Use AuthenticatedRegistrarAccessor in EppConsoleAction

EppConsoleAction still "manually" checks access by going over the
RegistrarContacts. We need it to use AuthenticatedRegistrarAccessor just like
every other part of the registrar console.

We still need to remove the (now unneeded) login EPP sent by the console, but that's left for a followup CL.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=222404208

java/google/registry/flows/EppConsoleAction.java

@@ -15,10 +15,13 @@
 package google.registry.flows;
 
 import com.google.appengine.api.users.UserService;
+import google.registry.model.eppcommon.ProtocolDefinition;
 import google.registry.request.Action;
 import google.registry.request.Action.Method;
+import google.registry.request.Parameter;
 import google.registry.request.Payload;
 import google.registry.request.auth.Auth;
+import google.registry.request.auth.AuthenticatedRegistrarAccessor;
 import javax.inject.Inject;
 import javax.servlet.http.HttpSession;
 
@@ -34,13 +37,16 @@ public class EppConsoleAction implements Runnable {
   @Inject HttpSession session;
   @Inject EppRequestHandler eppRequestHandler;
   @Inject UserService userService;
+  @Inject AuthenticatedRegistrarAccessor registrarAccessor;
+  @Inject @Parameter("clientId") String clientId;
   @Inject EppConsoleAction() {}
 
   @Override
   public void run() {
     eppRequestHandler.executeEpp(
-        new HttpSessionMetadata(session),
-        GaeUserCredentials.forCurrentUser(userService),
+        new StatelessRequestSessionMetadata(clientId,
+            ProtocolDefinition.getVisibleServiceExtensionUris()),
+        new GaeUserCredentials(registrarAccessor),
         EppRequestSource.CONSOLE,
         false,  // This endpoint is never a dry run.
         false,  // This endpoint is never a superuser.