Verify that the RegistryLock input has the correct registrar ID (#661)

* Verify that the RegistryLock input has the correct registrar ID We already verify (correctly) that the user has access to the registrar they specify, but nowhere did we verify that the registrar ID they used is actually the current sponsor ID for the domain in question. This is an oversight caused by the fact that our testing framework only uses admin accounts, which by the nature of things have access to all registrars and domains. In addition, rename "clientId" to "registrarId" in the RLPA object * Change the wording on the incorrect-registrar message
2025-06-21 03:40:47 +02:00 · 2020-07-05 22:31:14 -04:00 · 2020-07-05 22:31:14 -04:00 · bd77edb491
commit bd77edb491
parent 57d1d1697a
9 changed files with 95 additions and 49 deletions
--- a/core/src/main/javascript/google/registry/ui/js/registrar/registry_lock.js
+++ b/core/src/main/javascript/google/registry/ui/js/registrar/registry_lock.js
@ -172,7 +172,7 @@ registry.registrar.RegistryLock.prototype.lockOrUnlockDomain_ = function(isLock,
      e => this.fillLocksPage_(e),
      'POST',
      goog.json.serialize({
-        'clientId': this.clientId,
+        'registrarId': this.clientId,
        'domainName': domain,
        'isLock': isLock,
        'password': password,