Cut over to generating new HMAC-based XSRF tokens

This is the second step of migrating to our new XSRF token format.  The
first step ([] made validate() start accepting new tokens
(basically, dual-read).  This step cuts over our "writing" to write the
new token format.  The third and final step will drop support for
validating the old token format (back to single-read).  We'll do that
in a subsequent push so that we don't invalidate all the current XSRF
tokens that people might have in their browsers.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=149790648

java/google/registry/loadtest/LoadTestAction.java

@@ -183,7 +183,7 @@ public class LoadTestAction implements Runnable {
     xmlHostCreateTmpl = loadXml("host_create");
     xmlHostCreateFail = xmlHostCreateTmpl.replace("%host%", EXISTING_HOST);
     xmlHostInfo = loadXml("host_info").replace("%host%", EXISTING_HOST);
-    xsrfToken = xsrfTokenManager.generateLegacyToken("admin", "");
+    xsrfToken = xsrfTokenManager.generateToken("");
   }
 
   @Override

java/google/registry/security/XsrfTokenManager.java

@@ -99,25 +99,6 @@ public final class XsrfTokenManager {
         .asBytes());
   }
 
-  /**
-   * Generates a legacy-style XSRF token for a given scope and user.
-   *
-   * <p>If there is no user (email is an empty string), the entire xsrf check becomes basically a
-   * no-op, but that's ok because any callback that doesn't have a user shouldn't be able to access
-   * any per-user resources anyways.
-   *
-   * <p>The scope is passed to {@link #computeLegacyHash}. Use of a scope in xsrf tokens is
-   * deprecated; instead, use {@link #generateToken}.
-   */
-  // TODO(b/35388772): remove this in favor of generateToken()
-  @Deprecated
-  public String generateLegacyToken(String scope, String email) {
-    checkArgumentNotNull(scope);
-    checkArgumentNotNull(email);
-    long now = clock.nowUtc().getMillis();
-    return Joiner.on(':').join(computeLegacyHash(now, scope, email), now);
-  }
-
   /**
    * Validates an XSRF token against the current logged-in user.
    *
@@ -157,6 +138,7 @@ public final class XsrfTokenManager {
       }
       return true;
     } else {
+      // TODO(b/35388772): remove this fallback once we no longer generate legacy tokens.
       // Fall back to the legacy format, and try the few possible scopes.
       String hash = tokenParts.get(0);
       ImmutableSet.Builder<String> reconstructedTokenCandidates = new ImmutableSet.Builder<>();

java/google/registry/tools/AppEngineConnection.java

@@ -66,7 +66,7 @@ class AppEngineConnection implements Connection {
       memoize(new Supplier<String>() {
         @Override
         public String get() {
-          return xsrfTokenManager.generateLegacyToken("admin", getUserId());
+          return xsrfTokenManager.generateToken(getUserId());
         }});
 
   @Override

java/google/registry/ui/server/registrar/ConsoleUiAction.java

@@ -27,7 +27,6 @@ import com.google.template.soy.data.SoyMapData;
 import com.google.template.soy.shared.SoyCssRenamingMap;
 import com.google.template.soy.tofu.SoyTofu;
 import google.registry.config.RegistryConfig.Config;
-import google.registry.flows.EppConsoleAction;
 import google.registry.model.registrar.Registrar;
 import google.registry.request.Action;
 import google.registry.request.Response;
@@ -119,8 +118,7 @@ public final class ConsoleUiAction implements Runnable {
     Registrar registrar = Registrar.loadByClientId(sessionUtils.getRegistrarClientId(req));
     data.put(
         "xsrfToken",
-        xsrfTokenManager.generateLegacyToken(
-            EppConsoleAction.XSRF_SCOPE, userService.getCurrentUser().getEmail()));
+        xsrfTokenManager.generateToken(userService.getCurrentUser().getEmail()));
     data.put("clientId", registrar.getClientId());
     data.put("showPaymentLink", registrar.getBillingMethod() == Registrar.BillingMethod.BRAINTREE);