From d3a6d5483e6685d207e11a3ef449f7926687074f Mon Sep 17 00:00:00 2001
From: jianglai <jianglai@google.com>
Date: Tue, 26 Feb 2019 13:51:43 -0800
Subject: [PATCH] Do not require auth info in super user transfer

Super users can look up auth info in Datastore or BigQuery backup anyway.
Requiring it only adds friction when using the super user extension, without
any additional security benefit.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=235786090
---
 .../registry/flows/domain/DomainTransferRequestFlow.java    | 6 ++++--
 .../domain_transfer_request_superuser_extension.xml         | 3 ---
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/java/google/registry/flows/domain/DomainTransferRequestFlow.java b/java/google/registry/flows/domain/DomainTransferRequestFlow.java
index 721c9fa17..1d01d1e78 100644
--- a/java/google/registry/flows/domain/DomainTransferRequestFlow.java
+++ b/java/google/registry/flows/domain/DomainTransferRequestFlow.java
@@ -254,8 +254,10 @@ public final class DomainTransferRequestFlow implements TransactionalFlow {
       Optional<DomainTransferRequestSuperuserExtension> superuserExtension)
       throws EppException {
     verifyNoDisallowedStatuses(existingDomain, DISALLOWED_STATUSES);
-    verifyAuthInfoPresentForResourceTransfer(authInfo);
-    verifyAuthInfo(authInfo.get(), existingDomain);
+    if (!isSuperuser) {
+      verifyAuthInfoPresentForResourceTransfer(authInfo);
+      verifyAuthInfo(authInfo.get(), existingDomain);
+    }
     // Verify that the resource does not already have a pending transfer.
     if (TransferStatus.PENDING.equals(existingDomain.getTransferData().getTransferStatus())) {
       throw new AlreadyPendingTransferException(targetId);
diff --git a/javatests/google/registry/flows/domain/testdata/domain_transfer_request_superuser_extension.xml b/javatests/google/registry/flows/domain/testdata/domain_transfer_request_superuser_extension.xml
index 8bb4285a9..3493d18d5 100644
--- a/javatests/google/registry/flows/domain/testdata/domain_transfer_request_superuser_extension.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_transfer_request_superuser_extension.xml
@@ -4,9 +4,6 @@
       <domain:transfer
           xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
         <domain:name>example.tld</domain:name>
-        <domain:authInfo>
-          <domain:pw roid="JD1234-REP">2fooBAR</domain:pw>
-        </domain:authInfo>
       </domain:transfer>
     </transfer>
     <extension>