Don't destroy existing registry lock passwords in contacts (#317)

* Don't destroy existing registry lock passwords in contacts The existing code assumes that the "contacts" segment of the form contains an exact representation of the registrar contacts. This breaks when we have a contact with an existing registry lock password because we don't want to keep passing around that password in plain text (we never store it in plain text) This PR changes the code so that instead of assuming the contact is provided in its entirety, we load the contact from storage first (matching by email address) if it exists. We then set the required fields from the JSON object, and set the password optionally if it was provided. Alternatives: - Create a separate RegistrarContactPassword object with a RegistrarContact parent. This increases complexity significantly since we'd be adding a parent-child relationship and adding more objects to Datastore during the transition to SQL. It also doesn't completely solve the problem of "When should we set the password?" because the password field still must be part of the same form. - Rearrange the UI so that the password is set as part of a completely separate form with a separate submit action. This would be possible but is sub-optimal for two reasons. First, we are trying to not re-engineer the web console as much as possible since we're likely starting it from scratch before too long anyway. Second, we want the lock-password-setting to be part of the standard contact modification workflow. * Responses to CR * Actually we need to allow "removal" of fields * Remove optional * one-statement building the contacts
2025-07-10 05:03:24 +02:00 · 2019-10-24 20:18:37 -04:00 · 2019-10-24 20:18:37 -04:00 · 53c0be6537
commit 53c0be6537
parent 63bb2dd79b
3 changed files with 103 additions and 53 deletions
--- a/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java
+++ b/core/src/test/java/google/registry/ui/server/registrar/ContactSettingsTest.java
@ -188,6 +188,33 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {

  @Test
  public void testSuccess_setRegistryLockPassword() {
+    addPasswordToTechContact();
+    techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
+    assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue();
+    assertMetric(CLIENT_ID, "update", "[OWNER]", "SUCCESS");
+  }
+
+  @Test
+  public void testSuccess_setRegistryLockPassword_notOverriddenLater() {
+    addPasswordToTechContact();
+    techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
+    assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue();
+
+    techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
+    Map<String, Object> techContactMap = techContact.toJsonMap();
+    techContactMap.put("name", "Some Other Name");
+    Map<String, Object> reqJson = loadRegistrar(CLIENT_ID).toJsonMap();
+    reqJson.put(
+        "contacts",
+        ImmutableList.of(AppEngineRule.makeRegistrarContact2().toJsonMap(), techContactMap));
+    Map<String, Object> response =
+        action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson));
+    assertThat(response).containsAtLeastEntriesIn(ImmutableMap.of("status", "SUCCESS"));
+    techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
+    assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue();
+  }
+
+  private void addPasswordToTechContact() {
    techContact =
        persistResource(techContact.asBuilder().setAllowedToSetRegistryLockPassword(true).build());
    Map<String, Object> contactMap = techContact.toJsonMap();
@ -199,9 +226,6 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
    Map<String, Object> response =
        action.handleJsonRequest(ImmutableMap.of("op", "update", "id", CLIENT_ID, "args", reqJson));
    assertThat(response).containsAtLeastEntriesIn(ImmutableMap.of("status", "SUCCESS"));
-    techContact = Iterables.getOnlyElement(loadRegistrar(CLIENT_ID).getContactsOfType(Type.TECH));
-    assertThat(techContact.verifyRegistryLockPassword("hi")).isTrue();
-    assertMetric(CLIENT_ID, "update", "[OWNER]", "SUCCESS");
  }

  @Test
@ -275,7 +299,7 @@ public class ContactSettingsTest extends RegistrarSettingsActionTestCase {
            "results",
            ImmutableList.of(),
            "message",
-            "Registrar contact not allowed to set registry lock password");
+            "Cannot set isAllowedToSetRegistryLockPassword through UI");
    assertMetric(CLIENT_ID, "update", "[OWNER]", "ERROR: FormException");
  }
 }