mirror of
https://github.com/google/nomulus
synced 2026-07-19 14:32:44 +00:00
Enable password reset for registrars (#2971)
This commit is contained in:
@@ -21,7 +21,6 @@
|
||||
[formGroup]="passwordUpdateForm"
|
||||
(submitResults)="save($event)"
|
||||
/>
|
||||
@if(userDataService.userData()?.isAdmin) {
|
||||
<div class="settings-security__reset-password-field">
|
||||
<h2>Need to reset your EPP password?</h2>
|
||||
<button
|
||||
@@ -33,5 +32,4 @@
|
||||
Reset EPP password via email
|
||||
</button>
|
||||
</div>
|
||||
}
|
||||
</div>
|
||||
|
||||
@@ -29,10 +29,9 @@ export const DISABLED_ELEMENTS_PER_ROLE = {
|
||||
RESTRICTED_ELEMENTS.REGISTRAR_ELEMENT,
|
||||
RESTRICTED_ELEMENTS.OTE,
|
||||
RESTRICTED_ELEMENTS.SUSPEND,
|
||||
RESTRICTED_ELEMENTS.ACTIVITY_PER_USER,
|
||||
],
|
||||
SUPPORT_LEAD: [],
|
||||
SUPPORT_AGENT: [RESTRICTED_ELEMENTS.ACTIVITY_PER_USER],
|
||||
SUPPORT_AGENT: [],
|
||||
};
|
||||
|
||||
@Directive({
|
||||
|
||||
@@ -46,7 +46,6 @@
|
||||
Save
|
||||
</button>
|
||||
</form>
|
||||
@if(userDataService.userData()?.isAdmin) {
|
||||
<button
|
||||
mat-flat-button
|
||||
color="primary"
|
||||
@@ -55,5 +54,4 @@
|
||||
>
|
||||
Reset registry lock password
|
||||
</button>
|
||||
}
|
||||
</div>
|
||||
|
||||
@@ -61,10 +61,6 @@ public class PasswordResetRequestAction extends ConsoleApiAction {
|
||||
|
||||
@Override
|
||||
protected void postHandler(User user) {
|
||||
// Temporary flag when testing email sending etc
|
||||
if (!user.getUserRoles().isAdmin()) {
|
||||
setFailedResponse("", HttpServletResponse.SC_FORBIDDEN);
|
||||
}
|
||||
tm().transact(() -> performRequest(user));
|
||||
consoleApiParams.response().setStatus(HttpServletResponse.SC_OK);
|
||||
}
|
||||
|
||||
+16
-10
@@ -23,6 +23,7 @@ import static google.registry.ui.server.console.PasswordResetRequestAction.check
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import google.registry.model.console.ConsolePermission;
|
||||
import google.registry.model.console.ConsoleUpdateHistory;
|
||||
import google.registry.model.console.PasswordResetRequest;
|
||||
import google.registry.model.console.User;
|
||||
import google.registry.model.registrar.Registrar;
|
||||
@@ -59,11 +60,6 @@ public class PasswordResetVerifyAction extends ConsoleApiAction {
|
||||
|
||||
@Override
|
||||
protected void getHandler(User user) {
|
||||
// Temporary flag when testing email sending etc
|
||||
if (!user.getUserRoles().isAdmin()) {
|
||||
setFailedResponse("", HttpServletResponse.SC_FORBIDDEN);
|
||||
return;
|
||||
}
|
||||
PasswordResetRequest request = tm().transact(() -> loadAndValidateResetRequest(user));
|
||||
ImmutableMap<String, ?> result =
|
||||
ImmutableMap.of("type", request.getType(), "registrarId", request.getRegistrarId());
|
||||
@@ -73,11 +69,6 @@ public class PasswordResetVerifyAction extends ConsoleApiAction {
|
||||
|
||||
@Override
|
||||
protected void postHandler(User user) {
|
||||
// Temporary flag when testing email sending etc
|
||||
if (!user.getUserRoles().isAdmin()) {
|
||||
setFailedResponse("", HttpServletResponse.SC_FORBIDDEN);
|
||||
return;
|
||||
}
|
||||
checkArgument(!Strings.isNullOrEmpty(newPassword.orElse(null)), "Password must be provided");
|
||||
tm().transact(
|
||||
() -> {
|
||||
@@ -87,6 +78,16 @@ public class PasswordResetVerifyAction extends ConsoleApiAction {
|
||||
case REGISTRY_LOCK -> handleRegistryLockPasswordReset(request);
|
||||
}
|
||||
tm().put(request.asBuilder().setFulfillmentTime(tm().getTransactionTime()).build());
|
||||
|
||||
finishAndPersistConsoleUpdateHistory(
|
||||
new ConsoleUpdateHistory.Builder()
|
||||
.setType(ConsoleUpdateHistory.Type.EPP_PASSWORD_UPDATE)
|
||||
.setDescription(
|
||||
String.format(
|
||||
"%s%s%s",
|
||||
request.getRegistrarId(),
|
||||
ConsoleUpdateHistory.DESCRIPTION_SEPARATOR,
|
||||
"Password reset fulfilled via verification code")));
|
||||
});
|
||||
consoleApiParams.response().setStatus(HttpServletResponse.SC_OK);
|
||||
}
|
||||
@@ -110,6 +111,11 @@ public class PasswordResetVerifyAction extends ConsoleApiAction {
|
||||
PasswordResetRequest request =
|
||||
tm().loadByKeyIfPresent(VKey.create(PasswordResetRequest.class, verificationCode))
|
||||
.orElseThrow(this::createVerificationCodeException);
|
||||
|
||||
if (request.getFulfillmentTime().isPresent()) {
|
||||
throw new IllegalArgumentException("This reset request has already been used.");
|
||||
}
|
||||
|
||||
ConsolePermission requiredVerifyPermission =
|
||||
switch (request.getType()) {
|
||||
case EPP -> ConsolePermission.MANAGE_USERS;
|
||||
|
||||
-5
@@ -34,7 +34,6 @@ import java.util.Optional;
|
||||
import javax.annotation.Nullable;
|
||||
import org.joda.time.Duration;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
/** Tests for {@link PasswordResetVerifyAction}. */
|
||||
@@ -111,28 +110,24 @@ public class PasswordResetVerifyActionTest extends ConsoleActionBaseTestCase {
|
||||
}
|
||||
|
||||
@Test
|
||||
@Disabled("Enable when testing is done in sandbox and isAdmin check is removed")
|
||||
void testFailure_get_epp_badPermission() throws Exception {
|
||||
createAction(createTechUser(), "GET", verificationCode, null).run();
|
||||
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
|
||||
}
|
||||
|
||||
@Test
|
||||
@Disabled("Enable when testing is done in sandbox and isAdmin check is removed")
|
||||
void testFailure_get_lock_badPermission() throws Exception {
|
||||
createAction(createAccountManager(), "GET", verificationCode, null).run();
|
||||
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
|
||||
}
|
||||
|
||||
@Test
|
||||
@Disabled("Enable when testing is done in sandbox and isAdmin check is removed")
|
||||
void testFailure_post_epp_badPermission() throws Exception {
|
||||
createAction(createTechUser(), "POST", verificationCode, "newPassword").run();
|
||||
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
|
||||
}
|
||||
|
||||
@Test
|
||||
@Disabled("Enable when testing is done in sandbox and isAdmin check is removed")
|
||||
void testFailure_post_lock_badPermission() throws Exception {
|
||||
createAction(createAccountManager(), "POST", verificationCode, "newPassword").run();
|
||||
assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
|
||||
|
||||
Reference in New Issue
Block a user