zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-04-30 12:07:51 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/java/google/registry/flows/EppConsoleServlet.java
Michael Muller c458c05801 Rename Java packages to use the .google TLD 
The dark lord Gosling designed the Java package naming system so that
ownership flows from the DNS system. Since we own the domain name
registry.google, it seems only appropriate that we should use
google.registry as our package name.
2016-05-13 20:04:42 -04:00

120 lines
4 KiB
Java
Raw Blame History

// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.flows;
import static com.google.appengine.api.users.UserServiceFactory.getUserService;
import static com.google.common.base.Strings.nullToEmpty;
import static google.registry.flows.EppServletUtils.handleEppCommandAndWriteResponse;
import static java.lang.System.identityHashCode;
import com.google.appengine.api.users.User;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.io.ByteStreams;
import google.registry.flows.EppException.AuthenticationErrorException;
import google.registry.model.registrar.Registrar;
import google.registry.model.registrar.RegistrarContact;
import google.registry.security.XsrfProtectedServlet;
import org.joda.time.Duration;
import java.io.IOException;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/** The {@link EppConsoleServlet} runs EPP from the console. It requires GAE user authentication. */
public class EppConsoleServlet extends XsrfProtectedServlet {
/**
* Credentials provided by the GAE User service.
*
* @see com.google.appengine.api.users.UserService
*/
public static final class GaeUserCredentials implements TransportCredentials {
/** User is not logged in as a GAE user. */
public static class UserNotLoggedInException extends AuthenticationErrorException {
public UserNotLoggedInException() {
super("User is not logged in");
}
}
/** GAE user id is not allowed to login as requested registrar. */
public static class BadGaeUserIdException extends AuthenticationErrorException {
public BadGaeUserIdException(User user) {
super(
"User id is not allowed to login as requested registrar: "
+ (nullToEmpty(user.getEmail())));
}
}
final User gaeUser;
@VisibleForTesting
public GaeUserCredentials(@Nullable User gaeUser) {
this.gaeUser = gaeUser;
}
@Override
public boolean performsLoginCheck() {
return true;
}
@Override
public void validate(Registrar r) throws AuthenticationErrorException {
if (gaeUser == null) {
throw new UserNotLoggedInException();
}
// Allow admins to act as any registrar.
if (getUserService().isUserAdmin()) {
return;
}
// Check Registrar's contacts to see if any are associated with this gaeUserId.
final String gaeUserId = gaeUser.getUserId();
for (RegistrarContact rc : r.getContacts()) {
if (gaeUserId.equals(rc.getGaeUserId())) {
return;
}
}
throw new BadGaeUserIdException(gaeUser);
}
@Override
public String toString() {
return String.format("GaeUserCredentials@%s{gaeUser: %s}", identityHashCode(this), gaeUser);
}
}
/** Used by related UI servlets to generate matching XSRF tokens. */
public static final String XSRF_SCOPE = "console";
/** How long generated XSRF tokens for this scope remain valid. */
public static final Duration XSRF_LIFETIME = Duration.standardDays(1);
public EppConsoleServlet() {
super(XSRF_SCOPE, false);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse rsp) throws IOException {
handleEppCommandAndWriteResponse(
ByteStreams.toByteArray(req.getInputStream()),
rsp,
new HttpSessionMetadata(
new GaeUserCredentials(getUserService().getCurrentUser()), req.getSession(true)));
}
}
Reference in a new issue View git blame Copy permalink