mirror of
https://github.com/google/nomulus.git
synced 2025-05-17 17:59:41 +02:00
Refactor authInfo validation
1) Don't do ofy().load() inside a model class (in DomainAuthInfo) 2) Move the one use of verify into the one caller in ResourceFlowUtils 3) Hosts don't support authInfo, so remove useless code ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=137984809
This commit is contained in:
cgoldfeder
Ben McIlwain
parent
f95f27ed72
commit
2dd703ef3a
28 changed files with 102 additions and 146 deletions
|
|
@ -19,7 +19,7 @@ import static google.registry.flows.ResourceFlowUtils.handlePendingTransferOnDel
|
|||
import static google.registry.flows.ResourceFlowUtils.prepareDeletedResourceAsBuilder;
|
||||
import static google.registry.flows.ResourceFlowUtils.updateForeignKeyIndexDeletionTime;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.verifyApplicationDomainMatchesTargetId;
|
||||
|
|
@ -85,7 +85,7 @@ public final class DomainApplicationDeleteFlow implements TransactionalFlow {
|
|||
DomainApplication existingApplication = verifyExistence(
|
||||
DomainApplication.class, applicationId, loadDomainApplication(applicationId, now));
|
||||
verifyApplicationDomainMatchesTargetId(existingApplication, targetId);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingApplication);
|
||||
verifyOptionalAuthInfo(authInfo, existingApplication);
|
||||
String tld = existingApplication.getTld();
|
||||
checkAllowedAccessToTld(clientId, tld);
|
||||
if (!isSuperuser) {
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ package google.registry.flows.domain;
|
|||
import static google.registry.flows.EppXmlTransformer.unmarshal;
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.addSecDnsExtensionIfPresent;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.verifyApplicationDomainMatchesTargetId;
|
||||
|
|
@ -86,7 +86,7 @@ public final class DomainApplicationInfoFlow implements Flow {
|
|||
applicationId,
|
||||
loadDomainApplication(applicationId, clock.nowUtc()));
|
||||
verifyApplicationDomainMatchesTargetId(application, targetId);
|
||||
verifyOptionalAuthInfoForResource(authInfo, application);
|
||||
verifyOptionalAuthInfo(authInfo, application);
|
||||
LaunchInfoExtension launchInfo = eppInput.getSingleExtension(LaunchInfoExtension.class);
|
||||
if (!application.getPhase().equals(launchInfo.getPhase())) {
|
||||
throw new ApplicationLaunchPhaseMismatchException();
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import static google.registry.flows.ResourceFlowUtils.checkSameValuesNotAddedAnd
|
|||
import static google.registry.flows.ResourceFlowUtils.verifyAllStatusesAreClientSettable;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.cloneAndLinkReferences;
|
||||
|
|
@ -147,7 +147,7 @@ public class DomainApplicationUpdateFlow implements TransactionalFlow {
|
|||
DomainApplication.class, applicationId, loadDomainApplication(applicationId, now));
|
||||
verifyApplicationDomainMatchesTargetId(existingApplication, targetId);
|
||||
verifyNoDisallowedStatuses(existingApplication, UPDATE_DISALLOWED_STATUSES);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingApplication);
|
||||
verifyOptionalAuthInfo(authInfo, existingApplication);
|
||||
verifyUpdateAllowed(existingApplication, command);
|
||||
HistoryEntry historyEntry = buildHistory(existingApplication, now);
|
||||
DomainApplication newApplication = updateApplication(existingApplication, command, now);
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
|||
import static google.registry.flows.ResourceFlowUtils.prepareDeletedResourceAsBuilder;
|
||||
import static google.registry.flows.ResourceFlowUtils.updateForeignKeyIndexDeletionTime;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.updateAutorenewRecurrenceEndTime;
|
||||
|
|
@ -169,7 +169,7 @@ public final class DomainDeleteFlow implements TransactionalFlow {
|
|||
private void verifyDeleteAllowed(DomainResource existingDomain, Registry registry, DateTime now)
|
||||
throws EppException {
|
||||
verifyNoDisallowedStatuses(existingDomain, DISALLOWED_STATUSES);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
if (!isSuperuser) {
|
||||
verifyResourceOwnership(clientId, existingDomain);
|
||||
verifyNotInPredelegation(registry, now);
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ package google.registry.flows.domain;
|
|||
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.addSecDnsExtensionIfPresent;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.handleFeeRequest;
|
||||
import static google.registry.util.CollectionUtils.forceEmptyToNull;
|
||||
|
|
@ -82,7 +82,7 @@ public final class DomainInfoFlow implements Flow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = clock.nowUtc();
|
||||
DomainResource domain = loadAndVerifyExistence(DomainResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, domain);
|
||||
verifyOptionalAuthInfo(authInfo, domain);
|
||||
return responseBuilder
|
||||
.setResData(getResourceInfo(domain))
|
||||
.setExtensions(getDomainResponseExtensions(domain, now))
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ package google.registry.flows.domain;
|
|||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.newAutorenewBillingEvent;
|
||||
|
|
@ -184,7 +184,7 @@ public final class DomainRenewFlow implements TransactionalFlow {
|
|||
Optional<AuthInfo> authInfo,
|
||||
DomainResource existingDomain,
|
||||
Renew command) throws EppException {
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
verifyNoDisallowedStatuses(existingDomain, RENEW_DISALLOWED_STATUSES);
|
||||
if (!isSuperuser) {
|
||||
verifyResourceOwnership(clientId, existingDomain);
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ package google.registry.flows.domain;
|
|||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.updateForeignKeyIndexDeletionTime;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.newAutorenewBillingEvent;
|
||||
|
|
@ -186,7 +186,7 @@ public final class DomainRestoreRequestFlow implements TransactionalFlow {
|
|||
Money renewCost,
|
||||
FeeTransformCommandExtension feeUpdate,
|
||||
DateTime now) throws EppException {
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
if (!isSuperuser) {
|
||||
verifyResourceOwnership(clientId, existingDomain);
|
||||
verifyNotReserved(InternetDomainName.from(targetId), false);
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
|||
import static google.registry.flows.ResourceFlowUtils.approvePendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyHasPendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createGainingTransferPollMessage;
|
||||
|
|
@ -97,7 +97,7 @@ public final class DomainTransferApproveFlow implements TransactionalFlow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
DomainResource existingDomain = loadAndVerifyExistence(DomainResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
verifyHasPendingTransfer(existingDomain);
|
||||
verifyResourceOwnership(clientId, existingDomain);
|
||||
String tld = existingDomain.getTld();
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ import static google.registry.flows.ResourceFlowUtils.denyPendingTransfer;
|
|||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyHasPendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyIsGainingRegistrar;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createLosingTransferPollMessage;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createTransferResponse;
|
||||
|
|
@ -79,7 +79,7 @@ public final class DomainTransferCancelFlow implements TransactionalFlow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
DomainResource existingDomain = loadAndVerifyExistence(DomainResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
verifyHasPendingTransfer(existingDomain);
|
||||
verifyIsGainingRegistrar(existingDomain, clientId);
|
||||
checkAllowedAccessToTld(clientId, existingDomain.getTld());
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ package google.registry.flows.domain;
|
|||
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createTransferResponse;
|
||||
import static google.registry.model.domain.DomainResource.extendRegistrationWithCap;
|
||||
|
||||
|
|
@ -68,7 +68,7 @@ public final class DomainTransferQueryFlow implements Flow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = clock.nowUtc();
|
||||
DomainResource domain = loadAndVerifyExistence(DomainResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, domain);
|
||||
verifyOptionalAuthInfo(authInfo, domain);
|
||||
// Most of the fields on the transfer response are required, so there's no way to return valid
|
||||
// XML if the object has never been transferred (and hence the fields aren't populated).
|
||||
TransferData transferData = domain.getTransferData();
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
|||
import static google.registry.flows.ResourceFlowUtils.denyPendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyHasPendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createGainingTransferPollMessage;
|
||||
|
|
@ -84,7 +84,7 @@ public final class DomainTransferRejectFlow implements TransactionalFlow {
|
|||
.setModificationTime(now)
|
||||
.setParent(Key.create(existingDomain))
|
||||
.build();
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
verifyHasPendingTransfer(existingDomain);
|
||||
verifyResourceOwnership(clientId, existingDomain);
|
||||
checkAllowedAccessToTld(clientId, existingDomain.getTld());
|
||||
|
|
|
|||
|
|
@ -18,8 +18,9 @@ import static com.google.common.collect.Iterables.filter;
|
|||
import static com.google.common.collect.Iterables.getOnlyElement;
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyAuthInfoPresentForResourceTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyRequiredAuthInfoForResourceTransfer;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createGainingTransferPollMessage;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createLosingTransferPollMessage;
|
||||
|
|
@ -195,7 +196,8 @@ public final class DomainTransferRequestFlow implements TransactionalFlow {
|
|||
private void verifyTransferAllowed(DomainResource existingDomain, Period period, DateTime now)
|
||||
throws EppException {
|
||||
verifyNoDisallowedStatuses(existingDomain, DISALLOWED_STATUSES);
|
||||
verifyRequiredAuthInfoForResourceTransfer(authInfo, existingDomain);
|
||||
verifyAuthInfoPresentForResourceTransfer(authInfo);
|
||||
verifyAuthInfo(authInfo.get(), existingDomain);
|
||||
// Verify that the resource does not already have a pending transfer.
|
||||
if (TransferStatus.PENDING.equals(existingDomain.getTransferData().getTransferStatus())) {
|
||||
throw new AlreadyPendingTransferException(targetId);
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ import static google.registry.flows.ResourceFlowUtils.checkSameValuesNotAddedAnd
|
|||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyAllStatusesAreClientSettable;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.cloneAndLinkReferences;
|
||||
|
|
@ -187,7 +187,7 @@ public final class DomainUpdateFlow implements TransactionalFlow {
|
|||
private void verifyUpdateAllowed(Update command, DomainResource existingDomain, DateTime now)
|
||||
throws EppException {
|
||||
verifyNoDisallowedStatuses(existingDomain, UPDATE_DISALLOWED_STATUSES);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
AddRemove add = command.getInnerAdd();
|
||||
AddRemove remove = command.getInnerRemove();
|
||||
if (!isSuperuser) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue