Make the superuser flag bypass TLD access checks

The --superuser command in the nomulus command-line tool should be bypassing checks on whether the passed-in registrar client ID has access to the TLD in question, but currently it is not. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=158974462
2025-08-05 09:21:49 +02:00 · 2017-06-14 07:14:19 -07:00 · 2017-06-14 07:14:19 -07:00 · 580c41f2d6
commit 580c41f2d6
parent 3a02e6fb11
26 changed files with 223 additions and 38 deletions
--- a/javatests/google/registry/flows/domain/ClaimsCheckFlowTest.java
+++ b/javatests/google/registry/flows/domain/ClaimsCheckFlowTest.java
@ -31,7 +31,6 @@ import google.registry.model.domain.DomainResource;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registry.Registry;
 import google.registry.model.registry.Registry.TldState;
-import google.registry.testing.DatastoreHelper;
 import org.junit.Before;
 import org.junit.Test;

@ -81,7 +80,6 @@ public class ClaimsCheckFlowTest extends ResourceFlowTestCase<ClaimsCheckFlow, D
    doSuccessfulTest("domain_check_claims_response.xml");
  }

-
  @Test
  public void testSuccess_multipleTlds() throws Exception {
    setEppInput("domain_check_claims_multiple_tlds.xml");
@ -115,7 +113,7 @@ public class ClaimsCheckFlowTest extends ResourceFlowTestCase<ClaimsCheckFlow, D

  @Test
  public void testFailure_notAuthorizedForTld() throws Exception {
-    DatastoreHelper.persistResource(
+    persistResource(
        Registrar.loadByClientId("TheRegistrar")
            .asBuilder()
            .setAllowedTlds(ImmutableSet.<String>of())
@ -124,6 +122,22 @@ public class ClaimsCheckFlowTest extends ResourceFlowTestCase<ClaimsCheckFlow, D
    runFlow();
  }

+  @Test
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    persistClaimsList(
+        ImmutableMap.of("example2", "2013041500/2/6/9/rJ1NrDO92vDsAzf7EQzgjX4R0000000001"));
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
+    assertTransactionalFlow(false);
+    assertNoHistory();  // Checks don't create a history event.
+    assertNoBillingEvents();  // Checks are always free.
+    runFlowAssertResponse(
+        CommitMode.LIVE, UserPrivileges.SUPERUSER, readFile("domain_check_claims_response.xml"));
+  }
+
  @Test
  public void testFailure_predelgation() throws Exception {
    createTld("tld", TldState.PREDELEGATION);
--- a/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java
@ -1131,6 +1131,17 @@ public class DomainApplicationCreateFlowTest
    runSuperuserFlow("domain_create_sunrush_response.xml");
  }

+  @Test
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    DatastoreHelper.persistResource(Registrar.loadByClientId("TheRegistrar")
+        .asBuilder()
+        .setAllowedTlds(ImmutableSet.<String>of())
+        .build());
+    persistContactsAndHosts();
+    clock.advanceOneMilli();
+    runSuperuserFlow("domain_create_sunrise_encoded_signed_mark_response.xml");
+  }
+
  @Test
  public void testSuccess_superuserSunrush() throws Exception {
    createTld("tld", TldState.SUNRUSH);
--- a/javatests/google/registry/flows/domain/DomainApplicationDeleteFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainApplicationDeleteFlowTest.java
@ -150,6 +150,16 @@ public class DomainApplicationDeleteFlowTest
    runFlow();
  }

+  @Test
+  public void testSuccess_superuserUnauthorizedClient() throws Exception {
+    sessionMetadata.setClientId("NewRegistrar");
+    persistResource(
+        newDomainApplication("example.tld").asBuilder().setRepoId("1-TLD").build());
+    clock.advanceOneMilli();
+    runFlowAssertResponse(
+        CommitMode.LIVE, UserPrivileges.SUPERUSER, readFile("domain_delete_response.xml"));
+  }
+
  @Test
  public void testFailure_notAuthorizedForTld() throws Exception {
    persistResource(
@ -162,12 +172,16 @@ public class DomainApplicationDeleteFlowTest
    thrown.expect(NotAuthorizedForTldException.class);
    runFlow();
  }
-
+  
  @Test
-  public void testSuccess_superuserUnauthorizedClient() throws Exception {
-    sessionMetadata.setClientId("NewRegistrar");
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
    persistResource(
        newDomainApplication("example.tld").asBuilder().setRepoId("1-TLD").build());
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
    clock.advanceOneMilli();
    runFlowAssertResponse(
        CommitMode.LIVE, UserPrivileges.SUPERUSER, readFile("domain_delete_response.xml"));
--- a/javatests/google/registry/flows/domain/DomainApplicationUpdateFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainApplicationUpdateFlowTest.java
@ -562,6 +562,16 @@ public class DomainApplicationUpdateFlowTest
    runFlow();
  }

+  @Test
+  public void testSuccess_superuserUnauthorizedClient() throws Exception {
+    sessionMetadata.setClientId("NewRegistrar");
+    persistReferencedEntities();
+    persistApplication();
+    clock.advanceOneMilli();
+    runFlowAssertResponse(
+        CommitMode.LIVE, UserPrivileges.SUPERUSER, readFile("domain_update_response.xml"));
+  }
+
  @Test
  public void testFailure_notAuthorizedForTld() throws Exception {
    persistResource(
@ -574,10 +584,14 @@ public class DomainApplicationUpdateFlowTest
    thrown.expect(NotAuthorizedForTldException.class);
    runFlow();
  }
-
+  
  @Test
-  public void testSuccess_superuserUnauthorizedClient() throws Exception {
-    sessionMetadata.setClientId("NewRegistrar");
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
    persistReferencedEntities();
    persistApplication();
    clock.advanceOneMilli();
--- a/javatests/google/registry/flows/domain/DomainCheckFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainCheckFlowTest.java
@ -294,6 +294,18 @@ public class DomainCheckFlowTest
    runFlow();
  }

+  @Test
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    persistActiveDomain("example2.tld");
+    DatastoreHelper.persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
+    runFlowAssertResponse(
+        CommitMode.LIVE, UserPrivileges.SUPERUSER, readFile("domain_check_one_tld_response.xml"));
+  }
+
  private void doFailingBadLabelTest(String label, Class<? extends Exception> expectedException)
      throws Exception {
    setEppInput("domain_check_template.xml", ImmutableMap.of("LABEL", label));
--- a/javatests/google/registry/flows/domain/DomainDeleteFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainDeleteFlowTest.java
@ -678,6 +678,15 @@ public class DomainDeleteFlowTest extends ResourceFlowTestCase<DomainDeleteFlow,
    runFlow();
  }

+  @Test
+  public void testSuccess_superuserUnauthorizedClient() throws Exception {
+    sessionMetadata.setClientId("NewRegistrar");
+    setupSuccessfulTest();
+    clock.advanceOneMilli();
+    runFlowAssertResponse(
+        CommitMode.LIVE, UserPrivileges.SUPERUSER, readFile("domain_delete_response_pending.xml"));
+  }
+
  @Test
  public void testFailure_notAuthorizedForTld() throws Exception {
    setupSuccessfulTest();
@ -691,9 +700,13 @@ public class DomainDeleteFlowTest extends ResourceFlowTestCase<DomainDeleteFlow,
  }

  @Test
-  public void testSuccess_superuserUnauthorizedClient() throws Exception {
-    sessionMetadata.setClientId("NewRegistrar");
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
    setupSuccessfulTest();
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
    clock.advanceOneMilli();
    runFlowAssertResponse(
        CommitMode.LIVE, UserPrivileges.SUPERUSER, readFile("domain_delete_response_pending.xml"));
--- a/javatests/google/registry/flows/domain/DomainRenewFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainRenewFlowTest.java
@ -611,6 +611,14 @@ public class DomainRenewFlowTest extends ResourceFlowTestCase<DomainRenewFlow, D
    runFlow();
  }

+  @Test
+  public void testSuccess_superuserUnauthorizedClient() throws Exception {
+    sessionMetadata.setClientId("NewRegistrar");
+    persistDomain();
+    runFlowAssertResponse(
+        CommitMode.LIVE, UserPrivileges.SUPERUSER, readFile("domain_renew_response.xml"));
+  }
+
  @Test
  public void testFailure_notAuthorizedForTld() throws Exception {
    persistResource(
@ -624,8 +632,12 @@ public class DomainRenewFlowTest extends ResourceFlowTestCase<DomainRenewFlow, D
  }

  @Test
-  public void testSuccess_superuserUnauthorizedClient() throws Exception {
-    sessionMetadata.setClientId("NewRegistrar");
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
    persistDomain();
    runFlowAssertResponse(
        CommitMode.LIVE, UserPrivileges.SUPERUSER, readFile("domain_renew_response.xml"));
--- a/javatests/google/registry/flows/domain/DomainRestoreRequestFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainRestoreRequestFlowTest.java
@ -494,6 +494,14 @@ public class DomainRestoreRequestFlowTest extends
    runFlow();
  }

+  @Test
+  public void testSuccess_superuserUnauthorizedClient() throws Exception {
+    sessionMetadata.setClientId("NewRegistrar");
+    persistPendingDeleteDomain();
+    thrown.expect(ResourceNotOwnedException.class);
+    runFlowAssertResponse(readFile("domain_update_response.xml"));
+  }
+
  @Test
  public void testFailure_notAuthorizedForTld() throws Exception {
    persistResource(
@ -507,11 +515,17 @@ public class DomainRestoreRequestFlowTest extends
  }

  @Test
-  public void testSuccess_superuserUnauthorizedClient() throws Exception {
-    sessionMetadata.setClientId("NewRegistrar");
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
    persistPendingDeleteDomain();
-    thrown.expect(ResourceNotOwnedException.class);
-    runFlowAssertResponse(readFile("domain_update_response.xml"));
+    runFlowAssertResponse(
+        CommitMode.LIVE,
+        UserPrivileges.SUPERUSER,
+        readFile("domain_update_response.xml"));
  }

  @Test
--- a/javatests/google/registry/flows/domain/DomainTransferApproveFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainTransferApproveFlowTest.java
@ -423,6 +423,19 @@ public class DomainTransferApproveFlowTest
    doSuccessfulTest("tld", "domain_transfer_approve.xml", "domain_transfer_approve_response.xml");
  }

+  @Test
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
+    runFlowAssertResponse(
+        CommitMode.LIVE,
+        UserPrivileges.SUPERUSER,
+        readFile("domain_transfer_approve_response.xml"));
+  }
+
  // NB: No need to test pending delete status since pending transfers will get cancelled upon
  // entering pending delete phase. So it's already handled in that test case.

--- a/javatests/google/registry/flows/domain/DomainTransferCancelFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainTransferCancelFlowTest.java
@ -299,6 +299,20 @@ public class DomainTransferCancelFlowTest
    doSuccessfulTest("domain_transfer_cancel.xml", "domain_transfer_cancel_response.xml");
  }

+  @Test
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    persistResource(
+        Registrar.loadByClientId("NewRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
+    clock.advanceOneMilli();
+    runFlowAssertResponse(
+        CommitMode.LIVE,
+        UserPrivileges.SUPERUSER,
+        readFile("domain_transfer_cancel_response.xml"));
+  }
+
  // NB: No need to test pending delete status since pending transfers will get cancelled upon
  // entering pending delete phase. So it's already handled in that test case.

--- a/javatests/google/registry/flows/domain/DomainTransferRejectFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainTransferRejectFlowTest.java
@ -166,6 +166,19 @@ public class DomainTransferRejectFlowTest
    doSuccessfulTest("domain_transfer_reject.xml", "domain_transfer_reject_response.xml");
  }

+  @Test
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
+    runFlowAssertResponse(
+        CommitMode.LIVE,
+        UserPrivileges.SUPERUSER,
+        readFile("domain_transfer_reject_response.xml"));
+  }
+
  @Test
  public void testFailure_badContactPassword() throws Exception {
    // Change the contact's password so it does not match the password in the file.
--- a/javatests/google/registry/flows/domain/DomainTransferRequestFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainTransferRequestFlowTest.java
@ -571,6 +571,19 @@ public class DomainTransferRequestFlowTest
    doSuccessfulTest("domain_transfer_request.xml", "domain_transfer_request_response.xml");
  }

+  @Test
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    setupDomain("example", "tld");
+    persistResource(
+        Registrar.loadByClientId("NewRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
+    clock.advanceOneMilli();
+    // We don't verify the results; just check that the flow doesn't fail.
+    runTest("domain_transfer_request.xml", UserPrivileges.SUPERUSER);
+  }
+
  @Test
  public void testSuccess_autorenewGraceActive_onlyAtTransferRequestTime() throws Exception {
    setupDomain("example", "tld");
--- a/javatests/google/registry/flows/domain/DomainUpdateFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainUpdateFlowTest.java
@ -961,6 +961,16 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
    runFlow();
  }

+  @Test
+  public void testSuccess_superuserUnauthorizedClient() throws Exception {
+    sessionMetadata.setClientId("NewRegistrar");
+    persistReferencedEntities();
+    persistDomain();
+    clock.advanceOneMilli();
+    runFlowAssertResponse(
+        CommitMode.LIVE, UserPrivileges.SUPERUSER, readFile("domain_update_response.xml"));
+  }
+
  @Test
  public void testFailure_notAuthorizedForTld() throws Exception {
    persistResource(
@ -975,8 +985,12 @@ public class DomainUpdateFlowTest extends ResourceFlowTestCase<DomainUpdateFlow,
  }

  @Test
-  public void testSuccess_superuserUnauthorizedClient() throws Exception {
-    sessionMetadata.setClientId("NewRegistrar");
+  public void testSuccess_superuserNotAuthorizedForTld() throws Exception {
+    persistResource(
+        Registrar.loadByClientId("TheRegistrar")
+            .asBuilder()
+            .setAllowedTlds(ImmutableSet.<String>of())
+            .build());
    persistReferencedEntities();
    persistDomain();
    clock.advanceOneMilli();