Decouple SessionMetadata and TransportCredentials

TransportCredentials are per-request, not per-session, and there's no reason to carry them within SessionMetadata. While I'm in here, get rid of "null" credentials. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=125202213
2025-05-13 16:07:15 +02:00 · 2016-06-17 14:24:04 -07:00 · 2016-06-17 14:24:04 -07:00 · 3ae646d687
commit 3ae646d687
parent fe1cd06da8
26 changed files with 134 additions and 120 deletions
--- a/java/google/registry/flows/session/LoginFlow.java
+++ b/java/google/registry/flows/session/LoginFlow.java
@ -29,7 +29,6 @@ import google.registry.flows.EppException.UnimplementedExtensionException;
 import google.registry.flows.EppException.UnimplementedObjectServiceException;
 import google.registry.flows.EppException.UnimplementedOptionException;
 import google.registry.flows.Flow;
-import google.registry.flows.TransportCredentials;
 import google.registry.model.eppcommon.ProtocolDefinition;
 import google.registry.model.eppcommon.ProtocolDefinition.ServiceExtension;
 import google.registry.model.eppinput.EppInput.Login;
@ -55,9 +54,9 @@ import java.util.Set;
 * @error {@link google.registry.flows.TlsCredentials.BadRegistrarIpAddressException}
 * @error {@link google.registry.flows.TlsCredentials.MissingRegistrarCertificateException}
 * @error {@link google.registry.flows.TlsCredentials.NoSniException}
+ * @error {@link google.registry.flows.TransportCredentials.BadRegistrarPasswordException}
 * @error {@link LoginFlow.AlreadyLoggedInException}
 * @error {@link LoginFlow.BadRegistrarClientIdException}
- * @error {@link LoginFlow.BadRegistrarPasswordException}
 * @error {@link LoginFlow.TooManyFailedLoginsException}
 * @error {@link LoginFlow.PasswordChangesNotSupportedException}
 * @error {@link LoginFlow.RegistrarAccountNotActiveException}
@ -114,24 +113,15 @@ public class LoginFlow extends Flow {
      throw new BadRegistrarClientIdException(login.getClientId());
    }

-    TransportCredentials credentials = sessionMetadata.getTransportCredentials();
    // AuthenticationErrorExceptions will propagate up through here.
-    if (credentials != null) {  // Allow no-credential logins, for load-testing and RDE.
-      try {
-        credentials.validate(registrar);
-      } catch (AuthenticationErrorException e) {
-        sessionMetadata.incrementFailedLoginAttempts();
-        throw e;
-      }
-    }
-
-    final boolean requiresLoginCheck = credentials == null || !credentials.performsLoginCheck();
-    if (requiresLoginCheck && !registrar.testPassword(login.getPassword())) {
+    try {
+      credentials.validate(registrar, login.getPassword());
+    } catch (AuthenticationErrorException e) {
      sessionMetadata.incrementFailedLoginAttempts();
      if (sessionMetadata.getFailedLoginAttempts() > MAX_FAILED_LOGIN_ATTEMPTS_PER_CONNECTION) {
        throw new TooManyFailedLoginsException();
      } else {
-        throw new BadRegistrarPasswordException();
+        throw e;
      }
    }
    if (registrar.getState().equals(Registrar.State.PENDING)) {
@ -157,13 +147,6 @@ public class LoginFlow extends Flow {
    }
  }

-  /** Registrar password is incorrect. */
-  static class BadRegistrarPasswordException extends AuthenticationErrorException {
-    public BadRegistrarPasswordException() {
-      super("Registrar password is incorrect");
-    }
-  }
-
  /** Registrar login failed too many times. */
  static class TooManyFailedLoginsException extends AuthenticationErrorClosingConnectionException {
    public TooManyFailedLoginsException() {