zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-02 13:07:50 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/java/google/registry/flows/EppToolAction.java
mountford 1f000b94e6 Set correct auth settings for all actions 
A test has been added to RequestHandlerTest, making sure that, while we merely log errors for the time being, the correct dummy AuthResult is being created.

Most actions use the default settings, which have been changed to INTERNAL / APP / IGNORED. Actions with non-default settings are:

INTERNAL/NONE/PUBLIC (non-auth public endpoints)

CheckApiAction
WhoisHttpServer
Rdap*Action

INTERNAL,API/APP/ADMIN (things currently protected by web.xml)

EppTlsAction
EppToolAction
CreateGroupsAction
CreatePremiumListAction
DeleteEntityAction
List*sAction
UpdatePremiumListAction
VerifyOteAction
WhoisServer

INTERNAL,API,LEGACY/USER/PUBLIC (registrar console)

RegistrarPaymentAction
RegistrarPaymentSetupAction
RegistrarSettingsAction
EppConsoleAction

INTERNAL,API,LEGACY/NONE/PUBLIC (registrar console main page)

ConsoleUiAction

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=149761652
2017-03-13 11:22:55 -04:00

92 lines
3 KiB
Java
Raw Blame History

// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.flows;
import static google.registry.request.RequestParameters.extractBooleanParameter;
import static google.registry.request.RequestParameters.extractRequiredParameter;
import static java.nio.charset.StandardCharsets.UTF_8;
import dagger.Module;
import dagger.Provides;
import google.registry.model.eppcommon.ProtocolDefinition;
import google.registry.request.Action;
import google.registry.request.Action.Method;
import google.registry.request.Parameter;
import google.registry.request.auth.Auth;
import google.registry.request.auth.AuthLevel;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
/** Runs EPP commands directly without logging in, verifying an XSRF token from the tool. */
@Action(
path = "/_dr/epptool",
xsrfProtection = true,
xsrfScope = "admin",
method = Method.POST,
auth =
@Auth(
methods = {Auth.AuthMethod.INTERNAL, Auth.AuthMethod.API},
minimumLevel = AuthLevel.APP,
userPolicy = Auth.UserPolicy.ADMIN
)
)
public class EppToolAction implements Runnable {
@Inject @Parameter("clientId") String clientId;
@Inject @Parameter("superuser") boolean isSuperuser;
@Inject @Parameter("dryRun") boolean isDryRun;
@Inject @Parameter("xml") String xml;
@Inject EppRequestHandler eppRequestHandler;
@Inject EppToolAction() {}
@Override
public void run() {
eppRequestHandler.executeEpp(
new StatelessRequestSessionMetadata(
clientId,
ProtocolDefinition.getVisibleServiceExtensionUris()),
new PasswordOnlyTransportCredentials(),
EppRequestSource.TOOL,
isDryRun,
isSuperuser,
xml.getBytes(UTF_8));
}
/** Dagger module for the epp tool endpoint. */
@Module
public static final class EppToolModule {
// TODO(b/29139545): Make parameters consistent across the graph. @Parameter("dryRun") is
// already provided elsewhere in the graph and happens to work for us but that's just luck.
@Provides
@Parameter("xml")
static String provideXml(HttpServletRequest req) {
return extractRequiredParameter(req, "xml");
}
@Provides
@Parameter("superuser")
static boolean provideIsSuperuser(HttpServletRequest req) {
return extractBooleanParameter(req, "superuser");
}
@Provides
@Parameter("clientId")
static String provideClientId(HttpServletRequest req) {
return extractRequiredParameter(req, "clientId");
}
}
}
Reference in a new issue View git blame Copy permalink