use the default settings, which have been changed to INTERNAL / APP / IGNORED. Actions with non-default settings are: INTERNAL/NONE/PUBLIC (non-auth public endpoints) CheckApiAction WhoisHttpServer Rdap*Action INTERNAL,API/APP/ADMIN (things currently protected by web.xml) EppTlsAction EppToolAction CreateGroupsAction CreatePremiumListAction DeleteEntityAction List*sAction UpdatePremiumListAction VerifyOteAction WhoisServer INTERNAL,API,LEGACY/USER/PUBLIC (registrar console) RegistrarPaymentAction RegistrarPaymentSetupAction RegistrarSettingsAction EppConsoleAction INTERNAL,API,LEGACY/NONE/PUBLIC (registrar console main page) ConsoleUiAction ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=149761652
2025-05-15 00:47:11 +02:00 · 2017-03-10 08:47:52 -08:00 · 2017-03-10 08:47:52 -08:00 · 1f000b94e6
commit 1f000b94e6
parent f5e76868f0
38 changed files with 450 additions and 133 deletions
--- a/java/google/registry/rdap/BUILD
+++ b/java/google/registry/rdap/BUILD
@ -11,6 +11,7 @@ java_library(
        "//java/google/registry/config",
        "//java/google/registry/model",
        "//java/google/registry/request",
+        "//java/google/registry/request/auth",
        "//java/google/registry/util",
        "//third_party/java/objectify:objectify-v4_1",
        "@com_google_auto_value",
--- a/java/google/registry/rdap/RdapAutnumAction.java
+++ b/java/google/registry/rdap/RdapAutnumAction.java
@ -20,6 +20,8 @@ import static google.registry.request.Action.Method.HEAD;
 import com.google.common.collect.ImmutableMap;
 import google.registry.request.Action;
 import google.registry.request.HttpException.NotImplementedException;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import javax.inject.Inject;

 /**
@ -28,7 +30,12 @@ import javax.inject.Inject;
 * <p>This feature is not implemented because it's only necessary for <i>address</i> registries like
 * ARIN, not domain registries.
 */
-@Action(path = RdapAutnumAction.PATH, method = {GET, HEAD}, isPrefix = true)
+@Action(
+  path = RdapAutnumAction.PATH,
+  method = {GET, HEAD},
+  isPrefix = true,
+  auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
+)
 public class RdapAutnumAction extends RdapActionBase {

  public static final String PATH = "/rdap/autnum";
--- a/java/google/registry/rdap/RdapDomainAction.java
+++ b/java/google/registry/rdap/RdapDomainAction.java
@ -23,14 +23,19 @@ import google.registry.model.domain.DomainResource;
 import google.registry.rdap.RdapJsonFormatter.OutputDataType;
 import google.registry.request.Action;
 import google.registry.request.HttpException.NotFoundException;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import google.registry.util.Clock;
 import javax.inject.Inject;
 import org.joda.time.DateTime;

-/**
- * RDAP (new WHOIS) action for domain requests.
- */
-@Action(path = RdapDomainAction.PATH, method = {GET, HEAD}, isPrefix = true)
+/** RDAP (new WHOIS) action for domain requests. */
+@Action(
+  path = RdapDomainAction.PATH,
+  method = {GET, HEAD},
+  isPrefix = true,
+  auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
+)
 public class RdapDomainAction extends RdapActionBase {

  public static final String PATH = "/rdap/domain/";
--- a/java/google/registry/rdap/RdapDomainSearchAction.java
+++ b/java/google/registry/rdap/RdapDomainSearchAction.java
@ -40,6 +40,8 @@ import google.registry.request.Action;
 import google.registry.request.HttpException.BadRequestException;
 import google.registry.request.HttpException.NotFoundException;
 import google.registry.request.Parameter;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import google.registry.util.Clock;
 import google.registry.util.Idn;
 import java.net.InetAddress;
@ -54,12 +56,17 @@ import org.joda.time.DateTime;
 *
 * <p>All commands and responses conform to the RDAP spec as defined in RFCs 7480 through 7485.
 *
- * @see <a href="http://tools.ietf.org/html/rfc7482">
- *        RFC 7482: Registration Data Access Protocol (RDAP) Query Format</a>
- * @see <a href="http://tools.ietf.org/html/rfc7483">
- *        RFC 7483: JSON Responses for the Registration Data Access Protocol (RDAP)</a>
+ * @see <a href="http://tools.ietf.org/html/rfc7482">RFC 7482: Registration Data Access Protocol
+ *     (RDAP) Query Format</a>
+ * @see <a href="http://tools.ietf.org/html/rfc7483">RFC 7483: JSON Responses for the Registration
+ *     Data Access Protocol (RDAP)</a>
 */
-@Action(path = RdapDomainSearchAction.PATH, method = {GET, HEAD}, isPrefix = true)
+@Action(
+  path = RdapDomainSearchAction.PATH,
+  method = {GET, HEAD},
+  isPrefix = true,
+  auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
+)
 public class RdapDomainSearchAction extends RdapActionBase {

  public static final String PATH = "/rdap/domains";
--- a/java/google/registry/rdap/RdapEntityAction.java
+++ b/java/google/registry/rdap/RdapEntityAction.java
@ -30,6 +30,8 @@ import google.registry.rdap.RdapJsonFormatter.OutputDataType;
 import google.registry.request.Action;
 import google.registry.request.HttpException.BadRequestException;
 import google.registry.request.HttpException.NotFoundException;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import google.registry.util.Clock;
 import javax.inject.Inject;
 import org.joda.time.DateTime;
@ -44,7 +46,12 @@ import org.joda.time.DateTime;
 * response MUST contain a publicIDs member to identify the IANA Registrar ID from the IANA’s
 * Registrar ID registry. The type value of the publicID object MUST be equal to IANA Registrar ID.
 */
-@Action(path = RdapEntityAction.PATH, method = {GET, HEAD}, isPrefix = true)
+@Action(
+  path = RdapEntityAction.PATH,
+  method = {GET, HEAD},
+  isPrefix = true,
+  auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
+)
 public class RdapEntityAction extends RdapActionBase {

  public static final String PATH = "/rdap/entity/";
--- a/java/google/registry/rdap/RdapEntitySearchAction.java
+++ b/java/google/registry/rdap/RdapEntitySearchAction.java
@ -36,6 +36,8 @@ import google.registry.request.HttpException.BadRequestException;
 import google.registry.request.HttpException.NotFoundException;
 import google.registry.request.HttpException.UnprocessableEntityException;
 import google.registry.request.Parameter;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import google.registry.util.Clock;
 import java.util.ArrayList;
 import java.util.List;
@ -47,12 +49,17 @@ import org.joda.time.DateTime;
 *
 * <p>All commands and responses conform to the RDAP spec as defined in RFCs 7480 through 7485.
 *
- * @see <a href="http://tools.ietf.org/html/rfc7482">
- *        RFC 7482: Registration Data Access Protocol (RDAP) Query Format</a>
- * @see <a href="http://tools.ietf.org/html/rfc7483">
- *        RFC 7483: JSON Responses for the Registration Data Access Protocol (RDAP)</a>
+ * @see <a href="http://tools.ietf.org/html/rfc7482">RFC 7482: Registration Data Access Protocol
+ *     (RDAP) Query Format</a>
+ * @see <a href="http://tools.ietf.org/html/rfc7483">RFC 7483: JSON Responses for the Registration
+ *     Data Access Protocol (RDAP)</a>
 */
-@Action(path = RdapEntitySearchAction.PATH, method = {GET, HEAD}, isPrefix = true)
+@Action(
+  path = RdapEntitySearchAction.PATH,
+  method = {GET, HEAD},
+  isPrefix = true,
+  auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
+)
 public class RdapEntitySearchAction extends RdapActionBase {

  public static final String PATH = "/rdap/entities";
--- a/java/google/registry/rdap/RdapHelpAction.java
+++ b/java/google/registry/rdap/RdapHelpAction.java
@ -21,13 +21,18 @@ import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import google.registry.rdap.RdapJsonFormatter.BoilerplateType;
 import google.registry.request.Action;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import google.registry.util.Clock;
 import javax.inject.Inject;

-/**
- * RDAP (new WHOIS) action for help requests.
- */
-@Action(path = RdapHelpAction.PATH, method = {GET, HEAD}, isPrefix = true)
+/** RDAP (new WHOIS) action for help requests. */
+@Action(
+  path = RdapHelpAction.PATH,
+  method = {GET, HEAD},
+  isPrefix = true,
+  auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
+)
 public class RdapHelpAction extends RdapActionBase {

  public static final String PATH = "/rdap/help";
--- a/java/google/registry/rdap/RdapIpAction.java
+++ b/java/google/registry/rdap/RdapIpAction.java
@ -20,6 +20,8 @@ import static google.registry.request.Action.Method.HEAD;
 import com.google.common.collect.ImmutableMap;
 import google.registry.request.Action;
 import google.registry.request.HttpException.NotImplementedException;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import javax.inject.Inject;

 /**
@ -27,9 +29,13 @@ import javax.inject.Inject;
 *
 * <p>This feature is not implemented because it's only necessary for <i>address</i> registries like
 * ARIN, not domain registries.
-
 */
-@Action(path = RdapIpAction.PATH, method = {GET, HEAD}, isPrefix = true)
+@Action(
+  path = RdapIpAction.PATH,
+  method = {GET, HEAD},
+  isPrefix = true,
+  auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
+)
 public class RdapIpAction extends RdapActionBase {

  public static final String PATH = "/rdap/ip";
--- a/java/google/registry/rdap/RdapNameserverAction.java
+++ b/java/google/registry/rdap/RdapNameserverAction.java
@ -23,14 +23,19 @@ import google.registry.model.host.HostResource;
 import google.registry.rdap.RdapJsonFormatter.OutputDataType;
 import google.registry.request.Action;
 import google.registry.request.HttpException.NotFoundException;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import google.registry.util.Clock;
 import javax.inject.Inject;
 import org.joda.time.DateTime;

-/**
- * RDAP (new WHOIS) action for nameserver requests.
- */
-@Action(path = RdapNameserverAction.PATH, method = {GET, HEAD}, isPrefix = true)
+/** RDAP (new WHOIS) action for nameserver requests. */
+@Action(
+  path = RdapNameserverAction.PATH,
+  method = {GET, HEAD},
+  isPrefix = true,
+  auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
+)
 public class RdapNameserverAction extends RdapActionBase {

  public static final String PATH = "/rdap/nameserver/";
--- a/java/google/registry/rdap/RdapNameserverSearchAction.java
+++ b/java/google/registry/rdap/RdapNameserverSearchAction.java
@ -36,6 +36,8 @@ import google.registry.request.Action;
 import google.registry.request.HttpException.BadRequestException;
 import google.registry.request.HttpException.NotFoundException;
 import google.registry.request.Parameter;
+import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthLevel;
 import google.registry.util.Clock;
 import google.registry.util.Idn;
 import java.net.InetAddress;
@ -48,12 +50,17 @@ import org.joda.time.DateTime;
 *
 * <p>All commands and responses conform to the RDAP spec as defined in RFCs 7480 through 7485.
 *
- * @see <a href="http://tools.ietf.org/html/rfc7482">
- *        RFC 7482: Registration Data Access Protocol (RDAP) Query Format</a>
- * @see <a href="http://tools.ietf.org/html/rfc7483">
- *        RFC 7483: JSON Responses for the Registration Data Access Protocol (RDAP)</a>
+ * @see <a href="http://tools.ietf.org/html/rfc7482">RFC 7482: Registration Data Access Protocol
+ *     (RDAP) Query Format</a>
+ * @see <a href="http://tools.ietf.org/html/rfc7483">RFC 7483: JSON Responses for the Registration
+ *     Data Access Protocol (RDAP)</a>
 */
-@Action(path = RdapNameserverSearchAction.PATH, method = {GET, HEAD}, isPrefix = true)
+@Action(
+  path = RdapNameserverSearchAction.PATH,
+  method = {GET, HEAD},
+  isPrefix = true,
+  auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
+)
 public class RdapNameserverSearchAction extends RdapActionBase {

  public static final String PATH = "/rdap/nameservers";