mirror of
https://github.com/google/nomulus.git
synced 2025-07-22 10:46:10 +02:00
Change @Auth to an AutoValue, and created a set of predefined Auths
We want to be safer and more explicit about the authentication needed by the many actions that exist. As such, we make the 'auth' parameter required in @Action (so it's always clear who can run a specific action) and we replace the @Auth with an enum so that only pre-approved configurations that are aptly named and documented can be used. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=162210306
This commit is contained in:
guyben
Ben McIlwain
parent
5966d8077b
commit
e224a67eda
94 changed files with 614 additions and 511 deletions
|
|
@ -33,7 +33,6 @@ import google.registry.request.HttpException.InternalServerErrorException;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Concurrent;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import java.io.PrintWriter;
|
||||
|
|
@ -46,12 +45,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = CreateGroupsAction.PATH,
|
||||
method = POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class CreateGroupsAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,6 @@ import google.registry.model.registry.label.PremiumList;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import java.util.List;
|
||||
import javax.inject.Inject;
|
||||
|
||||
|
|
@ -37,12 +36,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = CreatePremiumListAction.PATH,
|
||||
method = POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class CreatePremiumListAction extends CreateOrUpdatePremiumListAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,6 @@ import google.registry.request.HttpException.BadRequestException;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import javax.inject.Inject;
|
||||
|
||||
|
|
@ -51,12 +50,7 @@ import javax.inject.Inject;
|
|||
*/
|
||||
@Action(
|
||||
path = DeleteEntityAction.PATH,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class DeleteEntityAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.HttpException.BadRequestException;
|
||||
import google.registry.request.JsonActionRunner;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
|
|
@ -72,14 +71,9 @@ import org.joda.time.Duration;
|
|||
* 29 days in the past, and must be at midnight UTC.
|
||||
*/
|
||||
@Action(
|
||||
path = GenerateZoneFilesAction.PATH,
|
||||
method = POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
path = GenerateZoneFilesAction.PATH,
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class GenerateZoneFilesAction implements Runnable, JsonActionRunner.JsonAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import google.registry.model.ofy.CommitLogBucket;
|
|||
import google.registry.model.ofy.CommitLogCheckpointRoot;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import java.util.Arrays;
|
||||
import javax.inject.Inject;
|
||||
|
||||
|
|
@ -43,7 +44,11 @@ import javax.inject.Inject;
|
|||
* which only admin users can do. That makes this command hard to use, which is appropriate, given
|
||||
* the drastic consequences of accidental execution.
|
||||
*/
|
||||
@Action(path = "/_dr/task/killAllCommitLogs", method = POST)
|
||||
@Action(
|
||||
path = "/_dr/task/killAllCommitLogs",
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class KillAllCommitLogsAction implements Runnable {
|
||||
|
||||
@Inject MapreduceRunner mrRunner;
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import google.registry.model.index.EppResourceIndex;
|
|||
import google.registry.model.index.ForeignKeyIndex;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/**
|
||||
|
|
@ -42,7 +43,11 @@ import javax.inject.Inject;
|
|||
* which only admin users can do. That makes this command hard to use, which is appropriate, given
|
||||
* the drastic consequences of accidental execution.
|
||||
*/
|
||||
@Action(path = "/_dr/task/killAllEppResources", method = POST)
|
||||
@Action(
|
||||
path = "/_dr/task/killAllEppResources",
|
||||
method = POST,
|
||||
auth = Auth.AUTH_INTERNAL_ONLY
|
||||
)
|
||||
public class KillAllEppResourcesAction implements Runnable {
|
||||
|
||||
@Inject MapreduceRunner mrRunner;
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ import google.registry.model.domain.DomainResource;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Parameter;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import java.util.Comparator;
|
||||
import java.util.List;
|
||||
|
|
@ -37,12 +36,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = ListDomainsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListDomainsAction extends ListObjectsAction<DomainResource> {
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import google.registry.model.EppResourceUtils;
|
|||
import google.registry.model.host.HostResource;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import java.util.Comparator;
|
||||
import javax.inject.Inject;
|
||||
|
|
@ -35,12 +34,7 @@ import org.joda.time.DateTime;
|
|||
@Action(
|
||||
path = ListHostsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListHostsAction extends ListObjectsAction<HostResource> {
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,6 @@ import com.google.common.collect.ImmutableSet;
|
|||
import google.registry.model.registry.label.PremiumList;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/**
|
||||
|
|
@ -32,12 +31,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = ListPremiumListsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListPremiumListsAction extends ListObjectsAction<PremiumList> {
|
||||
|
||||
|
|
|
|||
|
|
@ -23,19 +23,13 @@ import com.google.common.collect.ImmutableSet;
|
|||
import google.registry.model.registrar.Registrar;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/** An action that lists registrars, for use by the {@code nomulus list_registrars} command. */
|
||||
@Action(
|
||||
path = ListRegistrarsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListRegistrarsAction extends ListObjectsAction<Registrar> {
|
||||
|
||||
|
|
|
|||
|
|
@ -23,19 +23,13 @@ import com.google.common.collect.ImmutableSet;
|
|||
import google.registry.model.registry.label.ReservedList;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/** A that lists reserved lists, for use by the {@code nomulus list_reserved_lists} command. */
|
||||
@Action(
|
||||
path = ListReservedListsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListReservedListsAction extends ListObjectsAction<ReservedList> {
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,6 @@ import com.google.common.collect.ImmutableSet;
|
|||
import google.registry.model.registry.Registry;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.Clock;
|
||||
import javax.inject.Inject;
|
||||
import org.joda.time.DateTime;
|
||||
|
|
@ -35,12 +34,7 @@ import org.joda.time.DateTime;
|
|||
@Action(
|
||||
path = ListTldsAction.PATH,
|
||||
method = {GET, POST},
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public final class ListTldsAction extends ListObjectsAction<Registry> {
|
||||
|
||||
|
|
|
|||
|
|
@ -31,7 +31,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.Parameter;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import google.registry.util.FormattingLogger;
|
||||
import google.registry.util.NonFinalForTesting;
|
||||
import javax.inject.Inject;
|
||||
|
|
@ -51,12 +50,7 @@ import org.joda.time.DateTimeZone;
|
|||
*/
|
||||
@Action(
|
||||
path = "/_dr/task/refreshDnsForAllDomains",
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class RefreshDnsForAllDomainsAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ import google.registry.model.EppResource;
|
|||
import google.registry.request.Action;
|
||||
import google.registry.request.Response;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import javax.inject.Inject;
|
||||
|
||||
/**
|
||||
|
|
@ -43,12 +42,7 @@ import javax.inject.Inject;
|
|||
*/
|
||||
@Action(
|
||||
path = "/_dr/task/resaveAllEppResources",
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class ResaveAllEppResourcesAction implements Runnable {
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ import com.google.common.collect.ImmutableMap;
|
|||
import google.registry.model.registry.label.PremiumList;
|
||||
import google.registry.request.Action;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import java.util.List;
|
||||
import javax.inject.Inject;
|
||||
|
||||
|
|
@ -35,12 +34,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = UpdatePremiumListAction.PATH,
|
||||
method = POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class UpdatePremiumListAction extends CreateOrUpdatePremiumListAction {
|
||||
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ import google.registry.request.Action;
|
|||
import google.registry.request.JsonActionRunner;
|
||||
import google.registry.request.JsonActionRunner.JsonAction;
|
||||
import google.registry.request.auth.Auth;
|
||||
import google.registry.request.auth.AuthLevel;
|
||||
import java.util.ArrayList;
|
||||
import java.util.EnumSet;
|
||||
import java.util.List;
|
||||
|
|
@ -62,12 +61,7 @@ import javax.inject.Inject;
|
|||
@Action(
|
||||
path = VerifyOteAction.PATH,
|
||||
method = Action.Method.POST,
|
||||
auth =
|
||||
@Auth(
|
||||
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
|
||||
minimumLevel = AuthLevel.APP,
|
||||
userPolicy = Auth.UserPolicy.ADMIN
|
||||
)
|
||||
auth = Auth.AUTH_INTERNAL_OR_ADMIN
|
||||
)
|
||||
public class VerifyOteAction implements Runnable, JsonAction {
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue