mirror of
https://github.com/google/nomulus.git
synced 2025-07-27 21:16:25 +02:00
36bd508bf9
Also made some refactoring to various Auth related classes to clean up things a bit and make the logic less convoluted: 1. In Auth, remove AUTH_API_PUBLIC as it is only used by the WHOIS and EPP endpoints accessed by the proxy. Previously, the proxy relies on OAuth and its service account is not given admin role (in OAuth parlance), so we made them accessible by a public user, deferring authorization to the actions themselves. In practice, OAuth checks for allowlisted client IDs and only the proxy client ID was allowlisted, which effectively limited access to only the proxy anyway. 2. In AuthResult, expose the service account email if it is at APP level. RequestAuthenticator will print out the auth result and therefore log the email, making it easy to identify which account was used. This field is mutually exclusive to the user auth info field. As a result, the factory methods are refactored to explicitly create either APP or USER level auth result. 3. Completely re-wrote RequestAuthenticatorTest. Previously, the test mingled testing functionalities of the target class with testing how various authentication mechanisms work. Now they are cleanly decoupled, and each method in RequestAuthenticator is tested individually. 4. Removed nomulus-config-production-sample.yaml as it is vastly out of date. |
||
|---|---|---|
| .. | ||
| console-endpoints | ||
| operational-procedures | ||
| src | ||
| admin-tool.md | ||
| architecture.md | ||
| authentication-framework.md | ||
| build.gradle | ||
| buildscript-gradle.lockfile | ||
| code-structure.md | ||
| coding-faq.md | ||
| configuration.md | ||
| developing.md | ||
| first-steps-tutorial.md | ||
| flows.md | ||
| gradle.lockfile | ||
| gradle.md | ||
| install.md | ||
| operational-procedures.md | ||
| proxy-setup.md | ||
| rdap.md | ||
| registrar-faq.md | ||