Remove the web console EPP endpoint

This removes the "create Domain/Host/Contact" forms that were supposed to be used instead of regular EPPs for CC-TLD that wanted to support it.

We're removing it because we don't use it and want to reduce unneeded code for the registry 3.0 migration.

Also, this is a security risk, as it allowed to do "billable actions" (creating a new domain for example) with the only authentication being access to the registrar's G Suite account.

This bypassed the certificate, IP whitelist, and EPP password, which is bad.

PUBLIC:
Remove the web console EPP endpoint

This removes the "create Domain/Host/Contact" forms that were supposed to be used instead of regular EPPs for CC-TLD that wanted to support it.

We're removing it because we don't use it and want to reduce unneeded code for the registry 3.0 migration.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=236244195

java/google/registry/flows/EppConsoleAction.java

@@ -1,55 +0,0 @@
-// Copyright 2017 The Nomulus Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package google.registry.flows;
-
-import com.google.appengine.api.users.UserService;
-import google.registry.model.eppcommon.ProtocolDefinition;
-import google.registry.request.Action;
-import google.registry.request.Action.Method;
-import google.registry.request.Parameter;
-import google.registry.request.Payload;
-import google.registry.request.auth.Auth;
-import google.registry.request.auth.AuthenticatedRegistrarAccessor;
-import javax.inject.Inject;
-import javax.servlet.http.HttpSession;
-
-/** Runs EPP from the console and requires GAE user authentication. */
-@Action(
-    service = Action.Service.DEFAULT,
-    path = "/registrar-xhr",
-    method = Method.POST,
-    auth = Auth.AUTH_PUBLIC_LOGGED_IN)
-public class EppConsoleAction implements Runnable {
-
-  @Inject @Payload byte[] inputXmlBytes;
-  @Inject HttpSession session;
-  @Inject EppRequestHandler eppRequestHandler;
-  @Inject UserService userService;
-  @Inject AuthenticatedRegistrarAccessor registrarAccessor;
-  @Inject @Parameter("clientId") String clientId;
-  @Inject EppConsoleAction() {}
-
-  @Override
-  public void run() {
-    eppRequestHandler.executeEpp(
-        new StatelessRequestSessionMetadata(clientId,
-            ProtocolDefinition.getVisibleServiceExtensionUris()),
-        new GaeUserCredentials(registrarAccessor),
-        EppRequestSource.CONSOLE,
-        false,  // This endpoint is never a dry run.
-        false,  // This endpoint is never a superuser.
-        inputXmlBytes);
-  }
-}

java/google/registry/flows/GaeUserCredentials.java

@@ -1,54 +0,0 @@
-// Copyright 2017 The Nomulus Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package google.registry.flows;
-
-import static com.google.common.base.MoreObjects.toStringHelper;
-
-import google.registry.flows.EppException.AuthenticationErrorException;
-import google.registry.model.registrar.Registrar;
-import google.registry.request.auth.AuthenticatedRegistrarAccessor;
-import google.registry.request.auth.AuthenticatedRegistrarAccessor.RegistrarAccessDeniedException;
-
-/** Credentials provided by {@link com.google.appengine.api.users.UserService}. */
-public class GaeUserCredentials implements TransportCredentials {
-
-  private final AuthenticatedRegistrarAccessor registrarAccessor;
-
-  public GaeUserCredentials(AuthenticatedRegistrarAccessor registrarAccessor) {
-    this.registrarAccessor = registrarAccessor;
-  }
-
-  @Override
-  public void validate(Registrar registrar, String ignoredPassword)
-      throws AuthenticationErrorException {
-    try {
-      registrarAccessor.verifyAccess(registrar.getClientId());
-    } catch (RegistrarAccessDeniedException e) {
-      throw new UserForbiddenException(e);
-    }
-  }
-
-  @Override
-  public String toString() {
-    return toStringHelper(getClass()).add("user", registrarAccessor.userIdForLogging()).toString();
-  }
-
-  /** GAE User can't access the requested registrar. */
-  public static class UserForbiddenException extends AuthenticationErrorException {
-    public UserForbiddenException(RegistrarAccessDeniedException e) {
-      super(e.getMessage());
-    }
-  }
-}

java/google/registry/flows/session/LoginFlow.java

@@ -51,7 +51,6 @@ import javax.inject.Inject;
  * @error {@link google.registry.flows.EppException.UnimplementedExtensionException}
  * @error {@link google.registry.flows.EppException.UnimplementedObjectServiceException}
  * @error {@link google.registry.flows.EppException.UnimplementedProtocolVersionException}
- * @error {@link google.registry.flows.GaeUserCredentials.UserForbiddenException}
  * @error {@link google.registry.flows.TlsCredentials.BadRegistrarCertificateException}
  * @error {@link google.registry.flows.TlsCredentials.BadRegistrarIpAddressException}
  * @error {@link google.registry.flows.TlsCredentials.MissingRegistrarCertificateException}