zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-08-15 22:14:12 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/java/google/registry/ui/server/registrar/SessionUtils.java
mcilwain d536cef20f Make Registrar load methods return Optionals instead of Nullables 
This makes the code more understandable from callsites, and also forces
users of this function to deal with the situation where the registrar
with a given client ID might not be present (it was previously silently
NPEing from some of the callsites).

This also adds a test helper method loadRegistrar(clientId) that retains
the old functionality for terseness in tests. It also fixes some instances
of using the load method with the wrong cachedness -- some uses in high-
traffic situations (WHOIS) that should have caching, but also low-traffic
reporting that don't benefit from caching so might as well always be
current.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=162990468
2017-08-01 16:58:59 -04:00

163 lines
6.5 KiB
Java
Raw Blame History

// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.ui.server.registrar;
import static com.google.common.base.Preconditions.checkState;
import static com.google.common.base.Verify.verify;
import static google.registry.model.ofy.ObjectifyService.ofy;
import static google.registry.util.PreconditionsUtils.checkArgumentPresent;
import com.google.appengine.api.users.User;
import com.google.common.base.Optional;
import com.google.common.base.Predicate;
import com.google.common.collect.FluentIterable;
import com.googlecode.objectify.Key;
import google.registry.model.registrar.Registrar;
import google.registry.model.registrar.RegistrarContact;
import google.registry.request.HttpException.ForbiddenException;
import google.registry.request.auth.AuthResult;
import google.registry.util.FormattingLogger;
import javax.annotation.CheckReturnValue;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.Immutable;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/** HTTP session management helper class. */
@Immutable
public class SessionUtils {
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
public static final String CLIENT_ID_ATTRIBUTE = "clientId";
@Inject public SessionUtils() {}
/**
* Checks that the authentication result indicates a user that has access to the registrar
* console, then gets the associated registrar.
*
* <p>Throws a {@link ForbiddenException} if the user is not logged in, or not authorized to use
* the registrar console.
*/
@CheckReturnValue
Registrar getRegistrarForAuthResult(HttpServletRequest request, AuthResult authResult) {
if (!authResult.userAuthInfo().isPresent()) {
throw new ForbiddenException("Not logged in");
}
if (!checkRegistrarConsoleLogin(request, authResult.userAuthInfo().get().user())) {
throw new ForbiddenException("Not authorized to access Registrar Console");
}
String clientId = getRegistrarClientId(request);
return checkArgumentPresent(
Registrar.loadByClientIdCached(clientId), "Registrar %s not found", clientId);
}
/**
* Checks that the specified user has access to the Registrar Console.
*
* <p>This routine will first check the HTTP session (creating one if it doesn't exist) for the
* {@code clientId} attribute:
*
* <ul>
* <li>If it does not exist, then we will attempt to guess the {@link Registrar} with which the
* user is associated. The {@code clientId} of the first matching {@code Registrar} will then
* be stored to the HTTP session.
* <li>If it does exist, then we'll fetch the Registrar from Datastore to make sure access
* wasn't revoked.
* </ul>
*
* <p><b>Note:</b> You must ensure the user has logged in before calling this method.
*
* @return {@code false} if user does not have access, in which case the caller should write an
* error response and abort the request.
*/
@CheckReturnValue
public boolean checkRegistrarConsoleLogin(HttpServletRequest req, User user) {
checkState(user != null, "No logged in user found");
HttpSession session = req.getSession();
String clientId = (String) session.getAttribute(CLIENT_ID_ATTRIBUTE);
if (clientId == null) {
Optional<Registrar> registrar = guessRegistrar(user.getUserId());
if (!registrar.isPresent()) {
logger.infofmt("User not associated with any Registrar: %s (%s)",
user.getUserId(), user.getEmail());
return false;
}
verify(hasAccessToRegistrar(registrar.get(), user.getUserId()));
session.setAttribute(CLIENT_ID_ATTRIBUTE, registrar.get().getClientId());
} else {
if (!hasAccessToRegistrar(clientId, user.getUserId())) {
logger.infofmt("Registrar Console access revoked: %s for %s (%s)",
clientId, user.getEmail(), user.getUserId());
session.invalidate();
return false;
}
}
return true;
}
/**
* Returns {@link Registrar} clientId associated with HTTP session.
*
* @throws IllegalStateException if you forgot to call {@link #checkRegistrarConsoleLogin}.
*/
@CheckReturnValue
public String getRegistrarClientId(HttpServletRequest req) {
String clientId = (String) req.getSession().getAttribute(CLIENT_ID_ATTRIBUTE);
checkState(clientId != null, "You forgot to call checkRegistrarConsoleLogin()");
return clientId;
}
/** Returns first {@link Registrar} that {@code gaeUserId} is authorized to administer. */
private static Optional<Registrar> guessRegistrar(String gaeUserId) {
RegistrarContact contact = ofy().load()
.type(RegistrarContact.class)
.filter("gaeUserId", gaeUserId)
.first().now();
if (contact == null) {
return Optional.absent();
}
String registrarClientId = contact.getParent().getName();
Optional<Registrar> result = Registrar.loadByClientIdCached(registrarClientId);
if (!result.isPresent()) {
logger.severefmt(
"A contact record exists for non-existent registrar: %s.", Key.create(contact));
}
return result;
}
/** @see #hasAccessToRegistrar(Registrar, String) */
private static boolean hasAccessToRegistrar(String clientId, final String gaeUserId) {
Optional<Registrar> registrar = Registrar.loadByClientIdCached(clientId);
if (!registrar.isPresent()) {
logger.warningfmt("Registrar '%s' disappeared from Datastore!", clientId);
return false;
}
return hasAccessToRegistrar(registrar.get(), gaeUserId);
}
/** Returns {@code true} if {@code gaeUserId} is listed in contacts. */
private static boolean hasAccessToRegistrar(Registrar registrar, final String gaeUserId) {
return FluentIterable
.from(registrar.getContacts())
.anyMatch(new Predicate<RegistrarContact>() {
@Override
public boolean apply(@Nonnull RegistrarContact contact) {
return gaeUserId.equals(contact.getGaeUserId());
}});
}
}
Reference in a new issue View git blame Copy permalink