Use login email instead of GAE user ID for RegistrarPoc (#1852)

Switch to using the login email address instead of GAE user ID to
identify console users. The primary use cases are:

1) When the user logged in the registrar console, need to figure out
   which registrars they have access to (in
   AuthenticatedReigstrarAccess).

2) When a user tries to apply a registry lock, needs to know if they
   can (in RegistryLockGetAction).

Both cases are tested in alpha with a personal email address to ensure
it does not get the permission due to being a GAE admin account.

Also verified that the soy templates includes the hidden login email
form field instead of GAE user ID when registrars are displayed on the
console; and consequently when a contact update is posted to the server,
the login email is part of the JSON payload. Even though it does not
look like it is used in any way by RegistrarSettingsAction, which
receives the POST request. Like GAE user ID, the field is hidden, so
cannot be changed by the user from the console, it is also not used to
identify the RegistryPoc entity, whose composite keys are the contact
email and the registrar ID associated with it.

The login email address is backfilled for all RegistrarPocs that have a
non-null GAE user ID. The backfilled addresses converted to the same ID
as stored in the database.

core/src/main/java/google/registry/model/OteAccountBuilder.java

@@ -15,7 +15,6 @@
 package google.registry.model;
 
 import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.collect.ImmutableList.toImmutableList;
 import static google.registry.model.tld.Registry.TldState.GENERAL_AVAILABILITY;
@@ -30,7 +29,6 @@ import com.google.common.collect.ImmutableSortedMap;
 import com.google.common.collect.Sets;
 import com.google.common.collect.Streams;
 import google.registry.config.RegistryEnvironment;
-import google.registry.model.common.GaeUserIdConverter;
 import google.registry.model.pricing.StaticPremiumListPricingEngine;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarAddress;
@@ -84,7 +82,7 @@ public final class OteAccountBuilder {
    * <p>The base client ID is also used to generate the OT&E TLDs, hence the restriction to
    * lowercase alphanumeric characters.
    */
-  private static final Pattern REGISTRAR_PATTERN = Pattern.compile("^[a-z0-9]{3,14}$");
+  private static final Pattern REGISTRAR_PATTERN = Pattern.compile("^[a-z\\d]{3,14}$");
 
   // Durations are short so that registrars can test with quick transfer (etc.) turnaround.
   private static final Duration SHORT_ADD_GRACE_PERIOD = Duration.standardMinutes(60);
@@ -179,17 +177,11 @@ public final class OteAccountBuilder {
    * <p>NOTE: can be called more than once, adding multiple contacts. Each contact will have access
    * to all OT&amp;E Registrars.
    *
-   * @param email the contact email that will have web-console access to all the Registrars. Must be
+   * @param email the contact/login email that will have web-console access to all the Registrars.
-   *     from "our G Suite domain" (we have to be able to get its GaeUserId)
+   *     Must be from "our G Suite domain".
    */
   public OteAccountBuilder addContact(String email) {
-    String gaeUserId =
+    registrars.forEach(registrar -> contactsBuilder.add(createRegistrarContact(email, registrar)));
-        checkNotNull(
-            GaeUserIdConverter.convertEmailAddressToGaeUserId(email),
-            "Email address %s is not associated with any GAE ID",
-            email);
-    registrars.forEach(
-        registrar -> contactsBuilder.add(createRegistrarContact(email, gaeUserId, registrar)));
     return this;
   }
 
@@ -304,7 +296,7 @@ public final class OteAccountBuilder {
       TldState initialTldState,
       boolean isEarlyAccess,
       int roidSuffix) {
-    String tldNameAlphaNumerical = tldName.replaceAll("[^a-z0-9]", "");
+    String tldNameAlphaNumerical = tldName.replaceAll("[^a-z\\d]", "");
     Optional<PremiumList> premiumList = PremiumListDao.getLatestRevision(DEFAULT_PREMIUM_LIST);
     checkState(premiumList.isPresent(), "Couldn't find premium list %s.", DEFAULT_PREMIUM_LIST);
     Registry.Builder builder =
@@ -348,13 +340,12 @@ public final class OteAccountBuilder {
         .build();
   }
 
-  private static RegistrarPoc createRegistrarContact(
+  private static RegistrarPoc createRegistrarContact(String email, Registrar registrar) {
-      String email, String gaeUserId, Registrar registrar) {
     return new RegistrarPoc.Builder()
         .setRegistrar(registrar)
         .setName(email)
         .setEmailAddress(email)
-        .setGaeUserId(gaeUserId)
+        .setLoginEmailAddress(email)
         .build();
   }
 

core/src/main/java/google/registry/model/registrar/RegistrarPoc.java

@@ -57,7 +57,7 @@ import javax.persistence.Table;
  * set to true.
  */
 @Entity
-@Table(indexes = {@Index(columnList = "gaeUserId", name = "registrarpoc_gae_user_id_idx")})
+@Table(indexes = @Index(columnList = "loginEmailAddress", name = "registrarpoc_login_email_idx"))
 @IdClass(RegistrarPocId.class)
 public class RegistrarPoc extends ImmutableObject implements Jsonifiable, UnsafeSerializable {
 
@@ -89,7 +89,7 @@ public class RegistrarPoc extends ImmutableObject implements Jsonifiable, Unsafe
     }
 
     Type(String display, boolean required) {
-      this.displayName = display;
+      displayName = display;
       this.required = required;
     }
   }
@@ -97,7 +97,12 @@ public class RegistrarPoc extends ImmutableObject implements Jsonifiable, Unsafe
   /** The name of the contact. */
   String name;
 
-  /** The email address of the contact. */
+  /**
+   * The contact email address of the contact.
+   *
+   * <p>This is different from the login email which is assgined to the regstrar and cannot be
+   * changed.
+   */
   @Id String emailAddress;
 
   @Id String registrarId;
@@ -118,13 +123,21 @@ public class RegistrarPoc extends ImmutableObject implements Jsonifiable, Unsafe
   Set<Type> types;
 
   /**
-   * A GAE user ID allowed to act as this registrar contact.
+   * A GAIA email address that was assigned to the registrar for console login purpose.
    *
-   * <p>This can be derived from a known email address using http://email-to-gae-id.appspot.com.
+   * <p>We used to store the GAE user ID directly to identify the logged-in user in the registrar
+   * console, and relied on a hacky trick with datastore to get the ID from the email address when
+   * creating a {@link RegistrarPoc}. We switched to using the login email directly as each
+   * registrar is assigned a unique email address that is immutable (to them at least), so it is as
+   * good as an identifier as the ID itself, and it allows us to get rid of the datastore
+   * dependency.
    *
-   * @see com.google.appengine.api.users.User#getUserId()
+   * <p>We backfilled all login email addresses for existing {@link RegistrarPoc}s that have a
+   * non-null GAE user ID. The backfill is done by first trying the {@link #emailAddress} field,
+   * then trying {@link #registrarId}+"@known-dasher_domain" and picking the ones that converted to
+   * the existing ID stored in the database.
    */
-  String gaeUserId;
+  String loginEmailAddress;
 
   /**
    * Whether this contact is publicly visible in WHOIS registrar query results as an Admin contact.
@@ -220,8 +233,8 @@ public class RegistrarPoc extends ImmutableObject implements Jsonifiable, Unsafe
     return visibleInDomainWhoisAsAbuse;
   }
 
-  public String getGaeUserId() {
+  public String getLoginEmailAddress() {
-    return gaeUserId;
+    return loginEmailAddress;
   }
 
   public Builder asBuilder() {
@@ -258,8 +271,8 @@ public class RegistrarPoc extends ImmutableObject implements Jsonifiable, Unsafe
    * Types: [ADMIN, WHOIS]
    * Visible in WHOIS as Admin contact: Yes
    * Visible in WHOIS as Technical contact: No
-   * GAE-UserID: 1234567890
    * Registrar-Console access: Yes
+   * Login Email Address: person@registry.example
    * }</pre>
    */
   public String toStringMultilinePlainText() {
@@ -289,10 +302,10 @@ public class RegistrarPoc extends ImmutableObject implements Jsonifiable, Unsafe
         .append('\n');
     result
         .append("Registrar-Console access: ")
-        .append(getGaeUserId() != null ? "Yes" : "No")
+        .append(getLoginEmailAddress() != null ? "Yes" : "No")
         .append('\n');
-    if (getGaeUserId() != null) {
+    if (getLoginEmailAddress() != null) {
-      result.append("GAE-UserID: ").append(getGaeUserId()).append('\n');
+      result.append("Login Email Address: ").append(getLoginEmailAddress()).append('\n');
     }
     return result.toString();
   }
@@ -311,7 +324,7 @@ public class RegistrarPoc extends ImmutableObject implements Jsonifiable, Unsafe
         .put("visibleInDomainWhoisAsAbuse", visibleInDomainWhoisAsAbuse)
         .put("allowedToSetRegistryLockPassword", allowedToSetRegistryLockPassword)
         .put("registryLockAllowed", isRegistryLockAllowed())
-        .put("gaeUserId", gaeUserId)
+        .put("loginEmailAddress", loginEmailAddress)
         .build();
   }
 
@@ -418,8 +431,8 @@ public class RegistrarPoc extends ImmutableObject implements Jsonifiable, Unsafe
       return this;
     }
 
-    public Builder setGaeUserId(String gaeUserId) {
+    public Builder setLoginEmailAddress(String loginEmailAddress) {
-      getInstance().gaeUserId = gaeUserId;
+      getInstance().loginEmailAddress = loginEmailAddress;
       return this;
     }
 

core/src/main/java/google/registry/request/auth/AuthenticatedRegistrarAccessor.java

@@ -21,6 +21,7 @@ import static google.registry.persistence.transaction.TransactionManagerFactory.
 
 import com.google.appengine.api.users.User;
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Ascii;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSetMultimap;
 import com.google.common.flogger.FluentLogger;
@@ -307,7 +308,7 @@ public class AuthenticatedRegistrarAccessor {
     UserAuthInfo userAuthInfo = authResult.userAuthInfo().get();
     if (userAuthInfo.appEngineUser().isPresent()) {
       User user = userAuthInfo.appEngineUser().get();
-      logger.atInfo().log("Checking registrar contacts for user ID %s.", user.getUserId());
+      logger.atInfo().log("Checking registrar contacts for user ID %s.", user.getEmail());
 
       // Find all registrars that have a registrar contact with this user's ID.
       jpaTm()
@@ -315,11 +316,11 @@ public class AuthenticatedRegistrarAccessor {
               () ->
                   jpaTm()
                       .query(
-                          "SELECT r FROM Registrar r INNER JOIN RegistrarPoc rp ON "
+                          "SELECT r FROM Registrar r INNER JOIN RegistrarPoc rp ON r.registrarId ="
-                              + "r.registrarId = rp.registrarId WHERE rp.gaeUserId = "
+                              + " rp.registrarId WHERE lower(rp.loginEmailAddress) = :email AND"
-                              + ":gaeUserId AND r.state != :state",
+                              + " r.state != :state",
                           Registrar.class)
-                      .setParameter("gaeUserId", user.getUserId())
+                      .setParameter("email", Ascii.toLowerCase(user.getEmail()))
                       .setParameter("state", State.DISABLED)
                       .getResultStream()
                       .forEach(registrar -> builder.put(registrar.getRegistrarId(), Role.OWNER)));

core/src/main/java/google/registry/tools/RegistrarPocCommand.java

@@ -19,7 +19,6 @@ import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Strings.isNullOrEmpty;
 import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static google.registry.util.CollectionUtils.nullToEmpty;
-import static google.registry.util.PreconditionsUtils.checkArgumentNotNull;
 import static google.registry.util.PreconditionsUtils.checkArgumentPresent;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
@@ -29,7 +28,6 @@ import com.google.common.base.Enums;
 import com.google.common.base.Joiner;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
-import google.registry.model.common.GaeUserIdConverter;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarPoc;
 import google.registry.tools.params.OptionalPhoneNumberParameter;
@@ -48,6 +46,7 @@ import java.util.Set;
 import javax.annotation.Nullable;
 
 /** Command for CRUD operations on {@link Registrar} contact list fields. */
+@SuppressWarnings("OptionalAssignedToNull")
 @Parameters(
     separators = " =",
     commandDescription = "Create/read/update/delete the various contact lists for a Registrar.")
@@ -78,9 +77,19 @@ final class RegistrarPocCommand extends MutatingCommand {
   private List<String> contactTypeNames;
 
   @Nullable
-  @Parameter(names = "--email", description = "Contact email address.")
+  @Parameter(
+      names = "--email",
+      description =
+          "Contact email address. Required when creating a contact"
+              + " and will be used as the console login email, if --login_email is not specified.")
   String email;
 
+  @Nullable
+  @Parameter(
+      names = "--login_email",
+      description = "Console login email address. If not specified, --email will be used.")
+  String loginEmail;
+
   @Nullable
   @Parameter(
       names = "--registry_lock_email",
@@ -168,13 +177,13 @@ final class RegistrarPocCommand extends MutatingCommand {
     // If the contact_type parameter is not specified, we should not make any changes.
     if (contactTypeNames == null) {
       contactTypes = null;
-    // It appears that when the user specifies "--contact_type=" with no types following, JCommander
+      // It appears that when the user specifies "--contact_type=" with no types following,
-    // sets contactTypeNames to a one-element list containing the empty string. This is strange, but
+      // JCommander sets contactTypeNames to a one-element list containing the empty string. This is
-    // we need to handle this by setting the contact types to the empty set. Also do this if
+      // strange, but we need to handle this by setting the contact types to the empty set. Also do
-    // contactTypeNames is empty, which is what I would hope JCommander would return in some future,
+      // this if contactTypeNames is empty, which is what I would hope JCommander would return in
-    // better world.
+      // some future, better world.
     } else if (contactTypeNames.isEmpty()
-        || ((contactTypeNames.size() == 1) && contactTypeNames.get(0).isEmpty())) {
+        || contactTypeNames.size() == 1 && contactTypeNames.get(0).isEmpty()) {
       contactTypes = ImmutableSet.of();
     } else {
       contactTypes =
@@ -194,7 +203,7 @@ final class RegistrarPocCommand extends MutatingCommand {
         break;
       case CREATE:
         stageEntityChange(null, createContact(registrar));
-        if ((visibleInDomainWhoisAsAbuse != null) && visibleInDomainWhoisAsAbuse) {
+        if (visibleInDomainWhoisAsAbuse != null && visibleInDomainWhoisAsAbuse) {
           unsetOtherWhoisAbuseFlags(contacts, null);
         }
         break;
@@ -211,7 +220,7 @@ final class RegistrarPocCommand extends MutatingCommand {
             "Cannot clear visible_in_domain_whois_as_abuse flag, as that would leave no domain"
                 + " WHOIS abuse contacts; instead, set the flag on another contact");
         stageEntityChange(oldContact, newContact);
-        if ((visibleInDomainWhoisAsAbuse != null) && visibleInDomainWhoisAsAbuse) {
+        if (visibleInDomainWhoisAsAbuse != null && visibleInDomainWhoisAsAbuse) {
           unsetOtherWhoisAbuseFlags(contacts, oldContact.getEmailAddress());
         }
         break;
@@ -261,9 +270,7 @@ final class RegistrarPocCommand extends MutatingCommand {
     builder.setTypes(nullToEmpty(contactTypes));
 
     if (Objects.equals(allowConsoleAccess, Boolean.TRUE)) {
-      builder.setGaeUserId(checkArgumentNotNull(
+      builder.setLoginEmailAddress(loginEmail == null ? email : loginEmail);
-          GaeUserIdConverter.convertEmailAddressToGaeUserId(email),
-          String.format("Email address %s is not associated with any GAE ID", email)));
     }
     if (visibleInWhoisAsAdmin != null) {
       builder.setVisibleInWhoisAsAdmin(visibleInWhoisAsAdmin);
@@ -311,11 +318,9 @@ final class RegistrarPocCommand extends MutatingCommand {
     }
     if (allowConsoleAccess != null) {
       if (allowConsoleAccess.equals(Boolean.TRUE)) {
-        builder.setGaeUserId(checkArgumentNotNull(
+        builder.setLoginEmailAddress(loginEmail == null ? email : loginEmail);
-            GaeUserIdConverter.convertEmailAddressToGaeUserId(email),
-            String.format("Email address %s is not associated with any GAE ID", email)));
       } else {
-        builder.setGaeUserId(null);
+        builder.setLoginEmailAddress(null);
       }
     }
     if (allowedToSetRegistryLockPassword != null) {

core/src/main/java/google/registry/ui/server/RegistrarFormFields.java

@@ -206,8 +206,8 @@ public final class RegistrarFormFields {
   public static final FormField<String, String> CONTACT_FAX_NUMBER_FIELD =
       FormFields.PHONE_NUMBER.asBuilderNamed("faxNumber").build();
 
-  public static final FormField<String, String> CONTACT_GAE_USER_ID_FIELD =
+  public static final FormField<String, String> CONTACT_LOGIN_EMAIL_ADDRESS_FIELD =
-      FormFields.NAME.asBuilderNamed("gaeUserId").build();
+      FormFields.NAME.asBuilderNamed("loginEmailAddress").build();
 
   public static final FormField<Object, Boolean> CONTACT_ALLOWED_TO_SET_REGISTRY_LOCK_PASSWORD =
       FormField.named("allowedToSetRegistryLockPassword", Object.class)
@@ -284,11 +284,15 @@ public final class RegistrarFormFields {
 
   public static final FormField<Map<String, ?>, RegistrarAddress> L10N_ADDRESS_FIELD =
       FormField.mapNamed("localizedAddress")
-          .transform(RegistrarAddress.class, (args) -> toNewAddress(
+          .transform(
+              RegistrarAddress.class,
+              args ->
+                  toNewAddress(
                       args, L10N_STREET_FIELD, L10N_CITY_FIELD, L10N_STATE_FIELD, L10N_ZIP_FIELD))
           .build();
 
-  private static @Nullable RegistrarAddress toNewAddress(
+  @Nullable
+  private static RegistrarAddress toNewAddress(
       @Nullable Map<String, ?> args,
       final FormField<List<String>, List<String>> streetField,
       final FormField<String, String> cityField,
@@ -327,7 +331,8 @@ public final class RegistrarFormFields {
     }
   }
 
-  private static @Nullable String parseHostname(@Nullable String input) {
+  @Nullable
+  private static String parseHostname(@Nullable String input) {
     if (input == null) {
       return null;
     }
@@ -337,7 +342,8 @@ public final class RegistrarFormFields {
     return canonicalizeHostname(input);
   }
 
-  public static @Nullable DateTime parseDateTime(@Nullable String input) {
+  @Nullable
+  public static DateTime parseDateTime(@Nullable String input) {
     if (input == null) {
       return null;
     }
@@ -391,7 +397,8 @@ public final class RegistrarFormFields {
     builder.setPhoneNumber(CONTACT_PHONE_NUMBER_FIELD.extractUntyped(args).orElse(null));
     builder.setFaxNumber(CONTACT_FAX_NUMBER_FIELD.extractUntyped(args).orElse(null));
     builder.setTypes(CONTACT_TYPES.extractUntyped(args).orElse(ImmutableSet.of()));
-    builder.setGaeUserId(CONTACT_GAE_USER_ID_FIELD.extractUntyped(args).orElse(null));
+    builder.setLoginEmailAddress(
+        CONTACT_LOGIN_EMAIL_ADDRESS_FIELD.extractUntyped(args).orElse(null));
     // The parser is inconsistent with whether it retrieves boolean values as strings or booleans.
     // As a result, use a potentially-redundant converter that can deal with both.
     builder.setAllowedToSetRegistryLockPassword(

core/src/main/java/google/registry/ui/server/registrar/ConsoleRegistrarCreatorAction.java

@@ -14,36 +14,40 @@
 
 package google.registry.ui.server.registrar;
 
-import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.collect.ImmutableList.toImmutableList;
 import static com.google.common.collect.ImmutableMap.toImmutableMap;
-import static google.registry.model.common.GaeUserIdConverter.convertEmailAddressToGaeUserId;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.ui.server.SoyTemplateUtils.CSS_RENAMING_MAP_SUPPLIER;
 import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
 
 import com.google.common.base.Ascii;
 import com.google.common.base.Splitter;
-import com.google.common.base.Supplier;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.flogger.FluentLogger;
 import com.google.template.soy.tofu.SoyTofu;
 import google.registry.config.RegistryEnvironment;
 import google.registry.model.registrar.Registrar;
+import google.registry.model.registrar.Registrar.State;
 import google.registry.model.registrar.RegistrarAddress;
 import google.registry.model.registrar.RegistrarPoc;
 import google.registry.request.Action;
 import google.registry.request.Action.Method;
+import google.registry.request.Action.Service;
 import google.registry.request.Parameter;
 import google.registry.request.auth.Auth;
 import google.registry.request.auth.AuthenticatedRegistrarAccessor;
 import google.registry.ui.server.SendEmailUtils;
 import google.registry.ui.server.SoyTemplateUtils;
+import google.registry.ui.soy.registrar.AnalyticsSoyInfo;
+import google.registry.ui.soy.registrar.ConsoleSoyInfo;
+import google.registry.ui.soy.registrar.ConsoleUtilsSoyInfo;
+import google.registry.ui.soy.registrar.FormsSoyInfo;
 import google.registry.ui.soy.registrar.RegistrarCreateConsoleSoyInfo;
 import google.registry.util.StringGenerator;
 import java.util.HashMap;
 import java.util.Optional;
+import java.util.function.Supplier;
 import java.util.stream.Stream;
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -54,12 +58,9 @@ import org.joda.money.CurrencyUnit;
  *
  * <p>This Action does 2 things: - for GET, just returns the form that asks for the required
  * information. - for POST, receives the information and creates the Registrar.
- *
- * <p>TODO(b/120201577): once we can have 2 different Actions with the same path (different
- * Methods), separate this class to 2 Actions.
  */
 @Action(
-    service = Action.Service.DEFAULT,
+    service = Service.DEFAULT,
     path = ConsoleRegistrarCreatorAction.PATH,
     method = {Method.POST, Method.GET},
     auth = Auth.AUTH_PUBLIC)
@@ -74,11 +75,11 @@ public final class ConsoleRegistrarCreatorAction extends HtmlAction {
 
   private static final Supplier<SoyTofu> TOFU_SUPPLIER =
       SoyTemplateUtils.createTofuSupplier(
-          google.registry.ui.soy.registrar.AnalyticsSoyInfo.getInstance(),
+          AnalyticsSoyInfo.getInstance(),
-          google.registry.ui.soy.registrar.ConsoleSoyInfo.getInstance(),
+          ConsoleSoyInfo.getInstance(),
-          google.registry.ui.soy.registrar.ConsoleUtilsSoyInfo.getInstance(),
+          ConsoleUtilsSoyInfo.getInstance(),
-          google.registry.ui.soy.registrar.FormsSoyInfo.getInstance(),
+          FormsSoyInfo.getInstance(),
-          google.registry.ui.soy.registrar.RegistrarCreateConsoleSoyInfo.getInstance());
+          RegistrarCreateConsoleSoyInfo.getInstance());
 
   @Inject AuthenticatedRegistrarAccessor registrarAccessor;
   @Inject SendEmailUtils sendEmailUtils;
@@ -136,7 +137,7 @@ public final class ConsoleRegistrarCreatorAction extends HtmlAction {
     return PATH;
   }
 
-  private void checkPresent(Optional<?> value, String name) {
+  private static void checkPresent(Optional<?> value, String name) {
     checkState(value.isPresent(), "Missing value for %s", name);
   }
 
@@ -193,11 +194,6 @@ public final class ConsoleRegistrarCreatorAction extends HtmlAction {
       optionalZip.ifPresent(zip -> data.put("zip", zip));
       data.put("countryCode", countryCode.get());
 
-      String gaeUserId =
-          checkNotNull(
-              convertEmailAddressToGaeUserId(consoleUserEmail.get()),
-              "Email address %s is not associated with any GAE ID",
-              consoleUserEmail.get());
       String password = optionalPassword.orElse(passwordGenerator.createString(PASSWORD_LENGTH));
       String phonePasscode =
           optionalPasscode.orElse(passcodeGenerator.createString(PASSCODE_LENGTH));
@@ -213,7 +209,7 @@ public final class ConsoleRegistrarCreatorAction extends HtmlAction {
               .setType(Registrar.Type.REAL)
               .setPassword(password)
               .setPhonePasscode(phonePasscode)
-              .setState(Registrar.State.PENDING)
+              .setState(State.PENDING)
               .setLocalizedAddress(
                   new RegistrarAddress.Builder()
                       .setStreet(
@@ -232,7 +228,7 @@ public final class ConsoleRegistrarCreatorAction extends HtmlAction {
               .setRegistrar(registrar)
               .setName(consoleUserEmail.get())
               .setEmailAddress(consoleUserEmail.get())
-              .setGaeUserId(gaeUserId)
+              .setLoginEmailAddress(consoleUserEmail.get())
               .build();
       tm().transact(
               () -> {
@@ -285,7 +281,7 @@ public final class ConsoleRegistrarCreatorAction extends HtmlAction {
             .render());
   }
 
-  private String toEmailLine(Optional<?> value, String name) {
+  private static String toEmailLine(Optional<?> value, String name) {
     return String.format("    %s: %s\n", name, value.orElse(null));
   }
   private void sendExternalUpdates() {

core/src/main/java/google/registry/ui/server/registrar/RegistryLockGetAction.java

@@ -24,6 +24,7 @@ import static javax.servlet.http.HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
 
 import com.google.appengine.api.users.User;
 import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Ascii;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.flogger.FluentLogger;
@@ -123,16 +124,21 @@ public final class RegistryLockGetAction implements JsonGetAction {
   static Optional<RegistrarPoc> getContactMatchingLogin(User user, Registrar registrar) {
     ImmutableList<RegistrarPoc> matchingContacts =
         registrar.getContacts().stream()
-            .filter(contact -> contact.getGaeUserId() != null)
+            .filter(contact -> contact.getLoginEmailAddress() != null)
-            .filter(contact -> Objects.equals(contact.getGaeUserId(), user.getUserId()))
+            .filter(
+                contact ->
+                    Objects.equals(
+                        Ascii.toLowerCase(contact.getLoginEmailAddress()),
+                        Ascii.toLowerCase(user.getEmail())))
             .collect(toImmutableList());
     if (matchingContacts.size() > 1) {
       ImmutableList<String> matchingEmails =
           matchingContacts.stream().map(RegistrarPoc::getEmailAddress).collect(toImmutableList());
       throw new IllegalArgumentException(
           String.format(
-              "User ID %s had multiple matching contacts with email addresses %s",
+              "User with login email %s had multiple matching contacts with contact email addresses"
-              user.getUserId(), matchingEmails));
+                  + " %s",
+              user.getEmail(), matchingEmails));
     }
     return matchingContacts.stream().findFirst();
   }
@@ -188,7 +194,7 @@ public final class RegistryLockGetAction implements JsonGetAction {
         getLockedDomains(registrarId, isAdmin));
   }
 
-  private ImmutableList<ImmutableMap<String, ?>> getLockedDomains(
+  private static ImmutableList<ImmutableMap<String, ?>> getLockedDomains(
       String registrarId, boolean isAdmin) {
     return jpaTm()
         .transact(
@@ -199,7 +205,7 @@ public final class RegistryLockGetAction implements JsonGetAction {
                     .collect(toImmutableList()));
   }
 
-  private ImmutableMap<String, ?> lockToMap(RegistryLock lock, boolean isAdmin) {
+  private static ImmutableMap<String, ?> lockToMap(RegistryLock lock, boolean isAdmin) {
     DateTime now = jpaTm().getTransactionTime();
     return new ImmutableMap.Builder<String, Object>()
         .put(DOMAIN_NAME_PARAM, lock.getDomainName())

core/src/main/resources/google/registry/ui/soy/registrar/ContactSettings.soy

@@ -183,8 +183,8 @@
         {/call}
       {/if}
     </table>
-    {if isNonnull($item['gaeUserId'])}
+    {if isNonnull($item['loginEmailAddress'])}
-      <input type="hidden" name="{$namePrefix}gaeUserId" value="{$item['gaeUserId']}">
+      <input type="hidden" name="{$namePrefix}loginEmailAddress" value="{$item['loginEmailAddress']}">
     {/if}
   </div>
 {/template}

core/src/test/java/google/registry/batch/RelockDomainActionTest.java

@@ -84,7 +84,7 @@ public class RelockDomainActionTest {
       AppEngineExtension.builder()
           .withCloudSql()
           .withTaskQueue()
-          .withUserService(UserInfo.create(POC_ID, "12345"))
+          .withUserService(UserInfo.create(POC_ID))
           .build();
 
   private Domain domain;

core/src/test/java/google/registry/export/sheet/SyncRegistrarsSheetTest.java

@@ -169,7 +169,7 @@ public class SyncRegistrarsSheetTest {
                 // distinction to make sure we're not relying on it.  Sigh.
                 .setVisibleInWhoisAsAdmin(false)
                 .setVisibleInWhoisAsTech(true)
-                .setGaeUserId("light")
+                .setLoginEmailAddress("john.doe@example.tld")
                 .build(),
             new RegistrarPoc.Builder()
                 .setRegistrar(registrar)
@@ -217,7 +217,7 @@ public class SyncRegistrarsSheetTest {
                 + "Phone number and email visible in domain WHOIS query as "
                 + "Registrar Abuse contact info: No\n"
                 + "Registrar-Console access: Yes\n"
-                + "GAE-UserID: light\n");
+                + "Login Email Address: john.doe@example.tld\n");
     assertThat(row)
         .containsEntry(
             "techContacts",
@@ -262,7 +262,7 @@ public class SyncRegistrarsSheetTest {
                 + "Phone number and email visible in domain WHOIS query as "
                 + "Registrar Abuse contact info: No\n"
                 + "Registrar-Console access: Yes\n"
-                + "GAE-UserID: light\n");
+                + "Login Email Address: john.doe@example.tld\n");
     assertThat(row).containsEntry("emailAddress", "nowhere@example.org");
     assertThat(row).containsEntry(
         "address.street", "I get fallen back upon since there's no l10n addr");

core/src/test/java/google/registry/model/OteAccountBuilderTest.java

@@ -64,7 +64,7 @@ public final class OteAccountBuilderTest {
     persistPremiumList("default_sandbox_list", USD, "sandbox,USD 1000");
   }
 
-  private void assertTldExists(String tld, TldState tldState, Money eapFee) {
+  private static void assertTldExists(String tld, TldState tldState, Money eapFee) {
     Registry registry = Registry.get(tld);
     assertThat(registry).isNotNull();
     assertThat(registry.getPremiumListName()).hasValue("default_sandbox_list");
@@ -80,7 +80,7 @@ public final class OteAccountBuilderTest {
         .isEqualTo(eapFee.getAmount());
   }
 
-  private void assertRegistrarExists(String registrarId, String tld) {
+  private static void assertRegistrarExists(String registrarId, String tld) {
     Registrar registrar = Registrar.loadByRegistrarId(registrarId).orElse(null);
     assertThat(registrar).isNotNull();
     assertThat(registrar.getType()).isEqualTo(Registrar.Type.OTE);
@@ -88,7 +88,7 @@ public final class OteAccountBuilderTest {
     assertThat(registrar.getAllowedTlds()).containsExactly(tld);
   }
 
-  private void assertContactExists(String registrarId, String email) {
+  private static void assertContactExists(String registrarId, String email) {
     Registrar registrar = Registrar.loadByRegistrarId(registrarId).get();
     assertThat(registrar.getContacts().stream().map(RegistrarPoc::getEmailAddress)).contains(email);
     RegistrarPoc contact =
@@ -97,7 +97,7 @@ public final class OteAccountBuilderTest {
             .findAny()
             .get();
     assertThat(contact.getEmailAddress()).isEqualTo(email);
-    assertThat(contact.getGaeUserId()).isNotEmpty();
+    assertThat(contact.getLoginEmailAddress()).isEqualTo(email);
   }
 
   @Test

core/src/test/java/google/registry/persistence/transaction/JpaTransactionManagerExtension.java

@@ -43,7 +43,6 @@ import google.registry.util.Clock;
 import java.io.File;
 import java.io.IOException;
 import java.io.UncheckedIOException;
-import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.sql.Connection;
 import java.sql.Driver;
@@ -90,9 +89,6 @@ abstract class JpaTransactionManagerExtension implements BeforeEachCallback, Aft
   // is documented in PSQL's official user guide.
   private static final String CONNECTION_BACKEND_TYPE = "client backend";
   private static final int ACTIVE_CONNECTIONS_CAP = 5;
-  public static final String NEW_REGISTRAR_GAE_USER_ID = "666";
-  public static final String THE_REGISTRAR_GAE_USER_ID = "31337";
-  public static final String MARLA_SINGER_GAE_USER_ID = "12345";
 
   private final Clock clock;
   private final Optional<String> initScriptPath;
@@ -171,7 +167,7 @@ abstract class JpaTransactionManagerExtension implements BeforeEachCallback, Aft
       File tempSqlFile = File.createTempFile("tempSqlFile", ".sql");
       tempSqlFile.deleteOnExit();
       exporter.export(extraEntityClasses, tempSqlFile);
-      executeSql(new String(Files.readAllBytes(tempSqlFile.toPath()), StandardCharsets.UTF_8));
+      executeSql(Files.readString(tempSqlFile.toPath()));
     }
     assertReasonableNumDbConnections();
     emf = createEntityManagerFactory(getJpaProperties());
@@ -308,7 +304,7 @@ abstract class JpaTransactionManagerExtension implements BeforeEachCallback, Aft
   private static String getJdbcUrl() {
     // Disable Postgres driver use of java.util.logging to reduce noise at startup time
     return "jdbc:postgresql://"
-        + database.getContainerIpAddress()
+        + database.getHost()
         + ":"
         + database.getMappedPort(POSTGRESQL_PORT)
         + "/"
@@ -411,7 +407,7 @@ abstract class JpaTransactionManagerExtension implements BeforeEachCallback, Aft
         .setEmailAddress("johndoe@theregistrar.com")
         .setPhoneNumber("+1.1234567890")
         .setTypes(ImmutableSet.of(RegistrarPoc.Type.ADMIN))
-        .setGaeUserId(THE_REGISTRAR_GAE_USER_ID)
+        .setLoginEmailAddress("johndoe@theregistrar.com")
         .build();
   }
 
@@ -423,7 +419,7 @@ abstract class JpaTransactionManagerExtension implements BeforeEachCallback, Aft
         .setRegistryLockEmailAddress("Marla.Singer.RegistryLock@crr.com")
         .setPhoneNumber("+1.2128675309")
         .setTypes(ImmutableSet.of(RegistrarPoc.Type.TECH))
-        .setGaeUserId(MARLA_SINGER_GAE_USER_ID)
+        .setLoginEmailAddress("Marla.Singer@crr.com")
         .setAllowedToSetRegistryLockPassword(true)
         .setRegistryLockPassword("hi")
         .build();

core/src/test/java/google/registry/request/RequestHandlerTest.java

@@ -55,7 +55,7 @@ public final class RequestHandlerTest {
   final AppEngineExtension appEngine =
       AppEngineExtension.builder()
           .withCloudSql()
-          .withUserService(UserInfo.create("test@example.com", "test@example.com"))
+          .withUserService(UserInfo.create("test@example.com"))
           .build();
 
   @Action(

core/src/test/java/google/registry/request/auth/AuthenticatedRegistrarAccessorTest.java

@@ -17,7 +17,6 @@ package google.registry.request.auth;
 import static com.google.common.truth.Truth.assertThat;
 import static google.registry.request.auth.AuthenticatedRegistrarAccessor.Role.ADMIN;
 import static google.registry.request.auth.AuthenticatedRegistrarAccessor.Role.OWNER;
-import static google.registry.testing.AppEngineExtension.THE_REGISTRAR_GAE_USER_ID;
 import static google.registry.testing.DatabaseHelper.loadRegistrar;
 import static google.registry.testing.DatabaseHelper.persistResource;
 import static google.registry.testing.LogsSubject.assertAboutLogs;
@@ -94,14 +93,7 @@ class AuthenticatedRegistrarAccessorTest {
   private static AuthResult createAuthResult(boolean isAdmin) {
     return AuthResult.create(
         AuthLevel.USER,
-        UserAuthInfo.create(
+        UserAuthInfo.create(new User("johndoe@theregistrar.com", "theregistrar.com"), isAdmin));
-            new User(
-                String.format(
-                    "%s@gmail.com",
-                    isAdmin ? "admin" : "user"),
-                "gmail.com",
-                THE_REGISTRAR_GAE_USER_ID),
-            isAdmin));
   }
 
   @BeforeEach
@@ -195,7 +187,8 @@ class AuthenticatedRegistrarAccessorTest {
    */
   @Test
   void getAllRegistrarIdWithAccess_userInSupportGroup() {
-    when(groupsConnection.isMemberOfGroup("user@gmail.com", SUPPORT_GROUP.get())).thenReturn(true);
+    when(groupsConnection.isMemberOfGroup("johndoe@theregistrar.com", SUPPORT_GROUP.get()))
+        .thenReturn(true);
     AuthenticatedRegistrarAccessor registrarAccessor =
         new AuthenticatedRegistrarAccessor(
             USER, ADMIN_REGISTRAR_ID, SUPPORT_GROUP, lazyGroupsConnection);
@@ -233,7 +226,7 @@ class AuthenticatedRegistrarAccessorTest {
         new AuthenticatedRegistrarAccessor(
             USER, ADMIN_REGISTRAR_ID, SUPPORT_GROUP, lazyGroupsConnection);
 
-    verify(groupsConnection).isMemberOfGroup("user@gmail.com", SUPPORT_GROUP.get());
+    verify(groupsConnection).isMemberOfGroup("johndoe@theregistrar.com", SUPPORT_GROUP.get());
     assertThat(registrarAccessor.getAllRegistrarIdsWithRoles())
         .containsExactly(REGISTRAR_ID_WITH_CONTACT, OWNER);
     verify(lazyGroupsConnection).get();
@@ -245,7 +238,7 @@ class AuthenticatedRegistrarAccessorTest {
     expectGetRegistrarFailure(
         REAL_REGISTRAR_ID_WITHOUT_CONTACT,
         USER,
-        "user user@gmail.com doesn't have access to registrar NewRegistrar");
+        "user johndoe@theregistrar.com doesn't have access to registrar NewRegistrar");
     verify(lazyGroupsConnection).get();
   }
 
@@ -260,7 +253,7 @@ class AuthenticatedRegistrarAccessorTest {
     expectGetRegistrarFailure(
         REGISTRAR_ID_WITH_CONTACT,
         USER,
-        "user user@gmail.com doesn't have access to registrar TheRegistrar");
+        "user johndoe@theregistrar.com doesn't have access to registrar TheRegistrar");
     verify(lazyGroupsConnection).get();
   }
 
@@ -270,7 +263,7 @@ class AuthenticatedRegistrarAccessorTest {
     expectGetRegistrarFailure(
         OTE_REGISTRAR_ID_WITHOUT_CONTACT,
         USER,
-        "user user@gmail.com doesn't have access to registrar OteRegistrar");
+        "user johndoe@theregistrar.com doesn't have access to registrar OteRegistrar");
     verify(lazyGroupsConnection).get();
   }
 
@@ -290,7 +283,19 @@ class AuthenticatedRegistrarAccessorTest {
     expectGetRegistrarSuccess(
         REGISTRAR_ID_WITH_CONTACT,
         USER,
-        "user user@gmail.com has [OWNER] access to registrar TheRegistrar");
+        "user johndoe@theregistrar.com has [OWNER] access to registrar TheRegistrar");
+    verify(lazyGroupsConnection).get();
+  }
+
+  /** Succeed loading registrar if user has access to it. Email address is case-insensitive */
+  @Test
+  void testGetRegistrarForUser_inContacts_isNotAdmin_caseInsensitive() throws Exception {
+    expectGetRegistrarSuccess(
+        REGISTRAR_ID_WITH_CONTACT,
+        AuthResult.create(
+            AuthLevel.USER,
+            UserAuthInfo.create(new User("JohnDoe@theregistrar.com", "theregistrar.com"), false)),
+        "user JohnDoe@theregistrar.com has [OWNER] access to registrar TheRegistrar");
     verify(lazyGroupsConnection).get();
   }
 
@@ -300,7 +305,7 @@ class AuthenticatedRegistrarAccessorTest {
     expectGetRegistrarSuccess(
         REGISTRAR_ID_WITH_CONTACT,
         GAE_ADMIN,
-        "admin admin@gmail.com has [OWNER, ADMIN] access to registrar TheRegistrar");
+        "admin johndoe@theregistrar.com has [OWNER, ADMIN] access to registrar TheRegistrar");
     verifyNoInteractions(lazyGroupsConnection);
   }
 
@@ -310,7 +315,7 @@ class AuthenticatedRegistrarAccessorTest {
     expectGetRegistrarSuccess(
         REAL_REGISTRAR_ID_WITHOUT_CONTACT,
         GAE_ADMIN,
-        "admin admin@gmail.com has [ADMIN] access to registrar NewRegistrar.");
+        "admin johndoe@theregistrar.com has [ADMIN] access to registrar NewRegistrar.");
     verifyNoInteractions(lazyGroupsConnection);
   }
 
@@ -325,7 +330,7 @@ class AuthenticatedRegistrarAccessorTest {
     expectGetRegistrarSuccess(
         REAL_REGISTRAR_ID_WITHOUT_CONTACT,
         GAE_ADMIN,
-        "admin admin@gmail.com has [OWNER, ADMIN] access to registrar NewRegistrar.");
+        "admin johndoe@theregistrar.com has [OWNER, ADMIN] access to registrar NewRegistrar.");
     verifyNoInteractions(lazyGroupsConnection);
   }
 
@@ -335,7 +340,7 @@ class AuthenticatedRegistrarAccessorTest {
     expectGetRegistrarSuccess(
         OTE_REGISTRAR_ID_WITHOUT_CONTACT,
         GAE_ADMIN,
-        "admin admin@gmail.com has [OWNER, ADMIN] access to registrar OteRegistrar.");
+        "admin johndoe@theregistrar.com has [OWNER, ADMIN] access to registrar OteRegistrar.");
     verifyNoInteractions(lazyGroupsConnection);
   }
 

core/src/test/java/google/registry/server/RegistryTestServerMain.java

@@ -56,11 +56,6 @@ public final class RegistryTestServerMain {
       description = "Login email address for App Engine Local User Service.")
   private String loginEmail = "Marla.Singer@crr.com";
 
-  @Parameter(
-      names = "--login_user_id",
-      description = "GAE User ID for App Engine Local User Service.")
-  private String loginUserId = AppEngineExtension.MARLA_SINGER_GAE_USER_ID;
-
   @Parameter(
       names = "--login_is_admin",
       description = "Should logged in user be an admin for App Engine Local User Service.",
@@ -140,9 +135,7 @@ public final class RegistryTestServerMain {
             .withTaskQueue()
             .withLocalModules()
             .withUserService(
-                loginIsAdmin
+                loginIsAdmin ? UserInfo.createAdmin(loginEmail) : UserInfo.create(loginEmail))
-                    ? UserInfo.createAdmin(loginEmail, loginUserId)
-                    : UserInfo.create(loginEmail, loginUserId))
             .build();
     appEngine.setUp();
     new JpaTestExtensions.Builder().buildIntegrationTestExtension().beforeEach(null);

core/src/test/java/google/registry/testing/AppEngineExtension.java

@@ -81,10 +81,6 @@ import org.junit.jupiter.api.io.TempDir;
  */
 public final class AppEngineExtension implements BeforeEachCallback, AfterEachCallback {
 
-  public static final String NEW_REGISTRAR_GAE_USER_ID = "666";
-  public static final String THE_REGISTRAR_GAE_USER_ID = "31337";
-  public static final String MARLA_SINGER_GAE_USER_ID = "12345";
-
   /**
    * The GAE testing library requires queue.xml to be a file, not a resource in a jar, so we read it
    * in here and write it to a temporary file later.
@@ -336,7 +332,7 @@ public final class AppEngineExtension implements BeforeEachCallback, AfterEachCa
         .setEmailAddress("johndoe@theregistrar.com")
         .setPhoneNumber("+1.1234567890")
         .setTypes(ImmutableSet.of(RegistrarPoc.Type.ADMIN))
-        .setGaeUserId(THE_REGISTRAR_GAE_USER_ID)
+        .setLoginEmailAddress("johndoe@theregistrar.com")
         .build();
   }
 
@@ -348,7 +344,7 @@ public final class AppEngineExtension implements BeforeEachCallback, AfterEachCa
         .setRegistryLockEmailAddress("Marla.Singer.RegistryLock@crr.com")
         .setPhoneNumber("+1.2128675309")
         .setTypes(ImmutableSet.of(RegistrarPoc.Type.TECH))
-        .setGaeUserId(MARLA_SINGER_GAE_USER_ID)
+        .setLoginEmailAddress("Marla.Singer@crr.com")
         .setAllowedToSetRegistryLockPassword(true)
         .setRegistryLockPassword("hi")
         .build();
@@ -435,11 +431,6 @@ public final class AppEngineExtension implements BeforeEachCallback, AfterEachCa
       // Set top-level properties on LocalServiceTestConfig for user login.
       helper
           .setEnvIsLoggedIn(userInfo.isLoggedIn())
-          // This envAttributes thing is the only way to set userId.
-          // see https://code.google.com/p/googleappengine/issues/detail?id=3579
-          .setEnvAttributes(
-              ImmutableMap.of(
-                  "com.google.appengine.api.users.UserService.user_id_key", userInfo.gaeUserId()))
           .setEnvAuthDomain(userInfo.authDomain())
           .setEnvEmail(userInfo.email())
           .setEnvIsAdmin(userInfo.isAdmin());

core/src/test/java/google/registry/testing/UserInfo.java

@@ -24,25 +24,24 @@ public abstract class UserInfo {
 
   abstract String email();
   abstract String authDomain();
-  abstract String gaeUserId();
   abstract boolean isAdmin();
   abstract boolean isLoggedIn();
 
   /** Creates a new logged-in non-admin user instance. */
-  public static UserInfo create(String email, String gaeUserId) {
+  public static UserInfo create(String email) {
     String authDomain = email.substring(email.indexOf('@') + 1);
-    return new AutoValue_UserInfo(email, authDomain, gaeUserId, false, true);
+    return new AutoValue_UserInfo(email, authDomain, false, true);
   }
 
   /** Creates a new logged-in admin user instance. */
-  public static UserInfo createAdmin(String email, String gaeUserId) {
+  public static UserInfo createAdmin(String email) {
     String authDomain = email.substring(email.indexOf('@') + 1);
-    return new AutoValue_UserInfo(email, authDomain, gaeUserId, true, true);
+    return new AutoValue_UserInfo(email, authDomain, true, true);
   }
 
   /** Returns a logged-out user instance. */
   public static UserInfo loggedOut() {
-    return new AutoValue_UserInfo("", "", "", false, false);
+    return new AutoValue_UserInfo("", "", false, false);
   }
 
   UserInfo() {}

core/src/test/java/google/registry/tools/DomainLockUtilsTest.java

@@ -79,7 +79,7 @@ public final class DomainLockUtilsTest {
           .withCloudSql()
           .withClock(clock)
           .withTaskQueue()
-          .withUserService(UserInfo.create(POC_ID, "12345"))
+          .withUserService(UserInfo.create(POC_ID))
           .build();
 
   private Domain domain;

core/src/test/java/google/registry/tools/RegistrarPocCommandTest.java

@@ -132,10 +132,33 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
         "NewRegistrar");
     RegistrarPoc registrarPoc =
         loadRegistrar("NewRegistrar").getContacts().stream()
-            .filter(rc -> rc.getEmailAddress().equals("jane.doe@example.com"))
+            .filter(rc -> "jane.doe@example.com".equals(rc.getEmailAddress()))
             .findFirst()
             .get();
-    assertThat(registrarPoc.getGaeUserId()).matches("-?[0-9]+");
+    assertThat(registrarPoc.getLoginEmailAddress()).isEqualTo("jane.doe@example.com");
+  }
+
+  @Test
+  void testUpdate_enableConsoleAccess_specifyLoginEmail() throws Exception {
+    Registrar registrar = loadRegistrar("NewRegistrar");
+    persistSimpleResource(
+        new RegistrarPoc.Builder()
+            .setRegistrar(registrar)
+            .setName("Jane Doe")
+            .setEmailAddress("jane.doe@example.com")
+            .build());
+    runCommandForced(
+        "--mode=UPDATE",
+        "--email=jane.doe@example.com",
+        "--login_email=jim.doe@example.com",
+        "--allow_console_access=true",
+        "NewRegistrar");
+    RegistrarPoc registrarPoc =
+        loadRegistrar("NewRegistrar").getContacts().stream()
+            .filter(rc -> "jane.doe@example.com".equals(rc.getEmailAddress()))
+            .findFirst()
+            .get();
+    assertThat(registrarPoc.getLoginEmailAddress()).isEqualTo("jim.doe@example.com");
   }
 
   @Test
@@ -146,7 +169,6 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
             .setRegistrar(registrar)
             .setName("Judith Doe")
             .setEmailAddress("judith.doe@example.com")
-            .setGaeUserId("11111")
             .build());
     runCommandForced(
         "--mode=UPDATE",
@@ -154,7 +176,7 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
         "--allow_console_access=false",
         "NewRegistrar");
     RegistrarPoc registrarPoc = loadRegistrar("NewRegistrar").getContacts().asList().get(1);
-    assertThat(registrarPoc.getGaeUserId()).isNull();
+    assertThat(registrarPoc.getLoginEmailAddress()).isNull();
   }
 
   @Test
@@ -165,14 +187,12 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
             .setRegistrar(registrar)
             .setName("John Doe")
             .setEmailAddress("john.doe@example.com")
-            .setGaeUserId("11111")
             .build());
     persistSimpleResource(
         new RegistrarPoc.Builder()
             .setRegistrar(registrar)
             .setName("Johnna Doe")
             .setEmailAddress("johnna.doe@example.com")
-            .setGaeUserId("11112")
             .setVisibleInDomainWhoisAsAbuse(true)
             .build());
     runCommandForced(
@@ -183,7 +203,7 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
     ImmutableList<RegistrarPoc> registrarPocs =
         loadRegistrar("NewRegistrar").getContacts().asList();
     for (RegistrarPoc registrarPoc : registrarPocs) {
-      if (registrarPoc.getName().equals("John Doe")) {
+      if ("John Doe".equals(registrarPoc.getName())) {
         assertThat(registrarPoc.getVisibleInDomainWhoisAsAbuse()).isTrue();
       } else {
         assertThat(registrarPoc.getVisibleInDomainWhoisAsAbuse()).isFalse();
@@ -199,7 +219,6 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
             .setRegistrar(registrar)
             .setName("John Doe")
             .setEmailAddress("john.doe@example.com")
-            .setGaeUserId("11111")
             .setVisibleInDomainWhoisAsAbuse(true)
             .build());
     IllegalArgumentException thrown =
@@ -227,7 +246,6 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
                 .setRegistrar(registrar)
                 .setName("John Doe")
                 .setEmailAddress("john.doe@example.com")
-                .setGaeUserId("11111")
                 .setPhoneNumber("123-456-7890")
                 .setFaxNumber("123-456-7890")
                 .setTypes(ImmutableSet.of(ADMIN, ABUSE))
@@ -239,7 +257,6 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
     RegistrarPoc registrarPoc = loadRegistrar("NewRegistrar").getContacts().asList().get(1);
     assertThat(registrarPoc.getEmailAddress()).isEqualTo(existingContact.getEmailAddress());
     assertThat(registrarPoc.getName()).isEqualTo(existingContact.getName());
-    assertThat(registrarPoc.getGaeUserId()).isEqualTo(existingContact.getGaeUserId());
     assertThat(registrarPoc.getPhoneNumber()).isEqualTo(existingContact.getPhoneNumber());
     assertThat(registrarPoc.getFaxNumber()).isEqualTo(existingContact.getFaxNumber());
     assertThat(registrarPoc.getTypes()).isEqualTo(existingContact.getTypes());
@@ -259,7 +276,6 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
             .setRegistrar(registrar)
             .setName("John Doe")
             .setEmailAddress("john.doe@example.com")
-            .setGaeUserId("11111")
             .setPhoneNumber("123-456-7890")
             .setFaxNumber("123-456-7890")
             .setTypes(ImmutableSet.of(ADMIN, ABUSE))
@@ -287,10 +303,7 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
             .setTypes(ImmutableSet.of(ADMIN, ABUSE))
             .build());
     runCommandForced(
-        "--mode=UPDATE",
+        "--mode=UPDATE", "--email=john.doe@example.com", "--contact_type=", "NewRegistrar");
-        "--email=john.doe@example.com",
-        "--contact_type=",
-        "NewRegistrar");
     RegistrarPoc registrarPoc = loadRegistrar("NewRegistrar").getContacts().asList().get(1);
     assertThat(registrarPoc.getTypes()).isEmpty();
   }
@@ -321,16 +334,13 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
                 .setVisibleInWhoisAsTech(false)
                 .setVisibleInDomainWhoisAsAbuse(true)
                 .build());
-    assertThat(registrarPoc.getGaeUserId()).isNull();
+    assertThat(registrarPoc.getLoginEmailAddress()).isNull();
   }
 
   @Test
   void testDelete() throws Exception {
     assertThat(loadRegistrar("NewRegistrar").getContacts()).isNotEmpty();
-    runCommandForced(
+    runCommandForced("--mode=DELETE", "--email=janedoe@theregistrar.com", "NewRegistrar");
-        "--mode=DELETE",
-        "--email=janedoe@theregistrar.com",
-        "NewRegistrar");
     assertThat(loadRegistrar("NewRegistrar").getContacts()).isEmpty();
   }
 
@@ -358,7 +368,21 @@ class RegistrarPocCommandTest extends CommandTestCase<RegistrarPocCommand> {
         "--contact_type=ADMIN,ABUSE",
         "NewRegistrar");
     RegistrarPoc registrarPoc = loadRegistrar("NewRegistrar").getContacts().asList().get(1);
-    assertThat(registrarPoc.getGaeUserId()).matches("-?[0-9]+");
+    assertThat(registrarPoc.getEmailAddress()).isEqualTo("jim.doe@example.com");
+  }
+
+  @Test
+  void testCreate_withConsoleAccessEnabled_specifyLoginEmail() throws Exception {
+    runCommandForced(
+        "--mode=CREATE",
+        "--name=Jim Doe",
+        "--email=jim.doe@example.com",
+        "--login_email=jane.doe@example.com",
+        "--allow_console_access=true",
+        "--contact_type=ADMIN,ABUSE",
+        "NewRegistrar");
+    RegistrarPoc registrarPoc = loadRegistrar("NewRegistrar").getContacts().asList().get(1);
+    assertThat(registrarPoc.getLoginEmailAddress()).isEqualTo("jane.doe@example.com");
   }
 
   @Test

core/src/test/java/google/registry/tools/SetupOteCommandTest.java

@@ -114,7 +114,7 @@ class SetupOteCommandTest extends CommandTestCase<SetupOteCommand> {
     RegistrarPoc registrarPoc = registrarPocs.stream().findAny().get();
     assertThat(registrarPoc.getEmailAddress()).isEqualTo(email);
     assertThat(registrarPoc.getName()).isEqualTo(email);
-    assertThat(registrarPoc.getGaeUserId()).isNotNull();
+    assertThat(registrarPoc.getLoginEmailAddress()).isEqualTo(email);
   }
 
   @Test

core/src/test/java/google/registry/ui/server/registrar/ConsoleRegistrarCreatorActionTest.java

@@ -16,7 +16,6 @@ package google.registry.ui.server.registrar;
 
 import static com.google.common.net.HttpHeaders.LOCATION;
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.model.common.GaeUserIdConverter.convertEmailAddressToGaeUserId;
 import static google.registry.model.registrar.Registrar.loadByRegistrarId;
 import static google.registry.testing.DatabaseHelper.persistPremiumList;
 import static javax.servlet.http.HttpServletResponse.SC_MOVED_TEMPORARILY;
@@ -67,7 +66,7 @@ final class ConsoleRegistrarCreatorActionTest {
   final AppEngineExtension appEngineExtension = AppEngineExtension.builder().withCloudSql().build();
 
   @RegisterExtension
-  @Order(value = Integer.MAX_VALUE)
+  @Order(Integer.MAX_VALUE)
   final SystemPropertyExtension systemPropertyExtension = new SystemPropertyExtension();
 
   private final FakeResponse response = new FakeResponse();
@@ -217,10 +216,9 @@ final class ConsoleRegistrarCreatorActionTest {
         .containsExactly(
             new RegistrarPoc.Builder()
                 .setRegistrar(registrar)
-                .setGaeUserId("-1509175207")
-                .setGaeUserId(convertEmailAddressToGaeUserId("myclientid@registry.example"))
                 .setName("myclientid@registry.example")
                 .setEmailAddress("myclientid@registry.example")
+                .setLoginEmailAddress("myclientid@registry.example")
                 .build());
   }
 

core/src/test/java/google/registry/ui/server/registrar/ConsoleUiActionTest.java

@@ -52,7 +52,7 @@ class ConsoleUiActionTest {
   final AppEngineExtension appEngineExtension =
       AppEngineExtension.builder()
           .withCloudSql()
-          .withUserService(UserInfo.create("marla.singer@example.com", "12345"))
+          .withUserService(UserInfo.create("marla.singer@example.com"))
           .build();
 
   private final HttpServletRequest request = mock(HttpServletRequest.class);

core/src/test/java/google/registry/ui/server/registrar/RegistryLockGetActionTest.java

@@ -72,7 +72,7 @@ final class RegistryLockGetActionTest {
 
   @BeforeEach
   void beforeEach() {
-    user = userFromRegistrarPoc(AppEngineExtension.makeRegistrarContact3());
+    user = userFromRegistrarPoc(makeRegistrarContact3());
     fakeClock.setTo(DateTime.parse("2000-06-08T22:00:00.0Z"));
     authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false));
     accessor =
@@ -335,7 +335,7 @@ final class RegistryLockGetActionTest {
     // Locks are allowed for admins even when they're not enabled for the registrar
     persistResource(makeRegistrar2().asBuilder().setRegistryLockAllowed(false).build());
     // disallow the other user
-    persistResource(makeRegistrarContact2().asBuilder().setGaeUserId(null).build());
+    persistResource(makeRegistrarContact2().asBuilder().setLoginEmailAddress(null).build());
     authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, true));
     accessor =
         AuthenticatedRegistrarAccessor.createForTesting(
@@ -361,9 +361,9 @@ final class RegistryLockGetActionTest {
   }
 
   @Test
-  void testSuccess_linkedToContactEmail() {
+  void testSuccess_linkedToLoginContactEmail() {
-    // Even though the user is some.email@gmail.com the contact is still Marla Singer
+    // Note that the email address is case-insensitive.
-    user = new User("some.email@gmail.com", "gmail.com", user.getUserId());
+    user = new User("marla.singer@crr.com", "crr.com", user.getUserId());
     authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false));
     action =
         new RegistryLockGetAction(
@@ -413,6 +413,6 @@ final class RegistryLockGetActionTest {
   }
 
   static User userFromRegistrarPoc(RegistrarPoc registrarPoc) {
-    return new User(registrarPoc.getEmailAddress(), "gmail.com", registrarPoc.getGaeUserId());
+    return new User(registrarPoc.getLoginEmailAddress(), "gmail.com");
   }
 }

core/src/test/java/google/registry/ui/server/registrar/RegistryLockPostActionTest.java

@@ -159,10 +159,8 @@ final class RegistryLockPostActionTest {
   }
 
   @Test
-  void testSuccess_linkedToContactEmail() throws Exception {
+  void testSuccess_linkedToLoginEmail() throws Exception {
-    // Even though the user is some.email@gmail.com the contact is still Marla Singer
+    userWithLockPermission = new User("Marla.Singer@crr.com", "crr.com");
-    userWithLockPermission =
-        new User("some.email@gmail.com", "gmail.com", userWithLockPermission.getUserId());
     action =
         createAction(
             AuthResult.create(AuthLevel.USER, UserAuthInfo.create(userWithLockPermission, false)));

core/src/test/java/google/registry/ui/server/registrar/RegistryLockVerifyActionTest.java

@@ -70,7 +70,7 @@ final class RegistryLockVerifyActionTest {
       AppEngineExtension.builder()
           .withCloudSql()
           .withClock(fakeClock)
-          .withUserService(UserInfo.create("marla.singer@example.com", "12345"))
+          .withUserService(UserInfo.create("marla.singer@example.com"))
           .build();
 
   private final HttpServletRequest request = mock(HttpServletRequest.class);

core/src/test/java/google/registry/webdriver/OteSetupConsoleScreenshotTest.java

@@ -59,16 +59,4 @@ public class OteSetupConsoleScreenshotTest extends WebDriverTestCase {
     driver.waitForDisplayedElement(By.tagName("h1"));
     driver.diffPage("oteResult");
   }
-
-  @RetryingTest(3)
-  void get_admin_fails_badEmail() throws Throwable {
-    server.setIsAdmin(true);
-    driver.get(server.getUrl("/registrar-ote-setup"));
-    driver.waitForDisplayedElement(By.tagName("h1"));
-    driver.findElement(By.id("clientId")).sendKeys("acmereg");
-    driver.findElement(By.id("email")).sendKeys("bad email");
-    driver.findElement(By.id("submit-button")).click();
-    driver.waitForDisplayedElement(By.tagName("h1"));
-    driver.diffPage("oteResultFailed");
-  }
 }

core/src/test/java/google/registry/webdriver/RegistrarConsoleScreenshotTest.java

@@ -62,7 +62,6 @@ class RegistrarConsoleScreenshotTest extends WebDriverTestCase {
           .setFilters(ObjectifyFilter.class, OfyFilter.class)
           .setFixtures(BASIC)
           .setEmail("Marla.Singer@crr.com") // from AppEngineExtension.makeRegistrarContact3
-          .setGaeUserId("12345") // from AppEngineExtension.makeRegistrarContact3
           .build();
 
   @RetryingTest(3)

core/src/test/java/google/registry/webdriver/RegistrarConsoleWebTest.java

@@ -45,7 +45,7 @@ public class RegistrarConsoleWebTest extends WebDriverTestCase {
               route("/registrar-settings", FrontendServlet.class))
           .setFilters(ObjectifyFilter.class, OfyFilter.class)
           .setFixtures(BASIC)
-          .setEmail("Marla.Singer@google.com")
+          .setEmail("Marla.Singer@crr.com")
           .build();
 
   /** Checks the identified element has the given text content. */

core/src/test/java/google/registry/webdriver/RegistrarCreateConsoleScreenshotTest.java

@@ -72,28 +72,4 @@ class RegistrarCreateConsoleScreenshotTest extends WebDriverTestCase {
     driver.waitForDisplayedElement(By.tagName("h1"));
     driver.diffPage("createResult");
   }
-
-  @RetryingTest(3)
-  void get_admin_fails_badEmail() throws Throwable {
-    server.setIsAdmin(true);
-    driver.get(server.getUrl("/registrar-create"));
-    driver.waitForDisplayedElement(By.tagName("h1"));
-    driver.findElement(By.id("clientId")).sendKeys("my-name");
-    driver.findElement(By.id("name")).sendKeys("registrar name");
-    driver
-        .findElement(By.id("billingAccount"))
-        .sendKeys(""
-            + "USD=12345678-abcd-1234-5678-cba987654321\n"
-            + "JPY=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee");
-    driver.findElement(By.id("driveId")).sendKeys("drive-id");
-    driver.findElement(By.id("ianaId")).sendKeys("15263");
-    driver.findElement(By.id("referralEmail")).sendKeys("email@icann.example");
-    driver.findElement(By.id("consoleUserEmail")).sendKeys("bad email");
-    driver.findElement(By.id("street1")).sendKeys("123 Street st.");
-    driver.findElement(By.id("city")).sendKeys("Citysville");
-    driver.findElement(By.id("countryCode")).sendKeys("fr");
-    driver.findElement(By.id("submit-button")).click();
-    driver.waitForDisplayedElement(By.tagName("h1"));
-    driver.diffPage("createResultFailed");
-  }
 }

core/src/test/java/google/registry/webdriver/TestServerExtension.java

@@ -16,10 +16,8 @@ package google.registry.webdriver;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
-import static google.registry.testing.AppEngineExtension.THE_REGISTRAR_GAE_USER_ID;
 import static google.registry.util.NetworkUtils.getExternalAddressOfLocalSystem;
 import static google.registry.util.NetworkUtils.pickUnusedPort;
-import static google.registry.util.PreconditionsUtils.checkArgumentNotNull;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
@@ -35,7 +33,6 @@ import java.net.URL;
 import java.net.UnknownHostException;
 import java.nio.file.Path;
 import java.time.Duration;
-import java.util.Optional;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.Callable;
 import java.util.concurrent.FutureTask;
@@ -72,8 +69,7 @@ public final class TestServerExtension implements BeforeEachCallback, AfterEachC
       ImmutableList<Route> routes,
       ImmutableList<Class<? extends Filter>> filters,
       ImmutableList<Fixture> fixtures,
-      String email,
+      String email) {
-      Optional<String> gaeUserId) {
     this.runfiles = runfiles;
     this.routes = routes;
     this.filters = filters;
@@ -86,8 +82,7 @@ public final class TestServerExtension implements BeforeEachCallback, AfterEachC
             .withLocalModules()
             .withUrlFetch()
             .withTaskQueue()
-            .withUserService(
+            .withUserService(UserInfo.createAdmin(email))
-                UserInfo.createAdmin(email, gaeUserId.orElse(THE_REGISTRAR_GAE_USER_ID)))
             .build();
   }
 
@@ -178,7 +173,7 @@ public final class TestServerExtension implements BeforeEachCallback, AfterEachC
 
   private final class Server implements Runnable {
 
-    private ExtensionContext context;
+    private final ExtensionContext context;
 
     Server(ExtensionContext context) {
       this.context = context;
@@ -254,7 +249,6 @@ public final class TestServerExtension implements BeforeEachCallback, AfterEachC
     ImmutableList<Class<? extends Filter>> filters;
     private ImmutableList<Fixture> fixtures = ImmutableList.of();
     private String email;
-    private Optional<String> gaeUserId = Optional.empty();
 
     /** Sets the directories containing the static files for {@link TestServer}. */
     Builder setRunfiles(ImmutableMap<String, Path> runfiles) {
@@ -292,13 +286,6 @@ public final class TestServerExtension implements BeforeEachCallback, AfterEachC
       return this;
     }
 
-    /** Optionally, sets the GAE user ID for the logged in user. */
-    public Builder setGaeUserId(String gaeUserId) {
-      this.gaeUserId =
-          Optional.of(checkArgumentNotNull(gaeUserId, "Must specify a non-null GAE user ID"));
-      return this;
-    }
-
     /** Returns a new {@link TestServerExtension} instance. */
     public TestServerExtension build() {
       return new TestServerExtension(
@@ -306,8 +293,7 @@ public final class TestServerExtension implements BeforeEachCallback, AfterEachC
           checkNotNull(this.routes),
           checkNotNull(this.filters),
           checkNotNull(this.fixtures),
-          checkNotNull(this.email),
+          checkNotNull(this.email));
-          this.gaeUserId);
     }
   }
 }

core/src/test/resources/google/registry/ui/server/registrar/update_registrar.json

@@ -16,7 +16,7 @@
         "name": "Extra Terrestrial",
         "visibleInWhoisAsTech": false,
         "emailAddress": "etphonehome@example.com",
-        "gaeUserId": null,
+        "loginEmailAddress": null,
         "types": "ADMIN,BILLING,TECH,WHOIS"
       },
       {
@@ -27,7 +27,7 @@
         "visibleInWhoisAsTech": false,
         "emailAddress": "Marla.Singer@crr.com",
         "registryLockEmailAddress": "Marla.Singer.RegistryLock@crr.com",
-        "gaeUserId": "12345",
+        "loginEmailAddress": "Marla.Singer@crr.com",
         "types": "TECH"
       }
     ],

core/src/test/resources/google/registry/ui/server/registrar/update_registrar_duplicate_contacts.json

@@ -16,7 +16,7 @@
         "name": "Extra Terrestrial",
         "visibleInWhoisAsTech": false,
         "emailAddress": "etphonehome@example.com",
-        "gaeUserId": null,
+        "loginEmailAddress": null,
         "types": "ADMIN,BILLING,TECH,WHOIS"
       },
       {
@@ -26,7 +26,7 @@
         "name": "E.T.",
         "visibleInWhoisAsTech": false,
         "emailAddress": "etphonehome@example.com",
-        "gaeUserId": null,
+        "loginEmailAddress": null,
         "types": "MARKETING"
       }
     ],

core/src/test/resources/google/registry/ui/server/registrar/update_registrar_email.txt

@@ -11,9 +11,9 @@ emailAddress: the.registrar@example.com -> thase@the.registrar
 url: http://my.fake.url -> http://my.new.url
 contacts:
     ADDED:
-        {name=Extra Terrestrial, emailAddress=etphonehome@example.com, registrarId=TheRegistrar, registryLockEmailAddress=null, phoneNumber=+1.2345678901, faxNumber=null, types=[ADMIN, BILLING, TECH, WHOIS], gaeUserId=null, visibleInWhoisAsAdmin=true, visibleInWhoisAsTech=false, visibleInDomainWhoisAsAbuse=false, allowedToSetRegistryLockPassword=false}
+        {name=Extra Terrestrial, emailAddress=etphonehome@example.com, registrarId=TheRegistrar, registryLockEmailAddress=null, phoneNumber=+1.2345678901, faxNumber=null, types=[ADMIN, BILLING, TECH, WHOIS], loginEmailAddress=null, visibleInWhoisAsAdmin=true, visibleInWhoisAsTech=false, visibleInDomainWhoisAsAbuse=false, allowedToSetRegistryLockPassword=false}
     REMOVED:
-        {name=John Doe, emailAddress=johndoe@theregistrar.com, registrarId=TheRegistrar, registryLockEmailAddress=null, phoneNumber=+1.1234567890, faxNumber=null, types=[ADMIN], gaeUserId=31337, visibleInWhoisAsAdmin=false, visibleInWhoisAsTech=false, visibleInDomainWhoisAsAbuse=false, allowedToSetRegistryLockPassword=false}
+        {name=John Doe, emailAddress=johndoe@theregistrar.com, registrarId=TheRegistrar, registryLockEmailAddress=null, phoneNumber=+1.1234567890, faxNumber=null, types=[ADMIN], loginEmailAddress=johndoe@theregistrar.com, visibleInWhoisAsAdmin=false, visibleInWhoisAsTech=false, visibleInDomainWhoisAsAbuse=false, allowedToSetRegistryLockPassword=false}
     FINAL CONTENTS:
-        {name=Extra Terrestrial, emailAddress=etphonehome@example.com, registrarId=TheRegistrar, registryLockEmailAddress=null, phoneNumber=+1.2345678901, faxNumber=null, types=[ADMIN, BILLING, TECH, WHOIS], gaeUserId=null, visibleInWhoisAsAdmin=true, visibleInWhoisAsTech=false, visibleInDomainWhoisAsAbuse=false, allowedToSetRegistryLockPassword=false},
+        {name=Extra Terrestrial, emailAddress=etphonehome@example.com, registrarId=TheRegistrar, registryLockEmailAddress=null, phoneNumber=+1.2345678901, faxNumber=null, types=[ADMIN, BILLING, TECH, WHOIS], loginEmailAddress=null, visibleInWhoisAsAdmin=true, visibleInWhoisAsTech=false, visibleInDomainWhoisAsAbuse=false, allowedToSetRegistryLockPassword=false},
-        {name=Marla Singer, emailAddress=Marla.Singer@crr.com, registrarId=TheRegistrar, registryLockEmailAddress=Marla.Singer.RegistryLock@crr.com, phoneNumber=+1.2128675309, faxNumber=null, types=[TECH], gaeUserId=12345, visibleInWhoisAsAdmin=false, visibleInWhoisAsTech=false, visibleInDomainWhoisAsAbuse=false, allowedToSetRegistryLockPassword=false}
+        {name=Marla Singer, emailAddress=Marla.Singer@crr.com, registrarId=TheRegistrar, registryLockEmailAddress=Marla.Singer.RegistryLock@crr.com, phoneNumber=+1.2128675309, faxNumber=null, types=[TECH], loginEmailAddress=Marla.Singer@crr.com, visibleInWhoisAsAdmin=false, visibleInWhoisAsTech=false, visibleInDomainWhoisAsAbuse=false, allowedToSetRegistryLockPassword=false}

db/src/main/resources/sql/schema/db-schema.sql.generated

@@ -614,7 +614,7 @@
         registrar_id text not null,
         allowed_to_set_registry_lock_password boolean not null,
         fax_number text,
-        gae_user_id text,
+        login_email_address text,
         name text,
         phone_number text,
         registry_lock_email_address text,
@@ -828,7 +828,7 @@ create index IDXaydgox62uno9qx8cjlj5lauye on "PollMessage" (event_time);
 create index premiumlist_name_idx on "PremiumList" (name);
 create index registrar_name_idx on "Registrar" (registrar_name);
 create index registrar_iana_identifier_idx on "Registrar" (iana_identifier);
-create index registrarpoc_gae_user_id_idx on "RegistrarPoc" (gae_user_id);
+create index registrarpoc_login_email_idx on "RegistrarPoc" (login_email_address);
 create index idx_registry_lock_verification_code on "RegistryLock" (verification_code);
 create index idx_registry_lock_registrar_id on "RegistryLock" (registrar_id);