diff --git a/console-webapp/.gitignore b/console-webapp/.gitignore index 0711527ef..a515bd783 100644 --- a/console-webapp/.gitignore +++ b/console-webapp/.gitignore @@ -36,6 +36,7 @@ yarn-error.log /libpeerconnection.log testem.log /typings +.nx/ # System files .DS_Store diff --git a/console-webapp/src/app/shared/services/backend.service.ts b/console-webapp/src/app/shared/services/backend.service.ts index d53b37df8..9729952e1 100644 --- a/console-webapp/src/app/shared/services/backend.service.ts +++ b/console-webapp/src/app/shared/services/backend.service.ts @@ -33,6 +33,11 @@ export class BackendService { error: HttpErrorResponse, mockData?: Type ): Observable { + // This is a temporary redirect to the old console untill the new console + // is fully released and enabled + if (error.url && window.location.href.indexOf(error.url) < 0) { + window.location.href = error.url; + } if (error.error instanceof Error) { // A client-side or network error occurred. Handle it accordingly. console.error('An error occurred:', error.error.message); diff --git a/core/src/main/java/google/registry/request/Response.java b/core/src/main/java/google/registry/request/Response.java index e0d5accb2..88bd6c5d5 100644 --- a/core/src/main/java/google/registry/request/Response.java +++ b/core/src/main/java/google/registry/request/Response.java @@ -28,6 +28,8 @@ import org.joda.time.DateTime; */ public interface Response { + void sendRedirect(String url) throws IOException; + /** Sets the HTTP status code. */ void setStatus(int status); diff --git a/core/src/main/java/google/registry/request/ResponseImpl.java b/core/src/main/java/google/registry/request/ResponseImpl.java index 864ee920e..d82a196d9 100644 --- a/core/src/main/java/google/registry/request/ResponseImpl.java +++ b/core/src/main/java/google/registry/request/ResponseImpl.java @@ -32,6 +32,11 @@ public final class ResponseImpl implements Response { this.rsp = rsp; } + @Override + public void sendRedirect(String url) throws IOException { + rsp.sendRedirect(url); + } + @Override public void setStatus(int status) { rsp.setStatus(status); diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleApiAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleApiAction.java index a70cf2ca0..1ca67d873 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleApiAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleApiAction.java @@ -17,10 +17,15 @@ package google.registry.ui.server.console; import static google.registry.request.Action.Method.GET; import com.google.api.client.http.HttpStatusCodes; +import google.registry.model.console.GlobalRole; import google.registry.model.console.User; +import google.registry.request.auth.AuthResult; import google.registry.security.XsrfTokenManager; import google.registry.ui.server.registrar.ConsoleApiParams; +import google.registry.ui.server.registrar.ConsoleUiAction; +import google.registry.util.RegistryEnvironment; import jakarta.servlet.http.Cookie; +import java.io.IOException; import java.util.Arrays; import java.util.Optional; @@ -35,11 +40,26 @@ public abstract class ConsoleApiAction implements Runnable { @Override public final void run() { // Shouldn't be even possible because of Auth annotations on the various implementing classes - if (consoleApiParams.authResult().userAuthInfo().get().consoleUser().isEmpty()) { + AuthResult authResult = consoleApiParams.authResult(); + if (authResult.userAuthInfo().isEmpty() + || authResult.userAuthInfo().get().consoleUser().isEmpty()) { consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED); return; } User user = consoleApiParams.authResult().userAuthInfo().get().consoleUser().get(); + + // This allows us to enable console to a selected cohort of users with release + // We can ignore it in tests + if (RegistryEnvironment.get() != RegistryEnvironment.UNITTEST + && !GlobalRole.FTE.equals(user.getUserRoles().getGlobalRole())) { + try { + consoleApiParams.response().sendRedirect(ConsoleUiAction.PATH); + return; + } catch (IOException e) { + throw new RuntimeException(e); + } + } + if (consoleApiParams.request().getMethod().equals(GET.toString())) { getHandler(user); } else { @@ -75,4 +95,5 @@ public abstract class ConsoleApiAction implements Runnable { } return true; } + } diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleDomainGetAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleDomainGetAction.java index f9af4fb13..2bdcdf635 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleDomainGetAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleDomainGetAction.java @@ -24,11 +24,8 @@ import google.registry.model.console.User; import google.registry.model.domain.Domain; import google.registry.request.Action; import google.registry.request.Parameter; -import google.registry.request.Response; import google.registry.request.auth.Auth; -import google.registry.request.auth.AuthResult; -import google.registry.request.auth.UserAuthInfo; -import google.registry.ui.server.registrar.JsonGetAction; +import google.registry.ui.server.registrar.ConsoleApiParams; import java.util.Optional; import javax.inject.Inject; @@ -37,55 +34,41 @@ import javax.inject.Inject; service = Action.Service.DEFAULT, path = ConsoleDomainGetAction.PATH, auth = Auth.AUTH_PUBLIC_LOGGED_IN) -public class ConsoleDomainGetAction implements JsonGetAction { +public class ConsoleDomainGetAction extends ConsoleApiAction { public static final String PATH = "/console-api/domain"; - private final AuthResult authResult; - private final Response response; private final Gson gson; private final String paramDomain; @Inject public ConsoleDomainGetAction( - AuthResult authResult, - Response response, + ConsoleApiParams consoleApiParams, Gson gson, @Parameter("consoleDomain") String paramDomain) { - this.authResult = authResult; - this.response = response; - this.gson = gson; + super(consoleApiParams); this.paramDomain = paramDomain; + this.gson = gson; } @Override - public void run() { - if (!authResult.isAuthenticated() || authResult.userAuthInfo().isEmpty()) { - response.setStatus(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED); - return; - } - UserAuthInfo authInfo = authResult.userAuthInfo().get(); - if (authInfo.consoleUser().isEmpty()) { - response.setStatus(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED); - return; - } - User user = authInfo.consoleUser().get(); + protected void getHandler(User user) { Optional possibleDomain = tm().transact( () -> EppResourceUtils.loadByForeignKeyCached( Domain.class, paramDomain, tm().getTransactionTime())); if (possibleDomain.isEmpty()) { - response.setStatus(HttpStatusCodes.STATUS_CODE_NOT_FOUND); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_NOT_FOUND); return; } Domain domain = possibleDomain.get(); if (!user.getUserRoles() .hasPermission(domain.getCurrentSponsorRegistrarId(), ConsolePermission.DOWNLOAD_DOMAINS)) { - response.setStatus(HttpStatusCodes.STATUS_CODE_NOT_FOUND); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_NOT_FOUND); return; } - response.setStatus(HttpStatusCodes.STATUS_CODE_OK); - response.setPayload(gson.toJson(domain)); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_OK); + consoleApiParams.response().setPayload(gson.toJson(domain)); } } diff --git a/core/src/main/java/google/registry/ui/server/console/ConsoleDomainListAction.java b/core/src/main/java/google/registry/ui/server/console/ConsoleDomainListAction.java index f6031f9fc..632ed4910 100644 --- a/core/src/main/java/google/registry/ui/server/console/ConsoleDomainListAction.java +++ b/core/src/main/java/google/registry/ui/server/console/ConsoleDomainListAction.java @@ -27,10 +27,8 @@ import google.registry.model.console.User; import google.registry.model.domain.Domain; import google.registry.request.Action; import google.registry.request.Parameter; -import google.registry.request.Response; import google.registry.request.auth.Auth; -import google.registry.request.auth.AuthResult; -import google.registry.ui.server.registrar.JsonGetAction; +import google.registry.ui.server.registrar.ConsoleApiParams; import java.util.List; import java.util.Optional; import javax.inject.Inject; @@ -43,7 +41,7 @@ import org.joda.time.DateTime; path = ConsoleDomainListAction.PATH, method = Action.Method.GET, auth = Auth.AUTH_PUBLIC_LOGGED_IN) -public class ConsoleDomainListAction implements JsonGetAction { +public class ConsoleDomainListAction extends ConsoleApiAction { public static final String PATH = "/console-api/domain-list"; @@ -54,8 +52,6 @@ public class ConsoleDomainListAction implements JsonGetAction { private static final String SEARCH_TERM_QUERY = " AND LOWER(domainName) LIKE :searchTerm"; private static final String ORDER_BY_STATEMENT = " ORDER BY creationTime DESC"; - private final AuthResult authResult; - private final Response response; private final Gson gson; private final String registrarId; private final Optional checkpointTime; @@ -66,8 +62,7 @@ public class ConsoleDomainListAction implements JsonGetAction { @Inject public ConsoleDomainListAction( - AuthResult authResult, - Response response, + ConsoleApiParams consoleApiParams, Gson gson, @Parameter("registrarId") String registrarId, @Parameter("checkpointTime") Optional checkpointTime, @@ -75,8 +70,7 @@ public class ConsoleDomainListAction implements JsonGetAction { @Parameter("resultsPerPage") Optional resultsPerPage, @Parameter("totalResults") Optional totalResults, @Parameter("searchTerm") Optional searchTerm) { - this.authResult = authResult; - this.response = response; + super(consoleApiParams); this.gson = gson; this.registrarId = registrarId; this.checkpointTime = checkpointTime; @@ -87,19 +81,20 @@ public class ConsoleDomainListAction implements JsonGetAction { } @Override - public void run() { - User user = authResult.userAuthInfo().get().consoleUser().get(); + protected void getHandler(User user) { if (!user.getUserRoles().hasPermission(registrarId, DOWNLOAD_DOMAINS)) { - response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); return; } - if (resultsPerPage < 1 || resultsPerPage > 500) { - writeBadRequest("Results per page must be between 1 and 500 inclusive"); + setFailedResponse( + "Results per page must be between 1 and 500 inclusive", + HttpStatusCodes.STATUS_CODE_BAD_REQUEST); return; } if (pageNumber < 0) { - writeBadRequest("Page number must be non-negative"); + setFailedResponse( + "Page number must be non-negative", HttpStatusCodes.STATUS_CODE_BAD_REQUEST); return; } @@ -130,8 +125,10 @@ public class ConsoleDomainListAction implements JsonGetAction { .setFirstResult(numResultsToSkip) .setMaxResults(resultsPerPage) .getResultList(); - response.setPayload(gson.toJson(new DomainListResult(domains, checkpoint, actualTotalResults))); - response.setStatus(HttpStatusCodes.STATUS_CODE_OK); + consoleApiParams + .response() + .setPayload(gson.toJson(new DomainListResult(domains, checkpoint, actualTotalResults))); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_OK); } /** Creates the query to get the total number of matching domains, interpolating as necessary. */ @@ -154,11 +151,6 @@ public class ConsoleDomainListAction implements JsonGetAction { return tm().query(DOMAIN_QUERY_TEMPLATE + ORDER_BY_STATEMENT, Domain.class); } - private void writeBadRequest(String message) { - response.setPayload(message); - response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - } - /** Container result class that allows for pagination. */ @VisibleForTesting static final class DomainListResult { diff --git a/core/src/main/java/google/registry/ui/server/console/RegistrarsAction.java b/core/src/main/java/google/registry/ui/server/console/RegistrarsAction.java index 7dac07155..9e00a28e6 100644 --- a/core/src/main/java/google/registry/ui/server/console/RegistrarsAction.java +++ b/core/src/main/java/google/registry/ui/server/console/RegistrarsAction.java @@ -31,12 +31,9 @@ import google.registry.model.registrar.RegistrarBase.State; import google.registry.model.registrar.RegistrarPoc; import google.registry.request.Action; import google.registry.request.Parameter; -import google.registry.request.Response; import google.registry.request.auth.Auth; -import google.registry.request.auth.AuthResult; -import google.registry.ui.server.registrar.JsonGetAction; +import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.util.StringGenerator; -import jakarta.servlet.http.HttpServletRequest; import java.util.Optional; import javax.inject.Inject; import javax.inject.Named; @@ -46,50 +43,33 @@ import javax.inject.Named; path = RegistrarsAction.PATH, method = {GET, POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) -public class RegistrarsAction implements JsonGetAction { +public class RegistrarsAction extends ConsoleApiAction { private static final int PASSWORD_LENGTH = 16; private static final int PASSCODE_LENGTH = 5; static final String PATH = "/console-api/registrars"; - private final AuthResult authResult; - private final Response response; private final Gson gson; - private final HttpServletRequest req; private Optional registrar; private StringGenerator passwordGenerator; private StringGenerator passcodeGenerator; @Inject public RegistrarsAction( - HttpServletRequest req, - AuthResult authResult, - Response response, + ConsoleApiParams consoleApiParams, Gson gson, @Parameter("registrar") Optional registrar, @Named("base58StringGenerator") StringGenerator passwordGenerator, @Named("digitOnlyStringGenerator") StringGenerator passcodeGenerator) { - this.authResult = authResult; - this.response = response; + super(consoleApiParams); this.gson = gson; this.registrar = registrar; - this.req = req; this.passcodeGenerator = passcodeGenerator; this.passwordGenerator = passwordGenerator; } - @Override - public void run() { - User user = authResult.userAuthInfo().get().consoleUser().get(); - if (req.getMethod().equals(GET.toString())) { - getHandler(user); - } else { - postHandler(user); - } - } - - private void getHandler(User user) { + protected void getHandler(User user) { if (!user.getUserRoles().hasGlobalPermission(ConsolePermission.VIEW_REGISTRARS)) { - response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); return; } ImmutableList registrars = @@ -97,19 +77,20 @@ public class RegistrarsAction implements JsonGetAction { .filter(r -> r.getType() == Registrar.Type.REAL) .collect(ImmutableList.toImmutableList()); - response.setPayload(gson.toJson(registrars)); - response.setStatus(HttpStatusCodes.STATUS_CODE_OK); + consoleApiParams.response().setPayload(gson.toJson(registrars)); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_OK); } - private void postHandler(User user) { + @Override + protected void postHandler(User user) { if (!user.getUserRoles().isAdmin()) { - response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); return; } if (registrar.isEmpty()) { - response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - response.setPayload(gson.toJson("'registrar' parameter is not present")); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); + consoleApiParams.response().setPayload(gson.toJson("'registrar' parameter is not present")); return; } @@ -171,11 +152,9 @@ public class RegistrarsAction implements JsonGetAction { }); } catch (IllegalArgumentException e) { - response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - response.setPayload(gson.toJson(e.getMessage())); + setFailedResponse(e.getMessage(), HttpStatusCodes.STATUS_CODE_BAD_REQUEST); } catch (Throwable e) { - response.setStatus(HttpStatusCodes.STATUS_CODE_SERVER_ERROR); - response.setPayload(gson.toJson(e.getMessage())); + setFailedResponse(e.getMessage(), HttpStatusCodes.STATUS_CODE_SERVER_ERROR); } } } diff --git a/core/src/main/java/google/registry/ui/server/console/settings/ContactAction.java b/core/src/main/java/google/registry/ui/server/console/settings/ContactAction.java index 475e30b25..5a411e456 100644 --- a/core/src/main/java/google/registry/ui/server/console/settings/ContactAction.java +++ b/core/src/main/java/google/registry/ui/server/console/settings/ContactAction.java @@ -31,13 +31,11 @@ import google.registry.model.registrar.RegistrarPoc; import google.registry.persistence.transaction.QueryComposer.Comparator; import google.registry.request.Action; import google.registry.request.Parameter; -import google.registry.request.Response; import google.registry.request.auth.Auth; -import google.registry.request.auth.AuthResult; import google.registry.ui.forms.FormException; -import google.registry.ui.server.registrar.JsonGetAction; +import google.registry.ui.server.console.ConsoleApiAction; +import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.ui.server.registrar.RegistrarSettingsAction; -import jakarta.servlet.http.HttpServletRequest; import java.util.Collections; import java.util.Optional; import javax.inject.Inject; @@ -47,45 +45,29 @@ import javax.inject.Inject; path = ContactAction.PATH, method = {GET, POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) -public class ContactAction implements JsonGetAction { +public class ContactAction extends ConsoleApiAction { static final String PATH = "/console-api/settings/contacts"; private static final FluentLogger logger = FluentLogger.forEnclosingClass(); - private final HttpServletRequest req; - private final AuthResult authResult; - private final Response response; private final Gson gson; private final Optional> contacts; private final String registrarId; @Inject public ContactAction( - HttpServletRequest req, - AuthResult authResult, - Response response, + ConsoleApiParams consoleApiParams, Gson gson, @Parameter("registrarId") String registrarId, @Parameter("contacts") Optional> contacts) { - this.authResult = authResult; - this.response = response; + super(consoleApiParams); this.gson = gson; this.registrarId = registrarId; this.contacts = contacts; - this.req = req; } @Override - public void run() { - User user = authResult.userAuthInfo().get().consoleUser().get(); - if (req.getMethod().equals(GET.toString())) { - getHandler(user); - } else { - postHandler(user); - } - } - - private void getHandler(User user) { + protected void getHandler(User user) { if (!user.getUserRoles().hasPermission(registrarId, ConsolePermission.VIEW_REGISTRAR_DETAILS)) { - response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); return; } @@ -99,19 +81,20 @@ public class ContactAction implements JsonGetAction { .filter(r -> !r.getTypes().isEmpty()) .collect(toImmutableList())); - response.setStatus(HttpStatusCodes.STATUS_CODE_OK); - response.setPayload(gson.toJson(am)); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_OK); + consoleApiParams.response().setPayload(gson.toJson(am)); } - private void postHandler(User user) { + @Override + protected void postHandler(User user) { if (!user.getUserRoles().hasPermission(registrarId, ConsolePermission.EDIT_REGISTRAR_DETAILS)) { - response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); return; } if (contacts.isEmpty()) { - response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - response.setPayload(gson.toJson("Contacts parameter is not present")); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); + consoleApiParams.response().setPayload(gson.toJson("Contacts parameter is not present")); return; } @@ -137,12 +120,12 @@ public class ContactAction implements JsonGetAction { } catch (FormException e) { logger.atWarning().withCause(e).log( "Error processing contacts post request for registrar: %s", registrarId); - response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - response.setPayload(e.getMessage()); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); + consoleApiParams.response().setPayload(e.getMessage()); return; } RegistrarPoc.updateContacts(registrar, updatedContacts); - response.setStatus(HttpStatusCodes.STATUS_CODE_OK); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_OK); } } diff --git a/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java b/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java index 7d56ffd23..398d5b182 100644 --- a/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java +++ b/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java @@ -18,7 +18,6 @@ import static google.registry.persistence.transaction.TransactionManagerFactory. import static google.registry.request.Action.Method.POST; import com.google.api.client.http.HttpStatusCodes; -import com.google.gson.Gson; import google.registry.flows.certs.CertificateChecker; import google.registry.flows.certs.CertificateChecker.InsecureCertificateException; import google.registry.model.console.ConsolePermission; @@ -26,12 +25,11 @@ import google.registry.model.console.User; import google.registry.model.registrar.Registrar; import google.registry.request.Action; import google.registry.request.Parameter; -import google.registry.request.Response; import google.registry.request.auth.Auth; -import google.registry.request.auth.AuthResult; import google.registry.request.auth.AuthenticatedRegistrarAccessor; import google.registry.request.auth.AuthenticatedRegistrarAccessor.RegistrarAccessDeniedException; -import google.registry.ui.server.registrar.JsonGetAction; +import google.registry.ui.server.console.ConsoleApiAction; +import google.registry.ui.server.registrar.ConsoleApiParams; import java.util.Optional; import javax.inject.Inject; @@ -40,12 +38,9 @@ import javax.inject.Inject; path = SecurityAction.PATH, method = {POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) -public class SecurityAction implements JsonGetAction { +public class SecurityAction extends ConsoleApiAction { static final String PATH = "/console-api/settings/security"; - private final AuthResult authResult; - private final Response response; - private final Gson gson; private final String registrarId; private final AuthenticatedRegistrarAccessor registrarAccessor; private final Optional registrar; @@ -53,16 +48,12 @@ public class SecurityAction implements JsonGetAction { @Inject public SecurityAction( - AuthResult authResult, - Response response, - Gson gson, + ConsoleApiParams consoleApiParams, CertificateChecker certificateChecker, AuthenticatedRegistrarAccessor registrarAccessor, @Parameter("registrarId") String registrarId, @Parameter("registrar") Optional registrar) { - this.authResult = authResult; - this.response = response; - this.gson = gson; + super(consoleApiParams); this.registrarId = registrarId; this.registrarAccessor = registrarAccessor; this.registrar = registrar; @@ -70,16 +61,15 @@ public class SecurityAction implements JsonGetAction { } @Override - public void run() { - User user = authResult.userAuthInfo().get().consoleUser().get(); + protected void postHandler(User user) { if (!user.getUserRoles().hasPermission(registrarId, ConsolePermission.EDIT_REGISTRAR_DETAILS)) { - response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); return; } if (registrar.isEmpty()) { - response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - response.setPayload(gson.toJson("'registrar' parameter is not present")); + setFailedResponse( + "'registrar' parameter is not present", HttpStatusCodes.STATUS_CODE_BAD_REQUEST); return; } @@ -87,8 +77,7 @@ public class SecurityAction implements JsonGetAction { try { savedRegistrar = registrarAccessor.getRegistrar(registrarId); } catch (RegistrarAccessDeniedException e) { - response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); - response.setPayload(e.getMessage()); + setFailedResponse(e.getMessage(), HttpStatusCodes.STATUS_CODE_FORBIDDEN); return; } @@ -122,12 +111,12 @@ public class SecurityAction implements JsonGetAction { } } } catch (InsecureCertificateException e) { - response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - response.setPayload("Invalid certificate in parameter"); + setFailedResponse( + "Invalid certificate in parameter", HttpStatusCodes.STATUS_CODE_BAD_REQUEST); return; } tm().put(updatedRegistrar.build()); - response.setStatus(HttpStatusCodes.STATUS_CODE_OK); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_OK); } } diff --git a/core/src/main/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsAction.java b/core/src/main/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsAction.java index 08b8c39c7..8a2eaf95f 100644 --- a/core/src/main/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsAction.java +++ b/core/src/main/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsAction.java @@ -18,18 +18,16 @@ import static google.registry.persistence.transaction.TransactionManagerFactory. import static google.registry.request.Action.Method.POST; import com.google.api.client.http.HttpStatusCodes; -import com.google.gson.Gson; import google.registry.model.console.ConsolePermission; import google.registry.model.console.User; import google.registry.model.registrar.Registrar; import google.registry.request.Action; import google.registry.request.Parameter; -import google.registry.request.Response; import google.registry.request.auth.Auth; -import google.registry.request.auth.AuthResult; import google.registry.request.auth.AuthenticatedRegistrarAccessor; import google.registry.request.auth.AuthenticatedRegistrarAccessor.RegistrarAccessDeniedException; -import google.registry.ui.server.registrar.JsonGetAction; +import google.registry.ui.server.console.ConsoleApiAction; +import google.registry.ui.server.registrar.ConsoleApiParams; import java.util.Optional; import javax.inject.Inject; @@ -44,42 +42,34 @@ import javax.inject.Inject; path = WhoisRegistrarFieldsAction.PATH, method = {POST}, auth = Auth.AUTH_PUBLIC_LOGGED_IN) -public class WhoisRegistrarFieldsAction implements JsonGetAction { +public class WhoisRegistrarFieldsAction extends ConsoleApiAction { static final String PATH = "/console-api/settings/whois-fields"; - private final AuthResult authResult; - private final Response response; - private final Gson gson; private AuthenticatedRegistrarAccessor registrarAccessor; private Optional registrar; @Inject public WhoisRegistrarFieldsAction( - AuthResult authResult, - Response response, - Gson gson, + ConsoleApiParams consoleApiParams, AuthenticatedRegistrarAccessor registrarAccessor, @Parameter("registrar") Optional registrar) { - this.authResult = authResult; - this.response = response; - this.gson = gson; + super(consoleApiParams); this.registrarAccessor = registrarAccessor; this.registrar = registrar; } @Override - public void run() { + protected void postHandler(User user) { if (registrar.isEmpty()) { - response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - response.setPayload(gson.toJson("'registrar' parameter is not present")); + setFailedResponse( + "'registrar' parameter is not present", HttpStatusCodes.STATUS_CODE_BAD_REQUEST); return; } - User user = authResult.userAuthInfo().get().consoleUser().get(); if (!user.getUserRoles() .hasPermission( registrar.get().getRegistrarId(), ConsolePermission.EDIT_REGISTRAR_DETAILS)) { - response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); return; } @@ -92,8 +82,8 @@ public class WhoisRegistrarFieldsAction implements JsonGetAction { // reload to make sure the object has all the correct fields savedRegistrar = registrarAccessor.getRegistrar(providedRegistrar.getRegistrarId()); } catch (RegistrarAccessDeniedException e) { - response.setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); - response.setPayload(e.getMessage()); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + consoleApiParams.response().setPayload(e.getMessage()); return; } @@ -102,6 +92,6 @@ public class WhoisRegistrarFieldsAction implements JsonGetAction { newRegistrar.setUrl(providedRegistrar.getUrl()); newRegistrar.setLocalizedAddress(providedRegistrar.getLocalizedAddress()); tm().put(newRegistrar.build()); - response.setStatus(HttpStatusCodes.STATUS_CODE_OK); + consoleApiParams.response().setStatus(HttpStatusCodes.STATUS_CODE_OK); } } diff --git a/core/src/test/java/google/registry/testing/FakeResponse.java b/core/src/test/java/google/registry/testing/FakeResponse.java index 16689ad62..eda47b205 100644 --- a/core/src/test/java/google/registry/testing/FakeResponse.java +++ b/core/src/test/java/google/registry/testing/FakeResponse.java @@ -67,6 +67,12 @@ public final class FakeResponse implements Response { return writer; } + @Override + public void sendRedirect(String url) throws IOException { + status = 302; + this.payload = String.format("Redirected to %s", url); + } + @Override public void setStatus(int status) { checkArgument(status >= 100); diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleDomainGetActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleDomainGetActionTest.java index 0463c0d92..1942731c9 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleDomainGetActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleDomainGetActionTest.java @@ -17,6 +17,7 @@ package google.registry.ui.server.console; import static com.google.common.truth.Truth.assertThat; import static google.registry.testing.DatabaseHelper.createTld; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; import com.google.api.client.http.HttpStatusCodes; import com.google.common.collect.ImmutableMap; @@ -25,11 +26,15 @@ import google.registry.model.console.RegistrarRole; import google.registry.model.console.User; import google.registry.model.console.UserRoles; import google.registry.persistence.transaction.JpaTestExtensions; +import google.registry.request.Action; import google.registry.request.RequestModule; import google.registry.request.auth.AuthResult; import google.registry.request.auth.UserAuthInfo; import google.registry.testing.DatabaseHelper; +import google.registry.testing.FakeConsoleApiParams; import google.registry.testing.FakeResponse; +import google.registry.ui.server.registrar.ConsoleApiParams; +import java.util.Optional; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.RegisterExtension; @@ -38,7 +43,7 @@ import org.junit.jupiter.api.extension.RegisterExtension; public class ConsoleDomainGetActionTest { private static final Gson GSON = RequestModule.provideGson(); - private static final FakeResponse RESPONSE = new FakeResponse(); + private ConsoleApiParams consoleApiParams; @RegisterExtension final JpaTestExtensions.JpaIntegrationTestExtension jpa = @@ -63,8 +68,9 @@ public class ConsoleDomainGetActionTest { .build()))), "exists.tld"); action.run(); - assertThat(RESPONSE.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); - assertThat(RESPONSE.getPayload()) + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + assertThat(((FakeResponse) consoleApiParams.response()).getPayload()) .isEqualTo( "{\"domainName\":\"exists.tld\",\"adminContact\":{\"key\":\"3-ROID\",\"kind\":" + "\"google.registry.model.contact.Contact\"},\"techContact\":{\"key\":\"3-ROID\"," @@ -82,7 +88,8 @@ public class ConsoleDomainGetActionTest { void testFailure_emptyAuth() { ConsoleDomainGetAction action = createAction(AuthResult.NOT_AUTHENTICATED, "exists.tld"); action.run(); - assertThat(RESPONSE.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED); } @Test @@ -90,7 +97,8 @@ public class ConsoleDomainGetActionTest { ConsoleDomainGetAction action = createAction(AuthResult.createApp("service@registry.example"), "exists.tld"); action.run(); - assertThat(RESPONSE.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED); } @Test @@ -101,7 +109,8 @@ public class ConsoleDomainGetActionTest { UserAuthInfo.create(mock(com.google.appengine.api.users.User.class), false)), "exists.tld"); action.run(); - assertThat(RESPONSE.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_UNAUTHORIZED); } @Test @@ -111,7 +120,8 @@ public class ConsoleDomainGetActionTest { AuthResult.createUser(UserAuthInfo.create(createUser(new UserRoles.Builder().build()))), "exists.tld"); action.run(); - assertThat(RESPONSE.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_NOT_FOUND); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_NOT_FOUND); } @Test @@ -122,7 +132,8 @@ public class ConsoleDomainGetActionTest { UserAuthInfo.create(createUser(new UserRoles.Builder().setIsAdmin(true).build()))), "nonexistent.tld"); action.run(); - assertThat(RESPONSE.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_NOT_FOUND); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_NOT_FOUND); } private User createUser(UserRoles userRoles) { @@ -133,6 +144,8 @@ public class ConsoleDomainGetActionTest { } private ConsoleDomainGetAction createAction(AuthResult authResult, String domain) { - return new ConsoleDomainGetAction(authResult, RESPONSE, GSON, domain); + consoleApiParams = FakeConsoleApiParams.get(Optional.of(authResult)); + when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.GET.toString()); + return new ConsoleDomainGetAction(consoleApiParams, GSON, domain); } } diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleDomainListActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleDomainListActionTest.java index d9c786ad0..3572648e3 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleDomainListActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleDomainListActionTest.java @@ -20,6 +20,7 @@ import static google.registry.testing.DatabaseHelper.createAdminUser; import static google.registry.testing.DatabaseHelper.createTld; import static google.registry.testing.DatabaseHelper.persistActiveDomain; import static google.registry.testing.DatabaseHelper.persistDomainAsDeleted; +import static org.mockito.Mockito.when; import com.google.api.client.http.HttpStatusCodes; import com.google.common.collect.Iterables; @@ -27,13 +28,16 @@ import com.google.gson.Gson; import google.registry.model.EppResourceUtils; import google.registry.model.domain.Domain; import google.registry.persistence.transaction.JpaTestExtensions; +import google.registry.request.Action; import google.registry.request.auth.AuthResult; import google.registry.request.auth.UserAuthInfo; import google.registry.testing.DatabaseHelper; import google.registry.testing.FakeClock; +import google.registry.testing.FakeConsoleApiParams; import google.registry.testing.FakeResponse; import google.registry.tools.GsonUtils; import google.registry.ui.server.console.ConsoleDomainListAction.DomainListResult; +import google.registry.ui.server.registrar.ConsoleApiParams; import java.util.Optional; import javax.annotation.Nullable; import org.joda.time.DateTime; @@ -48,7 +52,7 @@ public class ConsoleDomainListActionTest { private final FakeClock clock = new FakeClock(DateTime.parse("2023-10-20T00:00:00.000Z")); - private FakeResponse response; + private ConsoleApiParams consoleApiParams; @RegisterExtension final JpaTestExtensions.JpaIntegrationTestExtension jpa = @@ -68,7 +72,9 @@ public class ConsoleDomainListActionTest { void testSuccess_allDomains() { ConsoleDomainListAction action = createAction("TheRegistrar"); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains).hasSize(10); assertThat(result.totalResults).isEqualTo(10); assertThat(result.checkpointTime).isEqualTo(clock.nowUtc()); @@ -80,7 +86,9 @@ public class ConsoleDomainListActionTest { void testSuccess_noDomains() { ConsoleDomainListAction action = createAction("NewRegistrar"); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains).hasSize(0); assertThat(result.totalResults).isEqualTo(0); assertThat(result.checkpointTime).isEqualTo(clock.nowUtc()); @@ -91,7 +99,9 @@ public class ConsoleDomainListActionTest { // Two pages of results should go in reverse chronological order ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, null); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains.stream().map(Domain::getDomainName).collect(toImmutableList())) .containsExactly("9exists.tld", "8exists.tld", "7exists.tld", "6exists.tld", "5exists.tld"); assertThat(result.totalResults).isEqualTo(10); @@ -99,7 +109,9 @@ public class ConsoleDomainListActionTest { // Now do the second page action = createAction("TheRegistrar", result.checkpointTime, 1, 5, 10L, null); action.run(); - result = GSON.fromJson(response.getPayload(), DomainListResult.class); + result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains.stream().map(Domain::getDomainName).collect(toImmutableList())) .containsExactly("4exists.tld", "3exists.tld", "2exists.tld", "1exists.tld", "0exists.tld"); } @@ -108,7 +120,9 @@ public class ConsoleDomainListActionTest { void testSuccess_partialPage() { ConsoleDomainListAction action = createAction("TheRegistrar", null, 1, 8, null, null); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains.stream().map(Domain::getDomainName).collect(toImmutableList())) .containsExactly("1exists.tld", "0exists.tld"); } @@ -118,7 +132,9 @@ public class ConsoleDomainListActionTest { ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 10, null, null); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains).hasSize(10); assertThat(result.totalResults).isEqualTo(10); @@ -128,7 +144,9 @@ public class ConsoleDomainListActionTest { // Even though we persisted a new domain, the old checkpoint should return no more results action = createAction("TheRegistrar", result.checkpointTime, 1, 10, null, null); action.run(); - result = GSON.fromJson(response.getPayload(), DomainListResult.class); + result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains).isEmpty(); assertThat(result.totalResults).isEqualTo(10); } @@ -137,7 +155,9 @@ public class ConsoleDomainListActionTest { void testSuccess_checkpointTime_deletion() { ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, null); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); clock.advanceOneMilli(); Domain toDelete = @@ -147,7 +167,9 @@ public class ConsoleDomainListActionTest { // Second page should include the domain that is now deleted due to the checkpoint time action = createAction("TheRegistrar", result.checkpointTime, 1, 5, null, null); action.run(); - result = GSON.fromJson(response.getPayload(), DomainListResult.class); + result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains.stream().map(Domain::getDomainName).collect(toImmutableList())) .containsExactly("4exists.tld", "3exists.tld", "2exists.tld", "1exists.tld", "0exists.tld"); } @@ -156,7 +178,9 @@ public class ConsoleDomainListActionTest { void testSuccess_searchTerm_oneMatch() { ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, "0"); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(Iterables.getOnlyElement(result.domains).getDomainName()).isEqualTo("0exists.tld"); } @@ -164,7 +188,9 @@ public class ConsoleDomainListActionTest { void testSuccess_searchTerm_returnsNone() { ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, "deleted"); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains).isEmpty(); } @@ -172,7 +198,9 @@ public class ConsoleDomainListActionTest { void testSuccess_searchTerm_caseInsensitive() { ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, "eXiStS"); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains).hasSize(5); assertThat(result.totalResults).isEqualTo(10); } @@ -181,7 +209,9 @@ public class ConsoleDomainListActionTest { void testSuccess_searchTerm_tld() { ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, "tld"); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains).hasSize(5); assertThat(result.totalResults).isEqualTo(10); } @@ -190,7 +220,9 @@ public class ConsoleDomainListActionTest { void testPartialSuccess_pastEnd() { ConsoleDomainListAction action = createAction("TheRegistrar", null, 5, 5, null, null); action.run(); - DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class); + DomainListResult result = + GSON.fromJson( + ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class); assertThat(result.domains).isEmpty(); } @@ -198,14 +230,16 @@ public class ConsoleDomainListActionTest { void testFailure_invalidResultsPerPage() { ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 0, null, null); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - assertThat(response.getPayload()) + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); + assertThat(((FakeResponse) consoleApiParams.response()).getPayload()) .isEqualTo("Results per page must be between 1 and 500 inclusive"); action = createAction("TheRegistrar", null, 0, 501, null, null); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - assertThat(response.getPayload()) + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); + assertThat(((FakeResponse) consoleApiParams.response()).getPayload()) .isEqualTo("Results per page must be between 1 and 500 inclusive"); } @@ -213,8 +247,10 @@ public class ConsoleDomainListActionTest { void testFailure_invalidPageNumber() { ConsoleDomainListAction action = createAction("TheRegistrar", null, -1, 10, null, null); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - assertThat(response.getPayload()).isEqualTo("Page number must be non-negative"); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); + assertThat(((FakeResponse) consoleApiParams.response()).getPayload()) + .isEqualTo("Page number must be non-negative"); } private ConsoleDomainListAction createAction(String registrarId) { @@ -228,12 +264,12 @@ public class ConsoleDomainListActionTest { @Nullable Integer resultsPerPage, @Nullable Long totalResults, @Nullable String searchTerm) { - response = new FakeResponse(); AuthResult authResult = AuthResult.createUser(UserAuthInfo.create(createAdminUser("email@email.example"))); + consoleApiParams = FakeConsoleApiParams.get(Optional.of(authResult)); + when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.GET.toString()); return new ConsoleDomainListAction( - authResult, - response, + consoleApiParams, GSON, registrarId, Optional.ofNullable(checkpointTime), diff --git a/core/src/test/java/google/registry/ui/server/console/ConsoleEppPasswordActionTest.java b/core/src/test/java/google/registry/ui/server/console/ConsoleEppPasswordActionTest.java index f8ea41bbd..9380fdba9 100644 --- a/core/src/test/java/google/registry/ui/server/console/ConsoleEppPasswordActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/ConsoleEppPasswordActionTest.java @@ -45,7 +45,6 @@ import google.registry.testing.FakeResponse; import google.registry.tools.GsonUtils; import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.util.EmailMessage; -import jakarta.servlet.http.Cookie; import java.util.Optional; import javax.mail.internet.AddressException; import javax.mail.internet.InternetAddress; @@ -197,12 +196,7 @@ class ConsoleEppPasswordActionTest { AuthenticatedRegistrarAccessor authenticatedRegistrarAccessor = AuthenticatedRegistrarAccessor.createForTesting( ImmutableSetMultimap.of("registrarId", OWNER)); - Cookie cookie = - new Cookie( - consoleApiParams.xsrfTokenManager().X_CSRF_TOKEN, - consoleApiParams.xsrfTokenManager().generateToken("")); when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.POST.toString()); - when(consoleApiParams.request().getCookies()).thenReturn(new Cookie[] {cookie}); return new ConsoleEppPasswordAction( consoleApiParams, authenticatedRegistrarAccessor, gmailClient); diff --git a/core/src/test/java/google/registry/ui/server/console/RegistrarsActionTest.java b/core/src/test/java/google/registry/ui/server/console/RegistrarsActionTest.java index 000263312..3d64b1b6f 100644 --- a/core/src/test/java/google/registry/ui/server/console/RegistrarsActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/RegistrarsActionTest.java @@ -21,7 +21,6 @@ import static google.registry.testing.DatabaseHelper.persistNewRegistrar; import static google.registry.testing.DatabaseHelper.persistResource; import static google.registry.testing.SqlHelper.saveRegistrar; import static org.mockito.Mockito.doReturn; -import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; import com.google.api.client.http.HttpStatusCodes; @@ -40,10 +39,11 @@ import google.registry.request.RequestModule; import google.registry.request.auth.AuthResult; import google.registry.request.auth.UserAuthInfo; import google.registry.testing.DeterministicStringGenerator; +import google.registry.testing.FakeConsoleApiParams; import google.registry.testing.FakeResponse; +import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.ui.server.registrar.RegistrarConsoleModule; import google.registry.util.StringGenerator; -import jakarta.servlet.http.HttpServletRequest; import java.io.BufferedReader; import java.io.IOException; import java.io.StringReader; @@ -56,9 +56,8 @@ import org.junit.jupiter.api.extension.RegisterExtension; /** Tests for {@link google.registry.ui.server.console.RegistrarsAction}. */ class RegistrarsActionTest { - private final HttpServletRequest request = mock(HttpServletRequest.class); private static final Gson GSON = RequestModule.provideGson(); - private FakeResponse response; + private ConsoleApiParams consoleApiParams; private StringGenerator passwordGenerator = new DeterministicStringGenerator("abcdefghijklmnopqrstuvwxyz"); @@ -112,8 +111,9 @@ class RegistrarsActionTest { createUser( new UserRoles.Builder().setGlobalRole(GlobalRole.SUPPORT_LEAD).build())))); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); - String payload = response.getPayload(); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + String payload = ((FakeResponse) consoleApiParams.response()).getPayload(); assertThat( ImmutableList.of("\"registrarId\":\"NewRegistrar\"", "\"registrarId\":\"TheRegistrar\"") .stream() @@ -131,8 +131,9 @@ class RegistrarsActionTest { UserAuthInfo.create( createUser(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())))); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); - String payload = response.getPayload(); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + String payload = ((FakeResponse) consoleApiParams.response()).getPayload(); assertThat( ImmutableList.of( "\"registrarId\":\"NewRegistrar\"", @@ -151,7 +152,8 @@ class RegistrarsActionTest { AuthResult.createUser( UserAuthInfo.create(createUser(new UserRoles.Builder().setIsAdmin(true).build())))); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); Registrar r = loadRegistrar("regIdTest"); assertThat(r).isNotNull(); assertThat( @@ -180,12 +182,12 @@ class RegistrarsActionTest { UserAuthInfo.create( createUser(new UserRoles.Builder().setIsAdmin(true).build())))); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - assertThat(response.getPayload()) + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); + assertThat(((FakeResponse) consoleApiParams.response()).getPayload()) .isEqualTo( - GSON.toJson( - String.format( - "Missing value for %s", userFriendlyKeysToRegistrarKeys.get(key)))); + String.format( + "Missing value for %s", userFriendlyKeysToRegistrarKeys.get(key))); }); } @@ -198,9 +200,10 @@ class RegistrarsActionTest { AuthResult.createUser( UserAuthInfo.create(createUser(new UserRoles.Builder().setIsAdmin(true).build())))); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - assertThat(response.getPayload()) - .isEqualTo(GSON.toJson("Registrar with registrarId regIdTest already exists")); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); + assertThat(((FakeResponse) consoleApiParams.response()).getPayload()) + .isEqualTo("Registrar with registrarId regIdTest already exists"); } @Test @@ -219,7 +222,8 @@ class RegistrarsActionTest { RegistrarRole.ACCOUNT_MANAGER_WITH_REGISTRY_LOCK)) .build())))); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_FORBIDDEN); } private User createUser(UserRoles userRoles) { @@ -230,27 +234,19 @@ class RegistrarsActionTest { } private RegistrarsAction createAction(Action.Method method, AuthResult authResult) { - response = new FakeResponse(); - when(request.getMethod()).thenReturn(method.toString()); + consoleApiParams = FakeConsoleApiParams.get(Optional.of(authResult)); + when(consoleApiParams.request().getMethod()).thenReturn(method.toString()); if (method.equals(Action.Method.GET)) { return new RegistrarsAction( - request, - authResult, - response, - GSON, - Optional.ofNullable(null), - passwordGenerator, - passcodeGenerator); + consoleApiParams, GSON, Optional.ofNullable(null), passwordGenerator, passcodeGenerator); } else { try { doReturn(new BufferedReader(new StringReader(registrarParamMap.toString()))) - .when(request) + .when(consoleApiParams.request()) .getReader(); } catch (IOException e) { return new RegistrarsAction( - request, - authResult, - response, + consoleApiParams, GSON, Optional.ofNullable(null), passwordGenerator, @@ -258,15 +254,9 @@ class RegistrarsActionTest { } Optional maybeRegistrar = RegistrarConsoleModule.provideRegistrar( - GSON, RequestModule.provideJsonBody(request, GSON)); + GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON)); return new RegistrarsAction( - request, - authResult, - response, - GSON, - maybeRegistrar, - passwordGenerator, - passcodeGenerator); + consoleApiParams, GSON, maybeRegistrar, passwordGenerator, passcodeGenerator); } } } diff --git a/core/src/test/java/google/registry/ui/server/console/settings/ContactActionTest.java b/core/src/test/java/google/registry/ui/server/console/settings/ContactActionTest.java index f36aa88f4..31490773b 100644 --- a/core/src/test/java/google/registry/ui/server/console/settings/ContactActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/settings/ContactActionTest.java @@ -21,7 +21,7 @@ import static google.registry.testing.DatabaseHelper.createAdminUser; import static google.registry.testing.DatabaseHelper.insertInDb; import static google.registry.testing.DatabaseHelper.loadAllOf; import static google.registry.testing.SqlHelper.saveRegistrar; -import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.when; import com.google.api.client.http.HttpStatusCodes; @@ -38,9 +38,10 @@ import google.registry.request.Action; import google.registry.request.RequestModule; import google.registry.request.auth.AuthResult; import google.registry.request.auth.UserAuthInfo; +import google.registry.testing.FakeConsoleApiParams; import google.registry.testing.FakeResponse; +import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.ui.server.registrar.RegistrarConsoleModule; -import jakarta.servlet.http.HttpServletRequest; import java.io.BufferedReader; import java.io.IOException; import java.io.StringReader; @@ -69,10 +70,9 @@ class ContactActionTest { + "\"visibleInWhoisAsTech\":false,\"visibleInDomainWhoisAsAbuse\":false}"; private Registrar testRegistrar; - private final HttpServletRequest request = mock(HttpServletRequest.class); + private ConsoleApiParams consoleApiParams; private RegistrarPoc testRegistrarPoc; private static final Gson GSON = RequestModule.provideGson(); - private FakeResponse response; @RegisterExtension final JpaTestExtensions.JpaIntegrationTestExtension jpa = @@ -80,7 +80,6 @@ class ContactActionTest { @BeforeEach void beforeEach() { - response = new FakeResponse(); testRegistrar = saveRegistrar("registrarId"); testRegistrarPoc = new RegistrarPoc.Builder() @@ -106,8 +105,10 @@ class ContactActionTest { testRegistrar.getRegistrarId(), null); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); - assertThat(response.getPayload()).isEqualTo("[" + jsonRegistrar1 + "]"); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + assertThat(((FakeResponse) consoleApiParams.response()).getPayload()) + .isEqualTo("[" + jsonRegistrar1 + "]"); } @Test @@ -121,8 +122,9 @@ class ContactActionTest { testRegistrar.getRegistrarId(), null); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); - assertThat(response.getPayload()).isEqualTo("[]"); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + assertThat(((FakeResponse) consoleApiParams.response()).getPayload()).isEqualTo("[]"); } @Test @@ -134,7 +136,8 @@ class ContactActionTest { testRegistrar.getRegistrarId(), "[" + jsonRegistrar1 + "," + jsonRegistrar2 + "]"); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); assertThat( loadAllOf(RegistrarPoc.class).stream() .filter(r -> r.registrarId.equals(testRegistrar.getRegistrarId())) @@ -154,7 +157,8 @@ class ContactActionTest { testRegistrar.getRegistrarId(), "[" + jsonRegistrar1 + "," + jsonRegistrar2 + "]"); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); HashMap testResult = new HashMap<>(); loadAllOf(RegistrarPoc.class).stream() .filter(r -> r.registrarId.equals(testRegistrar.getRegistrarId())) @@ -177,7 +181,8 @@ class ContactActionTest { testRegistrar.getRegistrarId(), "[" + jsonRegistrar2 + "]"); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); assertThat( loadAllOf(RegistrarPoc.class).stream() .filter(r -> r.registrarId.equals(testRegistrar.getRegistrarId())) @@ -207,21 +212,25 @@ class ContactActionTest { testRegistrar.getRegistrarId(), "[" + jsonRegistrar2 + "]"); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_FORBIDDEN); } private ContactAction createAction( Action.Method method, AuthResult authResult, String registrarId, String contacts) throws IOException { - when(request.getMethod()).thenReturn(method.toString()); + consoleApiParams = FakeConsoleApiParams.get(Optional.of(authResult)); + when(consoleApiParams.request().getMethod()).thenReturn(method.toString()); if (method.equals(Action.Method.GET)) { - return new ContactAction(request, authResult, response, GSON, registrarId, Optional.empty()); + return new ContactAction(consoleApiParams, GSON, registrarId, Optional.empty()); } else { - when(request.getReader()).thenReturn(new BufferedReader(new StringReader(contacts))); + doReturn(new BufferedReader(new StringReader(contacts))) + .when(consoleApiParams.request()) + .getReader(); Optional> maybeContacts = RegistrarConsoleModule.provideContacts( - GSON, RequestModule.provideJsonBody(request, GSON)); - return new ContactAction(request, authResult, response, GSON, registrarId, maybeContacts); + GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON)); + return new ContactAction(consoleApiParams, GSON, registrarId, maybeContacts); } } } diff --git a/core/src/test/java/google/registry/ui/server/console/settings/SecurityActionTest.java b/core/src/test/java/google/registry/ui/server/console/settings/SecurityActionTest.java index 28627f4c7..97ae6d43e 100644 --- a/core/src/test/java/google/registry/ui/server/console/settings/SecurityActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/settings/SecurityActionTest.java @@ -20,7 +20,7 @@ import static google.registry.testing.DatabaseHelper.loadRegistrar; import static google.registry.testing.SqlHelper.saveRegistrar; import static google.registry.util.DateTimeUtils.START_OF_TIME; import static org.mockito.Mockito.doReturn; -import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; import com.google.api.client.http.HttpStatusCodes; import com.google.common.collect.ImmutableSet; @@ -30,15 +30,17 @@ import com.google.gson.Gson; import google.registry.flows.certs.CertificateChecker; import google.registry.model.registrar.Registrar; import google.registry.persistence.transaction.JpaTestExtensions; +import google.registry.request.Action; import google.registry.request.RequestModule; import google.registry.request.auth.AuthResult; import google.registry.request.auth.AuthenticatedRegistrarAccessor; import google.registry.request.auth.UserAuthInfo; import google.registry.testing.DatabaseHelper; import google.registry.testing.FakeClock; +import google.registry.testing.FakeConsoleApiParams; import google.registry.testing.FakeResponse; +import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.ui.server.registrar.RegistrarConsoleModule; -import jakarta.servlet.http.HttpServletRequest; import java.io.BufferedReader; import java.io.IOException; import java.io.StringReader; @@ -57,10 +59,9 @@ class SecurityActionTest { + " \"ipAddressAllowList\": [\"192.168.1.1/32\"]}", SAMPLE_CERT2); private static final Gson GSON = RequestModule.provideGson(); - private final HttpServletRequest request = mock(HttpServletRequest.class); + private ConsoleApiParams consoleApiParams; private final FakeClock clock = new FakeClock(); private Registrar testRegistrar; - private FakeResponse response = new FakeResponse(); private AuthenticatedRegistrarAccessor registrarAccessor = AuthenticatedRegistrarAccessor.createForTesting( @@ -93,7 +94,8 @@ class SecurityActionTest { UserAuthInfo.create(DatabaseHelper.createAdminUser("email@email.com"))), testRegistrar.getRegistrarId()); action.run(); - assertThat(response.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); Registrar r = loadRegistrar(testRegistrar.getRegistrarId()); assertThat(r.getClientCertificateHash().get()) .isEqualTo("GNd6ZP8/n91t9UTnpxR8aH7aAW4+CpvufYx9ViGbcMY"); @@ -103,16 +105,15 @@ class SecurityActionTest { private SecurityAction createAction(AuthResult authResult, String registrarId) throws IOException { - doReturn(new BufferedReader(new StringReader(jsonRegistrar1))).when(request).getReader(); + consoleApiParams = FakeConsoleApiParams.get(Optional.of(authResult)); + when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.POST.toString()); + doReturn(new BufferedReader(new StringReader(jsonRegistrar1))) + .when(consoleApiParams.request()) + .getReader(); Optional maybeRegistrar = - RegistrarConsoleModule.provideRegistrar(GSON, RequestModule.provideJsonBody(request, GSON)); - return new SecurityAction( - authResult, - response, - GSON, - certificateChecker, - registrarAccessor, - registrarId, - maybeRegistrar); + RegistrarConsoleModule.provideRegistrar( + GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON)); + return new SecurityAction( + consoleApiParams, certificateChecker, registrarAccessor, registrarId, maybeRegistrar); } } diff --git a/core/src/test/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsActionTest.java b/core/src/test/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsActionTest.java index 1d5914618..3f12283d4 100644 --- a/core/src/test/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsActionTest.java +++ b/core/src/test/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsActionTest.java @@ -16,7 +16,7 @@ package google.registry.ui.server.console.settings; import static com.google.common.truth.Truth.assertThat; import static google.registry.model.ImmutableObjectSubject.assertAboutImmutableObjects; -import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.when; import com.google.api.client.http.HttpStatusCodes; @@ -30,6 +30,7 @@ import google.registry.model.console.User; import google.registry.model.console.UserRoles; import google.registry.model.registrar.Registrar; import google.registry.persistence.transaction.JpaTestExtensions; +import google.registry.request.Action; import google.registry.request.RequestModule; import google.registry.request.auth.AuthResult; import google.registry.request.auth.AuthenticatedRegistrarAccessor; @@ -37,13 +38,15 @@ import google.registry.request.auth.AuthenticatedRegistrarAccessor.Role; import google.registry.request.auth.UserAuthInfo; import google.registry.testing.DatabaseHelper; import google.registry.testing.FakeClock; +import google.registry.testing.FakeConsoleApiParams; import google.registry.testing.FakeResponse; +import google.registry.ui.server.registrar.ConsoleApiParams; import google.registry.ui.server.registrar.RegistrarConsoleModule; -import jakarta.servlet.http.HttpServletRequest; import java.io.BufferedReader; import java.io.IOException; import java.io.StringReader; import java.util.HashMap; +import java.util.Optional; import org.joda.time.DateTime; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.RegisterExtension; @@ -51,10 +54,9 @@ import org.junit.jupiter.api.extension.RegisterExtension; /** Tests for {@link WhoisRegistrarFieldsAction}. */ public class WhoisRegistrarFieldsActionTest { + private ConsoleApiParams consoleApiParams; private static final Gson GSON = RequestModule.provideGson(); private final FakeClock clock = new FakeClock(DateTime.parse("2023-08-01T00:00:00.000Z")); - private final FakeResponse fakeResponse = new FakeResponse(); - private final HttpServletRequest request = mock(HttpServletRequest.class); private final AuthenticatedRegistrarAccessor registrarAccessor = AuthenticatedRegistrarAccessor.createForTesting( ImmutableSetMultimap.of("TheRegistrar", Role.OWNER, "NewRegistrar", Role.OWNER)); @@ -110,7 +112,8 @@ public class WhoisRegistrarFieldsActionTest { + " \"NL\", \"zip\": \"10011\", \"countryCode\": \"CA\"}")); WhoisRegistrarFieldsAction action = createAction(); action.run(); - assertThat(fakeResponse.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_OK); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_OK); Registrar newRegistrar = Registrar.loadByRegistrarId("TheRegistrar").get(); // skip cache assertThat(newRegistrar.getWhoisServer()).isEqualTo("whois.nic.google"); assertThat(newRegistrar.getUrl()).isEqualTo("https://newurl.example"); @@ -138,7 +141,8 @@ public class WhoisRegistrarFieldsActionTest { uiRegistrarMap.put("registrarId", "NewRegistrar"); WhoisRegistrarFieldsAction action = createAction(onlyTheRegistrar); action.run(); - assertThat(fakeResponse.getStatus()).isEqualTo(HttpStatusCodes.STATUS_CODE_FORBIDDEN); + assertThat(((FakeResponse) consoleApiParams.response()).getStatus()) + .isEqualTo(HttpStatusCodes.STATUS_CODE_FORBIDDEN); // should be no change assertThat(DatabaseHelper.loadByEntity(newRegistrar)).isEqualTo(newRegistrar); } @@ -153,14 +157,15 @@ public class WhoisRegistrarFieldsActionTest { } private WhoisRegistrarFieldsAction createAction(AuthResult authResult) throws IOException { - when(request.getReader()) - .thenReturn(new BufferedReader(new StringReader(uiRegistrarMap.toString()))); + consoleApiParams = FakeConsoleApiParams.get(Optional.of(authResult)); + when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.POST.toString()); + doReturn(new BufferedReader(new StringReader(uiRegistrarMap.toString()))) + .when(consoleApiParams.request()) + .getReader(); return new WhoisRegistrarFieldsAction( - authResult, - fakeResponse, - GSON, + consoleApiParams, registrarAccessor, RegistrarConsoleModule.provideRegistrar( - GSON, RequestModule.provideJsonBody(request, GSON))); + GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON))); } }