diff --git a/java/google/registry/flows/EppConsoleAction.java b/java/google/registry/flows/EppConsoleAction.java index a8d586d51..20aa52d94 100644 --- a/java/google/registry/flows/EppConsoleAction.java +++ b/java/google/registry/flows/EppConsoleAction.java @@ -44,6 +44,7 @@ public class EppConsoleAction implements Runnable { new HttpSessionMetadata(session), new GaeUserCredentials(getUserService().getCurrentUser()), false, // This endpoint is never a dry run. + false, // This endpoint is never a superuser. inputXmlBytes); } } diff --git a/java/google/registry/flows/EppController.java b/java/google/registry/flows/EppController.java index 53b3a79f5..bb02f6f5f 100644 --- a/java/google/registry/flows/EppController.java +++ b/java/google/registry/flows/EppController.java @@ -55,6 +55,7 @@ public final class EppController { SessionMetadata sessionMetadata, TransportCredentials credentials, boolean isDryRun, + boolean isSuperuser, byte[] inputXmlBytes) { Trid trid = null; try { @@ -63,7 +64,7 @@ public final class EppController { ImmutableList targetIds = eppInput.getTargetIds(); metrics.setCommandName(eppInput.getCommandName()); metrics.setClientId(sessionMetadata.getClientId()); - metrics.setPrivilegeLevel(sessionMetadata.isSuperuser() ? "SUPERUSER" : "NORMAL"); + metrics.setPrivilegeLevel(isSuperuser ? "SUPERUSER" : "NORMAL"); if (!targetIds.isEmpty()) { metrics.setEppTarget(Joiner.on(",").join(targetIds)); } @@ -74,6 +75,7 @@ public final class EppController { sessionMetadata, credentials, isDryRun, + isSuperuser, inputXmlBytes, metrics, clock); diff --git a/java/google/registry/flows/EppRequestHandler.java b/java/google/registry/flows/EppRequestHandler.java index b22e72040..3ea855e21 100644 --- a/java/google/registry/flows/EppRequestHandler.java +++ b/java/google/registry/flows/EppRequestHandler.java @@ -43,11 +43,12 @@ public class EppRequestHandler { SessionMetadata sessionMetadata, TransportCredentials credentials, boolean isDryRun, + boolean isSuperuser, byte[] inputXmlBytes) { try { response.setPayload(new String( eppController.handleEppCommand( - sessionMetadata, credentials, isDryRun, inputXmlBytes), UTF_8)); + sessionMetadata, credentials, isDryRun, isSuperuser, inputXmlBytes), UTF_8)); response.setContentType(APPLICATION_EPP_XML); // Note that we always return 200 (OK) even if the EppController returns an error response. // This is because returning an non-OK HTTP status code will cause the proxy server to diff --git a/java/google/registry/flows/EppTlsAction.java b/java/google/registry/flows/EppTlsAction.java index 008cb7bc9..55e00cfc1 100644 --- a/java/google/registry/flows/EppTlsAction.java +++ b/java/google/registry/flows/EppTlsAction.java @@ -50,6 +50,7 @@ public class EppTlsAction implements Runnable { new HttpSessionMetadata(session), tlsCredentials, false, // This endpoint is never a dry run. + false, // This endpoint is never a superuser. inputXmlBytes); } } diff --git a/java/google/registry/flows/EppToolAction.java b/java/google/registry/flows/EppToolAction.java index 345dd143a..36c456d4e 100644 --- a/java/google/registry/flows/EppToolAction.java +++ b/java/google/registry/flows/EppToolAction.java @@ -39,8 +39,8 @@ import javax.servlet.http.HttpServletRequest; public class EppToolAction implements Runnable { @Inject @Parameter("clientIdentifier") String clientIdentifier; - @Inject @Parameter("superuser") boolean superuser; - @Inject @Parameter("dryRun") boolean dryRun; + @Inject @Parameter("superuser") boolean isSuperuser; + @Inject @Parameter("dryRun") boolean isDryRun; @Inject @Parameter("xml") String xml; @Inject EppRequestHandler eppRequestHandler; @Inject EppToolAction() {} @@ -50,11 +50,11 @@ public class EppToolAction implements Runnable { eppRequestHandler.executeEpp( new StatelessRequestSessionMetadata( clientIdentifier, - superuser, ProtocolDefinition.getVisibleServiceExtensionUris(), SessionSource.TOOL), new PasswordOnlyTransportCredentials(), - dryRun, + isDryRun, + isSuperuser, xml.getBytes(UTF_8)); } diff --git a/java/google/registry/flows/Flow.java b/java/google/registry/flows/Flow.java index c65361d2c..b46a4402a 100644 --- a/java/google/registry/flows/Flow.java +++ b/java/google/registry/flows/Flow.java @@ -48,7 +48,7 @@ public abstract class Flow { protected byte[] inputXmlBytes; /** Whether this flow is being run in a superuser mode that can skip some checks. */ - protected boolean superuser; + protected boolean isSuperuser; /** The collection of allowed extensions for the flow. */ private Set> validExtensions = new HashSet<>(); @@ -103,6 +103,7 @@ public abstract class Flow { Trid trid, SessionMetadata sessionMetadata, TransportCredentials credentials, + boolean isSuperuser, DateTime now, byte[] inputXmlBytes) throws EppException { this.eppInput = eppInput; @@ -110,7 +111,7 @@ public abstract class Flow { this.sessionMetadata = sessionMetadata; this.credentials = credentials; this.now = now; - this.superuser = sessionMetadata.isSuperuser(); + this.isSuperuser = isSuperuser; this.inputXmlBytes = inputXmlBytes; initFlow(); validExtensions = ImmutableSet.copyOf(validExtensions); diff --git a/java/google/registry/flows/FlowRunner.java b/java/google/registry/flows/FlowRunner.java index 90b4d4ae6..2486b2005 100644 --- a/java/google/registry/flows/FlowRunner.java +++ b/java/google/registry/flows/FlowRunner.java @@ -36,7 +36,7 @@ import org.joda.time.DateTime; /** Run a flow, either transactionally or not, with logging and retrying as needed. */ public class FlowRunner { - private static final String COMMAND_LOG_FORMAT = "EPP Command" + Strings.repeat("\n\t%s", 6); + private static final String COMMAND_LOG_FORMAT = "EPP Command" + Strings.repeat("\n\t%s", 7); private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass(); @@ -45,6 +45,7 @@ public class FlowRunner { private final Trid trid; private final SessionMetadata sessionMetadata; private final boolean isDryRun; + private final boolean isSuperuser; private final TransportCredentials credentials; private final byte[] inputXmlBytes; private final EppMetrics metrics; @@ -57,6 +58,7 @@ public class FlowRunner { SessionMetadata sessionMetadata, TransportCredentials credentials, boolean isDryRun, + boolean isSuperuser, byte[] inputXmlBytes, final EppMetrics metrics, Clock clock) { @@ -67,6 +69,7 @@ public class FlowRunner { this.sessionMetadata = sessionMetadata; this.credentials = credentials; this.isDryRun = isDryRun; + this.isSuperuser = isSuperuser; this.inputXmlBytes = inputXmlBytes; this.metrics = metrics; this.clock = clock; @@ -81,7 +84,8 @@ public class FlowRunner { sessionMetadata, prettyPrint(inputXmlBytes).replaceAll("\n", "\n\t"), credentials, - isDryRun ? "DRY_RUN" : "LIVE"); + isDryRun ? "DRY_RUN" : "LIVE", + isSuperuser ? "SUPERUSER" : "NORMAL"); if (!isTransactional()) { if (metrics != null) { metrics.incrementAttempts(); @@ -93,7 +97,7 @@ public class FlowRunner { // before it could log. logger.info("EPP_Mutation " + new JsonLogStatement(trid) .add("client", clientId) - .add("privileges", sessionMetadata.isSuperuser() ? "SUPERUSER" : "NORMAL") + .add("privileges", isSuperuser ? "SUPERUSER" : "NORMAL") .add("xmlBytes", base64().encode(inputXmlBytes))); try { EppOutput flowResult = ofy().transact(new Work() { @@ -134,6 +138,7 @@ public class FlowRunner { trid, sessionMetadata, credentials, + isSuperuser, now, inputXmlBytes); } diff --git a/java/google/registry/flows/LoggedInFlow.java b/java/google/registry/flows/LoggedInFlow.java index 4a4d958ee..1a2f72c90 100644 --- a/java/google/registry/flows/LoggedInFlow.java +++ b/java/google/registry/flows/LoggedInFlow.java @@ -95,7 +95,7 @@ public abstract class LoggedInFlow extends Flow { getClientId(), getClass().getSimpleName(), undeclaredUris); } } - if (sessionMetadata.isSuperuser()) { + if (isSuperuser) { allowedTlds = getTlds(); } else { Registrar registrar = verifyNotNull( diff --git a/java/google/registry/flows/OwnedResourceMutateFlow.java b/java/google/registry/flows/OwnedResourceMutateFlow.java index 9fad064a1..c6352270b 100644 --- a/java/google/registry/flows/OwnedResourceMutateFlow.java +++ b/java/google/registry/flows/OwnedResourceMutateFlow.java @@ -31,7 +31,7 @@ public abstract class OwnedResourceMutateFlow /** Fail if the object doesn't exist or was deleted. */ @Override protected final void verifyMutationAllowed() throws EppException { - if (!superuser) { + if (!isSuperuser) { verifyResourceOwnership(getClientId(), existingResource); } verifyMutationOnOwnedResourceAllowed(); diff --git a/java/google/registry/flows/ResourceCreateOrMutateFlow.java b/java/google/registry/flows/ResourceCreateOrMutateFlow.java index 5ff421a36..7f230df6a 100644 --- a/java/google/registry/flows/ResourceCreateOrMutateFlow.java +++ b/java/google/registry/flows/ResourceCreateOrMutateFlow.java @@ -78,7 +78,7 @@ public abstract class ResourceCreateOrMutateFlow .setTrid(trid) .setModificationTime(now) .setXmlBytes(storeXmlInHistoryEntry() ? inputXmlBytes : null) - .setBySuperuser(superuser) + .setBySuperuser(isSuperuser) .setReason(getHistoryEntryReason()) .setRequestedByRegistrar(getHistoryEntryRequestedByRegistrar()) .setParent(getResourceKey()) diff --git a/java/google/registry/flows/ResourceFlow.java b/java/google/registry/flows/ResourceFlow.java index 41d506214..dd9833d71 100644 --- a/java/google/registry/flows/ResourceFlow.java +++ b/java/google/registry/flows/ResourceFlow.java @@ -67,7 +67,7 @@ public abstract class ResourceFlow getServiceExtensionUris() { return getProperty(Set.class, SERVICE_EXTENSIONS_KEY); @@ -116,10 +109,6 @@ public abstract class SessionMetadata { setPropertyChecked(CLIENT_ID_KEY, clientId); } - public void setSuperuser(boolean superuser) { - setPropertyChecked(SUPERUSER_KEY, superuser); - } - public void setServiceExtensionUris(Set serviceExtensionUris) { setPropertyChecked(SERVICE_EXTENSIONS_KEY, checkNotNull(serviceExtensionUris)); } @@ -142,7 +131,6 @@ public abstract class SessionMetadata { return toStringHelper(getClass()) .add("system hash code", System.identityHashCode(this)) .add("clientId", getClientId()) - .add("isSuperuser", isSuperuser()) .add("failedLoginAttempts", getFailedLoginAttempts()) .add("sessionSource", getSessionSource()) .add("serviceExtensionUris", Joiner.on('.').join(nullToEmpty(getServiceExtensionUris()))) diff --git a/java/google/registry/flows/StatelessRequestSessionMetadata.java b/java/google/registry/flows/StatelessRequestSessionMetadata.java index 78041c611..c12a7d43e 100644 --- a/java/google/registry/flows/StatelessRequestSessionMetadata.java +++ b/java/google/registry/flows/StatelessRequestSessionMetadata.java @@ -20,17 +20,14 @@ import java.util.Set; public class StatelessRequestSessionMetadata extends SessionMetadata { private final String clientId; - private final boolean isSuperuser; private final Set serviceExtensionUris; private final SessionSource sessionSource; public StatelessRequestSessionMetadata( String clientId, - boolean isSuperuser, Set serviceExtensionUris, SessionSource source) { this.clientId = clientId; - this.isSuperuser = isSuperuser; this.serviceExtensionUris = serviceExtensionUris; this.sessionSource = source; } @@ -40,11 +37,6 @@ public class StatelessRequestSessionMetadata extends SessionMetadata { return clientId; } - @Override - public boolean isSuperuser() { - return isSuperuser; - } - @Override public Set getServiceExtensionUris() { return serviceExtensionUris; diff --git a/java/google/registry/flows/contact/ContactDeleteFlow.java b/java/google/registry/flows/contact/ContactDeleteFlow.java index 9918fb9d5..6651409ff 100644 --- a/java/google/registry/flows/contact/ContactDeleteFlow.java +++ b/java/google/registry/flows/contact/ContactDeleteFlow.java @@ -77,7 +77,7 @@ public class ContactDeleteFlow extends ResourceAsyncDeleteFlow applications = FluentIterable diff --git a/java/google/registry/flows/domain/DomainApplicationDeleteFlow.java b/java/google/registry/flows/domain/DomainApplicationDeleteFlow.java index 2ef78db3c..b459a858e 100644 --- a/java/google/registry/flows/domain/DomainApplicationDeleteFlow.java +++ b/java/google/registry/flows/domain/DomainApplicationDeleteFlow.java @@ -66,7 +66,7 @@ public class DomainApplicationDeleteFlow // Don't allow deleting a sunrise application during landrush. if (existingResource.getPhase().equals(LaunchPhase.SUNRISE) && Registry.get(existingResource.getTld()).getTldState(now).equals(TldState.LANDRUSH) - && !superuser) { + && !isSuperuser) { throw new SunriseApplicationCannotBeDeletedInLandrushException(); } } diff --git a/java/google/registry/flows/domain/DomainCreateFlow.java b/java/google/registry/flows/domain/DomainCreateFlow.java index 74f60884d..5c5939531 100644 --- a/java/google/registry/flows/domain/DomainCreateFlow.java +++ b/java/google/registry/flows/domain/DomainCreateFlow.java @@ -109,7 +109,7 @@ public class DomainCreateFlow extends DomainCreateOrAllocateFlow { protected final void verifyDomainCreateIsAllowed() throws EppException { String tld = getTld(); validateFeeChallenge(targetId, tld, now, feeCreate, createCost); - if (!superuser) { + if (!isSuperuser) { // Prohibit creating a domain if there is an open application for the same name. for (DomainApplication application : loadActiveApplicationsByDomainName(targetId, now)) { if (!application.getApplicationStatus().isFinalStatus()) { diff --git a/java/google/registry/flows/domain/DomainRestoreRequestFlow.java b/java/google/registry/flows/domain/DomainRestoreRequestFlow.java index 0c3094dc3..ffe8e89c5 100644 --- a/java/google/registry/flows/domain/DomainRestoreRequestFlow.java +++ b/java/google/registry/flows/domain/DomainRestoreRequestFlow.java @@ -97,7 +97,7 @@ public class DomainRestoreRequestFlow extends OwnedResourceMutateFlow credentialsCaptor = ArgumentCaptor.forClass(TransportCredentials.class); ArgumentCaptor metadataCaptor = ArgumentCaptor.forClass(SessionMetadata.class); verify(action.eppRequestHandler).executeEpp( - metadataCaptor.capture(), credentialsCaptor.capture(), eq(false), eq(INPUT_XML_BYTES)); + metadataCaptor.capture(), + credentialsCaptor.capture(), + eq(false), + eq(false), + eq(INPUT_XML_BYTES)); assertThat(((GaeUserCredentials) credentialsCaptor.getValue()).gaeUser.getEmail()) .isEqualTo("person@example.com"); - SessionMetadata sessionMetadata = metadataCaptor.getValue(); - assertThat(sessionMetadata.getClientId()).isEqualTo("ClientIdentifier"); - assertThat(sessionMetadata.isSuperuser()).isEqualTo(superuser); - } - - @Test - public void testSuperuser() throws Exception { - doTest(true); - } - - @Test - public void testNotSuperuser() throws Exception { - doTest(false); + assertThat(metadataCaptor.getValue().getClientId()).isEqualTo("ClientIdentifier"); } } diff --git a/javatests/google/registry/flows/EppLifecycleDomainApplicationTest.java b/javatests/google/registry/flows/EppLifecycleDomainApplicationTest.java index 1a920081b..34d263751 100644 --- a/javatests/google/registry/flows/EppLifecycleDomainApplicationTest.java +++ b/javatests/google/registry/flows/EppLifecycleDomainApplicationTest.java @@ -104,12 +104,12 @@ public class EppLifecycleDomainApplicationTest extends EppTestCase { "domain_allocate_testvalidate.xml", "domain_allocate_response_testvalidate_only_superuser.xml", START_OF_GA.plusDays(1)); - setSuperuser(true); + setIsSuperuser(true); assertCommandAndResponse( "domain_allocate_testvalidate.xml", "domain_allocate_response_testvalidate.xml", START_OF_GA.plusDays(1).plusMinutes(1)); - setSuperuser(false); + setIsSuperuser(false); assertCommandAndResponse( "domain_info_testvalidate.xml", "domain_info_response_testvalidate_ok.xml", diff --git a/javatests/google/registry/flows/EppTestCase.java b/javatests/google/registry/flows/EppTestCase.java index 5f4041af3..d67776257 100644 --- a/javatests/google/registry/flows/EppTestCase.java +++ b/javatests/google/registry/flows/EppTestCase.java @@ -70,7 +70,7 @@ public class EppTestCase extends ShardableTestCase { this.credentials = credentials; } - protected void setSuperuser(boolean isSuperuser) { + protected void setIsSuperuser(boolean isSuperuser) { this.isSuperuser = isSuperuser; } @@ -96,7 +96,6 @@ public class EppTestCase extends ShardableTestCase { if (sessionMetadata == null) { sessionMetadata = new TestSessionMetadata(); } - sessionMetadata.setSuperuser(isSuperuser); String actualOutput = executeXmlCommand(input); if (!sessionMetadata.isValid()) { sessionMetadata = null; @@ -118,7 +117,7 @@ public class EppTestCase extends ShardableTestCase { handler.eppController = new EppController(); handler.eppController.clock = clock; handler.eppController.metrics = mock(EppMetrics.class); - handler.executeEpp(sessionMetadata, credentials, false, inputXml.getBytes(UTF_8)); + handler.executeEpp(sessionMetadata, credentials, false, isSuperuser, inputXml.getBytes(UTF_8)); assertThat(response.getStatus()).isEqualTo(SC_OK); assertThat(response.getContentType()).isEqualTo(APPLICATION_EPP_XML_UTF8); String result = response.getPayload(); diff --git a/javatests/google/registry/flows/EppTlsActionTest.java b/javatests/google/registry/flows/EppTlsActionTest.java index 06276f742..8895a9f79 100644 --- a/javatests/google/registry/flows/EppTlsActionTest.java +++ b/javatests/google/registry/flows/EppTlsActionTest.java @@ -37,31 +37,23 @@ public class EppTlsActionTest extends ShardableTestCase { private static final byte[] INPUT_XML_BYTES = "".getBytes(UTF_8); - private void doTest(boolean superuser) { + @Test + public void testPassesArgumentsThrough() { EppTlsAction action = new EppTlsAction(); action.inputXmlBytes = INPUT_XML_BYTES; action.tlsCredentials = mock(TlsCredentials.class); when(action.tlsCredentials.hasSni()).thenReturn(true); action.session = new BasicHttpSession(); action.session.setAttribute("CLIENT_ID", "ClientIdentifier"); - action.session.setAttribute("SUPERUSER", superuser); action.eppRequestHandler = mock(EppRequestHandler.class); action.run(); ArgumentCaptor captor = ArgumentCaptor.forClass(SessionMetadata.class); - verify(action.eppRequestHandler) - .executeEpp(captor.capture(), same(action.tlsCredentials), eq(false), eq(INPUT_XML_BYTES)); - SessionMetadata sessionMetadata = captor.getValue(); - assertThat(sessionMetadata.getClientId()).isEqualTo("ClientIdentifier"); - assertThat(sessionMetadata.isSuperuser()).isEqualTo(superuser); - } - - @Test - public void testSuperuser() throws Exception { - doTest(true); - } - - @Test - public void testNotSuperuser() throws Exception { - doTest(false); + verify(action.eppRequestHandler).executeEpp( + captor.capture(), + same(action.tlsCredentials), + eq(false), + eq(false), + eq(INPUT_XML_BYTES)); + assertThat(captor.getValue().getClientId()).isEqualTo("ClientIdentifier"); } } diff --git a/javatests/google/registry/flows/EppToolActionTest.java b/javatests/google/registry/flows/EppToolActionTest.java index d2a297594..bfa1df7a9 100644 --- a/javatests/google/registry/flows/EppToolActionTest.java +++ b/javatests/google/registry/flows/EppToolActionTest.java @@ -16,8 +16,8 @@ package google.registry.flows; import static com.google.common.truth.Truth.assertThat; import static java.nio.charset.StandardCharsets.UTF_8; -import static org.mockito.Matchers.eq; -import static org.mockito.Matchers.isA; +import static org.mockito.Mockito.eq; +import static org.mockito.Mockito.isA; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; @@ -30,11 +30,11 @@ import org.mockito.ArgumentCaptor; @RunWith(JUnit4.class) public class EppToolActionTest { - private void doTest(boolean dryRun, boolean superuser) { + private void doTest(boolean isDryRun, boolean isSuperuser) { EppToolAction action = new EppToolAction(); action.clientIdentifier = "ClientIdentifier"; - action.dryRun = dryRun; - action.superuser = superuser; + action.isDryRun = isDryRun; + action.isSuperuser = isSuperuser; action.eppRequestHandler = mock(EppRequestHandler.class); action.xml = ""; action.run(); @@ -42,11 +42,10 @@ public class EppToolActionTest { verify(action.eppRequestHandler).executeEpp( captor.capture(), isA(PasswordOnlyTransportCredentials.class), - eq(dryRun), + eq(isDryRun), + eq(isSuperuser), eq(action.xml.getBytes(UTF_8))); - SessionMetadata sessionMetadata = captor.getValue(); - assertThat(sessionMetadata.getClientId()).isEqualTo("ClientIdentifier"); - assertThat(sessionMetadata.isSuperuser()).isEqualTo(superuser); + assertThat(captor.getValue().getClientId()).isEqualTo("ClientIdentifier"); } @Test diff --git a/javatests/google/registry/flows/FlowTestCase.java b/javatests/google/registry/flows/FlowTestCase.java index 179e5316a..3a30872b0 100644 --- a/javatests/google/registry/flows/FlowTestCase.java +++ b/javatests/google/registry/flows/FlowTestCase.java @@ -89,7 +89,7 @@ public abstract class FlowTestCase { protected EppLoader eppLoader; protected Class flowClass; - protected TestSessionMetadata sessionMetadata; + protected SessionMetadata sessionMetadata; protected FakeClock clock = new FakeClock(DateTime.now(UTC)); protected TransportCredentials credentials = new PasswordOnlyTransportCredentials(); @@ -121,7 +121,8 @@ public abstract class FlowTestCase { } /** Load a flow from an epp object. */ - private FlowRunner getFlowRunner(CommitMode commitMode) throws Exception { + private FlowRunner getFlowRunner(CommitMode commitMode, UserPrivileges userPrivileges) + throws Exception { EppInput eppInput = eppLoader.getEpp(); flowClass = firstNonNull(flowClass, FlowPicker.getFlowClass(eppInput)); Class expectedFlowClass = new TypeInstantiator(getClass()){}.getExactType(); @@ -133,6 +134,7 @@ public abstract class FlowTestCase { sessionMetadata, credentials, commitMode.equals(CommitMode.DRY_RUN), + userPrivileges.equals(UserPrivileges.SUPERUSER), "".getBytes(), null, clock); @@ -153,7 +155,8 @@ public abstract class FlowTestCase { } public void assertTransactionalFlow(boolean isTransactional) throws Exception { - assertThat(getFlowRunner(CommitMode.LIVE).isTransactional()).isEqualTo(isTransactional); + assertThat(getFlowRunner(CommitMode.LIVE, UserPrivileges.NORMAL).isTransactional()) + .isEqualTo(isTransactional); } public void assertNoHistory() throws Exception { @@ -271,8 +274,7 @@ public abstract class FlowTestCase { /** Run a flow, and attempt to marshal the result to EPP or throw if it doesn't validate. */ public EppOutput runFlow(CommitMode commitMode, UserPrivileges userPrivileges) throws Exception { - sessionMetadata.setSuperuser(userPrivileges.equals(UserPrivileges.SUPERUSER)); - EppOutput output = getFlowRunner(commitMode).run(); + EppOutput output = getFlowRunner(commitMode, userPrivileges).run(); marshal(output, ValidationMode.STRICT); return output; } @@ -284,8 +286,7 @@ public abstract class FlowTestCase { public void runFlowAssertResponse( CommitMode commitMode, UserPrivileges userPrivileges, String xml, String... ignoredPaths) throws Exception { - sessionMetadata.setSuperuser(userPrivileges.equals(UserPrivileges.SUPERUSER)); - EppOutput eppOutput = getFlowRunner(commitMode).run(); + EppOutput eppOutput = getFlowRunner(commitMode, userPrivileges).run(); if (eppOutput.isResponse()) { assertThat(eppOutput.isSuccess()).isTrue(); } diff --git a/javatests/google/registry/flows/contact/ContactDeleteFlowTest.java b/javatests/google/registry/flows/contact/ContactDeleteFlowTest.java index 9e127414f..dc5cdac17 100644 --- a/javatests/google/registry/flows/contact/ContactDeleteFlowTest.java +++ b/javatests/google/registry/flows/contact/ContactDeleteFlowTest.java @@ -142,7 +142,6 @@ public class ContactDeleteFlowTest @Test public void testSuccess_superuserUnauthorizedClient() throws Exception { - sessionMetadata.setSuperuser(true); sessionMetadata.setClientId("NewRegistrar"); persistActiveContact(getUniqueIdFromCommand()); clock.advanceOneMilli(); diff --git a/javatests/google/registry/flows/contact/ContactUpdateFlowTest.java b/javatests/google/registry/flows/contact/ContactUpdateFlowTest.java index 909680c0f..0c874b4ea 100644 --- a/javatests/google/registry/flows/contact/ContactUpdateFlowTest.java +++ b/javatests/google/registry/flows/contact/ContactUpdateFlowTest.java @@ -195,7 +195,6 @@ public class ContactUpdateFlowTest @Test public void testSuccess_superuserUnauthorizedClient() throws Exception { - sessionMetadata.setSuperuser(true); sessionMetadata.setClientId("NewRegistrar"); persistActiveContact(getUniqueIdFromCommand()); clock.advanceOneMilli(); diff --git a/javatests/google/registry/flows/domain/DomainApplicationDeleteFlowTest.java b/javatests/google/registry/flows/domain/DomainApplicationDeleteFlowTest.java index ec307f516..789cdebf7 100644 --- a/javatests/google/registry/flows/domain/DomainApplicationDeleteFlowTest.java +++ b/javatests/google/registry/flows/domain/DomainApplicationDeleteFlowTest.java @@ -164,7 +164,6 @@ public class DomainApplicationDeleteFlowTest @Test public void testSuccess_superuserUnauthorizedClient() throws Exception { - sessionMetadata.setSuperuser(true); sessionMetadata.setClientId("NewRegistrar"); persistResource( newDomainApplication("example.tld").asBuilder().setRepoId("1-TLD").build()); diff --git a/javatests/google/registry/flows/domain/DomainApplicationUpdateFlowTest.java b/javatests/google/registry/flows/domain/DomainApplicationUpdateFlowTest.java index d21673176..5d4e00976 100644 --- a/javatests/google/registry/flows/domain/DomainApplicationUpdateFlowTest.java +++ b/javatests/google/registry/flows/domain/DomainApplicationUpdateFlowTest.java @@ -565,7 +565,6 @@ public class DomainApplicationUpdateFlowTest @Test public void testSuccess_superuserUnauthorizedClient() throws Exception { - sessionMetadata.setSuperuser(true); sessionMetadata.setClientId("NewRegistrar"); persistReferencedEntities(); persistApplication(); diff --git a/javatests/google/registry/flows/domain/DomainDeleteFlowTest.java b/javatests/google/registry/flows/domain/DomainDeleteFlowTest.java index 856a202db..07cbf8170 100644 --- a/javatests/google/registry/flows/domain/DomainDeleteFlowTest.java +++ b/javatests/google/registry/flows/domain/DomainDeleteFlowTest.java @@ -546,7 +546,6 @@ public class DomainDeleteFlowTest extends ResourceFlowTestCase { @Test public void testSuccess() throws Exception { doSuccessfulTest("login_valid.xml"); - assertThat(sessionMetadata.isSuperuser()).isFalse(); - } - - @Test - public void testSuccess_superuser() throws Exception { - persistResource(getRegistrarBuilder().setIanaIdentifier(9999L).build()); - doSuccessfulTest("login_valid.xml"); - assertThat(sessionMetadata.isSuperuser()).isTrue(); - } - - @Test - public void testSuccess_notSuperuser() throws Exception { - persistResource(getRegistrarBuilder().setIanaIdentifier(15L).build()); - doSuccessfulTest("login_valid.xml"); - assertThat(sessionMetadata.isSuperuser()).isFalse(); } @Test diff --git a/javatests/google/registry/model/EppResourceUtilsTest.java b/javatests/google/registry/model/EppResourceUtilsTest.java index 5af02b8c5..cbb71338e 100644 --- a/javatests/google/registry/model/EppResourceUtilsTest.java +++ b/javatests/google/registry/model/EppResourceUtilsTest.java @@ -87,6 +87,7 @@ public class EppResourceUtilsTest { sessionMetadata, new PasswordOnlyTransportCredentials(), false, + false, "".getBytes(), null, clock)