Fix admin access to registryAdminClientId when they aren't associated with it

An admin that isn't associated with any clientId, will default to the registryAdminClientId. However, if we set the registryAdminClientId as the session's CLIENT_ID_ATTRIBUTE, the next time we access the server we have a client-id attribute we aren't associated with - which returns a "403 Registrar Console access revoked" error (the assumption is - we were associated with it before but aren't anymore) To fix this - we just add all admins as "hasAccessTo" registryAdminClientId, even if it's not in the contacts. This will let admins stay on the admin registrar, without affecting where they log-in initially if they are also contacts in different registrars. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=200402856
2025-05-15 08:57:12 +02:00 · 2018-06-13 09:26:23 -07:00 · 2018-06-13 09:26:23 -07:00 · 2d4eeae26c
commit 2d4eeae26c
parent 98d8d8886d
2 changed files with 61 additions and 10 deletions
--- a/java/google/registry/ui/server/registrar/SessionUtils.java
+++ b/java/google/registry/ui/server/registrar/SessionUtils.java
@ -42,7 +42,7 @@ public class SessionUtils {

  private static final FluentLogger logger = FluentLogger.forEnclosingClass();

-  public static final String CLIENT_ID_ATTRIBUTE = "clientId";
+  private static final String CLIENT_ID_ATTRIBUTE = "clientId";

  @Inject
  @Config("registryAdminClientId")
@ -101,7 +101,7 @@ public class SessionUtils {

    // Use the clientId if it exists
    if (clientId != null) {
-      if (!hasAccessToRegistrar(clientId, user.getUserId())) {
+      if (!hasAccessToRegistrar(clientId, user.getUserId(), userAuthInfo.isUserAdmin())) {
        logger.atInfo().log("Registrar Console access revoked: %s", clientId);
        session.invalidate();
        return false;
@ -114,7 +114,7 @@ public class SessionUtils {
    // The clientId was null, so let's try and find a registrar this user is associated with
    Optional<Registrar> registrar = findRegistrarForUser(user.getUserId());
    if (registrar.isPresent()) {
-      verify(hasAccessToRegistrar(registrar.get(), user.getUserId()));
+      verify(isInAllowedContacts(registrar.get(), user.getUserId()));
      logger.atInfo().log(
          "Associating user %s with found registrar %s.",
          user.getUserId(), registrar.get().getClientId());
@ -180,18 +180,27 @@ public class SessionUtils {
    return result;
  }

-  /** @see #hasAccessToRegistrar(Registrar, String) */
-  protected static boolean hasAccessToRegistrar(String clientId, final String gaeUserId) {
+  /** @see #isInAllowedContacts(Registrar, String) */
+  boolean hasAccessToRegistrar(String clientId, String gaeUserId, boolean isAdmin) {
    Optional<Registrar> registrar = Registrar.loadByClientIdCached(clientId);
    if (!registrar.isPresent()) {
      logger.atWarning().log("Registrar '%s' disappeared from Datastore!", clientId);
      return false;
    }
-    return hasAccessToRegistrar(registrar.get(), gaeUserId);
+    if (isAdmin && clientId.equals(registryAdminClientId)) {
+      return true;
+    }
+    return isInAllowedContacts(registrar.get(), gaeUserId);
  }

-  /** Returns {@code true} if {@code gaeUserId} is listed in contacts. */
-  private static boolean hasAccessToRegistrar(Registrar registrar, final String gaeUserId) {
+  /**
+   * Returns {@code true} if {@code gaeUserId} is listed in contacts with access to the registrar.
+   *
+   * <p>Each registrar contact can either have getGaeUserId equals null or the user's gaeUserId.
+   * Null means the contact doesn't have access to the registrar console. None-null means the
+   * contact has access.
+   */
+  private static boolean isInAllowedContacts(Registrar registrar, final String gaeUserId) {
    return registrar
        .getContacts()
        .stream()