zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-02 21:17:50 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/java/google/registry/ui/js/session.js
guyben 847795d58d Remove the web console EPP endpoint 
This removes the "create Domain/Host/Contact" forms that were supposed to be used instead of regular EPPs for CC-TLD that wanted to support it.

We're removing it because we don't use it and want to reduce unneeded code for the registry 3.0 migration.

Also, this is a security risk, as it allowed to do "billable actions" (creating a new domain for example) with the only authentication being access to the registrar's G Suite account.

This bypassed the certificate, IP whitelist, and EPP password, which is bad.

PUBLIC:
Remove the web console EPP endpoint

This removes the "create Domain/Host/Contact" forms that were supposed to be used instead of regular EPPs for CC-TLD that wanted to support it.

We're removing it because we don't use it and want to reduce unneeded code for the registry 3.0 migration.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=236244195
2019-03-05 14:20:42 -05:00

107 lines
3 KiB
JavaScript
Raw Blame History

// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
goog.provide('registry.Session');
goog.require('goog.json');
goog.require('goog.net.XhrIo');
goog.require('registry.util');
goog.forwardDeclare('goog.Uri');
/**
* XHR launcher for JSON requests.
* @param {!goog.Uri} defaultUri URI to which requests are POSTed.
* @param {string} xsrfToken Cross-site request forgery protection token.
* @constructor
* @template REQUEST, RESPONSE
*/
registry.Session = function(defaultUri, xsrfToken) {
/**
* URI to which requests are posted.
* @protected {!goog.Uri}
* @const
*/
this.uri = defaultUri;
/**
* XHR request headers.
* @private {!Object<string, string>}
* @const
*/
this.headers_ = {
'Content-Type': 'application/json; charset=utf-8',
'X-CSRF-Token': xsrfToken,
'X-Requested-With': 'XMLHttpRequest'
};
};
/**
* Abstract method to send a request to the server.
* @param {REQUEST} body HTTP request body as a string or JSON object.
* @param {function(RESPONSE)} onSuccess XHR success callback.
* @param {function(string)=} opt_onError XHR error callback. The default action
* is to show a bloody butterbar.
* @final
*/
registry.Session.prototype.sendXhrIo =
function(body, onSuccess, opt_onError) {
goog.net.XhrIo.send(
this.uri.toString(),
goog.bind(this.onXhrComplete_, this, onSuccess,
opt_onError || goog.bind(this.displayError_, this)),
'POST',
goog.isObject(body) ? goog.json.serialize(body) : body,
this.headers_);
};
/**
* Handler invoked when an asynchronous request is complete.
* @param {function(RESPONSE)} onSuccess Success callback.
* @param {function(string)} onError Success callback.
* @param {{target: !goog.net.XhrIo}} e XHR event.
* @private
*/
registry.Session.prototype.onXhrComplete_ = function(onSuccess, onError, e) {
if (e.target.isSuccess()) {
onSuccess(/** @type {!RESPONSE} */ (
e.target.getResponseJson(registry.Session.PARSER_BREAKER_)));
} else {
onError(e.target.getLastError());
}
};
/**
* JSON response prefix which prevents evaluation.
* @private {string}
* @const
*/
registry.Session.PARSER_BREAKER_ = ')]}\'\n';
/**
* Displays `message` to user in bloody butterbar.
* @param {string} message
* @private
*/
registry.Session.prototype.displayError_ = function(message) {
registry.util.butter(
this.uri.toString() + ': ' + message + '. Please reload.', true);
};
Reference in a new issue View git blame Copy permalink