mirror of
https://github.com/google/nomulus.git
synced 2025-08-04 00:42:12 +02:00
Change @Auth to an AutoValue, and created a set of predefined Auths
We want to be safer and more explicit about the authentication needed by the many actions that exist. As such, we make the 'auth' parameter required in @Action (so it's always clear who can run a specific action) and we replace the @Auth with an enum so that only pre-approved configurations that are aptly named and documented can be used. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=162210306
This commit is contained in:
guyben
Ben McIlwain
parent
5966d8077b
commit
e224a67eda
94 changed files with 614 additions and 511 deletions
|
|
@ -26,6 +26,7 @@ import com.googlecode.objectify.VoidWork;
|
|||
import google.registry.model.ofy.CommitLogCheckpoint;
|
||||
import google.registry.model.ofy.CommitLogCheckpointRoot;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.TaskEnqueuer;
|
||||
|
|
@ -43,9 +44,11 @@ import org.joda.time.DateTime;
|
|||
* <p>This action's supported method is GET rather than POST because it gets invoked via cron.
|
||||
*/
|
||||
@Action(
|
||||
path = "/_dr/cron/commitLogCheckpoint",
|
||||
method = Action.Method.GET,
|
||||
automaticallyPrintOk = true)
|
||||
path = "/_dr/cron/commitLogCheckpoint",
|
||||
method = Action.Method.GET,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class CommitLogCheckpointAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ import google.registry.model.ofy.CommitLogMutation;
|
|||
import google.registry.model.translators.CommitLogRevisionsTranslatorFactory;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import javax.inject.Inject;
|
||||
|
|
@ -60,7 +61,10 @@ import org.joda.time.Duration;
|
|||
* EppResource.
|
||||
*
|
||||
*/
|
||||
@Action(path = "/_dr/task/deleteOldCommitLogs")
|
||||
@Action(
|
||||
path = "/_dr/task/deleteOldCommitLogs",
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class DeleteOldCommitLogsAction implements Runnable {
|
||||
|
||||
private static final int NUM_REDUCE_SHARDS = 10;
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ import google.registry.model.ofy.CommitLogManifest;
|
|||
import google.registry.model.ofy.CommitLogMutation;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
|
|
@ -60,9 +61,11 @@ import org.joda.time.DateTime;
|
|||
|
||||
/** Action that exports the diff between two commit log checkpoints to GCS. */
|
||||
@Action(
|
||||
path = ExportCommitLogDiffAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true)
|
||||
path = ExportCommitLogDiffAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class ExportCommitLogDiffAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ import google.registry.model.ofy.CommitLogMutation;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.Retrier;
|
||||
import java.io.IOException;
|
||||
|
|
@ -59,15 +58,10 @@ import org.joda.time.DateTime;
|
|||
|
||||
/** Restore Registry 2 commit logs from GCS to Datastore. */
|
||||
@Action(
|
||||
path = RestoreCommitLogsAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
path = RestoreCommitLogsAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class RestoreCommitLogsAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ java_library(
|
|||
"//java/google/registry/pricing",
|
||||
"//java/google/registry/request",
|
||||
"//java/google/registry/request:modules",
|
||||
"//java/google/registry/request/auth",
|
||||
"//java/google/registry/util",
|
||||
"//third_party/java/objectify:objectify-v4_1",
|
||||
"@com_google_apis_google_api_services_bigquery",
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@ import google.registry.model.reporting.HistoryEntry;
|
|||
import google.registry.model.transfer.TransferStatus;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.NonFinalForTesting;
|
||||
|
|
@ -103,7 +104,10 @@ import org.joda.time.DateTime;
|
|||
* over all domains and domain applications and checking for any references to the contacts/hosts in
|
||||
* pending deletion.
|
||||
*/
|
||||
@Action(path = "/_dr/task/deleteContactsAndHosts")
|
||||
@Action(
|
||||
path = "/_dr/task/deleteContactsAndHosts",
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class DeleteContactsAndHostsAction implements Runnable {
|
||||
|
||||
static final String KIND_CONTACT = getKind(ContactResource.class);
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ import google.registry.model.registry.Registry.TldType;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.PipelineUtils;
|
||||
import java.util.List;
|
||||
|
|
@ -51,7 +52,11 @@ import javax.inject.Inject;
|
|||
*
|
||||
* <p>See: https://www.youtube.com/watch?v=xuuv0syoHnM
|
||||
*/
|
||||
@Action(path = "/_dr/task/deleteProberData", method = POST)
|
||||
@Action(
|
||||
path = "/_dr/task/deleteProberData",
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class DeleteProberDataAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ import google.registry.model.registry.Registry;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.util.Set;
|
||||
|
|
@ -67,7 +68,10 @@ import org.joda.time.DateTime;
|
|||
* be expanded as a result of the job (the exclusive upper bound being the execution time of the
|
||||
* job).
|
||||
*/
|
||||
@Action(path = "/_dr/task/expandRecurringBillingEvents")
|
||||
@Action(
|
||||
path = "/_dr/task/expandRecurringBillingEvents",
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class ExpandRecurringBillingEventsAction implements Runnable {
|
||||
|
||||
public static final String PARAM_CURSOR_TIME = "cursorTime";
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import google.registry.mapreduce.MapreduceRunner;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.util.Set;
|
||||
|
|
@ -69,7 +70,10 @@ import org.joda.time.DateTime;
|
|||
* are not in FINALIZED or STOPPED state.
|
||||
*/
|
||||
|
||||
@Action(path = "/_dr/task/mapreduceEntityCleanup")
|
||||
@Action(
|
||||
path = "/_dr/task/mapreduceEntityCleanup",
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class MapreduceEntityCleanupAction implements Runnable {
|
||||
|
||||
private static final int DEFAULT_DAYS_OLD = 180;
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ import google.registry.model.domain.DomainResource;
|
|||
import google.registry.model.host.HostResource;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.NonFinalForTesting;
|
||||
|
|
@ -67,7 +68,10 @@ import javax.inject.Named;
|
|||
import org.joda.time.DateTime;
|
||||
|
||||
/** Performs batched DNS refreshes for applicable domains following a host rename. */
|
||||
@Action(path = "/_dr/task/refreshDnsOnHostRename")
|
||||
@Action(
|
||||
path = "/_dr/task/refreshDnsOnHostRename",
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class RefreshDnsOnHostRenameAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -59,6 +59,7 @@ import google.registry.model.index.ForeignKeyIndex.ForeignKeyHostIndex;
|
|||
import google.registry.model.transfer.TransferData.TransferServerApproveEntity;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.NonFinalForTesting;
|
||||
import java.io.Serializable;
|
||||
|
|
@ -88,7 +89,11 @@ import org.joda.time.DateTime;
|
|||
* fullyQualifiedDomainName.
|
||||
* </ul>
|
||||
*/
|
||||
@Action(path = "/_dr/task/verifyEntityIntegrity", method = POST)
|
||||
@Action(
|
||||
path = "/_dr/task/verifyEntityIntegrity",
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class VerifyEntityIntegrityAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ java_library(
|
|||
deps = [
|
||||
"//java/google/registry/model",
|
||||
"//java/google/registry/request",
|
||||
"//java/google/registry/request/auth",
|
||||
"//java/google/registry/util",
|
||||
"//third_party/java/objectify:objectify-v4_1",
|
||||
"@com_google_appengine_api_1_0_sdk",
|
||||
|
|
|
|||
|
|
@ -23,12 +23,17 @@ import com.google.common.base.Optional;
|
|||
import google.registry.model.ofy.CommitLogBucket;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.TaskEnqueuer;
|
||||
import java.util.Random;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/** Action for fanning out cron tasks for each commit log bucket. */
|
||||
@Action(path = "/_dr/cron/commitLogFanout", automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = "/_dr/cron/commitLogFanout",
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class CommitLogFanoutAction implements Runnable {
|
||||
|
||||
public static final String BUCKET_PARAM = "bucket";
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ import google.registry.request.Parameter;
|
|||
import google.registry.request.ParameterMap;
|
||||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.TaskEnqueuer;
|
||||
import java.util.Random;
|
||||
import java.util.Set;
|
||||
|
|
@ -70,7 +71,11 @@ import javax.inject.Inject;
|
|||
* This patharg is mostly useful for aesthetic purposes, since tasks are already namespaced.
|
||||
* </ul>
|
||||
*/
|
||||
@Action(path = "/_dr/cron/fanout", automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = "/_dr/cron/fanout",
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class TldFanoutAction implements Runnable {
|
||||
|
||||
private static final String ENDPOINT_PARAM = "endpoint";
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ java_library(
|
|||
"//java/google/registry/model",
|
||||
"//java/google/registry/monitoring/metrics",
|
||||
"//java/google/registry/request",
|
||||
"//java/google/registry/request/auth",
|
||||
"//java/google/registry/util",
|
||||
"//third_party/java/objectify:objectify-v4_1",
|
||||
"@com_google_appengine_api_1_0_sdk",
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ import google.registry.request.Action;
|
|||
import google.registry.request.HttpException.ServiceUnavailableException;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.DomainNameUtils;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.util.Set;
|
||||
|
|
@ -34,7 +35,12 @@ import javax.inject.Inject;
|
|||
import org.joda.time.Duration;
|
||||
|
||||
/** Task that sends domain and host updates to the DNS server. */
|
||||
@Action(path = PublishDnsUpdatesAction.PATH, method = POST, automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = PublishDnsUpdatesAction.PATH,
|
||||
method = POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class PublishDnsUpdatesAction implements Runnable, Callable<Void> {
|
||||
|
||||
public static final String PATH = "/_dr/task/publishDnsUpdates";
|
||||
|
|
|
|||
|
|
@ -40,6 +40,7 @@ import google.registry.model.registry.Registry;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.TaskEnqueuer;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
|
|
@ -64,7 +65,11 @@ import org.joda.time.Duration;
|
|||
* not.
|
||||
* </ul>
|
||||
*/
|
||||
@Action(path = "/_dr/cron/readDnsQueue", automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = "/_dr/cron/readDnsQueue",
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class ReadDnsQueueAction implements Runnable {
|
||||
|
||||
public static final String KEEP_TASKS_PARAM = "keepTasks";
|
||||
|
|
|
|||
|
|
@ -26,11 +26,16 @@ import google.registry.request.Action;
|
|||
import google.registry.request.HttpException.BadRequestException;
|
||||
import google.registry.request.HttpException.NotFoundException;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/** Action that manually triggers refresh of DNS information. */
|
||||
@Action(path = "/_dr/dnsRefresh", automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = "/_dr/dnsRefresh",
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class RefreshDnsAction implements Runnable {
|
||||
|
||||
@Inject Clock clock;
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ import google.registry.request.Header;
|
|||
import google.registry.request.HttpException.BadRequestException;
|
||||
import google.registry.request.HttpException.NotModifiedException;
|
||||
import google.registry.request.Payload;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.TaskEnqueuer;
|
||||
import java.io.ByteArrayInputStream;
|
||||
|
|
@ -46,9 +47,11 @@ import org.joda.time.Duration;
|
|||
* completion state; otherwise it will return a failure code so that the task will be retried.
|
||||
*/
|
||||
@Action(
|
||||
path = BigqueryPollJobAction.PATH,
|
||||
method = {Action.Method.GET, Action.Method.POST},
|
||||
automaticallyPrintOk = true)
|
||||
path = BigqueryPollJobAction.PATH,
|
||||
method = {Action.Method.GET, Action.Method.POST},
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class BigqueryPollJobAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ import google.registry.request.HttpException.NotModifiedException;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.RequestMethod;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.util.Set;
|
||||
import javax.inject.Inject;
|
||||
|
|
@ -49,7 +50,8 @@ import org.joda.time.format.PeriodFormat;
|
|||
@Action(
|
||||
path = CheckSnapshotAction.PATH,
|
||||
method = {POST, GET},
|
||||
automaticallyPrintOk = true
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class CheckSnapshotAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ import google.registry.model.domain.DomainResource;
|
|||
import google.registry.model.registry.Registry.TldType;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
|
|
@ -52,7 +53,11 @@ import org.joda.time.DateTime;
|
|||
* Each TLD's active domain names are exported as a newline-delimited flat text file with the name
|
||||
* TLD.txt into the domain-lists bucket. Note that this overwrites the files in place.
|
||||
*/
|
||||
@Action(path = "/_dr/task/exportDomainLists", method = POST)
|
||||
@Action(
|
||||
path = "/_dr/task/exportDomainLists",
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class ExportDomainListsAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -27,12 +27,17 @@ import google.registry.request.Action;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.storage.drive.DriveConnection;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/** Action that exports the publicly viewable reserved terms list for a TLD to Google Drive. */
|
||||
@Action(path = "/_dr/task/exportReservedTerms", method = POST)
|
||||
@Action(
|
||||
path = "/_dr/task/exportReservedTerms",
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class ExportReservedTermsAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import static google.registry.request.Action.Method.POST;
|
|||
import google.registry.config.RegistryConfig;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import javax.inject.Inject;
|
||||
|
|
@ -37,7 +38,12 @@ import javax.inject.Inject;
|
|||
* <li>The {@link UpdateSnapshotViewAction} updates the view in latest_snapshot.
|
||||
* </ol>
|
||||
*/
|
||||
@Action(path = ExportSnapshotAction.PATH, method = POST, automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = ExportSnapshotAction.PATH,
|
||||
method = POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class ExportSnapshotAction implements Runnable {
|
||||
|
||||
/** Queue to use for enqueuing the task that will actually launch the backup. */
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@ import google.registry.request.Action;
|
|||
import google.registry.request.HttpException.BadRequestException;
|
||||
import google.registry.request.HttpException.InternalServerErrorException;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.IOException;
|
||||
|
|
@ -50,7 +51,11 @@ import javax.inject.Inject;
|
|||
import org.joda.time.DateTime;
|
||||
|
||||
/** Action to load a Datastore snapshot from Google Cloud Storage into BigQuery. */
|
||||
@Action(path = LoadSnapshotAction.PATH, method = POST)
|
||||
@Action(
|
||||
path = LoadSnapshotAction.PATH,
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class LoadSnapshotAction implements Runnable {
|
||||
|
||||
/** Parameter names for passing parameters into the servlet. */
|
||||
|
|
|
|||
|
|
@ -29,9 +29,6 @@ import google.registry.request.HttpException.InternalServerErrorException;
|
|||
import google.registry.request.JsonActionRunner;
|
||||
import google.registry.request.JsonActionRunner.JsonAction;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.Auth.AuthMethod;
|
||||
import google.registry.request.auth.Auth.UserPolicy;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.storage.drive.DriveConnection;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.FileNotFoundException;
|
||||
|
|
@ -43,12 +40,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = PublishDetailReportAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class PublishDetailReportAction implements Runnable, JsonAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ import google.registry.model.registrar.Registrar;
|
|||
import google.registry.model.registrar.RegistrarContact;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.Retrier;
|
||||
import java.io.IOException;
|
||||
|
|
@ -52,7 +53,11 @@ import javax.inject.Inject;
|
|||
*
|
||||
* <p>This uses the <a href="https://developers.google.com/admin-sdk/directory/">Directory API</a>.
|
||||
*/
|
||||
@Action(path = "/_dr/task/syncGroupMembers", method = POST)
|
||||
@Action(
|
||||
path = "/_dr/task/syncGroupMembers",
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class SyncGroupMembersAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@
|
|||
// limitations under the License.
|
||||
|
||||
package google.registry.export;
|
||||
|
||||
import static google.registry.request.Action.Method.POST;
|
||||
|
||||
import com.google.api.client.googleapis.json.GoogleJsonResponseException;
|
||||
|
|
@ -27,13 +28,18 @@ import google.registry.config.RegistryConfig.Config;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.HttpException.InternalServerErrorException;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.SqlTemplate;
|
||||
import java.io.IOException;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/** Update a well-known view to point at a certain Datastore snapshot table in BigQuery. */
|
||||
@Action(path = UpdateSnapshotViewAction.PATH, method = POST)
|
||||
@Action(
|
||||
path = UpdateSnapshotViewAction.PATH,
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class UpdateSnapshotViewAction implements Runnable {
|
||||
|
||||
/** Headers for passing parameters into the servlet. */
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ java_library(
|
|||
"//java/google/registry/config",
|
||||
"//java/google/registry/model",
|
||||
"//java/google/registry/request",
|
||||
"//java/google/registry/request/auth",
|
||||
"//java/google/registry/util",
|
||||
"//third_party/java/objectify:objectify-v4_1",
|
||||
"@com_google_api_client",
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ import google.registry.model.server.Lock;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.NonFinalForTesting;
|
||||
import java.io.IOException;
|
||||
|
|
@ -60,7 +61,11 @@ import org.joda.time.Duration;
|
|||
*
|
||||
* @see SyncRegistrarsSheet
|
||||
*/
|
||||
@Action(path = SyncRegistrarsSheetAction.PATH, method = POST)
|
||||
@Action(
|
||||
path = SyncRegistrarsSheetAction.PATH,
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class SyncRegistrarsSheetAction implements Runnable {
|
||||
|
||||
private enum Result {
|
||||
|
|
|
|||
|
|
@ -46,7 +46,6 @@ import google.registry.request.Parameter;
|
|||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.util.Map;
|
||||
import javax.inject.Inject;
|
||||
|
|
@ -61,7 +60,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
*/
|
||||
@Action(
|
||||
path = "/check",
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public class CheckApiAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.Action.Method;
|
||||
import google.registry.request.Payload;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
|
|
@ -27,12 +26,7 @@ import javax.servlet.http.HttpSession;
|
|||
@Action(
|
||||
path = "/registrar-xhr",
|
||||
method = Method.POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},
|
||||
minimumLevel = AuthLevel.USER,
|
||||
userPolicy = Auth.UserPolicy.PUBLIC
|
||||
)
|
||||
auth = Auth.AUTH_PUBLIC_LOGGED_IN
|
||||
)
|
||||
public class EppConsoleAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.Action.Method;
|
||||
import google.registry.request.Payload;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import javax.inject.Inject;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
|
@ -30,12 +29,7 @@ import javax.servlet.http.HttpSession;
|
|||
@Action(
|
||||
path = "/_dr/epp",
|
||||
method = Method.POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class EppTlsAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.Action.Method;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
|
|
@ -33,12 +32,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
@Action(
|
||||
path = "/_dr/epptool",
|
||||
method = Method.POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class EppToolAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -34,7 +34,6 @@ import google.registry.config.RegistryEnvironment;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.security.XsrfTokenManager;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.TaskEnqueuer;
|
||||
|
|
@ -58,12 +57,7 @@ import org.joda.time.DateTime;
|
|||
path = LoadTestAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class LoadTestAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ java_library(
|
|||
"//java/google/registry/monitoring/metrics",
|
||||
"//java/google/registry/monitoring/metrics/stackdriver",
|
||||
"//java/google/registry/request",
|
||||
"//java/google/registry/request/auth",
|
||||
"//java/google/registry/util",
|
||||
"//third_party/java/objectify:objectify-v4_1",
|
||||
"@com_google_apis_google_api_services_bigquery",
|
||||
|
|
|
|||
|
|
@ -36,13 +36,18 @@ import google.registry.config.RegistryConfig.Config;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.ParameterMap;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.IOException;
|
||||
import java.util.Map;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/** Action for exporting metrics to BigQuery. */
|
||||
@Action(path = MetricsExportAction.PATH, method = POST)
|
||||
@Action(
|
||||
path = MetricsExportAction.PATH,
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class MetricsExportAction implements Runnable {
|
||||
|
||||
public static final String PATH = "/_dr/task/metrics";
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ import com.google.common.collect.ImmutableMap;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.HttpException.NotImplementedException;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/**
|
||||
|
|
@ -34,7 +33,7 @@ import javax.inject.Inject;
|
|||
path = RdapAutnumAction.PATH,
|
||||
method = {GET, HEAD},
|
||||
isPrefix = true,
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public class RdapAutnumAction extends RdapActionBase {
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import google.registry.rdap.RdapJsonFormatter.OutputDataType;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.HttpException.NotFoundException;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import javax.inject.Inject;
|
||||
import org.joda.time.DateTime;
|
||||
|
|
@ -34,7 +33,7 @@ import org.joda.time.DateTime;
|
|||
path = RdapDomainAction.PATH,
|
||||
method = {GET, HEAD},
|
||||
isPrefix = true,
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public class RdapDomainAction extends RdapActionBase {
|
||||
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ import google.registry.request.HttpException.NotFoundException;
|
|||
import google.registry.request.HttpException.UnprocessableEntityException;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.Idn;
|
||||
|
|
@ -66,7 +65,7 @@ import org.joda.time.DateTime;
|
|||
@Action(
|
||||
path = RdapDomainSearchAction.PATH,
|
||||
method = {GET, HEAD},
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public class RdapDomainSearchAction extends RdapActionBase {
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.HttpException.BadRequestException;
|
||||
import google.registry.request.HttpException.NotFoundException;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import javax.inject.Inject;
|
||||
import org.joda.time.DateTime;
|
||||
|
|
@ -51,7 +50,7 @@ import org.joda.time.DateTime;
|
|||
path = RdapEntityAction.PATH,
|
||||
method = {GET, HEAD},
|
||||
isPrefix = true,
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public class RdapEntityAction extends RdapActionBase {
|
||||
|
||||
|
|
|
|||
|
|
@ -41,7 +41,6 @@ import google.registry.request.HttpException.NotFoundException;
|
|||
import google.registry.request.HttpException.UnprocessableEntityException;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
|
@ -61,7 +60,7 @@ import org.joda.time.DateTime;
|
|||
@Action(
|
||||
path = RdapEntitySearchAction.PATH,
|
||||
method = {GET, HEAD},
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public class RdapEntitySearchAction extends RdapActionBase {
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ import com.google.common.collect.ImmutableMap;
|
|||
import google.registry.rdap.RdapJsonFormatter.BoilerplateType;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import javax.inject.Inject;
|
||||
|
||||
|
|
@ -31,7 +30,7 @@ import javax.inject.Inject;
|
|||
path = RdapHelpAction.PATH,
|
||||
method = {GET, HEAD},
|
||||
isPrefix = true,
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public class RdapHelpAction extends RdapActionBase {
|
||||
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ import com.google.common.collect.ImmutableMap;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.HttpException.NotImplementedException;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/**
|
||||
|
|
@ -34,7 +33,7 @@ import javax.inject.Inject;
|
|||
path = RdapIpAction.PATH,
|
||||
method = {GET, HEAD},
|
||||
isPrefix = true,
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public class RdapIpAction extends RdapActionBase {
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import google.registry.rdap.RdapJsonFormatter.OutputDataType;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.HttpException.NotFoundException;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import javax.inject.Inject;
|
||||
import org.joda.time.DateTime;
|
||||
|
|
@ -34,7 +33,7 @@ import org.joda.time.DateTime;
|
|||
path = RdapNameserverAction.PATH,
|
||||
method = {GET, HEAD},
|
||||
isPrefix = true,
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public class RdapNameserverAction extends RdapActionBase {
|
||||
|
||||
|
|
|
|||
|
|
@ -37,7 +37,6 @@ import google.registry.request.HttpException.BadRequestException;
|
|||
import google.registry.request.HttpException.NotFoundException;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.Idn;
|
||||
import java.net.InetAddress;
|
||||
|
|
@ -58,7 +57,7 @@ import org.joda.time.DateTime;
|
|||
@Action(
|
||||
path = RdapNameserverSearchAction.PATH,
|
||||
method = {GET, HEAD},
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public class RdapNameserverSearchAction extends RdapActionBase {
|
||||
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ java_library(
|
|||
"//java/google/registry/mapreduce/inputs",
|
||||
"//java/google/registry/model",
|
||||
"//java/google/registry/request",
|
||||
"//java/google/registry/request/auth",
|
||||
"//java/google/registry/tldconfig/idn",
|
||||
"//java/google/registry/util",
|
||||
"//java/google/registry/xjc",
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ import google.registry.model.rde.RdeNamingUtils;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.IOException;
|
||||
|
|
@ -52,7 +53,12 @@ import org.joda.time.DateTime;
|
|||
*
|
||||
* @see <a href="http://newgtlds.icann.org/en/applicants/agb/agreement-approved-09jan14-en.htm">Registry Agreement</a>
|
||||
*/
|
||||
@Action(path = BrdaCopyAction.PATH, method = POST, automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = BrdaCopyAction.PATH,
|
||||
method = POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class BrdaCopyAction implements Runnable {
|
||||
|
||||
static final String PATH = "/_dr/task/brdaCopy";
|
||||
|
|
|
|||
|
|
@ -36,6 +36,7 @@ import google.registry.request.HttpException.NoContentException;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
|
@ -48,7 +49,11 @@ import org.joda.time.Duration;
|
|||
/**
|
||||
* Action that uploads a small XML RDE report to ICANN after {@link RdeUploadAction} has finished.
|
||||
*/
|
||||
@Action(path = RdeReportAction.PATH, method = POST)
|
||||
@Action(
|
||||
path = RdeReportAction.PATH,
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class RdeReportAction implements Runnable, EscrowTask {
|
||||
|
||||
static final String PATH = "/_dr/task/rdeReport";
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ import google.registry.request.HttpException.BadRequestException;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import javax.inject.Inject;
|
||||
|
|
@ -187,7 +188,8 @@ import org.joda.time.Duration;
|
|||
*/
|
||||
@Action(
|
||||
path = RdeStagingAction.PATH,
|
||||
method = {GET, POST}
|
||||
method = {GET, POST},
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class RdeStagingAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -48,6 +48,7 @@ import google.registry.request.HttpException.ServiceUnavailableException;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.Retrier;
|
||||
|
|
@ -77,7 +78,11 @@ import org.joda.time.Duration;
|
|||
* <p>Once this action completes, it rolls the cursor forward a day and triggers
|
||||
* {@link RdeReportAction}.
|
||||
*/
|
||||
@Action(path = RdeUploadAction.PATH, method = POST)
|
||||
@Action(
|
||||
path = RdeUploadAction.PATH,
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class RdeUploadAction implements Runnable, EscrowTask {
|
||||
|
||||
static final String PATH = "/_dr/task/rdeUpload";
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ java_library(
|
|||
"//java/google/registry/model",
|
||||
"//java/google/registry/pricing",
|
||||
"//java/google/registry/request",
|
||||
"//java/google/registry/request/auth",
|
||||
"//java/google/registry/util",
|
||||
"//java/google/registry/xjc",
|
||||
"//java/google/registry/xml",
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import google.registry.model.contact.ContactResource;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.SystemClock;
|
||||
import google.registry.xjc.JaxbFragment;
|
||||
|
|
@ -45,7 +46,10 @@ import javax.inject.Inject;
|
|||
*
|
||||
* <p>Specify the escrow file to import with the "path" parameter.
|
||||
*/
|
||||
@Action(path = "/_dr/task/importRdeContacts")
|
||||
@Action(
|
||||
path = "/_dr/task/importRdeContacts",
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class RdeContactImportAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ import google.registry.model.transfer.TransferStatus;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.SystemClock;
|
||||
import google.registry.xjc.JaxbFragment;
|
||||
|
|
@ -63,7 +64,10 @@ import org.joda.money.Money;
|
|||
*
|
||||
* <p>Specify the escrow file to import with the "path" parameter.
|
||||
*/
|
||||
@Action(path = "/_dr/task/importRdeDomains")
|
||||
@Action(
|
||||
path = "/_dr/task/importRdeDomains",
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class RdeDomainImportAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import google.registry.model.host.HostResource;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.SystemClock;
|
||||
import google.registry.xjc.JaxbFragment;
|
||||
|
|
@ -45,7 +46,10 @@ import javax.inject.Inject;
|
|||
*
|
||||
* <p>Specify the escrow file to import with the "path" parameter.
|
||||
*/
|
||||
@Action(path = "/_dr/task/importRdeHosts")
|
||||
@Action(
|
||||
path = "/_dr/task/importRdeHosts",
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class RdeHostImportAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import google.registry.model.host.HostResource;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.xjc.JaxbFragment;
|
||||
import google.registry.xjc.rdehost.XjcRdeHost;
|
||||
|
|
@ -51,7 +52,10 @@ import org.joda.time.DateTime;
|
|||
*
|
||||
* <p>Specify the escrow file to import with the "path" parameter.
|
||||
*/
|
||||
@Action(path = "/_dr/task/linkRdeHosts")
|
||||
@Action(
|
||||
path = "/_dr/task/linkRdeHosts",
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class RdeHostLinkAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -30,9 +30,6 @@ import google.registry.request.Parameter;
|
|||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.Auth.AuthMethod;
|
||||
import google.registry.request.auth.Auth.UserPolicy;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.Retrier;
|
||||
import google.registry.xml.XmlException;
|
||||
|
|
@ -48,14 +45,9 @@ import javax.inject.Inject;
|
|||
*
|
||||
*/
|
||||
@Action(
|
||||
path = IcannReportingUploadAction.PATH,
|
||||
method = POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {AuthMethod.INTERNAL, AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = UserPolicy.ADMIN
|
||||
)
|
||||
path = IcannReportingUploadAction.PATH,
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class IcannReportingUploadAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -47,5 +47,5 @@ public @interface Action {
|
|||
boolean automaticallyPrintOk() default false;
|
||||
|
||||
/** Authentication settings. */
|
||||
Auth auth() default @Auth;
|
||||
Auth auth();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ public class RequestHandler<C> {
|
|||
return;
|
||||
}
|
||||
Optional<AuthResult> authResult =
|
||||
requestAuthenticator.authorize(route.get().action().auth(), req);
|
||||
requestAuthenticator.authorize(route.get().action().auth().authSettings(), req);
|
||||
if (!authResult.isPresent()) {
|
||||
rsp.sendError(SC_FORBIDDEN, "Not authorized");
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -90,9 +90,9 @@ public class RouterDisplayHelper {
|
|||
route.actionClass().getSimpleName(),
|
||||
Joiner.on(",").join(route.action().method()),
|
||||
route.action().automaticallyPrintOk() ? "y" : "n",
|
||||
Joiner.on(",").join(route.action().auth().methods()),
|
||||
route.action().auth().minimumLevel(),
|
||||
route.action().auth().userPolicy());
|
||||
Joiner.on(",").join(route.action().auth().authSettings().methods()),
|
||||
route.action().auth().authSettings().minimumLevel(),
|
||||
route.action().auth().authSettings().userPolicy());
|
||||
}
|
||||
|
||||
private static String formatRoutes(Iterable<Route> routes) {
|
||||
|
|
@ -119,11 +119,11 @@ public class RouterDisplayHelper {
|
|||
if (len > methodsWidth) {
|
||||
methodsWidth = len;
|
||||
}
|
||||
len = Joiner.on(",").join(route.action().auth().methods()).length();
|
||||
len = Joiner.on(",").join(route.action().auth().authSettings().methods()).length();
|
||||
if (len > authMethodsWidth) {
|
||||
authMethodsWidth = len;
|
||||
}
|
||||
len = route.action().auth().minimumLevel().toString().length();
|
||||
len = route.action().auth().authSettings().minimumLevel().toString().length();
|
||||
if (len > minLevelWidth) {
|
||||
minLevelWidth = len;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,53 +14,74 @@
|
|||
|
||||
package google.registry.request.auth;
|
||||
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import google.registry.request.auth.RequestAuthenticator.AuthMethod;
|
||||
import google.registry.request.auth.RequestAuthenticator.AuthSettings;
|
||||
import google.registry.request.auth.RequestAuthenticator.UserPolicy;
|
||||
|
||||
/** Annotation used to configure authentication settings for Actions. */
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target(ElementType.TYPE)
|
||||
public @interface Auth {
|
||||
/** Enum used to configure authentication settings for Actions. */
|
||||
public enum Auth {
|
||||
|
||||
/** Available methods for authentication. */
|
||||
public enum AuthMethod {
|
||||
/**
|
||||
* Allows anyone access, doesn't attempt to authenticate user.
|
||||
*
|
||||
* Will never return absent(), but only authenticates access from App Engine task-queues. For
|
||||
* everyone else - returns NOT_AUTHENTICATED.
|
||||
*/
|
||||
AUTH_PUBLIC_ANONYMOUS(
|
||||
ImmutableList.of(AuthMethod.INTERNAL),
|
||||
AuthLevel.NONE,
|
||||
UserPolicy.PUBLIC),
|
||||
|
||||
/** App Engine internal authentication. Must always be provided as the first method. */
|
||||
INTERNAL,
|
||||
/**
|
||||
* Allows anyone access, does attempt to authenticate user.
|
||||
*
|
||||
* If a user is logged in, will authenticate (and return) them. Otherwise, access is still
|
||||
* granted, but NOT_AUTHENTICATED is returned.
|
||||
*
|
||||
* Will never return absent().
|
||||
*/
|
||||
AUTH_PUBLIC(
|
||||
ImmutableList.of(AuthMethod.INTERNAL, AuthMethod.API, AuthMethod.LEGACY),
|
||||
AuthLevel.NONE,
|
||||
UserPolicy.PUBLIC),
|
||||
|
||||
/** Authentication methods suitable for API-style access, such as OAuth 2. */
|
||||
API,
|
||||
/**
|
||||
* Allows anyone access, as long as they are logged in.
|
||||
*
|
||||
* Does not allow access from App Engine task-queues.
|
||||
*/
|
||||
AUTH_PUBLIC_LOGGED_IN(
|
||||
ImmutableList.of(AuthMethod.API, AuthMethod.LEGACY),
|
||||
AuthLevel.USER,
|
||||
UserPolicy.PUBLIC),
|
||||
|
||||
/** Legacy authentication using cookie-based App Engine Users API. Must come last if present. */
|
||||
LEGACY
|
||||
/**
|
||||
* Allows only admins or App Engine task-queue access.
|
||||
*/
|
||||
AUTH_INTERNAL_OR_ADMIN(
|
||||
ImmutableList.of(AuthMethod.INTERNAL, AuthMethod.API),
|
||||
AuthLevel.APP,
|
||||
UserPolicy.ADMIN),
|
||||
|
||||
/**
|
||||
* Allows only internal (App Engine task-queue) access.
|
||||
*/
|
||||
AUTH_INTERNAL_ONLY(
|
||||
ImmutableList.of(AuthMethod.INTERNAL),
|
||||
AuthLevel.APP,
|
||||
UserPolicy.IGNORED);
|
||||
|
||||
private final AuthSettings authSettings;
|
||||
|
||||
Auth(
|
||||
ImmutableList<AuthMethod> methods,
|
||||
AuthLevel minimumLevel,
|
||||
UserPolicy userPolicy) {
|
||||
authSettings = AuthSettings.create(methods, minimumLevel, userPolicy);
|
||||
}
|
||||
|
||||
/** User authorization policy options. */
|
||||
public enum UserPolicy {
|
||||
|
||||
/** This action ignores end users; the only configured auth method must be INTERNAL. */
|
||||
IGNORED,
|
||||
|
||||
/** No user policy is enforced; anyone can access this action. */
|
||||
PUBLIC,
|
||||
|
||||
/**
|
||||
* If there is a user, it must be an admin, as determined by isUserAdmin().
|
||||
*
|
||||
* <p>Note that, according to App Engine, anybody with access to the app in the GCP Console,
|
||||
* including editors and viewers, is an admin.
|
||||
*/
|
||||
ADMIN
|
||||
public AuthSettings authSettings() {
|
||||
return authSettings;
|
||||
}
|
||||
|
||||
/** Enabled authentication methods for this action. */
|
||||
AuthMethod[] methods() default { AuthMethod.INTERNAL };
|
||||
|
||||
/** Required minimum level of authentication for this action. */
|
||||
AuthLevel minimumLevel() default AuthLevel.APP;
|
||||
|
||||
/** Required user authorization policy for this action. */
|
||||
UserPolicy userPolicy() default UserPolicy.IGNORED;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,10 +16,12 @@ package google.registry.request.auth;
|
|||
|
||||
import static com.google.common.base.Preconditions.checkArgument;
|
||||
|
||||
import com.google.auto.value.AutoValue;
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
import com.google.common.base.Optional;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.collect.Ordering;
|
||||
import com.google.errorprone.annotations.Immutable;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import javax.inject.Inject;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
|
@ -44,6 +46,57 @@ public class RequestAuthenticator {
|
|||
this.legacyAuthenticationMechanism = legacyAuthenticationMechanism;
|
||||
}
|
||||
|
||||
/**
|
||||
* Parameters used to configure the authenticator.
|
||||
*
|
||||
* AuthSettings shouldn't be used directly, instead - use one of the predefined {@link Auth} enum
|
||||
* values.
|
||||
*/
|
||||
@Immutable
|
||||
@AutoValue
|
||||
public abstract static class AuthSettings {
|
||||
|
||||
public abstract ImmutableList<AuthMethod> methods();
|
||||
public abstract AuthLevel minimumLevel();
|
||||
public abstract UserPolicy userPolicy();
|
||||
|
||||
static AuthSettings create(
|
||||
ImmutableList<AuthMethod> methods, AuthLevel minimumLevel, UserPolicy userPolicy) {
|
||||
return new AutoValue_RequestAuthenticator_AuthSettings(methods, minimumLevel, userPolicy);
|
||||
}
|
||||
}
|
||||
|
||||
/** Available methods for authentication. */
|
||||
public enum AuthMethod {
|
||||
|
||||
/** App Engine internal authentication. Must always be provided as the first method. */
|
||||
INTERNAL,
|
||||
|
||||
/** Authentication methods suitable for API-style access, such as OAuth 2. */
|
||||
API,
|
||||
|
||||
/** Legacy authentication using cookie-based App Engine Users API. Must come last if present. */
|
||||
LEGACY
|
||||
}
|
||||
|
||||
/** User authorization policy options. */
|
||||
public enum UserPolicy {
|
||||
|
||||
/** This action ignores end users; the only configured auth method must be INTERNAL. */
|
||||
IGNORED,
|
||||
|
||||
/** No user policy is enforced; anyone can access this action. */
|
||||
PUBLIC,
|
||||
|
||||
/**
|
||||
* If there is a user, it must be an admin, as determined by isUserAdmin().
|
||||
*
|
||||
* <p>Note that, according to App Engine, anybody with access to the app in the GCP Console,
|
||||
* including editors and viewers, is an admin.
|
||||
*/
|
||||
ADMIN
|
||||
}
|
||||
|
||||
/**
|
||||
* Attempts to authenticate and authorize the user, according to the settings of the action.
|
||||
*
|
||||
|
|
@ -54,7 +107,7 @@ public class RequestAuthenticator {
|
|||
* not; authentication can be "successful" even without any authentication if the action's
|
||||
* auth settings are set to NONE -- in this case, NOT_AUTHENTICATED is returned
|
||||
*/
|
||||
public Optional<AuthResult> authorize(Auth auth, HttpServletRequest req) {
|
||||
public Optional<AuthResult> authorize(AuthSettings auth, HttpServletRequest req) {
|
||||
logger.infofmt("Action requires auth: %s", auth);
|
||||
AuthResult authResult = authenticate(auth, req);
|
||||
switch (auth.minimumLevel()) {
|
||||
|
|
@ -104,15 +157,15 @@ public class RequestAuthenticator {
|
|||
* @param req the {@link HttpServletRequest}; some authentication mechanisms use HTTP headers
|
||||
* @return an authentication result; if no authentication was made, returns NOT_AUTHENTICATED
|
||||
*/
|
||||
private AuthResult authenticate(Auth auth, HttpServletRequest req) {
|
||||
private AuthResult authenticate(AuthSettings auth, HttpServletRequest req) {
|
||||
checkAuthConfig(auth);
|
||||
for (Auth.AuthMethod authMethod : auth.methods()) {
|
||||
for (AuthMethod authMethod : auth.methods()) {
|
||||
switch (authMethod) {
|
||||
// App Engine internal authentication, using the queue name header
|
||||
case INTERNAL:
|
||||
// checkAuthConfig will have insured that the user policy is not USER.
|
||||
logger.info("Checking internal auth");
|
||||
// INTERNAL should be skipped if a user is required.
|
||||
if (auth.minimumLevel() != AuthLevel.USER) {
|
||||
{
|
||||
AuthResult authResult = appEngineInternalAuthenticationMechanism.authenticate(req);
|
||||
if (authResult.isAuthenticated()) {
|
||||
logger.infofmt("Authenticated: %s", authResult);
|
||||
|
|
@ -148,25 +201,20 @@ public class RequestAuthenticator {
|
|||
return AuthResult.NOT_AUTHENTICATED;
|
||||
}
|
||||
|
||||
/** Validates an Auth object, checking for invalid setting combinations. */
|
||||
void checkAuthConfig(Auth auth) {
|
||||
ImmutableList<Auth.AuthMethod> authMethods = ImmutableList.copyOf(auth.methods());
|
||||
/** Validates an AuthSettings object, checking for invalid setting combinations. */
|
||||
static void checkAuthConfig(AuthSettings auth) {
|
||||
ImmutableList<AuthMethod> authMethods = ImmutableList.copyOf(auth.methods());
|
||||
checkArgument(!authMethods.isEmpty(), "Must specify at least one auth method");
|
||||
checkArgument(
|
||||
Ordering.explicit(Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY)
|
||||
Ordering.explicit(AuthMethod.INTERNAL, AuthMethod.API, AuthMethod.LEGACY)
|
||||
.isStrictlyOrdered(authMethods),
|
||||
"Auth methods must be unique and strictly in order - INTERNAL, API, LEGACY");
|
||||
checkArgument(
|
||||
authMethods.contains(Auth.AuthMethod.INTERNAL),
|
||||
"Auth method INTERNAL must always be specified, and as the first auth method");
|
||||
if (authMethods.equals(ImmutableList.of(Auth.AuthMethod.INTERNAL))) {
|
||||
checkArgument(
|
||||
!auth.minimumLevel().equals(AuthLevel.USER),
|
||||
"Actions with only INTERNAL auth may not require USER auth level");
|
||||
} else {
|
||||
checkArgument(
|
||||
!auth.userPolicy().equals(Auth.UserPolicy.IGNORED),
|
||||
"Actions with auth methods beyond INTERNAL must not specify the IGNORED user policy");
|
||||
}
|
||||
!(authMethods.contains(AuthMethod.INTERNAL) && auth.minimumLevel().equals(AuthLevel.USER)),
|
||||
"Actions with INTERNAL auth method may not require USER auth level");
|
||||
checkArgument(
|
||||
!(auth.userPolicy().equals(UserPolicy.IGNORED)
|
||||
&& !authMethods.equals(ImmutableList.of(AuthMethod.INTERNAL))),
|
||||
"Actions with auth methods beyond INTERNAL must not specify the IGNORED user policy");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ java_library(
|
|||
"//java/google/registry/keyring/api",
|
||||
"//java/google/registry/model",
|
||||
"//java/google/registry/request",
|
||||
"//java/google/registry/request/auth",
|
||||
"//java/google/registry/util",
|
||||
"//java/google/registry/xml",
|
||||
"//third_party/java/objectify:objectify-v4_1",
|
||||
|
|
|
|||
|
|
@ -39,6 +39,7 @@ import google.registry.config.RegistryConfig.Config;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.UrlFetchException;
|
||||
|
|
@ -57,7 +58,12 @@ import org.joda.time.Duration;
|
|||
*
|
||||
* @see NordnVerifyAction
|
||||
*/
|
||||
@Action(path = NordnUploadAction.PATH, method = Action.Method.POST, automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = NordnUploadAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class NordnUploadAction implements Runnable {
|
||||
|
||||
static final String PATH = "/_dr/task/nordnUpload";
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import google.registry.request.HttpException.ConflictException;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.RequestParameters;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.UrlFetchException;
|
||||
import java.io.IOException;
|
||||
|
|
@ -51,7 +52,12 @@ import javax.inject.Inject;
|
|||
* @see <a href="http://tools.ietf.org/html/draft-lozano-tmch-func-spec-08#section-5.2.3.3">
|
||||
* http://tools.ietf.org/html/draft-lozano-tmch-func-spec-08#section-5.2.3.3</a>
|
||||
*/
|
||||
@Action(path = NordnVerifyAction.PATH, method = Action.Method.POST, automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = NordnVerifyAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class NordnVerifyAction implements Runnable {
|
||||
|
||||
public static final String PARAM_CSV_DATA = "csvData";
|
||||
|
|
|
|||
|
|
@ -20,13 +20,19 @@ import static java.nio.charset.StandardCharsets.UTF_8;
|
|||
import com.google.common.base.Optional;
|
||||
import google.registry.config.RegistryConfig.Config;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import java.io.IOException;
|
||||
import java.net.URL;
|
||||
import java.security.GeneralSecurityException;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/** Action to download the latest ICANN TMCH CRL from MarksDB. */
|
||||
@Action(path = "/_dr/task/tmchCrl", method = POST, automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = "/_dr/task/tmchCrl",
|
||||
method = POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class TmchCrlAction implements Runnable {
|
||||
|
||||
@Inject Marksdb marksdb;
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import com.google.common.base.Optional;
|
|||
import google.registry.keyring.api.KeyModule.Key;
|
||||
import google.registry.model.tmch.ClaimsListShard;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.IOException;
|
||||
import java.security.SignatureException;
|
||||
|
|
@ -28,7 +29,12 @@ import javax.inject.Inject;
|
|||
import org.bouncycastle.openpgp.PGPException;
|
||||
|
||||
/** Action to download the latest domain name list (aka claims list) from MarksDB. */
|
||||
@Action(path = "/_dr/task/tmchDnl", method = POST, automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = "/_dr/task/tmchDnl",
|
||||
method = POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class TmchDnlAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import com.google.common.base.Optional;
|
|||
import google.registry.keyring.api.KeyModule.Key;
|
||||
import google.registry.model.smd.SignedMarkRevocationList;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.IOException;
|
||||
import java.security.SignatureException;
|
||||
|
|
@ -28,7 +29,12 @@ import javax.inject.Inject;
|
|||
import org.bouncycastle.openpgp.PGPException;
|
||||
|
||||
/** Action to download the latest signed mark revocation list from MarksDB. */
|
||||
@Action(path = "/_dr/task/tmchSmdrl", method = POST, automaticallyPrintOk = true)
|
||||
@Action(
|
||||
path = "/_dr/task/tmchSmdrl",
|
||||
method = POST,
|
||||
automaticallyPrintOk = true,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public final class TmchSmdrlAction implements Runnable {
|
||||
|
||||
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ import google.registry.request.HttpException.InternalServerErrorException;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Concurrent;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.PrintWriter;
|
||||
|
|
@ -46,12 +45,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = CreateGroupsAction.PATH,
|
||||
method = POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class CreateGroupsAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,6 @@ import google.registry.model.registry.label.PremiumList;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import java.util.List;
|
||||
import javax.inject.Inject;
|
||||
|
||||
|
|
@ -37,12 +36,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = CreatePremiumListAction.PATH,
|
||||
method = POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class CreatePremiumListAction extends CreateOrUpdatePremiumListAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,6 @@ import google.registry.request.HttpException.BadRequestException;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import javax.inject.Inject;
|
||||
|
||||
|
|
@ -51,12 +50,7 @@ import javax.inject.Inject;
|
|||
*/
|
||||
@Action(
|
||||
path = DeleteEntityAction.PATH,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class DeleteEntityAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.HttpException.BadRequestException;
|
||||
import google.registry.request.JsonActionRunner;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
|
|
@ -72,14 +71,9 @@ import org.joda.time.Duration;
|
|||
* 29 days in the past, and must be at midnight UTC.
|
||||
*/
|
||||
@Action(
|
||||
path = GenerateZoneFilesAction.PATH,
|
||||
method = POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
path = GenerateZoneFilesAction.PATH,
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class GenerateZoneFilesAction implements Runnable, JsonActionRunner.JsonAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import google.registry.model.ofy.CommitLogBucket;
|
|||
import google.registry.model.ofy.CommitLogCheckpointRoot;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import java.util.Arrays;
|
||||
import javax.inject.Inject;
|
||||
|
||||
|
|
@ -43,7 +44,11 @@ import javax.inject.Inject;
|
|||
* which only admin users can do. That makes this command hard to use, which is appropriate, given
|
||||
* the drastic consequences of accidental execution.
|
||||
*/
|
||||
@Action(path = "/_dr/task/killAllCommitLogs", method = POST)
|
||||
@Action(
|
||||
path = "/_dr/task/killAllCommitLogs",
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class KillAllCommitLogsAction implements Runnable {
|
||||
|
||||
@Inject MapreduceRunner mrRunner;
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import google.registry.model.index.EppResourceIndex;
|
|||
import google.registry.model.index.ForeignKeyIndex;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/**
|
||||
|
|
@ -42,7 +43,11 @@ import javax.inject.Inject;
|
|||
* which only admin users can do. That makes this command hard to use, which is appropriate, given
|
||||
* the drastic consequences of accidental execution.
|
||||
*/
|
||||
@Action(path = "/_dr/task/killAllEppResources", method = POST)
|
||||
@Action(
|
||||
path = "/_dr/task/killAllEppResources",
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class KillAllEppResourcesAction implements Runnable {
|
||||
|
||||
@Inject MapreduceRunner mrRunner;
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ import google.registry.model.domain.DomainResource;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import java.util.Comparator;
|
||||
import java.util.List;
|
||||
|
|
@ -37,12 +36,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = ListDomainsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListDomainsAction extends ListObjectsAction<DomainResource> {
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import google.registry.model.EppResourceUtils;
|
|||
import google.registry.model.host.HostResource;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import java.util.Comparator;
|
||||
import javax.inject.Inject;
|
||||
|
|
@ -35,12 +34,7 @@ import org.joda.time.DateTime;
|
|||
@Action(
|
||||
path = ListHostsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListHostsAction extends ListObjectsAction<HostResource> {
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ import com.google.common.collect.ImmutableSet;
|
|||
import google.registry.model.registry.label.PremiumList;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/**
|
||||
|
|
@ -32,12 +31,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = ListPremiumListsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListPremiumListsAction extends ListObjectsAction<PremiumList> {
|
||||
|
||||
|
|
|
|||
|
|
@ -23,19 +23,13 @@ import com.google.common.collect.ImmutableSet;
|
|||
import google.registry.model.registrar.Registrar;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/** An action that lists registrars, for use by the {@code nomulus list_registrars} command. */
|
||||
@Action(
|
||||
path = ListRegistrarsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListRegistrarsAction extends ListObjectsAction<Registrar> {
|
||||
|
||||
|
|
|
|||
|
|
@ -23,19 +23,13 @@ import com.google.common.collect.ImmutableSet;
|
|||
import google.registry.model.registry.label.ReservedList;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/** A that lists reserved lists, for use by the {@code nomulus list_reserved_lists} command. */
|
||||
@Action(
|
||||
path = ListReservedListsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListReservedListsAction extends ListObjectsAction<ReservedList> {
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,6 @@ import com.google.common.collect.ImmutableSet;
|
|||
import google.registry.model.registry.Registry;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import javax.inject.Inject;
|
||||
import org.joda.time.DateTime;
|
||||
|
|
@ -35,12 +34,7 @@ import org.joda.time.DateTime;
|
|||
@Action(
|
||||
path = ListTldsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListTldsAction extends ListObjectsAction<Registry> {
|
||||
|
||||
|
|
|
|||
|
|
@ -31,7 +31,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.NonFinalForTesting;
|
||||
import javax.inject.Inject;
|
||||
|
|
@ -51,12 +50,7 @@ import org.joda.time.DateTimeZone;
|
|||
*/
|
||||
@Action(
|
||||
path = "/_dr/task/refreshDnsForAllDomains",
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class RefreshDnsForAllDomainsAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ import google.registry.model.EppResource;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/**
|
||||
|
|
@ -43,12 +42,7 @@ import javax.inject.Inject;
|
|||
*/
|
||||
@Action(
|
||||
path = "/_dr/task/resaveAllEppResources",
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class ResaveAllEppResourcesAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import com.google.common.collect.ImmutableMap;
|
|||
import google.registry.model.registry.label.PremiumList;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import java.util.List;
|
||||
import javax.inject.Inject;
|
||||
|
||||
|
|
@ -35,12 +34,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = UpdatePremiumListAction.PATH,
|
||||
method = POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class UpdatePremiumListAction extends CreateOrUpdatePremiumListAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.JsonActionRunner;
|
||||
import google.registry.request.JsonActionRunner.JsonAction;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import java.util.ArrayList;
|
||||
import java.util.EnumSet;
|
||||
import java.util.List;
|
||||
|
|
@ -62,12 +61,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = VerifyOteAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class VerifyOteAction implements Runnable, JsonAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -34,7 +34,6 @@ import google.registry.model.registrar.Registrar;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.request.auth.AuthResult;
|
||||
import google.registry.security.XsrfTokenManager;
|
||||
import google.registry.ui.server.SoyTemplateUtils;
|
||||
|
|
@ -45,12 +44,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
/** Action that serves Registrar Console single HTML page (SPA). */
|
||||
@Action(
|
||||
path = ConsoleUiAction.PATH,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},
|
||||
minimumLevel = AuthLevel.NONE,
|
||||
userPolicy = Auth.UserPolicy.PUBLIC
|
||||
)
|
||||
auth = Auth.AUTH_PUBLIC
|
||||
)
|
||||
public final class ConsoleUiAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -36,7 +36,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.JsonActionRunner;
|
||||
import google.registry.request.JsonActionRunner.JsonAction;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.request.auth.AuthResult;
|
||||
import google.registry.security.JsonResponseHelper;
|
||||
import google.registry.ui.forms.FormField;
|
||||
|
|
@ -97,12 +96,7 @@ import org.joda.money.Money;
|
|||
@Action(
|
||||
path = "/registrar-payment",
|
||||
method = Action.Method.POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},
|
||||
minimumLevel = AuthLevel.USER,
|
||||
userPolicy = Auth.UserPolicy.PUBLIC
|
||||
)
|
||||
auth = Auth.AUTH_PUBLIC_LOGGED_IN
|
||||
)
|
||||
public final class RegistrarPaymentAction implements Runnable, JsonAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.JsonActionRunner;
|
||||
import google.registry.request.JsonActionRunner.JsonAction;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.request.auth.AuthResult;
|
||||
import google.registry.security.JsonResponseHelper;
|
||||
import java.util.Map;
|
||||
|
|
@ -72,12 +71,7 @@ import org.joda.money.CurrencyUnit;
|
|||
@Action(
|
||||
path = "/registrar-payment-setup",
|
||||
method = Action.Method.POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},
|
||||
minimumLevel = AuthLevel.USER,
|
||||
userPolicy = Auth.UserPolicy.PUBLIC
|
||||
)
|
||||
auth = Auth.AUTH_PUBLIC_LOGGED_IN
|
||||
)
|
||||
public final class RegistrarPaymentSetupAction implements Runnable, JsonAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -41,7 +41,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.HttpException.BadRequestException;
|
||||
import google.registry.request.JsonActionRunner;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.request.auth.AuthResult;
|
||||
import google.registry.security.JsonResponseHelper;
|
||||
import google.registry.ui.forms.FormException;
|
||||
|
|
@ -65,12 +64,7 @@ import javax.servlet.http.HttpServletRequest;
|
|||
@Action(
|
||||
path = RegistrarSettingsAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API, Auth.AuthMethod.LEGACY},
|
||||
minimumLevel = AuthLevel.USER,
|
||||
userPolicy = Auth.UserPolicy.PUBLIC
|
||||
)
|
||||
auth = Auth.AUTH_PUBLIC_LOGGED_IN
|
||||
)
|
||||
public class RegistrarSettingsAction implements Runnable, JsonActionRunner.JsonAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.RequestPath;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.whois.WhoisMetrics.WhoisMetric;
|
||||
|
|
@ -99,7 +98,7 @@ import org.joda.time.Duration;
|
|||
@Action(
|
||||
path = WhoisHttpServer.PATH,
|
||||
isPrefix = true,
|
||||
auth = @Auth(minimumLevel = AuthLevel.NONE, userPolicy = Auth.UserPolicy.PUBLIC)
|
||||
auth = Auth.AUTH_PUBLIC_ANONYMOUS
|
||||
)
|
||||
public final class WhoisHttpServer implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import google.registry.config.RegistryConfig.Config;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.Retrier;
|
||||
|
|
@ -54,12 +53,7 @@ import org.joda.time.DateTime;
|
|||
@Action(
|
||||
path = "/_dr/whois",
|
||||
method = POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class WhoisServer implements Runnable {
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue