zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-08-06 01:35:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

Remove xsrfScope and xsrfProtection authentication attributes

Browse source 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=159121132
This commit is contained in:
mountford 2017-06-15 10:31:47 -07:00 committed by Ben McIlwain
parent 580c41f2d6
commit 7d2f53a6fe
19 changed files with 103 additions and 185 deletions
Download patch file Download diff file Expand all files Collapse all files

76
javatests/google/registry/module/backend/testdata/backend_routing.txt vendored
View file

@ -1,38 +1,38 @@
PATH CLASS METHODS OK XSRF SCOPE LOGIN AUTH_METHODS MIN USER_POLICY
/_dr/cron/commitLogCheckpoint CommitLogCheckpointAction GET y n app n INTERNAL APP IGNORED
/_dr/cron/commitLogFanout CommitLogFanoutAction GET y n app n INTERNAL APP IGNORED
/_dr/cron/fanout TldFanoutAction GET y n app n INTERNAL APP IGNORED
/_dr/cron/readDnsQueue ReadDnsQueueAction GET y n app n INTERNAL APP IGNORED
/_dr/dnsRefresh RefreshDnsAction GET y n app n INTERNAL APP IGNORED
/_dr/task/brdaCopy BrdaCopyAction POST y n app n INTERNAL APP IGNORED
/_dr/task/checkSnapshot CheckSnapshotAction POST,GET y n app n INTERNAL APP IGNORED
/_dr/task/deleteContactsAndHosts DeleteContactsAndHostsAction GET n n app n INTERNAL APP IGNORED
/_dr/task/deleteOldCommitLogs DeleteOldCommitLogsAction POST y n app n INTERNAL APP IGNORED
/_dr/task/deleteProberData DeleteProberDataAction POST n n app n INTERNAL APP IGNORED
/_dr/task/expandRecurringBillingEvents ExpandRecurringBillingEventsAction GET n n app n INTERNAL APP IGNORED
/_dr/task/exportCommitLogDiff ExportCommitLogDiffAction POST y n app n INTERNAL APP IGNORED
/_dr/task/exportDomainLists ExportDomainListsAction POST n n app n INTERNAL APP IGNORED
/_dr/task/exportReservedTerms ExportReservedTermsAction POST n n app n INTERNAL APP IGNORED
/_dr/task/exportSnapshot ExportSnapshotAction POST y n app n INTERNAL APP IGNORED
/_dr/task/importRdeContacts RdeContactImportAction GET n n app n INTERNAL APP IGNORED
/_dr/task/importRdeDomains RdeDomainImportAction GET n n app n INTERNAL APP IGNORED
/_dr/task/importRdeHosts RdeHostImportAction GET n n app n INTERNAL APP IGNORED
/_dr/task/linkRdeHosts RdeHostLinkAction GET n n app n INTERNAL APP IGNORED
/_dr/task/loadSnapshot LoadSnapshotAction POST n n app n INTERNAL APP IGNORED
/_dr/task/mapreduceEntityCleanup MapreduceEntityCleanupAction GET n n app n INTERNAL APP IGNORED
/_dr/task/metrics MetricsExportAction POST n n app n INTERNAL APP IGNORED
/_dr/task/nordnUpload NordnUploadAction POST y n app n INTERNAL APP IGNORED
/_dr/task/nordnVerify NordnVerifyAction POST y n app n INTERNAL APP IGNORED
/_dr/task/pollBigqueryJob BigqueryPollJobAction GET,POST y n app n INTERNAL APP IGNORED
/_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y n app n INTERNAL APP IGNORED
/_dr/task/rdeReport RdeReportAction POST n n app n INTERNAL APP IGNORED
/_dr/task/rdeStaging RdeStagingAction GET,POST n n app n INTERNAL APP IGNORED
/_dr/task/rdeUpload RdeUploadAction POST n n app n INTERNAL APP IGNORED
/_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction GET n n app n INTERNAL APP IGNORED
/_dr/task/syncGroupMembers SyncGroupMembersAction POST n n app n INTERNAL APP IGNORED
/_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n n app n INTERNAL APP IGNORED
/_dr/task/tmchCrl TmchCrlAction POST y n app n INTERNAL APP IGNORED
/_dr/task/tmchDnl TmchDnlAction POST y n app n INTERNAL APP IGNORED
/_dr/task/tmchSmdrl TmchSmdrlAction POST y n app n INTERNAL APP IGNORED
/_dr/task/updateSnapshotView UpdateSnapshotViewAction POST n n app n INTERNAL APP IGNORED
/_dr/task/verifyEntityIntegrity VerifyEntityIntegrityAction POST n n app n INTERNAL APP IGNORED
PATH CLASS METHODS OK LOGIN AUTH_METHODS MIN USER_POLICY
/_dr/cron/commitLogCheckpoint CommitLogCheckpointAction GET y n INTERNAL APP IGNORED
/_dr/cron/commitLogFanout CommitLogFanoutAction GET y n INTERNAL APP IGNORED
/_dr/cron/fanout TldFanoutAction GET y n INTERNAL APP IGNORED
/_dr/cron/readDnsQueue ReadDnsQueueAction GET y n INTERNAL APP IGNORED
/_dr/dnsRefresh RefreshDnsAction GET y n INTERNAL APP IGNORED
/_dr/task/brdaCopy BrdaCopyAction POST y n INTERNAL APP IGNORED
/_dr/task/checkSnapshot CheckSnapshotAction POST,GET y n INTERNAL APP IGNORED
/_dr/task/deleteContactsAndHosts DeleteContactsAndHostsAction GET n n INTERNAL APP IGNORED
/_dr/task/deleteOldCommitLogs DeleteOldCommitLogsAction POST y n INTERNAL APP IGNORED
/_dr/task/deleteProberData DeleteProberDataAction POST n n INTERNAL APP IGNORED
/_dr/task/expandRecurringBillingEvents ExpandRecurringBillingEventsAction GET n n INTERNAL APP IGNORED
/_dr/task/exportCommitLogDiff ExportCommitLogDiffAction POST y n INTERNAL APP IGNORED
/_dr/task/exportDomainLists ExportDomainListsAction POST n n INTERNAL APP IGNORED
/_dr/task/exportReservedTerms ExportReservedTermsAction POST n n INTERNAL APP IGNORED
/_dr/task/exportSnapshot ExportSnapshotAction POST y n INTERNAL APP IGNORED
/_dr/task/importRdeContacts RdeContactImportAction GET n n INTERNAL APP IGNORED
/_dr/task/importRdeDomains RdeDomainImportAction GET n n INTERNAL APP IGNORED
/_dr/task/importRdeHosts RdeHostImportAction GET n n INTERNAL APP IGNORED
/_dr/task/linkRdeHosts RdeHostLinkAction GET n n INTERNAL APP IGNORED
/_dr/task/loadSnapshot LoadSnapshotAction POST n n INTERNAL APP IGNORED
/_dr/task/mapreduceEntityCleanup MapreduceEntityCleanupAction GET n n INTERNAL APP IGNORED
/_dr/task/metrics MetricsExportAction POST n n INTERNAL APP IGNORED
/_dr/task/nordnUpload NordnUploadAction POST y n INTERNAL APP IGNORED
/_dr/task/nordnVerify NordnVerifyAction POST y n INTERNAL APP IGNORED
/_dr/task/pollBigqueryJob BigqueryPollJobAction GET,POST y n INTERNAL APP IGNORED
/_dr/task/publishDnsUpdates PublishDnsUpdatesAction POST y n INTERNAL APP IGNORED
/_dr/task/rdeReport RdeReportAction POST n n INTERNAL APP IGNORED
/_dr/task/rdeStaging RdeStagingAction GET,POST n n INTERNAL APP IGNORED
/_dr/task/rdeUpload RdeUploadAction POST n n INTERNAL APP IGNORED
/_dr/task/refreshDnsOnHostRename RefreshDnsOnHostRenameAction GET n n INTERNAL APP IGNORED
/_dr/task/syncGroupMembers SyncGroupMembersAction POST n n INTERNAL APP IGNORED
/_dr/task/syncRegistrarsSheet SyncRegistrarsSheetAction POST n n INTERNAL APP IGNORED
/_dr/task/tmchCrl TmchCrlAction POST y n INTERNAL APP IGNORED
/_dr/task/tmchDnl TmchDnlAction POST y n INTERNAL APP IGNORED
/_dr/task/tmchSmdrl TmchSmdrlAction POST y n INTERNAL APP IGNORED
/_dr/task/updateSnapshotView UpdateSnapshotViewAction POST n n INTERNAL APP IGNORED
/_dr/task/verifyEntityIntegrity VerifyEntityIntegrityAction POST n n INTERNAL APP IGNORED

38
javatests/google/registry/module/frontend/testdata/frontend_routing.txt vendored
View file

@ -1,19 +1,19 @@
PATH CLASS METHODS OK XSRF SCOPE LOGIN AUTH_METHODS MIN USER_POLICY
/_dr/epp EppTlsAction POST n n app n INTERNAL,API APP ADMIN
/_dr/whois WhoisServer POST n n app n INTERNAL,API APP ADMIN
/check CheckApiAction GET n n app n INTERNAL NONE PUBLIC
/rdap/autnum/(*) RdapAutnumAction GET,HEAD n n app n INTERNAL NONE PUBLIC
/rdap/domain/(*) RdapDomainAction GET,HEAD n n app n INTERNAL NONE PUBLIC
/rdap/domains RdapDomainSearchAction GET,HEAD n n app n INTERNAL NONE PUBLIC
/rdap/entities RdapEntitySearchAction GET,HEAD n n app n INTERNAL NONE PUBLIC
/rdap/entity/(*) RdapEntityAction GET,HEAD n n app n INTERNAL NONE PUBLIC
/rdap/help(*) RdapHelpAction GET,HEAD n n app n INTERNAL NONE PUBLIC
/rdap/ip/(*) RdapIpAction GET,HEAD n n app n INTERNAL NONE PUBLIC
/rdap/nameserver/(*) RdapNameserverAction GET,HEAD n n app n INTERNAL NONE PUBLIC
/rdap/nameservers RdapNameserverSearchAction GET,HEAD n n app n INTERNAL NONE PUBLIC
/registrar ConsoleUiAction GET n n app y INTERNAL,API,LEGACY NONE PUBLIC
/registrar-payment RegistrarPaymentAction POST n y console y INTERNAL,API,LEGACY USER PUBLIC
/registrar-payment-setup RegistrarPaymentSetupAction POST n y console y INTERNAL,API,LEGACY USER PUBLIC
/registrar-settings RegistrarSettingsAction POST n y console y INTERNAL,API,LEGACY USER PUBLIC
/registrar-xhr EppConsoleAction POST n y console n INTERNAL,API,LEGACY USER PUBLIC
/whois/(*) WhoisHttpServer GET n n app n INTERNAL NONE PUBLIC
PATH CLASS METHODS OK LOGIN AUTH_METHODS MIN USER_POLICY
/_dr/epp EppTlsAction POST n n INTERNAL,API APP ADMIN
/_dr/whois WhoisServer POST n n INTERNAL,API APP ADMIN
/check CheckApiAction GET n n INTERNAL NONE PUBLIC
/rdap/autnum/(*) RdapAutnumAction GET,HEAD n n INTERNAL NONE PUBLIC
/rdap/domain/(*) RdapDomainAction GET,HEAD n n INTERNAL NONE PUBLIC
/rdap/domains RdapDomainSearchAction GET,HEAD n n INTERNAL NONE PUBLIC
/rdap/entities RdapEntitySearchAction GET,HEAD n n INTERNAL NONE PUBLIC
/rdap/entity/(*) RdapEntityAction GET,HEAD n n INTERNAL NONE PUBLIC
/rdap/help(*) RdapHelpAction GET,HEAD n n INTERNAL NONE PUBLIC
/rdap/ip/(*) RdapIpAction GET,HEAD n n INTERNAL NONE PUBLIC
/rdap/nameserver/(*) RdapNameserverAction GET,HEAD n n INTERNAL NONE PUBLIC
/rdap/nameservers RdapNameserverSearchAction GET,HEAD n n INTERNAL NONE PUBLIC
/registrar ConsoleUiAction GET n y INTERNAL,API,LEGACY NONE PUBLIC
/registrar-payment RegistrarPaymentAction POST n y INTERNAL,API,LEGACY USER PUBLIC
/registrar-payment-setup RegistrarPaymentSetupAction POST n y INTERNAL,API,LEGACY USER PUBLIC
/registrar-settings RegistrarSettingsAction POST n y INTERNAL,API,LEGACY USER PUBLIC
/registrar-xhr EppConsoleAction POST n n INTERNAL,API,LEGACY USER PUBLIC
/whois/(*) WhoisHttpServer GET n n INTERNAL NONE PUBLIC

42
javatests/google/registry/module/tools/testdata/tools_routing.txt vendored
View file

@ -1,21 +1,21 @@
PATH CLASS METHODS OK XSRF SCOPE LOGIN AUTH_METHODS MIN USER_POLICY
/_dr/admin/createGroups CreateGroupsAction POST n n app n INTERNAL,API APP ADMIN
/_dr/admin/createPremiumList CreatePremiumListAction POST n n app n INTERNAL,API APP ADMIN
/_dr/admin/deleteEntity DeleteEntityAction GET n n app n INTERNAL,API APP ADMIN
/_dr/admin/list/domains ListDomainsAction GET,POST n n app n INTERNAL,API APP ADMIN
/_dr/admin/list/hosts ListHostsAction GET,POST n n app n INTERNAL,API APP ADMIN
/_dr/admin/list/premiumLists ListPremiumListsAction GET,POST n n app n INTERNAL,API APP ADMIN
/_dr/admin/list/registrars ListRegistrarsAction GET,POST n n app n INTERNAL,API APP ADMIN
/_dr/admin/list/reservedLists ListReservedListsAction GET,POST n n app n INTERNAL,API APP ADMIN
/_dr/admin/list/tlds ListTldsAction GET,POST n n app n INTERNAL,API APP ADMIN
/_dr/admin/updatePremiumList UpdatePremiumListAction POST n n app n INTERNAL,API APP ADMIN
/_dr/admin/verifyOte VerifyOteAction POST n y admin n INTERNAL,API APP ADMIN
/_dr/epptool EppToolAction POST n y admin n INTERNAL,API APP ADMIN
/_dr/loadtest LoadTestAction POST y n app n INTERNAL,API APP ADMIN
/_dr/publishDetailReport PublishDetailReportAction POST n y admin n INTERNAL,API APP ADMIN
/_dr/task/generateZoneFiles GenerateZoneFilesAction POST n n app n INTERNAL,API APP ADMIN
/_dr/task/killAllCommitLogs KillAllCommitLogsAction POST n n app n INTERNAL APP IGNORED
/_dr/task/killAllEppResources KillAllEppResourcesAction POST n n app n INTERNAL APP IGNORED
/_dr/task/refreshAllDomains RefreshAllDomainsAction GET n n app n INTERNAL,API APP ADMIN
/_dr/task/resaveAllEppResources ResaveAllEppResourcesAction GET n n app n INTERNAL,API APP ADMIN
/_dr/task/restoreCommitLogs RestoreCommitLogsAction POST y n app n INTERNAL,API APP ADMIN
PATH CLASS METHODS OK LOGIN AUTH_METHODS MIN USER_POLICY
/_dr/admin/createGroups CreateGroupsAction POST n n INTERNAL,API APP ADMIN
/_dr/admin/createPremiumList CreatePremiumListAction POST n n INTERNAL,API APP ADMIN
/_dr/admin/deleteEntity DeleteEntityAction GET n n INTERNAL,API APP ADMIN
/_dr/admin/list/domains ListDomainsAction GET,POST n n INTERNAL,API APP ADMIN
/_dr/admin/list/hosts ListHostsAction GET,POST n n INTERNAL,API APP ADMIN
/_dr/admin/list/premiumLists ListPremiumListsAction GET,POST n n INTERNAL,API APP ADMIN
/_dr/admin/list/registrars ListRegistrarsAction GET,POST n n INTERNAL,API APP ADMIN
/_dr/admin/list/reservedLists ListReservedListsAction GET,POST n n INTERNAL,API APP ADMIN
/_dr/admin/list/tlds ListTldsAction GET,POST n n INTERNAL,API APP ADMIN
/_dr/admin/updatePremiumList UpdatePremiumListAction POST n n INTERNAL,API APP ADMIN
/_dr/admin/verifyOte VerifyOteAction POST n n INTERNAL,API APP ADMIN
/_dr/epptool EppToolAction POST n n INTERNAL,API APP ADMIN
/_dr/loadtest LoadTestAction POST y n INTERNAL,API APP ADMIN
/_dr/publishDetailReport PublishDetailReportAction POST n n INTERNAL,API APP ADMIN
/_dr/task/generateZoneFiles GenerateZoneFilesAction POST n n INTERNAL,API APP ADMIN
/_dr/task/killAllCommitLogs KillAllCommitLogsAction POST n n INTERNAL APP IGNORED
/_dr/task/killAllEppResources KillAllEppResourcesAction POST n n INTERNAL APP IGNORED
/_dr/task/refreshAllDomains RefreshAllDomainsAction GET n n INTERNAL,API APP ADMIN
/_dr/task/resaveAllEppResources ResaveAllEppResourcesAction GET n n INTERNAL,API APP ADMIN
/_dr/task/restoreCommitLogs RestoreCommitLogsAction POST y n INTERNAL,API APP ADMIN

30
javatests/google/registry/request/RequestHandlerTest.java
View file

@ -90,8 +90,6 @@ public final class RequestHandlerTest {
@Action(
path = "/safe-sloth",
method = {GET, POST},
xsrfProtection = true,
xsrfScope = "vampire",
auth = @Auth(minimumLevel = AuthLevel.NONE)
)
public static class SafeSlothTask implements Runnable {
@ -262,8 +260,7 @@ public final class RequestHandlerTest {
}
}),
userService,
requestAuthenticator,
xsrfTokenManager);
requestAuthenticator);
when(rsp.getWriter()).thenReturn(new PrintWriter(httpOutput));
}
@ -283,7 +280,10 @@ public final class RequestHandlerTest {
@Test
public void testHandleRequest_multipleMethodMappings_works() throws Exception {
userService.setUser(testUser, false);
when(req.getMethod()).thenReturn("POST");
when(req.getHeader("X-CSRF-Token"))
.thenReturn(xsrfTokenManager.generateToken(testUser.getEmail()));
when(req.getRequestURI()).thenReturn("/bumblebee");
handler.handleRequest(req, rsp);
verify(bumblebeeTask).run();
@ -299,7 +299,10 @@ public final class RequestHandlerTest {
@Test
public void testHandleRequest_taskHasAutoPrintOk_printsOk() throws Exception {
userService.setUser(testUser, false);
when(req.getMethod()).thenReturn("POST");
when(req.getHeader("X-CSRF-Token"))
.thenReturn(xsrfTokenManager.generateToken(testUser.getEmail()));
when(req.getRequestURI()).thenReturn("/sloth");
handler.handleRequest(req, rsp);
verify(slothTask).run();
@ -378,14 +381,6 @@ public final class RequestHandlerTest {
tester.testAllPublicInstanceMethods(handler);
}
@Test
public void testXsrfProtection_noTokenProvided_returns403Forbidden() throws Exception {
when(req.getMethod()).thenReturn("POST");
when(req.getRequestURI()).thenReturn("/safe-sloth");
handler.handleRequest(req, rsp);
verify(rsp).sendError(403, "Invalid X-CSRF-Token");
}
@Test
public void testXsrfProtection_validTokenProvided_runsAction() throws Exception {
userService.setUser(testUser, false);
@ -397,17 +392,6 @@ public final class RequestHandlerTest {
verify(safeSlothTask).run();
}
@Test
public void testXsrfProtection_tokenWithInvalidUserProvided_returns403() throws Exception {
userService.setUser(testUser, false);
when(req.getMethod()).thenReturn("POST");
when(req.getHeader("X-CSRF-Token"))
.thenReturn(xsrfTokenManager.generateToken("wrong@example.com"));
when(req.getRequestURI()).thenReturn("/safe-sloth");
handler.handleRequest(req, rsp);
verify(rsp).sendError(403, "Invalid X-CSRF-Token");
}
@Test
public void testXsrfProtection_GETMethodWithoutToken_doesntCheckToken() throws Exception {
when(req.getMethod()).thenReturn("GET");