Remove authcode fallback for registering anchor tenants

We won't be using this for future launches, so get rid of it now.

Also reorganizes existing anchor tenant test cases and adds a new one for
creation of a TMDBed anchor tenant domain in sunrise.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=239669950

java/google/registry/flows/domain/DomainCreateFlow.java

@@ -89,7 +89,6 @@ import google.registry.model.domain.rgp.GracePeriodStatus;
 import google.registry.model.domain.secdns.SecDnsCreateExtension;
 import google.registry.model.domain.token.AllocationToken;
 import google.registry.model.domain.token.AllocationTokenExtension;
-import google.registry.model.eppcommon.AuthInfo;
 import google.registry.model.eppcommon.StatusValue;
 import google.registry.model.eppinput.EppInput;
 import google.registry.model.eppinput.ResourceCommand;
@@ -190,7 +189,6 @@ public class DomainCreateFlow implements TransactionalFlow {
 
   @Inject ExtensionManager extensionManager;
   @Inject EppInput eppInput;
-  @Inject AuthInfo authInfo;
   @Inject ResourceCommand resourceCommand;
   @Inject @ClientId String clientId;
   @Inject @TargetId String targetId;
@@ -241,15 +239,12 @@ public class DomainCreateFlow implements TransactionalFlow {
       verifyNoCodeMarks(launchCreate.get());
       validateLaunchCreateNotice(launchCreate.get().getNotice(), domainLabel, isSuperuser, now);
     }
-    boolean isSunriseCreate = hasSignedMarks && tldState == START_DATE_SUNRISE;
+    boolean isSunriseCreate = hasSignedMarks && (tldState == START_DATE_SUNRISE);
     Optional<AllocationToken> allocationToken =
         verifyAllocationTokenIfPresent(command, registry, clientId, now);
     boolean isAnchorTenant =
         isAnchorTenant(
-            domainName,
-            allocationToken,
-            authInfo.getPw().getValue(),
-            eppInput.getSingleExtension(MetadataExtension.class));
+            domainName, allocationToken, eppInput.getSingleExtension(MetadataExtension.class));
     verifyAnchorTenantValidPeriod(isAnchorTenant, years);
     // Superusers can create reserved domains, force creations on domains that require a claims
     // notice without specifying a claims key, ignore the registry phase, and override blocks on

java/google/registry/flows/domain/DomainFlowUtils.java

@@ -254,26 +254,15 @@ public class DomainFlowUtils {
   public static boolean isAnchorTenant(
       InternetDomainName domainName,
       Optional<AllocationToken> token,
-      String authInfoPw,
       Optional<MetadataExtension> metadataExtension) {
     // If the domain is reserved for anchor tenants, then check if the allocation token exists and
     // is for this domain.
-    if (getReservationTypes(domainName).contains(RESERVED_FOR_ANCHOR_TENANT)) {
-      // If there wasn't an allocation token specified, then use the fallback of attempting to load
-      // the token with the specified EPP authcode.
-      // TODO(b/111827374): Remove the authInfoPw fallback and only accept an allocation token.
-      if (!token.isPresent()) {
-        token =
-            Optional.ofNullable(
-                ofy().load().key(Key.create(AllocationToken.class, authInfoPw)).now());
-      }
-      // If the token exists, check if it's valid for this domain.
-      if (token.isPresent()
+    if (getReservationTypes(domainName).contains(RESERVED_FOR_ANCHOR_TENANT)
+        && token.isPresent()
         && token.get().getDomainName().isPresent()
         && token.get().getDomainName().get().equals(domainName.toString())) {
       return true;
     }
-    }
     // Otherwise check whether the metadata extension is being used by a superuser to specify that
     // it's an anchor tenant creation.
     return metadataExtension.isPresent() && metadataExtension.get().getIsAnchorTenant();

javatests/google/registry/flows/EppLifecycleDomainTest.java

@@ -896,7 +896,7 @@ public class EppLifecycleDomainTest extends EppTestCase {
     createContactsAndHosts();
 
     // During pre-delegation, any create should fail both with and without mark
-    assertThatCommand("domain_create_start_date_sunrise_encoded_mark.xml")
+    assertThatCommand("domain_create_sunrise_encoded_mark.xml")
         .atTime(sunriseDate.minusDays(2))
         .hasResponse(
             "response_error.xml",
@@ -925,7 +925,7 @@ public class EppLifecycleDomainTest extends EppTestCase {
 
     // During sunrise, create with mark will succeed but without will fail.
     // We also test we can delete without a mark.
-    assertThatCommand("domain_create_start_date_sunrise_encoded_mark.xml")
+    assertThatCommand("domain_create_sunrise_encoded_mark.xml")
         .atTime(sunriseDate.plusDays(1))
         .hasResponse(
             "domain_create_response.xml",
@@ -949,7 +949,7 @@ public class EppLifecycleDomainTest extends EppTestCase {
                 "MSG", "The current registry phase requires a signed mark for registrations"));
 
     // During general availability, sunrise creates will fail but regular creates succeed
-    assertThatCommand("domain_create_start_date_sunrise_encoded_mark.xml")
+    assertThatCommand("domain_create_sunrise_encoded_mark.xml")
         .atTime(gaDate.plusDays(1))
         .hasResponse(
             "response_error.xml",

javatests/google/registry/flows/domain/DomainCreateFlowTest.java

@@ -19,6 +19,7 @@ import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth8.assertThat;
 import static google.registry.flows.FlowTestCase.UserPrivileges.SUPERUSER;
 import static google.registry.model.billing.BillingEvent.Flag.ANCHOR_TENANT;
+import static google.registry.model.billing.BillingEvent.Flag.SUNRISE;
 import static google.registry.model.domain.fee.Fee.FEE_EXTENSION_URIS;
 import static google.registry.model.eppcommon.StatusValue.OK;
 import static google.registry.model.eppcommon.StatusValue.PENDING_DELETE;
@@ -476,17 +477,6 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
     assertAboutEppExceptions().that(thrown).marshalsToXml();
   }
 
-  @Test
-  public void testSuccess_anchorTenantViaExtension() throws Exception {
-    eppRequestSource = EppRequestSource.TOOL;
-    setEppInput("domain_create_anchor_tenant.xml");
-    persistContactsAndHosts();
-    runFlowAssertResponse(
-        loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "example.tld")));
-    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
-    assertNoLordn();
-  }
-
   @Test
   public void testFailure_generalAvailability_withEncodedSignedMark() {
     createTld("tld", GENERAL_AVAILABILITY);
@@ -945,42 +935,21 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
   }
 
   @Test
-  public void testFailure_anchorTenant_viaAuthCode_wrongAuthCode() {
-    setEppInput("domain_create_anchor_wrong_authcode.xml");
-    persistContactsAndHosts();
-    EppException thrown = assertThrows(DomainReservedException.class, this::runFlow);
-    assertAboutEppExceptions().that(thrown).marshalsToXml();
-  }
-
-  @Test
-  public void testFailure_anchorTenant_notTwoYearPeriod() {
-    setEppInput("domain_create_anchor_authcode_invalid_years.xml");
-    persistContactsAndHosts();
-    EppException thrown = assertThrows(AnchorTenantCreatePeriodException.class, this::runFlow);
-    assertAboutEppExceptions().that(thrown).marshalsToXml();
-  }
-
-  @Test
-  public void testSuccess_anchorTenant_viaAuthCode() throws Exception {
-    setEppInput("domain_create_anchor_authcode.xml");
-    persistContactsAndHosts();
-    runFlowAssertResponse(loadFile("domain_create_anchor_response.xml"));
-    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
-    assertNoLordn();
-  }
-
-  @Test
-  public void testSuccess_anchorTenant_viaAllocationTokenExtension() throws Exception {
+  public void testSuccess_anchorTenant() throws Exception {
     setEppInput("domain_create_anchor_allocationtoken.xml");
     persistContactsAndHosts();
     runFlowAssertResponse(loadFile("domain_create_anchor_response.xml"));
     assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
     assertNoLordn();
-    AllocationToken reloadedToken =
-        ofy().load().key(Key.create(AllocationToken.class, "abcDEF23456")).now();
-    assertThat(reloadedToken.isRedeemed()).isTrue();
-    assertThat(reloadedToken.getRedemptionHistoryEntry())
-        .isEqualTo(Key.create(getHistoryEntries(reloadResourceByForeignKey()).get(0)));
+    assertAllocationTokenWasRedeemed("abcDEF23456");
+  }
+
+  @Test
+  public void testFailure_anchorTenant_notTwoYearPeriod() {
+    setEppInput("domain_create_anchor_tenant_invalid_years.xml");
+    persistContactsAndHosts();
+    EppException thrown = assertThrows(AnchorTenantCreatePeriodException.class, this::runFlow);
+    assertAboutEppExceptions().that(thrown).marshalsToXml();
   }
 
   @Test
@@ -992,36 +961,84 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
     runFlowAssertResponse(loadFile("domain_create_anchor_response.xml"));
     assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
     assertNoLordn();
-    AllocationToken reloadedToken =
-        ofy().load().key(Key.create(AllocationToken.class, "abcDEF23456")).now();
-    assertThat(reloadedToken.isRedeemed()).isTrue();
-    assertThat(reloadedToken.getRedemptionHistoryEntry())
-        .isEqualTo(Key.create(getHistoryEntries(reloadResourceByForeignKey()).get(0)));
+    assertAllocationTokenWasRedeemed("abcDEF23456");
   }
 
   @Test
-  public void testSuccess_anchorTenant_viaAuthCode_withClaims() throws Exception {
+  public void testSuccess_anchorTenant_withClaims() throws Exception {
     persistResource(
-        new AllocationToken.Builder().setDomainName("example-one.tld").setToken("2fooBAR").build());
+        new AllocationToken.Builder()
+            .setDomainName("example-one.tld")
+            .setToken("abcDEF23456")
+            .build());
     persistResource(
         Registry.get("tld")
             .asBuilder()
             .setReservedLists(
-                persistReservedList(
-                    "anchor-with-claims", "example-one,RESERVED_FOR_ANCHOR_TENANT"))
+                persistReservedList("anchor-with-claims", "example-one,RESERVED_FOR_ANCHOR_TENANT"))
             .build());
-    setEppInput("domain_create_claim_notice.xml");
+    setEppInput("domain_create_anchor_tenant_claims.xml");
     clock.setTo(DateTime.parse("2009-08-16T09:00:00.0Z"));
     persistContactsAndHosts();
     runFlowAssertResponse(loadFile("domain_create_response_claims.xml"));
     assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
     assertDnsTasksEnqueued("example-one.tld");
     assertClaimsLordn();
+    assertAllocationTokenWasRedeemed("abcDEF23456");
+  }
+
+  @Test
+  public void testSuccess_anchorTenant_withMetadataExtension() throws Exception {
+    eppRequestSource = EppRequestSource.TOOL;
+    setEppInput("domain_create_anchor_tenant_metadata_extension.xml");
+    persistContactsAndHosts();
+    runFlowAssertResponse(
+        loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "example.tld")));
+    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
+    assertNoLordn();
+  }
+
+  @Test
+  public void testSuccess_anchorTenantInSunrise_withMetadataExtension() throws Exception {
+    createTld("tld", START_DATE_SUNRISE);
+    setEppInput("domain_create_anchor_tenant_sunrise_metadata_extension.xml");
+    eppRequestSource = EppRequestSource.TOOL; // Only tools can pass in metadata.
+    persistContactsAndHosts();
+    runFlowAssertResponse(
+        loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "example.tld")));
+    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
+    assertNoLordn();
+  }
+
+  @Test
+  public void testSuccess_anchorTenantInSunrise_withSignedMark() throws Exception {
+    persistResource(
+        new AllocationToken.Builder()
+            .setDomainName("test-validate.tld")
+            .setToken("abcDEF23456")
+            .build());
+    persistResource(
+        Registry.get("tld")
+            .asBuilder()
+            .setReservedLists(
+                persistReservedList("anchor_tenants", "test-validate,RESERVED_FOR_ANCHOR_TENANT"))
+            .setTldStateTransitions(ImmutableSortedMap.of(START_OF_TIME, START_DATE_SUNRISE))
+            .build());
+    setEppInput("domain_create_anchor_tenant_signed_mark.xml");
+    clock.setTo(DateTime.parse("2014-09-09T09:09:09Z"));
+    persistContactsAndHosts();
+    runFlowAssertResponse(
+        loadFile(
+            "domain_create_response_encoded_signed_mark_name.xml",
+            ImmutableMap.of("DOMAIN", "test-validate.tld")));
+    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT, SUNRISE));
+    assertDnsTasksEnqueued("test-validate.tld");
+    assertSunriseLordn("test-validate.tld");
+    assertAllocationTokenWasRedeemed("abcDEF23456");
   }
 
   @Test
   public void testSuccess_reservedDomain_viaAllocationTokenExtension() throws Exception {
-    AllocationToken token =
     persistResource(
         new AllocationToken.Builder().setToken("abc123").setDomainName("resdom.tld").build());
     // Despite the domain being FULLY_BLOCKED, the non-superuser create succeeds the domain is also
@@ -1032,7 +1049,12 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
         loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "resdom.tld")));
     assertSuccessfulCreate("tld", ImmutableSet.of(Flag.RESERVED));
     assertNoLordn();
-    AllocationToken reloadedToken = ofy().load().entity(token).now();
+    assertAllocationTokenWasRedeemed("abc123");
+  }
+
+  private void assertAllocationTokenWasRedeemed(String token) throws Exception {
+    AllocationToken reloadedToken =
+        ofy().load().key(Key.create(AllocationToken.class, token)).now();
     assertThat(reloadedToken.isRedeemed()).isTrue();
     assertThat(reloadedToken.getRedemptionHistoryEntry())
         .isEqualTo(Key.create(getHistoryEntries(reloadResourceByForeignKey()).get(0)));
@@ -1587,18 +1609,6 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
         "tld", "domain_create_response.xml", SUPERUSER, ImmutableMap.of("DOMAIN", "example.tld"));
   }
 
-  @Test
-  public void testSuccess_qlpRegistrationSunriseRegistration() throws Exception {
-    createTld("tld", START_DATE_SUNRISE);
-    setEppInput("domain_create_registration_qlp_start_date_sunrise.xml");
-    eppRequestSource = EppRequestSource.TOOL; // Only tools can pass in metadata.
-    persistContactsAndHosts();
-    runFlowAssertResponse(
-        loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "example.tld")));
-    assertSuccessfulCreate("tld", ImmutableSet.of(ANCHOR_TENANT));
-    assertNoLordn();
-  }
-
   @Test
   public void testSuccess_startDateSunriseRegistration_withEncodedSignedMark() throws Exception {
     createTld("tld", START_DATE_SUNRISE);

javatests/google/registry/flows/domain/testdata/domain_create_anchor_authcode.xml

@@ -1,22 +0,0 @@
-<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
-  <command>
-    <create>
-      <domain:create
-       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
-        <domain:name>anchor.tld</domain:name>
-        <domain:period unit="y">2</domain:period>
-        <domain:ns>
-          <domain:hostObj>ns1.example.net</domain:hostObj>
-          <domain:hostObj>ns2.example.net</domain:hostObj>
-        </domain:ns>
-        <domain:registrant>jd1234</domain:registrant>
-        <domain:contact type="admin">sh8013</domain:contact>
-        <domain:contact type="tech">sh8013</domain:contact>
-        <domain:authInfo>
-          <domain:pw>abcDEF23456</domain:pw>
-        </domain:authInfo>
-      </domain:create>
-    </create>
-    <clTRID>ABC-12345</clTRID>
-  </command>
-</epp>

javatests/google/registry/flows/domain/testdata/domain_create_anchor_tenant_claims.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <command>
+    <create>
+      <domain:create
+       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>example-one.tld</domain:name>
+        <domain:period unit="y">2</domain:period>
+        <domain:ns>
+          <domain:hostObj>ns1.example.net</domain:hostObj>
+          <domain:hostObj>ns2.example.net</domain:hostObj>
+        </domain:ns>
+        <domain:registrant>jd1234</domain:registrant>
+        <domain:contact type="admin">sh8013</domain:contact>
+        <domain:contact type="tech">sh8013</domain:contact>
+        <domain:authInfo>
+          <domain:pw>2fooBAR</domain:pw>
+        </domain:authInfo>
+      </domain:create>
+    </create>
+    <extension>
+      <allocationToken:allocationToken
+          xmlns:allocationToken=
+              "urn:ietf:params:xml:ns:allocationToken-1.0">
+        abcDEF23456
+      </allocationToken:allocationToken>
+      <launch:create xmlns:launch="urn:ietf:params:xml:ns:launch-1.0" type="registration">
+        <launch:phase>claims</launch:phase>
+        <launch:notice>
+          <launch:noticeID>370d0b7c9223372036854775807</launch:noticeID>
+          <launch:notAfter>2010-08-16T09:00:00.0Z</launch:notAfter>
+          <launch:acceptedDate>2009-08-16T09:00:00.0Z</launch:acceptedDate>
+        </launch:notice>
+      </launch:create>
+    </extension>
+    <clTRID>ABC-12345</clTRID>
+  </command>
+</epp>

javatests/google/registry/flows/domain/testdata/domain_create_anchor_wrong_authcode.xml

@@ -1,22 +0,0 @@
-<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
-  <command>
-    <create>
-      <domain:create
-       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
-        <domain:name>anchor.tld</domain:name>
-        <domain:period unit="y">2</domain:period>
-        <domain:ns>
-          <domain:hostObj>ns1.example.net</domain:hostObj>
-          <domain:hostObj>ns2.example.net</domain:hostObj>
-        </domain:ns>
-        <domain:registrant>jd1234</domain:registrant>
-        <domain:contact type="admin">sh8013</domain:contact>
-        <domain:contact type="tech">sh8013</domain:contact>
-        <domain:authInfo>
-          <domain:pw>wrong</domain:pw>
-        </domain:authInfo>
-      </domain:create>
-    </create>
-    <clTRID>ABC-12345</clTRID>
-  </command>
-</epp>