Remove requireLogin action attribute

The affected actions have been changed to check that the user is logged in by [] so this attribute is no longer needed.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=159572365

java/google/registry/module/backend/BackendRequestHandler.java

@@ -14,7 +14,6 @@
 
 package google.registry.module.backend;
 
-import com.google.appengine.api.users.UserService;
 import google.registry.request.RequestHandler;
 import google.registry.request.auth.RequestAuthenticator;
 import javax.inject.Inject;
@@ -25,8 +24,7 @@ public class BackendRequestHandler extends RequestHandler<BackendRequestComponen
 
   @Inject BackendRequestHandler(
       Provider<BackendRequestComponent.Builder> componentBuilderProvider,
-      UserService userService,
       RequestAuthenticator requestAuthenticator) {
-    super(componentBuilderProvider, userService, requestAuthenticator);
+    super(componentBuilderProvider, requestAuthenticator);
   }
 }

java/google/registry/module/frontend/FrontendRequestHandler.java

@@ -14,7 +14,6 @@
 
 package google.registry.module.frontend;
 
-import com.google.appengine.api.users.UserService;
 import google.registry.request.RequestHandler;
 import google.registry.request.auth.RequestAuthenticator;
 import javax.inject.Inject;
@@ -25,8 +24,7 @@ public class FrontendRequestHandler extends RequestHandler<FrontendRequestCompon
 
   @Inject FrontendRequestHandler(
       Provider<FrontendRequestComponent.Builder> componentBuilderProvider,
-      UserService userService,
       RequestAuthenticator requestAuthenticator) {
-    super(componentBuilderProvider, userService, requestAuthenticator);
+    super(componentBuilderProvider, requestAuthenticator);
   }
 }

java/google/registry/module/tools/ToolsRequestHandler.java

@@ -14,7 +14,6 @@
 
 package google.registry.module.tools;
 
-import com.google.appengine.api.users.UserService;
 import google.registry.request.RequestHandler;
 import google.registry.request.auth.RequestAuthenticator;
 import javax.inject.Inject;
@@ -25,8 +24,7 @@ public class ToolsRequestHandler extends RequestHandler<ToolsRequestComponent> {
 
   @Inject ToolsRequestHandler(
       Provider<ToolsRequestComponent.Builder> componentBuilderProvider,
-      UserService userService,
       RequestAuthenticator requestAuthenticator) {
-    super(componentBuilderProvider, userService, requestAuthenticator);
+    super(componentBuilderProvider, requestAuthenticator);
   }
 }

java/google/registry/request/Action.java

@@ -46,16 +46,6 @@ public @interface Action {
    */
   boolean automaticallyPrintOk() default false;
 
-  /**
-   * Require user be logged-in or 302 redirect to the Google auth login page.
-   *
-   * <p><b>Warning:</b> DO NOT use this for cron and task queue endpoints.
-   *
-   * <p><b>Note:</b> Logged-in actions should also be guarded by a {@code <security-constraint>} in
-   * {@code web.xml} with {@code <role-name>*</role-name>}.
-   */
-  boolean requireLogin() default false;
-
   /** Authentication settings. */
   Auth auth() default @Auth;
 }

java/google/registry/request/RequestHandler.java

@@ -15,14 +15,11 @@
 package google.registry.request;
 
 import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.net.HttpHeaders.LOCATION;
 import static com.google.common.net.MediaType.PLAIN_TEXT_UTF_8;
 import static javax.servlet.http.HttpServletResponse.SC_FORBIDDEN;
 import static javax.servlet.http.HttpServletResponse.SC_METHOD_NOT_ALLOWED;
-import static javax.servlet.http.HttpServletResponse.SC_MOVED_TEMPORARILY;
 import static javax.servlet.http.HttpServletResponse.SC_NOT_FOUND;
 
-import com.google.appengine.api.users.UserService;
 import com.google.common.base.Optional;
 import google.registry.request.auth.AuthResult;
 import google.registry.request.auth.RequestAuthenticator;
@@ -58,8 +55,6 @@ import javax.servlet.http.HttpServletResponse;
  *
  * <h3>Security Features</h3>
  *
- * <p>This class also enforces the {@link Action#requireLogin() requireLogin} setting.
- *
  * @param <C> request component type
  */
 public class RequestHandler<C> {
@@ -68,7 +63,6 @@ public class RequestHandler<C> {
 
   private final Router router;
   private final Provider<? extends RequestComponentBuilder<C>> requestComponentBuilderProvider;
-  private final UserService userService;
   private final RequestAuthenticator requestAuthenticator;
 
   /**
@@ -81,33 +75,28 @@ public class RequestHandler<C> {
    * @param requestComponentBuilderProvider a Dagger {@code Provider} of builder instances that can
    *     be used to construct new instances of the request component (with the required
    *     request-derived modules provided by this class)
-   * @param userService an instance of the App Engine UserService API
    * @param requestAuthenticator an instance of the {@link RequestAuthenticator} class
    */
   protected RequestHandler(
       Provider<? extends RequestComponentBuilder<C>> requestComponentBuilderProvider,
-      UserService userService,
       RequestAuthenticator requestAuthenticator) {
-    this(null, requestComponentBuilderProvider, userService, requestAuthenticator);
+    this(null, requestComponentBuilderProvider, requestAuthenticator);
   }
 
   /** Creates a new RequestHandler with an explicit component class for test purposes. */
   public static <C> RequestHandler<C> createForTest(
       Class<C> component,
       Provider<? extends RequestComponentBuilder<C>> requestComponentBuilderProvider,
-      UserService userService,
       RequestAuthenticator requestAuthenticator) {
     return new RequestHandler<>(
         checkNotNull(component),
         requestComponentBuilderProvider,
-        userService,
         requestAuthenticator);
   }
 
   private RequestHandler(
       @Nullable Class<C> component,
       Provider<? extends RequestComponentBuilder<C>> requestComponentBuilderProvider,
-      UserService userService,
       RequestAuthenticator requestAuthenticator) {
     // If the component class isn't explicitly provided, infer it from the class's own typing.
     // This is safe only for use by subclasses of RequestHandler where the generic parameter is
@@ -115,7 +104,6 @@ public class RequestHandler<C> {
     this.router = Router.create(
         component != null ? component : new TypeInstantiator<C>(getClass()){}.getExactType());
     this.requestComponentBuilderProvider = checkNotNull(requestComponentBuilderProvider);
-    this.userService = checkNotNull(userService);
     this.requestAuthenticator = checkNotNull(requestAuthenticator);
   }
 
@@ -143,12 +131,6 @@ public class RequestHandler<C> {
       rsp.sendError(SC_METHOD_NOT_ALLOWED);
       return;
     }
-    if (route.get().action().requireLogin() && !userService.isUserLoggedIn()) {
-      logger.info("not logged in");
-      rsp.setStatus(SC_MOVED_TEMPORARILY);
-      rsp.setHeader(LOCATION, userService.createLoginURL(req.getRequestURI()));
-      return;
-    }
     Optional<AuthResult> authResult =
         requestAuthenticator.authorize(route.get().action().auth(), req);
     if (!authResult.isPresent()) {

java/google/registry/request/RouterDisplayHelper.java

@@ -38,7 +38,6 @@ import java.util.Map;
  * <li>the simple name of the action class
  * <li>the allowable HTTP methods
  * <li>whether to automatically print "ok" in the response
- * <li>whether login is required
  * <li>the allowable authentication methods
  * <li>the minimum authentication level
  * <li>the user policy
@@ -55,7 +54,7 @@ public class RouterDisplayHelper {
   private static final String MINIMUM_LEVEL = "minLevel";
 
   private static final String FORMAT =
-      "%%-%ds %%-%ds %%-%ds %%-2s %%-5s %%-%ds %%-%ds %%s";
+      "%%-%ds %%-%ds %%-%ds %%-2s %%-%ds %%-%ds %%s";
 
   /** Returns a string representation of the routing map in the specified component. */
   public static String extractHumanReadableRoutesFromComponent(Class<?> componentClass) {
@@ -79,7 +78,6 @@ public class RouterDisplayHelper {
         "CLASS",
         "METHODS",
         "OK",
-        "LOGIN",
         "AUTH_METHODS",
         "MIN",
         "USER_POLICY");
@@ -92,7 +90,6 @@ public class RouterDisplayHelper {
         route.actionClass().getSimpleName(),
         Joiner.on(",").join(route.action().method()),
         route.action().automaticallyPrintOk() ? "y" : "n",
-        route.action().requireLogin() ? "y" : "n",
         Joiner.on(",").join(route.action().auth().methods()),
         route.action().auth().minimumLevel(),
         route.action().auth().userPolicy());

java/google/registry/ui/server/registrar/ConsoleUiAction.java

@@ -45,7 +45,6 @@ import javax.servlet.http.HttpServletRequest;
 /** Action that serves Registrar Console single HTML page (SPA). */
 @Action(
   path = ConsoleUiAction.PATH,
-  requireLogin = true,
   auth =
       @Auth(
         methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},

java/google/registry/ui/server/registrar/RegistrarPaymentAction.java

@@ -97,7 +97,6 @@ import org.joda.money.Money;
 @Action(
   path = "/registrar-payment",
   method = Action.Method.POST,
-  requireLogin = true,
   auth =
       @Auth(
         methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},

java/google/registry/ui/server/registrar/RegistrarPaymentSetupAction.java

@@ -72,7 +72,6 @@ import org.joda.money.CurrencyUnit;
 @Action(
   path = "/registrar-payment-setup",
   method = Action.Method.POST,
-  requireLogin = true,
   auth =
       @Auth(
         methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},

java/google/registry/ui/server/registrar/RegistrarSettingsAction.java

@@ -64,7 +64,6 @@ import javax.servlet.http.HttpServletRequest;
  */
 @Action(
   path = RegistrarSettingsAction.PATH,
-  requireLogin = true,
   method = Action.Method.POST,
   auth =
       @Auth(