zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-08-05 01:11:50 +02:00
Code Issues Projects Releases Packages Wiki Activity

Clean up registrar console login flow

Browse source 
Replaced the plethora of inter winding access functions and inputs in SessionUtils with just 2 functions, that both accept the same type for the user (AuthResult):

guessRegistrarForUser: given an AuthResult, finds a registrar that they have access to. If none is found - a ForbiddenException is thrown.

getRegistrarForUser[Cached]: (maybe should be called getRegistrarOnBehalfOfUser?) given an AuthResult and a clientId, loads and returns the registrar ONLY IF the user has access to it. Otherwise throws a ForbiddenException.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=214630657
This commit is contained in:
guyben 2018-09-26 10:53:14 -07:00 committed by jianglai
parent 6bddd5a8cb
commit 84a0ace2ea
16 changed files with 431 additions and 523 deletions
Download patch file Download diff file Expand all files Collapse all files

16
javatests/google/registry/ui/server/registrar/ConsoleUiActionTest.java
View file

@ -16,6 +16,7 @@ package google.registry.ui.server.registrar;
import static com.google.common.net.HttpHeaders.LOCATION;
import static com.google.common.truth.Truth.assertThat;
import static google.registry.testing.DatastoreHelper.loadRegistrar;
import static javax.servlet.http.HttpServletResponse.SC_MOVED_TEMPORARILY;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
@ -24,6 +25,7 @@ import static org.mockito.Mockito.when;
import com.google.appengine.api.users.User;
import com.google.appengine.api.users.UserServiceFactory;
import com.google.common.net.MediaType;
import google.registry.request.HttpException.ForbiddenException;
import google.registry.request.auth.AuthLevel;
import google.registry.request.auth.AuthResult;
import google.registry.request.auth.UserAuthInfo;
@ -70,10 +72,11 @@ public class ConsoleUiActionTest {
action.sessionUtils = sessionUtils;
action.userService = UserServiceFactory.getUserService();
action.xsrfTokenManager = new XsrfTokenManager(new FakeClock(), action.userService);
UserAuthInfo userAuthInfo = UserAuthInfo.create(user, false);
action.authResult = AuthResult.create(AuthLevel.USER, userAuthInfo);
when(sessionUtils.checkRegistrarConsoleLogin(request, userAuthInfo)).thenReturn(true);
when(sessionUtils.getRegistrarClientId(request)).thenReturn("TheRegistrar");
AuthResult authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false));
action.authResult = authResult;
when(sessionUtils.guessClientIdForUser(authResult)).thenReturn("TheRegistrar");
when(sessionUtils.getRegistrarForUser("TheRegistrar", authResult))
.thenReturn(loadRegistrar("TheRegistrar"));
}
@Test
@ -110,9 +113,8 @@ public class ConsoleUiActionTest {
@Test
public void testUserDoesntHaveAccessToAnyRegistrar_showsWhoAreYouPage() {
when(sessionUtils.checkRegistrarConsoleLogin(
any(HttpServletRequest.class), any(UserAuthInfo.class)))
.thenReturn(false);
when(sessionUtils.guessClientIdForUser(any(AuthResult.class)))
.thenThrow(new ForbiddenException("forbidden"));
action.run();
assertThat(response.getPayload()).contains("<h1>You need permission</h1>");
}