diff --git a/java/google/registry/flows/domain/BaseDomainCreateFlow.java b/java/google/registry/flows/domain/BaseDomainCreateFlow.java index 6a5252842..f481f8d44 100644 --- a/java/google/registry/flows/domain/BaseDomainCreateFlow.java +++ b/java/google/registry/flows/domain/BaseDomainCreateFlow.java @@ -192,7 +192,7 @@ public abstract class BaseDomainCreateFlowabsent(); // Superusers can create reserved domains, force creations on domains that require a claims // notice without specifying a claims key, and override blocks on registering premium domains. diff --git a/java/google/registry/pricing/TldSpecificLogicProxy.java b/java/google/registry/pricing/TldSpecificLogicProxy.java index 3cc6ad3e3..f45b08fe9 100644 --- a/java/google/registry/pricing/TldSpecificLogicProxy.java +++ b/java/google/registry/pricing/TldSpecificLogicProxy.java @@ -159,14 +159,15 @@ public final class TldSpecificLogicProxy { * token) has already been checked against the reserved list for QLP (anchor tenant), as auth * codes are used for both types of registrations. */ - public static Optional getMatchingLrpToken(Create createCommand) { + public static Optional getMatchingLrpToken(Create createCommand, String tld) { // Note that until the actual per-TLD logic is built out, what's being done here is a basic // domain-name-to-assignee match. String lrpToken = createCommand.getAuthInfo().getPw().getValue(); LrpToken token = ofy().load().key(Key.create(LrpToken.class, lrpToken)).now(); if (token != null) { if (token.getAssignee().equalsIgnoreCase(createCommand.getFullyQualifiedDomainName()) - && token.getRedemptionHistoryEntry() == null) { + && token.getRedemptionHistoryEntry() == null + && token.getValidTlds().contains(tld)) { return Optional.of(token); } } diff --git a/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java b/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java index d787a6492..3e914f291 100644 --- a/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java +++ b/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java @@ -879,6 +879,7 @@ public class DomainApplicationCreateFlowTest LrpToken token = persistResource(new LrpToken.Builder() .setToken("lrptokentest") .setAssignee("test-validate.tld") + .setValidTlds(ImmutableSet.of("tld")) .build()); setEppInput("domain_create_landrush_lrp.xml"); persistContactsAndHosts(); @@ -910,6 +911,7 @@ public class DomainApplicationCreateFlowTest LrpToken token = persistResource(new LrpToken.Builder() .setToken("lrptokentest") .setAssignee("test-validate.tld") + .setValidTlds(ImmutableSet.of("tld")) .build()); setEppInput("domain_create_landrush_lrp.xml"); persistContactsAndHosts(); @@ -920,7 +922,6 @@ public class DomainApplicationCreateFlowTest @Test public void testFailure_landrushLrpApplication_badToken() throws Exception { - thrown.expect(BadAuthInfoForResourceException.class); createTld("tld", TldState.LANDRUSH); persistResource(Registry.get("tld").asBuilder() .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH)) @@ -928,10 +929,33 @@ public class DomainApplicationCreateFlowTest persistResource(new LrpToken.Builder() .setToken("lrptokentest2") .setAssignee("test-validate.tld") + .setValidTlds(ImmutableSet.of("tld")) .build()); setEppInput("domain_create_landrush_lrp.xml"); persistContactsAndHosts(); clock.advanceOneMilli(); + thrown.expect(BadAuthInfoForResourceException.class); + runFlow(); + } + + @Test + public void testFailure_landrushLrpApplication_tokenForWrongTld() throws Exception { + createTld("tld", TldState.LANDRUSH); + persistResource(Registry.get("tld").asBuilder() + .setLrpTldStates(ImmutableSet.of(TldState.LANDRUSH)) + .build()); + persistResource(new LrpToken.Builder() + .setToken("lrptokentest") + // The below assignee doesn't really make sense here, but as of right now the validation + // in TldSpecificLogicProxy is just a match on the domain name, so this test ensures that + // the registration fails due to invalid TLDs even if everything else otherwise matches. + .setAssignee("test-validate.tld") + .setValidTlds(ImmutableSet.of("other")) + .build()); + setEppInput("domain_create_landrush_lrp.xml"); + persistContactsAndHosts(); + clock.advanceOneMilli(); + thrown.expect(BadAuthInfoForResourceException.class); runFlow(); } @@ -945,6 +969,7 @@ public class DomainApplicationCreateFlowTest persistResource(new LrpToken.Builder() .setToken("lrptokentest") .setAssignee("test-validate.tld") + .setValidTlds(ImmutableSet.of("tld")) .setRedemptionHistoryEntry(Key.create(HistoryEntry.class, "1")) // as long as it's not null .build()); setEppInput("domain_create_landrush_lrp.xml"); @@ -959,6 +984,7 @@ public class DomainApplicationCreateFlowTest LrpToken token = persistResource(new LrpToken.Builder() .setToken("lrptokentest") .setAssignee("test-validate.tld") + .setValidTlds(ImmutableSet.of("tld")) .build()); setEppInput("domain_create_landrush_lrp.xml"); persistContactsAndHosts(); @@ -981,6 +1007,7 @@ public class DomainApplicationCreateFlowTest LrpToken token = persistResource(new LrpToken.Builder() .setToken("lrptokentest") .setAssignee("test-validate.tld") + .setValidTlds(ImmutableSet.of("tld")) .build()); setEppInput("domain_create_landrush_lrp.xml"); persistContactsAndHosts();