From 4399067ddd38eaead1b458b3b7b50c813e2d0018 Mon Sep 17 00:00:00 2001
From: Pavlo Tkach <3469726+ptkach@users.noreply.github.com>
Date: Wed, 3 Aug 2022 15:24:00 -0400
Subject: [PATCH] Extend registrar allowed IPs auth exception text with IP
 address (#1726)

---
 .../java/google/registry/flows/TlsCredentials.java     | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/core/src/main/java/google/registry/flows/TlsCredentials.java b/core/src/main/java/google/registry/flows/TlsCredentials.java
index 80b754afb..b9951a9b8 100644
--- a/core/src/main/java/google/registry/flows/TlsCredentials.java
+++ b/core/src/main/java/google/registry/flows/TlsCredentials.java
@@ -114,7 +114,7 @@ public class TlsCredentials implements TransportCredentials {
         "Authentication error: IP address %s is not allow-listed for registrar %s; allow list is:"
             + " %s",
         clientInetAddr, registrar.getRegistrarId(), ipAddressAllowList);
-    throw new BadRegistrarIpAddressException();
+    throw new BadRegistrarIpAddressException(clientInetAddr);
   }
 
   @VisibleForTesting
@@ -216,8 +216,12 @@ public class TlsCredentials implements TransportCredentials {
 
   /** Registrar IP address is not in stored allow list. */
   public static class BadRegistrarIpAddressException extends AuthenticationErrorException {
-    BadRegistrarIpAddressException() {
-      super("Registrar IP address is not in stored allow list");
+    BadRegistrarIpAddressException(Optional<InetAddress> clientInetAddr) {
+      super(
+          clientInetAddr.isPresent()
+              ? String.format(
+                  "Registrar IP address %s is not in stored allow list", clientInetAddr.get())
+              : "Registrar IP address is not in stored allow list");
     }
   }