zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-06-28 07:13:34 +02:00
Code Issues Projects Releases Packages Wiki Activity

Use randomly-generated base-58 strings for RegistryLock verification codes (#464)

Browse source 
* Use randomly-generated strings for RegistryLock verification codes

We were using UUIDs before which are also fine, but unnecessarily long.
The RegistryLock class itself does not enforce any particular format for
the lock verification codes.
This commit is contained in:
gbrodman 2020-02-03 13:50:54 -05:00 committed by GitHub
parent b8b2f85e25
commit ed38da628c
13 changed files with 118 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

29
core/src/main/java/google/registry/tools/DomainLockUtils.java
View file

@ -32,12 +32,14 @@ import google.registry.model.registry.RegistryLockDao;
import google.registry.model.reporting.HistoryEntry; import google.registry.model.reporting.HistoryEntry;
import google.registry.schema.domain.RegistryLock; import google.registry.schema.domain.RegistryLock;
import google.registry.util.Clock; import google.registry.util.Clock;
import google.registry.util.StringGenerator;
import java.util.Optional; import java.util.Optional;
import java.util.UUID;
import javax.annotation.Nullable; import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Named;
/** /**
* Utility class for validating and applying {@link RegistryLock}s. * Utility functions for validating and applying {@link RegistryLock}s.
* *
* <p>For both locks and unlocks, a lock must be requested via the createRegistry*Requst methods * <p>For both locks and unlocks, a lock must be requested via the createRegistry*Requst methods
* then verified through the verifyAndApply* methods. These methods will verify that the domain in * then verified through the verifyAndApply* methods. These methods will verify that the domain in
@ -45,9 +47,16 @@ import javax.annotation.Nullable;
*/ */
public final class DomainLockUtils { public final class DomainLockUtils {
private DomainLockUtils() {} private static final int VERIFICATION_CODE_LENGTH = 32;
public static RegistryLock createRegistryLockRequest( private final StringGenerator stringGenerator;
@Inject
public DomainLockUtils(@Named("base58StringGenerator") StringGenerator stringGenerator) {
this.stringGenerator = stringGenerator;
}
public RegistryLock createRegistryLockRequest(
String domainName, String domainName,
String registrarId, String registrarId,
@Nullable String registrarPocId, @Nullable String registrarPocId,
@ -68,7 +77,7 @@ public final class DomainLockUtils {
RegistryLock lock = RegistryLock lock =
new RegistryLock.Builder() new RegistryLock.Builder()
.setVerificationCode(UUID.randomUUID().toString()) .setVerificationCode(stringGenerator.createString(VERIFICATION_CODE_LENGTH))
.setDomainName(domainName) .setDomainName(domainName)
.setRepoId(domainBase.getRepoId()) .setRepoId(domainBase.getRepoId())
.setRegistrarId(registrarId) .setRegistrarId(registrarId)
@ -78,7 +87,7 @@ public final class DomainLockUtils {
return RegistryLockDao.save(lock); return RegistryLockDao.save(lock);
} }
public static RegistryLock createRegistryUnlockRequest( public RegistryLock createRegistryUnlockRequest(
String domainName, String registrarId, boolean isAdmin, Clock clock) { String domainName, String registrarId, boolean isAdmin, Clock clock) {
DomainBase domainBase = getDomain(domainName, clock); DomainBase domainBase = getDomain(domainName, clock);
Optional<RegistryLock> lockOptional = Optional<RegistryLock> lockOptional =
@ -121,7 +130,7 @@ public final class DomainLockUtils {
} }
RegistryLock newLock = RegistryLock newLock =
newLockBuilder newLockBuilder
.setVerificationCode(UUID.randomUUID().toString()) .setVerificationCode(stringGenerator.createString(VERIFICATION_CODE_LENGTH))
.isSuperuser(isAdmin) .isSuperuser(isAdmin)
.setUnlockRequestTimestamp(clock.nowUtc()) .setUnlockRequestTimestamp(clock.nowUtc())
.setRegistrarId(registrarId) .setRegistrarId(registrarId)
@ -129,8 +138,7 @@ public final class DomainLockUtils {
return RegistryLockDao.save(newLock); return RegistryLockDao.save(newLock);
} }
public static RegistryLock verifyAndApplyLock( public RegistryLock verifyAndApplyLock(String verificationCode, boolean isAdmin, Clock clock) {
String verificationCode, boolean isAdmin, Clock clock) {
return jpaTm() return jpaTm()
.transact( .transact(
() -> { () -> {
@ -156,8 +164,7 @@ public final class DomainLockUtils {
}); });
} }
public static RegistryLock verifyAndApplyUnlock( public RegistryLock verifyAndApplyUnlock(String verificationCode, boolean isAdmin, Clock clock) {
String verificationCode, boolean isAdmin, Clock clock) {
return jpaTm() return jpaTm()
.transact( .transact(
() -> { () -> {

4
core/src/main/java/google/registry/tools/LockDomainCommand.java
View file

@ -60,11 +60,11 @@ public class LockDomainCommand extends LockOrUnlockDomainCommand {
@Override @Override
protected RegistryLock createLock(String domain) { protected RegistryLock createLock(String domain) {
return DomainLockUtils.createRegistryLockRequest(domain, clientId, null, true, clock); return domainLockUtils.createRegistryLockRequest(domain, clientId, null, true, clock);
} }
@Override @Override
protected void finalizeLockOrUnlockRequest(RegistryLock lock) { protected void finalizeLockOrUnlockRequest(RegistryLock lock) {
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock);
} }
} }

2
core/src/main/java/google/registry/tools/LockOrUnlockDomainCommand.java
View file

@ -57,6 +57,8 @@ public abstract class LockOrUnlockDomainCommand extends ConfirmingCommand
@Inject Clock clock; @Inject Clock clock;
@Inject DomainLockUtils domainLockUtils;
protected ImmutableSet<String> relevantDomains = ImmutableSet.of(); protected ImmutableSet<String> relevantDomains = ImmutableSet.of();
protected ImmutableSet<String> getDomains() { protected ImmutableSet<String> getDomains() {

4
core/src/main/java/google/registry/tools/UnlockDomainCommand.java
View file

@ -60,11 +60,11 @@ public class UnlockDomainCommand extends LockOrUnlockDomainCommand {
@Override @Override
protected RegistryLock createLock(String domain) { protected RegistryLock createLock(String domain) {
return DomainLockUtils.createRegistryUnlockRequest(domain, clientId, true, clock); return domainLockUtils.createRegistryUnlockRequest(domain, clientId, true, clock);
} }
@Override @Override
protected void finalizeLockOrUnlockRequest(RegistryLock lock) { protected void finalizeLockOrUnlockRequest(RegistryLock lock) {
DomainLockUtils.verifyAndApplyUnlock(lock.getVerificationCode(), true, clock); domainLockUtils.verifyAndApplyUnlock(lock.getVerificationCode(), true, clock);
} }
} }

7
core/src/main/java/google/registry/ui/server/registrar/RegistryLockPostAction.java
View file

@ -83,6 +83,7 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc
private final AuthenticatedRegistrarAccessor registrarAccessor; private final AuthenticatedRegistrarAccessor registrarAccessor;
private final SendEmailService sendEmailService; private final SendEmailService sendEmailService;
private final Clock clock; private final Clock clock;
private final DomainLockUtils domainLockUtils;
private final InternetAddress gSuiteOutgoingEmailAddress; private final InternetAddress gSuiteOutgoingEmailAddress;
@Inject @Inject
@ -92,12 +93,14 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc
AuthenticatedRegistrarAccessor registrarAccessor, AuthenticatedRegistrarAccessor registrarAccessor,
SendEmailService sendEmailService, SendEmailService sendEmailService,
Clock clock, Clock clock,
DomainLockUtils domainLockUtils,
@Config("gSuiteOutgoingEmailAddress") InternetAddress gSuiteOutgoingEmailAddress) { @Config("gSuiteOutgoingEmailAddress") InternetAddress gSuiteOutgoingEmailAddress) {
this.jsonActionRunner = jsonActionRunner; this.jsonActionRunner = jsonActionRunner;
this.authResult = authResult; this.authResult = authResult;
this.registrarAccessor = registrarAccessor; this.registrarAccessor = registrarAccessor;
this.sendEmailService = sendEmailService; this.sendEmailService = sendEmailService;
this.clock = clock; this.clock = clock;
this.domainLockUtils = domainLockUtils;
this.gSuiteOutgoingEmailAddress = gSuiteOutgoingEmailAddress; this.gSuiteOutgoingEmailAddress = gSuiteOutgoingEmailAddress;
} }
@ -129,13 +132,13 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc
() -> { () -> {
RegistryLock registryLock = RegistryLock registryLock =
postInput.isLock postInput.isLock
? DomainLockUtils.createRegistryLockRequest( ? domainLockUtils.createRegistryLockRequest(
postInput.fullyQualifiedDomainName, postInput.fullyQualifiedDomainName,
postInput.clientId, postInput.clientId,
postInput.pocId, postInput.pocId,
isAdmin, isAdmin,
clock) clock)
: DomainLockUtils.createRegistryUnlockRequest( : domainLockUtils.createRegistryUnlockRequest(
postInput.fullyQualifiedDomainName, postInput.clientId, isAdmin, clock); postInput.fullyQualifiedDomainName, postInput.clientId, isAdmin, clock);
sendVerificationEmail(registryLock, postInput.isLock); sendVerificationEmail(registryLock, postInput.isLock);
}); });

7
core/src/main/java/google/registry/ui/server/registrar/RegistryLockVerifyAction.java
View file

@ -49,15 +49,18 @@ public final class RegistryLockVerifyAction extends HtmlAction {
google.registry.ui.soy.registrar.RegistryLockVerificationSoyInfo.getInstance()); google.registry.ui.soy.registrar.RegistryLockVerificationSoyInfo.getInstance());
private final Clock clock; private final Clock clock;
private final DomainLockUtils domainLockUtils;
private final String lockVerificationCode; private final String lockVerificationCode;
private final Boolean isLock; private final Boolean isLock;
@Inject @Inject
public RegistryLockVerifyAction( public RegistryLockVerifyAction(
Clock clock, Clock clock,
DomainLockUtils domainLockUtils,
@Parameter("lockVerificationCode") String lockVerificationCode, @Parameter("lockVerificationCode") String lockVerificationCode,
@Parameter("isLock") Boolean isLock) { @Parameter("isLock") Boolean isLock) {
this.clock = clock; this.clock = clock;
this.domainLockUtils = domainLockUtils;
this.lockVerificationCode = lockVerificationCode; this.lockVerificationCode = lockVerificationCode;
this.isLock = isLock; this.isLock = isLock;
} }
@ -68,9 +71,9 @@ public final class RegistryLockVerifyAction extends HtmlAction {
boolean isAdmin = authResult.userAuthInfo().get().isUserAdmin(); boolean isAdmin = authResult.userAuthInfo().get().isUserAdmin();
final RegistryLock resultLock; final RegistryLock resultLock;
if (isLock) { if (isLock) {
resultLock = DomainLockUtils.verifyAndApplyLock(lockVerificationCode, isAdmin, clock); resultLock = domainLockUtils.verifyAndApplyLock(lockVerificationCode, isAdmin, clock);
} else { } else {
resultLock = DomainLockUtils.verifyAndApplyUnlock(lockVerificationCode, isAdmin, clock); resultLock = domainLockUtils.verifyAndApplyUnlock(lockVerificationCode, isAdmin, clock);
} }
data.put("isLock", isLock); data.put("isLock", isLock);
data.put("success", true); data.put("success", true);

3
core/src/test/java/google/registry/model/registry/RegistryLockDaoTest.java
View file

@ -25,7 +25,6 @@ import google.registry.schema.domain.RegistryLock;
import google.registry.testing.AppEngineRule; import google.registry.testing.AppEngineRule;
import google.registry.testing.FakeClock; import google.registry.testing.FakeClock;
import java.util.Optional; import java.util.Optional;
import java.util.UUID;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
@ -201,7 +200,7 @@ public final class RegistryLockDaoTest {
.setRepoId("repoId") .setRepoId("repoId")
.setDomainName("example.test") .setDomainName("example.test")
.setRegistrarId("TheRegistrar") .setRegistrarId("TheRegistrar")
.setVerificationCode(UUID.randomUUID().toString()) .setVerificationCode("123456789ABCDEFGHJKLMNPQRSTUVWXY")
.isSuperuser(true) .isSuperuser(true)
.build(); .build();
} }

90
core/src/test/java/google/registry/tools/DomainLockUtilsTest.java
View file

@ -38,8 +38,10 @@ import google.registry.persistence.transaction.JpaTestRules.JpaIntegrationWithCo
import google.registry.schema.domain.RegistryLock; import google.registry.schema.domain.RegistryLock;
import google.registry.testing.AppEngineRule; import google.registry.testing.AppEngineRule;
import google.registry.testing.DatastoreHelper; import google.registry.testing.DatastoreHelper;
import google.registry.testing.DeterministicStringGenerator;
import google.registry.testing.FakeClock; import google.registry.testing.FakeClock;
import google.registry.testing.UserInfo; import google.registry.testing.UserInfo;
import google.registry.util.StringGenerator.Alphabets;
import java.util.Set; import java.util.Set;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.joda.time.Duration; import org.joda.time.Duration;
@ -57,6 +59,8 @@ public final class DomainLockUtilsTest {
private static final String POC_ID = "marla.singer@example.com"; private static final String POC_ID = "marla.singer@example.com";
private final FakeClock clock = new FakeClock(); private final FakeClock clock = new FakeClock();
private final DomainLockUtils domainLockUtils =
new DomainLockUtils(new DeterministicStringGenerator(Alphabets.BASE_58));
@Rule @Rule
public final AppEngineRule appEngineRule = public final AppEngineRule appEngineRule =
@ -80,39 +84,39 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testSuccess_createLock() { public void testSuccess_createLock() {
DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
} }
@Test @Test
public void testSuccess_createUnlock() { public void testSuccess_createUnlock() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock);
DomainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); domainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock);
} }
@Test @Test
public void testSuccess_createUnlock_adminUnlockingAdmin() { public void testSuccess_createUnlock_adminUnlockingAdmin() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock);
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock);
DomainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", true, clock); domainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", true, clock);
} }
@Test @Test
public void testSuccess_createLock_previousLockExpired() { public void testSuccess_createLock_previousLockExpired() {
DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
clock.advanceBy(Duration.standardDays(1)); clock.advanceBy(Duration.standardDays(1));
DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
} }
@Test @Test
public void testSuccess_applyLockDomain() { public void testSuccess_applyLockDomain() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock);
assertThat(reloadDomain().getStatusValues()).containsExactlyElementsIn(REGISTRY_LOCK_STATUSES); assertThat(reloadDomain().getStatusValues()).containsExactlyElementsIn(REGISTRY_LOCK_STATUSES);
HistoryEntry historyEntry = getOnlyHistoryEntryOfType(domain, HistoryEntry.Type.DOMAIN_UPDATE); HistoryEntry historyEntry = getOnlyHistoryEntryOfType(domain, HistoryEntry.Type.DOMAIN_UPDATE);
assertThat(historyEntry.getRequestedByRegistrar()).isTrue(); assertThat(historyEntry.getRequestedByRegistrar()).isTrue();
@ -125,12 +129,12 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testSuccess_applyUnlockDomain() { public void testSuccess_applyUnlockDomain() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock);
RegistryLock unlock = RegistryLock unlock =
DomainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); domainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock);
DomainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false, clock); domainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false, clock);
assertThat(reloadDomain().getStatusValues()).containsNoneIn(REGISTRY_LOCK_STATUSES); assertThat(reloadDomain().getStatusValues()).containsNoneIn(REGISTRY_LOCK_STATUSES);
ImmutableList<HistoryEntry> historyEntries = ImmutableList<HistoryEntry> historyEntries =
@ -149,8 +153,8 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testSuccess_applyAdminLock_onlyHistoryEntry() { public void testSuccess_applyAdminLock_onlyHistoryEntry() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock);
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock);
HistoryEntry historyEntry = getOnlyHistoryEntryOfType(domain, HistoryEntry.Type.DOMAIN_UPDATE); HistoryEntry historyEntry = getOnlyHistoryEntryOfType(domain, HistoryEntry.Type.DOMAIN_UPDATE);
assertThat(historyEntry.getRequestedByRegistrar()).isFalse(); assertThat(historyEntry.getRequestedByRegistrar()).isFalse();
@ -161,16 +165,16 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testFailure_createUnlock_alreadyPendingUnlock() { public void testFailure_createUnlock_alreadyPendingUnlock() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock);
DomainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); domainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock);
assertThat( assertThat(
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> () ->
DomainLockUtils.createRegistryUnlockRequest( domainLockUtils.createRegistryUnlockRequest(
DOMAIN_NAME, "TheRegistrar", false, clock))) DOMAIN_NAME, "TheRegistrar", false, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("A pending unlock action already exists for example.tld"); .isEqualTo("A pending unlock action already exists for example.tld");
@ -179,13 +183,13 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testFailure_createUnlock_nonAdminUnlockingAdmin() { public void testFailure_createUnlock_nonAdminUnlockingAdmin() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock);
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock); domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock);
assertThat( assertThat(
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> () ->
DomainLockUtils.createRegistryUnlockRequest( domainLockUtils.createRegistryUnlockRequest(
DOMAIN_NAME, "TheRegistrar", false, clock))) DOMAIN_NAME, "TheRegistrar", false, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("Non-admin user cannot unlock admin-locked domain example.tld"); .isEqualTo("Non-admin user cannot unlock admin-locked domain example.tld");
@ -197,7 +201,7 @@ public final class DomainLockUtilsTest {
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> () ->
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
"asdf.tld", "TheRegistrar", POC_ID, false, clock))) "asdf.tld", "TheRegistrar", POC_ID, false, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("Unknown domain asdf.tld"); .isEqualTo("Unknown domain asdf.tld");
@ -205,12 +209,12 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testFailure_createLock_alreadyPendingLock() { public void testFailure_createLock_alreadyPendingLock() {
DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
assertThat( assertThat(
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> () ->
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock))) DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("A pending or completed lock action already exists for example.tld"); .isEqualTo("A pending or completed lock action already exists for example.tld");
@ -223,7 +227,7 @@ public final class DomainLockUtilsTest {
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> () ->
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock))) DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("Domain example.tld is already locked"); .isEqualTo("Domain example.tld is already locked");
@ -235,7 +239,7 @@ public final class DomainLockUtilsTest {
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> () ->
DomainLockUtils.createRegistryUnlockRequest( domainLockUtils.createRegistryUnlockRequest(
DOMAIN_NAME, "TheRegistrar", false, clock))) DOMAIN_NAME, "TheRegistrar", false, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("Domain example.tld is already unlocked"); .isEqualTo("Domain example.tld is already unlocked");
@ -244,14 +248,14 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testFailure_applyLock_alreadyApplied() { public void testFailure_applyLock_alreadyApplied() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock);
domain = reloadDomain(); domain = reloadDomain();
assertThat( assertThat(
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock))) () -> domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("Domain example.tld is already locked"); .isEqualTo("Domain example.tld is already locked");
assertNoDomainChanges(); assertNoDomainChanges();
@ -260,13 +264,13 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testFailure_applyLock_expired() { public void testFailure_applyLock_expired() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
clock.advanceBy(Duration.standardDays(1)); clock.advanceBy(Duration.standardDays(1));
assertThat( assertThat(
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock))) () -> domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("The pending lock has expired; please try again"); .isEqualTo("The pending lock has expired; please try again");
assertNoDomainChanges(); assertNoDomainChanges();
@ -275,11 +279,11 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testFailure_applyLock_nonAdmin_applyAdminLock() { public void testFailure_applyLock_nonAdmin_applyAdminLock() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock); domainLockUtils.createRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true, clock);
assertThat( assertThat(
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock))) () -> domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("Non-admin user cannot complete admin lock"); .isEqualTo("Non-admin user cannot complete admin lock");
assertNoDomainChanges(); assertNoDomainChanges();
@ -288,18 +292,18 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testFailure_applyUnlock_alreadyUnlocked() { public void testFailure_applyUnlock_alreadyUnlocked() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock); domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false, clock);
RegistryLock unlock = RegistryLock unlock =
DomainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock); domainLockUtils.createRegistryUnlockRequest(DOMAIN_NAME, "TheRegistrar", false, clock);
DomainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false, clock); domainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false, clock);
assertThat( assertThat(
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> () ->
DomainLockUtils.verifyAndApplyUnlock( domainLockUtils.verifyAndApplyUnlock(
unlock.getVerificationCode(), false, clock))) unlock.getVerificationCode(), false, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("Domain example.tld is already unlocked"); .isEqualTo("Domain example.tld is already unlocked");
@ -309,7 +313,7 @@ public final class DomainLockUtilsTest {
@Test @Test
public void testFailure_applyLock_alreadyLocked() { public void testFailure_applyLock_alreadyLocked() {
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest( domainLockUtils.createRegistryLockRequest(
DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock); DOMAIN_NAME, "TheRegistrar", POC_ID, false, clock);
String verificationCode = lock.getVerificationCode(); String verificationCode = lock.getVerificationCode();
// reload to pick up modification times, etc // reload to pick up modification times, etc
@ -318,7 +322,7 @@ public final class DomainLockUtilsTest {
assertThat( assertThat(
assertThrows( assertThrows(
IllegalArgumentException.class, IllegalArgumentException.class,
() -> DomainLockUtils.verifyAndApplyLock(verificationCode, false, clock))) () -> domainLockUtils.verifyAndApplyLock(verificationCode, false, clock)))
.hasMessageThat() .hasMessageThat()
.isEqualTo("Domain example.tld is already locked"); .isEqualTo("Domain example.tld is already locked");

4
core/src/test/java/google/registry/tools/LockDomainCommandTest.java
View file

@ -30,7 +30,9 @@ import google.registry.model.registrar.Registrar.Type;
import google.registry.model.registry.RegistryLockDao; import google.registry.model.registry.RegistryLockDao;
import google.registry.persistence.transaction.JpaTestRules; import google.registry.persistence.transaction.JpaTestRules;
import google.registry.persistence.transaction.JpaTestRules.JpaIntegrationWithCoverageRule; import google.registry.persistence.transaction.JpaTestRules.JpaIntegrationWithCoverageRule;
import google.registry.testing.DeterministicStringGenerator;
import google.registry.testing.FakeClock; import google.registry.testing.FakeClock;
import google.registry.util.StringGenerator.Alphabets;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -51,6 +53,8 @@ public class LockDomainCommandTest extends CommandTestCase<LockDomainCommand> {
createTld("tld"); createTld("tld");
command.registryAdminClientId = "adminreg"; command.registryAdminClientId = "adminreg";
command.clock = new FakeClock(); command.clock = new FakeClock();
command.domainLockUtils =
new DomainLockUtils(new DeterministicStringGenerator(Alphabets.BASE_58));
} }
@Test @Test

8
core/src/test/java/google/registry/tools/UnlockDomainCommandTest.java
View file

@ -33,7 +33,9 @@ import google.registry.model.registry.RegistryLockDao;
import google.registry.persistence.transaction.JpaTestRules; import google.registry.persistence.transaction.JpaTestRules;
import google.registry.persistence.transaction.JpaTestRules.JpaIntegrationWithCoverageRule; import google.registry.persistence.transaction.JpaTestRules.JpaIntegrationWithCoverageRule;
import google.registry.schema.domain.RegistryLock; import google.registry.schema.domain.RegistryLock;
import google.registry.testing.DeterministicStringGenerator;
import google.registry.testing.FakeClock; import google.registry.testing.FakeClock;
import google.registry.util.StringGenerator.Alphabets;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -54,14 +56,16 @@ public class UnlockDomainCommandTest extends CommandTestCase<UnlockDomainCommand
createTld("tld"); createTld("tld");
command.registryAdminClientId = "adminreg"; command.registryAdminClientId = "adminreg";
command.clock = new FakeClock(); command.clock = new FakeClock();
command.domainLockUtils =
new DomainLockUtils(new DeterministicStringGenerator(Alphabets.BASE_58));
} }
private DomainBase persistLockedDomain(String domainName, String registrarId) { private DomainBase persistLockedDomain(String domainName, String registrarId) {
DomainBase domain = persistResource(newDomainBase(domainName)); DomainBase domain = persistResource(newDomainBase(domainName));
RegistryLock lock = RegistryLock lock =
DomainLockUtils.createRegistryLockRequest( command.domainLockUtils.createRegistryLockRequest(
domainName, registrarId, null, true, command.clock); domainName, registrarId, null, true, command.clock);
DomainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, command.clock); command.domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true, command.clock);
return reloadResource(domain); return reloadResource(domain);
} }

9
core/src/test/java/google/registry/ui/server/registrar/RegistryLockGetActionTest.java
View file

@ -43,7 +43,6 @@ import google.registry.testing.FakeClock;
import google.registry.testing.FakeResponse; import google.registry.testing.FakeResponse;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
import java.util.UUID;
import org.joda.time.DateTime; import org.joda.time.DateTime;
import org.junit.Before; import org.junit.Before;
import org.junit.Rule; import org.junit.Rule;
@ -97,7 +96,7 @@ public final class RegistryLockGetActionTest {
.setRepoId("repoId") .setRepoId("repoId")
.setDomainName("example.test") .setDomainName("example.test")
.setRegistrarId("TheRegistrar") .setRegistrarId("TheRegistrar")
.setVerificationCode(UUID.randomUUID().toString()) .setVerificationCode("123456789ABCDEFGHJKLMNPQRSTUVWXY")
.setRegistrarPocId("johndoe@theregistrar.com") .setRegistrarPocId("johndoe@theregistrar.com")
.setLockCompletionTimestamp(fakeClock.nowUtc()) .setLockCompletionTimestamp(fakeClock.nowUtc())
.build(); .build();
@ -107,7 +106,7 @@ public final class RegistryLockGetActionTest {
.setRepoId("repoId") .setRepoId("repoId")
.setDomainName("adminexample.test") .setDomainName("adminexample.test")
.setRegistrarId("TheRegistrar") .setRegistrarId("TheRegistrar")
.setVerificationCode(UUID.randomUUID().toString()) .setVerificationCode("122222222ABCDEFGHJKLMNPQRSTUVWXY")
.isSuperuser(true) .isSuperuser(true)
.setLockCompletionTimestamp(fakeClock.nowUtc()) .setLockCompletionTimestamp(fakeClock.nowUtc())
.build(); .build();
@ -116,7 +115,7 @@ public final class RegistryLockGetActionTest {
.setRepoId("repoId") .setRepoId("repoId")
.setDomainName("incomplete.test") .setDomainName("incomplete.test")
.setRegistrarId("TheRegistrar") .setRegistrarId("TheRegistrar")
.setVerificationCode(UUID.randomUUID().toString()) .setVerificationCode("111111111ABCDEFGHJKLMNPQRSTUVWXY")
.setRegistrarPocId("johndoe@theregistrar.com") .setRegistrarPocId("johndoe@theregistrar.com")
.build(); .build();
@ -126,7 +125,7 @@ public final class RegistryLockGetActionTest {
.setDomainName("unlocked.test") .setDomainName("unlocked.test")
.setRegistrarId("TheRegistrar") .setRegistrarId("TheRegistrar")
.setRegistrarPocId("johndoe@theregistrar.com") .setRegistrarPocId("johndoe@theregistrar.com")
.setVerificationCode(UUID.randomUUID().toString()) .setVerificationCode("123456789ABCDEFGHJKLMNPQRSTUUUUU")
.setLockCompletionTimestamp(fakeClock.nowUtc()) .setLockCompletionTimestamp(fakeClock.nowUtc())
.setUnlockRequestTimestamp(fakeClock.nowUtc()) .setUnlockRequestTimestamp(fakeClock.nowUtc())
.setUnlockCompletionTimestamp(fakeClock.nowUtc()) .setUnlockCompletionTimestamp(fakeClock.nowUtc())

13
core/src/test/java/google/registry/ui/server/registrar/RegistryLockPostActionTest.java
View file

@ -42,9 +42,12 @@ import google.registry.request.auth.AuthenticatedRegistrarAccessor.Role;
import google.registry.request.auth.UserAuthInfo; import google.registry.request.auth.UserAuthInfo;
import google.registry.schema.domain.RegistryLock; import google.registry.schema.domain.RegistryLock;
import google.registry.testing.AppEngineRule; import google.registry.testing.AppEngineRule;
import google.registry.testing.DeterministicStringGenerator;
import google.registry.testing.FakeClock; import google.registry.testing.FakeClock;
import google.registry.tools.DomainLockUtils;
import google.registry.util.EmailMessage; import google.registry.util.EmailMessage;
import google.registry.util.SendEmailService; import google.registry.util.SendEmailService;
import google.registry.util.StringGenerator.Alphabets;
import java.util.Map; import java.util.Map;
import java.util.UUID; import java.util.UUID;
import javax.mail.internet.InternetAddress; import javax.mail.internet.InternetAddress;
@ -402,7 +405,15 @@ public final class RegistryLockPostActionTest {
ImmutableSetMultimap.of("TheRegistrar", Role.OWNER, "NewRegistrar", Role.OWNER)); ImmutableSetMultimap.of("TheRegistrar", Role.OWNER, "NewRegistrar", Role.OWNER));
JsonActionRunner jsonActionRunner = JsonActionRunner jsonActionRunner =
new JsonActionRunner(ImmutableMap.of(), new JsonResponse(new ResponseImpl(mockResponse))); new JsonActionRunner(ImmutableMap.of(), new JsonResponse(new ResponseImpl(mockResponse)));
DomainLockUtils domainLockUtils =
new DomainLockUtils(new DeterministicStringGenerator(Alphabets.BASE_58));
return new RegistryLockPostAction( return new RegistryLockPostAction(
jsonActionRunner, authResult, registrarAccessor, emailService, clock, outgoingAddress); jsonActionRunner,
authResult,
registrarAccessor,
emailService,
clock,
domainLockUtils,
outgoingAddress);
} }
} }

14
core/src/test/java/google/registry/ui/server/registrar/RegistryLockVerifyActionTest.java
View file

@ -47,11 +47,14 @@ import google.registry.schema.domain.RegistryLock;
import google.registry.security.XsrfTokenManager; import google.registry.security.XsrfTokenManager;
import google.registry.testing.AppEngineRule; import google.registry.testing.AppEngineRule;
import google.registry.testing.DatastoreHelper; import google.registry.testing.DatastoreHelper;
import google.registry.testing.DeterministicStringGenerator;
import google.registry.testing.FakeClock; import google.registry.testing.FakeClock;
import google.registry.testing.FakeResponse; import google.registry.testing.FakeResponse;
import google.registry.testing.InjectRule; import google.registry.testing.InjectRule;
import google.registry.testing.UserInfo; import google.registry.testing.UserInfo;
import java.util.UUID; import google.registry.tools.DomainLockUtils;
import google.registry.util.StringGenerator;
import google.registry.util.StringGenerator.Alphabets;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.joda.time.Duration; import org.joda.time.Duration;
import org.junit.Before; import org.junit.Before;
@ -81,7 +84,9 @@ public final class RegistryLockVerifyActionTest {
private final HttpServletRequest request = mock(HttpServletRequest.class); private final HttpServletRequest request = mock(HttpServletRequest.class);
private final UserService userService = UserServiceFactory.getUserService(); private final UserService userService = UserServiceFactory.getUserService();
private final User user = new User("marla.singer@example.com", "gmail.com", "12345"); private final User user = new User("marla.singer@example.com", "gmail.com", "12345");
private final String lockId = "f1be78a2-2d61-458c-80f0-9dd8f2f8625f"; private final String lockId = "123456789ABCDEFGHJKLMNPQRSTUVWXY";
private final StringGenerator stringGenerator =
new DeterministicStringGenerator(Alphabets.BASE_58);
private FakeResponse response; private FakeResponse response;
private DomainBase domain; private DomainBase domain;
@ -145,7 +150,7 @@ public final class RegistryLockVerifyActionTest {
@Test @Test
public void testFailure_badVerificationCode() { public void testFailure_badVerificationCode() {
RegistryLockDao.save( RegistryLockDao.save(
createLock().asBuilder().setVerificationCode(UUID.randomUUID().toString()).build()); createLock().asBuilder().setVerificationCode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").build());
action.run(); action.run();
assertThat(response.getPayload()).contains("Failed: Invalid verification code"); assertThat(response.getPayload()).contains("Failed: Invalid verification code");
assertNoDomainChanges(); assertNoDomainChanges();
@ -330,7 +335,8 @@ public final class RegistryLockVerifyActionTest {
private RegistryLockVerifyAction createAction(String lockVerificationCode, Boolean isLock) { private RegistryLockVerifyAction createAction(String lockVerificationCode, Boolean isLock) {
response = new FakeResponse(); response = new FakeResponse();
RegistryLockVerifyAction action = RegistryLockVerifyAction action =
new RegistryLockVerifyAction(fakeClock, lockVerificationCode, isLock); new RegistryLockVerifyAction(
fakeClock, new DomainLockUtils(stringGenerator), lockVerificationCode, isLock);
authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false)); authResult = AuthResult.create(AuthLevel.USER, UserAuthInfo.create(user, false));
action.req = request; action.req = request;
action.response = response; action.response = response;