mirror of
https://github.com/google/nomulus.git
synced 2025-05-17 09:57:17 +02:00
Refactor authInfo validation
1) Don't do ofy().load() inside a model class (in DomainAuthInfo) 2) Move the one use of verify into the one caller in ResourceFlowUtils 3) Hosts don't support authInfo, so remove useless code ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=137984809
This commit is contained in:
cgoldfeder
Ben McIlwain
parent
f95f27ed72
commit
2dd703ef3a
28 changed files with 102 additions and 146 deletions
|
|
@ -14,10 +14,7 @@
|
|||
|
||||
package google.registry.model.contact;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
|
||||
import com.googlecode.objectify.annotation.Embed;
|
||||
import google.registry.model.EppResource;
|
||||
import google.registry.model.eppcommon.AuthInfo;
|
||||
import javax.xml.bind.annotation.XmlType;
|
||||
|
||||
|
|
@ -25,25 +22,9 @@ import javax.xml.bind.annotation.XmlType;
|
|||
@Embed
|
||||
@XmlType(namespace = "urn:ietf:params:xml:ns:contact-1.0")
|
||||
public class ContactAuthInfo extends AuthInfo {
|
||||
|
||||
public static ContactAuthInfo create(PasswordAuth pw) {
|
||||
ContactAuthInfo instance = new ContactAuthInfo();
|
||||
instance.pw = pw;
|
||||
return instance;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void verifyAuthorizedFor(EppResource eppResource) throws BadAuthInfoException {
|
||||
ContactResource contact = (ContactResource) eppResource;
|
||||
PasswordAuth passwordAuth = checkNotNull(getPw());
|
||||
|
||||
// It's rather strange to specify a repoId on a contact auth info. Instead of explicitly
|
||||
// rejecting it, we'll just make sure the repoId matches this particular contact.
|
||||
if (passwordAuth.getRepoId() != null && !contact.getRepoId().equals(getRepoId())) {
|
||||
throw new BadAuthInfoException();
|
||||
}
|
||||
if (!contact.getAuthInfo().getPw().getValue().equals(passwordAuth.getValue())) {
|
||||
throw new BadAuthInfoException();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,52 +14,15 @@
|
|||
|
||||
package google.registry.model.domain;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
|
||||
import com.googlecode.objectify.Key;
|
||||
import com.googlecode.objectify.annotation.Embed;
|
||||
import google.registry.model.EppResource;
|
||||
import google.registry.model.contact.ContactResource;
|
||||
import google.registry.model.eppcommon.AuthInfo;
|
||||
|
||||
/** A version of authInfo specifically for domains. */
|
||||
@Embed
|
||||
public class DomainAuthInfo extends AuthInfo {
|
||||
|
||||
public static DomainAuthInfo create(PasswordAuth pw) {
|
||||
DomainAuthInfo instance = new DomainAuthInfo();
|
||||
instance.pw = pw;
|
||||
return instance;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void verifyAuthorizedFor(EppResource eppResource) throws BadAuthInfoException {
|
||||
DomainBase domain = (DomainBase) eppResource;
|
||||
checkNotNull(getPw());
|
||||
if (getRepoId() != null) {
|
||||
// Make sure the repo id matches one of the contacts on the domain.
|
||||
Key<ContactResource> foundContact = null;
|
||||
for (Key<ContactResource> contact : domain.getReferencedContacts()) {
|
||||
String contactRepoId = contact.getName();
|
||||
if (getRepoId().equals(contactRepoId)) {
|
||||
foundContact = contact;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (foundContact == null) {
|
||||
throw new BadAuthInfoException();
|
||||
}
|
||||
// Check if the password provided matches the password on the referenced contact.
|
||||
if (!ofy().load().key(foundContact).now().getAuthInfo().getPw().getValue().equals(
|
||||
getPw().getValue())) {
|
||||
throw new BadAuthInfoException();
|
||||
}
|
||||
} else {
|
||||
// If not repository ID is specified, then check the password against the domain's password.
|
||||
if (!domain.getAuthInfo().getPw().getValue().equals(getPw().getValue())) {
|
||||
throw new BadAuthInfoException();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@
|
|||
package google.registry.model.eppcommon;
|
||||
|
||||
import com.googlecode.objectify.annotation.Embed;
|
||||
import google.registry.model.EppResource;
|
||||
import google.registry.model.ImmutableObject;
|
||||
import javax.xml.bind.annotation.XmlAttribute;
|
||||
import javax.xml.bind.annotation.XmlTransient;
|
||||
|
|
@ -33,13 +32,6 @@ import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
|
|||
@XmlTransient
|
||||
public abstract class AuthInfo extends ImmutableObject {
|
||||
|
||||
/**
|
||||
* Verify that the authorization info is valid for the given resource in the given tld.
|
||||
*
|
||||
* @throws BadAuthInfoException if this authorization info is invalid for this resource
|
||||
*/
|
||||
public abstract void verifyAuthorizedFor(EppResource eppResource) throws BadAuthInfoException;
|
||||
|
||||
protected PasswordAuth pw;
|
||||
|
||||
public PasswordAuth getPw() {
|
||||
|
|
@ -77,12 +69,4 @@ public abstract class AuthInfo extends ImmutableObject {
|
|||
return create(value, null);
|
||||
}
|
||||
}
|
||||
|
||||
/** Returns the repoId for the contact this auth info is associated with. */
|
||||
protected String getRepoId() {
|
||||
return pw.getRepoId();
|
||||
}
|
||||
|
||||
/** Exception to throw when an auth info can't be verified. */
|
||||
public static class BadAuthInfoException extends Exception {}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue