From ed38da628cdb1bb1d4feff25fe251b3c5379349e Mon Sep 17 00:00:00 2001 From: gbrodman Date: Mon, 3 Feb 2020 13:50:54 -0500 Subject: [PATCH] Use randomly-generated base-58 strings for RegistryLock verification codes (#464) * Use randomly-generated strings for RegistryLock verification codes We were using UUIDs before which are also fine, but unnecessarily long. The RegistryLock class itself does not enforce any particular format for the lock verification codes. --- .../registry/tools/DomainLockUtils.java | 29 +++--- .../registry/tools/LockDomainCommand.java | 4 +- .../tools/LockOrUnlockDomainCommand.java | 2 + .../registry/tools/UnlockDomainCommand.java | 4 +- .../registrar/RegistryLockPostAction.java | 7 +- .../registrar/RegistryLockVerifyAction.java | 7 +- .../model/registry/RegistryLockDaoTest.java | 3 +- .../registry/tools/DomainLockUtilsTest.java | 90 ++++++++++--------- .../registry/tools/LockDomainCommandTest.java | 4 + .../tools/UnlockDomainCommandTest.java | 8 +- .../registrar/RegistryLockGetActionTest.java | 9 +- .../registrar/RegistryLockPostActionTest.java | 13 ++- .../RegistryLockVerifyActionTest.java | 14 ++- 13 files changed, 118 insertions(+), 76 deletions(-) diff --git a/core/src/main/java/google/registry/tools/DomainLockUtils.java b/core/src/main/java/google/registry/tools/DomainLockUtils.java index 0465465ec..a351b6e11 100644 --- a/core/src/main/java/google/registry/tools/DomainLockUtils.java +++ b/core/src/main/java/google/registry/tools/DomainLockUtils.java @@ -32,12 +32,14 @@ import google.registry.model.registry.RegistryLockDao; import google.registry.model.reporting.HistoryEntry; import google.registry.schema.domain.RegistryLock; import google.registry.util.Clock; +import google.registry.util.StringGenerator; import java.util.Optional; -import java.util.UUID; import javax.annotation.Nullable; +import javax.inject.Inject; +import javax.inject.Named; /** - * Utility class for validating and applying {@link RegistryLock}s. + * Utility functions for validating and applying {@link RegistryLock}s. * *

For both locks and unlocks, a lock must be requested via the createRegistry*Requst methods * then verified through the verifyAndApply* methods. These methods will verify that the domain in @@ -45,9 +47,16 @@ import javax.annotation.Nullable; */ public final class DomainLockUtils { - private DomainLockUtils() {} + private static final int VERIFICATION_CODE_LENGTH = 32; - public static RegistryLock createRegistryLockRequest( + private final StringGenerator stringGenerator; + + @Inject + public DomainLockUtils(@Named("base58StringGenerator") StringGenerator stringGenerator) { + this.stringGenerator = stringGenerator; + } + + public RegistryLock createRegistryLockRequest( String domainName, String registrarId, @Nullable String registrarPocId, @@ -68,7 +77,7 @@ public final class DomainLockUtils { RegistryLock lock = new RegistryLock.Builder() - .setVerificationCode(UUID.randomUUID().toString()) + .setVerificationCode(stringGenerator.createString(VERIFICATION_CODE_LENGTH)) .setDomainName(domainName) .setRepoId(domainBase.getRepoId()) .setRegistrarId(registrarId) @@ -78,7 +87,7 @@ public final class DomainLockUtils { return RegistryLockDao.save(lock); } - public static RegistryLock createRegistryUnlockRequest( + public RegistryLock createRegistryUnlockRequest( String domainName, String registrarId, boolean isAdmin, Clock clock) { DomainBase domainBase = getDomain(domainName, clock); Optional lockOptional = @@ -121,7 +130,7 @@ public final class DomainLockUtils { } RegistryLock newLock = newLockBuilder - .setVerificationCode(UUID.randomUUID().toString()) + .setVerificationCode(stringGenerator.createString(VERIFICATION_CODE_LENGTH)) .isSuperuser(isAdmin) .setUnlockRequestTimestamp(clock.nowUtc()) .setRegistrarId(registrarId) @@ -129,8 +138,7 @@ public final class DomainLockUtils { return RegistryLockDao.save(newLock); } - public static RegistryLock verifyAndApplyLock( - String verificationCode, boolean isAdmin, Clock clock) { + public RegistryLock verifyAndApplyLock(String verificationCode, boolean isAdmin, Clock clock) { return jpaTm() .transact( () -> { @@ -156,8 +164,7 @@ public final class DomainLockUtils { }); } - public static RegistryLock verifyAndApplyUnlock( - String verificationCode, boolean isAdmin, Clock clock) { + public RegistryLock verifyAndApplyUnlock(String verificationCode, boolean isAdmin, Clock clock) { return jpaTm() .transact( () -> { diff --git a/core/src/main/java/google/registry/tools/LockDomainCommand.java b/core/src/main/java/google/registry/tools/LockDomainCommand.java index 8e61e5b2c..795b2ecaf 100644 --- a/core/src/main/java/google/registry/tools/LockDomainCommand.java +++ b/core/src/main/java/google/registry/tools/LockDomainCommand.java @@ -60,11 +60,11 @@ public class LockDomainCommand extends LockOrUnlockDomainCommand { @Override protected RegistryLock createLock(String domain) { - return DomainLockUtils.createRegistryLockRequest(domain, clientId, null, true, clock); + return domainLockUtils.createRegistryLockRequest(domain, clientId, null, true, clock); } @Override protected void finalizeLockOrUnlockRequest(RegistryLock lock) { - DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); + domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); } } diff --git a/core/src/main/java/google/registry/tools/LockOrUnlockDomainCommand.java b/core/src/main/java/google/registry/tools/LockOrUnlockDomainCommand.java index 245dab7c8..940077e50 100644 --- a/core/src/main/java/google/registry/tools/LockOrUnlockDomainCommand.java +++ b/core/src/main/java/google/registry/tools/LockOrUnlockDomainCommand.java @@ -57,6 +57,8 @@ public abstract class LockOrUnlockDomainCommand extends ConfirmingCommand @Inject Clock clock; + @Inject DomainLockUtils domainLockUtils; + protected ImmutableSet relevantDomains = ImmutableSet.of(); protected ImmutableSet getDomains() { diff --git a/core/src/main/java/google/registry/tools/UnlockDomainCommand.java b/core/src/main/java/google/registry/tools/UnlockDomainCommand.java index 77d6ae85d..a0415b819 100644 --- a/core/src/main/java/google/registry/tools/UnlockDomainCommand.java +++ b/core/src/main/java/google/registry/tools/UnlockDomainCommand.java @@ -60,11 +60,11 @@ public class UnlockDomainCommand extends LockOrUnlockDomainCommand { @Override protected RegistryLock createLock(String domain) { - return DomainLockUtils.createRegistryUnlockRequest(domain, clientId, true, clock); + return domainLockUtils.createRegistryUnlockRequest(domain, clientId, true, clock); } @Override protected void finalizeLockOrUnlockRequest(RegistryLock lock) { - DomainLockUtils.verifyAndApplyUnlock(lock.getVerificationCode(), true, clock); + domainLockUtils.verifyAndApplyUnlock(lock.getVerificationCode(), true, clock); } } diff --git a/core/src/main/java/google/registry/ui/server/registrar/RegistryLockPostAction.java b/core/src/main/java/google/registry/ui/server/registrar/RegistryLockPostAction.java index 79c03579e..237d4a2c9 100644 --- a/core/src/main/java/google/registry/ui/server/registrar/RegistryLockPostAction.java +++ b/core/src/main/java/google/registry/ui/server/registrar/RegistryLockPostAction.java @@ -83,6 +83,7 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc private final AuthenticatedRegistrarAccessor registrarAccessor; private final SendEmailService sendEmailService; private final Clock clock; + private final DomainLockUtils domainLockUtils; private final InternetAddress gSuiteOutgoingEmailAddress; @Inject @@ -92,12 +93,14 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc AuthenticatedRegistrarAccessor registrarAccessor, SendEmailService sendEmailService, Clock clock, + DomainLockUtils domainLockUtils, @Config("gSuiteOutgoingEmailAddress") InternetAddress gSuiteOutgoingEmailAddress) { this.jsonActionRunner = jsonActionRunner; this.authResult = authResult; this.registrarAccessor = registrarAccessor; this.sendEmailService = sendEmailService; this.clock = clock; + this.domainLockUtils = domainLockUtils; this.gSuiteOutgoingEmailAddress = gSuiteOutgoingEmailAddress; } @@ -129,13 +132,13 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc () -> { RegistryLock registryLock = postInput.isLock - ? DomainLockUtils.createRegistryLockRequest( + ? domainLockUtils.createRegistryLockRequest( postInput.fullyQualifiedDomainName, postInput.clientId, postInput.pocId, isAdmin, clock) - : DomainLockUtils.createRegistryUnlockRequest( + : domainLockUtils.createRegistryUnlockRequest( postInput.fullyQualifiedDomainName, postInput.clientId, isAdmin, clock); sendVerificationEmail(registryLock, postInput.isLock); }); diff --git a/core/src/main/java/google/registry/ui/server/registrar/RegistryLockVerifyAction.java b/core/src/main/java/google/registry/ui/server/registrar/RegistryLockVerifyAction.java index 6d77e4142..70b006961 100644 --- a/core/src/main/java/google/registry/ui/server/registrar/RegistryLockVerifyAction.java +++ b/core/src/main/java/google/registry/ui/server/registrar/RegistryLockVerifyAction.java @@ -49,15 +49,18 @@ public final class RegistryLockVerifyAction extends HtmlAction { google.registry.ui.soy.registrar.RegistryLockVerificationSoyInfo.getInstance()); private final Clock clock; + private final DomainLockUtils domainLockUtils; private final String lockVerificationCode; private final Boolean isLock; @Inject public RegistryLockVerifyAction( Clock clock, + DomainLockUtils domainLockUtils, @Parameter("lockVerificationCode") String lockVerificationCode, @Parameter("isLock") Boolean isLock) { this.clock = clock; + this.domainLockUtils = domainLockUtils; this.lockVerificationCode = lockVerificationCode; this.isLock = isLock; } @@ -68,9 +71,9 @@ public final class RegistryLockVerifyAction extends HtmlAction { boolean isAdmin = authResult.userAuthInfo().get().isUserAdmin(); final RegistryLock resultLock; if (isLock) { - resultLock = DomainLockUtils.verifyAndApplyLock(lockVerificationCode, isAdmin, clock); + resultLock = domainLockUtils.verifyAndApplyLock(lockVerificationCode, isAdmin, clock); } else { - resultLock = DomainLockUtils.verifyAndApplyUnlock(lockVerificationCode, isAdmin, clock); + resultLock = domainLockUtils.verifyAndApplyUnlock(lockVerificationCode, isAdmin, clock); } data.put("isLock", isLock); data.put("success", true); diff --git a/core/src/test/java/google/registry/model/registry/RegistryLockDaoTest.java b/core/src/test/java/google/registry/model/registry/RegistryLockDaoTest.java index d5e0f9e36..35ddc2bc9 100644 --- a/core/src/test/java/google/registry/model/registry/RegistryLockDaoTest.java +++ b/core/src/test/java/google/registry/model/registry/RegistryLockDaoTest.java @@ -25,7 +25,6 @@ import google.registry.schema.domain.RegistryLock; import google.registry.testing.AppEngineRule; import google.registry.testing.FakeClock; import java.util.Optional; -import java.util.UUID; import org.junit.Rule; import org.junit.Test; import org.junit.runner.RunWith; @@ -201,7 +200,7 @@ public final class RegistryLockDaoTest { .setRepoId("repoId") .setDomainName("example.test") .setRegistrarId("TheRegistrar") - .setVerificationCode(UUID.randomUUID().toString()) + .setVerificationCode("123456789ABCDEFGHJKLMNPQRSTUVWXY") .isSuperuser(true) .build(); } diff --git a/core/src/test/java/google/registry/tools/DomainLockUtilsTest.java b/core/src/test/java/google/registry/tools/DomainLockUtilsTest.java index b854d63b7..84586b049 100644 --- a/core/src/test/java/google/registry/tools/DomainLockUtilsTest.java +++ b/core/src/test/java/google/registry/tools/DomainLockUtilsTest.java @@ -38,8 +38,10 @@ import google.registry.persistence.transaction.JpaTestRules.JpaIntegrationWithCo import google.registry.schema.domain.RegistryLock; import google.registry.testing.AppEngineRule; import google.registry.testing.DatastoreHelper; +import google.registry.testing.DeterministicStringGenerator; import google.registry.testing.FakeClock; import google.registry.testing.UserInfo; +import google.registry.util.StringGenerator.Alphabets; import java.util.Set; import java.util.stream.Collectors; import org.joda.time.Duration; @@ -57,6 +59,8 @@ public final class DomainLockUtilsTest { private static final String POC_ID = "marla.singer@example.com"; private final FakeClock clock = new FakeClock(); + private final DomainLockUtils domainLockUtils = + new DomainLockUtils(new DeterministicStringGenerator(Alphabets.BASE_58)); @Rule public final AppEngineRule appEngineRule = @@ -80,39 +84,39 @@ public final class DomainLockUtilsTest { @Test public void testSuccess_createLock() { - DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); + domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); } @Test public void testSuccess_createUnlock() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); - DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); - DomainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); + domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); + domainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); } @Test public void testSuccess_createUnlock_adminUnlockingAdmin() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); - DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); - DomainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", true, clock); + domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); + domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); + domainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", true, clock); } @Test public void testSuccess_createLock_previousLockExpired() { - DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); + domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); clock.advanceBy(Duration.standardDays(1)); - DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); + domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); } @Test public void testSuccess_applyLockDomain() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); - DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); + domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); assertThat(reloadDomain().getStatusValues()).containsExactlyElementsIn(REGISTRY_LOCK_STATUSES); HistoryEntry historyEntry = getOnlyHistoryEntryOfType(domain, HistoryEntry.Type.DOMAIN_UPDATE); assertThat(historyEntry.getRequestedByRegistrar()).isTrue(); @@ -125,12 +129,12 @@ public final class DomainLockUtilsTest { @Test public void testSuccess_applyUnlockDomain() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); - DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); + domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); RegistryLock unlock = - DomainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); - DomainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false, clock); + domainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); + domainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false, clock); assertThat(reloadDomain().getStatusValues()).containsNoneIn(REGISTRY_LOCK_STATUSES); ImmutableList historyEntries = @@ -149,8 +153,8 @@ public final class DomainLockUtilsTest { @Test public void testSuccess_applyAdminLock_onlyHistoryEntry() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); - DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); + domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); + domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); HistoryEntry historyEntry = getOnlyHistoryEntryOfType(domain, HistoryEntry.Type.DOMAIN_UPDATE); assertThat(historyEntry.getRequestedByRegistrar()).isFalse(); @@ -161,16 +165,16 @@ public final class DomainLockUtilsTest { @Test public void testFailure_createUnlock_alreadyPendingUnlock() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); - DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); - DomainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); + domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); + domainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); assertThat( assertThrows( IllegalArgumentException.class, () -> - DomainLockUtils.createRegistryUnlockRequest( + domainLockUtils.createRegistryUnlockRequest( DOMAIN_NAME, "TheRegistrar", false, clock))) .hasMessageThat() .isEqualTo("A pending unlock action already exists for example.tld"); @@ -179,13 +183,13 @@ public final class DomainLockUtilsTest { @Test public void testFailure_createUnlock_nonAdminUnlockingAdmin() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); - DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); + domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); + domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); assertThat( assertThrows( IllegalArgumentException.class, () -> - DomainLockUtils.createRegistryUnlockRequest( + domainLockUtils.createRegistryUnlockRequest( DOMAIN_NAME, "TheRegistrar", false, clock))) .hasMessageThat() .isEqualTo("Non-admin user cannot unlock admin-locked domain example.tld"); @@ -197,7 +201,7 @@ public final class DomainLockUtilsTest { assertThrows( IllegalArgumentException.class, () -> - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( "asdf.tld", "TheRegistrar", POC_ID, false, clock))) .hasMessageThat() .isEqualTo("Unknown domain asdf.tld"); @@ -205,12 +209,12 @@ public final class DomainLockUtilsTest { @Test public void testFailure_createLock_alreadyPendingLock() { - DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); + domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); assertThat( assertThrows( IllegalArgumentException.class, () -> - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock))) .hasMessageThat() .isEqualTo("A pending or completed lock action already exists for example.tld"); @@ -223,7 +227,7 @@ public final class DomainLockUtilsTest { assertThrows( IllegalArgumentException.class, () -> - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock))) .hasMessageThat() .isEqualTo("Domain example.tld is already locked"); @@ -235,7 +239,7 @@ public final class DomainLockUtilsTest { assertThrows( IllegalArgumentException.class, () -> - DomainLockUtils.createRegistryUnlockRequest( + domainLockUtils.createRegistryUnlockRequest( DOMAIN_NAME, "TheRegistrar", false, clock))) .hasMessageThat() .isEqualTo("Domain example.tld is already unlocked"); @@ -244,14 +248,14 @@ public final class DomainLockUtilsTest { @Test public void testFailure_applyLock_alreadyApplied() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); - DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); + domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); domain = reloadDomain(); assertThat( assertThrows( IllegalArgumentException.class, - () -> DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock))) + () -> domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock))) .hasMessageThat() .isEqualTo("Domain example.tld is already locked"); assertNoDomainChanges(); @@ -260,13 +264,13 @@ public final class DomainLockUtilsTest { @Test public void testFailure_applyLock_expired() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); clock.advanceBy(Duration.standardDays(1)); assertThat( assertThrows( IllegalArgumentException.class, - () -> DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock))) + () -> domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock))) .hasMessageThat() .isEqualTo("The pending lock has expired; please try again"); assertNoDomainChanges(); @@ -275,11 +279,11 @@ public final class DomainLockUtilsTest { @Test public void testFailure_applyLock_nonAdmin_applyAdminLock() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); + domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); assertThat( assertThrows( IllegalArgumentException.class, - () -> DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock))) + () -> domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock))) .hasMessageThat() .isEqualTo("Non-admin user cannot complete admin lock"); assertNoDomainChanges(); @@ -288,18 +292,18 @@ public final class DomainLockUtilsTest { @Test public void testFailure_applyUnlock_alreadyUnlocked() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); - DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); + domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); RegistryLock unlock = - DomainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); - DomainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false, clock); + domainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); + domainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false, clock); assertThat( assertThrows( IllegalArgumentException.class, () -> - DomainLockUtils.verifyAndApplyUnlock( + domainLockUtils.verifyAndApplyUnlock( unlock.getVerificationCode(), false, clock))) .hasMessageThat() .isEqualTo("Domain example.tld is already unlocked"); @@ -309,7 +313,7 @@ public final class DomainLockUtilsTest { @Test public void testFailure_applyLock_alreadyLocked() { RegistryLock lock = - DomainLockUtils.createRegistryLockRequest( + domainLockUtils.createRegistryLockRequest( DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); String verificationCode = lock.getVerificationCode(); // reload to pick up modification times, etc @@ -318,7 +322,7 @@ public final class DomainLockUtilsTest { assertThat( assertThrows( IllegalArgumentException.class, - () -> DomainLockUtils.verifyAndApplyLock(verificationCode, false, clock))) + () -> domainLockUtils.verifyAndApplyLock(verificationCode, false, clock))) .hasMessageThat() .isEqualTo("Domain example.tld is already locked"); diff --git a/core/src/test/java/google/registry/tools/LockDomainCommandTest.java b/core/src/test/java/google/registry/tools/LockDomainCommandTest.java index 7e25607bb..b087487ec 100644 --- a/core/src/test/java/google/registry/tools/LockDomainCommandTest.java +++ b/core/src/test/java/google/registry/tools/LockDomainCommandTest.java @@ -30,7 +30,9 @@ import google.registry.model.registrar.Registrar.Type; import google.registry.model.registry.RegistryLockDao; import google.registry.persistence.transaction.JpaTestRules; import google.registry.persistence.transaction.JpaTestRules.JpaIntegrationWithCoverageRule; +import google.registry.testing.DeterministicStringGenerator; import google.registry.testing.FakeClock; +import google.registry.util.StringGenerator.Alphabets; import java.util.ArrayList; import java.util.List; import java.util.stream.Collectors; @@ -51,6 +53,8 @@ public class LockDomainCommandTest extends CommandTestCase { createTld("tld"); command.registryAdminClientId = "adminreg"; command.clock = new FakeClock(); + command.domainLockUtils = + new DomainLockUtils(new DeterministicStringGenerator(Alphabets.BASE_58)); } @Test diff --git a/core/src/test/java/google/registry/tools/UnlockDomainCommandTest.java b/core/src/test/java/google/registry/tools/UnlockDomainCommandTest.java index a59401392..191a3a044 100644 --- a/core/src/test/java/google/registry/tools/UnlockDomainCommandTest.java +++ b/core/src/test/java/google/registry/tools/UnlockDomainCommandTest.java @@ -33,7 +33,9 @@ import google.registry.model.registry.RegistryLockDao; import google.registry.persistence.transaction.JpaTestRules; import google.registry.persistence.transaction.JpaTestRules.JpaIntegrationWithCoverageRule; import google.registry.schema.domain.RegistryLock; +import google.registry.testing.DeterministicStringGenerator; import google.registry.testing.FakeClock; +import google.registry.util.StringGenerator.Alphabets; import java.util.ArrayList; import java.util.List; import java.util.stream.Collectors; @@ -54,14 +56,16 @@ public class UnlockDomainCommandTest extends CommandTestCase