mirror of
https://github.com/google/nomulus.git
synced 2025-07-24 19:48:32 +02:00
Change registrar console login code in preparation for removing requireLogin
We are going to remove the requireLogin attribute from the action attribute, because it is specific to the UserService API. This is used by four actions: ConsoleUIAction RegistrarSettingsAction RegistrarPaymentSetupAction RegistrarPaymentAction Instead, these four actions will now check the login status directly. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=159562335
This commit is contained in:
mountford
Ben McIlwain
parent
17697388b8
commit
2b7f78db98
17 changed files with 151 additions and 112 deletions
|
|
@ -17,6 +17,7 @@ java_library(
|
|||
"//java/google/registry/export/sheet",
|
||||
"//java/google/registry/model",
|
||||
"//java/google/registry/request",
|
||||
"//java/google/registry/request/auth",
|
||||
"//java/google/registry/security",
|
||||
"//java/google/registry/ui/server/registrar",
|
||||
"//java/google/registry/ui/soy/registrar:soy_java_wrappers",
|
||||
|
|
|
|||
|
|
@ -19,8 +19,12 @@ import static org.mockito.Matchers.any;
|
|||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import com.google.appengine.api.users.User;
|
||||
import com.google.appengine.api.users.UserServiceFactory;
|
||||
import com.google.common.net.MediaType;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.request.auth.AuthResult;
|
||||
import google.registry.request.auth.UserAuthInfo;
|
||||
import google.registry.security.XsrfTokenManager;
|
||||
import google.registry.testing.AppEngineRule;
|
||||
import google.registry.testing.FakeClock;
|
||||
|
|
@ -44,9 +48,10 @@ public class ConsoleUiActionTest {
|
|||
.build();
|
||||
|
||||
private final SessionUtils sessionUtils = mock(SessionUtils.class);
|
||||
|
||||
private final HttpServletRequest request = mock(HttpServletRequest.class);
|
||||
private final FakeResponse response = new FakeResponse();
|
||||
private final ConsoleUiAction action = new ConsoleUiAction();
|
||||
private final User user = new User("marla.singer@example.com", "gmail.com", "12345");
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
|
|
@ -58,13 +63,14 @@ public class ConsoleUiActionTest {
|
|||
action.announcementsEmail = "announcements@example.com";
|
||||
action.supportPhoneNumber = "1 (888) 555 0123";
|
||||
action.technicalDocsUrl = "http://example.com/technical-docs";
|
||||
action.req = request;
|
||||
action.response = response;
|
||||
action.sessionUtils = sessionUtils;
|
||||
action.userService = UserServiceFactory.getUserService();
|
||||
action.xsrfTokenManager = new XsrfTokenManager(new FakeClock(), action.userService);
|
||||
when(sessionUtils.checkRegistrarConsoleLogin(any(HttpServletRequest.class))).thenReturn(true);
|
||||
when(sessionUtils.getRegistrarClientId(any(HttpServletRequest.class)))
|
||||
.thenReturn("TheRegistrar");
|
||||
action.authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false));
|
||||
when(sessionUtils.checkRegistrarConsoleLogin(request, user)).thenReturn(true);
|
||||
when(sessionUtils.getRegistrarClientId(request)).thenReturn("TheRegistrar");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -101,7 +107,8 @@ public class ConsoleUiActionTest {
|
|||
|
||||
@Test
|
||||
public void testUserDoesntHaveAccessToAnyRegistrar_showsWhoAreYouPage() throws Exception {
|
||||
when(sessionUtils.checkRegistrarConsoleLogin(any(HttpServletRequest.class))).thenReturn(false);
|
||||
when(sessionUtils.checkRegistrarConsoleLogin(any(HttpServletRequest.class), any(User.class)))
|
||||
.thenReturn(false);
|
||||
action.run();
|
||||
assertThat(response.getPayload()).contains("<h1>You need permission</h1>");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ import static com.google.common.truth.Truth.assertThat;
|
|||
import static google.registry.testing.ReflectiveFieldExtractor.extractField;
|
||||
import static java.util.Arrays.asList;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
|
|
@ -30,10 +31,15 @@ import com.braintreegateway.TransactionRequest;
|
|||
import com.braintreegateway.ValidationError;
|
||||
import com.braintreegateway.ValidationErrorCode;
|
||||
import com.braintreegateway.ValidationErrors;
|
||||
import com.google.appengine.api.users.User;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import google.registry.model.registrar.Registrar;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.request.auth.AuthResult;
|
||||
import google.registry.request.auth.UserAuthInfo;
|
||||
import google.registry.testing.AppEngineRule;
|
||||
import java.math.BigDecimal;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.joda.money.CurrencyUnit;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
|
|
@ -66,6 +72,10 @@ public class RegistrarPaymentActionTest {
|
|||
@Mock
|
||||
private ValidationErrors validationErrors;
|
||||
|
||||
private final SessionUtils sessionUtils = mock(SessionUtils.class);
|
||||
|
||||
private final User user = new User("marla.singer@example.com", "gmail.com", "12345");
|
||||
|
||||
@Captor
|
||||
private ArgumentCaptor<TransactionRequest> transactionRequestCaptor;
|
||||
|
||||
|
|
@ -73,7 +83,8 @@ public class RegistrarPaymentActionTest {
|
|||
|
||||
@Before
|
||||
public void before() throws Exception {
|
||||
paymentAction.registrar = Registrar.loadByClientId("TheRegistrar");
|
||||
paymentAction.sessionUtils = sessionUtils;
|
||||
paymentAction.authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false));
|
||||
paymentAction.accountIds =
|
||||
ImmutableMap.of(
|
||||
CurrencyUnit.USD, "merchant-account-usd",
|
||||
|
|
@ -81,6 +92,9 @@ public class RegistrarPaymentActionTest {
|
|||
paymentAction.braintreeGateway = braintreeGateway;
|
||||
when(braintreeGateway.transaction()).thenReturn(transactionGateway);
|
||||
when(transactionGateway.sale(any(TransactionRequest.class))).thenReturn(result);
|
||||
when(sessionUtils.getRegistrarForAuthResult(
|
||||
any(HttpServletRequest.class), any(AuthResult.class)))
|
||||
.thenReturn(Registrar.loadByClientId("TheRegistrar"));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -15,7 +15,9 @@
|
|||
package google.registry.ui.server.registrar;
|
||||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static google.registry.testing.DatastoreHelper.persistResource;
|
||||
import static java.util.Arrays.asList;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Matchers.eq;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
|
|
@ -23,10 +25,15 @@ import static org.mockito.Mockito.when;
|
|||
|
||||
import com.braintreegateway.BraintreeGateway;
|
||||
import com.braintreegateway.ClientTokenGateway;
|
||||
import com.google.appengine.api.users.User;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import google.registry.braintree.BraintreeRegistrarSyncer;
|
||||
import google.registry.model.registrar.Registrar;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.request.auth.AuthResult;
|
||||
import google.registry.request.auth.UserAuthInfo;
|
||||
import google.registry.testing.AppEngineRule;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.joda.money.CurrencyUnit;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
|
|
@ -46,17 +53,25 @@ public class RegistrarPaymentSetupActionTest {
|
|||
private final BraintreeGateway braintreeGateway = mock(BraintreeGateway.class);
|
||||
private final ClientTokenGateway clientTokenGateway = mock(ClientTokenGateway.class);
|
||||
private final BraintreeRegistrarSyncer customerSyncer = mock(BraintreeRegistrarSyncer.class);
|
||||
private final SessionUtils sessionUtils = mock(SessionUtils.class);
|
||||
|
||||
private final User user = new User("marla.singer@example.com", "gmail.com", "12345");
|
||||
private final RegistrarPaymentSetupAction action = new RegistrarPaymentSetupAction();
|
||||
|
||||
@Before
|
||||
public void before() throws Exception {
|
||||
action.sessionUtils = sessionUtils;
|
||||
action.authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false));
|
||||
action.braintreeGateway = braintreeGateway;
|
||||
action.customerSyncer = customerSyncer;
|
||||
action.registrar =
|
||||
Registrar.loadByClientId("TheRegistrar").asBuilder()
|
||||
Registrar registrar = persistResource(
|
||||
Registrar.loadByClientId("TheRegistrar")
|
||||
.asBuilder()
|
||||
.setBillingMethod(Registrar.BillingMethod.BRAINTREE)
|
||||
.build();
|
||||
.build());
|
||||
when(sessionUtils.getRegistrarForAuthResult(
|
||||
any(HttpServletRequest.class), any(AuthResult.class)))
|
||||
.thenReturn(registrar);
|
||||
when(braintreeGateway.clientToken()).thenReturn(clientTokenGateway);
|
||||
}
|
||||
|
||||
|
|
@ -78,7 +93,7 @@ public class RegistrarPaymentSetupActionTest {
|
|||
"token", blanketsOfSadness,
|
||||
"currencies", asList("USD", "JPY"),
|
||||
"brainframe", "/doodle")));
|
||||
verify(customerSyncer).sync(eq(action.registrar));
|
||||
verify(customerSyncer).sync(eq(Registrar.loadByClientId("TheRegistrar")));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -92,10 +107,14 @@ public class RegistrarPaymentSetupActionTest {
|
|||
|
||||
@Test
|
||||
public void testNotOnCreditCardBillingTerms_showsErrorPage() throws Exception {
|
||||
action.registrar =
|
||||
Registrar.loadByClientId("TheRegistrar").asBuilder()
|
||||
Registrar registrar = persistResource(
|
||||
Registrar.loadByClientId("TheRegistrar")
|
||||
.asBuilder()
|
||||
.setBillingMethod(Registrar.BillingMethod.EXTERNAL)
|
||||
.build();
|
||||
.build());
|
||||
when(sessionUtils.getRegistrarForAuthResult(
|
||||
any(HttpServletRequest.class), any(AuthResult.class)))
|
||||
.thenReturn(registrar);
|
||||
assertThat(action.handleJsonRequest(ImmutableMap.<String, Object>of()))
|
||||
.containsExactly(
|
||||
"status", "ERROR",
|
||||
|
|
|
|||
|
|
@ -19,7 +19,9 @@ import static google.registry.testing.TaskQueueHelper.assertNoTasksEnqueued;
|
|||
import static google.registry.testing.TaskQueueHelper.assertTasksEnqueued;
|
||||
import static google.registry.util.ResourceUtils.readResourceUtf8;
|
||||
import static java.util.Arrays.asList;
|
||||
import static org.mockito.Mockito.anyInt;
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Matchers.anyInt;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
|
@ -27,9 +29,12 @@ import static org.mockito.Mockito.when;
|
|||
import com.google.common.collect.ImmutableMap;
|
||||
import google.registry.export.sheet.SyncRegistrarsSheetAction;
|
||||
import google.registry.model.registrar.Registrar;
|
||||
import google.registry.request.HttpException.ForbiddenException;
|
||||
import google.registry.request.auth.AuthResult;
|
||||
import google.registry.testing.TaskQueueHelper.TaskMatcher;
|
||||
import java.util.Map;
|
||||
import javax.mail.internet.InternetAddress;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.junit.runners.JUnit4;
|
||||
|
|
@ -65,11 +70,15 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase
|
|||
|
||||
@Test
|
||||
public void testRead_notAuthorized_failure() throws Exception {
|
||||
when(sessionUtils.checkRegistrarConsoleLogin(req)).thenReturn(false);
|
||||
Map<String, Object> response = action.handleJsonRequest(ImmutableMap.<String, Object>of());
|
||||
assertThat(response).containsEntry("status", "ERROR");
|
||||
assertThat((String) response.get("message")).startsWith("Not authorized");
|
||||
assertNoTasksEnqueued("sheet");
|
||||
when(sessionUtils.getRegistrarForAuthResult(
|
||||
any(HttpServletRequest.class), any(AuthResult.class)))
|
||||
.thenThrow(new ForbiddenException("Not authorized to access Registrar Console"));
|
||||
try {
|
||||
action.handleJsonRequest(ImmutableMap.<String, Object>of());
|
||||
fail("expected ForbiddenException");
|
||||
} catch (ForbiddenException ex) {
|
||||
assertNoTasksEnqueued("sheet");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import static org.mockito.Mockito.mock;
|
|||
import static org.mockito.Mockito.when;
|
||||
|
||||
import com.google.appengine.api.modules.ModulesService;
|
||||
import com.google.appengine.api.users.User;
|
||||
import com.google.common.base.Supplier;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
|
|
@ -32,6 +33,9 @@ import google.registry.model.registrar.Registrar;
|
|||
import google.registry.request.JsonActionRunner;
|
||||
import google.registry.request.JsonResponse;
|
||||
import google.registry.request.ResponseImpl;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.request.auth.AuthResult;
|
||||
import google.registry.request.auth.UserAuthInfo;
|
||||
import google.registry.testing.AppEngineRule;
|
||||
import google.registry.testing.FakeClock;
|
||||
import google.registry.testing.InjectRule;
|
||||
|
|
@ -73,6 +77,7 @@ public class RegistrarSettingsActionTestCase {
|
|||
final SendEmailService emailService = mock(SendEmailService.class);
|
||||
final ModulesService modulesService = mock(ModulesService.class);
|
||||
final SessionUtils sessionUtils = mock(SessionUtils.class);
|
||||
final User user = new User("user", "gmail.com");
|
||||
|
||||
Message message;
|
||||
|
||||
|
|
@ -85,7 +90,7 @@ public class RegistrarSettingsActionTestCase {
|
|||
public void setUp() throws Exception {
|
||||
action.request = req;
|
||||
action.sessionUtils = sessionUtils;
|
||||
action.initialRegistrar = Registrar.loadByClientId(CLIENT_ID);
|
||||
action.authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false));
|
||||
action.jsonActionRunner = new JsonActionRunner(
|
||||
ImmutableMap.<String, Object>of(), new JsonResponse(new ResponseImpl(rsp)));
|
||||
action.registrarChangesNotificationEmailAddresses = ImmutableList.of(
|
||||
|
|
@ -101,9 +106,8 @@ public class RegistrarSettingsActionTestCase {
|
|||
when(rsp.getWriter()).thenReturn(new PrintWriter(writer));
|
||||
when(req.getContentType()).thenReturn("application/json");
|
||||
when(req.getReader()).thenReturn(createJsonPayload(ImmutableMap.of("op", "read")));
|
||||
when(sessionUtils.isLoggedIn()).thenReturn(true);
|
||||
when(sessionUtils.checkRegistrarConsoleLogin(req)).thenReturn(true);
|
||||
when(sessionUtils.getRegistrarClientId(req)).thenReturn(CLIENT_ID);
|
||||
when(sessionUtils.getRegistrarForAuthResult(req, action.authResult))
|
||||
.thenReturn(Registrar.loadByClientId(CLIENT_ID));
|
||||
when(modulesService.getVersionHostname("backend", null)).thenReturn("backend.hostname");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,8 +21,10 @@ import static google.registry.testing.CertificateSamples.SAMPLE_CERT;
|
|||
import static google.registry.testing.CertificateSamples.SAMPLE_CERT2;
|
||||
import static google.registry.testing.CertificateSamples.SAMPLE_CERT2_HASH;
|
||||
import static google.registry.testing.CertificateSamples.SAMPLE_CERT_HASH;
|
||||
import static google.registry.testing.DatastoreHelper.persistResource;
|
||||
import static google.registry.util.DateTimeUtils.START_OF_TIME;
|
||||
import static java.util.Arrays.asList;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import google.registry.model.registrar.Registrar;
|
||||
|
|
@ -100,12 +102,14 @@ public class SecuritySettingsTest extends RegistrarSettingsActionTestCase {
|
|||
|
||||
@Test
|
||||
public void testEmptyOrNullCertificate_doesNotClearOutCurrentOne() throws Exception {
|
||||
action.initialRegistrar =
|
||||
Registrar initialRegistrar = persistResource(
|
||||
Registrar.loadByClientId(CLIENT_ID).asBuilder()
|
||||
.setClientCertificate(SAMPLE_CERT, START_OF_TIME)
|
||||
.setFailoverClientCertificate(SAMPLE_CERT2, START_OF_TIME)
|
||||
.build();
|
||||
Map<String, Object> jsonMap = action.initialRegistrar.toJsonMap();
|
||||
.build());
|
||||
when(sessionUtils.getRegistrarForAuthResult(req, action.authResult))
|
||||
.thenReturn(initialRegistrar);
|
||||
Map<String, Object> jsonMap = initialRegistrar.toJsonMap();
|
||||
jsonMap.put("clientCertificate", null);
|
||||
jsonMap.put("failoverClientCertificate", "");
|
||||
Map<String, Object> response = action.handleJsonRequest(ImmutableMap.of(
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
|
|||
import static org.mockito.Mockito.when;
|
||||
|
||||
import com.google.appengine.api.users.User;
|
||||
import com.google.appengine.api.users.UserService;
|
||||
import com.google.common.testing.NullPointerTester;
|
||||
import google.registry.model.registrar.Registrar;
|
||||
import google.registry.model.registrar.RegistrarContact;
|
||||
|
|
@ -55,7 +54,6 @@ public class SessionUtilsTest {
|
|||
@Rule
|
||||
public final InjectRule inject = new InjectRule();
|
||||
|
||||
private final UserService userService = mock(UserService.class);
|
||||
private final HttpServletRequest req = mock(HttpServletRequest.class);
|
||||
private final HttpServletResponse rsp = mock(HttpServletResponse.class);
|
||||
private final HttpSession session = mock(HttpSession.class);
|
||||
|
|
@ -66,22 +64,20 @@ public class SessionUtilsTest {
|
|||
|
||||
@Before
|
||||
public void before() throws Exception {
|
||||
sessionUtils = new SessionUtils(userService);
|
||||
sessionUtils = new SessionUtils();
|
||||
when(req.getSession()).thenReturn(session);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCheckRegistrarConsoleLogin_authedButNoSession_createsSession() throws Exception {
|
||||
when(userService.getCurrentUser()).thenReturn(jart);
|
||||
assertThat(sessionUtils.checkRegistrarConsoleLogin(req)).isTrue();
|
||||
assertThat(sessionUtils.checkRegistrarConsoleLogin(req, jart)).isTrue();
|
||||
verify(session).setAttribute(eq("clientId"), eq("TheRegistrar"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCheckRegistrarConsoleLogin_authedWithValidSession_doesNothing() throws Exception {
|
||||
when(session.getAttribute("clientId")).thenReturn("TheRegistrar");
|
||||
when(userService.getCurrentUser()).thenReturn(jart);
|
||||
assertThat(sessionUtils.checkRegistrarConsoleLogin(req)).isTrue();
|
||||
assertThat(sessionUtils.checkRegistrarConsoleLogin(req, jart)).isTrue();
|
||||
verify(session).getAttribute("clientId");
|
||||
verifyNoMoreInteractions(session);
|
||||
}
|
||||
|
|
@ -92,16 +88,14 @@ public class SessionUtilsTest {
|
|||
Registrar.loadByClientId("TheRegistrar"),
|
||||
new java.util.HashSet<RegistrarContact>());
|
||||
when(session.getAttribute("clientId")).thenReturn("TheRegistrar");
|
||||
when(userService.getCurrentUser()).thenReturn(jart);
|
||||
assertThat(sessionUtils.checkRegistrarConsoleLogin(req)).isFalse();
|
||||
assertThat(sessionUtils.checkRegistrarConsoleLogin(req, jart)).isFalse();
|
||||
verify(session).invalidate();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCheckRegistrarConsoleLogin_orphanedContactIsDenied() throws Exception {
|
||||
deleteResource(Registrar.loadByClientId("TheRegistrar"));
|
||||
when(userService.getCurrentUser()).thenReturn(jart);
|
||||
assertThat(sessionUtils.checkRegistrarConsoleLogin(req)).isFalse();
|
||||
assertThat(sessionUtils.checkRegistrarConsoleLogin(req, jart)).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -109,13 +103,12 @@ public class SessionUtilsTest {
|
|||
throws Exception {
|
||||
thrown.expect(IllegalStateException.class);
|
||||
@SuppressWarnings("unused")
|
||||
boolean unused = sessionUtils.checkRegistrarConsoleLogin(req);
|
||||
boolean unused = sessionUtils.checkRegistrarConsoleLogin(req, null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCheckRegistrarConsoleLogin_notAllowed_returnsFalse() throws Exception {
|
||||
when(userService.getCurrentUser()).thenReturn(bozo);
|
||||
assertThat(sessionUtils.checkRegistrarConsoleLogin(req)).isFalse();
|
||||
assertThat(sessionUtils.checkRegistrarConsoleLogin(req, bozo)).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue