Add base AllocationToken validation logic for domain checks

Next up is adding custom logic so that the results of these checks can be more meaningful. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=181660956
2025-05-28 09:50:57 +02:00 · 2018-01-11 14:16:25 -08:00 · 2018-01-11 14:16:25 -08:00 · 5726f1dc4e
commit 5726f1dc4e
parent 716ba726fc
12 changed files with 266 additions and 38 deletions
--- a/java/google/registry/flows/domain/AllocationTokenFlowUtils.java
+++ b/java/google/registry/flows/domain/AllocationTokenFlowUtils.java
@ -16,6 +16,7 @@ package google.registry.flows.domain;

 import static google.registry.model.ofy.ObjectifyService.ofy;

+import com.google.common.collect.ImmutableMap;
 import com.google.common.net.InternetDomainName;
 import com.googlecode.objectify.Key;
 import google.registry.flows.EppException;
@ -24,6 +25,8 @@ import google.registry.flows.EppException.ParameterValueSyntaxErrorException;
 import google.registry.model.domain.AllocationToken;
 import google.registry.model.registry.Registry;
 import google.registry.model.reporting.HistoryEntry;
+import java.util.List;
+import java.util.function.Function;

 /** Static utility functions for dealing with {@link AllocationToken}s in domain flows. */
 public class AllocationTokenFlowUtils {
@ -47,6 +50,31 @@ public class AllocationTokenFlowUtils {
    return tokenEntity;
  }

+  /**
+   * Checks if the allocation token applies to the given domain names, used for domain checks.
+   *
+   * @return A map of domain names to domain check error response messages. If a message is present
+   *     for a a given domain then it does not validate with this allocation token; domains that do
+   *     validate are not present in the map.
+   */
+  static ImmutableMap<String, String> checkDomainsWithToken(
+      List<String> domainNames, String token, String clientId) {
+    AllocationToken tokenEntity = ofy().load().key(Key.create(AllocationToken.class, token)).now();
+    String result;
+    if (tokenEntity == null) {
+      result = new InvalidAllocationTokenException().getMessage();
+    } else if (tokenEntity.isRedeemed()) {
+      result = AlreadyRedeemedAllocationTokenException.ERROR_MSG_SHORT;
+    } else {
+      return ImmutableMap.of();
+    }
+    // TODO(b/70628322): For now all checks yield the same result, but custom logic will soon allow
+    // them to differ, e.g. if tokens can only be used on certain TLDs.
+    return domainNames
+        .stream()
+        .collect(ImmutableMap.toImmutableMap(Function.identity(), domainName -> result));
+  }
+
  /** Redeems an {@link AllocationToken}, returning the redeemed copy. */
  static AllocationToken redeemToken(
      AllocationToken token, Key<HistoryEntry> redemptionHistoryEntry) {
@ -56,8 +84,14 @@ public class AllocationTokenFlowUtils {
  /** The allocation token was already redeemed. */
  static class AlreadyRedeemedAllocationTokenException
      extends AssociationProhibitsOperationException {
+
+    public static final String ERROR_MSG_LONG = "The allocation token was already redeemed";
+
+    /** A short error message fitting within 32 characters for use in domain check responses. */
+    public static final String ERROR_MSG_SHORT = "Alloc token was already redeemed";
+
    public AlreadyRedeemedAllocationTokenException() {
-      super("The allocation token was already redeemed");
+      super(ERROR_MSG_LONG);
    }
  }

--- a/java/google/registry/flows/domain/DomainCheckFlow.java
+++ b/java/google/registry/flows/domain/DomainCheckFlow.java
@ -16,6 +16,7 @@ package google.registry.flows.domain;

 import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
 import static google.registry.flows.ResourceFlowUtils.verifyTargetIdCount;
+import static google.registry.flows.domain.AllocationTokenFlowUtils.checkDomainsWithToken;
 import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
 import static google.registry.flows.domain.DomainFlowUtils.getReservationTypes;
 import static google.registry.flows.domain.DomainFlowUtils.handleFeeRequest;
@ -146,13 +147,21 @@ public final class DomainCheckFlow implements Flow {
    customLogic.afterValidation(
        DomainCheckFlowCustomLogic.AfterValidationParameters.newBuilder()
            .setDomainNames(domainNames)
-            // TODO: Use as of date from fee extension v0.12 instead of now, if specificed.
+            // TODO: Use as of date from fee extension v0.12 instead of now, if specified.
            .setAsOfDate(now)
            .build());
    Set<String> existingIds = checkResourcesExist(DomainResource.class, targetIds, now);
+    AllocationTokenExtension allocationTokenExtension =
+        eppInput.getSingleExtension(AllocationTokenExtension.class);
+    ImmutableMap<String, String> tokenCheckResults =
+        (allocationTokenExtension == null)
+            ? ImmutableMap.of()
+            : checkDomainsWithToken(
+                targetIds, allocationTokenExtension.getAllocationToken(), clientId);
    ImmutableList.Builder<DomainCheck> checks = new ImmutableList.Builder<>();
    for (String targetId : targetIds) {
-      Optional<String> message = getMessageForCheck(domainNames.get(targetId), existingIds, now);
+      Optional<String> message =
+          getMessageForCheck(domainNames.get(targetId), existingIds, tokenCheckResults, now);
      checks.add(DomainCheck.create(!message.isPresent(), targetId, message.orElse(null)));
    }
    BeforeResponseReturnData responseData =
@ -169,7 +178,10 @@ public final class DomainCheckFlow implements Flow {
  }

  private Optional<String> getMessageForCheck(
-      InternetDomainName domainName, Set<String> existingIds, DateTime now) {
+      InternetDomainName domainName,
+      Set<String> existingIds,
+      ImmutableMap<String, String> tokenCheckResults,
+      DateTime now) {
    if (existingIds.contains(domainName.toString())) {
      return Optional.of("In use");
    }
@ -187,10 +199,12 @@ public final class DomainCheckFlow implements Flow {
        && eppInput.getSingleExtension(FeeCheckCommandExtension.class) == null) {
      return Optional.of("Premium names require EPP ext.");
    }
-
-    return reservationTypes.isEmpty()
-        ? Optional.empty()
-        : Optional.of(getTypeOfHighestSeverity(reservationTypes).getMessageForCheck());
+    if (!reservationTypes.isEmpty()) {
+      return Optional.of(getTypeOfHighestSeverity(reservationTypes).getMessageForCheck());
+    }
+    return tokenCheckResults.containsKey(domainName.toString())
+        ? Optional.of(tokenCheckResults.get(domainName.toString()))
+        : Optional.empty();
  }

  /** Handle the fee check extension. */
--- a/java/google/registry/flows/domain/DomainClaimsCheckFlow.java
+++ b/java/google/registry/flows/domain/DomainClaimsCheckFlow.java
@ -39,6 +39,8 @@ import google.registry.model.domain.launch.LaunchCheckExtension;
 import google.registry.model.domain.launch.LaunchCheckResponseExtension;
 import google.registry.model.domain.launch.LaunchCheckResponseExtension.LaunchCheck;
 import google.registry.model.domain.launch.LaunchCheckResponseExtension.LaunchCheckName;
+import google.registry.model.domain.token.AllocationTokenExtension;
+import google.registry.model.eppinput.EppInput;
 import google.registry.model.eppinput.ResourceCommand;
 import google.registry.model.eppoutput.EppResponse;
 import google.registry.model.registry.Registry;
@ -61,11 +63,13 @@ import org.joda.time.DateTime;
 * @error {@link DomainFlowUtils.NotAuthorizedForTldException}
 * @error {@link DomainFlowUtils.TldDoesNotExistException}
 * @error {@link DomainClaimsCheckNotAllowedInSunrise}
+ * @error {@link DomainClaimsCheckNotAllowedWithAllocationTokens}
 */
@ReportingSpec(ActivityReportField.DOMAIN_CHECK)  // Claims check is a special domain check.
 public final class DomainClaimsCheckFlow implements Flow {

  @Inject ExtensionManager extensionManager;
+  @Inject EppInput eppInput;
  @Inject ResourceCommand resourceCommand;
  @Inject @ClientId String clientId;
  @Inject @Superuser boolean isSuperuser;
@ -78,9 +82,12 @@ public final class DomainClaimsCheckFlow implements Flow {

  @Override
  public EppResponse run() throws EppException {
-    extensionManager.register(LaunchCheckExtension.class);
+    extensionManager.register(LaunchCheckExtension.class, AllocationTokenExtension.class);
    extensionManager.validate();
    validateClientIsLoggedIn(clientId);
+    if (eppInput.getSingleExtension(AllocationTokenExtension.class) != null) {
+      throw new DomainClaimsCheckNotAllowedWithAllocationTokens();
+    }
    List<String> targetIds = ((Check) resourceCommand).getTargetIds();
    verifyTargetIdCount(targetIds, maxChecks);
    Set<String> seenTlds = new HashSet<>();
@ -118,4 +125,11 @@ public final class DomainClaimsCheckFlow implements Flow {
      super("Claims checks are not allowed during sunrise");
    }
  }
+
+  /** Claims checks are not allowed with allocation tokens. */
+  static class DomainClaimsCheckNotAllowedWithAllocationTokens extends CommandUseErrorException {
+    public DomainClaimsCheckNotAllowedWithAllocationTokens() {
+      super("Claims checks are not allowed with allocation tokens");
+    }
+  }
 }