zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-08-05 09:21:49 +02:00
Code Issues Projects Releases Packages Wiki Activity

Move AuthenticatedRegistrarAccessor to request/auth/

Browse source 
It is starting to be used in more places than just ur/server/registrar. Even now it's used in the RDAP, and we are going to start using it for the registrar-xhr endpoint meaning it will be used in EPP flows as well.

Also logically - this is part of the request authentication.

While moving - we also refactor it to make it easier to use in tests. Instead of mocking, we will be able to create instances with arbitrary roles.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=221645055
This commit is contained in:
guyben 2018-11-15 10:19:02 -08:00 committed by jianglai
parent b317aab22f
commit 6586460f3e
15 changed files with 173 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

4
javatests/google/registry/rdap/RdapActionBaseTestCase.java
View file

@ -19,7 +19,7 @@ import static google.registry.rdap.RdapAuthorization.Role.PUBLIC;
import static google.registry.rdap.RdapAuthorization.Role.REGISTRAR;
import static google.registry.request.Action.Method.GET;
import static google.registry.request.Action.Method.HEAD;
import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.Role.OWNER;
import static google.registry.request.auth.AuthenticatedRegistrarAccessor.Role.OWNER;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@ -29,12 +29,12 @@ import google.registry.model.ofy.Ofy;
import google.registry.request.Action;
import google.registry.request.auth.AuthLevel;
import google.registry.request.auth.AuthResult;
import google.registry.request.auth.AuthenticatedRegistrarAccessor;
import google.registry.request.auth.UserAuthInfo;
import google.registry.testing.AppEngineRule;
import google.registry.testing.FakeClock;
import google.registry.testing.FakeResponse;
import google.registry.testing.InjectRule;
import google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor;
import google.registry.util.TypeUtils;
import java.util.Optional;
import org.joda.time.DateTime;

86
javatests/google/registry/ui/server/registrar/AuthenticatedRegistrarAccessorTest.java → javatests/google/registry/request/auth/AuthenticatedRegistrarAccessorTest.java
View file

@ -12,16 +12,16 @@
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.ui.server.registrar;
package google.registry.request.auth;
import static com.google.common.truth.Truth.assertThat;
import static google.registry.request.auth.AuthenticatedRegistrarAccessor.Role.ADMIN;
import static google.registry.request.auth.AuthenticatedRegistrarAccessor.Role.OWNER;
import static google.registry.testing.AppEngineRule.THE_REGISTRAR_GAE_USER_ID;
import static google.registry.testing.DatastoreHelper.loadRegistrar;
import static google.registry.testing.DatastoreHelper.persistResource;
import static google.registry.testing.JUnitBackports.assertThrows;
import static google.registry.testing.LogsSubject.assertAboutLogs;
import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.Role.ADMIN;
import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.Role.OWNER;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
@ -33,10 +33,7 @@ import com.google.common.flogger.LoggerConfig;
import com.google.common.testing.NullPointerTester;
import com.google.common.testing.TestLogHandler;
import google.registry.groups.GroupsConnection;
import google.registry.request.HttpException.ForbiddenException;
import google.registry.request.auth.AuthLevel;
import google.registry.request.auth.AuthResult;
import google.registry.request.auth.UserAuthInfo;
import google.registry.request.auth.AuthenticatedRegistrarAccessor.RegistrarAccessDeniedException;
import google.registry.testing.AppEngineRule;
import google.registry.testing.InjectRule;
import java.util.logging.Level;
@ -76,7 +73,8 @@ public class AuthenticatedRegistrarAccessorTest {
UserAuthInfo.create(
new User(
String.format(
"%s_%s@gmail.com", isAuthorized ? "good" : "evil", isAdmin ? "admin" : "user"),
"%s_%s@gmail.com",
isAuthorized ? "auth" : "unauth", isAdmin ? "admin" : "user"),
"gmail.com",
isAuthorized ? THE_REGISTRAR_GAE_USER_ID : "badGaeUserId"),
isAdmin));
@ -94,12 +92,6 @@ public class AuthenticatedRegistrarAccessorTest {
LoggerConfig.getConfig(AuthenticatedRegistrarAccessor.class).removeHandler(testLogHandler);
}
private String formatMessage(String message, AuthResult authResult, String clientId) {
return message
.replace("{user}", authResult.userIdForLogging())
.replace("{clientId}", String.valueOf(clientId));
}
/** Users only have access to the registrars they are a contact for. */
@Test
public void getAllClientIdWithAccess_authorizedUser() {
@ -114,7 +106,7 @@ public class AuthenticatedRegistrarAccessorTest {
/** Users in support group have admin access to everything. */
@Test
public void getAllClientIdWithAccess_authorizedUser_isSupportGroup() {
when(groupsConnection.isMemberOfGroup("good_user@gmail.com", SUPPORT_GROUP)).thenReturn(true);
when(groupsConnection.isMemberOfGroup("auth_user@gmail.com", SUPPORT_GROUP)).thenReturn(true);
AuthenticatedRegistrarAccessor registrarAccessor =
new AuthenticatedRegistrarAccessor(
AUTHORIZED_USER, ADMIN_CLIENT_ID, SUPPORT_GROUP, groupsConnection);
@ -149,7 +141,7 @@ public class AuthenticatedRegistrarAccessorTest {
/** Unauthorized users who are in support group have admin access. */
@Test
public void getAllClientIdWithAccess_unauthorizedUser_inSupportGroup() {
when(groupsConnection.isMemberOfGroup("evil_user@gmail.com", SUPPORT_GROUP)).thenReturn(true);
when(groupsConnection.isMemberOfGroup("unauth_user@gmail.com", SUPPORT_GROUP)).thenReturn(true);
AuthenticatedRegistrarAccessor registrarAccessor =
new AuthenticatedRegistrarAccessor(
UNAUTHORIZED_USER, ADMIN_CLIENT_ID, SUPPORT_GROUP, groupsConnection);
@ -179,7 +171,7 @@ public class AuthenticatedRegistrarAccessorTest {
new AuthenticatedRegistrarAccessor(
AUTHORIZED_USER, ADMIN_CLIENT_ID, SUPPORT_GROUP, groupsConnection);
verify(groupsConnection).isMemberOfGroup("good_user@gmail.com", SUPPORT_GROUP);
verify(groupsConnection).isMemberOfGroup("auth_user@gmail.com", SUPPORT_GROUP);
assertThat(registrarAccessor.getAllClientIdWithRoles())
.containsExactly(DEFAULT_CLIENT_ID, OWNER);
}
@ -223,34 +215,39 @@ public class AuthenticatedRegistrarAccessorTest {
expectGetRegistrarFailure(
DEFAULT_CLIENT_ID,
UNAUTHORIZED_USER,
"{user} doesn't have access to registrar {clientId}");
"user unauth_user@gmail.com doesn't have access to registrar TheRegistrar");
}
/** Fail loading registrar if there's no user associated with the request. */
@Test
public void testGetRegistrarForUser_noUser() {
expectGetRegistrarFailure(DEFAULT_CLIENT_ID, NO_USER, "Not logged in");
expectGetRegistrarFailure(
DEFAULT_CLIENT_ID,
NO_USER,
"<logged-out user> doesn't have access to registrar TheRegistrar");
}
/** Succeed loading registrar if user has access to it. */
@Test
public void testGetRegistrarForUser_hasAccess_isNotAdmin() {
public void testGetRegistrarForUser_hasAccess_isNotAdmin() throws Exception {
expectGetRegistrarSuccess(
AUTHORIZED_USER, "{user} has [OWNER] access to registrar {clientId}");
AUTHORIZED_USER, "user auth_user@gmail.com has [OWNER] access to registrar TheRegistrar");
}
/** Succeed loading registrar if admin with access. */
@Test
public void testGetRegistrarForUser_hasAccess_isAdmin() {
public void testGetRegistrarForUser_hasAccess_isAdmin() throws Exception {
expectGetRegistrarSuccess(
AUTHORIZED_ADMIN, "{user} has [OWNER, ADMIN] access to registrar {clientId}");
AUTHORIZED_ADMIN,
"admin auth_admin@gmail.com has [OWNER, ADMIN] access to registrar TheRegistrar");
}
/** Succeed loading registrar for admin even if they aren't on the approved contacts list. */
@Test
public void testGetRegistrarForUser_noAccess_isAdmin() {
public void testGetRegistrarForUser_noAccess_isAdmin() throws Exception {
expectGetRegistrarSuccess(
UNAUTHORIZED_ADMIN, "{user} has [ADMIN] access to registrar {clientId}.");
UNAUTHORIZED_ADMIN,
"admin unauth_admin@gmail.com has [ADMIN] access to registrar TheRegistrar.");
}
/** Fail loading registrar even if admin, if registrar doesn't exist. */
@ -259,20 +256,17 @@ public class AuthenticatedRegistrarAccessorTest {
expectGetRegistrarFailure(
"BadClientId",
AUTHORIZED_ADMIN,
"{user} doesn't have access to registrar {clientId}");
"admin auth_admin@gmail.com doesn't have access to registrar BadClientId");
}
private void expectGetRegistrarSuccess(
AuthResult authResult, String message) {
private void expectGetRegistrarSuccess(AuthResult authResult, String message) throws Exception {
AuthenticatedRegistrarAccessor registrarAccessor =
new AuthenticatedRegistrarAccessor(
authResult, ADMIN_CLIENT_ID, SUPPORT_GROUP, groupsConnection);
// make sure loading the registrar succeeds and returns a value
assertThat(registrarAccessor.getRegistrar(DEFAULT_CLIENT_ID)).isNotNull();
assertAboutLogs()
.that(testLogHandler)
.hasLogAtLevelWithMessage(
Level.INFO, formatMessage(message, authResult, DEFAULT_CLIENT_ID));
assertAboutLogs().that(testLogHandler).hasLogAtLevelWithMessage(Level.INFO, message);
}
private void expectGetRegistrarFailure(
@ -281,16 +275,17 @@ public class AuthenticatedRegistrarAccessorTest {
new AuthenticatedRegistrarAccessor(
authResult, ADMIN_CLIENT_ID, SUPPORT_GROUP, groupsConnection);
ForbiddenException exception =
// make sure getRegistrar fails
RegistrarAccessDeniedException exception =
assertThrows(
ForbiddenException.class, () -> registrarAccessor.getRegistrar(clientId));
RegistrarAccessDeniedException.class, () -> registrarAccessor.getRegistrar(clientId));
assertThat(exception).hasMessageThat().contains(formatMessage(message, authResult, clientId));
assertThat(exception).hasMessageThat().contains(message);
}
/** If a user has access to a registrar, we should guess that registrar. */
@Test
public void testGuessClientIdForUser_hasAccess_isNotAdmin() {
public void testGuessClientIdForUser_hasAccess_isNotAdmin() throws Exception {
AuthenticatedRegistrarAccessor registrarAccessor =
new AuthenticatedRegistrarAccessor(
AUTHORIZED_USER, ADMIN_CLIENT_ID, SUPPORT_GROUP, groupsConnection);
@ -301,7 +296,8 @@ public class AuthenticatedRegistrarAccessorTest {
/** If a user doesn't have access to any registrars, guess returns nothing. */
@Test
public void testGuessClientIdForUser_noAccess_isNotAdmin() {
expectGuessRegistrarFailure(UNAUTHORIZED_USER, "{user} isn't associated with any registrar");
expectGuessRegistrarFailure(
UNAUTHORIZED_USER, "user unauth_user@gmail.com isn't associated with any registrar");
}
/**
@ -309,7 +305,7 @@ public class AuthenticatedRegistrarAccessorTest {
* ADMIN_CLIENT_ID).
*/
@Test
public void testGuessClientIdForUser_hasAccess_isAdmin() {
public void testGuessClientIdForUser_hasAccess_isAdmin() throws Exception {
AuthenticatedRegistrarAccessor registrarAccessor =
new AuthenticatedRegistrarAccessor(
AUTHORIZED_ADMIN, ADMIN_CLIENT_ID, SUPPORT_GROUP, groupsConnection);
@ -319,7 +315,7 @@ public class AuthenticatedRegistrarAccessorTest {
/** If an admin doesn't have access to a registrar, we should guess the ADMIN_CLIENT_ID. */
@Test
public void testGuessClientIdForUser_noAccess_isAdmin() {
public void testGuessClientIdForUser_noAccess_isAdmin() throws Exception {
AuthenticatedRegistrarAccessor registrarAccessor =
new AuthenticatedRegistrarAccessor(
UNAUTHORIZED_ADMIN, ADMIN_CLIENT_ID, SUPPORT_GROUP, groupsConnection);
@ -333,7 +329,7 @@ public class AuthenticatedRegistrarAccessorTest {
* registrars.
*/
@Test
public void testGuessClientIdForUser_noAccess_isAdmin_adminClientIdEmpty() {
public void testGuessClientIdForUser_noAccess_isAdmin_adminClientIdEmpty() throws Exception {
AuthenticatedRegistrarAccessor registrarAccessor =
new AuthenticatedRegistrarAccessor(UNAUTHORIZED_ADMIN, "", SUPPORT_GROUP, groupsConnection);
@ -345,7 +341,7 @@ public class AuthenticatedRegistrarAccessorTest {
* non-existent registrar, we still guess it (we will later fail loading the registrar).
*/
@Test
public void testGuessClientIdForUser_noAccess_isAdmin_adminClientIdInvalid() {
public void testGuessClientIdForUser_noAccess_isAdmin_adminClientIdInvalid() throws Exception {
AuthenticatedRegistrarAccessor registrarAccessor =
new AuthenticatedRegistrarAccessor(
UNAUTHORIZED_ADMIN, "NonexistentRegistrar", SUPPORT_GROUP, groupsConnection);
@ -358,11 +354,9 @@ public class AuthenticatedRegistrarAccessorTest {
new AuthenticatedRegistrarAccessor(
authResult, ADMIN_CLIENT_ID, SUPPORT_GROUP, groupsConnection);
ForbiddenException exception =
assertThrows(ForbiddenException.class, () -> registrarAccessor.guessClientId());
assertThat(exception)
.hasMessageThat()
.contains(formatMessage(message, authResult, null));
RegistrarAccessDeniedException exception =
assertThrows(RegistrarAccessDeniedException.class, () -> registrarAccessor.guessClientId());
assertThat(exception).hasMessageThat().contains(message);
}
@Test

4
javatests/google/registry/request/auth/BUILD
View file

@ -12,6 +12,7 @@ java_library(
srcs = glob(["*.java"]),
resources = glob(["testdata/*"]),
deps = [
"//java/google/registry/groups",
"//java/google/registry/request/auth",
"//java/google/registry/security",
"//javatests/google/registry/testing",
@ -19,7 +20,10 @@ java_library(
"@com_google_appengine_api_1_0_sdk",
"@com_google_appengine_tools_appengine_gcs_client",
"@com_google_appengine_tools_sdk",
"@com_google_flogger",
"@com_google_flogger_system_backend",
"@com_google_guava",
"@com_google_guava_testlib",
"@com_google_truth",
"@com_google_truth_extensions_truth_java8_extension",
"@javax_servlet_api",

1
javatests/google/registry/ui/server/BUILD
View file

@ -14,6 +14,7 @@ java_library(
"//java/google/registry/ui/forms",
"//java/google/registry/ui/server",
"//javatests/google/registry/testing",
"@com_google_guava",
"@com_google_truth",
"@com_google_truth_extensions_truth_java8_extension",
"@junit",

37
javatests/google/registry/ui/server/registrar/ConsoleUiActionTest.java
View file

@ -17,9 +17,8 @@ package google.registry.ui.server.registrar;
import static com.google.common.net.HttpHeaders.LOCATION;
import static com.google.common.truth.Truth.assertThat;
import static com.google.monitoring.metrics.contrib.LongMetricSubject.assertThat;
import static google.registry.testing.DatastoreHelper.loadRegistrar;
import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.Role.ADMIN;
import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.Role.OWNER;
import static google.registry.request.auth.AuthenticatedRegistrarAccessor.Role.ADMIN;
import static google.registry.request.auth.AuthenticatedRegistrarAccessor.Role.OWNER;
import static javax.servlet.http.HttpServletResponse.SC_MOVED_TEMPORARILY;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@ -28,9 +27,9 @@ import com.google.appengine.api.users.User;
import com.google.appengine.api.users.UserServiceFactory;
import com.google.common.collect.ImmutableSetMultimap;
import com.google.common.net.MediaType;
import google.registry.request.HttpException.ForbiddenException;
import google.registry.request.auth.AuthLevel;
import google.registry.request.auth.AuthResult;
import google.registry.request.auth.AuthenticatedRegistrarAccessor;
import google.registry.request.auth.UserAuthInfo;
import google.registry.security.XsrfTokenManager;
import google.registry.testing.AppEngineRule;
@ -56,8 +55,6 @@ public class ConsoleUiActionTest {
.withUserService(UserInfo.create("marla.singer@example.com", "12345"))
.build();
private final AuthenticatedRegistrarAccessor registrarAccessor =
mock(AuthenticatedRegistrarAccessor.class);
private final HttpServletRequest request = mock(HttpServletRequest.class);
private final FakeResponse response = new FakeResponse();
private final ConsoleUiAction action = new ConsoleUiAction();
@ -76,24 +73,19 @@ public class ConsoleUiActionTest {
action.req = request;
action.response = response;
action.registrarConsoleMetrics = new RegistrarConsoleMetrics();
action.registrarAccessor = registrarAccessor;
action.userService = UserServiceFactory.getUserService();
action.xsrfTokenManager = new XsrfTokenManager(new FakeClock(), action.userService);
action.paramClientId = Optional.empty();
AuthResult authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false));
action.authResult = authResult;
when(registrarAccessor.getRegistrar("TheRegistrar"))
.thenReturn(loadRegistrar("TheRegistrar"));
when(registrarAccessor.getAllClientIdWithRoles())
.thenReturn(
action.registrarAccessor =
AuthenticatedRegistrarAccessor.createForTesting(
ImmutableSetMultimap.of(
"TheRegistrar", OWNER,
"OtherRegistrar", OWNER,
"OtherRegistrar", ADMIN,
"NewRegistrar", OWNER,
"NewRegistrar", ADMIN,
"AdminRegistrar", ADMIN));
when(registrarAccessor.guessClientId()).thenCallRealMethod();
// Used for error message in guessClientId
registrarAccessor.authResult = authResult;
RegistrarConsoleMetrics.consoleRequestMetric.reset();
}
@ -146,7 +138,8 @@ public class ConsoleUiActionTest {
@Test
public void testUserDoesntHaveAccessToAnyRegistrar_showsWhoAreYouPage() {
when(registrarAccessor.getAllClientIdWithRoles()).thenReturn(ImmutableSetMultimap.of());
action.registrarAccessor =
AuthenticatedRegistrarAccessor.createForTesting(ImmutableSetMultimap.of());
action.run();
assertThat(response.getPayload()).contains("<h1>You need permission</h1>");
assertThat(response.getPayload()).contains("not associated with Nomulus.");
@ -175,8 +168,6 @@ public class ConsoleUiActionTest {
public void testSettingClientId_notAllowed_showsNeedPermissionPage() {
// Behaves the same way if fakeRegistrar exists, but we don't have access to it
action.paramClientId = Optional.of("fakeRegistrar");
when(registrarAccessor.getRegistrar("fakeRegistrar"))
.thenThrow(new ForbiddenException("forbidden"));
action.run();
assertThat(response.getPayload()).contains("<h1>You need permission</h1>");
assertThat(response.getPayload()).contains("not associated with the registrar fakeRegistrar.");
@ -185,20 +176,18 @@ public class ConsoleUiActionTest {
@Test
public void testSettingClientId_allowed_showsRegistrarConsole() {
action.paramClientId = Optional.of("OtherRegistrar");
when(registrarAccessor.getRegistrar("OtherRegistrar"))
.thenReturn(loadRegistrar("TheRegistrar"));
action.paramClientId = Optional.of("NewRegistrar");
action.run();
assertThat(response.getPayload()).contains("Registrar Console");
assertThat(response.getPayload()).contains("reg-content-and-footer");
assertMetric("OtherRegistrar", "true", "[OWNER, ADMIN]", "SUCCESS");
assertMetric("NewRegistrar", "true", "[OWNER, ADMIN]", "SUCCESS");
}
@Test
public void testUserHasAccessAsTheRegistrar_showsClientIdChooser() {
action.run();
assertThat(response.getPayload()).contains("<option value=\"TheRegistrar\" selected>");
assertThat(response.getPayload()).contains("<option value=\"OtherRegistrar\">");
assertThat(response.getPayload()).contains("<option value=\"NewRegistrar\">");
assertThat(response.getPayload()).contains("<option value=\"AdminRegistrar\">");
assertMetric("TheRegistrar", "false", "[OWNER]", "SUCCESS");
}

18
javatests/google/registry/ui/server/registrar/RegistrarSettingsActionTest.java
View file

@ -86,10 +86,11 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase
public void testFailure_readRegistrarInfo_notAuthorized() {
setUserWithoutAccess();
Map<String, Object> response = action.handleJsonRequest(ImmutableMap.of("id", CLIENT_ID));
assertThat(response).containsExactly(
"status", "ERROR",
"results", ImmutableList.of(),
"message", "forbidden test error");
assertThat(response)
.containsExactly(
"status", "ERROR",
"results", ImmutableList.of(),
"message", "TestUserId doesn't have access to registrar TheRegistrar");
assertNoTasksEnqueued("sheet");
assertMetric(CLIENT_ID, "read", "[]", "ERROR: ForbiddenException");
}
@ -160,10 +161,11 @@ public class RegistrarSettingsActionTest extends RegistrarSettingsActionTestCase
"op", "update",
"id", CLIENT_ID,
"args", ImmutableMap.of("lastUpdateTime", getLastUpdateTime())));
assertThat(response).containsExactly(
"status", "ERROR",
"results", ImmutableList.of(),
"message", "forbidden test error");
assertThat(response)
.containsExactly(
"status", "ERROR",
"results", ImmutableList.of(),
"message", "TestUserId doesn't have access to registrar TheRegistrar");
assertNoTasksEnqueued("sheet");
assertMetric(CLIENT_ID, "update", "[]", "ERROR: ForbiddenException");
}

35
javatests/google/registry/ui/server/registrar/RegistrarSettingsActionTestCase.java
View file

@ -17,13 +17,11 @@ package google.registry.ui.server.registrar;
import static com.google.monitoring.metrics.contrib.LongMetricSubject.assertThat;
import static google.registry.config.RegistryConfig.getGSuiteOutgoingEmailAddress;
import static google.registry.config.RegistryConfig.getGSuiteOutgoingEmailDisplayName;
import static google.registry.request.auth.AuthenticatedRegistrarAccessor.Role.ADMIN;
import static google.registry.request.auth.AuthenticatedRegistrarAccessor.Role.OWNER;
import static google.registry.security.JsonHttpTestUtils.createJsonPayload;
import static google.registry.testing.DatastoreHelper.createTlds;
import static google.registry.testing.DatastoreHelper.disallowRegistrarAccess;
import static google.registry.testing.DatastoreHelper.loadRegistrar;
import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.Role.ADMIN;
import static google.registry.ui.server.registrar.AuthenticatedRegistrarAccessor.Role.OWNER;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import com.google.appengine.api.users.User;
@ -32,12 +30,12 @@ import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSetMultimap;
import google.registry.config.RegistryEnvironment;
import google.registry.model.ofy.Ofy;
import google.registry.request.HttpException.ForbiddenException;
import google.registry.request.JsonActionRunner;
import google.registry.request.JsonResponse;
import google.registry.request.ResponseImpl;
import google.registry.request.auth.AuthLevel;
import google.registry.request.auth.AuthResult;
import google.registry.request.auth.AuthenticatedRegistrarAccessor;
import google.registry.request.auth.UserAuthInfo;
import google.registry.testing.AppEngineRule;
import google.registry.testing.FakeClock;
@ -134,34 +132,25 @@ public class RegistrarSettingsActionTestCase {
RegistrarConsoleMetrics.settingsRequestMetric.reset(clientId, op, roles, status);
}
/** Sets registrarAccessor.getRegistrar to succeed for all AccessTypes. */
/** Sets registrarAccessor.getRegistrar to succeed for CLIENT_ID only. */
protected void setUserWithAccess() {
action.registrarAccessor = mock(AuthenticatedRegistrarAccessor.class);
when(action.registrarAccessor.getAllClientIdWithRoles())
.thenReturn(ImmutableSetMultimap.of(CLIENT_ID, OWNER));
when(action.registrarAccessor.getRegistrar(CLIENT_ID))
.thenAnswer(x -> loadRegistrar(CLIENT_ID));
action.registrarAccessor =
AuthenticatedRegistrarAccessor.createForTesting(
ImmutableSetMultimap.of(CLIENT_ID, OWNER));
}
/** Sets registrarAccessor.getRegistrar to always fail. */
protected void setUserWithoutAccess() {
action.registrarAccessor = mock(AuthenticatedRegistrarAccessor.class);
when(action.registrarAccessor.getAllClientIdWithRoles()).thenReturn(ImmutableSetMultimap.of());
when(action.registrarAccessor.getRegistrar(CLIENT_ID))
.thenThrow(new ForbiddenException("forbidden test error"));
action.registrarAccessor =
AuthenticatedRegistrarAccessor.createForTesting(ImmutableSetMultimap.of());
}
/**
* Sets registrarAccessor.getAllClientIdWithRoles to return a map with admin role for CLIENT_ID
*/
protected void setUserAdmin() {
action.registrarAccessor = mock(AuthenticatedRegistrarAccessor.class);
when(action.registrarAccessor.getAllClientIdWithRoles())
.thenReturn(ImmutableSetMultimap.of(CLIENT_ID, ADMIN));
when(action.registrarAccessor.getRegistrar(CLIENT_ID))
.thenAnswer(x -> loadRegistrar(CLIENT_ID));
action.registrarAccessor =
AuthenticatedRegistrarAccessor.createForTesting(
ImmutableSetMultimap.of(CLIENT_ID, ADMIN));
}
}