zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-12 22:38:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add nameserver validation in domain update related flows

Browse source 
When updating domains, make sure that if the domains are nameserver restricted, the updated nameservers set on the domains are still consistent with the restriction.

When updating domains of a domain created restricted TLD, validate if the domain is still on the reserved list with nameserver restricted reservation. If it is not, there's likely some conflicting states of the domain that needs to be reconciled (e. g.the domain is removed from the reserved list after being created). Throws an exception in this case.

Also added missing tests for TLDs with nameserver whitelist.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=150781935
This commit is contained in:
jianglai 2017-03-21 11:50:13 -07:00 committed by Ben McIlwain
parent a958d0a6c3
commit 37440d6b29
7 changed files with 517 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

198
javatests/google/registry/flows/domain/DomainUpdateFlowTest.java
View file

@ -29,6 +29,7 @@ import static google.registry.testing.DatastoreHelper.persistActiveDomain;
import static google.registry.testing.DatastoreHelper.persistActiveHost;
import static google.registry.testing.DatastoreHelper.persistActiveSubordinateHost;
import static google.registry.testing.DatastoreHelper.persistDeletedDomain;
import static google.registry.testing.DatastoreHelper.persistReservedList;
import static google.registry.testing.DatastoreHelper.persistResource;
import static google.registry.testing.DomainResourceSubject.assertAboutDomains;
import static google.registry.testing.HistoryEntrySubject.assertAboutHistoryEntries;
@ -46,6 +47,7 @@ import google.registry.flows.ResourceFlowUtils.AddRemoveSameValueException;
import google.registry.flows.ResourceFlowUtils.ResourceDoesNotExistException;
import google.registry.flows.ResourceFlowUtils.ResourceNotOwnedException;
import google.registry.flows.ResourceFlowUtils.StatusNotClientSettableException;
import google.registry.flows.domain.DomainFlowUtils.DomainNotAllowedForTldWithCreateRestrictionException;
import google.registry.flows.domain.DomainFlowUtils.DuplicateContactForRoleException;
import google.registry.flows.domain.DomainFlowUtils.EmptySecDnsUpdateException;
import google.registry.flows.domain.DomainFlowUtils.FeesMismatchException;
@ -56,7 +58,9 @@ import google.registry.flows.domain.DomainFlowUtils.MaxSigLifeChangeNotSupported
import google.registry.flows.domain.DomainFlowUtils.MissingAdminContactException;
import google.registry.flows.domain.DomainFlowUtils.MissingContactTypeException;
import google.registry.flows.domain.DomainFlowUtils.MissingTechnicalContactException;
import google.registry.flows.domain.DomainFlowUtils.NameserversNotAllowedForDomainException;
import google.registry.flows.domain.DomainFlowUtils.NameserversNotAllowedForTldException;
import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForNameserverRestrictedDomainException;
import google.registry.flows.domain.DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverWhitelistException;
import google.registry.flows.domain.DomainFlowUtils.NotAuthorizedForTldException;
import google.registry.flows.domain.DomainFlowUtils.RegistrantNotAllowedException;
@ -1145,7 +1149,7 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
}
@Test
public void testSuccess_removeNameserverWhitelisted() throws Exception {
public void testSuccess_tldWithNameserverWhitelist_removeNameserver() throws Exception {
setEppInput("domain_update_remove_nameserver.xml");
persistReferencedEntities();
persistDomain();
@ -1168,7 +1172,7 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
}
@Test
public void testFailure_removeLastNameserverWhitelisted() throws Exception {
public void testFailure_tldWithNameserverWhitelist_removeLastNameserver() throws Exception {
persistReferencedEntities();
persistDomain();
setEppInput("domain_update_remove_nameserver.xml");
@ -1180,6 +1184,196 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
runFlow();
}
@Test
public void testSuccess_domainNameserverRestricted_addedNameserverAllowed() throws Exception {
persistReferencedEntities();
persistDomain();
persistResource(
Registry.get("tld")
.asBuilder()
.setReservedLists(
persistReservedList(
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
.build());
doSuccessfulTest();
}
@Test
public void testFailure_domainNameserverRestricted_addedNameserverDisallowed() throws Exception {
persistReferencedEntities();
persistDomain();
persistResource(
Registry.get("tld")
.asBuilder()
.setReservedLists(
persistReservedList(
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns3.example.foo"))
.build());
thrown.expect(NameserversNotAllowedForDomainException.class, "ns2.example.foo");
runFlow();
}
@Test
public void testFailure_domainNameserverRestricted_removeLastNameserver() throws Exception {
persistReferencedEntities();
persistDomain();
setEppInput("domain_update_remove_nameserver.xml");
persistResource(
Registry.get("tld")
.asBuilder()
.setReservedLists(
persistReservedList(
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
.build());
thrown.expect(NameserversNotSpecifiedForNameserverRestrictedDomainException.class);
runFlow();
}
@Test
public void testSuccess_domainNameserverRestricted_removeNameservers() throws Exception {
setEppInput("domain_update_remove_nameserver.xml");
persistReferencedEntities();
persistDomain();
persistResource(
reloadResourceByForeignKey()
.asBuilder()
.addNameservers(
ImmutableSet.of(
Key.create(
loadByForeignKey(HostResource.class, "ns2.example.foo", clock.nowUtc()))))
.build());
persistResource(
Registry.get("tld")
.asBuilder()
.setReservedLists(
persistReservedList(
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
.build());
assertThat(reloadResourceByForeignKey().getNameservers())
.contains(
Key.create(loadByForeignKey(HostResource.class, "ns1.example.foo", clock.nowUtc())));
clock.advanceOneMilli();
runFlow();
assertThat(reloadResourceByForeignKey().getNameservers())
.doesNotContain(
Key.create(loadByForeignKey(HostResource.class, "ns1.example.foo", clock.nowUtc())));
}
@Test
public void testSuccess_domainCreateRestricted_addedNameserverAllowed() throws Exception {
persistReferencedEntities();
persistDomain();
persistResource(
Registry.get("tld")
.asBuilder()
.setReservedLists(
persistReservedList(
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns3.example.foo"))
.build());
thrown.expect(NameserversNotAllowedForDomainException.class, "ns2.example.foo");
runFlow();
}
@Test
public void testSuccess_addedNameserversAllowedInTldAndDomainNameserversWhitelists()
throws Exception {
persistReferencedEntities();
persistDomain();
persistResource(
Registry.get("tld")
.asBuilder()
.setAllowedFullyQualifiedHostNames(
ImmutableSet.of("ns1.example.foo", "ns2.example.foo"))
.setReservedLists(
persistReservedList(
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
.build());
doSuccessfulTest();
}
@Test
public void testFailure_addedNameserversAllowedInTld_disallowedInDomainNameserversWhitelists()
throws Exception {
persistReferencedEntities();
persistDomain();
persistResource(
Registry.get("tld")
.asBuilder()
.setAllowedFullyQualifiedHostNames(
ImmutableSet.of("ns1.example.foo", "ns2.example.foo"))
.setReservedLists(
persistReservedList("reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo"))
.build());
thrown.expect(NameserversNotAllowedForDomainException.class, "ns2.example.foo");
runFlow();
}
@Test
public void testFailure_addedNameserversDisallowedInTld_AllowedInDomainNameserversWhitelists()
throws Exception {
persistReferencedEntities();
persistDomain();
persistResource(
Registry.get("tld")
.asBuilder()
.setAllowedFullyQualifiedHostNames(ImmutableSet.of("ns1.example.foo"))
.setReservedLists(
persistReservedList(
"reserved", "example,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
.build());
thrown.expect(NameserversNotAllowedForTldException.class, "ns2.example.foo");
runFlow();
}
@Test
public void testFailure_tldNameserversAllowed_domainCreateRestricted_domainNotReserved()
throws Exception {
persistReferencedEntities();
persistDomain();
persistResource(
Registry.get("tld")
.asBuilder()
.setDomainCreateRestricted(true)
.setAllowedFullyQualifiedHostNames(
ImmutableSet.of("ns1.example.foo", "ns2.example.foo"))
.setReservedLists(
persistReservedList(
"reserved", "lol,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
.build());
thrown.expect(DomainNotAllowedForTldWithCreateRestrictionException.class);
runFlow();
}
@Test
public void testFailure_domainCreateRestricted_domainNotReserved() throws Exception {
persistReferencedEntities();
persistDomain();
persistResource(
Registry.get("tld")
.asBuilder()
.setDomainCreateRestricted(true)
.setReservedLists(
persistReservedList(
"reserved", "lol,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
.build());
thrown.expect(DomainNotAllowedForTldWithCreateRestrictionException.class);
runFlow();
}
@Test
public void testSuccess_domainCreateNotRestricted_domainNotReserved() throws Exception {
persistReferencedEntities();
persistDomain();
persistResource(
Registry.get("tld")
.asBuilder()
.setReservedLists(
persistReservedList(
"reserved", "lol,NAMESERVER_RESTRICTED,ns1.example.foo:ns2.example.foo"))
.build());
doSuccessfulTest();
}
@Test
public void testFailure_freePremium_wrongFee() throws Exception {
setEppInput("domain_update_fee.xml", ImmutableMap.of("FEE_VERSION", "0.11"));