Match logged-in GAE user ID with registrar POC user ID (#511)

* Match logged-in GAE user ID with registrar POC user ID The reasoning for this is thus: We wish to have the users log in using Google-managed addresses--this is so that we can manage enforcement of things like 2FA, as well as generic account management. However, we wish for the registry-lock confirmation emails to go to their standard non-Google email addresses--e.g. johndoe@theregistrar.com, rather than johndoe@registry.google. As a result, for registry lock, we will enable it on the johndoe@registry.google account, but we will alter the email address of the corresponding Registrar POC account to contain johndoe@theregistrar.com. By doing this, the user will still be logging in using the @registry.google account but we'll match to their actual contact email. * fix up comments and messages * Error if >1 matching contact * include email addresses * set default optional * fix tests
2026-06-09 08:22:59 +00:00 · 2020-03-16 11:38:05 -04:00
parent 0545375eba
commit d09fc7ee05
8 changed files with 148 additions and 68 deletions
--- a/core/src/main/java/google/registry/ui/server/registrar/RegistryLockGetAction.java
+++ b/core/src/main/java/google/registry/ui/server/registrar/RegistryLockGetAction.java
@@ -41,7 +41,6 @@ import google.registry.request.auth.Auth;
 import google.registry.request.auth.AuthResult;
 import google.registry.request.auth.AuthenticatedRegistrarAccessor;
 import google.registry.request.auth.AuthenticatedRegistrarAccessor.RegistrarAccessDeniedException;
-import google.registry.request.auth.UserAuthInfo;
 import google.registry.schema.domain.RegistryLock;
 import google.registry.security.JsonResponseHelper;
 import java.util.Optional;
@@ -117,41 +116,61 @@ public final class RegistryLockGetAction implements JsonGetAction {
    }
  }

-  private ImmutableMap<String, ?> getLockedDomainsMap(String clientId)
-      throws RegistrarAccessDeniedException {
-    // Note: admins always have access to the locks page
-    checkArgument(authResult.userAuthInfo().isPresent(), "User auth info must be present");
-    UserAuthInfo userAuthInfo = authResult.userAuthInfo().get();
-    boolean isAdmin = registrarAccessor.isAdmin();
-    Registrar registrar = getRegistrarAndVerifyLockAccess(clientId, isAdmin);
-    User user = userAuthInfo.user();
-    boolean isRegistryLockAllowed =
-        isAdmin
-            || registrar.getContacts().stream()
-                .filter(contact -> contact.getEmailAddress().equals(user.getEmail()))
-                .findFirst()
-                .map(RegistrarContact::isRegistryLockAllowed)
-                .orElse(false);
-    return ImmutableMap.of(
-        LOCK_ENABLED_FOR_CONTACT_PARAM,
-        isRegistryLockAllowed,
-        EMAIL_PARAM,
-        user.getEmail(),
-        PARAM_CLIENT_ID,
-        registrar.getClientId(),
-        LOCKS_PARAM,
-        getLockedDomains(clientId, isAdmin));
+  static Optional<RegistrarContact> getContactMatchingLogin(User user, Registrar registrar) {
+    ImmutableList<RegistrarContact> matchingContacts =
+        registrar.getContacts().stream()
+            .filter(contact -> contact.getGaeUserId().equals(user.getUserId()))
+            .collect(toImmutableList());
+    if (matchingContacts.size() > 1) {
+      ImmutableList<String> matchingEmails =
+          matchingContacts.stream()
+              .map(RegistrarContact::getEmailAddress)
+              .collect(toImmutableList());
+      throw new IllegalArgumentException(
+          String.format(
+              "User ID %s had multiple matching contacts with email addresses %s",
+              user.getUserId(), matchingEmails));
+    }
+    return matchingContacts.stream().findFirst();
  }

-  private Registrar getRegistrarAndVerifyLockAccess(String clientId, boolean isAdmin)
+  static Registrar getRegistrarAndVerifyLockAccess(
+      AuthenticatedRegistrarAccessor registrarAccessor, String clientId, boolean isAdmin)
      throws RegistrarAccessDeniedException {
    Registrar registrar = registrarAccessor.getRegistrar(clientId);
    checkArgument(
        isAdmin || registrar.isRegistryLockAllowed(),
-        "Registry lock not allowed for this registrar");
+        "Registry lock not allowed for registrar %s",
+        clientId);
    return registrar;
  }

+  private ImmutableMap<String, ?> getLockedDomainsMap(String clientId)
+      throws RegistrarAccessDeniedException {
+    // Note: admins always have access to the locks page
+    checkArgument(authResult.userAuthInfo().isPresent(), "User auth info must be present");
+
+    boolean isAdmin = registrarAccessor.isAdmin();
+    Registrar registrar = getRegistrarAndVerifyLockAccess(registrarAccessor, clientId, isAdmin);
+    User user = authResult.userAuthInfo().get().user();
+
+    Optional<RegistrarContact> contactOptional = getContactMatchingLogin(user, registrar);
+    boolean isRegistryLockAllowed =
+        isAdmin || contactOptional.map(RegistrarContact::isRegistryLockAllowed).orElse(false);
+    // Use the contact email if it's present, else use the login email
+    String relevantEmail =
+        contactOptional.map(RegistrarContact::getEmailAddress).orElse(user.getEmail());
+    return ImmutableMap.of(
+        LOCK_ENABLED_FOR_CONTACT_PARAM,
+        isRegistryLockAllowed,
+        EMAIL_PARAM,
+        relevantEmail,
+        PARAM_CLIENT_ID,
+        registrar.getClientId(),
+        LOCKS_PARAM,
+        getLockedDomains(clientId, isAdmin));
+  }
+
  private ImmutableList<ImmutableMap<String, ?>> getLockedDomains(
      String clientId, boolean isAdmin) {
    return jpaTm()
--- a/core/src/main/java/google/registry/ui/server/registrar/RegistryLockPostAction.java
+++ b/core/src/main/java/google/registry/ui/server/registrar/RegistryLockPostAction.java
@@ -20,8 +20,11 @@ import static google.registry.persistence.transaction.TransactionManagerFactory.
 import static google.registry.security.JsonResponseHelper.Status.ERROR;
 import static google.registry.security.JsonResponseHelper.Status.SUCCESS;
 import static google.registry.ui.server.registrar.RegistrarConsoleModule.PARAM_CLIENT_ID;
+import static google.registry.ui.server.registrar.RegistryLockGetAction.getContactMatchingLogin;
+import static google.registry.ui.server.registrar.RegistryLockGetAction.getRegistrarAndVerifyLockAccess;
 import static google.registry.util.PreconditionsUtils.checkArgumentNotNull;

+import com.google.appengine.api.users.User;
 import com.google.common.base.Strings;
 import com.google.common.base.Throwables;
 import com.google.common.collect.ImmutableList;
@@ -124,11 +127,7 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc
              .userAuthInfo()
              .orElseThrow(() -> new ForbiddenException("User is not logged in"));

-      boolean isAdmin = userAuthInfo.isUserAdmin();
-      String userEmail = userAuthInfo.user().getEmail();
-      if (!isAdmin) {
-        verifyRegistryLockPassword(postInput, userEmail);
-      }
+      String userEmail = verifyPasswordAndGetEmail(userAuthInfo, postInput);
      jpaTm()
          .transact(
              () -> {
@@ -138,9 +137,11 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc
                            postInput.fullyQualifiedDomainName,
                            postInput.clientId,
                            userEmail,
-                            isAdmin)
+                            registrarAccessor.isAdmin())
                        : domainLockUtils.saveNewRegistryUnlockRequest(
-                            postInput.fullyQualifiedDomainName, postInput.clientId, isAdmin);
+                            postInput.fullyQualifiedDomainName,
+                            postInput.clientId,
+                            registrarAccessor.isAdmin());
                sendVerificationEmail(registryLock, userEmail, postInput.isLock);
              });
      String action = postInput.isLock ? "lock" : "unlock";
@@ -180,25 +181,28 @@ public class RegistryLockPostAction implements Runnable, JsonActionRunner.JsonAc
    }
  }

-  private void verifyRegistryLockPassword(RegistryLockPostInput postInput, String userEmail)
+  private String verifyPasswordAndGetEmail(
+      UserAuthInfo userAuthInfo, RegistryLockPostInput postInput)
      throws RegistrarAccessDeniedException {
-    // Verify that the user can access the registrar and that the user has
-    // registry lock enabled and provided a correct password
-    Registrar registrar = registrarAccessor.getRegistrar(postInput.clientId);
-    checkArgument(
-        registrar.isRegistryLockAllowed(), "Registry lock not allowed for this registrar");
-    checkArgument(!Strings.isNullOrEmpty(postInput.password), "Missing key for password");
+    User user = userAuthInfo.user();
+    if (registrarAccessor.isAdmin()) {
+      return user.getEmail();
+    }
+    // Verify that the user can access the registrar, that the user has
+    // registry lock enabled, and that the user providjed a correct password
+    Registrar registrar =
+        getRegistrarAndVerifyLockAccess(registrarAccessor, postInput.clientId, false);
    RegistrarContact registrarContact =
-        registrar.getContacts().stream()
-            .filter(contact -> contact.getEmailAddress().equals(userEmail))
-            .findFirst()
+        getContactMatchingLogin(user, registrar)
            .orElseThrow(
                () ->
                    new IllegalArgumentException(
-                        String.format("Unknown user email %s", userEmail)));
+                        String.format(
+                            "Cannot match user %s to registrar contact", user.getUserId())));
    checkArgument(
        registrarContact.verifyRegistryLockPassword(postInput.password),
        "Incorrect registry lock password for contact");
+    return registrarContact.getEmailAddress();
  }

  /** Value class that represents the expected input body from the UI request. */