Cut over to generating new HMAC-based XSRF tokens

This is the second step of migrating to our new XSRF token format. The first step ([] made validate() start accepting new tokens (basically, dual-read). This step cuts over our "writing" to write the new token format. The third and final step will drop support for validating the old token format (back to single-read). We'll do that in a subsequent push so that we don't invalidate all the current XSRF tokens that people might have in their browsers. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=149790648
2026-01-10 07:57:58 +00:00 · 2017-03-10 13:19:38 -08:00
parent ebcdae7361
commit 2353bcd8c5
7 changed files with 14 additions and 90 deletions
--- a/java/google/registry/ui/server/registrar/ConsoleUiAction.java
+++ b/java/google/registry/ui/server/registrar/ConsoleUiAction.java
@@ -27,7 +27,6 @@ import com.google.template.soy.data.SoyMapData;
 import com.google.template.soy.shared.SoyCssRenamingMap;
 import com.google.template.soy.tofu.SoyTofu;
 import google.registry.config.RegistryConfig.Config;
-import google.registry.flows.EppConsoleAction;
 import google.registry.model.registrar.Registrar;
 import google.registry.request.Action;
 import google.registry.request.Response;
@@ -119,8 +118,7 @@ public final class ConsoleUiAction implements Runnable {
    Registrar registrar = Registrar.loadByClientId(sessionUtils.getRegistrarClientId(req));
    data.put(
        "xsrfToken",
-        xsrfTokenManager.generateLegacyToken(
-            EppConsoleAction.XSRF_SCOPE, userService.getCurrentUser().getEmail()));
+        xsrfTokenManager.generateToken(userService.getCurrentUser().getEmail()));
    data.put("clientId", registrar.getClientId());
    data.put("showPaymentLink", registrar.getBillingMethod() == Registrar.BillingMethod.BRAINTREE);