mirror of
https://github.com/google/nomulus.git
synced 2025-05-15 17:07:15 +02:00
Make host flows only accept canonicalized host names as input
This now throws errors when a non-lower-cased, non-puny-coded, or non-canonicalized host name is passed in as an input parameter. The approach we'll take is to first notify registrars which hosts we'll be renaming, then issue EPP host update commands to effect those renames as superuser, then push this code live to production. This fixes #38 on GitHub. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=138441130
This commit is contained in:
mcilwain
Ben McIlwain
parent
cbe76e8615
commit
9aa2f3b96e
12 changed files with 215 additions and 8 deletions
|
|
@ -65,6 +65,9 @@ import org.joda.time.DateTime;
|
|||
* @error {@link HostFlowUtils.HostNameTooLongException}
|
||||
* @error {@link HostFlowUtils.HostNameTooShallowException}
|
||||
* @error {@link HostFlowUtils.InvalidHostNameException}
|
||||
* @error {@link HostFlowUtils.HostNameNotLowerCaseException}
|
||||
* @error {@link HostFlowUtils.HostNameNotNormalizedException}
|
||||
* @error {@link HostFlowUtils.HostNameNotPunyCodedException}
|
||||
* @error {@link HostFlowUtils.SuperordinateDomainDoesNotExistException}
|
||||
* @error {@link SubordinateHostMustHaveIpException}
|
||||
* @error {@link UnexpectedExternalHostIpException}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ import static google.registry.flows.ResourceFlowUtils.failfastForAsyncDelete;
|
|||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses;
|
||||
import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership;
|
||||
import static google.registry.flows.host.HostFlowUtils.validateHostName;
|
||||
import static google.registry.model.eppoutput.Result.Code.SUCCESS_WITH_ACTION_PENDING;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
|
||||
|
|
@ -54,6 +55,9 @@ import org.joda.time.DateTime;
|
|||
* @error {@link google.registry.flows.ResourceFlowUtils.ResourceNotOwnedException}
|
||||
* @error {@link google.registry.flows.exceptions.ResourceStatusProhibitsOperationException}
|
||||
* @error {@link google.registry.flows.exceptions.ResourceToDeleteIsReferencedException}
|
||||
* @error {@link HostFlowUtils.HostNameNotLowerCaseException}
|
||||
* @error {@link HostFlowUtils.HostNameNotNormalizedException}
|
||||
* @error {@link HostFlowUtils.HostNameNotPunyCodedException}
|
||||
*/
|
||||
public final class HostDeleteFlow implements TransactionalFlow {
|
||||
|
||||
|
|
@ -85,6 +89,7 @@ public final class HostDeleteFlow implements TransactionalFlow {
|
|||
extensionManager.validate();
|
||||
validateClientIsLoggedIn(clientId);
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
validateHostName(targetId);
|
||||
failfastForAsyncDelete(targetId, now, HostResource.class, GET_NAMESERVERS);
|
||||
HostResource existingHost = loadAndVerifyExistence(HostResource.class, targetId, now);
|
||||
verifyNoDisallowedStatuses(existingHost, DISALLOWED_STATUSES);
|
||||
|
|
|
|||
|
|
@ -17,7 +17,9 @@ package google.registry.flows.host;
|
|||
import static google.registry.model.EppResourceUtils.isActive;
|
||||
import static google.registry.model.EppResourceUtils.loadByForeignKey;
|
||||
import static google.registry.model.registry.Registries.findTldForName;
|
||||
import static google.registry.util.PreconditionsUtils.checkArgumentNotNull;
|
||||
|
||||
import com.google.common.base.Ascii;
|
||||
import com.google.common.base.Joiner;
|
||||
import com.google.common.base.Optional;
|
||||
import com.google.common.collect.Iterables;
|
||||
|
|
@ -29,6 +31,7 @@ import google.registry.flows.EppException.ParameterValuePolicyErrorException;
|
|||
import google.registry.flows.EppException.ParameterValueRangeErrorException;
|
||||
import google.registry.flows.EppException.ParameterValueSyntaxErrorException;
|
||||
import google.registry.model.domain.DomainResource;
|
||||
import google.registry.util.Idn;
|
||||
import org.joda.time.DateTime;
|
||||
|
||||
/** Static utility functions for host flows. */
|
||||
|
|
@ -36,14 +39,23 @@ public class HostFlowUtils {
|
|||
|
||||
/** Checks that a host name is valid. */
|
||||
static InternetDomainName validateHostName(String name) throws EppException {
|
||||
if (name == null) {
|
||||
return null;
|
||||
}
|
||||
checkArgumentNotNull(name, "Must specify host name to validate");
|
||||
if (name.length() > 253) {
|
||||
throw new HostNameTooLongException();
|
||||
}
|
||||
String hostNameLowerCase = Ascii.toLowerCase(name);
|
||||
if (!name.equals(hostNameLowerCase)) {
|
||||
throw new HostNameNotLowerCaseException(hostNameLowerCase);
|
||||
}
|
||||
String hostNamePunyCoded = Idn.toASCII(name);
|
||||
if (!name.equals(hostNamePunyCoded)) {
|
||||
throw new HostNameNotPunyCodedException(hostNamePunyCoded);
|
||||
}
|
||||
try {
|
||||
InternetDomainName hostName = InternetDomainName.from(name);
|
||||
if (!name.equals(hostName.toString())) {
|
||||
throw new HostNameNotNormalizedException(hostName.toString());
|
||||
}
|
||||
// Checks whether a hostname is deep enough. Technically a host can be just one under a
|
||||
// public suffix (e.g. example.com) but we require by policy that it has to be at least one
|
||||
// part beyond that (e.g. ns1.example.com). The public suffix list includes all current
|
||||
|
|
@ -135,4 +147,26 @@ public class HostFlowUtils {
|
|||
super("Invalid host name");
|
||||
}
|
||||
}
|
||||
|
||||
/** Host names must be in lower-case. */
|
||||
static class HostNameNotLowerCaseException extends ParameterValueSyntaxErrorException {
|
||||
public HostNameNotLowerCaseException(String expectedHostName) {
|
||||
super(String.format("Host names must be in lower-case; expected %s", expectedHostName));
|
||||
}
|
||||
}
|
||||
|
||||
/** Host names must be puny-coded. */
|
||||
static class HostNameNotPunyCodedException extends ParameterValueSyntaxErrorException {
|
||||
public HostNameNotPunyCodedException(String expectedHostName) {
|
||||
super(String.format("Host names must be puny-coded; expected %s", expectedHostName));
|
||||
}
|
||||
}
|
||||
|
||||
/** Host names must be in normalized format. */
|
||||
static class HostNameNotNormalizedException extends ParameterValueSyntaxErrorException {
|
||||
public HostNameNotNormalizedException(String expectedHostName) {
|
||||
super(
|
||||
String.format("Host names must be in normalized format; expected %s", expectedHostName));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ package google.registry.flows.host;
|
|||
|
||||
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
||||
import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence;
|
||||
import static google.registry.flows.host.HostFlowUtils.validateHostName;
|
||||
import static google.registry.model.EppResourceUtils.cloneResourceWithLinkedStatus;
|
||||
|
||||
import google.registry.flows.EppException;
|
||||
|
|
@ -36,6 +37,9 @@ import org.joda.time.DateTime;
|
|||
* transfer if it has ever been transferred. Any registrar can see the information for any host.
|
||||
*
|
||||
* @error {@link google.registry.flows.ResourceFlowUtils.ResourceDoesNotExistException}
|
||||
* @error {@link HostFlowUtils.HostNameNotLowerCaseException}
|
||||
* @error {@link HostFlowUtils.HostNameNotNormalizedException}
|
||||
* @error {@link HostFlowUtils.HostNameNotPunyCodedException}
|
||||
*/
|
||||
public final class HostInfoFlow implements Flow {
|
||||
|
||||
|
|
@ -49,7 +53,8 @@ public final class HostInfoFlow implements Flow {
|
|||
@Override
|
||||
public EppResponse run() throws EppException {
|
||||
extensionManager.validate(); // There are no legal extensions for this flow.
|
||||
validateClientIsLoggedIn(clientId);
|
||||
validateClientIsLoggedIn(clientId);
|
||||
validateHostName(targetId);
|
||||
DateTime now = clock.nowUtc();
|
||||
HostResource host = loadAndVerifyExistence(HostResource.class, targetId, now);
|
||||
return responseBuilder.setResData(cloneResourceWithLinkedStatus(host, now)).build();
|
||||
|
|
|
|||
|
|
@ -82,6 +82,9 @@ import org.joda.time.DateTime;
|
|||
* @error {@link google.registry.flows.exceptions.ResourceStatusProhibitsOperationException}
|
||||
* @error {@link HostFlowUtils.HostNameTooShallowException}
|
||||
* @error {@link HostFlowUtils.InvalidHostNameException}
|
||||
* @error {@link HostFlowUtils.HostNameNotLowerCaseException}
|
||||
* @error {@link HostFlowUtils.HostNameNotNormalizedException}
|
||||
* @error {@link HostFlowUtils.HostNameNotPunyCodedException}
|
||||
* @error {@link HostFlowUtils.SuperordinateDomainDoesNotExistException}
|
||||
* @error {@link CannotAddIpToExternalHostException}
|
||||
* @error {@link CannotRemoveSubordinateHostLastIpException}
|
||||
|
|
@ -120,6 +123,11 @@ public final class HostUpdateFlow implements TransactionalFlow {
|
|||
Change change = command.getInnerChange();
|
||||
String suppliedNewHostName = change.getFullyQualifiedHostName();
|
||||
DateTime now = ofy().getTransactionTime();
|
||||
// Validation is disabled for superusers to allow renaming of existing invalid hostnames.
|
||||
// TODO(b/32328995): Remove superuser override once all bad data in prod has been fixed.
|
||||
if (!isSuperuser) {
|
||||
validateHostName(targetId);
|
||||
}
|
||||
HostResource existingHost = loadAndVerifyExistence(HostResource.class, targetId, now);
|
||||
boolean isHostRename = suppliedNewHostName != null;
|
||||
String oldHostName = targetId;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue