zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-08-20 00:14:07 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/java/google/registry/model/domain/DomainAuthInfo.java
cgoldfeder 5098b03af4 DeReference the codebase 
This change replaces all Ref objects in the code with Key objects. These are
stored in datastore as the same object (raw datastore keys), so this is not
a model change.

Our best practices doc says to use Keys not Refs because:
 * The .get() method obscures what's actually going on
   - Much harder to visually audit the code for datastore loads
   - Hard to distinguish Ref<T> get()'s from Optional get()'s and Supplier get()'s
 * Implicit ofy().load() offers much less control
   - Antipattern for ultimate goal of making Ofy injectable
   - Can't control cache use or batch loading without making ofy() explicit anyway
 * Serialization behavior is surprising and could be quite dangerous/incorrect
   - Can lead to serialization errors. If it actually worked "as intended",
     it would lead to a Ref<> on a serialized object being replaced upon
     deserialization with a stale copy of the old value, which could potentially
     break all kinds of transactional expectations
 * Having both Ref<T> and Key<T> introduces extra boilerplate everywhere
   - E.g. helper methods all need to have Ref and Key overloads, or you need to
     call .key() to get the Key<T> for every Ref<T> you want to pass in
   - Creating a Ref<T> is more cumbersome, since it doesn't have all the create()
     overloads that Key<T> has, only create(Key<T>) and create(Entity) - no way to
     create directly from kind+ID/name, raw Key, websafe key string, etc.

(Note that Refs are treated specially by Objectify's @Load method and Keys are not;
we don't use that feature, but it is the one advantage Refs have over Keys.)

The direct impetus for this change is that I am trying to audit our use of memcache,
and the implicit .get() calls to datastore were making that very hard.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=131965491
2016-09-02 13:50:20 -04:00

65 lines
2.4 KiB
Java
Raw Blame History

// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.model.domain;
import static com.google.common.base.Preconditions.checkNotNull;
import static google.registry.model.ofy.ObjectifyService.ofy;
import com.googlecode.objectify.Key;
import com.googlecode.objectify.annotation.Embed;
import google.registry.model.EppResource;
import google.registry.model.contact.ContactResource;
import google.registry.model.eppcommon.AuthInfo;
/** A version of authInfo specifically for domains. */
@Embed
public class DomainAuthInfo extends AuthInfo {
public static DomainAuthInfo create(PasswordAuth pw) {
DomainAuthInfo instance = new DomainAuthInfo();
instance.pw = pw;
return instance;
}
@Override
public void verifyAuthorizedFor(EppResource eppResource) throws BadAuthInfoException {
DomainBase domain = (DomainBase) eppResource;
checkNotNull(getPw());
if (getRepoId() != null) {
// Make sure the repo id matches one of the contacts on the domain.
Key<ContactResource> foundContact = null;
for (Key<ContactResource> contact : domain.getReferencedContacts()) {
String contactRepoId = contact.getName();
if (getRepoId().equals(contactRepoId)) {
foundContact = contact;
break;
}
}
if (foundContact == null) {
throw new BadAuthInfoException();
}
// Check if the password provided matches the password on the referenced contact.
if (!ofy().load().key(foundContact).now().getAuthInfo().getPw().getValue().equals(
getPw().getValue())) {
throw new BadAuthInfoException();
}
} else {
// If not repository ID is specified, then check the password against the domain's password.
if (!domain.getAuthInfo().getPw().getValue().equals(getPw().getValue())) {
throw new BadAuthInfoException();
}
}
}
}
Reference in a new issue View git blame Copy permalink