mirror of
https://github.com/google/nomulus.git
synced 2025-05-13 07:57:13 +02:00
Refactor authInfo validation
1) Don't do ofy().load() inside a model class (in DomainAuthInfo) 2) Move the one use of verify into the one caller in ResourceFlowUtils 3) Hosts don't support authInfo, so remove useless code ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=137984809
This commit is contained in:
cgoldfeder
Ben McIlwain
parent
f95f27ed72
commit
2dd703ef3a
28 changed files with 102 additions and 146 deletions
|
|
@ -15,6 +15,7 @@
|
|||
package google.registry.flows;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkState;
|
||||
import static com.google.common.collect.Iterables.tryFind;
|
||||
import static com.google.common.collect.Sets.intersection;
|
||||
import static google.registry.model.EppResourceUtils.loadByForeignKey;
|
||||
import static google.registry.model.EppResourceUtils.queryDomainsUsingResource;
|
||||
|
|
@ -50,7 +51,6 @@ import google.registry.model.contact.ContactResource;
|
|||
import google.registry.model.domain.DomainBase;
|
||||
import google.registry.model.domain.DomainResource;
|
||||
import google.registry.model.eppcommon.AuthInfo;
|
||||
import google.registry.model.eppcommon.AuthInfo.BadAuthInfoException;
|
||||
import google.registry.model.eppcommon.StatusValue;
|
||||
import google.registry.model.eppcommon.Trid;
|
||||
import google.registry.model.index.ForeignKeyIndex;
|
||||
|
|
@ -318,29 +318,67 @@ public final class ResourceFlowUtils {
|
|||
}
|
||||
}
|
||||
|
||||
/** Check that the given AuthInfo is either missing or else is valid for the given resource. */
|
||||
public static void verifyOptionalAuthInfoForResource(
|
||||
Optional<AuthInfo> authInfo, EppResource resource) throws EppException {
|
||||
if (authInfo.isPresent()) {
|
||||
verifyAuthInfoForResource(authInfo.get(), resource);
|
||||
}
|
||||
}
|
||||
|
||||
/** Check that the given AuthInfo is present and valid for a resource being transferred. */
|
||||
public static void verifyRequiredAuthInfoForResourceTransfer(
|
||||
Optional<AuthInfo> authInfo, EppResource existingResource) throws EppException {
|
||||
/** Check that the given AuthInfo is present for a resource being transferred. */
|
||||
public static void verifyAuthInfoPresentForResourceTransfer(Optional<AuthInfo> authInfo)
|
||||
throws EppException {
|
||||
if (!authInfo.isPresent()) {
|
||||
throw new MissingTransferRequestAuthInfoException();
|
||||
}
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingResource);
|
||||
}
|
||||
|
||||
/** Check that the given AuthInfo is valid for the given resource. */
|
||||
public static void verifyAuthInfoForResource(AuthInfo authInfo, EppResource resource)
|
||||
/** Check that the given AuthInfo is either missing or else is valid for the given resource. */
|
||||
public static void verifyOptionalAuthInfo(
|
||||
Optional<AuthInfo> authInfo, ContactResource contact) throws EppException {
|
||||
if (authInfo.isPresent()) {
|
||||
verifyAuthInfo(authInfo.get(), contact);
|
||||
}
|
||||
}
|
||||
|
||||
/** Check that the given AuthInfo is either missing or else is valid for the given resource. */
|
||||
public static void verifyOptionalAuthInfo(
|
||||
Optional<AuthInfo> authInfo, DomainBase domain) throws EppException {
|
||||
if (authInfo.isPresent()) {
|
||||
verifyAuthInfo(authInfo.get(), domain);
|
||||
}
|
||||
}
|
||||
|
||||
/** Check that the given {@link AuthInfo} is valid for the given domain. */
|
||||
public static void verifyAuthInfo(AuthInfo authInfo, DomainBase domain) throws EppException {
|
||||
final String authRepoId = authInfo.getPw().getRepoId();
|
||||
String authPassword = authInfo.getPw().getValue();
|
||||
if (authRepoId == null) {
|
||||
// If no roid is specified, check the password against the domain's password.
|
||||
String domainPassword = domain.getAuthInfo().getPw().getValue();
|
||||
if (!domainPassword.equals(authPassword)) {
|
||||
throw new BadAuthInfoForResourceException();
|
||||
}
|
||||
return;
|
||||
}
|
||||
// The roid should match one of the contacts.
|
||||
Optional<Key<ContactResource>> foundContact = tryFind(
|
||||
domain.getReferencedContacts(),
|
||||
new Predicate<Key<ContactResource>>() {
|
||||
@Override
|
||||
public boolean apply(Key<ContactResource> key) {
|
||||
return key.getName().equals(authRepoId);
|
||||
}});
|
||||
if (!foundContact.isPresent()) {
|
||||
throw new BadAuthInfoForResourceException();
|
||||
}
|
||||
// Check the authInfo against the contact.
|
||||
verifyAuthInfo(authInfo, ofy().load().key(foundContact.get()).now());
|
||||
}
|
||||
|
||||
/** Check that the given {@link AuthInfo} is valid for the given contact. */
|
||||
public static void verifyAuthInfo(AuthInfo authInfo, ContactResource contact)
|
||||
throws EppException {
|
||||
try {
|
||||
authInfo.verifyAuthorizedFor(resource);
|
||||
} catch (BadAuthInfoException e) {
|
||||
String authRepoId = authInfo.getPw().getRepoId();
|
||||
String authPassword = authInfo.getPw().getValue();
|
||||
String contactPassword = contact.getAuthInfo().getPw().getValue();
|
||||
if (!contactPassword.equals(authPassword)
|
||||
// It's unnecessary to specify a repoId on a contact auth info, but if it's there validate
|
||||
// it. The usual case of this is validating a domain's auth using this method.
|
||||
|| (authRepoId != null && !authRepoId.equals(contact.getRepoId()))) {
|
||||
throw new BadAuthInfoForResourceException();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
|||
import static google.registry.flows.ResourceFlowUtils.failfastForAsyncDelete;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.model.eppoutput.Result.Code.SUCCESS_WITH_ACTION_PENDING;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
|
|
@ -92,7 +92,7 @@ public final class ContactDeleteFlow implements TransactionalFlow {
|
|||
failfastForAsyncDelete(targetId, now, ContactResource.class, GET_REFERENCED_CONTACTS);
|
||||
ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now);
|
||||
verifyNoDisallowedStatuses(existingContact, DISALLOWED_STATUSES);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingContact);
|
||||
verifyOptionalAuthInfo(authInfo, existingContact);
|
||||
if (!isSuperuser) {
|
||||
verifyResourceOwnership(clientId, existingContact);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ package google.registry.flows.contact;
|
|||
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.model.EppResourceUtils.cloneResourceWithLinkedStatus;
|
||||
|
||||
import com.google.common.base.Optional;
|
||||
|
|
@ -58,7 +58,7 @@ public final class ContactInfoFlow implements Flow {
|
|||
extensionManager.validate(); // There are no legal extensions for this flow.
|
||||
validateClientIsLoggedIn(clientId);
|
||||
ContactResource contact = loadAndVerifyExistence(ContactResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, contact);
|
||||
verifyOptionalAuthInfo(authInfo, contact);
|
||||
if (!clientId.equals(contact.getCurrentSponsorClientId()) && !authInfo.isPresent()) {
|
||||
contact = contact.asBuilder().setAuthInfo(null).build();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ package google.registry.flows.contact;
|
|||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.approvePendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.createGainingTransferPollMessage;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.createTransferResponse;
|
||||
|
|
@ -78,7 +78,7 @@ public final class ContactTransferApproveFlow implements TransactionalFlow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingContact);
|
||||
verifyOptionalAuthInfo(authInfo, existingContact);
|
||||
TransferData transferData = existingContact.getTransferData();
|
||||
if (transferData.getTransferStatus() != TransferStatus.PENDING) {
|
||||
throw new NotPendingTransferException(targetId);
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ package google.registry.flows.contact;
|
|||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.denyPendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.createLosingTransferPollMessage;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.createTransferResponse;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
|
|
@ -74,7 +74,7 @@ public final class ContactTransferCancelFlow implements TransactionalFlow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingContact);
|
||||
verifyOptionalAuthInfo(authInfo, existingContact);
|
||||
TransferData transferData = existingContact.getTransferData();
|
||||
if (transferData.getTransferStatus() != TransferStatus.PENDING) {
|
||||
throw new NotPendingTransferException(targetId);
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ package google.registry.flows.contact;
|
|||
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.createTransferResponse;
|
||||
|
||||
import com.google.common.base.Optional;
|
||||
|
|
@ -64,7 +64,7 @@ public final class ContactTransferQueryFlow implements Flow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
ContactResource contact =
|
||||
loadAndVerifyExistence(ContactResource.class, targetId, clock.nowUtc());
|
||||
verifyOptionalAuthInfoForResource(authInfo, contact);
|
||||
verifyOptionalAuthInfo(authInfo, contact);
|
||||
// Most of the fields on the transfer response are required, so there's no way to return valid
|
||||
// XML if the object has never been transferred (and hence the fields aren't populated).
|
||||
if (contact.getTransferData().getTransferStatus() == null) {
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ package google.registry.flows.contact;
|
|||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.denyPendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.createGainingTransferPollMessage;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.createTransferResponse;
|
||||
|
|
@ -72,7 +72,7 @@ public final class ContactTransferRejectFlow implements TransactionalFlow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingContact);
|
||||
verifyOptionalAuthInfo(authInfo, existingContact);
|
||||
TransferData transferData = existingContact.getTransferData();
|
||||
if (transferData.getTransferStatus() != TransferStatus.PENDING) {
|
||||
throw new NotPendingTransferException(targetId);
|
||||
|
|
|
|||
|
|
@ -16,8 +16,9 @@ package google.registry.flows.contact;
|
|||
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyAuthInfoPresentForResourceTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyRequiredAuthInfoForResourceTransfer;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.createGainingTransferPollMessage;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.createLosingTransferPollMessage;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.createTransferResponse;
|
||||
|
|
@ -88,7 +89,8 @@ public final class ContactTransferRequestFlow implements TransactionalFlow {
|
|||
validateClientIsLoggedIn(gainingClientId);
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now);
|
||||
verifyRequiredAuthInfoForResourceTransfer(authInfo, existingContact);
|
||||
verifyAuthInfoPresentForResourceTransfer(authInfo);
|
||||
verifyAuthInfo(authInfo.get(), existingContact);
|
||||
// Verify that the resource does not already have a pending transfer.
|
||||
if (TransferStatus.PENDING.equals(existingContact.getTransferData().getTransferStatus())) {
|
||||
throw new AlreadyPendingTransferException(targetId);
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ import static google.registry.flows.ResourceFlowUtils.checkSameValuesNotAddedAnd
|
|||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyAllStatusesAreClientSettable;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.validateAsciiPostalInfo;
|
||||
import static google.registry.flows.contact.ContactFlowUtils.validateContactAgainstPolicy;
|
||||
|
|
@ -92,7 +92,7 @@ public final class ContactUpdateFlow implements TransactionalFlow {
|
|||
Update command = (Update) resourceCommand;
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingContact);
|
||||
verifyOptionalAuthInfo(authInfo, existingContact);
|
||||
ImmutableSet<StatusValue> statusToRemove = command.getInnerRemove().getStatusValues();
|
||||
ImmutableSet<StatusValue> statusesToAdd = command.getInnerAdd().getStatusValues();
|
||||
if (!isSuperuser) { // The superuser can update any contact and set any status.
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ import static google.registry.flows.ResourceFlowUtils.handlePendingTransferOnDel
|
|||
import static google.registry.flows.ResourceFlowUtils.prepareDeletedResourceAsBuilder;
|
||||
import static google.registry.flows.ResourceFlowUtils.updateForeignKeyIndexDeletionTime;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.verifyApplicationDomainMatchesTargetId;
|
||||
|
|
@ -85,7 +85,7 @@ public final class DomainApplicationDeleteFlow implements TransactionalFlow {
|
|||
DomainApplication existingApplication = verifyExistence(
|
||||
DomainApplication.class, applicationId, loadDomainApplication(applicationId, now));
|
||||
verifyApplicationDomainMatchesTargetId(existingApplication, targetId);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingApplication);
|
||||
verifyOptionalAuthInfo(authInfo, existingApplication);
|
||||
String tld = existingApplication.getTld();
|
||||
checkAllowedAccessToTld(clientId, tld);
|
||||
if (!isSuperuser) {
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ package google.registry.flows.domain;
|
|||
import static google.registry.flows.EppXmlTransformer.unmarshal;
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.addSecDnsExtensionIfPresent;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.verifyApplicationDomainMatchesTargetId;
|
||||
|
|
@ -86,7 +86,7 @@ public final class DomainApplicationInfoFlow implements Flow {
|
|||
applicationId,
|
||||
loadDomainApplication(applicationId, clock.nowUtc()));
|
||||
verifyApplicationDomainMatchesTargetId(application, targetId);
|
||||
verifyOptionalAuthInfoForResource(authInfo, application);
|
||||
verifyOptionalAuthInfo(authInfo, application);
|
||||
LaunchInfoExtension launchInfo = eppInput.getSingleExtension(LaunchInfoExtension.class);
|
||||
if (!application.getPhase().equals(launchInfo.getPhase())) {
|
||||
throw new ApplicationLaunchPhaseMismatchException();
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ import static google.registry.flows.ResourceFlowUtils.checkSameValuesNotAddedAnd
|
|||
import static google.registry.flows.ResourceFlowUtils.verifyAllStatusesAreClientSettable;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.cloneAndLinkReferences;
|
||||
|
|
@ -147,7 +147,7 @@ public class DomainApplicationUpdateFlow implements TransactionalFlow {
|
|||
DomainApplication.class, applicationId, loadDomainApplication(applicationId, now));
|
||||
verifyApplicationDomainMatchesTargetId(existingApplication, targetId);
|
||||
verifyNoDisallowedStatuses(existingApplication, UPDATE_DISALLOWED_STATUSES);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingApplication);
|
||||
verifyOptionalAuthInfo(authInfo, existingApplication);
|
||||
verifyUpdateAllowed(existingApplication, command);
|
||||
HistoryEntry historyEntry = buildHistory(existingApplication, now);
|
||||
DomainApplication newApplication = updateApplication(existingApplication, command, now);
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
|||
import static google.registry.flows.ResourceFlowUtils.prepareDeletedResourceAsBuilder;
|
||||
import static google.registry.flows.ResourceFlowUtils.updateForeignKeyIndexDeletionTime;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.updateAutorenewRecurrenceEndTime;
|
||||
|
|
@ -169,7 +169,7 @@ public final class DomainDeleteFlow implements TransactionalFlow {
|
|||
private void verifyDeleteAllowed(DomainResource existingDomain, Registry registry, DateTime now)
|
||||
throws EppException {
|
||||
verifyNoDisallowedStatuses(existingDomain, DISALLOWED_STATUSES);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
if (!isSuperuser) {
|
||||
verifyResourceOwnership(clientId, existingDomain);
|
||||
verifyNotInPredelegation(registry, now);
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ package google.registry.flows.domain;
|
|||
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.addSecDnsExtensionIfPresent;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.handleFeeRequest;
|
||||
import static google.registry.util.CollectionUtils.forceEmptyToNull;
|
||||
|
|
@ -82,7 +82,7 @@ public final class DomainInfoFlow implements Flow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = clock.nowUtc();
|
||||
DomainResource domain = loadAndVerifyExistence(DomainResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, domain);
|
||||
verifyOptionalAuthInfo(authInfo, domain);
|
||||
return responseBuilder
|
||||
.setResData(getResourceInfo(domain))
|
||||
.setExtensions(getDomainResponseExtensions(domain, now))
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ package google.registry.flows.domain;
|
|||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.newAutorenewBillingEvent;
|
||||
|
|
@ -184,7 +184,7 @@ public final class DomainRenewFlow implements TransactionalFlow {
|
|||
Optional<AuthInfo> authInfo,
|
||||
DomainResource existingDomain,
|
||||
Renew command) throws EppException {
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
verifyNoDisallowedStatuses(existingDomain, RENEW_DISALLOWED_STATUSES);
|
||||
if (!isSuperuser) {
|
||||
verifyResourceOwnership(clientId, existingDomain);
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ package google.registry.flows.domain;
|
|||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.updateForeignKeyIndexDeletionTime;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.newAutorenewBillingEvent;
|
||||
|
|
@ -186,7 +186,7 @@ public final class DomainRestoreRequestFlow implements TransactionalFlow {
|
|||
Money renewCost,
|
||||
FeeTransformCommandExtension feeUpdate,
|
||||
DateTime now) throws EppException {
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
if (!isSuperuser) {
|
||||
verifyResourceOwnership(clientId, existingDomain);
|
||||
verifyNotReserved(InternetDomainName.from(targetId), false);
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
|||
import static google.registry.flows.ResourceFlowUtils.approvePendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyHasPendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createGainingTransferPollMessage;
|
||||
|
|
@ -97,7 +97,7 @@ public final class DomainTransferApproveFlow implements TransactionalFlow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
DomainResource existingDomain = loadAndVerifyExistence(DomainResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
verifyHasPendingTransfer(existingDomain);
|
||||
verifyResourceOwnership(clientId, existingDomain);
|
||||
String tld = existingDomain.getTld();
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ import static google.registry.flows.ResourceFlowUtils.denyPendingTransfer;
|
|||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyHasPendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyIsGainingRegistrar;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createLosingTransferPollMessage;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createTransferResponse;
|
||||
|
|
@ -79,7 +79,7 @@ public final class DomainTransferCancelFlow implements TransactionalFlow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
DomainResource existingDomain = loadAndVerifyExistence(DomainResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
verifyHasPendingTransfer(existingDomain);
|
||||
verifyIsGainingRegistrar(existingDomain, clientId);
|
||||
checkAllowedAccessToTld(clientId, existingDomain.getTld());
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ package google.registry.flows.domain;
|
|||
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createTransferResponse;
|
||||
import static google.registry.model.domain.DomainResource.extendRegistrationWithCap;
|
||||
|
||||
|
|
@ -68,7 +68,7 @@ public final class DomainTransferQueryFlow implements Flow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = clock.nowUtc();
|
||||
DomainResource domain = loadAndVerifyExistence(DomainResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, domain);
|
||||
verifyOptionalAuthInfo(authInfo, domain);
|
||||
// Most of the fields on the transfer response are required, so there's no way to return valid
|
||||
// XML if the object has never been transferred (and hence the fields aren't populated).
|
||||
TransferData transferData = domain.getTransferData();
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
|||
import static google.registry.flows.ResourceFlowUtils.denyPendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyHasPendingTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createGainingTransferPollMessage;
|
||||
|
|
@ -84,7 +84,7 @@ public final class DomainTransferRejectFlow implements TransactionalFlow {
|
|||
.setModificationTime(now)
|
||||
.setParent(Key.create(existingDomain))
|
||||
.build();
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
verifyHasPendingTransfer(existingDomain);
|
||||
verifyResourceOwnership(clientId, existingDomain);
|
||||
checkAllowedAccessToTld(clientId, existingDomain.getTld());
|
||||
|
|
|
|||
|
|
@ -18,8 +18,9 @@ import static com.google.common.collect.Iterables.filter;
|
|||
import static com.google.common.collect.Iterables.getOnlyElement;
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyAuthInfoPresentForResourceTransfer;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyRequiredAuthInfoForResourceTransfer;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createGainingTransferPollMessage;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.createLosingTransferPollMessage;
|
||||
|
|
@ -195,7 +196,8 @@ public final class DomainTransferRequestFlow implements TransactionalFlow {
|
|||
private void verifyTransferAllowed(DomainResource existingDomain, Period period, DateTime now)
|
||||
throws EppException {
|
||||
verifyNoDisallowedStatuses(existingDomain, DISALLOWED_STATUSES);
|
||||
verifyRequiredAuthInfoForResourceTransfer(authInfo, existingDomain);
|
||||
verifyAuthInfoPresentForResourceTransfer(authInfo);
|
||||
verifyAuthInfo(authInfo.get(), existingDomain);
|
||||
// Verify that the resource does not already have a pending transfer.
|
||||
if (TransferStatus.PENDING.equals(existingDomain.getTransferData().getTransferStatus())) {
|
||||
throw new AlreadyPendingTransferException(targetId);
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ import static google.registry.flows.ResourceFlowUtils.checkSameValuesNotAddedAnd
|
|||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyAllStatusesAreClientSettable;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
||||
import static google.registry.flows.domain.DomainFlowUtils.cloneAndLinkReferences;
|
||||
|
|
@ -187,7 +187,7 @@ public final class DomainUpdateFlow implements TransactionalFlow {
|
|||
private void verifyUpdateAllowed(Update command, DomainResource existingDomain, DateTime now)
|
||||
throws EppException {
|
||||
verifyNoDisallowedStatuses(existingDomain, UPDATE_DISALLOWED_STATUSES);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingDomain);
|
||||
verifyOptionalAuthInfo(authInfo, existingDomain);
|
||||
AddRemove add = command.getInnerAdd();
|
||||
AddRemove remove = command.getInnerRemove();
|
||||
if (!isSuperuser) {
|
||||
|
|
|
|||
|
|
@ -18,13 +18,11 @@ import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
|||
import static google.registry.flows.ResourceFlowUtils.failfastForAsyncDelete;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.model.eppoutput.Result.Code.SUCCESS_WITH_ACTION_PENDING;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
|
||||
import com.google.common.base.Function;
|
||||
import com.google.common.base.Optional;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.googlecode.objectify.Key;
|
||||
import google.registry.flows.EppException;
|
||||
|
|
@ -36,7 +34,6 @@ import google.registry.flows.TransactionalFlow;
|
|||
import google.registry.flows.async.AsyncFlowEnqueuer;
|
||||
import google.registry.model.domain.DomainBase;
|
||||
import google.registry.model.domain.metadata.MetadataExtension;
|
||||
import google.registry.model.eppcommon.AuthInfo;
|
||||
import google.registry.model.eppcommon.StatusValue;
|
||||
import google.registry.model.eppoutput.EppResponse;
|
||||
import google.registry.model.host.HostResource;
|
||||
|
|
@ -74,7 +71,6 @@ public final class HostDeleteFlow implements TransactionalFlow {
|
|||
}};
|
||||
|
||||
@Inject ExtensionManager extensionManager;
|
||||
@Inject Optional<AuthInfo> authInfo;
|
||||
@Inject @ClientId String clientId;
|
||||
@Inject @TargetId String targetId;
|
||||
@Inject @Superuser boolean isSuperuser;
|
||||
|
|
@ -92,7 +88,6 @@ public final class HostDeleteFlow implements TransactionalFlow {
|
|||
failfastForAsyncDelete(targetId, now, HostResource.class, GET_NAMESERVERS);
|
||||
HostResource existingHost = loadAndVerifyExistence(HostResource.class, targetId, now);
|
||||
verifyNoDisallowedStatuses(existingHost, DISALLOWED_STATUSES);
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingHost);
|
||||
if (!isSuperuser) {
|
||||
verifyResourceOwnership(clientId, existingHost);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,16 +16,13 @@ package google.registry.flows.host;
|
|||
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.model.EppResourceUtils.cloneResourceWithLinkedStatus;
|
||||
|
||||
import com.google.common.base.Optional;
|
||||
import google.registry.flows.EppException;
|
||||
import google.registry.flows.ExtensionManager;
|
||||
import google.registry.flows.Flow;
|
||||
import google.registry.flows.FlowModule.ClientId;
|
||||
import google.registry.flows.FlowModule.TargetId;
|
||||
import google.registry.model.eppcommon.AuthInfo;
|
||||
import google.registry.model.eppoutput.EppResponse;
|
||||
import google.registry.model.host.HostResource;
|
||||
import google.registry.util.Clock;
|
||||
|
|
@ -45,7 +42,6 @@ public final class HostInfoFlow implements Flow {
|
|||
@Inject ExtensionManager extensionManager;
|
||||
@Inject @ClientId String clientId;
|
||||
@Inject @TargetId String targetId;
|
||||
@Inject Optional<AuthInfo> authInfo;
|
||||
@Inject Clock clock;
|
||||
@Inject EppResponse.Builder responseBuilder;
|
||||
@Inject HostInfoFlow() {}
|
||||
|
|
@ -56,7 +52,6 @@ public final class HostInfoFlow implements Flow {
|
|||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = clock.nowUtc();
|
||||
HostResource host = loadAndVerifyExistence(HostResource.class, targetId, now);
|
||||
verifyOptionalAuthInfoForResource(authInfo, host);
|
||||
return responseBuilder.setResData(cloneResourceWithLinkedStatus(host, now)).build();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ import static google.registry.flows.ResourceFlowUtils.checkSameValuesNotAddedAnd
|
|||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyAllStatusesAreClientSettable;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.host.HostFlowUtils.lookupSuperordinateDomain;
|
||||
import static google.registry.flows.host.HostFlowUtils.validateHostName;
|
||||
|
|
@ -49,7 +48,6 @@ import google.registry.flows.exceptions.ResourceHasClientUpdateProhibitedExcepti
|
|||
import google.registry.model.ImmutableObject;
|
||||
import google.registry.model.domain.DomainResource;
|
||||
import google.registry.model.domain.metadata.MetadataExtension;
|
||||
import google.registry.model.eppcommon.AuthInfo;
|
||||
import google.registry.model.eppcommon.StatusValue;
|
||||
import google.registry.model.eppinput.ResourceCommand;
|
||||
import google.registry.model.eppoutput.EppResponse;
|
||||
|
|
@ -104,7 +102,6 @@ public final class HostUpdateFlow implements TransactionalFlow {
|
|||
|
||||
@Inject ResourceCommand resourceCommand;
|
||||
@Inject ExtensionManager extensionManager;
|
||||
@Inject Optional<AuthInfo> authInfo;
|
||||
@Inject @ClientId String clientId;
|
||||
@Inject @TargetId String targetId;
|
||||
@Inject @Superuser boolean isSuperuser;
|
||||
|
|
@ -178,7 +175,6 @@ public final class HostUpdateFlow implements TransactionalFlow {
|
|||
private void verifyUpdateAllowed(
|
||||
Update command, HostResource existingResource, DomainResource superordinateDomain)
|
||||
throws EppException {
|
||||
verifyOptionalAuthInfoForResource(authInfo, existingResource);
|
||||
if (!isSuperuser) {
|
||||
verifyResourceOwnership(clientId, existingResource);
|
||||
ImmutableSet<StatusValue> statusesToAdd = command.getInnerAdd().getStatusValues();
|
||||
|
|
|
|||
|
|
@ -14,10 +14,7 @@
|
|||
|
||||
package google.registry.model.contact;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
|
||||
import com.googlecode.objectify.annotation.Embed;
|
||||
import google.registry.model.EppResource;
|
||||
import google.registry.model.eppcommon.AuthInfo;
|
||||
import javax.xml.bind.annotation.XmlType;
|
||||
|
||||
|
|
@ -25,25 +22,9 @@ import javax.xml.bind.annotation.XmlType;
|
|||
@Embed
|
||||
@XmlType(namespace = "urn:ietf:params:xml:ns:contact-1.0")
|
||||
public class ContactAuthInfo extends AuthInfo {
|
||||
|
||||
public static ContactAuthInfo create(PasswordAuth pw) {
|
||||
ContactAuthInfo instance = new ContactAuthInfo();
|
||||
instance.pw = pw;
|
||||
return instance;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void verifyAuthorizedFor(EppResource eppResource) throws BadAuthInfoException {
|
||||
ContactResource contact = (ContactResource) eppResource;
|
||||
PasswordAuth passwordAuth = checkNotNull(getPw());
|
||||
|
||||
// It's rather strange to specify a repoId on a contact auth info. Instead of explicitly
|
||||
// rejecting it, we'll just make sure the repoId matches this particular contact.
|
||||
if (passwordAuth.getRepoId() != null && !contact.getRepoId().equals(getRepoId())) {
|
||||
throw new BadAuthInfoException();
|
||||
}
|
||||
if (!contact.getAuthInfo().getPw().getValue().equals(passwordAuth.getValue())) {
|
||||
throw new BadAuthInfoException();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,52 +14,15 @@
|
|||
|
||||
package google.registry.model.domain;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
|
||||
import com.googlecode.objectify.Key;
|
||||
import com.googlecode.objectify.annotation.Embed;
|
||||
import google.registry.model.EppResource;
|
||||
import google.registry.model.contact.ContactResource;
|
||||
import google.registry.model.eppcommon.AuthInfo;
|
||||
|
||||
/** A version of authInfo specifically for domains. */
|
||||
@Embed
|
||||
public class DomainAuthInfo extends AuthInfo {
|
||||
|
||||
public static DomainAuthInfo create(PasswordAuth pw) {
|
||||
DomainAuthInfo instance = new DomainAuthInfo();
|
||||
instance.pw = pw;
|
||||
return instance;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void verifyAuthorizedFor(EppResource eppResource) throws BadAuthInfoException {
|
||||
DomainBase domain = (DomainBase) eppResource;
|
||||
checkNotNull(getPw());
|
||||
if (getRepoId() != null) {
|
||||
// Make sure the repo id matches one of the contacts on the domain.
|
||||
Key<ContactResource> foundContact = null;
|
||||
for (Key<ContactResource> contact : domain.getReferencedContacts()) {
|
||||
String contactRepoId = contact.getName();
|
||||
if (getRepoId().equals(contactRepoId)) {
|
||||
foundContact = contact;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (foundContact == null) {
|
||||
throw new BadAuthInfoException();
|
||||
}
|
||||
// Check if the password provided matches the password on the referenced contact.
|
||||
if (!ofy().load().key(foundContact).now().getAuthInfo().getPw().getValue().equals(
|
||||
getPw().getValue())) {
|
||||
throw new BadAuthInfoException();
|
||||
}
|
||||
} else {
|
||||
// If not repository ID is specified, then check the password against the domain's password.
|
||||
if (!domain.getAuthInfo().getPw().getValue().equals(getPw().getValue())) {
|
||||
throw new BadAuthInfoException();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@
|
|||
package google.registry.model.eppcommon;
|
||||
|
||||
import com.googlecode.objectify.annotation.Embed;
|
||||
import google.registry.model.EppResource;
|
||||
import google.registry.model.ImmutableObject;
|
||||
import javax.xml.bind.annotation.XmlAttribute;
|
||||
import javax.xml.bind.annotation.XmlTransient;
|
||||
|
|
@ -33,13 +32,6 @@ import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
|
|||
@XmlTransient
|
||||
public abstract class AuthInfo extends ImmutableObject {
|
||||
|
||||
/**
|
||||
* Verify that the authorization info is valid for the given resource in the given tld.
|
||||
*
|
||||
* @throws BadAuthInfoException if this authorization info is invalid for this resource
|
||||
*/
|
||||
public abstract void verifyAuthorizedFor(EppResource eppResource) throws BadAuthInfoException;
|
||||
|
||||
protected PasswordAuth pw;
|
||||
|
||||
public PasswordAuth getPw() {
|
||||
|
|
@ -77,12 +69,4 @@ public abstract class AuthInfo extends ImmutableObject {
|
|||
return create(value, null);
|
||||
}
|
||||
}
|
||||
|
||||
/** Returns the repoId for the contact this auth info is associated with. */
|
||||
protected String getRepoId() {
|
||||
return pw.getRepoId();
|
||||
}
|
||||
|
||||
/** Exception to throw when an auth info can't be verified. */
|
||||
public static class BadAuthInfoException extends Exception {}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue