Verify that the RegistryLock input has the correct registrar ID (#661)

* Verify that the RegistryLock input has the correct registrar ID We already verify (correctly) that the user has access to the registrar they specify, but nowhere did we verify that the registrar ID they used is actually the current sponsor ID for the domain in question. This is an oversight caused by the fact that our testing framework only uses admin accounts, which by the nature of things have access to all registrars and domains. In addition, rename "clientId" to "registrarId" in the RLPA object * Change the wording on the incorrect-registrar message
2026-02-04 12:02:30 +00:00 · 2020-07-05 22:31:14 -04:00
parent 333170a724
commit 806f3b2456
9 changed files with 95 additions and 49 deletions
--- a/core/src/main/javascript/google/registry/ui/js/registrar/registry_lock.js
+++ b/core/src/main/javascript/google/registry/ui/js/registrar/registry_lock.js
@@ -172,7 +172,7 @@ registry.registrar.RegistryLock.prototype.lockOrUnlockDomain_ = function(isLock,
      e => this.fillLocksPage_(e),
      'POST',
      goog.json.serialize({
-        'clientId': this.clientId,
+        'registrarId': this.clientId,
        'domainName': domain,
        'isLock': isLock,
        'password': password,