diff --git a/java/google/registry/export/PublishDetailReportAction.java b/java/google/registry/export/PublishDetailReportAction.java index 769feb90c..62a3fe41f 100644 --- a/java/google/registry/export/PublishDetailReportAction.java +++ b/java/google/registry/export/PublishDetailReportAction.java @@ -41,15 +41,15 @@ import javax.inject.Inject; /** Publish a single registrar detail report from GCS to Drive. */ @Action( - path = PublishDetailReportAction.PATH, - method = Action.Method.POST, - auth = @Auth( + path = PublishDetailReportAction.PATH, + method = Action.Method.POST, + auth = + @Auth( methods = {AuthMethod.INTERNAL, Auth.AuthMethod.API}, minimumLevel = AuthLevel.APP, userPolicy = UserPolicy.ADMIN - ), - xsrfProtection = true, - xsrfScope = "admin") + ) +) public final class PublishDetailReportAction implements Runnable, JsonAction { private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass(); diff --git a/java/google/registry/flows/EppConsoleAction.java b/java/google/registry/flows/EppConsoleAction.java index 7e3b82dd3..19e4b8302 100644 --- a/java/google/registry/flows/EppConsoleAction.java +++ b/java/google/registry/flows/EppConsoleAction.java @@ -26,8 +26,6 @@ import javax.servlet.http.HttpSession; /** Runs EPP from the console and requires GAE user authentication. */ @Action( path = "/registrar-xhr", - xsrfProtection = true, - xsrfScope = EppConsoleAction.XSRF_SCOPE, method = Method.POST, auth = @Auth( @@ -38,8 +36,6 @@ import javax.servlet.http.HttpSession; ) public class EppConsoleAction implements Runnable { - public static final String XSRF_SCOPE = "console"; - @Inject @Payload byte[] inputXmlBytes; @Inject HttpSession session; @Inject EppRequestHandler eppRequestHandler; diff --git a/java/google/registry/flows/EppToolAction.java b/java/google/registry/flows/EppToolAction.java index 365520613..5155275b1 100644 --- a/java/google/registry/flows/EppToolAction.java +++ b/java/google/registry/flows/EppToolAction.java @@ -32,8 +32,6 @@ import javax.servlet.http.HttpServletRequest; /** Runs EPP commands directly without logging in, verifying an XSRF token from the tool. */ @Action( path = "/_dr/epptool", - xsrfProtection = true, - xsrfScope = "admin", method = Method.POST, auth = @Auth( diff --git a/java/google/registry/module/backend/BackendRequestHandler.java b/java/google/registry/module/backend/BackendRequestHandler.java index c2881c1ad..dfbaeeab6 100644 --- a/java/google/registry/module/backend/BackendRequestHandler.java +++ b/java/google/registry/module/backend/BackendRequestHandler.java @@ -17,7 +17,6 @@ package google.registry.module.backend; import com.google.appengine.api.users.UserService; import google.registry.request.RequestHandler; import google.registry.request.auth.RequestAuthenticator; -import google.registry.security.XsrfTokenManager; import javax.inject.Inject; import javax.inject.Provider; @@ -27,8 +26,7 @@ public class BackendRequestHandler extends RequestHandler componentBuilderProvider, UserService userService, - RequestAuthenticator requestAuthenticator, - XsrfTokenManager xsrfTokenManager) { - super(componentBuilderProvider, userService, requestAuthenticator, xsrfTokenManager); + RequestAuthenticator requestAuthenticator) { + super(componentBuilderProvider, userService, requestAuthenticator); } } diff --git a/java/google/registry/module/frontend/FrontendRequestHandler.java b/java/google/registry/module/frontend/FrontendRequestHandler.java index 3063d2f98..48aa5db8b 100644 --- a/java/google/registry/module/frontend/FrontendRequestHandler.java +++ b/java/google/registry/module/frontend/FrontendRequestHandler.java @@ -17,7 +17,6 @@ package google.registry.module.frontend; import com.google.appengine.api.users.UserService; import google.registry.request.RequestHandler; import google.registry.request.auth.RequestAuthenticator; -import google.registry.security.XsrfTokenManager; import javax.inject.Inject; import javax.inject.Provider; @@ -27,8 +26,7 @@ public class FrontendRequestHandler extends RequestHandler componentBuilderProvider, UserService userService, - RequestAuthenticator requestAuthenticator, - XsrfTokenManager xsrfTokenManager) { - super(componentBuilderProvider, userService, requestAuthenticator, xsrfTokenManager); + RequestAuthenticator requestAuthenticator) { + super(componentBuilderProvider, userService, requestAuthenticator); } } diff --git a/java/google/registry/module/tools/ToolsRequestHandler.java b/java/google/registry/module/tools/ToolsRequestHandler.java index eee4e8538..4ae76ee69 100644 --- a/java/google/registry/module/tools/ToolsRequestHandler.java +++ b/java/google/registry/module/tools/ToolsRequestHandler.java @@ -17,7 +17,6 @@ package google.registry.module.tools; import com.google.appengine.api.users.UserService; import google.registry.request.RequestHandler; import google.registry.request.auth.RequestAuthenticator; -import google.registry.security.XsrfTokenManager; import javax.inject.Inject; import javax.inject.Provider; @@ -27,8 +26,7 @@ public class ToolsRequestHandler extends RequestHandler { @Inject ToolsRequestHandler( Provider componentBuilderProvider, UserService userService, - RequestAuthenticator requestAuthenticator, - XsrfTokenManager xsrfTokenManager) { - super(componentBuilderProvider, userService, requestAuthenticator, xsrfTokenManager); + RequestAuthenticator requestAuthenticator) { + super(componentBuilderProvider, userService, requestAuthenticator); } } diff --git a/java/google/registry/request/Action.java b/java/google/registry/request/Action.java index fe70b64ed..04be51bd2 100644 --- a/java/google/registry/request/Action.java +++ b/java/google/registry/request/Action.java @@ -46,13 +46,6 @@ public @interface Action { */ boolean automaticallyPrintOk() default false; - // TODO(b/26304887): Flip default to true. - /** Enables XSRF protection on all HTTP methods except GET and HEAD. */ - boolean xsrfProtection() default false; - - /** Arbitrary value included in the XSRF token hash. */ - String xsrfScope() default "app"; - /** * Require user be logged-in or 302 redirect to the Google auth login page. * diff --git a/java/google/registry/request/RequestHandler.java b/java/google/registry/request/RequestHandler.java index eba0bd11e..ec1c0dffb 100644 --- a/java/google/registry/request/RequestHandler.java +++ b/java/google/registry/request/RequestHandler.java @@ -15,10 +15,8 @@ package google.registry.request; import static com.google.common.base.Preconditions.checkNotNull; -import static com.google.common.base.Strings.nullToEmpty; import static com.google.common.net.HttpHeaders.LOCATION; import static com.google.common.net.MediaType.PLAIN_TEXT_UTF_8; -import static google.registry.security.XsrfTokenManager.X_CSRF_TOKEN; import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN; import static javax.servlet.http.HttpServletResponse.SC_METHOD_NOT_ALLOWED; import static javax.servlet.http.HttpServletResponse.SC_MOVED_TEMPORARILY; @@ -28,7 +26,6 @@ import com.google.appengine.api.users.UserService; import com.google.common.base.Optional; import google.registry.request.auth.AuthResult; import google.registry.request.auth.RequestAuthenticator; -import google.registry.security.XsrfTokenManager; import google.registry.util.FormattingLogger; import google.registry.util.TypeUtils.TypeInstantiator; import java.io.IOException; @@ -61,9 +58,6 @@ import javax.servlet.http.HttpServletResponse; * *

Security Features

* - *

XSRF protection is built into this class. It can be enabled or disabled on individual actions - * using {@link Action#xsrfProtection() xsrfProtection} setting. - * *

This class also enforces the {@link Action#requireLogin() requireLogin} setting. * * @param request component type @@ -76,7 +70,6 @@ public class RequestHandler { private final Provider> requestComponentBuilderProvider; private final UserService userService; private final RequestAuthenticator requestAuthenticator; - private final XsrfTokenManager xsrfTokenManager; /** * Constructor for subclasses to create a new request handler for a specific request component. @@ -90,15 +83,12 @@ public class RequestHandler { * request-derived modules provided by this class) * @param userService an instance of the App Engine UserService API * @param requestAuthenticator an instance of the {@link RequestAuthenticator} class - * @param xsrfTokenManager an instance of the {@link XsrfTokenManager} class */ protected RequestHandler( Provider> requestComponentBuilderProvider, UserService userService, - RequestAuthenticator requestAuthenticator, - XsrfTokenManager xsrfTokenManager) { - this(null, requestComponentBuilderProvider, userService, requestAuthenticator, - xsrfTokenManager); + RequestAuthenticator requestAuthenticator) { + this(null, requestComponentBuilderProvider, userService, requestAuthenticator); } /** Creates a new RequestHandler with an explicit component class for test purposes. */ @@ -106,22 +96,19 @@ public class RequestHandler { Class component, Provider> requestComponentBuilderProvider, UserService userService, - RequestAuthenticator requestAuthenticator, - XsrfTokenManager xsrfTokenManager) { + RequestAuthenticator requestAuthenticator) { return new RequestHandler<>( checkNotNull(component), requestComponentBuilderProvider, userService, - requestAuthenticator, - xsrfTokenManager); + requestAuthenticator); } private RequestHandler( @Nullable Class component, Provider> requestComponentBuilderProvider, UserService userService, - RequestAuthenticator requestAuthenticator, - XsrfTokenManager xsrfTokenManager) { + RequestAuthenticator requestAuthenticator) { // If the component class isn't explicitly provided, infer it from the class's own typing. // This is safe only for use by subclasses of RequestHandler where the generic parameter is // preserved at runtime, so only expose that option via the protected constructor. @@ -130,7 +117,6 @@ public class RequestHandler { this.requestComponentBuilderProvider = checkNotNull(requestComponentBuilderProvider); this.userService = checkNotNull(userService); this.requestAuthenticator = checkNotNull(requestAuthenticator); - this.xsrfTokenManager = checkNotNull(xsrfTokenManager); } /** Runs the appropriate action for a servlet request. */ @@ -163,11 +149,6 @@ public class RequestHandler { rsp.setHeader(LOCATION, userService.createLoginURL(req.getRequestURI())); return; } - if (route.get().shouldXsrfProtect(method) - && !xsrfTokenManager.validateToken(nullToEmpty(req.getHeader(X_CSRF_TOKEN)))) { - rsp.sendError(SC_FORBIDDEN, "Invalid " + X_CSRF_TOKEN); - return; - } Optional authResult = requestAuthenticator.authorize(route.get().action().auth(), req); if (!authResult.isPresent()) { diff --git a/java/google/registry/request/Route.java b/java/google/registry/request/Route.java index 763eb0a3b..124c6641c 100644 --- a/java/google/registry/request/Route.java +++ b/java/google/registry/request/Route.java @@ -42,9 +42,4 @@ abstract class Route { } return false; } - - boolean shouldXsrfProtect(Action.Method requestMethod) { - return action().xsrfProtection() - && (requestMethod != Action.Method.GET) && (requestMethod != Action.Method.HEAD); - } } diff --git a/java/google/registry/request/RouterDisplayHelper.java b/java/google/registry/request/RouterDisplayHelper.java index 6161aff99..77f027e4e 100644 --- a/java/google/registry/request/RouterDisplayHelper.java +++ b/java/google/registry/request/RouterDisplayHelper.java @@ -38,8 +38,6 @@ import java.util.Map; *

  • the simple name of the action class *
  • the allowable HTTP methods *
  • whether to automatically print "ok" in the response - *
  • whether XSRF protection is enabled - *
  • the XSRF scope *
  • whether login is required *
  • the allowable authentication methods *
  • the minimum authentication level @@ -53,12 +51,11 @@ public class RouterDisplayHelper { private static final String PATH = "path"; private static final String CLASS = "class"; private static final String METHODS = "methods"; - private static final String XSRF_SCOPE = "xsrfScope"; private static final String AUTH_METHODS = "authMethods"; private static final String MINIMUM_LEVEL = "minLevel"; private static final String FORMAT = - "%%-%ds %%-%ds %%-%ds %%-2s %%-4s %%-%ds %%-5s %%-%ds %%-%ds %%s"; + "%%-%ds %%-%ds %%-%ds %%-2s %%-5s %%-%ds %%-%ds %%s"; /** Returns a string representation of the routing map in the specified component. */ public static String extractHumanReadableRoutesFromComponent(Class componentClass) { @@ -71,7 +68,6 @@ public class RouterDisplayHelper { columnWidths.get(PATH), columnWidths.get(CLASS), columnWidths.get(METHODS), - columnWidths.get(XSRF_SCOPE), columnWidths.get(AUTH_METHODS), columnWidths.get(MINIMUM_LEVEL)); } @@ -83,8 +79,6 @@ public class RouterDisplayHelper { "CLASS", "METHODS", "OK", - "XSRF", - "SCOPE", "LOGIN", "AUTH_METHODS", "MIN", @@ -98,8 +92,6 @@ public class RouterDisplayHelper { route.actionClass().getSimpleName(), Joiner.on(",").join(route.action().method()), route.action().automaticallyPrintOk() ? "y" : "n", - route.action().xsrfProtection() ? "y" : "n", - route.action().xsrfScope(), route.action().requireLogin() ? "y" : "n", Joiner.on(",").join(route.action().auth().methods()), route.action().auth().minimumLevel(), @@ -112,7 +104,6 @@ public class RouterDisplayHelper { int pathWidth = 4; int classWidth = 5; int methodsWidth = 7; - int xsrfScopeWidth = 5; int authMethodsWidth = 12; int minLevelWidth = 3; for (Route route : routes) { @@ -131,10 +122,6 @@ public class RouterDisplayHelper { if (len > methodsWidth) { methodsWidth = len; } - len = route.action().xsrfScope().length(); - if (len > xsrfScopeWidth) { - xsrfScopeWidth = len; - } len = Joiner.on(",").join(route.action().auth().methods()).length(); if (len > authMethodsWidth) { authMethodsWidth = len; @@ -150,7 +137,6 @@ public class RouterDisplayHelper { .put(PATH, pathWidth) .put(CLASS, classWidth) .put(METHODS, methodsWidth) - .put(XSRF_SCOPE, xsrfScopeWidth) .put(AUTH_METHODS, authMethodsWidth) .put(MINIMUM_LEVEL, minLevelWidth) .build()); diff --git a/java/google/registry/tools/server/VerifyOteAction.java b/java/google/registry/tools/server/VerifyOteAction.java index 204121506..4ab0834f1 100644 --- a/java/google/registry/tools/server/VerifyOteAction.java +++ b/java/google/registry/tools/server/VerifyOteAction.java @@ -83,8 +83,6 @@ import javax.inject.Inject; @Action( path = VerifyOteAction.PATH, method = Action.Method.POST, - xsrfProtection = true, - xsrfScope = "admin", auth = @Auth( methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API}, diff --git a/java/google/registry/ui/server/registrar/ConsoleUiAction.java b/java/google/registry/ui/server/registrar/ConsoleUiAction.java index 0711d9878..8c6ecb9b6 100644 --- a/java/google/registry/ui/server/registrar/ConsoleUiAction.java +++ b/java/google/registry/ui/server/registrar/ConsoleUiAction.java @@ -42,7 +42,6 @@ import javax.servlet.http.HttpServletRequest; @Action( path = ConsoleUiAction.PATH, requireLogin = true, - xsrfProtection = false, auth = @Auth( methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY}, diff --git a/java/google/registry/ui/server/registrar/RegistrarPaymentAction.java b/java/google/registry/ui/server/registrar/RegistrarPaymentAction.java index d7d750198..0ab56f970 100644 --- a/java/google/registry/ui/server/registrar/RegistrarPaymentAction.java +++ b/java/google/registry/ui/server/registrar/RegistrarPaymentAction.java @@ -95,8 +95,6 @@ import org.joda.money.Money; @Action( path = "/registrar-payment", method = Action.Method.POST, - xsrfProtection = true, - xsrfScope = "console", requireLogin = true, auth = @Auth( diff --git a/java/google/registry/ui/server/registrar/RegistrarPaymentSetupAction.java b/java/google/registry/ui/server/registrar/RegistrarPaymentSetupAction.java index 29fd12a43..5932aaff6 100644 --- a/java/google/registry/ui/server/registrar/RegistrarPaymentSetupAction.java +++ b/java/google/registry/ui/server/registrar/RegistrarPaymentSetupAction.java @@ -70,8 +70,6 @@ import org.joda.money.CurrencyUnit; @Action( path = "/registrar-payment-setup", method = Action.Method.POST, - xsrfProtection = true, - xsrfScope = "console", requireLogin = true, auth = @Auth( diff --git a/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java b/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java index 2cbb5b6ab..5c7fde99e 100644 --- a/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java +++ b/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java @@ -64,8 +64,6 @@ import javax.servlet.http.HttpServletRequest; @Action( path = RegistrarSettingsAction.PATH, requireLogin = true, - xsrfProtection = true, - xsrfScope = "console", method = Action.Method.POST, auth = @Auth( diff --git a/javatests/google/registry/module/backend/testdata/backend_routing.txt b/javatests/google/registry/module/backend/testdata/backend_routing.txt index 96cbc3b47..7f9a0eb98 100644 --- a/javatests/google/registry/module/backend/testdata/backend_routing.txt +++ b/javatests/google/registry/module/backend/testdata/backend_routing.txt @@ -1,38 +1,38 @@ -PATH CLASS METHODS OK XSRF SCOPE LOGIN AUTH_METHODS MIN USER_POLICY -/_dr/cron/commitLogCheckpoint CommitLogCheckpointAction GET y n app n INTERNAL APP IGNORED -/_dr/cron/commitLogFanout CommitLogFanoutAction GET y n app n INTERNAL APP IGNORED -/_dr/cron/fanout TldFanoutAction GET y n app n INTERNAL APP IGNORED -/_dr/cron/readDnsQueue ReadDnsQueueAction GET y n app n INTERNAL APP IGNORED -/_dr/dnsRefresh RefreshDnsAction GET y n app n INTERNAL APP IGNORED -/_dr/task/brdaCopy BrdaCopyAction POST y n app n INTERNAL APP IGNORED -/_dr/task/checkSnapshot CheckSnapshotAction POST,GET y n app n INTERNAL APP IGNORED -/_dr/task/deleteContactsAndHosts DeleteContactsAndHostsAction GET n n app n INTERNAL APP IGNORED -/_dr/task/deleteOldCommitLogs DeleteOldCommitLogsAction POST y n app n INTERNAL APP IGNORED -/_dr/task/deleteProberData DeleteProberDataAction POST n n app n INTERNAL APP IGNORED -/_dr/task/expandRecurringBillingEvents ExpandRecurringBillingEventsAction GET n n app n INTERNAL APP IGNORED -/_dr/task/exportCommitLogDiff ExportCommitLogDiffAction POST y n app n INTERNAL APP IGNORED -/_dr/task/exportDomainLists ExportDomainListsAction POST n n app n INTERNAL APP IGNORED -/_dr/task/exportReservedTerms ExportReservedTermsAction POST n n app n INTERNAL APP IGNORED -/_dr/task/exportSnapshot ExportSnapshotAction POST y n app n INTERNAL APP IGNORED -/_dr/task/importRdeContacts RdeContactImportAction GET n n app n INTERNAL APP IGNORED -/_dr/task/importRdeDomains RdeDomainImportAction GET n n app n INTERNAL APP IGNORED -/_dr/task/importRdeHosts RdeHostImportAction GET n n app n INTERNAL APP IGNORED -/_dr/task/linkRdeHosts RdeHostLinkAction GET n n app n INTERNAL APP IGNORED -/_dr/task/loadSnapshot LoadSnapshotAction POST n n app n INTERNAL APP IGNORED -/_dr/task/mapreduceEntityCleanup MapreduceEntityCleanupAction GET n n app n INTERNAL APP IGNORED -/_dr/task/metrics MetricsExportAction POST n n app n INTERNAL APP IGNORED -/_dr/task/nordnUpload NordnUploadAction POST y n app n INTERNAL APP IGNORED -/_dr/task/nordnVerify NordnVerifyAction POST y n app n INTERNAL APP IGNORED -/_dr/task/pollBigqueryJob BigqueryPollJobAction GET,POST y n app n INTERNAL APP IGNORED -/_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y n app n INTERNAL APP IGNORED -/_dr/task/rdeReport RdeReportAction POST n n app n INTERNAL APP IGNORED -/_dr/task/rdeStaging RdeStagingAction GET,POST n n app n INTERNAL APP IGNORED -/_dr/task/rdeUpload RdeUploadAction POST n n app n INTERNAL APP IGNORED -/_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction GET n n app n INTERNAL APP IGNORED -/_dr/task/syncGroupMembers SyncGroupMembersAction POST n n app n INTERNAL APP IGNORED -/_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n n app n INTERNAL APP IGNORED -/_dr/task/tmchCrl TmchCrlAction POST y n app n INTERNAL APP IGNORED -/_dr/task/tmchDnl TmchDnlAction POST y n app n INTERNAL APP IGNORED -/_dr/task/tmchSmdrl TmchSmdrlAction POST y n app n INTERNAL APP IGNORED -/_dr/task/updateSnapshotView UpdateSnapshotViewAction POST n n app n INTERNAL APP IGNORED -/_dr/task/verifyEntityIntegrity VerifyEntityIntegrityAction POST n n app n INTERNAL APP IGNORED +PATH CLASS METHODS OK LOGIN AUTH_METHODS MIN USER_POLICY +/_dr/cron/commitLogCheckpoint CommitLogCheckpointAction GET y n INTERNAL APP IGNORED +/_dr/cron/commitLogFanout CommitLogFanoutAction GET y n INTERNAL APP IGNORED +/_dr/cron/fanout TldFanoutAction GET y n INTERNAL APP IGNORED +/_dr/cron/readDnsQueue ReadDnsQueueAction GET y n INTERNAL APP IGNORED +/_dr/dnsRefresh RefreshDnsAction GET y n INTERNAL APP IGNORED +/_dr/task/brdaCopy BrdaCopyAction POST y n INTERNAL APP IGNORED +/_dr/task/checkSnapshot CheckSnapshotAction POST,GET y n INTERNAL APP IGNORED +/_dr/task/deleteContactsAndHosts DeleteContactsAndHostsAction GET n n INTERNAL APP IGNORED +/_dr/task/deleteOldCommitLogs DeleteOldCommitLogsAction POST y n INTERNAL APP IGNORED +/_dr/task/deleteProberData DeleteProberDataAction POST n n INTERNAL APP IGNORED +/_dr/task/expandRecurringBillingEvents ExpandRecurringBillingEventsAction GET n n INTERNAL APP IGNORED +/_dr/task/exportCommitLogDiff ExportCommitLogDiffAction POST y n INTERNAL APP IGNORED +/_dr/task/exportDomainLists ExportDomainListsAction POST n n INTERNAL APP IGNORED +/_dr/task/exportReservedTerms ExportReservedTermsAction POST n n INTERNAL APP IGNORED +/_dr/task/exportSnapshot ExportSnapshotAction POST y n INTERNAL APP IGNORED +/_dr/task/importRdeContacts RdeContactImportAction GET n n INTERNAL APP IGNORED +/_dr/task/importRdeDomains RdeDomainImportAction GET n n INTERNAL APP IGNORED +/_dr/task/importRdeHosts RdeHostImportAction GET n n INTERNAL APP IGNORED +/_dr/task/linkRdeHosts RdeHostLinkAction GET n n INTERNAL APP IGNORED +/_dr/task/loadSnapshot LoadSnapshotAction POST n n INTERNAL APP IGNORED +/_dr/task/mapreduceEntityCleanup MapreduceEntityCleanupAction GET n n INTERNAL APP IGNORED +/_dr/task/metrics MetricsExportAction POST n n INTERNAL APP IGNORED +/_dr/task/nordnUpload NordnUploadAction POST y n INTERNAL APP IGNORED +/_dr/task/nordnVerify NordnVerifyAction POST y n INTERNAL APP IGNORED +/_dr/task/pollBigqueryJob BigqueryPollJobAction GET,POST y n INTERNAL APP IGNORED +/_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y n INTERNAL APP IGNORED +/_dr/task/rdeReport RdeReportAction POST n n INTERNAL APP IGNORED +/_dr/task/rdeStaging RdeStagingAction GET,POST n n INTERNAL APP IGNORED +/_dr/task/rdeUpload RdeUploadAction POST n n INTERNAL APP IGNORED +/_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction GET n n INTERNAL APP IGNORED +/_dr/task/syncGroupMembers SyncGroupMembersAction POST n n INTERNAL APP IGNORED +/_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n n INTERNAL APP IGNORED +/_dr/task/tmchCrl TmchCrlAction POST y n INTERNAL APP IGNORED +/_dr/task/tmchDnl TmchDnlAction POST y n INTERNAL APP IGNORED +/_dr/task/tmchSmdrl TmchSmdrlAction POST y n INTERNAL APP IGNORED +/_dr/task/updateSnapshotView UpdateSnapshotViewAction POST n n INTERNAL APP IGNORED +/_dr/task/verifyEntityIntegrity VerifyEntityIntegrityAction POST n n INTERNAL APP IGNORED diff --git a/javatests/google/registry/module/frontend/testdata/frontend_routing.txt b/javatests/google/registry/module/frontend/testdata/frontend_routing.txt index d598408f5..f5de19fd2 100644 --- a/javatests/google/registry/module/frontend/testdata/frontend_routing.txt +++ b/javatests/google/registry/module/frontend/testdata/frontend_routing.txt @@ -1,19 +1,19 @@ -PATH CLASS METHODS OK XSRF SCOPE LOGIN AUTH_METHODS MIN USER_POLICY -/_dr/epp EppTlsAction POST n n app n INTERNAL,API APP ADMIN -/_dr/whois WhoisServer POST n n app n INTERNAL,API APP ADMIN -/check CheckApiAction GET n n app n INTERNAL NONE PUBLIC -/rdap/autnum/(*) RdapAutnumAction GET,HEAD n n app n INTERNAL NONE PUBLIC -/rdap/domain/(*) RdapDomainAction GET,HEAD n n app n INTERNAL NONE PUBLIC -/rdap/domains RdapDomainSearchAction GET,HEAD n n app n INTERNAL NONE PUBLIC -/rdap/entities RdapEntitySearchAction GET,HEAD n n app n INTERNAL NONE PUBLIC -/rdap/entity/(*) RdapEntityAction GET,HEAD n n app n INTERNAL NONE PUBLIC -/rdap/help(*) RdapHelpAction GET,HEAD n n app n INTERNAL NONE PUBLIC -/rdap/ip/(*) RdapIpAction GET,HEAD n n app n INTERNAL NONE PUBLIC -/rdap/nameserver/(*) RdapNameserverAction GET,HEAD n n app n INTERNAL NONE PUBLIC -/rdap/nameservers RdapNameserverSearchAction GET,HEAD n n app n INTERNAL NONE PUBLIC -/registrar ConsoleUiAction GET n n app y INTERNAL,API,LEGACY NONE PUBLIC -/registrar-payment RegistrarPaymentAction POST n y console y INTERNAL,API,LEGACY USER PUBLIC -/registrar-payment-setup RegistrarPaymentSetupAction POST n y console y INTERNAL,API,LEGACY USER PUBLIC -/registrar-settings RegistrarSettingsAction POST n y console y INTERNAL,API,LEGACY USER PUBLIC -/registrar-xhr EppConsoleAction POST n y console n INTERNAL,API,LEGACY USER PUBLIC -/whois/(*) WhoisHttpServer GET n n app n INTERNAL NONE PUBLIC +PATH CLASS METHODS OK LOGIN AUTH_METHODS MIN USER_POLICY +/_dr/epp EppTlsAction POST n n INTERNAL,API APP ADMIN +/_dr/whois WhoisServer POST n n INTERNAL,API APP ADMIN +/check CheckApiAction GET n n INTERNAL NONE PUBLIC +/rdap/autnum/(*) RdapAutnumAction GET,HEAD n n INTERNAL NONE PUBLIC +/rdap/domain/(*) RdapDomainAction GET,HEAD n n INTERNAL NONE PUBLIC +/rdap/domains RdapDomainSearchAction GET,HEAD n n INTERNAL NONE PUBLIC +/rdap/entities RdapEntitySearchAction GET,HEAD n n INTERNAL NONE PUBLIC +/rdap/entity/(*) RdapEntityAction GET,HEAD n n INTERNAL NONE PUBLIC +/rdap/help(*) RdapHelpAction GET,HEAD n n INTERNAL NONE PUBLIC +/rdap/ip/(*) RdapIpAction GET,HEAD n n INTERNAL NONE PUBLIC +/rdap/nameserver/(*) RdapNameserverAction GET,HEAD n n INTERNAL NONE PUBLIC +/rdap/nameservers RdapNameserverSearchAction GET,HEAD n n INTERNAL NONE PUBLIC +/registrar ConsoleUiAction GET n y INTERNAL,API,LEGACY NONE PUBLIC +/registrar-payment RegistrarPaymentAction POST n y INTERNAL,API,LEGACY USER PUBLIC +/registrar-payment-setup RegistrarPaymentSetupAction POST n y INTERNAL,API,LEGACY USER PUBLIC +/registrar-settings RegistrarSettingsAction POST n y INTERNAL,API,LEGACY USER PUBLIC +/registrar-xhr EppConsoleAction POST n n INTERNAL,API,LEGACY USER PUBLIC +/whois/(*) WhoisHttpServer GET n n INTERNAL NONE PUBLIC diff --git a/javatests/google/registry/module/tools/testdata/tools_routing.txt b/javatests/google/registry/module/tools/testdata/tools_routing.txt index ea107e752..5d445baf5 100644 --- a/javatests/google/registry/module/tools/testdata/tools_routing.txt +++ b/javatests/google/registry/module/tools/testdata/tools_routing.txt @@ -1,21 +1,21 @@ -PATH CLASS METHODS OK XSRF SCOPE LOGIN AUTH_METHODS MIN USER_POLICY -/_dr/admin/createGroups CreateGroupsAction POST n n app n INTERNAL,API APP ADMIN -/_dr/admin/createPremiumList CreatePremiumListAction POST n n app n INTERNAL,API APP ADMIN -/_dr/admin/deleteEntity DeleteEntityAction GET n n app n INTERNAL,API APP ADMIN -/_dr/admin/list/domains ListDomainsAction GET,POST n n app n INTERNAL,API APP ADMIN -/_dr/admin/list/hosts ListHostsAction GET,POST n n app n INTERNAL,API APP ADMIN -/_dr/admin/list/premiumLists ListPremiumListsAction GET,POST n n app n INTERNAL,API APP ADMIN -/_dr/admin/list/registrars ListRegistrarsAction GET,POST n n app n INTERNAL,API APP ADMIN -/_dr/admin/list/reservedLists ListReservedListsAction GET,POST n n app n INTERNAL,API APP ADMIN -/_dr/admin/list/tlds ListTldsAction GET,POST n n app n INTERNAL,API APP ADMIN -/_dr/admin/updatePremiumList UpdatePremiumListAction POST n n app n INTERNAL,API APP ADMIN -/_dr/admin/verifyOte VerifyOteAction POST n y admin n INTERNAL,API APP ADMIN -/_dr/epptool EppToolAction POST n y admin n INTERNAL,API APP ADMIN -/_dr/loadtest LoadTestAction POST y n app n INTERNAL,API APP ADMIN -/_dr/publishDetailReport PublishDetailReportAction POST n y admin n INTERNAL,API APP ADMIN -/_dr/task/generateZoneFiles GenerateZoneFilesAction POST n n app n INTERNAL,API APP ADMIN -/_dr/task/killAllCommitLogs KillAllCommitLogsAction POST n n app n INTERNAL APP IGNORED -/_dr/task/killAllEppResources KillAllEppResourcesAction POST n n app n INTERNAL APP IGNORED -/_dr/task/refreshAllDomains RefreshAllDomainsAction GET n n app n INTERNAL,API APP ADMIN -/_dr/task/resaveAllEppResources ResaveAllEppResourcesAction GET n n app n INTERNAL,API APP ADMIN -/_dr/task/restoreCommitLogs RestoreCommitLogsAction POST y n app n INTERNAL,API APP ADMIN +PATH CLASS METHODS OK LOGIN AUTH_METHODS MIN USER_POLICY +/_dr/admin/createGroups CreateGroupsAction POST n n INTERNAL,API APP ADMIN +/_dr/admin/createPremiumList CreatePremiumListAction POST n n INTERNAL,API APP ADMIN +/_dr/admin/deleteEntity DeleteEntityAction GET n n INTERNAL,API APP ADMIN +/_dr/admin/list/domains ListDomainsAction GET,POST n n INTERNAL,API APP ADMIN +/_dr/admin/list/hosts ListHostsAction GET,POST n n INTERNAL,API APP ADMIN +/_dr/admin/list/premiumLists ListPremiumListsAction GET,POST n n INTERNAL,API APP ADMIN +/_dr/admin/list/registrars ListRegistrarsAction GET,POST n n INTERNAL,API APP ADMIN +/_dr/admin/list/reservedLists ListReservedListsAction GET,POST n n INTERNAL,API APP ADMIN +/_dr/admin/list/tlds ListTldsAction GET,POST n n INTERNAL,API APP ADMIN +/_dr/admin/updatePremiumList UpdatePremiumListAction POST n n INTERNAL,API APP ADMIN +/_dr/admin/verifyOte VerifyOteAction POST n n INTERNAL,API APP ADMIN +/_dr/epptool EppToolAction POST n n INTERNAL,API APP ADMIN +/_dr/loadtest LoadTestAction POST y n INTERNAL,API APP ADMIN +/_dr/publishDetailReport PublishDetailReportAction POST n n INTERNAL,API APP ADMIN +/_dr/task/generateZoneFiles GenerateZoneFilesAction POST n n INTERNAL,API APP ADMIN +/_dr/task/killAllCommitLogs KillAllCommitLogsAction POST n n INTERNAL APP IGNORED +/_dr/task/killAllEppResources KillAllEppResourcesAction POST n n INTERNAL APP IGNORED +/_dr/task/refreshAllDomains RefreshAllDomainsAction GET n n INTERNAL,API APP ADMIN +/_dr/task/resaveAllEppResources ResaveAllEppResourcesAction GET n n INTERNAL,API APP ADMIN +/_dr/task/restoreCommitLogs RestoreCommitLogsAction POST y n INTERNAL,API APP ADMIN diff --git a/javatests/google/registry/request/RequestHandlerTest.java b/javatests/google/registry/request/RequestHandlerTest.java index 4600c580b..5f7878b67 100644 --- a/javatests/google/registry/request/RequestHandlerTest.java +++ b/javatests/google/registry/request/RequestHandlerTest.java @@ -90,8 +90,6 @@ public final class RequestHandlerTest { @Action( path = "/safe-sloth", method = {GET, POST}, - xsrfProtection = true, - xsrfScope = "vampire", auth = @Auth(minimumLevel = AuthLevel.NONE) ) public static class SafeSlothTask implements Runnable { @@ -262,8 +260,7 @@ public final class RequestHandlerTest { } }), userService, - requestAuthenticator, - xsrfTokenManager); + requestAuthenticator); when(rsp.getWriter()).thenReturn(new PrintWriter(httpOutput)); } @@ -283,7 +280,10 @@ public final class RequestHandlerTest { @Test public void testHandleRequest_multipleMethodMappings_works() throws Exception { + userService.setUser(testUser, false); when(req.getMethod()).thenReturn("POST"); + when(req.getHeader("X-CSRF-Token")) + .thenReturn(xsrfTokenManager.generateToken(testUser.getEmail())); when(req.getRequestURI()).thenReturn("/bumblebee"); handler.handleRequest(req, rsp); verify(bumblebeeTask).run(); @@ -299,7 +299,10 @@ public final class RequestHandlerTest { @Test public void testHandleRequest_taskHasAutoPrintOk_printsOk() throws Exception { + userService.setUser(testUser, false); when(req.getMethod()).thenReturn("POST"); + when(req.getHeader("X-CSRF-Token")) + .thenReturn(xsrfTokenManager.generateToken(testUser.getEmail())); when(req.getRequestURI()).thenReturn("/sloth"); handler.handleRequest(req, rsp); verify(slothTask).run(); @@ -378,14 +381,6 @@ public final class RequestHandlerTest { tester.testAllPublicInstanceMethods(handler); } - @Test - public void testXsrfProtection_noTokenProvided_returns403Forbidden() throws Exception { - when(req.getMethod()).thenReturn("POST"); - when(req.getRequestURI()).thenReturn("/safe-sloth"); - handler.handleRequest(req, rsp); - verify(rsp).sendError(403, "Invalid X-CSRF-Token"); - } - @Test public void testXsrfProtection_validTokenProvided_runsAction() throws Exception { userService.setUser(testUser, false); @@ -397,17 +392,6 @@ public final class RequestHandlerTest { verify(safeSlothTask).run(); } - @Test - public void testXsrfProtection_tokenWithInvalidUserProvided_returns403() throws Exception { - userService.setUser(testUser, false); - when(req.getMethod()).thenReturn("POST"); - when(req.getHeader("X-CSRF-Token")) - .thenReturn(xsrfTokenManager.generateToken("wrong@example.com")); - when(req.getRequestURI()).thenReturn("/safe-sloth"); - handler.handleRequest(req, rsp); - verify(rsp).sendError(403, "Invalid X-CSRF-Token"); - } - @Test public void testXsrfProtection_GETMethodWithoutToken_doesntCheckToken() throws Exception { when(req.getMethod()).thenReturn("GET");