zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-20 17:56:11 +02:00
Code Issues Projects Releases Packages Wiki Activity

Axe all Key data components except in model

Browse source
This commit is contained in:
Rachid Mrad 2023-10-17 17:17:02 -04:00
parent 5eb2591e2b
commit bbd3feaeec
No known key found for this signature in database
GPG key ID: EF38E4CEC4A8F3CF
14 changed files with 28 additions and 608 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/registrar/config/urls.py
View file

@ -100,11 +100,6 @@ urlpatterns = [
views.DomainDsDataView.as_view(), views.DomainDsDataView.as_view(),
name="domain-dns-dnssec-dsdata", name="domain-dns-dnssec-dsdata",
), ),
path(
"domain/<int:pk>/dns/dnssec/keydata",
views.DomainKeyDataView.as_view(),
name="domain-dns-dnssec-keydata",
),
path( path(
"domain/<int:pk>/your-contact-information", "domain/<int:pk>/your-contact-information",
views.DomainYourContactInformationView.as_view(), views.DomainYourContactInformationView.as_view(),

2
src/registrar/forms/__init__.py
View file

@ -8,6 +8,4 @@ from .domain import (
DomainDnssecForm, DomainDnssecForm,
DomainDsdataFormset, DomainDsdataFormset,
DomainDsdataForm, DomainDsdataForm,
DomainKeydataFormset,
DomainKeydataForm,
) )

15
src/registrar/forms/common.py
View file

@ -1,6 +1,6 @@
# common.py # common.py
# #
# ALGORITHM_CHOICES are options for alg attribute in DS Data and Key Data # ALGORITHM_CHOICES are options for alg attribute in DS Data
# reference: # reference:
# https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml # https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
ALGORITHM_CHOICES = [ ALGORITHM_CHOICES = [
@ -24,15 +24,4 @@ DIGEST_TYPE_CHOICES = [
(0, "(0) Reserved"), (0, "(0) Reserved"),
(1, "(1) SHA-256"), (1, "(1) SHA-256"),
] ]
# PROTOCOL_CHOICES are options for protocol attribute in Key Data
# reference: https://datatracker.ietf.org/doc/html/rfc4034#section-2.1.2
PROTOCOL_CHOICES = [
(3, "(3) DNSSEC"),
]
# FLAG_CHOICES are options for flags attribute in Key Data
# reference: https://datatracker.ietf.org/doc/html/rfc4034#section-2.1.1
FLAG_CHOICES = [
(0, "(0)"),
(256, "(256) ZSK"),
(257, "(257) KSK"),
]

43
src/registrar/forms/domain.py
View file

@ -10,8 +10,6 @@ from ..models import Contact, DomainInformation
from .common import ( from .common import (
ALGORITHM_CHOICES, ALGORITHM_CHOICES,
DIGEST_TYPE_CHOICES, DIGEST_TYPE_CHOICES,
FLAG_CHOICES,
PROTOCOL_CHOICES,
) )
@ -188,44 +186,3 @@ DomainDsdataFormset = formset_factory(
extra=0, extra=0,
can_delete=True, can_delete=True,
) )
class DomainKeydataForm(forms.Form):
"""Form for adding or editing DNSSEC Key Data to a domain."""
flag = forms.TypedChoiceField(
required=True,
label="Flag",
coerce=int,
choices=FLAG_CHOICES,
error_messages={"required": ("Flag is required.")},
)
protocol = forms.TypedChoiceField(
required=True,
label="Protocol",
coerce=int,
choices=PROTOCOL_CHOICES,
error_messages={"required": ("Protocol is required.")},
)
algorithm = forms.TypedChoiceField(
required=True,
label="Algorithm",
coerce=int,
choices=[(None, "--Select--")] + ALGORITHM_CHOICES, # type: ignore
error_messages={"required": ("Algorithm is required.")},
)
pub_key = forms.CharField(
required=True,
label="Pub key",
error_messages={"required": ("Pub key is required.")},
)
DomainKeydataFormset = formset_factory(
DomainKeydataForm,
extra=0,
can_delete=True,
)

9
src/registrar/models/domain.py
View file

@ -486,12 +486,11 @@ class Domain(TimeStampedModel, DomainHelper):
addExtension: dict addExtension: dict
remExtension: dict remExtension: dict
addExtension includes all dsData or keyData to be added addExtension includes all dsData to be added
remExtension includes all dsData or keyData to be removed remExtension includes all dsData to be removed
method operates on dsData OR keyData, never a mix of the two; method operates on dsData;
operates based on which is present in _dnssecdata; if dsData is not present, addExtension will be empty dict, and
if neither is present, addExtension will be empty dict, and
remExtension will be all existing dnssecdata to be deleted remExtension will be all existing dnssecdata to be deleted
""" """

28
src/registrar/templates/domain_dnssec.html
View file

@ -7,14 +7,14 @@
<h1>DNSSEC</h1> <h1>DNSSEC</h1>
<p>DNSSEC, or DNS Security Extensions, is additional security layer to protect your domain. Enabling DNSSEC ensures that when someone visits your domain, they can be certain that it's connecting to the correct server, preventing potential hijacking or tampering with your domain's records.</p> <p>DNSSEC, or DNS Security Extensions, is additional security layer to protect your website. Enabling DNSSEC ensures that when someone visits your domain, they can be certain that it's connecting to the correct server, preventing potential hijacking or tampering with your domain's records.</p>
<form class="usa-form usa-form--text-width" method="post"> <form class="usa-form usa-form--text-width" method="post">
{% csrf_token %} {% csrf_token %}
{% if has_dnssec_records %} {% if has_dnssec_records %}
<div class="usa-alert usa-alert--info usa-alert--slim"> <div class="usa-alert usa-alert--info usa-alert--slim">
<div class="usa-alert__body"> <div class="usa-alert__body">
In order to fully disable DNSSEC on your domain, you will need to work with your DNS provider to remove your DNSSEC-related records from your zone. In order to fully disable DNSSEC on your domain, you will need to work with your DNS provider to remove your DNSSEC-related records from your zone.
</div> </div>
</div> </div>
<a <a
@ -24,34 +24,14 @@
data-open-modal data-open-modal
>Disable DNSSEC</a >Disable DNSSEC</a
> >
{% elif dnssec_enabled %}
<div id="add-records">
<h2> Add DS Records </h2>
<p>In order to enable DNSSEC and add Delegation Signer (DS) records, you must first configure it with your DNS hosting service. Your configuration will determine whether you need to add DS Data or Key Data. Contact your DNS hosting provider if you are unsure which record type to add.</p>
<p>
<a href="{% url 'domain-dns-dnssec-dsdata' pk=domain.id %}" class="usa-button usa-button--outline">Add DS Data</a>
<a href="{% url 'domain-dns-dnssec-keydata' pk=domain.id %}" class="usa-button usa-button--outline">Add Key Data</a>
<button
type="submit"
class="usa-button usa-button--unstyled usa-button--cancel"
name="cancel_dnssec"
id="cancel_dnssec"
>Cancel</button>
</p>
</div>
{% else %} {% else %}
<div id="enable-dnssec"> <div id="enable-dnssec">
<div class="usa-alert usa-alert--info usa-alert--slim"> <div class="usa-alert usa-alert--info usa-alert--slim">
<div class="usa-alert__body"> <div class="usa-alert__body">
It is strongly recommended that you only enable DNSSEC if you know how to set it up properly at your hosting service. If you make a mistake, it could cause your domain name to stop working. It is strongly recommended that you only enable DNSSEC if you know how to set it up properly at your hosting service. If you make a mistake, it could cause your domain name to stop working.
</div> </div>
</div> </div>
<button <a href="{% url 'domain-dns-dnssec-dsdata' pk=domain.id %}" class="usa-button">Enable DNSSEC</a>
type="submit"
class="usa-button"
name="enable_dnssec"
id="enable_dnssec"
>Enable DNSSEC</button>
</div> </div>
{% endif %} {% endif %}
</form> </form>

32
src/registrar/templates/domain_dsdata.html
View file

@ -8,41 +8,17 @@
{% include "includes/form_errors.html" with form=form %} {% include "includes/form_errors.html" with form=form %}
{% endfor %} {% endfor %}
{% if domain.dnssecdata is None and not dnssec_ds_confirmed %} {% if domain.dnssecdata is None %}
<div class="usa-alert usa-alert--info usa-alert--slim margin-bottom-3"> <div class="usa-alert usa-alert--info usa-alert--slim margin-bottom-3">
<div class="usa-alert__body"> <div class="usa-alert__body">
You have no DS Data added. Enable DNSSEC by adding DS Data or return to the DNSSEC page and click 'enable.' You have no DS Data added. Enable DNSSEC by adding DS Data.
</div> </div>
</div> </div>
{% endif %} {% endif %}
<h1>DS Data</h1> <h1>DS Data</h1>
{% if domain.dnssecdata is not None and domain.dnssecdata.keyData is not None %} <p>In order to enable DNSSEC, you must first configure it with your DNS hosting service.</p>
<div class="usa-alert usa-alert--warning usa-alert--slim margin-bottom-3">
<div class="usa-alert__body">
<h4 class="usa-alert__heading">Warning, you cannot add DS Data</h4>
<p class="usa-alert__text">
You cannot add DS Data because you have already added Key Data. Delete your Key Data records in order to add DS Data.
</p>
</div>
</div>
{% elif not dnssec_ds_confirmed %}
<p>In order to enable DNSSEC, you must first configure it with your DNS hosting service.</p>
<p>Enter the values given by your DNS provider for DS Data.</p>
<p>Required fields are marked with an asterisk (<abbr
title="required"
class="usa-hint usa-hint--required"
>*</abbr>).</p>
<form class="usa-form usa-form--large" method="post" novalidate id="form-container">
{% csrf_token %}
<button type="submit" class="usa-button usa-button--unstyled display-block" name="confirm-ds">
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24" height="24">
<use xlink:href="{%static 'img/sprite.svg'%}#add_circle"></use>
</svg><span class="margin-left-05">Add new record</span>
</button>
</form>
{% else %}
<p>Enter the values given by your DNS provider for DS Data.</p> <p>Enter the values given by your DNS provider for DS Data.</p>
{% include "includes/required_fields.html" %} {% include "includes/required_fields.html" %}
@ -119,5 +95,5 @@
>Cancel >Cancel
</button> </button>
</form> </form>
{% endif %}
{% endblock %} {# domain_content #} {% endblock %} {# domain_content #}

110
src/registrar/templates/domain_keydata.html
View file

@ -1,110 +0,0 @@
{% extends "domain_base.html" %}
{% load static field_helpers url_helpers %}
{% block title %}Key Data | {{ domain.name }} | {% endblock %}
{% block domain_content %}
{% for form in formset %}
{% include "includes/form_errors.html" with form=form %}
{% endfor %}
<h1>Key Data</h1>
{% if domain.dnssecdata is not None and domain.dnssecdata.dsData is not None %}
<div class="usa-alert usa-alert--warning usa-alert--slim margin-bottom-3">
<div class="usa-alert__body">
<h4 class="usa-alert__heading">Warning, you cannot add Key Data</h4>
<p class="usa-alert__text">
You cannot add Key Data because you have already added DS Data. Delete your DS Data records in order to add Key Data.
</p>
</div>
</div>
{% elif not dnssec_key_confirmed %}
<p>In order to enable DNSSEC and add DS records, you must first configure it with your DNS hosting service. Your configuration will determine whether you need to add DS Data or Key Data. Contact your DNS hosting provider if you are unsure which record type to add.</p>
<form class="usa-form usa-form--large" method="post" novalidate id="form-container">
{% csrf_token %}
<button
type="submit"
class="usa-button"
name="confirm-key"
>Add DS Key record</button>
</form>
{% else %}
<p>Enter the values given by your DNS provider for DS Key Data.</p>
{% include "includes/required_fields.html" %}
<form class="usa-form usa-form--extra-large" method="post" novalidate id="form-container">
{% csrf_token %}
{{ formset.management_form }}
{% for form in formset %}
<fieldset class="ds-record">
<legend class="sr-only">DS Data record {{forloop.counter}}</legend>
<h2 class="margin-top-0">DS Data record {{forloop.counter}}</h2>
<div class="grid-row grid-gap-2 flex-end">
<div class="tablet:grid-col-4">
{% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.flag %}
{% endwith %}
</div>
<div class="tablet:grid-col-4">
{% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.protocol %}
{% endwith %}
</div>
<div class="tablet:grid-col-4">
{% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.algorithm %}
{% endwith %}
</div>
</div>
<div class="grid-row">
<div class="grid-col">
{% with attr_required=True add_group_class="usa-form-group--unstyled-error" %}
{% input_with_errors form.pub_key %}
{% endwith %}
</div>
</div>
<div class="grid-row margin-top-2">
<div class="grid-col">
<button type="button" class="usa-button usa-button--unstyled display-block float-right-tablet delete-record">
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24" height="24">
<use xlink:href="{%static 'img/sprite.svg'%}#delete"></use>
</svg><span class="margin-left-05">Delete</span>
</button>
</div>
</div>
</fieldset>
{% endfor %}
<button type="button" class="usa-button usa-button--unstyled display-block margin-bottom-2" id="add-ds-form">
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img" width="24" height="24">
<use xlink:href="{%static 'img/sprite.svg'%}#add_circle"></use>
</svg><span class="margin-left-05">Add new record</span>
</button>
<button
type="submit"
class="usa-button"
>Save
</button>
</form>
<form aria-label="form to undo changes to the DS records">
<button
type="submit"
class="usa-button usa-button--outline btn-cancel"
name="btn-cancel-click"
aria-label="Reset the data in the DS records to the registry state (undo changes)"
>Cancel
</button>
</form>
{% endif %}
{% endblock %} {# domain_content #}

11
src/registrar/templates/domain_sidebar.html
View file

@ -34,7 +34,7 @@
> >
DNSSEC DNSSEC
</a> </a>
{% if domain.dnssecdata is not None or request.path|startswith:url and request.path|endswith:'data' %} {% if domain.dnssecdata is not None or request.path|startswith:url and request.path|endswith:'dsdata' %}
<ul class="usa-sidenav__sublist"> <ul class="usa-sidenav__sublist">
<li class="usa-sidenav__item"> <li class="usa-sidenav__item">
{% url 'domain-dns-dnssec-dsdata' pk=domain.id as url %} {% url 'domain-dns-dnssec-dsdata' pk=domain.id as url %}
@ -44,15 +44,6 @@
DS Data DS Data
</a> </a>
</li> </li>
<li class="usa-sidenav__item">
{% url 'domain-dns-dnssec-keydata' pk=domain.id as url %}
<a href="{{ url }}"
{% if request.path == url %}class="usa-current"{% endif %}
>
DS Key Data
</a>
</li>
</ul> </ul>
{% endif %} {% endif %}
</li> </li>

15
src/registrar/tests/common.py
View file

@ -732,12 +732,6 @@ class MockEppLib(TestCase):
"digestType": 1, "digestType": 1,
"digest": "ec0bdd990b39feead889f0ba613db4adecb4adec", "digest": "ec0bdd990b39feead889f0ba613db4adecb4adec",
} }
keyDataDict = {
"flags": 257,
"protocol": 3,
"alg": 1,
"pubKey": "AQPJ////4Q==",
}
dnssecExtensionWithDsData = extensions.DNSSECExtension( dnssecExtensionWithDsData = extensions.DNSSECExtension(
**{ **{
"dsData": [ "dsData": [
@ -753,11 +747,6 @@ class MockEppLib(TestCase):
], # type: ignore ], # type: ignore
} }
) )
dnssecExtensionWithKeyData = extensions.DNSSECExtension(
**{
"keyData": [common.DNSSECKeyData(**keyDataDict)], # type: ignore
}
)
dnssecExtensionRemovingDsData = extensions.DNSSECExtension() dnssecExtensionRemovingDsData = extensions.DNSSECExtension()
infoDomainHasIP = fakedEppObject( infoDomainHasIP = fakedEppObject(
@ -851,10 +840,6 @@ class MockEppLib(TestCase):
self.mockDataInfoDomain, self.mockDataInfoDomain,
self.dnssecExtensionWithMultDsData, self.dnssecExtensionWithMultDsData,
), ),
"dnssec-keydata.gov": (
self.mockDataInfoDomain,
self.dnssecExtensionWithKeyData,
),
"dnssec-none.gov": (self.mockDataInfoDomain, None), "dnssec-none.gov": (self.mockDataInfoDomain, None),
"my-nameserver.gov": ( "my-nameserver.gov": (
self.infoDomainTwoHosts self.infoDomainTwoHosts

73
src/registrar/tests/test_models_domain.py
View file

@ -1798,79 +1798,6 @@ class TestRegistrantDNSSEC(MockEppLib):
patcher.stop() patcher.stop()
def test_user_adds_dnssec_keydata(self):
"""
Scenario: Registrant adds DNSSEC key data.
Verify that both the setter and getter are functioning properly
This test verifies:
1 - setter calls UpdateDomain command
2 - setter adds the UpdateDNSSECExtension extension to the command
3 - setter causes the getter to call info domain on next get from cache
4 - getter properly parses dnssecdata from InfoDomain response and sets to cache
"""
# need to use a separate patcher and side_effect for this test, as
# response from InfoDomain must be different for different iterations
# of the same command
def side_effect(_request, cleaned):
if isinstance(_request, commands.InfoDomain):
if mocked_send.call_count == 1:
return MagicMock(res_data=[self.mockDataInfoDomain])
else:
return MagicMock(
res_data=[self.mockDataInfoDomain],
extensions=[self.dnssecExtensionWithKeyData],
)
else:
return MagicMock(res_data=[self.mockDataInfoHosts])
patcher = patch("registrar.models.domain.registry.send")
mocked_send = patcher.start()
mocked_send.side_effect = side_effect
domain, _ = Domain.objects.get_or_create(name="dnssec-keydata.gov")
domain.dnssecdata = self.dnssecExtensionWithKeyData
# get the DNS SEC extension added to the UpdateDomain command
# and verify that it is properly sent
# args[0] is the _request sent to registry
args, _ = mocked_send.call_args
# assert that the extension matches
self.assertEquals(
args[0].extensions[0],
self.createUpdateExtension(self.dnssecExtensionWithKeyData),
)
# test that the dnssecdata getter is functioning properly
dnssecdata_get = domain.dnssecdata
mocked_send.assert_has_calls(
[
call(
commands.UpdateDomain(
name="dnssec-keydata.gov",
nsset=None,
keyset=None,
registrant=None,
auth_info=None,
),
cleaned=True,
),
call(
commands.InfoDomain(
name="dnssec-keydata.gov",
),
cleaned=True,
),
]
)
self.assertEquals(
dnssecdata_get.keyData, self.dnssecExtensionWithKeyData.keyData
)
patcher.stop()
def test_update_is_unsuccessful(self): def test_update_is_unsuccessful(self):
""" """
Scenario: An update to the dns data is unsuccessful Scenario: An update to the dns data is unsuccessful

118
src/registrar/tests/test_views.py
View file

@ -1075,7 +1075,6 @@ class TestWithDomainPermissions(TestWithUser):
self.domain_multdsdata, _ = Domain.objects.get_or_create( self.domain_multdsdata, _ = Domain.objects.get_or_create(
name="dnssec-multdsdata.gov" name="dnssec-multdsdata.gov"
) )
self.domain_keydata, _ = Domain.objects.get_or_create(name="dnssec-keydata.gov")
# We could simply use domain (igorville) but this will be more readable in tests # We could simply use domain (igorville) but this will be more readable in tests
# that inherit this setUp # that inherit this setUp
self.domain_dnssec_none, _ = Domain.objects.get_or_create( self.domain_dnssec_none, _ = Domain.objects.get_or_create(
@ -1090,9 +1089,6 @@ class TestWithDomainPermissions(TestWithUser):
DomainInformation.objects.get_or_create( DomainInformation.objects.get_or_create(
creator=self.user, domain=self.domain_multdsdata creator=self.user, domain=self.domain_multdsdata
) )
DomainInformation.objects.get_or_create(
creator=self.user, domain=self.domain_keydata
)
DomainInformation.objects.get_or_create( DomainInformation.objects.get_or_create(
creator=self.user, domain=self.domain_dnssec_none creator=self.user, domain=self.domain_dnssec_none
) )
@ -1107,9 +1103,6 @@ class TestWithDomainPermissions(TestWithUser):
domain=self.domain_multdsdata, domain=self.domain_multdsdata,
role=UserDomainRole.Roles.ADMIN, role=UserDomainRole.Roles.ADMIN,
) )
UserDomainRole.objects.get_or_create(
user=self.user, domain=self.domain_keydata, role=UserDomainRole.Roles.ADMIN
)
UserDomainRole.objects.get_or_create( UserDomainRole.objects.get_or_create(
user=self.user, user=self.user,
domain=self.domain_dnssec_none, domain=self.domain_dnssec_none,
@ -1561,38 +1554,13 @@ class TestDomainDNSSEC(TestDomainOverview):
def test_dnssec_page_refreshes_enable_button(self): def test_dnssec_page_refreshes_enable_button(self):
"""DNSSEC overview page loads when domain has no DNSSEC data """DNSSEC overview page loads when domain has no DNSSEC data
and shows a 'Enable DNSSEC' button. When button is clicked the template and shows a 'Enable DNSSEC' button."""
updates. When user navigates away then comes back to the page, the
'Enable DNSSEC' button is shown again."""
# home_page = self.app.get("/")
page = self.client.get( page = self.client.get(
reverse("domain-dns-dnssec", kwargs={"pk": self.domain.id}) reverse("domain-dns-dnssec", kwargs={"pk": self.domain.id})
) )
self.assertContains(page, "Enable DNSSEC") self.assertContains(page, "Enable DNSSEC")
# Prepare the data for the POST request
post_data = {
"enable_dnssec": "Enable DNSSEC",
}
updated_page = self.client.post(
reverse("domain-dns-dnssec", kwargs={"pk": self.domain.id}),
post_data,
follow=True,
)
self.assertEqual(updated_page.status_code, 200)
self.assertContains(updated_page, "Add DS Data")
self.assertContains(updated_page, "Add Key Data")
self.app.get("/")
back_to_page = self.client.get(
reverse("domain-dns-dnssec", kwargs={"pk": self.domain.id})
)
self.assertContains(back_to_page, "Enable DNSSEC")
def test_dnssec_page_loads_with_data_in_domain(self): def test_dnssec_page_loads_with_data_in_domain(self):
"""DNSSEC overview page loads when domain has DNSSEC data """DNSSEC overview page loads when domain has DNSSEC data
and the template contains a button to disable DNSSEC.""" and the template contains a button to disable DNSSEC."""
@ -1637,44 +1605,6 @@ class TestDomainDNSSEC(TestDomainOverview):
) )
self.assertContains(page, "DS Data record 1") self.assertContains(page, "DS Data record 1")
def test_ds_form_loads_with_key_data(self):
"""DNSSEC Add DS Data page loads when there is
domain DNSSEC KEY data and shows an alert"""
page = self.client.get(
reverse("domain-dns-dnssec-dsdata", kwargs={"pk": self.domain_keydata.id})
)
self.assertContains(page, "Warning, you cannot add DS Data")
def test_key_form_loads_with_no_domain_data(self):
"""DNSSEC Add Key Data page loads when there is no
domain DNSSEC data and shows a button to Add DS Key record"""
page = self.client.get(
reverse(
"domain-dns-dnssec-keydata", kwargs={"pk": self.domain_dnssec_none.id}
)
)
self.assertContains(page, "Add DS Key record")
def test_key_form_loads_with_key_data(self):
"""DNSSEC Add Key Data page loads when there is
domain DNSSEC Key data and shows the data"""
page = self.client.get(
reverse("domain-dns-dnssec-keydata", kwargs={"pk": self.domain_keydata.id})
)
self.assertContains(page, "DS Data record 1")
def test_key_form_loads_with_ds_data(self):
"""DNSSEC Add Key Data page loads when there is
domain DNSSEC DS data and shows an alert"""
page = self.client.get(
reverse("domain-dns-dnssec-keydata", kwargs={"pk": self.domain_dsdata.id})
)
self.assertContains(page, "Warning, you cannot add Key Data")
def test_ds_data_form_submits(self): def test_ds_data_form_submits(self):
"""DS Data form submits successfully """DS Data form submits successfully
@ -1719,50 +1649,6 @@ class TestDomainDNSSEC(TestDomainOverview):
# the field. # the field.
self.assertContains(result, "Key tag is required", count=2, status_code=200) self.assertContains(result, "Key tag is required", count=2, status_code=200)
def test_key_data_form_submits(self):
"""Key Data form submits successfully
Uses self.app WebTest because we need to interact with forms.
"""
add_data_page = self.app.get(
reverse("domain-dns-dnssec-keydata", kwargs={"pk": self.domain_keydata.id})
)
session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
with less_console_noise(): # swallow log warning message
result = add_data_page.forms[0].submit()
# form submission was a post, response should be a redirect
self.assertEqual(result.status_code, 302)
self.assertEqual(
result["Location"],
reverse("domain-dns-dnssec-keydata", kwargs={"pk": self.domain_keydata.id}),
)
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
page = result.follow()
self.assertContains(
page, "The Key Data records for this domain have been updated."
)
def test_key_data_form_invalid(self):
"""Key Data form errors with invalid data
Uses self.app WebTest because we need to interact with forms.
"""
add_data_page = self.app.get(
reverse("domain-dns-dnssec-keydata", kwargs={"pk": self.domain_keydata.id})
)
session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
# first two nameservers are required, so if we empty one out we should
# get a form error
add_data_page.forms[0]["form-0-pub_key"] = ""
with less_console_noise(): # swallow logged warning message
result = add_data_page.forms[0].submit()
# form submission was a post with an error, response should be a 200
# error text appears twice, once at the top of the page, once around
# the field.
self.assertContains(result, "Pub key is required", count=2, status_code=200)
class TestApplicationStatus(TestWithUser, WebTest): class TestApplicationStatus(TestWithUser, WebTest):
def setUp(self): def setUp(self):

1
src/registrar/views/__init__.py
View file

@ -7,7 +7,6 @@ from .domain import (
DomainNameserversView, DomainNameserversView,
DomainDNSSECView, DomainDNSSECView,
DomainDsDataView, DomainDsDataView,
DomainKeyDataView,
DomainYourContactInformationView, DomainYourContactInformationView,
DomainSecurityEmailView, DomainSecurityEmailView,
DomainUsersView, DomainUsersView,

174
src/registrar/views/domain.py
View file

@ -33,8 +33,6 @@ from ..forms import (
DomainDnssecForm, DomainDnssecForm,
DomainDsdataFormset, DomainDsdataFormset,
DomainDsdataForm, DomainDsdataForm,
DomainKeydataFormset,
DomainKeydataForm,
) )
from epplibwrapper import ( from epplibwrapper import (
@ -280,12 +278,6 @@ class DomainDNSSECView(DomainPermissionView, FormMixin):
errmsg = "Error removing existing DNSSEC record(s)." errmsg = "Error removing existing DNSSEC record(s)."
logger.error(errmsg + ": " + err) logger.error(errmsg + ": " + err)
messages.error(self.request, errmsg) messages.error(self.request, errmsg)
request.session["dnssec_ds_confirmed"] = False
request.session["dnssec_key_confirmed"] = False
elif "enable_dnssec" in request.POST:
request.session["dnssec_enabled"] = True
request.session["dnssec_ds_confirmed"] = False
request.session["dnssec_key_confirmed"] = False
return self.form_valid(form) return self.form_valid(form)
@ -303,24 +295,17 @@ class DomainDsDataView(DomainPermissionView, FormMixin):
dnssecdata: extensions.DNSSECExtension = domain.dnssecdata dnssecdata: extensions.DNSSECExtension = domain.dnssecdata
initial_data = [] initial_data = []
if dnssecdata is not None: if dnssecdata is not None and dnssecdata.dsData is not None:
if dnssecdata.keyData is not None: # Add existing nameservers as initial data
# TODO: Throw an error initial_data.extend(
# Note: This is moot if we're {
# removing key data "key_tag": record.keyTag,
pass "algorithm": record.alg,
"digest_type": record.digestType,
if dnssecdata.dsData is not None: "digest": record.digest,
# Add existing nameservers as initial data }
initial_data.extend( for record in dnssecdata.dsData
{ )
"key_tag": record.keyTag,
"algorithm": record.alg,
"digest_type": record.digestType,
"digest": record.digest,
}
for record in dnssecdata.dsData
)
# Ensure at least 1 record, filled or empty # Ensure at least 1 record, filled or empty
while len(initial_data) == 0: while len(initial_data) == 0:
@ -338,18 +323,6 @@ class DomainDsDataView(DomainPermissionView, FormMixin):
# use "formset" instead of "form" for the key # use "formset" instead of "form" for the key
context["formset"] = context.pop("form") context["formset"] = context.pop("form")
# set the dnssec_ds_confirmed flag in the context for this view
# based either on the existence of DS Data in the domain,
# or on the flag stored in the session
domain = self.get_object()
dnssecdata: extensions.DNSSECExtension = domain.dnssecdata
if dnssecdata is not None and dnssecdata.dsData is not None:
self.request.session["dnssec_ds_confirmed"] = True
context["dnssec_ds_confirmed"] = self.request.session.get(
"dnssec_ds_confirmed", False
)
return context return context
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
@ -357,11 +330,6 @@ class DomainDsDataView(DomainPermissionView, FormMixin):
self.object = self.get_object() self.object = self.get_object()
formset = self.get_form() formset = self.get_form()
if "confirm-ds" in request.POST:
request.session["dnssec_ds_confirmed"] = True
request.session["dnssec_key_confirmed"] = False
return super().form_valid(formset)
if "btn-cancel-click" in request.POST: if "btn-cancel-click" in request.POST:
return redirect("/", {"formset": formset}, RequestContext(request)) return redirect("/", {"formset": formset}, RequestContext(request))
@ -411,126 +379,6 @@ class DomainDsDataView(DomainPermissionView, FormMixin):
return super().form_valid(formset) return super().form_valid(formset)
class DomainKeyDataView(DomainPermissionView, FormMixin):
"""Domain DNSSEC key data editing view."""
template_name = "domain_keydata.html"
form_class = DomainKeydataFormset
form = DomainKeydataForm
def get_initial(self):
"""The initial value for the form (which is a formset here)."""
domain = self.get_object()
dnssecdata: extensions.DNSSECExtension = domain.dnssecdata
initial_data = []
if dnssecdata is not None:
if dnssecdata.dsData is not None:
# TODO: Throw an error?
# Note: this is moot if we're
# removing Key data
pass
if dnssecdata.keyData is not None:
# Add existing keydata as initial data
initial_data.extend(
{
"flag": record.flags,
"protocol": record.protocol,
"algorithm": record.alg,
"pub_key": record.pubKey,
}
for record in dnssecdata.keyData
)
# Ensure at least 1 record, filled or empty
while len(initial_data) == 0:
initial_data.append({})
return initial_data
def get_success_url(self):
"""Redirect to the Key Data page for the domain."""
return reverse("domain-dns-dnssec-keydata", kwargs={"pk": self.object.pk})
def get_context_data(self, **kwargs):
"""Adjust context from FormMixin for formsets."""
context = super().get_context_data(**kwargs)
# use "formset" instead of "form" for the key
context["formset"] = context.pop("form")
# set the dnssec_key_confirmed flag in the context for this view
# based either on the existence of Key Data in the domain,
# or on the flag stored in the session
domain = self.get_object()
dnssecdata: extensions.DNSSECExtension = domain.dnssecdata
if dnssecdata is not None and dnssecdata.keyData is not None:
self.request.session["dnssec_key_confirmed"] = True
context["dnssec_key_confirmed"] = self.request.session.get(
"dnssec_key_confirmed", False
)
return context
def post(self, request, *args, **kwargs):
"""Formset submission posts to this view."""
self.object = self.get_object()
formset = self.get_form()
if "confirm-key" in request.POST:
request.session["dnssec_key_confirmed"] = True
request.session["dnssec_ds_confirmed"] = False
self.object.save()
return super().form_valid(formset)
if "btn-cancel-click" in request.POST:
return redirect("/", {"formset": formset}, RequestContext(request))
if formset.is_valid():
return self.form_valid(formset)
else:
return self.form_invalid(formset)
def form_valid(self, formset):
"""The formset is valid, perform something with it."""
# Set the nameservers from the formset
dnssecdata = extensions.DNSSECExtension()
for form in formset:
try:
# if 'delete' not in form.cleaned_data
# or form.cleaned_data['delete'] == False:
keyrecord = {
"flags": int(form.cleaned_data["flag"]),
"protocol": int(form.cleaned_data["protocol"]),
"alg": int(form.cleaned_data["algorithm"]),
"pubKey": form.cleaned_data["pub_key"],
}
if dnssecdata.keyData is None:
dnssecdata.keyData = []
dnssecdata.keyData.append(common.DNSSECKeyData(**keyrecord))
except KeyError:
# no server information in this field, skip it
pass
domain = self.get_object()
try:
domain.dnssecdata = dnssecdata
except RegistryError as err:
errmsg = "Error updating DNSSEC data in the registry."
logger.error(errmsg)
logger.error(err)
messages.error(self.request, errmsg)
return self.form_invalid(formset)
else:
messages.success(
self.request, "The Key Data records for this domain have been updated."
)
# superclass has the redirect
return super().form_valid(formset)
class DomainYourContactInformationView(DomainPermissionView, FormMixin): class DomainYourContactInformationView(DomainPermissionView, FormMixin):
"""Domain your contact information editing view.""" """Domain your contact information editing view."""