mirror of
https://github.com/google/nomulus.git
synced 2025-08-05 01:11:50 +02:00
Decouple SessionMetadata and TransportCredentials
TransportCredentials are per-request, not per-session, and there's no reason to carry them within SessionMetadata. While I'm in here, get rid of "null" credentials. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=125202213
This commit is contained in:
cgoldfeder
Ben McIlwain
parent
fe1cd06da8
commit
3ae646d687
26 changed files with 134 additions and 120 deletions
|
|
@ -51,11 +51,14 @@ public class EppConsoleActionTest extends ShardableTestCase {
|
|||
action.session.setAttribute("SUPERUSER", superuser);
|
||||
action.eppRequestHandler = mock(EppRequestHandler.class);
|
||||
action.run();
|
||||
ArgumentCaptor<SessionMetadata> captor = ArgumentCaptor.forClass(SessionMetadata.class);
|
||||
verify(action.eppRequestHandler).executeEpp(captor.capture(), eq(INPUT_XML_BYTES));
|
||||
SessionMetadata sessionMetadata = captor.getValue();
|
||||
assertThat(((GaeUserCredentials) sessionMetadata.getTransportCredentials()).gaeUser.getEmail())
|
||||
ArgumentCaptor<TransportCredentials> credentialsCaptor =
|
||||
ArgumentCaptor.forClass(TransportCredentials.class);
|
||||
ArgumentCaptor<SessionMetadata> metadataCaptor = ArgumentCaptor.forClass(SessionMetadata.class);
|
||||
verify(action.eppRequestHandler).executeEpp(
|
||||
metadataCaptor.capture(), credentialsCaptor.capture(), eq(INPUT_XML_BYTES));
|
||||
assertThat(((GaeUserCredentials) credentialsCaptor.getValue()).gaeUser.getEmail())
|
||||
.isEqualTo("person@example.com");
|
||||
SessionMetadata sessionMetadata = metadataCaptor.getValue();
|
||||
assertThat(sessionMetadata.getClientId()).isEqualTo("ClientIdentifier");
|
||||
assertThat(sessionMetadata.isDryRun()).isFalse(); // Should always be false for console.
|
||||
assertThat(sessionMetadata.isSuperuser()).isEqualTo(superuser);
|
||||
|
|
|
|||
|
|
@ -50,8 +50,8 @@ public class EppTestCase extends ShardableTestCase {
|
|||
private final FakeClock clock = new FakeClock();
|
||||
|
||||
private TestSessionMetadata sessionMetadata;
|
||||
private TransportCredentials credentials;
|
||||
private boolean superuser;
|
||||
private TransportCredentials credentials = new PasswordOnlyTransportCredentials();
|
||||
private boolean isSuperuser;
|
||||
|
||||
@Before
|
||||
public void initTestCase() {
|
||||
|
|
@ -70,8 +70,8 @@ public class EppTestCase extends ShardableTestCase {
|
|||
this.credentials = credentials;
|
||||
}
|
||||
|
||||
protected void setSuperuser(boolean superuser) {
|
||||
this.superuser = superuser;
|
||||
protected void setSuperuser(boolean isSuperuser) {
|
||||
this.isSuperuser = isSuperuser;
|
||||
}
|
||||
|
||||
String assertCommandAndResponse(String inputFilename, String outputFilename) throws Exception {
|
||||
|
|
@ -95,9 +95,8 @@ public class EppTestCase extends ShardableTestCase {
|
|||
loadFileWithSubstitutions(getClass(), outputFilename, outputSubstitutions);
|
||||
if (sessionMetadata == null) {
|
||||
sessionMetadata = new TestSessionMetadata();
|
||||
sessionMetadata.setTransportCredentials(credentials);
|
||||
}
|
||||
sessionMetadata.setSuperuser(superuser);
|
||||
sessionMetadata.setSuperuser(isSuperuser);
|
||||
String actualOutput = executeXmlCommand(input);
|
||||
if (!sessionMetadata.isValid()) {
|
||||
sessionMetadata = null;
|
||||
|
|
@ -119,7 +118,7 @@ public class EppTestCase extends ShardableTestCase {
|
|||
handler.eppController = new EppController();
|
||||
handler.eppController.clock = clock;
|
||||
handler.eppController.metrics = mock(EppMetrics.class);
|
||||
handler.executeEpp(sessionMetadata, inputXml.getBytes(UTF_8));
|
||||
handler.executeEpp(sessionMetadata, credentials, inputXml.getBytes(UTF_8));
|
||||
assertThat(response.getStatus()).isEqualTo(SC_OK);
|
||||
assertThat(response.getContentType()).isEqualTo(APPLICATION_EPP_XML_UTF8);
|
||||
String result = response.getPayload();
|
||||
|
|
|
|||
|
|
@ -17,7 +17,8 @@ package google.registry.flows;
|
|||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
import static org.mockito.Mockito.eq;
|
||||
import static org.mockito.Matchers.eq;
|
||||
import static org.mockito.Matchers.same;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
|
@ -47,12 +48,12 @@ public class EppTlsActionTest extends ShardableTestCase {
|
|||
action.eppRequestHandler = mock(EppRequestHandler.class);
|
||||
action.run();
|
||||
ArgumentCaptor<SessionMetadata> captor = ArgumentCaptor.forClass(SessionMetadata.class);
|
||||
verify(action.eppRequestHandler).executeEpp(captor.capture(), eq(INPUT_XML_BYTES));
|
||||
verify(action.eppRequestHandler)
|
||||
.executeEpp(captor.capture(), same(action.tlsCredentials), eq(INPUT_XML_BYTES));
|
||||
SessionMetadata sessionMetadata = captor.getValue();
|
||||
assertThat(sessionMetadata.getClientId()).isEqualTo("ClientIdentifier");
|
||||
assertThat(sessionMetadata.isDryRun()).isFalse(); // Should always be false for TLS.
|
||||
assertThat(sessionMetadata.isSuperuser()).isEqualTo(superuser);
|
||||
assertThat(sessionMetadata.getTransportCredentials()).isSameAs(action.tlsCredentials);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -16,7 +16,8 @@ package google.registry.flows;
|
|||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
import static org.mockito.Mockito.eq;
|
||||
import static org.mockito.Matchers.eq;
|
||||
import static org.mockito.Matchers.isA;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
|
||||
|
|
@ -38,7 +39,10 @@ public class EppToolActionTest {
|
|||
action.xml = "<xml>";
|
||||
action.run();
|
||||
ArgumentCaptor<SessionMetadata> captor = ArgumentCaptor.forClass(SessionMetadata.class);
|
||||
verify(action.eppRequestHandler).executeEpp(captor.capture(), eq(action.xml.getBytes(UTF_8)));
|
||||
verify(action.eppRequestHandler).executeEpp(
|
||||
captor.capture(),
|
||||
isA(PasswordOnlyTransportCredentials.class),
|
||||
eq(action.xml.getBytes(UTF_8)));
|
||||
SessionMetadata sessionMetadata = captor.getValue();
|
||||
assertThat(sessionMetadata.getClientId()).isEqualTo("ClientIdentifier");
|
||||
assertThat(sessionMetadata.isDryRun()).isEqualTo(dryRun);
|
||||
|
|
|
|||
|
|
@ -93,6 +93,7 @@ public abstract class FlowTestCase<F extends Flow> {
|
|||
protected Class<? extends Flow> flowClass;
|
||||
protected TestSessionMetadata sessionMetadata;
|
||||
protected FakeClock clock = new FakeClock(DateTime.now(UTC));
|
||||
protected TransportCredentials credentials = new PasswordOnlyTransportCredentials();
|
||||
|
||||
@Before
|
||||
public void init() throws Exception {
|
||||
|
|
@ -141,6 +142,7 @@ public abstract class FlowTestCase<F extends Flow> {
|
|||
eppInput,
|
||||
getTrid(),
|
||||
sessionMetadata,
|
||||
credentials,
|
||||
"<xml></xml>".getBytes(),
|
||||
null,
|
||||
clock);
|
||||
|
|
|
|||
|
|
@ -22,9 +22,9 @@ import google.registry.flows.EppException.UnimplementedExtensionException;
|
|||
import google.registry.flows.EppException.UnimplementedObjectServiceException;
|
||||
import google.registry.flows.EppException.UnimplementedProtocolVersionException;
|
||||
import google.registry.flows.FlowTestCase;
|
||||
import google.registry.flows.TransportCredentials.BadRegistrarPasswordException;
|
||||
import google.registry.flows.session.LoginFlow.AlreadyLoggedInException;
|
||||
import google.registry.flows.session.LoginFlow.BadRegistrarClientIdException;
|
||||
import google.registry.flows.session.LoginFlow.BadRegistrarPasswordException;
|
||||
import google.registry.flows.session.LoginFlow.PasswordChangesNotSupportedException;
|
||||
import google.registry.flows.session.LoginFlow.RegistrarAccountNotActiveException;
|
||||
import google.registry.flows.session.LoginFlow.TooManyFailedLoginsException;
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@
|
|||
package google.registry.flows.session;
|
||||
|
||||
|
||||
import static com.google.appengine.api.users.UserServiceFactory.getUserService;
|
||||
import static google.registry.testing.DatastoreHelper.persistResource;
|
||||
|
||||
import com.google.appengine.api.users.UserServiceFactory;
|
||||
import com.google.apphosting.api.ApiProxy;
|
||||
import com.google.apphosting.api.ApiProxy.Environment;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
|
|
@ -150,15 +150,13 @@ public class LoginFlowViaConsoleTest extends LoginFlowTestCase {
|
|||
return envAttr;
|
||||
}
|
||||
});
|
||||
sessionMetadata.setTransportCredentials(new GaeUserCredentials(
|
||||
UserServiceFactory.getUserService().getCurrentUser()));
|
||||
credentials = new GaeUserCredentials(getUserService().getCurrentUser());
|
||||
return oldEnv;
|
||||
}
|
||||
|
||||
void noLogin() {
|
||||
oldEnv = ApiProxy.getCurrentEnvironment();
|
||||
sessionMetadata.setTransportCredentials(new GaeUserCredentials(
|
||||
UserServiceFactory.getUserService().getCurrentUser()));
|
||||
credentials = new GaeUserCredentials(getUserService().getCurrentUser());
|
||||
}
|
||||
|
||||
void persistLinkedAccount(String email, String gaeUserId) {
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
|
|||
@Test
|
||||
public void testSuccess_withGoodCredentials() throws Exception {
|
||||
persistResource(getRegistrarBuilder().build());
|
||||
sessionMetadata.setTransportCredentials(new TlsCredentials(GOOD_CERT, GOOD_IP, "goo.example"));
|
||||
credentials = new TlsCredentials(GOOD_CERT, GOOD_IP, "goo.example");
|
||||
doSuccessfulTest("login_valid.xml");
|
||||
}
|
||||
|
||||
|
|
@ -63,8 +63,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
|
|||
.setIpAddressWhitelist(ImmutableList.of(
|
||||
CidrAddressBlock.create("2001:db8:0:0:0:0:1:1/32")))
|
||||
.build());
|
||||
sessionMetadata.setTransportCredentials(
|
||||
new TlsCredentials(GOOD_CERT, GOOD_IPV6, "goo.example"));
|
||||
credentials = new TlsCredentials(GOOD_CERT, GOOD_IPV6, "goo.example");
|
||||
doSuccessfulTest("login_valid.xml");
|
||||
}
|
||||
|
||||
|
|
@ -75,8 +74,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
|
|||
.setIpAddressWhitelist(ImmutableList.of(
|
||||
CidrAddressBlock.create("2001:db8:0:0:0:0:1:1/32")))
|
||||
.build());
|
||||
sessionMetadata.setTransportCredentials(
|
||||
new TlsCredentials(GOOD_CERT, GOOD_IPV6, "goo.example"));
|
||||
credentials = new TlsCredentials(GOOD_CERT, GOOD_IPV6, "goo.example");
|
||||
doSuccessfulTest("login_valid.xml");
|
||||
}
|
||||
|
||||
|
|
@ -87,28 +85,28 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
|
|||
.setIpAddressWhitelist(ImmutableList.of(
|
||||
CidrAddressBlock.create("192.168.1.255/24")))
|
||||
.build());
|
||||
sessionMetadata.setTransportCredentials(new TlsCredentials(GOOD_CERT, GOOD_IP, "goo.example"));
|
||||
credentials = new TlsCredentials(GOOD_CERT, GOOD_IP, "goo.example");
|
||||
doSuccessfulTest("login_valid.xml");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_incorrectClientCertificateHash() throws Exception {
|
||||
persistResource(getRegistrarBuilder().build());
|
||||
sessionMetadata.setTransportCredentials(new TlsCredentials(BAD_CERT, GOOD_IP, "goo.example"));
|
||||
credentials = new TlsCredentials(BAD_CERT, GOOD_IP, "goo.example");
|
||||
doFailingTest("login_valid.xml", BadRegistrarCertificateException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_missingClientCertificateHash() throws Exception {
|
||||
persistResource(getRegistrarBuilder().build());
|
||||
sessionMetadata.setTransportCredentials(new TlsCredentials(null, GOOD_IP, "goo.example"));
|
||||
credentials = new TlsCredentials(null, GOOD_IP, "goo.example");
|
||||
doFailingTest("login_valid.xml", MissingRegistrarCertificateException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_noSniAndCertRequired() throws Exception {
|
||||
persistResource(getRegistrarBuilder().build());
|
||||
sessionMetadata.setTransportCredentials(new TlsCredentials(null, GOOD_IP, null));
|
||||
credentials = new TlsCredentials(null, GOOD_IP, null);
|
||||
doFailingTest("login_valid.xml", NoSniException.class);
|
||||
}
|
||||
|
||||
|
|
@ -120,8 +118,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
|
|||
CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
|
||||
CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
|
||||
.build());
|
||||
sessionMetadata.setTransportCredentials(
|
||||
new TlsCredentials(GOOD_CERT, Optional.<String>absent(), "goo.example"));
|
||||
credentials = new TlsCredentials(GOOD_CERT, Optional.<String>absent(), "goo.example");
|
||||
doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
|
||||
}
|
||||
|
||||
|
|
@ -133,7 +130,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
|
|||
CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
|
||||
CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
|
||||
.build());
|
||||
sessionMetadata.setTransportCredentials(new TlsCredentials(GOOD_CERT, BAD_IP, "goo.example"));
|
||||
credentials = new TlsCredentials(GOOD_CERT, BAD_IP, "goo.example");
|
||||
doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
|
||||
}
|
||||
|
||||
|
|
@ -145,7 +142,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
|
|||
CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
|
||||
CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
|
||||
.build());
|
||||
sessionMetadata.setTransportCredentials(new TlsCredentials(GOOD_CERT, BAD_IPV6, "goo.example"));
|
||||
credentials = new TlsCredentials(GOOD_CERT, BAD_IPV6, "goo.example");
|
||||
doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ import static org.joda.time.Duration.standardDays;
|
|||
import com.googlecode.objectify.Key;
|
||||
|
||||
import google.registry.flows.FlowRunner;
|
||||
import google.registry.flows.PasswordOnlyTransportCredentials;
|
||||
import google.registry.flows.SessionMetadata;
|
||||
import google.registry.model.domain.DomainResource;
|
||||
import google.registry.model.eppcommon.Trid;
|
||||
|
|
@ -84,6 +85,7 @@ public class EppResourceUtilsTest {
|
|||
eppLoader.getEpp(),
|
||||
Trid.create(null, "server-trid"),
|
||||
sessionMetadata,
|
||||
new PasswordOnlyTransportCredentials(),
|
||||
"<xml></xml>".getBytes(),
|
||||
null,
|
||||
clock)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue