Add more tests for RDAP contact data permissioning

This CL adds extra tests to make sure that contact data is hidden for RDAP domain and contact requests when not logged in as the proper registrar. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=168234733
2025-05-14 00:17:20 +02:00 · 2017-09-11 08:37:15 -07:00 · 2017-09-11 08:37:15 -07:00 · 985d14b51f
commit 985d14b51f
parent 4b83615513
11 changed files with 573 additions and 87 deletions
--- a/javatests/google/registry/rdap/RdapDomainSearchActionTest.java
+++ b/javatests/google/registry/rdap/RdapDomainSearchActionTest.java
@ -84,6 +84,7 @@ public class RdapDomainSearchActionTest {
  private final FakeClock clock = new FakeClock(DateTime.parse("2000-01-01T00:00:00Z"));
  private final SessionUtils sessionUtils = mock(SessionUtils.class);
  private final User user = new User("rdap.user@example.com", "gmail.com", "12345");
+  UserAuthInfo userAuthInfo = UserAuthInfo.create(user, false);

  private final RdapDomainSearchAction action = new RdapDomainSearchAction();

@ -333,7 +334,6 @@ public class RdapDomainSearchActionTest {
    action.rdapLinkBase = "https://example.com/rdap/";
    action.rdapWhoisServer = null;
    action.sessionUtils = sessionUtils;
-    UserAuthInfo userAuthInfo = UserAuthInfo.create(user, false);
    action.authResult = AuthResult.create(AuthLevel.USER, userAuthInfo);
    when(sessionUtils.checkRegistrarConsoleLogin(request, userAuthInfo)).thenReturn(true);
    when(sessionUtils.getRegistrarClientId(request)).thenReturn("evilregistrar");
@ -381,7 +381,7 @@ public class RdapDomainSearchActionTest {
    ImmutableMap.Builder<String, Object> builder = new ImmutableMap.Builder<>();
    builder.put("domainSearchResults", ImmutableList.of(obj));
    builder.put("rdapConformance", ImmutableList.of("rdap_level_0"));
-    RdapTestHelper.addTermsOfServiceNotice(builder, "https://example.com/rdap/");
+    RdapTestHelper.addNotices(builder, "https://example.com/rdap/");
    RdapTestHelper.addDomainBoilerplateRemarks(builder);
    return builder.build();
  }
@ -454,6 +454,35 @@ public class RdapDomainSearchActionTest {
    assertThat(response.getStatus()).isEqualTo(200);
  }

+  @Test
+  public void testDomainMatch_found_notLoggedIn() throws Exception {
+    when(sessionUtils.checkRegistrarConsoleLogin(request, userAuthInfo)).thenReturn(false);
+    when(sessionUtils.getRegistrarClientId(request)).thenReturn("evilregistrar");
+    assertThat(generateActualJson(RequestType.NAME, "cat.lol"))
+        .isEqualTo(
+            generateExpectedJsonForDomain(
+                "cat.lol",
+                null,
+                "C-LOL",
+                null,
+                "rdap_domain_no_contacts_with_remark.json"));
+    assertThat(response.getStatus()).isEqualTo(200);
+  }
+
+  @Test
+  public void testDomainMatch_found_loggedInAsOtherRegistrar() throws Exception {
+    when(sessionUtils.getRegistrarClientId(request)).thenReturn("otherregistrar");
+    assertThat(generateActualJson(RequestType.NAME, "cat.lol"))
+        .isEqualTo(
+            generateExpectedJsonForDomain(
+                "cat.lol",
+                null,
+                "C-LOL",
+                null,
+                "rdap_domain_no_contacts_with_remark.json"));
+    assertThat(response.getStatus()).isEqualTo(200);
+  }
+
  /*
   * This test is flaky because IDN.toASCII may or may not remove the trailing dot of its own
   * accord. If it does, the test will pass.