mirror of
https://github.com/google/nomulus.git
synced 2025-05-15 17:07:15 +02:00
Use the requested server host when creating the registry lock verification URL (#624)
* Use the server host when creating the registry lock verification URL The app doesn't know about any external configuration that may point to this app, so there's no way of finding out that, for instance, registry.google points to the app. Thus, we have to use what the user gives us so that, in our case, the registry-lock verification emails can point to https://registry.google/registry-lock-verify instead of https://domain-registry.appspot.com/registry-lock-verify. The former is used by clients / users to authenticate, and unfortunately authenticating on registry.google does not give authentication to domain-registry.apspot.com. Tested using the RDAP code that uses getServerName() -- in that case, if you access registry.google/rdap/<>, it uses registry.google in the URLs but if you use domain-registry.appspot.com/rdap/<>, it uses domain-registry.appspot.com in the URLs. Relatedly, frontend_config_prod-appengine.asciiproto in Piper is what configures registry.google to point to domain-registry.appspot.com
This commit is contained in:
gbrodman
GitHub
parent
93984071e4
commit
c6d47d8d00
2 changed files with 12 additions and 5 deletions
|
|
@ -30,7 +30,6 @@ import com.google.common.base.Throwables;
|
|||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.flogger.FluentLogger;
|
||||
import com.google.gson.Gson;
|
||||
import google.registry.config.RegistryConfig;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.model.registrar.Registrar;
|
||||
import google.registry.model.registrar.RegistrarContact;
|
||||
|
|
@ -49,12 +48,12 @@ import google.registry.tools.DomainLockUtils;
|
|||
import google.registry.util.EmailMessage;
|
||||
import google.registry.util.SendEmailService;
|
||||
import java.net.URISyntaxException;
|
||||
import java.net.URL;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
import javax.inject.Inject;
|
||||
import javax.mail.internet.AddressException;
|
||||
import javax.mail.internet.InternetAddress;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.apache.http.client.utils.URIBuilder;
|
||||
import org.joda.time.Duration;
|
||||
|
||||
|
|
@ -76,11 +75,11 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc
|
|||
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
|
||||
private static final Gson GSON = new Gson();
|
||||
|
||||
private static final URL URL_BASE = RegistryConfig.getDefaultServer();
|
||||
private static final String VERIFICATION_EMAIL_TEMPLATE =
|
||||
"Please click the link below to perform the lock / unlock action on domain %s. Note: "
|
||||
+ "this code will expire in one hour.\n\n%s";
|
||||
|
||||
private final HttpServletRequest req;
|
||||
private final JsonActionRunner jsonActionRunner;
|
||||
private final AuthResult authResult;
|
||||
private final AuthenticatedRegistrarAccessor registrarAccessor;
|
||||
|
|
@ -90,12 +89,14 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc
|
|||
|
||||
@Inject
|
||||
RegistryLockPostAction(
|
||||
HttpServletRequest req,
|
||||
JsonActionRunner jsonActionRunner,
|
||||
AuthResult authResult,
|
||||
AuthenticatedRegistrarAccessor registrarAccessor,
|
||||
SendEmailService sendEmailService,
|
||||
DomainLockUtils domainLockUtils,
|
||||
@Config("gSuiteOutgoingEmailAddress") InternetAddress gSuiteOutgoingEmailAddress) {
|
||||
this.req = req;
|
||||
this.jsonActionRunner = jsonActionRunner;
|
||||
this.authResult = authResult;
|
||||
this.registrarAccessor = registrarAccessor;
|
||||
|
|
@ -161,7 +162,7 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc
|
|||
String url =
|
||||
new URIBuilder()
|
||||
.setScheme("https")
|
||||
.setHost(URL_BASE.getHost())
|
||||
.setHost(req.getServerName())
|
||||
.setPath("registry-lock-verify")
|
||||
.setParameter("lockVerificationCode", lock.getVerificationCode())
|
||||
.setParameter("isLock", String.valueOf(isLock))
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import static google.registry.ui.server.registrar.RegistryLockGetActionTest.user
|
|||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.verifyNoMoreInteractions;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import com.google.appengine.api.users.User;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
|
|
@ -56,6 +57,7 @@ import java.util.Map;
|
|||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
import javax.mail.internet.InternetAddress;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.joda.time.Duration;
|
||||
import org.junit.Before;
|
||||
|
|
@ -74,7 +76,7 @@ public final class RegistryLockPostActionTest {
|
|||
private static final String EMAIL_MESSAGE_TEMPLATE =
|
||||
"Please click the link below to perform the lock \\/ unlock action on domain example.tld. "
|
||||
+ "Note: this code will expire in one hour.\n\n"
|
||||
+ "https:\\/\\/localhost\\/registry-lock-verify\\?lockVerificationCode="
|
||||
+ "https:\\/\\/registrarconsole.tld\\/registry-lock-verify\\?lockVerificationCode="
|
||||
+ "[0-9a-zA-Z_\\-]+&isLock=(true|false)";
|
||||
|
||||
private final FakeClock clock = new FakeClock();
|
||||
|
|
@ -93,6 +95,7 @@ public final class RegistryLockPostActionTest {
|
|||
private RegistryLockPostAction action;
|
||||
|
||||
@Mock SendEmailService emailService;
|
||||
@Mock HttpServletRequest mockRequest;
|
||||
@Mock HttpServletResponse mockResponse;
|
||||
|
||||
@Before
|
||||
|
|
@ -103,6 +106,8 @@ public final class RegistryLockPostActionTest {
|
|||
domain = persistResource(newDomainBase("example.tld"));
|
||||
outgoingAddress = new InternetAddress("domain-registry@example.com");
|
||||
|
||||
when(mockRequest.getServerName()).thenReturn("registrarconsole.tld");
|
||||
|
||||
action =
|
||||
createAction(
|
||||
AuthResult.create(AuthLevel.USER, UserAuthInfo.create(userWithLockPermission, false)));
|
||||
|
|
@ -432,6 +437,7 @@ public final class RegistryLockPostActionTest {
|
|||
AsyncTaskEnqueuerTest.createForTesting(
|
||||
mock(AppEngineServiceUtils.class), clock, Duration.ZERO));
|
||||
return new RegistryLockPostAction(
|
||||
mockRequest,
|
||||
jsonActionRunner,
|
||||
authResult,
|
||||
registrarAccessor,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue