mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2025-12-23 06:15:42 +00:00
Code Issues Releases Wiki Activity

Refactor some registry lock verification code (#2434)

Browse Source 
The user, on the front end, should not be required to provide whether or
not they're trying to verify a lock or an unlock. They should only need
the verification code. We can inspect the lock object itself (and the
domain in question) to see whether or not we're verifying a lock or an
unlock.
This commit is contained in:
gbrodman
2024-05-14 12:56:32 -04:00
committed by GitHub
parent 6ca3cc230f
commit d09bb4ff74
9 changed files with 134 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
core/src/main/java/google/registry/tools/DomainLockUtils.java
View File

@@ -71,7 +71,7 @@ public final class DomainLockUtils {
/**
* Creates and persists a lock request when requested by a user.
*
* <p>The lock will not be applied until {@link #verifyAndApplyLock} is called.
* <p>The lock will not be applied until {@link #verifyVerificationCode} is called.
*/
public RegistryLock saveNewRegistryLockRequest(
String domainName, String registrarId, @Nullable String registrarPocId, boolean isAdmin) {
@@ -84,7 +84,7 @@ public final class DomainLockUtils {
/**
* Creates and persists an unlock request when requested by a user.
*
* <p>The unlock will not be applied until {@link #verifyAndApplyUnlock} is called.
* <p>The unlock will not be applied until {@link #verifyVerificationCode} is called.
*/
public RegistryLock saveNewRegistryUnlockRequest(
String domainName, String registrarId, boolean isAdmin, Optional<Duration> relockDuration) {
@@ -94,62 +94,32 @@ public final class DomainLockUtils {
createUnlockBuilder(domainName, registrarId, isAdmin, relockDuration).build()));
}
/** Verifies and applies the lock request previously requested by a user. */
public RegistryLock verifyAndApplyLock(String verificationCode, boolean isAdmin) {
return tm().transact(
() -> {
DateTime now = tm().getTransactionTime();
RegistryLock lock = getByVerificationCode(verificationCode);
checkArgument(
lock.getLockCompletionTime().isEmpty(),
"Domain %s is already locked",
lock.getDomainName());
checkArgument(
!lock.isLockRequestExpired(now),
"The pending lock has expired; please try again");
checkArgument(
!lock.isSuperuser() || isAdmin, "Non-admin user cannot complete admin lock");
RegistryLock newLock =
RegistryLockDao.save(lock.asBuilder().setLockCompletionTime(now).build());
setAsRelock(newLock);
tm().transact(() -> applyLockStatuses(newLock, now, isAdmin));
return newLock;
});
}
/** Verifies and applies the unlock request previously requested by a user. */
public RegistryLock verifyAndApplyUnlock(String verificationCode, boolean isAdmin) {
RegistryLock lock =
/**
* Verifies and applies the lock/unlock request previously requested given a verification code.
*
* <p>This assumes that the lock object / domain in question has a pending lock or unlock.
*/
public RegistryLock verifyVerificationCode(String verificationCode, boolean isAdmin) {
RegistryLock result =
tm().transact(
() -> {
DateTime now = tm().getTransactionTime();
RegistryLock previousLock = getByVerificationCode(verificationCode);
checkArgument(
previousLock.getUnlockCompletionTime().isEmpty(),
"Domain %s is already unlocked",
previousLock.getDomainName());
checkArgument(
!previousLock.isUnlockRequestExpired(now),
"The pending unlock has expired; please try again");
checkArgument(
isAdmin || !previousLock.isSuperuser(),
"Non-admin user cannot complete admin unlock");
RegistryLock newLock =
RegistryLockDao.save(
previousLock.asBuilder().setUnlockCompletionTime(now).build());
tm().transact(() -> removeLockStatuses(newLock, isAdmin, now));
return newLock;
RegistryLock lock = getByVerificationCode(verificationCode);
if (lock.getLockCompletionTime().isEmpty()) {
return verifyAndApplyLock(lock, isAdmin);
} else if (lock.getUnlockRequestTime().isPresent()
&& lock.getUnlockCompletionTime().isEmpty()) {
return verifyAndApplyUnlock(lock, isAdmin);
} else {
throw new IllegalArgumentException(
String.format(
"Lock/unlock with code %s is already completed", verificationCode));
}
});
// Submit relock outside the transaction to make sure that it fully succeeded
submitRelockIfNecessary(lock);
return lock;
if (result.getUnlockCompletionTime().isPresent()) {
// Submit relock outside the transaction to make sure that it fully succeeded
submitRelockIfNecessary(result);
}
return result;
}
/**
@@ -232,13 +202,36 @@ public final class DomainLockUtils {
countdown));
}
private RegistryLock verifyAndApplyLock(RegistryLock lock, boolean isAdmin) {
DateTime now = tm().getTransactionTime();
checkArgument(
!lock.isLockRequestExpired(now), "The pending lock has expired; please try again");
checkArgument(!lock.isSuperuser() || isAdmin, "Non-admin user cannot complete admin lock");
RegistryLock newLock =
RegistryLockDao.save(lock.asBuilder().setLockCompletionTime(now).build());
setAsRelock(newLock);
applyLockStatuses(newLock, now, isAdmin);
return newLock;
}
private RegistryLock verifyAndApplyUnlock(RegistryLock lock, boolean isAdmin) {
DateTime now = tm().getTransactionTime();
checkArgument(
!lock.isUnlockRequestExpired(now), "The pending unlock has expired; please try again");
checkArgument(isAdmin || !lock.isSuperuser(), "Non-admin user cannot complete admin unlock");
RegistryLock newLock =
RegistryLockDao.save(lock.asBuilder().setUnlockCompletionTime(now).build());
removeLockStatuses(newLock, isAdmin, now);
return newLock;
}
private void setAsRelock(RegistryLock newLock) {
tm().transact(
() ->
RegistryLockDao.getMostRecentVerifiedUnlockByRepoId(newLock.getRepoId())
.ifPresent(
oldLock ->
RegistryLockDao.save(oldLock.asBuilder().setRelock(newLock).build())));
RegistryLockDao.getMostRecentVerifiedUnlockByRepoId(newLock.getRepoId())
.ifPresent(oldLock -> RegistryLockDao.save(oldLock.asBuilder().setRelock(newLock).build()));
}
private RegistryLock.Builder createLockBuilder(

1
core/src/main/java/google/registry/ui/server/console/ConsoleRegistryLockAction.java
View File

@@ -194,7 +194,6 @@ public class ConsoleRegistryLockAction extends ConsoleApiAction {
// TODO: replace this with the PATH in ConsoleRegistryLockVerifyAction once it exists
.setPath("/console-api/registry-lock-verify")
.setParameter("lockVerificationCode", lock.getVerificationCode())
.setParameter("isLock", String.valueOf(isLock))
.build()
.toString();
String body = String.format(VERIFICATION_EMAIL_TEMPLATE, lock.getDomainName(), url);

1
core/src/main/java/google/registry/ui/server/registrar/RegistryLockPostAction.java
View File

@@ -160,7 +160,6 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc
.setHost(req.getServerName())
.setPath("registry-lock-verify")
.setParameter("lockVerificationCode", lock.getVerificationCode())
.setParameter("isLock", String.valueOf(isLock))
.build()
.toString();
String body = String.format(VERIFICATION_EMAIL_TEMPLATE, lock.getDomainName(), url);

15
core/src/main/java/google/registry/ui/server/registrar/RegistryLockVerifyAction.java
View File

@@ -50,29 +50,22 @@ public final class RegistryLockVerifyAction extends HtmlAction {
private final DomainLockUtils domainLockUtils;
private final String lockVerificationCode;
private final Boolean isLock;
@Inject
public RegistryLockVerifyAction(
DomainLockUtils domainLockUtils,
@Parameter("lockVerificationCode") String lockVerificationCode,
@Parameter("isLock") Boolean isLock) {
@Parameter("lockVerificationCode") String lockVerificationCode) {
this.domainLockUtils = domainLockUtils;
this.lockVerificationCode = lockVerificationCode;
this.isLock = isLock;
}
@Override
public void runAfterLogin(Map<String, Object> data) {
try {
boolean isAdmin = authResult.userAuthInfo().get().isUserAdmin();
final RegistryLock resultLock;
if (isLock) {
resultLock = domainLockUtils.verifyAndApplyLock(lockVerificationCode, isAdmin);
} else {
resultLock = domainLockUtils.verifyAndApplyUnlock(lockVerificationCode, isAdmin);
}
data.put("isLock", isLock);
RegistryLock resultLock =
domainLockUtils.verifyVerificationCode(lockVerificationCode, isAdmin);
data.put("isLock", resultLock.getUnlockCompletionTime().isEmpty());
data.put("success", true);
data.put("domainName", resultLock.getDomainName());
} catch (Throwable t) {

50
core/src/test/java/google/registry/tools/DomainLockUtilsTest.java
View File

@@ -124,7 +124,7 @@ public final class DomainLockUtilsTest {
clock.advanceBy(standardDays(1));
RegistryLock lock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false);
domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), false);
verifyProperlyLockedDomain(false);
}
@@ -137,7 +137,7 @@ public final class DomainLockUtilsTest {
RegistryLock unlockRequest =
domainLockUtils.saveNewRegistryUnlockRequest(
DOMAIN_NAME, "TheRegistrar", false, Optional.empty());
domainLockUtils.verifyAndApplyUnlock(unlockRequest.getVerificationCode(), false);
domainLockUtils.verifyVerificationCode(unlockRequest.getVerificationCode(), false);
assertThat(loadByEntity(domain).getStatusValues()).containsNoneIn(REGISTRY_LOCK_STATUSES);
}
@@ -145,7 +145,7 @@ public final class DomainLockUtilsTest {
void testSuccess_applyLockDomain() {
RegistryLock lock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false);
domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), false);
verifyProperlyLockedDomain(false);
}
@@ -155,7 +155,7 @@ public final class DomainLockUtilsTest {
RegistryLock unlock =
domainLockUtils.saveNewRegistryUnlockRequest(
DOMAIN_NAME, "TheRegistrar", false, Optional.empty());
domainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false);
domainLockUtils.verifyVerificationCode(unlock.getVerificationCode(), false);
verifyProperlyUnlockedDomain(false);
}
@@ -163,7 +163,7 @@ public final class DomainLockUtilsTest {
void testSuccess_applyAdminLock_onlyHistoryEntry() {
RegistryLock lock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true);
domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), true);
verifyProperlyLockedDomain(true);
}
@@ -171,11 +171,11 @@ public final class DomainLockUtilsTest {
void testSuccess_applyAdminUnlock_onlyHistoryEntry() {
RegistryLock lock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true);
domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), true);
RegistryLock unlock =
domainLockUtils.saveNewRegistryUnlockRequest(
DOMAIN_NAME, "TheRegistrar", true, Optional.empty());
domainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), true);
domainLockUtils.verifyVerificationCode(unlock.getVerificationCode(), true);
verifyProperlyUnlockedDomain(true);
}
@@ -196,7 +196,7 @@ public final class DomainLockUtilsTest {
void testSuccess_administrativelyUnlock_nonAdmin() {
RegistryLock lock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false);
domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), false);
domainLockUtils.administrativelyApplyUnlock(
DOMAIN_NAME, "TheRegistrar", false, Optional.empty());
verifyProperlyUnlockedDomain(false);
@@ -206,7 +206,7 @@ public final class DomainLockUtilsTest {
void testSuccess_administrativelyUnlock_admin() {
RegistryLock lock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true);
domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), true);
domainLockUtils.administrativelyApplyUnlock(
DOMAIN_NAME, "TheRegistrar", true, Optional.empty());
verifyProperlyUnlockedDomain(true);
@@ -220,7 +220,7 @@ public final class DomainLockUtilsTest {
DOMAIN_NAME, "TheRegistrar", false, Optional.empty());
RegistryLock newLock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false);
newLock = domainLockUtils.verifyAndApplyLock(newLock.getVerificationCode(), false);
newLock = domainLockUtils.verifyVerificationCode(newLock.getVerificationCode(), false);
assertThat(
getRegistryLockByRevisionId(oldLock.getRevisionId()).get().getRelock().getRevisionId())
.isEqualTo(newLock.getRevisionId());
@@ -254,7 +254,7 @@ public final class DomainLockUtilsTest {
RegistryLock lock =
domainLockUtils.saveNewRegistryUnlockRequest(
DOMAIN_NAME, "TheRegistrar", false, Optional.of(standardHours(6)));
domainLockUtils.verifyAndApplyUnlock(lock.getVerificationCode(), false);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), false);
cloudTasksHelper.assertTasksEnqueued(
QUEUE_ASYNC_ACTIONS,
new TaskMatcher()
@@ -304,7 +304,7 @@ public final class DomainLockUtilsTest {
void testFailure_createUnlock_alreadyPendingUnlock() {
RegistryLock lock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false);
domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), false);
domainLockUtils.saveNewRegistryUnlockRequest(
DOMAIN_NAME, "TheRegistrar", false, Optional.empty());
@@ -323,7 +323,7 @@ public final class DomainLockUtilsTest {
void testFailure_createUnlock_nonAdminUnlockingAdmin() {
RegistryLock lock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", null, true);
domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), true);
IllegalArgumentException thrown =
assertThrows(
IllegalArgumentException.class,
@@ -387,13 +387,15 @@ public final class DomainLockUtilsTest {
void testFailure_applyLock_alreadyApplied() {
RegistryLock lock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false);
domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), false);
domain = loadByEntity(domain);
IllegalArgumentException thrown =
assertThrows(
IllegalArgumentException.class,
() -> domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false));
assertThat(thrown).hasMessageThat().isEqualTo("Domain example.tld is already locked");
() -> domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), false));
assertThat(thrown)
.hasMessageThat()
.isEqualTo("Lock/unlock with code 123456789ABCDEFGHJKLMNPQRSTUVWXY is already completed");
assertNoDomainChanges();
}
@@ -405,7 +407,7 @@ public final class DomainLockUtilsTest {
IllegalArgumentException thrown =
assertThrows(
IllegalArgumentException.class,
() -> domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true));
() -> domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), true));
assertThat(thrown).hasMessageThat().isEqualTo("The pending lock has expired; please try again");
assertNoDomainChanges();
}
@@ -417,7 +419,7 @@ public final class DomainLockUtilsTest {
IllegalArgumentException thrown =
assertThrows(
IllegalArgumentException.class,
() -> domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false));
() -> domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), false));
assertThat(thrown).hasMessageThat().isEqualTo("Non-admin user cannot complete admin lock");
assertNoDomainChanges();
}
@@ -426,17 +428,19 @@ public final class DomainLockUtilsTest {
void testFailure_applyUnlock_alreadyUnlocked() {
RegistryLock lock =
domainLockUtils.saveNewRegistryLockRequest(DOMAIN_NAME, "TheRegistrar", POC_ID, false);
domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), false);
domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), false);
RegistryLock unlock =
domainLockUtils.saveNewRegistryUnlockRequest(
DOMAIN_NAME, "TheRegistrar", false, Optional.empty());
domainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false);
domainLockUtils.verifyVerificationCode(unlock.getVerificationCode(), false);
IllegalArgumentException thrown =
assertThrows(
IllegalArgumentException.class,
() -> domainLockUtils.verifyAndApplyUnlock(unlock.getVerificationCode(), false));
assertThat(thrown).hasMessageThat().isEqualTo("Domain example.tld is already unlocked");
() -> domainLockUtils.verifyVerificationCode(unlock.getVerificationCode(), false));
assertThat(thrown)
.hasMessageThat()
.isEqualTo("Lock/unlock with code Zabcdefghijkmnopqrstuvwxyz123456 is already completed");
assertNoDomainChanges();
}
@@ -451,7 +455,7 @@ public final class DomainLockUtilsTest {
IllegalArgumentException thrown =
assertThrows(
IllegalArgumentException.class,
() -> domainLockUtils.verifyAndApplyLock(verificationCode, false));
() -> domainLockUtils.verifyVerificationCode(verificationCode, false));
assertThat(thrown).hasMessageThat().isEqualTo("Domain example.tld is already locked");
// Failure during the lock acquisition portion shouldn't affect the SQL object

2
core/src/test/java/google/registry/tools/UnlockDomainCommandTest.java
View File

@@ -60,7 +60,7 @@ class UnlockDomainCommandTest extends CommandTestCase<UnlockDomainCommand> {
Domain domain = persistResource(DatabaseHelper.newDomain(domainName));
RegistryLock lock =
command.domainLockUtils.saveNewRegistryLockRequest(domainName, registrarId, null, true);
command.domainLockUtils.verifyAndApplyLock(lock.getVerificationCode(), true);
command.domainLockUtils.verifyVerificationCode(lock.getVerificationCode(), true);
return reloadResource(domain);
}

14
core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockActionTest.java
View File

@@ -73,11 +73,13 @@ import org.mockito.quality.Strictness;
@MockitoSettings(strictness = Strictness.LENIENT)
public class ConsoleRegistryLockActionTest {
private static final String EMAIL_MESSAGE_TEMPLATE =
"Please click the link below to perform the lock \\/ unlock action on domain example.test."
+ " Note: this code will expire in one hour.\n\n"
+ "https:\\/\\/registrarconsole.tld\\/console-api\\/registry-lock-verify\\?lockVerificationCode="
+ "[0-9a-zA-Z_\\-]+&isLock=(true|false)";
private static final String EXPECTED_EMAIL_MESSAGE =
"""
Please click the link below to perform the lock / unlock action on domain example.test. \
Note: this code will expire in one hour.
https://registrarconsole.tld/console-api/registry-lock-verify?lockVerificationCode=\
123456789ABCDEFGHJKLMNPQRSTUVWXY""";
private static final Gson GSON = RequestModule.provideGson();
@@ -542,7 +544,7 @@ public class ConsoleRegistryLockActionTest {
verify(gmailClient).sendEmail(emailCaptor.capture());
EmailMessage sentMessage = emailCaptor.getValue();
assertThat(sentMessage.subject()).matches("Registry (un)?lock verification");
assertThat(sentMessage.body()).matches(EMAIL_MESSAGE_TEMPLATE);
assertThat(sentMessage.body()).isEqualTo(EXPECTED_EMAIL_MESSAGE);
assertThat(sentMessage.recipients())
.containsExactly(new InternetAddress("registrylock@theregistrar.com"));
}

14
core/src/test/java/google/registry/ui/server/registrar/RegistryLockPostActionTest.java
View File

@@ -77,11 +77,13 @@ import org.mockito.quality.Strictness;
@MockitoSettings(strictness = Strictness.LENIENT)
final class RegistryLockPostActionTest {
private static final String EMAIL_MESSAGE_TEMPLATE =
"Please click the link below to perform the lock \\/ unlock action on domain example.tld. "
+ "Note: this code will expire in one hour.\n\n"
+ "https:\\/\\/registrarconsole.tld\\/registry-lock-verify\\?lockVerificationCode="
+ "[0-9a-zA-Z_\\-]+&isLock=(true|false)";
private static final String EXPECTED_EMAIL_MESSAGE =
"""
Please click the link below to perform the lock / unlock action on domain example.tld. Note: \
this code will expire in one hour.
https://registrarconsole.tld/registry-lock-verify?lockVerificationCode=\
123456789ABCDEFGHJKLMNPQRSTUVWXY""";
private final FakeClock clock = new FakeClock();
@@ -498,7 +500,7 @@ final class RegistryLockPostActionTest {
verify(gmailClient).sendEmail(emailCaptor.capture());
EmailMessage sentMessage = emailCaptor.getValue();
assertThat(sentMessage.subject()).matches("Registry (un)?lock verification");
assertThat(sentMessage.body()).matches(EMAIL_MESSAGE_TEMPLATE);
assertThat(sentMessage.body()).isEqualTo(EXPECTED_EMAIL_MESSAGE);
assertThat(sentMessage.recipients()).containsExactly(new InternetAddress(recipient));
}

71
core/src/test/java/google/registry/ui/server/registrar/RegistryLockVerifyActionTest.java
View File

@@ -92,7 +92,7 @@ final class RegistryLockVerifyActionTest {
Host host = persistActiveHost("ns1.example.net");
domain = persistResource(DatabaseHelper.newDomain("example.tld", host));
when(request.getRequestURI()).thenReturn("https://registry.example/registry-lock-verification");
action = createAction(lockId, true);
action = createAction(lockId);
}
@Test
@@ -113,9 +113,14 @@ final class RegistryLockVerifyActionTest {
@Test
void testSuccess_unlockDomain() {
action = createAction(lockId, false);
action = createAction(lockId);
domain = persistResource(domain.asBuilder().setStatusValues(REGISTRY_LOCK_STATUSES).build());
saveRegistryLock(createLock().asBuilder().setUnlockRequestTime(fakeClock.nowUtc()).build());
saveRegistryLock(
createLock()
.asBuilder()
.setLockCompletionTime(fakeClock.nowUtc())
.setUnlockRequestTime(fakeClock.nowUtc())
.build());
action.run();
assertThat(response.getStatus()).isEqualTo(SC_OK);
assertThat(response.getPayload()).contains("Success: unlock has been applied to example.tld");
@@ -154,7 +159,8 @@ final class RegistryLockVerifyActionTest {
void testFailure_alreadyVerified() {
saveRegistryLock(createLock().asBuilder().setLockCompletionTime(fakeClock.nowUtc()).build());
action.run();
assertThat(response.getPayload()).contains("Failed: Domain example.tld is already locked");
assertThat(response.getPayload())
.contains("Lock/unlock with code 123456789ABCDEFGHJKLMNPQRSTUVWXY is already completed");
assertNoDomainChanges();
}
@@ -178,7 +184,7 @@ final class RegistryLockVerifyActionTest {
@Test
void testFailure_alreadyUnlocked() {
action = createAction(lockId, false);
action = createAction(lockId);
saveRegistryLock(
createLock()
.asBuilder()
@@ -187,7 +193,8 @@ final class RegistryLockVerifyActionTest {
.setUnlockCompletionTime(fakeClock.nowUtc())
.build());
action.run();
assertThat(response.getPayload()).contains("Failed: Domain example.tld is already unlocked");
assertThat(response.getPayload())
.contains("Lock/unlock with code 123456789ABCDEFGHJKLMNPQRSTUVWXY is already completed");
assertNoDomainChanges();
}
@@ -228,27 +235,6 @@ final class RegistryLockVerifyActionTest {
assertThat(afterAction).isEqualTo(lock);
}
@Test
void testFailure_isLockTrue_shouldBeFalse() {
domain = persistResource(domain.asBuilder().setStatusValues(REGISTRY_LOCK_STATUSES).build());
saveRegistryLock(
createLock()
.asBuilder()
.setLockCompletionTime(fakeClock.nowUtc())
.setUnlockRequestTime(fakeClock.nowUtc())
.build());
action.run();
assertThat(response.getPayload()).contains("Failed: Domain example.tld is already locked");
}
@Test
void testFailure_isLockFalse_shouldBeTrue() {
action = createAction(lockId, false);
saveRegistryLock(createLock());
action.run();
assertThat(response.getPayload()).contains("Failed: Domain example.tld is already unlocked");
}
@Test
void testFailure_lock_unlock_lockAgain() {
RegistryLock lock = saveRegistryLock(createLock());
@@ -256,14 +242,15 @@ final class RegistryLockVerifyActionTest {
assertThat(response.getPayload()).contains("Success: lock has been applied to example.tld");
String unlockVerificationCode = "some-unlock-code";
saveRegistryLock(
lock.asBuilder()
loadByEntity(lock)
.asBuilder()
.setVerificationCode(unlockVerificationCode)
.setUnlockRequestTime(fakeClock.nowUtc())
.build());
action = createAction(unlockVerificationCode, false);
action = createAction(unlockVerificationCode);
action.run();
assertThat(response.getPayload()).contains("Success: unlock has been applied to example.tld");
action = createAction(lockId, true);
action = createAction(lockId);
action.run();
assertThat(response.getPayload()).contains("Failed: Invalid verification code");
}
@@ -273,22 +260,29 @@ final class RegistryLockVerifyActionTest {
saveRegistryLock(createLock());
action.run();
assertThat(response.getPayload()).contains("Success: lock has been applied to example.tld");
action = createAction(lockId, true);
action = createAction(lockId);
action.run();
assertThat(response.getPayload()).contains("Failed: Domain example.tld is already locked");
assertThat(response.getPayload())
.contains("Lock/unlock with code 123456789ABCDEFGHJKLMNPQRSTUVWXY is already completed");
}
@Test
void testFailure_unlock_unlockAgain() {
action = createAction(lockId, false);
action = createAction(lockId);
domain = persistResource(domain.asBuilder().setStatusValues(REGISTRY_LOCK_STATUSES).build());
saveRegistryLock(createLock().asBuilder().setUnlockRequestTime(fakeClock.nowUtc()).build());
saveRegistryLock(
createLock()
.asBuilder()
.setLockCompletionTime(fakeClock.nowUtc())
.setUnlockRequestTime(fakeClock.nowUtc())
.build());
action.run();
assertThat(response.getStatus()).isEqualTo(SC_OK);
assertThat(response.getPayload()).contains("Success: unlock has been applied to example.tld");
action = createAction(lockId, false);
action = createAction(lockId);
action.run();
assertThat(response.getPayload()).contains("Failed: Domain example.tld is already unlocked");
assertThat(response.getPayload())
.contains("Lock/unlock with code 123456789ABCDEFGHJKLMNPQRSTUVWXY is already completed");
}
private RegistryLock createLock() {
@@ -323,14 +317,13 @@ final class RegistryLockVerifyActionTest {
.build());
}
private RegistryLockVerifyAction createAction(String lockVerificationCode, Boolean isLock) {
private RegistryLockVerifyAction createAction(String lockVerificationCode) {
response = new FakeResponse();
RegistryLockVerifyAction action =
new RegistryLockVerifyAction(
new DomainLockUtils(
stringGenerator, "adminreg", cloudTasksHelper.getTestCloudTasksUtils()),
lockVerificationCode,
isLock);
lockVerificationCode);
authResult = AuthResult.createUser(UserAuthInfo.create(user, false));
action.req = request;
action.response = response;