Remove authcode fallback for registering anchor tenants

We won't be using this for future launches, so get rid of it now. Also reorganizes existing anchor tenant test cases and adds a new one for creation of a TMDBed anchor tenant domain in sunrise. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=239669950
2025-05-15 17:07:15 +02:00 · 2019-03-21 14:14:21 -07:00 · 2019-03-21 14:14:21 -07:00 · 6e1e4769a9
commit 6e1e4769a9
parent 2481704d00
11 changed files with 137 additions and 147 deletions
--- a/java/google/registry/flows/domain/DomainCreateFlow.java
+++ b/java/google/registry/flows/domain/DomainCreateFlow.java
@ -89,7 +89,6 @@ import google.registry.model.domain.rgp.GracePeriodStatus;
 import google.registry.model.domain.secdns.SecDnsCreateExtension;
 import google.registry.model.domain.token.AllocationToken;
 import google.registry.model.domain.token.AllocationTokenExtension;
 import google.registry.model.eppcommon.AuthInfo;
 import google.registry.model.eppcommon.StatusValue;
 import google.registry.model.eppinput.EppInput;
 import google.registry.model.eppinput.ResourceCommand;
@ -190,7 +189,6 @@ public class DomainCreateFlow implements TransactionalFlow {
  @Inject ExtensionManager extensionManager;
  @Inject EppInput eppInput;
  @Inject AuthInfo authInfo;
  @Inject ResourceCommand resourceCommand;
  @Inject @ClientId String clientId;
  @Inject @TargetId String targetId;
@ -241,15 +239,12 @@ public class DomainCreateFlow implements TransactionalFlow {
      verifyNoCodeMarks(launchCreate.get());
      validateLaunchCreateNotice(launchCreate.get().getNotice(), domainLabel, isSuperuser, now);
    }
-    boolean isSunriseCreate = hasSignedMarks && tldState == START_DATE_SUNRISE;
+    boolean isSunriseCreate = hasSignedMarks && (tldState == START_DATE_SUNRISE);
    Optional<AllocationToken> allocationToken =
        verifyAllocationTokenIfPresent(command, registry, clientId, now);
    boolean isAnchorTenant =
        isAnchorTenant(
-            domainName,
+            domainName, allocationToken, eppInput.getSingleExtension(MetadataExtension.class));
            allocationToken,
            authInfo.getPw().getValue(),
            eppInput.getSingleExtension(MetadataExtension.class));
    verifyAnchorTenantValidPeriod(isAnchorTenant, years);
    // Superusers can create reserved domains, force creations on domains that require a claims
    // notice without specifying a claims key, ignore the registry phase, and override blocks on
--- a/java/google/registry/flows/domain/DomainFlowUtils.java
+++ b/java/google/registry/flows/domain/DomainFlowUtils.java
@ -254,25 +254,14 @@ public class DomainFlowUtils {
  public static boolean isAnchorTenant(
      InternetDomainName domainName,
      Optional<AllocationToken> token,
      String authInfoPw,
      Optional<MetadataExtension> metadataExtension) {
    // If the domain is reserved for anchor tenants, then check if the allocation token exists and
    // is for this domain.
-    if (getReservationTypes(domainName).contains(RESERVED_FOR_ANCHOR_TENANT)) {
+    if (getReservationTypes(domainName).contains(RESERVED_FOR_ANCHOR_TENANT)
-      // If there wasn't an allocation token specified, then use the fallback of attempting to load
+        && token.isPresent()
-      // the token with the specified EPP authcode.
+        && token.get().getDomainName().isPresent()
-      // TODO(b/111827374): Remove the authInfoPw fallback and only accept an allocation token.
+        && token.get().getDomainName().get().equals(domainName.toString())) {
-      if (!token.isPresent()) {
+      return true;
        token =
            Optional.ofNullable(
                ofy().load().key(Key.create(AllocationToken.class, authInfoPw)).now());
      }
      // If the token exists, check if it's valid for this domain.
      if (token.isPresent()
          && token.get().getDomainName().isPresent()
          && token.get().getDomainName().get().equals(domainName.toString())) {
        return true;
      }
    }
    // Otherwise check whether the metadata extension is being used by a superuser to specify that
    // it's an anchor tenant creation.
--- a/javatests/google/registry/flows/EppLifecycleDomainTest.java
+++ b/javatests/google/registry/flows/EppLifecycleDomainTest.java
@ -896,7 +896,7 @@ public class EppLifecycleDomainTest extends EppTestCase {
    createContactsAndHosts();
    // During pre-delegation, any create should fail both with and without mark
-    assertThatCommand("domain_create_start_date_sunrise_encoded_mark.xml")
+    assertThatCommand("domain_create_sunrise_encoded_mark.xml")
        .atTime(sunriseDate.minusDays(2))
        .hasResponse(
            "response_error.xml",
@ -925,7 +925,7 @@ public class EppLifecycleDomainTest extends EppTestCase {
    // During sunrise, create with mark will succeed but without will fail.
    // We also test we can delete without a mark.
-    assertThatCommand("domain_create_start_date_sunrise_encoded_mark.xml")
+    assertThatCommand("domain_create_sunrise_encoded_mark.xml")
        .atTime(sunriseDate.plusDays(1))
        .hasResponse(
            "domain_create_response.xml",
@ -949,7 +949,7 @@ public class EppLifecycleDomainTest extends EppTestCase {
                "MSG", "The current registry phase requires a signed mark for registrations"));
    // During general availability, sunrise creates will fail but regular creates succeed
-    assertThatCommand("domain_create_start_date_sunrise_encoded_mark.xml")
+    assertThatCommand("domain_create_sunrise_encoded_mark.xml")
        .atTime(gaDate.plusDays(1))
        .hasResponse(
            "response_error.xml",
--- a/javatests/google/registry/flows/domain/DomainCreateFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainCreateFlowTest.java
@ -19,6 +19,7 @@ import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth8.assertThat;
 import static google.registry.flows.FlowTestCase.UserPrivileges.SUPERUSER;
 import static google.registry.model.billing.BillingEvent.Flag.ANCHOR_TENANT;
 import static google.registry.model.billing.BillingEvent.Flag.SUNRISE;
 import static google.registry.model.domain.fee.Fee.FEE_EXTENSION_URIS;
 import static google.registry.model.eppcommon.StatusValue.OK;
 import static google.registry.model.eppcommon.StatusValue.PENDING_DELETE;
@ -476,17 +477,6 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
    assertAboutEppExceptions().that(thrown).marshalsToXml();
  }
  @Test
  public void testSuccess_anchorTenantViaExtension() throws Exception {
    eppRequestSource = EppRequestSource.TOOL;
    setEppInput("domain_create_anchor_tenant.xml");
    persistContactsAndHosts();
    runFlowAssertResponse(
        loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "example.tld")));
    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
    assertNoLordn();
  }
  @Test
  public void testFailure_generalAvailability_withEncodedSignedMark() {
    createTld("tld", GENERAL_AVAILABILITY);
@ -945,42 +935,21 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
  }
  @Test
-  public void testFailure_anchorTenant_viaAuthCode_wrongAuthCode() {
+  public void testSuccess_anchorTenant() throws Exception {
    setEppInput("domain_create_anchor_wrong_authcode.xml");
    persistContactsAndHosts();
    EppException thrown = assertThrows(DomainReservedException.class, this::runFlow);
    assertAboutEppExceptions().that(thrown).marshalsToXml();
  }
  @Test
  public void testFailure_anchorTenant_notTwoYearPeriod() {
    setEppInput("domain_create_anchor_authcode_invalid_years.xml");
    persistContactsAndHosts();
    EppException thrown = assertThrows(AnchorTenantCreatePeriodException.class, this::runFlow);
    assertAboutEppExceptions().that(thrown).marshalsToXml();
  }
  @Test
  public void testSuccess_anchorTenant_viaAuthCode() throws Exception {
    setEppInput("domain_create_anchor_authcode.xml");
    persistContactsAndHosts();
    runFlowAssertResponse(loadFile("domain_create_anchor_response.xml"));
    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
    assertNoLordn();
  }
  @Test
  public void testSuccess_anchorTenant_viaAllocationTokenExtension() throws Exception {
    setEppInput("domain_create_anchor_allocationtoken.xml");
    persistContactsAndHosts();
    runFlowAssertResponse(loadFile("domain_create_anchor_response.xml"));
    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
    assertNoLordn();
-    AllocationToken reloadedToken =
+    assertAllocationTokenWasRedeemed("abcDEF23456");
-        ofy().load().key(Key.create(AllocationToken.class, "abcDEF23456")).now();
+  }
-    assertThat(reloadedToken.isRedeemed()).isTrue();
+
-    assertThat(reloadedToken.getRedemptionHistoryEntry())
+  @Test
-        .isEqualTo(Key.create(getHistoryEntries(reloadResourceByForeignKey()).get(0)));
+  public void testFailure_anchorTenant_notTwoYearPeriod() {
    setEppInput("domain_create_anchor_tenant_invalid_years.xml");
    persistContactsAndHosts();
    EppException thrown = assertThrows(AnchorTenantCreatePeriodException.class, this::runFlow);
    assertAboutEppExceptions().that(thrown).marshalsToXml();
  }
  @Test
@ -992,38 +961,86 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
    runFlowAssertResponse(loadFile("domain_create_anchor_response.xml"));
    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
    assertNoLordn();
-    AllocationToken reloadedToken =
+    assertAllocationTokenWasRedeemed("abcDEF23456");
        ofy().load().key(Key.create(AllocationToken.class, "abcDEF23456")).now();
    assertThat(reloadedToken.isRedeemed()).isTrue();
    assertThat(reloadedToken.getRedemptionHistoryEntry())
        .isEqualTo(Key.create(getHistoryEntries(reloadResourceByForeignKey()).get(0)));
  }
  @Test
-  public void testSuccess_anchorTenant_viaAuthCode_withClaims() throws Exception {
+  public void testSuccess_anchorTenant_withClaims() throws Exception {
    persistResource(
-        new AllocationToken.Builder().setDomainName("example-one.tld").setToken("2fooBAR").build());
+        new AllocationToken.Builder()
            .setDomainName("example-one.tld")
            .setToken("abcDEF23456")
            .build());
    persistResource(
        Registry.get("tld")
            .asBuilder()
            .setReservedLists(
-                persistReservedList(
+                persistReservedList("anchor-with-claims", "example-one,RESERVED_FOR_ANCHOR_TENANT"))
                    "anchor-with-claims", "example-one,RESERVED_FOR_ANCHOR_TENANT"))
            .build());
-    setEppInput("domain_create_claim_notice.xml");
+    setEppInput("domain_create_anchor_tenant_claims.xml");
    clock.setTo(DateTime.parse("2009-08-16T09:00:00.0Z"));
    persistContactsAndHosts();
    runFlowAssertResponse(loadFile("domain_create_response_claims.xml"));
    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
    assertDnsTasksEnqueued("example-one.tld");
    assertClaimsLordn();
    assertAllocationTokenWasRedeemed("abcDEF23456");
  }
  @Test
  public void testSuccess_anchorTenant_withMetadataExtension() throws Exception {
    eppRequestSource = EppRequestSource.TOOL;
    setEppInput("domain_create_anchor_tenant_metadata_extension.xml");
    persistContactsAndHosts();
    runFlowAssertResponse(
        loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "example.tld")));
    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
    assertNoLordn();
  }
  @Test
  public void testSuccess_anchorTenantInSunrise_withMetadataExtension() throws Exception {
    createTld("tld", START_DATE_SUNRISE);
    setEppInput("domain_create_anchor_tenant_sunrise_metadata_extension.xml");
    eppRequestSource = EppRequestSource.TOOL; // Only tools can pass in metadata.
    persistContactsAndHosts();
    runFlowAssertResponse(
        loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "example.tld")));
    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
    assertNoLordn();
  }
  @Test
  public void testSuccess_anchorTenantInSunrise_withSignedMark() throws Exception {
    persistResource(
        new AllocationToken.Builder()
            .setDomainName("test-validate.tld")
            .setToken("abcDEF23456")
            .build());
    persistResource(
        Registry.get("tld")
            .asBuilder()
            .setReservedLists(
                persistReservedList("anchor_tenants", "test-validate,RESERVED_FOR_ANCHOR_TENANT"))
            .setTldStateTransitions(ImmutableSortedMap.of(START_OF_TIME, START_DATE_SUNRISE))
            .build());
    setEppInput("domain_create_anchor_tenant_signed_mark.xml");
    clock.setTo(DateTime.parse("2014-09-09T09:09:09Z"));
    persistContactsAndHosts();
    runFlowAssertResponse(
        loadFile(
            "domain_create_response_encoded_signed_mark_name.xml",
            ImmutableMap.of("DOMAIN", "test-validate.tld")));
    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT, SUNRISE));
    assertDnsTasksEnqueued("test-validate.tld");
    assertSunriseLordn("test-validate.tld");
    assertAllocationTokenWasRedeemed("abcDEF23456");
  }
  @Test
  public void testSuccess_reservedDomain_viaAllocationTokenExtension() throws Exception {
-    AllocationToken token =
+    persistResource(
-        persistResource(
+        new AllocationToken.Builder().setToken("abc123").setDomainName("resdom.tld").build());
            new AllocationToken.Builder().setToken("abc123").setDomainName("resdom.tld").build());
    // Despite the domain being FULLY_BLOCKED, the non-superuser create succeeds the domain is also
    // RESERVED_FOR_SPECIFIC_USE and the correct allocation token is passed.
    setEppInput("domain_create_allocationtoken.xml", ImmutableMap.of("DOMAIN", "resdom.tld"));
@ -1032,7 +1049,12 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
        loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "resdom.tld")));
    assertSuccessfulCreate("tld", ImmutableSet.of(Flag.RESERVED));
    assertNoLordn();
-    AllocationToken reloadedToken = ofy().load().entity(token).now();
+    assertAllocationTokenWasRedeemed("abc123");
  }
  private void assertAllocationTokenWasRedeemed(String token) throws Exception {
    AllocationToken reloadedToken =
        ofy().load().key(Key.create(AllocationToken.class, token)).now();
    assertThat(reloadedToken.isRedeemed()).isTrue();
    assertThat(reloadedToken.getRedemptionHistoryEntry())
        .isEqualTo(Key.create(getHistoryEntries(reloadResourceByForeignKey()).get(0)));
@ -1587,18 +1609,6 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
        "tld", "domain_create_response.xml", SUPERUSER, ImmutableMap.of("DOMAIN", "example.tld"));
  }
  @Test
  public void testSuccess_qlpRegistrationSunriseRegistration() throws Exception {
    createTld("tld", START_DATE_SUNRISE);
    setEppInput("domain_create_registration_qlp_start_date_sunrise.xml");
    eppRequestSource = EppRequestSource.TOOL; // Only tools can pass in metadata.
    persistContactsAndHosts();
    runFlowAssertResponse(
        loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "example.tld")));
    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
    assertNoLordn();
  }
  @Test
  public void testSuccess_startDateSunriseRegistration_withEncodedSignedMark() throws Exception {
    createTld("tld", START_DATE_SUNRISE);
--- a/javatests/google/registry/flows/domain/testdata/domain_create_anchor_authcode.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_anchor_authcode.xml
@ -1,22 +0,0 @@
 <epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
  <command>
    <create>
      <domain:create
       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
        <domain:name>anchor.tld</domain:name>
        <domain:period unit="y">2</domain:period>
        <domain:ns>
          <domain:hostObj>ns1.example.net</domain:hostObj>
          <domain:hostObj>ns2.example.net</domain:hostObj>
        </domain:ns>
        <domain:registrant>jd1234</domain:registrant>
        <domain:contact type="admin">sh8013</domain:contact>
        <domain:contact type="tech">sh8013</domain:contact>
        <domain:authInfo>
          <domain:pw>abcDEF23456</domain:pw>
        </domain:authInfo>
      </domain:create>
    </create>
    <clTRID>ABC-12345</clTRID>
  </command>
 </epp>
--- a/javatests/google/registry/flows/domain/testdata/domain_create_anchor_tenant_claims.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_anchor_tenant_claims.xml
@ -0,0 +1,38 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
  <command>
    <create>
      <domain:create
       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
        <domain:name>example-one.tld</domain:name>
        <domain:period unit="y">2</domain:period>
        <domain:ns>
          <domain:hostObj>ns1.example.net</domain:hostObj>
          <domain:hostObj>ns2.example.net</domain:hostObj>
        </domain:ns>
        <domain:registrant>jd1234</domain:registrant>
        <domain:contact type="admin">sh8013</domain:contact>
        <domain:contact type="tech">sh8013</domain:contact>
        <domain:authInfo>
          <domain:pw>2fooBAR</domain:pw>
        </domain:authInfo>
      </domain:create>
    </create>
    <extension>
      <allocationToken:allocationToken
          xmlns:allocationToken=
              "urn:ietf:params:xml:ns:allocationToken-1.0">
        abcDEF23456
      </allocationToken:allocationToken>
      <launch:create xmlns:launch="urn:ietf:params:xml:ns:launch-1.0" type="registration">
        <launch:phase>claims</launch:phase>
        <launch:notice>
          <launch:noticeID>370d0b7c9223372036854775807</launch:noticeID>
          <launch:notAfter>2010-08-16T09:00:00.0Z</launch:notAfter>
          <launch:acceptedDate>2009-08-16T09:00:00.0Z</launch:acceptedDate>
        </launch:notice>
      </launch:create>
    </extension>
    <clTRID>ABC-12345</clTRID>
  </command>
 </epp>
--- a/javatests/google/registry/flows/domain/testdata/domain_create_anchor_authcode_invalid_years.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_anchor_authcode_invalid_years.xml
--- a/javatests/google/registry/flows/domain/testdata/domain_create_anchor_tenant_metadata_extension.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_anchor_tenant_metadata_extension.xml
--- a/javatests/google/registry/flows/domain/testdata/domain_create_anchor_tenant_signed_mark.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_anchor_tenant_signed_mark.xml
--- a/javatests/google/registry/flows/domain/testdata/domain_create_anchor_tenant_sunrise_metadata_extension.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_anchor_tenant_sunrise_metadata_extension.xml
--- a/javatests/google/registry/flows/domain/testdata/domain_create_anchor_wrong_authcode.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_anchor_wrong_authcode.xml
@ -1,22 +0,0 @@
 <epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
  <command>
    <create>
      <domain:create
       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
        <domain:name>anchor.tld</domain:name>
        <domain:period unit="y">2</domain:period>
        <domain:ns>
          <domain:hostObj>ns1.example.net</domain:hostObj>
          <domain:hostObj>ns2.example.net</domain:hostObj>
        </domain:ns>
        <domain:registrant>jd1234</domain:registrant>
        <domain:contact type="admin">sh8013</domain:contact>
        <domain:contact type="tech">sh8013</domain:contact>
        <domain:authInfo>
          <domain:pw>wrong</domain:pw>
        </domain:authInfo>
      </domain:create>
    </create>
    <clTRID>ABC-12345</clTRID>
  </command>
 </epp>