Update version of google-java-format (#2766)

This picks up a few changes including aligning the placement of quotes
in text blocks with the Google style guide.

console-webapp/src/app/app.component.spec.ts

@@ -14,30 +14,71 @@
 
 import { provideHttpClient } from '@angular/common/http';
 import { provideHttpClientTesting } from '@angular/common/http/testing';
-import { TestBed } from '@angular/core/testing';
-import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
+import { ComponentFixture, fakeAsync, TestBed } from '@angular/core/testing';
+import { NoopAnimationsModule } from '@angular/platform-browser/animations';
 import { AppComponent } from './app.component';
-import { MaterialModule } from './material.module';
-import { BackendService } from './shared/services/backend.service';
-import { AppRoutingModule } from './app-routing.module';
+import { routes } from './app-routing.module';
 import { AppModule } from './app.module';
+import { PocReminderComponent } from './shared/components/pocReminder/pocReminder.component';
+import { RouterModule } from '@angular/router';
+import { MatSnackBar, MatSnackBarModule } from '@angular/material/snack-bar';
+import { UserData, UserDataService } from './shared/services/userData.service';
+import { Registrar, RegistrarService } from './registrar/registrar.service';
+import { MatSidenavModule } from '@angular/material/sidenav';
+import { signal, WritableSignal } from '@angular/core';
 
 describe('AppComponent', () => {
+  let component: AppComponent;
+  let fixture: ComponentFixture<AppComponent>;
+  let mockRegistrarService: {
+    registrar: WritableSignal<Partial<Registrar> | null | undefined>;
+    registrarId: WritableSignal<string>;
+    registrars: WritableSignal<Array<Partial<Registrar>>>;
+  };
+  let mockUserDataService: { userData: WritableSignal<Partial<UserData>> };
+  let mockSnackBar: jasmine.SpyObj<MatSnackBar>;
+
+  const dummyPocReminderComponent = class {}; // Dummy class for type checking
+
   beforeEach(async () => {
+    mockRegistrarService = {
+      registrar: signal<Registrar | null | undefined>(undefined),
+      registrarId: signal('123'),
+      registrars: signal([]),
+    };
+
+    mockUserDataService = {
+      userData: signal({
+        globalRole: 'NONE',
+      }),
+    };
+
+    mockSnackBar = jasmine.createSpyObj('MatSnackBar', ['openFromComponent']);
+
     await TestBed.configureTestingModule({
-      declarations: [AppComponent],
       imports: [
-        MaterialModule,
-        BrowserAnimationsModule,
-        AppRoutingModule,
+        MatSidenavModule,
+        NoopAnimationsModule,
+        MatSnackBarModule,
         AppModule,
+        RouterModule.forRoot(routes),
       ],
       providers: [
-        BackendService,
+        { provide: RegistrarService, useValue: mockRegistrarService },
+        { provide: UserDataService, useValue: mockUserDataService },
+        { provide: MatSnackBar, useValue: mockSnackBar },
+        { provide: PocReminderComponent, useClass: dummyPocReminderComponent },
         provideHttpClient(),
         provideHttpClientTesting(),
       ],
     }).compileComponents();
+
+    fixture = TestBed.createComponent(AppComponent);
+    component = fixture.componentInstance;
+  });
+
+  afterEach(() => {
+    jasmine.clock().uninstall();
   });
 
   it('should create the app', () => {
@@ -46,4 +87,51 @@ describe('AppComponent', () => {
     const app = fixture.componentInstance;
     expect(app).toBeTruthy();
   });
+
+  describe('PoC Verification Reminder', () => {
+    beforeEach(() => {
+      jasmine.clock().install();
+    });
+
+    it('should open snackbar if lastPocVerificationDate is older than one year', fakeAsync(() => {
+      const MOCK_TODAY = new Date('2024-07-15T10:00:00.000Z');
+      jasmine.clock().mockDate(MOCK_TODAY);
+
+      const twoYearsAgo = new Date(MOCK_TODAY);
+      twoYearsAgo.setFullYear(MOCK_TODAY.getFullYear() - 2);
+
+      mockRegistrarService.registrar.set({
+        lastPocVerificationDate: twoYearsAgo.toISOString(),
+      });
+
+      fixture.detectChanges();
+      TestBed.flushEffects();
+
+      expect(mockSnackBar.openFromComponent).toHaveBeenCalledWith(
+        PocReminderComponent,
+        {
+          horizontalPosition: 'center',
+          verticalPosition: 'top',
+          duration: 1000000000,
+        }
+      );
+    }));
+
+    it('should NOT open snackbar if lastPocVerificationDate is within last year', fakeAsync(() => {
+      const MOCK_TODAY = new Date('2024-07-15T10:00:00.000Z');
+      jasmine.clock().mockDate(MOCK_TODAY);
+
+      const sixMonthsAgo = new Date(MOCK_TODAY);
+      sixMonthsAgo.setMonth(MOCK_TODAY.getMonth() - 6);
+
+      mockRegistrarService.registrar.set({
+        lastPocVerificationDate: sixMonthsAgo.toISOString(),
+      });
+
+      fixture.detectChanges();
+      TestBed.flushEffects();
+
+      expect(mockSnackBar.openFromComponent).not.toHaveBeenCalled();
+    }));
+  });
 });

console-webapp/src/app/app.component.ts

@@ -12,13 +12,15 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { AfterViewInit, Component, ViewChild } from '@angular/core';
+import { AfterViewInit, Component, effect, ViewChild } from '@angular/core';
 import { MatSidenav } from '@angular/material/sidenav';
 import { NavigationEnd, Router } from '@angular/router';
 import { RegistrarService } from './registrar/registrar.service';
 import { BreakPointObserverService } from './shared/services/breakPoint.service';
 import { GlobalLoaderService } from './shared/services/globalLoader.service';
 import { UserDataService } from './shared/services/userData.service';
+import { MatSnackBar } from '@angular/material/snack-bar';
+import { PocReminderComponent } from './shared/components/pocReminder/pocReminder.component';
 
 @Component({
   selector: 'app-root',
@@ -35,8 +37,28 @@ export class AppComponent implements AfterViewInit {
     protected userDataService: UserDataService,
     protected globalLoader: GlobalLoaderService,
     protected breakpointObserver: BreakPointObserverService,
-    private router: Router
-  ) {}
+    private router: Router,
+    private _snackBar: MatSnackBar
+  ) {
+    effect(() => {
+      const registrar = this.registrarService.registrar();
+      const oneYearAgo = new Date();
+      oneYearAgo.setFullYear(oneYearAgo.getFullYear() - 1);
+      oneYearAgo.setHours(0, 0, 0, 0);
+      if (
+        registrar &&
+        registrar.lastPocVerificationDate &&
+        new Date(registrar.lastPocVerificationDate) < oneYearAgo &&
+        this.userDataService?.userData()?.globalRole === 'NONE'
+      ) {
+        this._snackBar.openFromComponent(PocReminderComponent, {
+          horizontalPosition: 'center',
+          verticalPosition: 'top',
+          duration: 1000000000,
+        });
+      }
+    });
+  }
 
   ngAfterViewInit() {
     this.router.events.subscribe((event) => {

console-webapp/src/app/app.module.ts

@@ -60,6 +60,7 @@ import { TldsComponent } from './tlds/tlds.component';
 import { ForceFocusDirective } from './shared/directives/forceFocus.directive';
 import RdapComponent from './settings/rdap/rdap.component';
 import RdapEditComponent from './settings/rdap/rdapEdit.component';
+import { PocReminderComponent } from './shared/components/pocReminder/pocReminder.component';
 
 @NgModule({
   declarations: [SelectedRegistrarWrapper],
@@ -86,6 +87,7 @@ export class SelectedRegistrarModule {}
     RdapComponent,
     RdapEditComponent,
     ReasonDialogComponent,
+    PocReminderComponent,
     RegistrarComponent,
     RegistrarDetailsComponent,
     RegistrarSelectorComponent,

console-webapp/src/app/navigation/navigation.component.ts

@@ -57,7 +57,7 @@ export class NavigationComponent {
   }
 
   ngOnDestroy() {
-    this.subscription.unsubscribe();
+    this.subscription && this.subscription.unsubscribe();
   }
 
   getElementId(node: RouteWithIcon) {

console-webapp/src/app/registrar/registrar.service.ts

@@ -71,6 +71,7 @@ export interface Registrar
   registrarName: string;
   registryLockAllowed?: boolean;
   type?: string;
+  lastPocVerificationDate?: string;
 }
 
 @Injectable({

console-webapp/src/app/shared/components/pocReminder/pocReminder.component.html

@@ -0,0 +1,14 @@
+<div class="console-app__pocReminder">
+  <p class="">
+    Please take a moment to complete annual review of
+    <a routerLink="/settings">contacts</a>.
+  </p>
+  <span matSnackBarActions>
+    <button mat-button matSnackBarAction (click)="confirmReviewed()">
+      Confirm reviewed
+    </button>
+    <button mat-button matSnackBarAction (click)="snackBarRef.dismiss()">
+      Close
+    </button>
+  </span>
+</div>

console-webapp/src/app/shared/components/pocReminder/pocReminder.component.scss

@@ -0,0 +1,5 @@
+.console-app__pocReminder {
+  a {
+    color: white !important;
+  }
+}

console-webapp/src/app/shared/components/pocReminder/pocReminder.component.ts

@@ -0,0 +1,53 @@
+// Copyright 2025 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import { Component } from '@angular/core';
+import { MatSnackBar, MatSnackBarRef } from '@angular/material/snack-bar';
+import { RegistrarService } from '../../../registrar/registrar.service';
+import { HttpErrorResponse } from '@angular/common/http';
+
+@Component({
+  selector: 'app-poc-reminder',
+  templateUrl: './pocReminder.component.html',
+  styleUrls: ['./pocReminder.component.scss'],
+  standalone: false,
+})
+export class PocReminderComponent {
+  constructor(
+    public snackBarRef: MatSnackBarRef<PocReminderComponent>,
+    private registrarService: RegistrarService,
+    private _snackBar: MatSnackBar
+  ) {}
+
+  confirmReviewed() {
+    if (this.registrarService.registrar()) {
+      const todayMidnight = new Date();
+      todayMidnight.setHours(0, 0, 0, 0);
+      this.registrarService
+        // @ts-ignore - if check  above won't allow empty object to be submitted
+        .updateRegistrar({
+          ...this.registrarService.registrar(),
+          lastPocVerificationDate: todayMidnight.toISOString(),
+        })
+        .subscribe({
+          error: (err: HttpErrorResponse) => {
+            this._snackBar.open(err.error || err.message);
+          },
+          next: () => {
+            this.snackBarRef.dismiss();
+          },
+        });
+    }
+  }
+}

core/build.gradle

@@ -61,6 +61,7 @@ def fragileTestPatterns = [
     // Currently changes a global configuration parameter that for some reason
     // results in timestamp inversions for other tests.  TODO(mmuller): fix.
     "google/registry/flows/host/HostInfoFlowTest.*",
+    "google/registry/beam/common/RegistryPipelineWorkerInitializerTest.*",
 ] + dockerIncompatibleTestPatterns
 
 sourceSets {

core/src/main/java/google/registry/beam/billing/BillingEvent.java

@@ -172,7 +172,7 @@ public record BillingEvent(
                 .minusDays(1)
                 .toString(),
         billingId(),
-        registrarId(),
+        "",
         String.format("%s | TLD: %s | TERM: %d-year", action(), tld(), years()),
         amount(),
         currency(),

core/src/main/java/google/registry/beam/common/RegistryPipelineWorkerInitializer.java

@@ -40,6 +40,8 @@ public class RegistryPipelineWorkerInitializer implements JvmInitializer {
 
   @Override
   public void beforeProcessing(PipelineOptions options) {
+    // TODO(b/416299900): remove next line after GAE is removed.
+    System.setProperty("google.registry.jetty", "true");
     RegistryPipelineOptions registryOptions = options.as(RegistryPipelineOptions.class);
     RegistryEnvironment environment = registryOptions.getRegistryEnvironment();
     if (environment == null || environment.equals(RegistryEnvironment.UNITTEST)) {

core/src/main/java/google/registry/flows/domain/DomainInfoFlow.java

@@ -31,6 +31,7 @@ import google.registry.flows.ExtensionManager;
 import google.registry.flows.FlowModule.RegistrarId;
 import google.registry.flows.FlowModule.Superuser;
 import google.registry.flows.FlowModule.TargetId;
+import google.registry.flows.MutatingFlow;
 import google.registry.flows.TransactionalFlow;
 import google.registry.flows.annotations.ReportingSpec;
 import google.registry.flows.custom.DomainInfoFlowCustomLogic;
@@ -53,6 +54,8 @@ import google.registry.model.eppinput.ResourceCommand;
 import google.registry.model.eppoutput.EppResponse;
 import google.registry.model.eppoutput.EppResponse.ResponseExtension;
 import google.registry.model.reporting.IcannReportingTypes.ActivityReportField;
+import google.registry.persistence.IsolationLevel;
+import google.registry.persistence.PersistenceModule;
 import google.registry.util.Clock;
 import jakarta.inject.Inject;
 import java.util.Optional;
@@ -62,8 +65,12 @@ import org.joda.time.DateTime;
  * An EPP flow that returns information about a domain.
  *
  * <p>The registrar that owns the domain, and any registrar presenting a valid authInfo for the
- * domain, will get a rich result with all of the domain's fields. All other requests will be
- * answered with a minimal result containing only basic information about the domain.
+ * domain, will get a rich result with all the domain's fields. All other requests will be answered
+ * with a minimal result containing only basic information about the domain.
+ *
+ * <p>This implements {@link MutatingFlow} instead of {@link TransactionalFlow} as a workaround so
+ * that the common workflow of "create domain, then immediately get domain info" does not run into
+ * replication lag issues where the info command claims the domain does not exist.
  *
  * @error {@link google.registry.flows.FlowUtils.NotLoggedInException}
  * @error {@link google.registry.flows.FlowUtils.UnknownCurrencyEppException}
@@ -76,7 +83,8 @@ import org.joda.time.DateTime;
  * @error {@link DomainFlowUtils.TransfersAreAlwaysForOneYearException}
  */
 @ReportingSpec(ActivityReportField.DOMAIN_INFO)
-public final class DomainInfoFlow implements TransactionalFlow {
+@IsolationLevel(PersistenceModule.TransactionIsolationLevel.TRANSACTION_REPEATABLE_READ)
+public final class DomainInfoFlow implements MutatingFlow {
 
   @Inject ExtensionManager extensionManager;
   @Inject ResourceCommand resourceCommand;

core/src/main/java/google/registry/tools/CreateCdnsTld.java

@@ -72,11 +72,11 @@ final class CreateCdnsTld extends ConfirmingCommand {
             .setDescription(description)
             .setNameServerSet(
                 RegistryToolEnvironment.get() == RegistryToolEnvironment.PRODUCTION
-                ? "cloud-dns-registry"
-                : "cloud-dns-registry-test")
+                    ? "cloud-dns-registry"
+                    : "cloud-dns-registry-test")
             .setDnsName(dnsName)
             .setName((name != null) ? name : dnsName)
-            .setDnssecConfig(new ManagedZoneDnsSecConfig().setNonExistence("NSEC").setState("ON"));
+            .setDnssecConfig(new ManagedZoneDnsSecConfig().setNonExistence("nsec").setState("on"));
   }
 
   @Override

core/src/main/java/google/registry/tools/CreateDomainCommand.java

@@ -16,6 +16,7 @@ package google.registry.tools;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Strings.isNullOrEmpty;
+import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.pricing.PricingEngineProxy.getPricesForDomainName;
 import static google.registry.util.PreconditionsUtils.checkArgumentNotNull;
 import static org.joda.time.DateTimeZone.UTC;
@@ -23,6 +24,7 @@ import static org.joda.time.DateTimeZone.UTC;
 import com.beust.jcommander.Parameter;
 import com.beust.jcommander.Parameters;
 import com.google.template.soy.data.SoyMapData;
+import google.registry.model.common.FeatureFlag;
 import google.registry.model.pricing.PremiumPricingEngine.DomainPrices;
 import google.registry.tools.soy.DomainCreateSoyInfo;
 import google.registry.util.StringGenerator;
@@ -58,9 +60,15 @@ final class CreateDomainCommand extends CreateOrUpdateDomainCommand {
 
   @Override
   protected void initMutatingEppToolCommand() {
-    checkArgumentNotNull(registrant, "Registrant must be specified");
-    checkArgument(!admins.isEmpty(), "At least one admin must be specified");
-    checkArgument(!techs.isEmpty(), "At least one tech must be specified");
+    tm().transact(
+            () -> {
+              if (!FeatureFlag.isActiveNowOrElse(
+                  FeatureFlag.FeatureName.MINIMUM_DATASET_CONTACTS_OPTIONAL, false)) {
+                checkArgumentNotNull(registrant, "Registrant must be specified");
+                checkArgument(!admins.isEmpty(), "At least one admin must be specified");
+                checkArgument(!techs.isEmpty(), "At least one tech must be specified");
+              }
+            });
     if (isNullOrEmpty(password)) {
       password = passwordGenerator.createString(PASSWORD_LENGTH);
     }

core/src/main/java/google/registry/ui/server/console/ConsoleUpdateRegistrarAction.java

@@ -17,6 +17,7 @@ package google.registry.ui.server.console;
 import static com.google.common.base.Preconditions.checkArgument;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.request.Action.Method.POST;
+import static google.registry.util.DateTimeUtils.START_OF_TIME;
 import static google.registry.util.PreconditionsUtils.checkArgumentPresent;
 import static org.apache.http.HttpStatus.SC_OK;
 
@@ -37,6 +38,7 @@ import google.registry.util.RegistryEnvironment;
 import jakarta.inject.Inject;
 import java.util.Optional;
 import java.util.stream.Collectors;
+import org.joda.time.DateTime;
 
 @Action(
     service = GaeService.DEFAULT,
@@ -88,18 +90,35 @@ public class ConsoleUpdateRegistrarAction extends ConsoleApiAction {
                 }
               }
 
-              Registrar updatedRegistrar =
+              DateTime now = tm().getTransactionTime();
+              DateTime newLastPocVerificationDate =
+                  registrarParam.getLastPocVerificationDate() == null
+                      ? START_OF_TIME
+                      : registrarParam.getLastPocVerificationDate();
+
+              checkArgument(
+                  newLastPocVerificationDate.isBefore(now),
+                  "Invalid value of LastPocVerificationDate - value is in the future");
+
+              var updatedRegistrarBuilder =
                   existingRegistrar
                       .get()
                       .asBuilder()
-                      .setAllowedTlds(
-                          registrarParam.getAllowedTlds().stream()
-                              .map(DomainNameUtils::canonicalizeHostname)
-                              .collect(Collectors.toSet()))
-                      .setRegistryLockAllowed(registrarParam.isRegistryLockAllowed())
-                      .setLastPocVerificationDate(registrarParam.getLastPocVerificationDate())
-                      .build();
+                      .setLastPocVerificationDate(newLastPocVerificationDate);
 
+              if (user.getUserRoles()
+                  .hasGlobalPermission(ConsolePermission.EDIT_REGISTRAR_DETAILS)) {
+                updatedRegistrarBuilder =
+                    updatedRegistrarBuilder
+                        .setAllowedTlds(
+                            registrarParam.getAllowedTlds().stream()
+                                .map(DomainNameUtils::canonicalizeHostname)
+                                .collect(Collectors.toSet()))
+                        .setRegistryLockAllowed(registrarParam.isRegistryLockAllowed())
+                        .setLastPocVerificationDate(newLastPocVerificationDate);
+              }
+
+              var updatedRegistrar = updatedRegistrarBuilder.build();
               tm().put(updatedRegistrar);
               finishAndPersistConsoleUpdateHistory(
                   new ConsoleUpdateHistory.Builder()

core/src/main/resources/google/registry/tools/soy/DomainCreate.soy

@@ -20,9 +20,9 @@
   {@param domain: string}
   {@param period: int}
   {@param nameservers: list<string>}
-  {@param registrant: string}
-  {@param admins: list<string>}
-  {@param techs: list<string>}
+  {@param? registrant: string|null}
+  {@param? admins: list<string>|null}
+  {@param? techs: list<string>|null}
   {@param password: string}
   {@param? currency: string|null}
   {@param? price: string|null}
@@ -45,13 +45,19 @@
               {/for}
             </domain:ns>
           {/if}
-          <domain:registrant>{$registrant}</domain:registrant>
-          {for $admin in $admins}
-            <domain:contact type="admin">{$admin}</domain:contact>
-          {/for}
-          {for $tech in $techs}
-            <domain:contact type="tech">{$tech}</domain:contact>
-          {/for}
+          {if $registrant != null}
+            <domain:registrant>{$registrant}</domain:registrant>
+          {/if}
+          {if $admins != null}
+            {for $admin in $admins}
+              <domain:contact type="admin">{$admin}</domain:contact>
+            {/for}
+          {/if}
+          {if $techs != null}
+            {for $tech in $techs}
+              <domain:contact type="tech">{$tech}</domain:contact>
+            {/for}
+          {/if}
           <domain:authInfo>
             <domain:pw>{$password}</domain:pw>
           </domain:authInfo>

core/src/test/java/google/registry/beam/billing/BillingEventTest.java

@@ -85,7 +85,7 @@ class BillingEventTest {
     assertThat(invoiceKey.startDate()).isEqualTo("2017-10-01");
     assertThat(invoiceKey.endDate()).isEqualTo("2022-09-30");
     assertThat(invoiceKey.productAccountKey()).isEqualTo("12345-CRRHELLO");
-    assertThat(invoiceKey.usageGroupingKey()).isEqualTo("myRegistrar");
+    assertThat(invoiceKey.usageGroupingKey()).isEqualTo("");
     assertThat(invoiceKey.description()).isEqualTo("RENEW | TLD: test | TERM: 5-year");
     assertThat(invoiceKey.unitPrice()).isEqualTo(20.5);
     assertThat(invoiceKey.unitPriceCurrency()).isEqualTo("USD");
@@ -106,7 +106,7 @@ class BillingEventTest {
     assertThat(invoiceKey.toCsv(3L))
         .isEqualTo(
             "2017-10-01,2022-09-30,12345-CRRHELLO,61.50,USD,10125,1,PURCHASE,"
-                + "myRegistrar,3,RENEW | TLD: test | TERM: 5-year,20.50,USD,");
+                + ",3,RENEW | TLD: test | TERM: 5-year,20.50,USD,");
   }
 
   @Test
@@ -116,7 +116,7 @@ class BillingEventTest {
     assertThat(invoiceKey.toCsv(3L))
         .isEqualTo(
             "2017-10-01,,12345-CRRHELLO,61.50,USD,10125,1,PURCHASE,"
-                + "myRegistrar,3,RENEW | TLD: test | TERM: 0-year,20.50,USD,");
+                + ",3,RENEW | TLD: test | TERM: 0-year,20.50,USD,");
   }
 
   @Test

core/src/test/java/google/registry/beam/billing/InvoicingPipelineTest.java

@@ -199,6 +199,36 @@ class InvoicingPipelineTest {
               0,
               "USD",
               20.0,
+              ""),
+          google.registry.beam.billing.BillingEvent.create(
+              15,
+              DateTime.parse("2017-10-02T00:00:00.0Z"),
+              DateTime.parse("2017-10-04T00:00:00.0Z"),
+              "theRegistrarCopy",
+              "234",
+              "",
+              "test",
+              "CREATE",
+              "mydomainfromanotherclient.test",
+              "REPO-ID",
+              5,
+              "JPY",
+              70.0,
+              ""),
+          google.registry.beam.billing.BillingEvent.create(
+              16,
+              DateTime.parse("2017-10-04T00:00:00Z"),
+              DateTime.parse("2017-10-04T00:00:00Z"),
+              "theRegistrarCopy",
+              "234",
+              "",
+              "test",
+              "RENEW",
+              "mydomain2fromanotherclient.test",
+              "REPO-ID",
+              3,
+              "USD",
+              20.5,
               ""));
 
   private static final ImmutableMap<String, ImmutableList<String>> EXPECTED_DETAILED_REPORT_MAP =
@@ -224,18 +254,26 @@ class InvoicingPipelineTest {
           "invoice_details_2017-10_anotherRegistrar_test.csv",
           ImmutableList.of(
               "5,2017-10-04 00:00:00 UTC,2017-10-04 00:00:00 UTC,anotherRegistrar,789,,"
-                  + "test,CREATE,mydomain5.test,REPO-ID,1,USD,0.00,SUNRISE ANCHOR_TENANT"));
+                  + "test,CREATE,mydomain5.test,REPO-ID,1,USD,0.00,SUNRISE ANCHOR_TENANT"),
+          "invoice_details_2017-10_theRegistrarCopy_test.csv",
+          ImmutableList.of(
+              "15,2017-10-02 00:00:00 UTC,2017-10-04 00:00:00"
+                  + " UTC,theRegistrarCopy,234,,test,CREATE,mydomainfromanotherclient.test,REPO-ID,5,JPY,70.00,",
+              "16,2017-10-04 00:00:00 UTC,2017-10-04 00:00:00"
+                  + " UTC,theRegistrarCopy,234,,test,RENEW,mydomain2fromanotherclient.test,REPO-ID,3,USD,20.50,"));
 
   private static final ImmutableList<String> EXPECTED_INVOICE_OUTPUT =
       ImmutableList.of(
-          "2017-10-01,2020-09-30,234,41.00,USD,10125,1,PURCHASE,theRegistrar,2,"
+          "2017-10-01,2020-09-30,234,61.50,USD,10125,1,PURCHASE,,3,"
               + "RENEW | TLD: test | TERM: 3-year,20.50,USD,",
-          "2017-10-01,2022-09-30,234,70.00,JPY,10125,1,PURCHASE,theRegistrar,1,"
+          "2017-10-01,2022-09-30,234,70.00,JPY,10125,1,PURCHASE,,1,"
               + "CREATE | TLD: hello | TERM: 5-year,70.00,JPY,",
-          "2017-10-01,,234,20.00,USD,10125,1,PURCHASE,theRegistrar,1,"
+          "2017-10-01,,234,20.00,USD,10125,1,PURCHASE,,1,"
               + "SERVER_STATUS | TLD: test | TERM: 0-year,20.00,USD,",
-          "2017-10-01,2018-09-30,456,20.50,USD,10125,1,PURCHASE,bestdomains,1,"
-              + "RENEW | TLD: test | TERM: 1-year,20.50,USD,116688");
+          "2017-10-01,2018-09-30,456,20.50,USD,10125,1,PURCHASE,,1,"
+              + "RENEW | TLD: test | TERM: 1-year,20.50,USD,116688",
+          "2017-10-01,2022-09-30,234,70.00,JPY,10125,1,PURCHASE,,1,CREATE | TLD: test | TERM:"
+              + " 5-year,70.00,JPY,");
 
   private final InvoicingPipelineOptions options =
       PipelineOptionsFactory.create().as(InvoicingPipelineOptions.class);
@@ -355,21 +393,21 @@ class InvoicingPipelineTest {
         .isEqualTo(
             """
 
-      SELECT b, r FROM BillingEvent b
-      JOIN Registrar r ON b.clientId = r.registrarId
-      JOIN Domain d ON b.domainRepoId = d.repoId
-      JOIN Tld t ON t.tldStr = d.tld
-      LEFT JOIN BillingCancellation c ON b.id = c.billingEvent
-      LEFT JOIN BillingCancellation cr ON b.cancellationMatchingBillingEvent = cr.billingRecurrence
-      WHERE r.billingAccountMap IS NOT NULL
-      AND r.type = 'REAL'
-      AND t.invoicingEnabled IS TRUE
-      AND CAST(b.billingTime AS timestamp)
-          BETWEEN CAST('2017-10-01T00:00:00Z' AS timestamp)
-          AND CAST('2017-11-01T00:00:00Z' AS timestamp)
-      AND c.id IS NULL
-      AND cr.id IS NULL
-      """);
+SELECT b, r FROM BillingEvent b
+JOIN Registrar r ON b.clientId = r.registrarId
+JOIN Domain d ON b.domainRepoId = d.repoId
+JOIN Tld t ON t.tldStr = d.tld
+LEFT JOIN BillingCancellation c ON b.id = c.billingEvent
+LEFT JOIN BillingCancellation cr ON b.cancellationMatchingBillingEvent = cr.billingRecurrence
+WHERE r.billingAccountMap IS NOT NULL
+AND r.type = 'REAL'
+AND t.invoicingEnabled IS TRUE
+AND CAST(b.billingTime AS timestamp)
+    BETWEEN CAST('2017-10-01T00:00:00Z' AS timestamp)
+    AND CAST('2017-11-01T00:00:00Z' AS timestamp)
+AND c.id IS NULL
+AND cr.id IS NULL
+""");
   }
 
   /** Returns the text contents of a file under the beamBucket/results directory. */
@@ -391,6 +429,13 @@ class InvoicingPipelineTest {
             .setBillingAccountMap(ImmutableMap.of(JPY, "234", USD, "234"))
             .build();
     persistResource(registrar1);
+    Registrar registrar11 = persistNewRegistrar("theRegistrarCopy");
+    registrar11 =
+        registrar11
+            .asBuilder()
+            .setBillingAccountMap(ImmutableMap.of(JPY, "234", USD, "234"))
+            .build();
+    persistResource(registrar11);
     Registrar registrar2 = persistNewRegistrar("bestdomains");
     registrar2 =
         registrar2
@@ -547,6 +592,21 @@ class InvoicingPipelineTest {
             .setDomainHistory(domainHistoryRecurrence)
             .build();
     persistResource(cancellationRecurrence);
+
+    // Domains created for registrar with = key but != client id.
+    Domain domain14 = persistActiveDomain("mydomainfromanotherclient.test");
+    Domain domain15 = persistActiveDomain("mydomain2fromanotherclient.test");
+
+    persistBillingEvent(
+        15,
+        domain14,
+        registrar11,
+        Reason.CREATE,
+        5,
+        Money.ofMajor(JPY, 70),
+        DateTime.parse("2017-10-04T00:00:00.0Z"),
+        DateTime.parse("2017-10-02T00:00:00.0Z"));
+    persistBillingEvent(16, domain15, registrar11, Reason.RENEW, 3, Money.of(USD, 20.5));
   }
 
   private static DomainHistory persistDomainHistory(Domain domain, Registrar registrar) {

core/src/test/java/google/registry/beam/common/RegistryPipelineWorkerInitializerTest.java

@@ -0,0 +1,36 @@
+// Copyright 2025 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.beam.common;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import google.registry.util.RegistryEnvironment;
+import org.apache.beam.sdk.options.PipelineOptionsFactory;
+import org.junit.jupiter.api.Test;
+
+public class RegistryPipelineWorkerInitializerTest {
+
+  @Test
+  void test() {
+    RegistryPipelineOptions options =
+        PipelineOptionsFactory.fromArgs(
+                "--registryEnvironment=ALPHA", "--isolationOverride=TRANSACTION_SERIALIZABLE")
+            .withValidation()
+            .as(RegistryPipelineOptions.class);
+    new RegistryPipelineWorkerInitializer().beforeProcessing(options);
+    assertThat(RegistryEnvironment.isOnJetty()).isTrue();
+    System.clearProperty("google.registry.jetty");
+  }
+}

core/src/test/java/google/registry/flows/FlowModuleTest.java

@@ -58,7 +58,7 @@ public class FlowModuleTest {
 
   @Test
   void givenNonMutatingFlow_thenReplicaTmIsUsed() throws EppException {
-    String eppInputXmlFilename = "domain_info.xml";
+    String eppInputXmlFilename = "domain_check.xml";
     FlowModule flowModule =
         new FlowModule.Builder().setEppInput(getEppInput(eppInputXmlFilename)).build();
     JpaTransactionManager tm =

core/src/test/java/google/registry/flows/domain/DomainInfoFlowTest.java

@@ -179,7 +179,7 @@ class DomainInfoFlowTest extends ResourceFlowTestCase<DomainInfoFlow, Domain> {
       ImmutableMap<String, String> substitutions,
       boolean expectHistoryAndBilling)
       throws Exception {
-    assertMutatingFlow(false);
+    assertMutatingFlow(true);
     String expected =
         loadFile(expectedXmlFilename, updateSubstitutions(substitutions, "ROID", "2FF-TLD"));
     if (inactive) {

core/src/test/java/google/registry/tools/CreateCdnsTldTest.java

@@ -55,7 +55,7 @@ class CreateCdnsTldTest extends CommandTestCase<CreateCdnsTld> {
         .setDnsName(dnsName)
         .setDescription(description)
         .setName(name)
-        .setDnssecConfig(new ManagedZoneDnsSecConfig().setState("ON").setNonExistence("NSEC"));
+        .setDnssecConfig(new ManagedZoneDnsSecConfig().setState("on").setNonExistence("nsec"));
   }
 
   @Test

core/src/test/java/google/registry/tools/CreateDomainCommandTest.java

@@ -15,16 +15,21 @@
 package google.registry.tools;
 
 import static com.google.common.truth.Truth.assertThat;
+import static google.registry.model.common.FeatureFlag.FeatureName.MINIMUM_DATASET_CONTACTS_OPTIONAL;
+import static google.registry.model.common.FeatureFlag.FeatureStatus.ACTIVE;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.testing.DatabaseHelper.createTld;
 import static google.registry.testing.DatabaseHelper.persistPremiumList;
 import static google.registry.testing.DatabaseHelper.persistResource;
+import static google.registry.util.DateTimeUtils.START_OF_TIME;
 import static org.joda.money.CurrencyUnit.JPY;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import com.beust.jcommander.ParameterException;
 import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.ImmutableSortedMap;
 import google.registry.dns.writer.VoidDnsWriter;
+import google.registry.model.common.FeatureFlag;
 import google.registry.model.pricing.StaticPremiumListPricingEngine;
 import google.registry.model.tld.Tld;
 import google.registry.model.tld.label.PremiumListDao;
@@ -111,12 +116,15 @@ class CreateDomainCommandTest extends EppToolCommandTestCase<CreateDomainCommand
 
   @Test
   void testSuccess_minimal() throws Exception {
+    persistResource(
+        new FeatureFlag()
+            .asBuilder()
+            .setFeatureName(MINIMUM_DATASET_CONTACTS_OPTIONAL)
+            .setStatusMap(ImmutableSortedMap.of(START_OF_TIME, ACTIVE))
+            .build());
     // Test that each optional field can be omitted. Also tests the auto-gen password.
     runCommandForced(
         "--client=NewRegistrar",
-        "--registrant=crr-admin",
-        "--admins=crr-admin",
-        "--techs=crr-tech",
         "example.tld");
     eppVerifier.verifySent("domain_create_minimal.xml");
   }
@@ -131,7 +139,9 @@ class CreateDomainCommandTest extends EppToolCommandTestCase<CreateDomainCommand
         "--techs=crr-tech",
         "example.tld",
         "example.abc");
-    eppVerifier.verifySent("domain_create_minimal.xml").verifySent("domain_create_minimal_abc.xml");
+    eppVerifier
+        .verifySent("domain_create_contacts.xml")
+        .verifySent("domain_create_contacts_abc.xml");
   }
 
   @Test
@@ -152,8 +162,8 @@ class CreateDomainCommandTest extends EppToolCommandTestCase<CreateDomainCommand
         "example.tld",
         "example.abc");
     eppVerifier
-        .verifySent("domain_create_minimal.xml")
-        .verifySent("domain_create_minimal_abc.xml");
+        .verifySent("domain_create_contacts.xml")
+        .verifySent("domain_create_contacts_abc.xml");
   }
 
   @Test
@@ -192,9 +202,9 @@ class CreateDomainCommandTest extends EppToolCommandTestCase<CreateDomainCommand
         "palladium.tld",
         "example.abc");
     eppVerifier
-        .verifySent("domain_create_minimal.xml")
+        .verifySent("domain_create_contacts.xml")
         .verifySent("domain_create_palladium.xml")
-        .verifySent("domain_create_minimal_abc.xml");
+        .verifySent("domain_create_contacts_abc.xml");
     assertInStdout(
         "palladium.tld is premium at USD 877.00 per year; "
             + "sending total cost for 1 year(s) of USD 877.00.");
@@ -227,6 +237,19 @@ class CreateDomainCommandTest extends EppToolCommandTestCase<CreateDomainCommand
     eppVerifier.verifySent("domain_create_token.xml");
   }
 
+  @Test
+  void testSuccess_contactsStillRequired() throws Exception {
+    // Verify that if contacts are still required, the minimum+contacts request is sent
+    createTld("tld");
+    runCommandForced(
+        "--client=NewRegistrar",
+        "--registrant=crr-admin",
+        "--admins=crr-admin",
+        "--techs=crr-tech",
+        "example.tld");
+    eppVerifier.verifySent("domain_create_contacts.xml");
+  }
+
   @Test
   void testFailure_duplicateDomains() {
     IllegalArgumentException thrown =

core/src/test/java/google/registry/ui/server/console/ConsoleActionBaseTestCase.java

@@ -0,0 +1,54 @@
+// Copyright 2025 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.ui.server.console;
+
+import static google.registry.testing.DatabaseHelper.createAdminUser;
+import static google.registry.testing.DatabaseHelper.createTld;
+
+import com.google.gson.Gson;
+import google.registry.model.console.User;
+import google.registry.persistence.transaction.JpaTestExtensions;
+import google.registry.request.auth.AuthResult;
+import google.registry.testing.ConsoleApiParamsUtils;
+import google.registry.testing.FakeClock;
+import google.registry.testing.FakeResponse;
+import google.registry.tools.GsonUtils;
+import org.joda.time.DateTime;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+public abstract class ConsoleActionBaseTestCase {
+
+  protected static final Gson GSON = GsonUtils.provideGson();
+
+  protected final FakeClock clock = new FakeClock(DateTime.parse("2024-04-15T00:00:00.000Z"));
+
+  @RegisterExtension
+  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
+      new JpaTestExtensions.Builder().withClock(clock).buildIntegrationTestExtension();
+
+  protected ConsoleApiParams consoleApiParams;
+  protected FakeResponse response;
+  protected User fteUser;
+
+  @BeforeEach
+  void beforeEachBaseTestCase() {
+    createTld("tld");
+    fteUser = createAdminUser("fte@email.tld");
+    AuthResult authResult = AuthResult.createUser(fteUser);
+    consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
+    response = (FakeResponse) consoleApiParams.response();
+  }
+}

core/src/test/java/google/registry/ui/server/console/ConsoleDomainGetActionTest.java

@@ -15,7 +15,6 @@
 package google.registry.ui.server.console;
 
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.testing.DatabaseHelper.createTld;
 import static jakarta.servlet.http.HttpServletResponse.SC_NOT_FOUND;
 import static jakarta.servlet.http.HttpServletResponse.SC_OK;
 import static jakarta.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
@@ -25,7 +24,6 @@ import com.google.common.collect.ImmutableMap;
 import google.registry.model.console.RegistrarRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.Action;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.ConsoleApiParamsUtils;
@@ -33,20 +31,12 @@ import google.registry.testing.DatabaseHelper;
 import google.registry.testing.FakeResponse;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link google.registry.ui.server.console.ConsoleDomainGetAction}. */
-public class ConsoleDomainGetActionTest {
-
-  private ConsoleApiParams consoleApiParams;
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().buildIntegrationTestExtension();
+public class ConsoleDomainGetActionTest extends ConsoleActionBaseTestCase {
 
   @BeforeEach
   void beforeEach() {
-    createTld("tld");
     DatabaseHelper.persistActiveDomain("exists.tld");
   }
 
@@ -62,8 +52,8 @@ public class ConsoleDomainGetActionTest {
                         .build())),
             "exists.tld");
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getPayload())
         .isEqualTo(
             "{\"domainName\":\"exists.tld\",\"adminContact\":{\"key\":\"3-ROID\",\"kind\":"
                 + "\"google.registry.model.contact.Contact\"},\"techContact\":{\"key\":\"3-ROID\","
@@ -81,7 +71,7 @@ public class ConsoleDomainGetActionTest {
   void testFailure_emptyAuth() {
     ConsoleDomainGetAction action = createAction(AuthResult.NOT_AUTHENTICATED, "exists.tld");
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_UNAUTHORIZED);
+    assertThat(response.getStatus()).isEqualTo(SC_UNAUTHORIZED);
   }
 
   @Test
@@ -89,7 +79,7 @@ public class ConsoleDomainGetActionTest {
     ConsoleDomainGetAction action =
         createAction(AuthResult.createApp("service@registry.example"), "exists.tld");
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_UNAUTHORIZED);
+    assertThat(response.getStatus()).isEqualTo(SC_UNAUTHORIZED);
   }
 
   @Test
@@ -98,17 +88,14 @@ public class ConsoleDomainGetActionTest {
         createAction(
             AuthResult.createUser(createUser(new UserRoles.Builder().build())), "exists.tld");
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_NOT_FOUND);
+    assertThat(response.getStatus()).isEqualTo(SC_NOT_FOUND);
   }
 
   @Test
   void testFailure_nonexistentDomain() {
-    ConsoleDomainGetAction action =
-        createAction(
-            AuthResult.createUser(createUser(new UserRoles.Builder().setIsAdmin(true).build())),
-            "nonexistent.tld");
+    ConsoleDomainGetAction action = createAction(AuthResult.createUser(fteUser), "nonexistent.tld");
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_NOT_FOUND);
+    assertThat(response.getStatus()).isEqualTo(SC_NOT_FOUND);
   }
 
   private User createUser(UserRoles userRoles) {
@@ -120,6 +107,7 @@ public class ConsoleDomainGetActionTest {
 
   private ConsoleDomainGetAction createAction(AuthResult authResult, String domain) {
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
+    response = (FakeResponse) consoleApiParams.response();
     when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.GET.toString());
     return new ConsoleDomainGetAction(consoleApiParams, domain);
   }

core/src/test/java/google/registry/ui/server/console/ConsoleDomainListActionTest.java

@@ -16,49 +16,31 @@ package google.registry.ui.server.console;
 
 import static com.google.common.collect.ImmutableList.toImmutableList;
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.testing.DatabaseHelper.createAdminUser;
-import static google.registry.testing.DatabaseHelper.createTld;
 import static google.registry.testing.DatabaseHelper.persistActiveDomain;
 import static google.registry.testing.DatabaseHelper.persistDomainAsDeleted;
 import static jakarta.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
 import static org.mockito.Mockito.when;
 
 import com.google.common.collect.Iterables;
-import com.google.gson.Gson;
 import google.registry.model.EppResourceUtils;
 import google.registry.model.domain.Domain;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.Action;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.ConsoleApiParamsUtils;
 import google.registry.testing.DatabaseHelper;
-import google.registry.testing.FakeClock;
 import google.registry.testing.FakeResponse;
-import google.registry.tools.GsonUtils;
 import google.registry.ui.server.console.ConsoleDomainListAction.DomainListResult;
 import java.util.Optional;
 import javax.annotation.Nullable;
 import org.joda.time.DateTime;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link ConsoleDomainListAction}. */
-public class ConsoleDomainListActionTest {
-
-  private static final Gson GSON = GsonUtils.provideGson();
-
-  private final FakeClock clock = new FakeClock(DateTime.parse("2023-10-20T00:00:00.000Z"));
-
-  private ConsoleApiParams consoleApiParams;
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().withClock(clock).buildIntegrationTestExtension();
+public class ConsoleDomainListActionTest extends ConsoleActionBaseTestCase {
 
   @BeforeEach
   void beforeEach() {
-    createTld("tld");
     for (int i = 0; i < 10; i++) {
       DatabaseHelper.persistActiveDomain(i + "exists.tld", clock.nowUtc());
       clock.advanceOneMilli();
@@ -70,9 +52,7 @@ public class ConsoleDomainListActionTest {
   void testSuccess_allDomains() {
     ConsoleDomainListAction action = createAction("TheRegistrar");
     action.run();
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains).hasSize(10);
     assertThat(result.totalResults).isEqualTo(10);
     assertThat(result.checkpointTime).isEqualTo(clock.nowUtc());
@@ -84,9 +64,7 @@ public class ConsoleDomainListActionTest {
   void testSuccess_noDomains() {
     ConsoleDomainListAction action = createAction("NewRegistrar");
     action.run();
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains).hasSize(0);
     assertThat(result.totalResults).isEqualTo(0);
     assertThat(result.checkpointTime).isEqualTo(clock.nowUtc());
@@ -97,9 +75,7 @@ public class ConsoleDomainListActionTest {
     // Two pages of results should go in reverse chronological order
     ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, null);
     action.run();
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains.stream().map(Domain::getDomainName).collect(toImmutableList()))
         .containsExactly("9exists.tld", "8exists.tld", "7exists.tld", "6exists.tld", "5exists.tld");
     assertThat(result.totalResults).isEqualTo(10);
@@ -107,9 +83,7 @@ public class ConsoleDomainListActionTest {
     // Now do the second page
     action = createAction("TheRegistrar", result.checkpointTime, 1, 5, 10L, null);
     action.run();
-    result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains.stream().map(Domain::getDomainName).collect(toImmutableList()))
         .containsExactly("4exists.tld", "3exists.tld", "2exists.tld", "1exists.tld", "0exists.tld");
   }
@@ -118,9 +92,7 @@ public class ConsoleDomainListActionTest {
   void testSuccess_partialPage() {
     ConsoleDomainListAction action = createAction("TheRegistrar", null, 1, 8, null, null);
     action.run();
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains.stream().map(Domain::getDomainName).collect(toImmutableList()))
         .containsExactly("1exists.tld", "0exists.tld");
   }
@@ -130,9 +102,7 @@ public class ConsoleDomainListActionTest {
     ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 10, null, null);
     action.run();
 
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains).hasSize(10);
     assertThat(result.totalResults).isEqualTo(10);
 
@@ -142,9 +112,7 @@ public class ConsoleDomainListActionTest {
     // Even though we persisted a new domain, the old checkpoint should return no more results
     action = createAction("TheRegistrar", result.checkpointTime, 1, 10, null, null);
     action.run();
-    result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains).isEmpty();
     assertThat(result.totalResults).isEqualTo(10);
   }
@@ -153,9 +121,7 @@ public class ConsoleDomainListActionTest {
   void testSuccess_checkpointTime_deletion() {
     ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, null);
     action.run();
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
 
     clock.advanceOneMilli();
     Domain toDelete =
@@ -165,9 +131,7 @@ public class ConsoleDomainListActionTest {
     // Second page should include the domain that is now deleted due to the checkpoint time
     action = createAction("TheRegistrar", result.checkpointTime, 1, 5, null, null);
     action.run();
-    result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains.stream().map(Domain::getDomainName).collect(toImmutableList()))
         .containsExactly("4exists.tld", "3exists.tld", "2exists.tld", "1exists.tld", "0exists.tld");
   }
@@ -176,9 +140,7 @@ public class ConsoleDomainListActionTest {
   void testSuccess_searchTerm_oneMatch() {
     ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, "0");
     action.run();
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(Iterables.getOnlyElement(result.domains).getDomainName()).isEqualTo("0exists.tld");
   }
 
@@ -186,9 +148,7 @@ public class ConsoleDomainListActionTest {
   void testSuccess_searchTerm_returnsNone() {
     ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, "deleted");
     action.run();
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains).isEmpty();
   }
 
@@ -196,9 +156,7 @@ public class ConsoleDomainListActionTest {
   void testSuccess_searchTerm_caseInsensitive() {
     ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, "eXiStS");
     action.run();
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains).hasSize(5);
     assertThat(result.totalResults).isEqualTo(10);
   }
@@ -207,9 +165,7 @@ public class ConsoleDomainListActionTest {
   void testSuccess_searchTerm_tld() {
     ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 5, null, "tld");
     action.run();
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains).hasSize(5);
     assertThat(result.totalResults).isEqualTo(10);
   }
@@ -218,9 +174,7 @@ public class ConsoleDomainListActionTest {
   void testPartialSuccess_pastEnd() {
     ConsoleDomainListAction action = createAction("TheRegistrar", null, 5, 5, null, null);
     action.run();
-    DomainListResult result =
-        GSON.fromJson(
-            ((FakeResponse) consoleApiParams.response()).getPayload(), DomainListResult.class);
+    DomainListResult result = GSON.fromJson(response.getPayload(), DomainListResult.class);
     assertThat(result.domains).isEmpty();
   }
 
@@ -228,14 +182,14 @@ public class ConsoleDomainListActionTest {
   void testFailure_invalidResultsPerPage() {
     ConsoleDomainListAction action = createAction("TheRegistrar", null, 0, 0, null, null);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo("Results per page must be between 1 and 500 inclusive");
 
     action = createAction("TheRegistrar", null, 0, 501, null, null);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo("Results per page must be between 1 and 500 inclusive");
   }
 
@@ -243,9 +197,8 @@ public class ConsoleDomainListActionTest {
   void testFailure_invalidPageNumber() {
     ConsoleDomainListAction action = createAction("TheRegistrar", null, -1, 10, null, null);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
-        .isEqualTo("Page number must be non-negative");
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload()).isEqualTo("Page number must be non-negative");
   }
 
   private ConsoleDomainListAction createAction(String registrarId) {
@@ -259,9 +212,10 @@ public class ConsoleDomainListActionTest {
       @Nullable Integer resultsPerPage,
       @Nullable Long totalResults,
       @Nullable String searchTerm) {
-    AuthResult authResult = AuthResult.createUser(createAdminUser("email@email.example"));
+    AuthResult authResult = AuthResult.createUser(fteUser);
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
     when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.GET.toString());
+    response = (FakeResponse) consoleApiParams.response();
     return new ConsoleDomainListAction(
         consoleApiParams,
         registrarId,

core/src/test/java/google/registry/ui/server/console/ConsoleDumDownloadActionTest.java

@@ -15,7 +15,6 @@
 package google.registry.ui.server.console;
 
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.testing.DatabaseHelper.createTld;
 import static jakarta.servlet.http.HttpServletResponse.SC_FORBIDDEN;
 import static jakarta.servlet.http.HttpServletResponse.SC_OK;
 import static org.mockito.Mockito.when;
@@ -24,32 +23,19 @@ import com.google.common.collect.ImmutableList;
 import google.registry.model.console.GlobalRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.Action;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.ConsoleApiParamsUtils;
 import google.registry.testing.DatabaseHelper;
-import google.registry.testing.FakeClock;
 import google.registry.testing.FakeResponse;
 import java.io.IOException;
-import org.joda.time.DateTime;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
-class ConsoleDumDownloadActionTest {
-
-  private final FakeClock clock = new FakeClock(DateTime.parse("2024-04-15T00:00:00.000Z"));
-
-  private ConsoleApiParams consoleApiParams;
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().withClock(clock).buildIntegrationTestExtension();
+class ConsoleDumDownloadActionTest extends ConsoleActionBaseTestCase {
 
   @BeforeEach
   void beforeEach() {
-    createTld("tld");
     for (int i = 0; i < 3; i++) {
       DatabaseHelper.persistActiveDomain(
           i + "exists.tld", clock.nowUtc(), clock.nowUtc().plusDays(300));
@@ -60,13 +46,7 @@ class ConsoleDumDownloadActionTest {
 
   @Test
   void testSuccess_returnsCorrectDomains() throws IOException {
-    User user =
-        new User.Builder()
-            .setEmailAddress("email@email.com")
-            .setUserRoles(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())
-            .build();
-
-    AuthResult authResult = AuthResult.createUser(user);
+    AuthResult authResult = AuthResult.createUser(fteUser);
     ConsoleDumDownloadAction action = createAction(authResult);
     action.run();
     ImmutableList<String> expected =
@@ -75,7 +55,6 @@ class ConsoleDumDownloadActionTest {
             "2exists.tld,2024-04-15 00:00:00.002+00,2025-02-09 00:00:00.002+00,{INACTIVE}",
             "1exists.tld,2024-04-15 00:00:00.001+00,2025-02-09 00:00:00.001+00,{INACTIVE}",
             "0exists.tld,2024-04-15 00:00:00+00,2025-02-09 00:00:00+00,{INACTIVE}");
-    FakeResponse response = (FakeResponse) consoleApiParams.response();
     assertThat(response.getStatus()).isEqualTo(SC_OK);
     ImmutableList<String> actual =
         ImmutableList.copyOf(response.getStringWriter().toString().split("\r\n"));
@@ -93,11 +72,12 @@ class ConsoleDumDownloadActionTest {
     AuthResult authResult = AuthResult.createUser(user);
     ConsoleDumDownloadAction action = createAction(authResult);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_FORBIDDEN);
+    assertThat(response.getStatus()).isEqualTo(SC_FORBIDDEN);
   }
 
   private ConsoleDumDownloadAction createAction(AuthResult authResult) {
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
+    response = (FakeResponse) consoleApiParams.response();
     when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.GET.toString());
     return new ConsoleDumDownloadAction(clock, consoleApiParams, "TheRegistrar", "test_name");
   }

core/src/test/java/google/registry/ui/server/console/ConsoleEppPasswordActionTest.java

@@ -30,22 +30,12 @@ import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSetMultimap;
-import com.google.gson.Gson;
 import google.registry.flows.PasswordOnlyTransportCredentials;
 import google.registry.model.console.ConsoleUpdateHistory;
-import google.registry.model.console.GlobalRole;
-import google.registry.model.console.User;
-import google.registry.model.console.UserRoles;
 import google.registry.model.registrar.Registrar;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.Action;
 import google.registry.request.RequestModule;
-import google.registry.request.auth.AuthResult;
 import google.registry.request.auth.AuthenticatedRegistrarAccessor;
-import google.registry.testing.ConsoleApiParamsUtils;
-import google.registry.testing.DatabaseHelper;
-import google.registry.testing.FakeResponse;
-import google.registry.tools.GsonUtils;
 import google.registry.ui.server.console.ConsoleEppPasswordAction.EppPasswordData;
 import google.registry.util.EmailMessage;
 import jakarta.mail.internet.AddressException;
@@ -56,20 +46,12 @@ import java.io.StringReader;
 import java.util.Optional;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
-class ConsoleEppPasswordActionTest {
-  private static final Gson GSON = GsonUtils.provideGson();
+class ConsoleEppPasswordActionTest extends ConsoleActionBaseTestCase {
   private static String eppPostData =
       "{\"registrarId\":\"%s\",\"oldPassword\":\"%s\",\"newPassword\":\"%s\",\"newPasswordRepeat\":\"%s\"}";
 
-  private ConsoleApiParams consoleApiParams;
   protected PasswordOnlyTransportCredentials credentials = new PasswordOnlyTransportCredentials();
-  private FakeResponse response;
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().buildIntegrationTestExtension();
 
   @BeforeEach
   void beforeEach() {
@@ -86,9 +68,8 @@ class ConsoleEppPasswordActionTest {
   void testFailure_emptyParams() throws IOException {
     ConsoleEppPasswordAction action = createAction("", "", "", "");
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
-        .isEqualTo("Missing param(s): registrarId");
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload()).isEqualTo("Missing param(s): registrarId");
   }
 
   @Test
@@ -96,9 +77,8 @@ class ConsoleEppPasswordActionTest {
     ConsoleEppPasswordAction action =
         createAction("TheRegistrar", "oldPassword", "newPassword", "newPasswordRepeat");
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
-        .contains("New password fields don't match");
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload()).contains("New password fields don't match");
   }
 
   @Test
@@ -106,9 +86,8 @@ class ConsoleEppPasswordActionTest {
     ConsoleEppPasswordAction action =
         createAction("TheRegistrar", "oldPassword", "randomPasword", "randomPasword");
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_FORBIDDEN);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
-        .contains("Registrar password is incorrect");
+    assertThat(response.getStatus()).isEqualTo(SC_FORBIDDEN);
+    assertThat(response.getPayload()).contains("Registrar password is incorrect");
   }
 
   @Test
@@ -124,12 +103,12 @@ class ConsoleEppPasswordActionTest {
                         + " environment")
                 .setBody(
                     "The following changes were made in registry unittest environment to the"
-                        + " registrar TheRegistrar by user email@email.com:\n"
+                        + " registrar TheRegistrar by admin fte@email.tld:\n"
                         + "\n"
                         + "password: ******** -> ••••••••\n")
                 .setRecipients(ImmutableList.of(new InternetAddress("notification@test.example")))
                 .build());
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
   }
 
   @Test
@@ -137,7 +116,7 @@ class ConsoleEppPasswordActionTest {
     ConsoleEppPasswordAction action =
         createAction("TheRegistrar", "foobar", "randomPassword", "randomPassword");
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertDoesNotThrow(() -> credentials.validate(loadRegistrar("TheRegistrar"), "randomPassword"));
     ConsoleUpdateHistory history = loadSingleton(ConsoleUpdateHistory.class).get();
     assertThat(history.getType()).isEqualTo(ConsoleUpdateHistory.Type.EPP_PASSWORD_UPDATE);
@@ -147,16 +126,6 @@ class ConsoleEppPasswordActionTest {
   private ConsoleEppPasswordAction createAction(
       String registrarId, String oldPassword, String newPassword, String newPasswordRepeat)
       throws IOException {
-    response = new FakeResponse();
-    User user =
-        new User.Builder()
-            .setEmailAddress("email@email.com")
-            .setUserRoles(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())
-            .build();
-    DatabaseHelper.putInDb(user);
-
-    AuthResult authResult = AuthResult.createUser(user);
-    consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
     AuthenticatedRegistrarAccessor authenticatedRegistrarAccessor =
         AuthenticatedRegistrarAccessor.createForTesting(
             ImmutableSetMultimap.of("TheRegistrar", OWNER));

core/src/test/java/google/registry/ui/server/console/ConsoleOteActionTest.java

@@ -27,19 +27,16 @@ import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
-import com.google.gson.Gson;
 import google.registry.model.OteStatsTestHelper;
 import google.registry.model.console.GlobalRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.Action;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.CloudTasksHelper;
 import google.registry.testing.ConsoleApiParamsUtils;
 import google.registry.testing.DeterministicStringGenerator;
 import google.registry.testing.FakeResponse;
-import google.registry.tools.GsonUtils;
 import google.registry.tools.IamClient;
 import google.registry.ui.server.console.ConsoleOteAction.OteCreateData;
 import google.registry.util.StringGenerator;
@@ -50,19 +47,11 @@ import java.util.stream.Collectors;
 import org.json.simple.JSONArray;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
-class ConsoleOteActionTest {
+class ConsoleOteActionTest extends ConsoleActionBaseTestCase {
 
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().buildIntegrationTestExtension();
-
-  private static final Gson GSON = GsonUtils.provideGson();
   private final IamClient iamClient = mock(IamClient.class);
   private final CloudTasksHelper cloudTasksHelper = new CloudTasksHelper();
-  private FakeResponse response;
-  private ConsoleApiParams consoleApiParams;
 
   private StringGenerator passwordGenerator =
       new DeterministicStringGenerator("abcdefghijklmnopqrstuvwxyz");
@@ -90,16 +79,12 @@ class ConsoleOteActionTest {
             Optional.of("someRandomString"),
             Optional.of(new OteCreateData("testRegistrarId", "tescontact@registry.example")));
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_FORBIDDEN);
+    assertThat(response.getStatus()).isEqualTo(SC_FORBIDDEN);
   }
 
   @Test
   void testFailure_invalidParamsNoRegistrarId() {
-    user =
-        user.asBuilder()
-            .setUserRoles(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())
-            .build();
-    AuthResult authResult = AuthResult.createUser(user);
+    AuthResult authResult = AuthResult.createUser(fteUser);
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
     ConsoleOteAction action =
         createAction(
@@ -109,9 +94,8 @@ class ConsoleOteActionTest {
             Optional.of("someRandomString"),
             Optional.of(new OteCreateData("", "test@email.com")));
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
-        .isEqualTo("OT&E create body is invalid");
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload()).isEqualTo("OT&E create body is invalid");
   }
 
   @Test
@@ -130,18 +114,13 @@ class ConsoleOteActionTest {
             Optional.of("someRandomString"),
             Optional.of(new OteCreateData("testRegistrarId", "")));
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
-        .isEqualTo("OT&E create body is invalid");
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload()).isEqualTo("OT&E create body is invalid");
   }
 
   @Test
   void testSuccess_oteCreated() {
-    user =
-        user.asBuilder()
-            .setUserRoles(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())
-            .build();
-    AuthResult authResult = AuthResult.createUser(user);
+    AuthResult authResult = AuthResult.createUser(fteUser);
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
     ConsoleOteAction action =
         createAction(
@@ -152,8 +131,7 @@ class ConsoleOteActionTest {
             Optional.of(new OteCreateData("theregistrar", "contact@registry.example")));
     action.cloudTasksUtils = cloudTasksHelper.getTestCloudTasksUtils();
     action.run();
-    String response = ((FakeResponse) consoleApiParams.response()).getPayload();
-    var obsResponse = GSON.fromJson(response, Map.class);
+    var obsResponse = GSON.fromJson(response.getPayload(), Map.class);
     assertThat(
             ImmutableMap.of(
                 "theregistrar-1", "theregistrar-sunrise",
@@ -162,7 +140,7 @@ class ConsoleOteActionTest {
                 "theregistrar-5", "theregistrar-eap",
                 "password", "abcdefghijklmnop"))
         .containsExactlyEntriesIn(obsResponse);
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     verifyIapPermission(
         "contact@registry.example",
         Optional.of("someRandomString@email.test"),
@@ -183,50 +161,40 @@ class ConsoleOteActionTest {
             Optional.of(new OteCreateData("theregistrar", "contact@registry.example")));
     action.cloudTasksUtils = cloudTasksHelper.getTestCloudTasksUtils();
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
-        .isEqualTo("Missing registrarId parameter");
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload()).isEqualTo("Missing registrarId parameter");
   }
 
   @Test
   void testSuccess_finishedOte() throws Exception {
     OteStatsTestHelper.setupCompleteOte("theregistrar");
-    user =
-        user.asBuilder()
-            .setUserRoles(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())
-            .build();
-    AuthResult authResult = AuthResult.createUser(user);
+    AuthResult authResult = AuthResult.createUser(fteUser);
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
     ConsoleOteAction action =
         createAction(
             Action.Method.GET, authResult, "theregistrar-1", Optional.empty(), Optional.empty());
     action.run();
 
-    List<Map<String, ?>> response =
-        GSON.fromJson(((FakeResponse) consoleApiParams.response()).getPayload(), JSONArray.class);
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
-    assertTrue(response.stream().allMatch(status -> Boolean.TRUE.equals(status.get("completed"))));
+    List<Map<String, ?>> responseMaps = GSON.fromJson(response.getPayload(), JSONArray.class);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    assertTrue(
+        responseMaps.stream().allMatch(status -> Boolean.TRUE.equals(status.get("completed"))));
   }
 
   @Test
   void testSuccess_unfinishedOte() throws Exception {
     OteStatsTestHelper.setupIncompleteOte("theregistrar");
-    user =
-        user.asBuilder()
-            .setUserRoles(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())
-            .build();
-    AuthResult authResult = AuthResult.createUser(user);
+    AuthResult authResult = AuthResult.createUser(fteUser);
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
     ConsoleOteAction action =
         createAction(
             Action.Method.GET, authResult, "theregistrar-1", Optional.empty(), Optional.empty());
     action.run();
 
-    List<Map<String, ?>> response =
-        GSON.fromJson(((FakeResponse) consoleApiParams.response()).getPayload(), JSONArray.class);
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    List<Map<String, ?>> responseMaps = GSON.fromJson(response.getPayload(), JSONArray.class);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertThat(
-            response.stream()
+            responseMaps.stream()
                 .filter(status -> Boolean.FALSE.equals(status.get("completed")))
                 .map(status -> status.get("description"))
                 .collect(Collectors.toList()))
@@ -240,9 +208,9 @@ class ConsoleOteActionTest {
       String registrarId,
       Optional<String> maybeGroupEmailAddress,
       Optional<OteCreateData> oteCreateData) {
-    response = new FakeResponse();
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
     when(consoleApiParams.request().getMethod()).thenReturn(method.toString());
+    response = (FakeResponse) consoleApiParams.response();
     return new ConsoleOteAction(
         consoleApiParams,
         iamClient,

core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockActionTest.java

@@ -42,12 +42,10 @@ import google.registry.model.console.UserRoles;
 import google.registry.model.domain.Domain;
 import google.registry.model.domain.RegistryLock;
 import google.registry.model.eppcommon.StatusValue;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.CloudTasksHelper;
 import google.registry.testing.ConsoleApiParamsUtils;
 import google.registry.testing.DeterministicStringGenerator;
-import google.registry.testing.FakeClock;
 import google.registry.testing.FakeResponse;
 import google.registry.tools.DomainLockUtils;
 import google.registry.util.EmailMessage;
@@ -55,13 +53,11 @@ import google.registry.util.StringGenerator;
 import jakarta.mail.internet.InternetAddress;
 import java.io.IOException;
 import java.util.Optional;
-import org.joda.time.DateTime;
 import org.joda.time.Duration;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.junit.jupiter.api.extension.RegisterExtension;
 import org.mockito.ArgumentCaptor;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
@@ -71,7 +67,7 @@ import org.mockito.quality.Strictness;
 /** Tests for {@link ConsoleRegistryLockAction}. */
 @ExtendWith(MockitoExtension.class)
 @MockitoSettings(strictness = Strictness.LENIENT)
-public class ConsoleRegistryLockActionTest {
+public class ConsoleRegistryLockActionTest extends ConsoleActionBaseTestCase {
 
   private static final String EXPECTED_EMAIL_MESSAGE =
       """
@@ -81,16 +77,9 @@ public class ConsoleRegistryLockActionTest {
       https://registrarconsole.tld/console/#/registry-lock-verify?lockVerificationCode=\
       123456789ABCDEFGHJKLMNPQRSTUVWXY""";
 
-  private final FakeClock fakeClock = new FakeClock(DateTime.parse("2024-04-18T12:00:00.000Z"));
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().withClock(fakeClock).buildIntegrationTestExtension();
-
   @Mock GmailClient gmailClient;
   private ConsoleRegistryLockAction action;
   private Domain defaultDomain;
-  private FakeResponse response;
   private User user;
 
   @BeforeEach
@@ -118,15 +107,15 @@ public class ConsoleRegistryLockActionTest {
 
   @Test
   void testGet_simpleLock() {
-    saveRegistryLock(createDefaultLockBuilder().setLockCompletionTime(fakeClock.nowUtc()).build());
+    saveRegistryLock(createDefaultLockBuilder().setLockCompletionTime(clock.nowUtc()).build());
     action.run();
     assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertThat(response.getPayload())
         .isEqualTo(
             """
 [{"domainName":"example.test","registrarPocId":"johndoe@theregistrar.com","lockRequestTime":\
-{"creationTime":"2024-04-18T12:00:00.000Z"},"unlockRequestTime":"null","lockCompletionTime":\
-"2024-04-18T12:00:00.000Z","unlockCompletionTime":"null","isSuperuser":false}]\
+{"creationTime":"2024-04-15T00:00:00.000Z"},"unlockRequestTime":"null","lockCompletionTime":\
+"2024-04-15T00:00:00.000Z","unlockCompletionTime":"null","isSuperuser":false}]\
 """);
   }
 
@@ -148,11 +137,11 @@ public class ConsoleRegistryLockActionTest {
             .setRegistrarId("TheRegistrar")
             .setVerificationCode("123456789ABCDEFGHJKLMNPQRSTUVWXY")
             .setRegistrarPocId("johndoe@theregistrar.com")
-            .setLockCompletionTime(fakeClock.nowUtc())
-            .setUnlockRequestTime(fakeClock.nowUtc())
+            .setLockCompletionTime(clock.nowUtc())
+            .setUnlockRequestTime(clock.nowUtc())
             .build();
     saveRegistryLock(expiredUnlock);
-    fakeClock.advanceBy(Duration.standardDays(1));
+    clock.advanceBy(Duration.standardDays(1));
 
     RegistryLock regularLock =
         new RegistryLock.Builder()
@@ -161,9 +150,9 @@ public class ConsoleRegistryLockActionTest {
             .setRegistrarId("TheRegistrar")
             .setVerificationCode("123456789ABCDEFGHJKLMNPQRSTUVWXY")
             .setRegistrarPocId("johndoe@theregistrar.com")
-            .setLockCompletionTime(fakeClock.nowUtc())
+            .setLockCompletionTime(clock.nowUtc())
             .build();
-    fakeClock.advanceOneMilli();
+    clock.advanceOneMilli();
     RegistryLock adminLock =
         new RegistryLock.Builder()
             .setRepoId("repoId")
@@ -171,7 +160,7 @@ public class ConsoleRegistryLockActionTest {
             .setRegistrarId("TheRegistrar")
             .setVerificationCode("122222222ABCDEFGHJKLMNPQRSTUVWXY")
             .isSuperuser(true)
-            .setLockCompletionTime(fakeClock.nowUtc())
+            .setLockCompletionTime(clock.nowUtc())
             .build();
     RegistryLock incompleteLock =
         new RegistryLock.Builder()
@@ -189,8 +178,8 @@ public class ConsoleRegistryLockActionTest {
             .setRegistrarId("TheRegistrar")
             .setVerificationCode("123456789ABCDEFGHJKLMNPQRSTUVWXY")
             .setRegistrarPocId("johndoe@theregistrar.com")
-            .setLockCompletionTime(fakeClock.nowUtc())
-            .setUnlockRequestTime(fakeClock.nowUtc())
+            .setLockCompletionTime(clock.nowUtc())
+            .setUnlockRequestTime(clock.nowUtc())
             .build();
 
     RegistryLock unlockedLock =
@@ -200,9 +189,9 @@ public class ConsoleRegistryLockActionTest {
             .setRegistrarId("TheRegistrar")
             .setRegistrarPocId("johndoe@theregistrar.com")
             .setVerificationCode("123456789ABCDEFGHJKLMNPQRSTUUUUU")
-            .setLockCompletionTime(fakeClock.nowUtc())
-            .setUnlockRequestTime(fakeClock.nowUtc())
-            .setUnlockCompletionTime(fakeClock.nowUtc())
+            .setLockCompletionTime(clock.nowUtc())
+            .setUnlockRequestTime(clock.nowUtc())
+            .setUnlockCompletionTime(clock.nowUtc())
             .build();
 
     saveRegistryLock(regularLock);
@@ -218,24 +207,24 @@ public class ConsoleRegistryLockActionTest {
     assertThat(response.getPayload())
         .isEqualTo(
             """
-[{"domainName":"adminexample.test","lockRequestTime":{"creationTime":"2024-04-19T12:00:00.001Z"},\
-"unlockRequestTime":"null","lockCompletionTime":"2024-04-19T12:00:00.001Z","unlockCompletionTime":\
+[{"domainName":"adminexample.test","lockRequestTime":{"creationTime":"2024-04-16T00:00:00.001Z"},\
+"unlockRequestTime":"null","lockCompletionTime":"2024-04-16T00:00:00.001Z","unlockCompletionTime":\
 "null","isSuperuser":true},\
 \
 {"domainName":"example.test","registrarPocId":"johndoe@theregistrar.com","lockRequestTime":\
-{"creationTime":"2024-04-19T12:00:00.001Z"},"unlockRequestTime":"null","lockCompletionTime":\
-"2024-04-19T12:00:00.000Z","unlockCompletionTime":"null","isSuperuser":false},\
+{"creationTime":"2024-04-16T00:00:00.001Z"},"unlockRequestTime":"null","lockCompletionTime":\
+"2024-04-16T00:00:00.000Z","unlockCompletionTime":"null","isSuperuser":false},\
 \
 {"domainName":"expiredunlock.test","registrarPocId":"johndoe@theregistrar.com","lockRequestTime":\
-{"creationTime":"2024-04-18T12:00:00.000Z"},"unlockRequestTime":"2024-04-18T12:00:00.000Z",\
-"lockCompletionTime":"2024-04-18T12:00:00.000Z","unlockCompletionTime":"null","isSuperuser":false},\
+{"creationTime":"2024-04-15T00:00:00.000Z"},"unlockRequestTime":"2024-04-15T00:00:00.000Z",\
+"lockCompletionTime":"2024-04-15T00:00:00.000Z","unlockCompletionTime":"null","isSuperuser":false},\
 \
 {"domainName":"incompleteunlock.test","registrarPocId":"johndoe@theregistrar.com","lockRequestTime":\
-{"creationTime":"2024-04-19T12:00:00.001Z"},"unlockRequestTime":"2024-04-19T12:00:00.001Z",\
-"lockCompletionTime":"2024-04-19T12:00:00.001Z","unlockCompletionTime":"null","isSuperuser":false},\
+{"creationTime":"2024-04-16T00:00:00.001Z"},"unlockRequestTime":"2024-04-16T00:00:00.001Z",\
+"lockCompletionTime":"2024-04-16T00:00:00.001Z","unlockCompletionTime":"null","isSuperuser":false},\
 \
 {"domainName":"pending.test","registrarPocId":"johndoe@theregistrar.com","lockRequestTime":\
-{"creationTime":"2024-04-19T12:00:00.001Z"},"unlockRequestTime":"null","lockCompletionTime":"null",\
+{"creationTime":"2024-04-16T00:00:00.001Z"},"unlockRequestTime":"null","lockCompletionTime":"null",\
 "unlockCompletionTime":"null","isSuperuser":false}]""");
   }
 
@@ -288,7 +277,7 @@ public class ConsoleRegistryLockActionTest {
 
   @Test
   void testPost_unlock() throws Exception {
-    saveRegistryLock(createDefaultLockBuilder().setLockCompletionTime(fakeClock.nowUtc()).build());
+    saveRegistryLock(createDefaultLockBuilder().setLockCompletionTime(clock.nowUtc()).build());
     persistResource(defaultDomain.asBuilder().setStatusValues(REGISTRY_LOCK_STATUSES).build());
     action = createDefaultPostAction(false);
     action.run();
@@ -301,7 +290,7 @@ public class ConsoleRegistryLockActionTest {
 
   @Test
   void testPost_unlock_relockDuration() throws Exception {
-    saveRegistryLock(createDefaultLockBuilder().setLockCompletionTime(fakeClock.nowUtc()).build());
+    saveRegistryLock(createDefaultLockBuilder().setLockCompletionTime(clock.nowUtc()).build());
     persistResource(defaultDomain.asBuilder().setStatusValues(REGISTRY_LOCK_STATUSES).build());
     action =
         createPostAction(
@@ -318,10 +307,7 @@ public class ConsoleRegistryLockActionTest {
   @Test
   void testPost_adminUnlockingAdmin() throws Exception {
     saveRegistryLock(
-        createDefaultLockBuilder()
-            .setLockCompletionTime(fakeClock.nowUtc())
-            .isSuperuser(true)
-            .build());
+        createDefaultLockBuilder().setLockCompletionTime(clock.nowUtc()).isSuperuser(true).build());
     persistResource(defaultDomain.asBuilder().setStatusValues(REGISTRY_LOCK_STATUSES).build());
     user =
         user.asBuilder()
@@ -387,10 +373,7 @@ public class ConsoleRegistryLockActionTest {
   @Test
   void testPost_failure_nonAdminUnlockingAdmin() throws Exception {
     saveRegistryLock(
-        createDefaultLockBuilder()
-            .setLockCompletionTime(fakeClock.nowUtc())
-            .isSuperuser(true)
-            .build());
+        createDefaultLockBuilder().setLockCompletionTime(clock.nowUtc()).isSuperuser(true).build());
     persistResource(defaultDomain.asBuilder().setStatusValues(REGISTRY_LOCK_STATUSES).build());
     action = createDefaultPostAction(false);
     action.run();
@@ -464,9 +447,9 @@ public class ConsoleRegistryLockActionTest {
   void testPost_failure_alreadyUnlocked() throws Exception {
     saveRegistryLock(
         createDefaultLockBuilder()
-            .setLockCompletionTime(fakeClock.nowUtc())
-            .setUnlockRequestTime(fakeClock.nowUtc())
-            .setUnlockCompletionTime(fakeClock.nowUtc())
+            .setLockCompletionTime(clock.nowUtc())
+            .setUnlockRequestTime(clock.nowUtc())
+            .setUnlockCompletionTime(clock.nowUtc())
             .build());
     action = createDefaultPostAction(false);
     action.run();
@@ -501,7 +484,7 @@ public class ConsoleRegistryLockActionTest {
         new DomainLockUtils(
             new DeterministicStringGenerator(StringGenerator.Alphabets.BASE_58),
             "adminreg",
-            new CloudTasksHelper(fakeClock).getTestCloudTasksUtils());
+            new CloudTasksHelper(clock).getTestCloudTasksUtils());
     response = (FakeResponse) params.response();
     return new ConsoleRegistryLockAction(
         params, domainLockUtils, gmailClient, optionalPostInput, "TheRegistrar");

core/src/test/java/google/registry/ui/server/console/ConsoleRegistryLockVerifyActionTest.java

@@ -30,12 +30,10 @@ import google.registry.model.console.UserRoles;
 import google.registry.model.domain.Domain;
 import google.registry.model.domain.RegistryLock;
 import google.registry.model.eppcommon.StatusValue;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.CloudTasksHelper;
 import google.registry.testing.ConsoleApiParamsUtils;
 import google.registry.testing.DeterministicStringGenerator;
-import google.registry.testing.FakeClock;
 import google.registry.testing.FakeResponse;
 import google.registry.tools.DomainLockUtils;
 import google.registry.util.StringGenerator;
@@ -43,19 +41,11 @@ import jakarta.servlet.http.HttpServletResponse;
 import org.joda.time.Duration;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link ConsoleRegistryLockVerifyAction}. */
-public class ConsoleRegistryLockVerifyActionTest {
+public class ConsoleRegistryLockVerifyActionTest extends ConsoleActionBaseTestCase {
 
   private static final String DEFAULT_CODE = "123456789ABCDEFGHJKLMNPQRSTUUUUU";
-  private final FakeClock fakeClock = new FakeClock();
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().withClock(fakeClock).buildIntegrationTestExtension();
-
-  private FakeResponse response;
   private Domain defaultDomain;
   private User user;
 
@@ -96,8 +86,8 @@ public class ConsoleRegistryLockVerifyActionTest {
     persistResource(defaultDomain.asBuilder().setStatusValues(REGISTRY_LOCK_STATUSES).build());
     saveRegistryLock(
         createDefaultLockBuilder()
-            .setLockCompletionTime(fakeClock.nowUtc())
-            .setUnlockRequestTime(fakeClock.nowUtc())
+            .setLockCompletionTime(clock.nowUtc())
+            .setUnlockRequestTime(clock.nowUtc())
             .build());
     action.run();
     assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
@@ -130,8 +120,8 @@ public class ConsoleRegistryLockVerifyActionTest {
     saveRegistryLock(
         createDefaultLockBuilder()
             .isSuperuser(true)
-            .setLockCompletionTime(fakeClock.nowUtc())
-            .setUnlockRequestTime(fakeClock.nowUtc())
+            .setLockCompletionTime(clock.nowUtc())
+            .setUnlockRequestTime(clock.nowUtc())
             .build());
     user =
         user.asBuilder()
@@ -159,7 +149,7 @@ public class ConsoleRegistryLockVerifyActionTest {
   @Test
   void testFailure_expiredLock() {
     saveRegistryLock(createDefaultLockBuilder().build());
-    fakeClock.advanceBy(Duration.standardDays(1));
+    clock.advanceBy(Duration.standardDays(1));
     action.run();
     assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST);
     assertThat(response.getPayload()).isEqualTo("The pending lock has expired; please try again");
@@ -181,8 +171,8 @@ public class ConsoleRegistryLockVerifyActionTest {
     saveRegistryLock(
         createDefaultLockBuilder()
             .isSuperuser(true)
-            .setLockCompletionTime(fakeClock.nowUtc())
-            .setUnlockRequestTime(fakeClock.nowUtc())
+            .setLockCompletionTime(clock.nowUtc())
+            .setUnlockRequestTime(clock.nowUtc())
             .build());
     action.run();
     assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_BAD_REQUEST);
@@ -209,7 +199,7 @@ public class ConsoleRegistryLockVerifyActionTest {
         new DomainLockUtils(
             new DeterministicStringGenerator(StringGenerator.Alphabets.BASE_58),
             "adminreg",
-            new CloudTasksHelper(fakeClock).getTestCloudTasksUtils());
+            new CloudTasksHelper(clock).getTestCloudTasksUtils());
     response = (FakeResponse) params.response();
     return new ConsoleRegistryLockVerifyAction(params, domainLockUtils, verificationCode);
   }

core/src/test/java/google/registry/ui/server/console/ConsoleUpdateRegistrarActionTest.java

@@ -28,21 +28,17 @@ import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
-import com.google.gson.Gson;
 import google.registry.model.console.ConsoleUpdateHistory;
 import google.registry.model.console.GlobalRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarPoc;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.Action;
 import google.registry.request.RequestModule;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.ConsoleApiParamsUtils;
-import google.registry.testing.FakeResponse;
 import google.registry.testing.SystemPropertyExtension;
-import google.registry.tools.GsonUtils;
 import google.registry.util.EmailMessage;
 import google.registry.util.RegistryEnvironment;
 import jakarta.mail.internet.AddressException;
@@ -51,17 +47,14 @@ import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.StringReader;
 import java.util.Optional;
+import org.joda.time.DateTime;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Order;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link google.registry.ui.server.console.ConsoleUpdateRegistrarAction}. */
-class ConsoleUpdateRegistrarActionTest {
-  private static final Gson GSON = GsonUtils.provideGson();
-
-  private ConsoleApiParams consoleApiParams;
-  private FakeResponse response;
+class ConsoleUpdateRegistrarActionTest extends ConsoleActionBaseTestCase {
 
   private Registrar registrar;
 
@@ -92,13 +85,8 @@ class ConsoleUpdateRegistrarActionTest {
                 .setEmailAddress("user@registrarId.com")
                 .setUserRoles(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())
                 .build());
-    consoleApiParams = createParams();
   }
 
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().buildIntegrationTestExtension();
-
   @Test
   void testSuccess_updatesRegistrar() throws IOException {
     var action =
@@ -108,17 +96,44 @@ class ConsoleUpdateRegistrarActionTest {
                 "TheRegistrar",
                 "app, dev",
                 false,
-                "\"2025-01-01T00:00:00.000Z\""));
+                "\"2023-12-12T00:00:00.000Z\""));
     action.run();
     Registrar newRegistrar = Registrar.loadByRegistrarId("TheRegistrar").get();
     assertThat(newRegistrar.getAllowedTlds()).containsExactly("app", "dev");
     assertThat(newRegistrar.isRegistryLockAllowed()).isFalse();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     ConsoleUpdateHistory history = loadSingleton(ConsoleUpdateHistory.class).get();
     assertThat(history.getType()).isEqualTo(ConsoleUpdateHistory.Type.REGISTRAR_UPDATE);
     assertThat(history.getDescription()).hasValue("TheRegistrar");
   }
 
+  @Test
+  void testSuccess_updatesNullPocVerificationDate() throws IOException {
+    var action =
+        createAction(
+            String.format(registrarPostData, "TheRegistrar", "app, dev", false, "\"null\""));
+    action.run();
+    Registrar newRegistrar = Registrar.loadByRegistrarId("TheRegistrar").get();
+    assertThat(newRegistrar.getLastPocVerificationDate())
+        .isEqualTo(DateTime.parse("1970-01-01T00:00:00.000Z"));
+  }
+
+  @Test
+  void testFailure_pocVerificationInTheFuture() throws IOException {
+    var action =
+        createAction(
+            String.format(
+                registrarPostData,
+                "TheRegistrar",
+                "app, dev",
+                false,
+                "\"2025-02-01T00:00:00.000Z\""));
+    action.run();
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat((String) response.getPayload())
+        .contains("Invalid value of LastPocVerificationDate - value is in the future");
+  }
+
   @Test
   void testFails_missingWhoisContact() throws IOException {
     RegistryEnvironment.PRODUCTION.setup(systemPropertyExtension);
@@ -129,10 +144,10 @@ class ConsoleUpdateRegistrarActionTest {
                 "TheRegistrar",
                 "app, dev",
                 false,
-                "\"2025-01-01T00:00:00.000Z\""));
+                "\"2024-12-12T00:00:00.000Z\""));
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat((String) ((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat((String) response.getPayload())
         .contains("Cannot modify allowed TLDs if there is no WHOIS abuse contact set");
   }
 
@@ -159,12 +174,12 @@ class ConsoleUpdateRegistrarActionTest {
                 "TheRegistrar",
                 "app, dev",
                 false,
-                "\"2025-01-01T00:00:00.000Z\""));
+                "\"2023-12-12T00:00:00.000Z\""));
     action.run();
     Registrar newRegistrar = Registrar.loadByRegistrarId("TheRegistrar").get();
     assertThat(newRegistrar.getAllowedTlds()).containsExactly("app", "dev");
     assertThat(newRegistrar.isRegistryLockAllowed()).isFalse();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
   }
 
   @Test
@@ -176,7 +191,7 @@ class ConsoleUpdateRegistrarActionTest {
                 "TheRegistrar",
                 "app, dev",
                 false,
-                "\"2025-01-01T00:00:00.000Z\""));
+                "\"2023-12-12T00:00:00.000Z\""));
     action.run();
     verify(consoleApiParams.sendEmailUtils().gmailClient, times(1))
         .sendEmail(
@@ -186,11 +201,11 @@ class ConsoleUpdateRegistrarActionTest {
                         + " environment")
                 .setBody(
                     "The following changes were made in registry unittest environment to the"
-                        + " registrar TheRegistrar by user user@registrarId.com:\n"
+                        + " registrar TheRegistrar by admin fte@email.tld:\n"
                         + "\n"
                         + "allowedTlds: null -> [app, dev]\n"
                         + "lastPocVerificationDate: 1970-01-01T00:00:00.000Z ->"
-                        + " 2025-01-01T00:00:00.000Z\n")
+                        + " 2023-12-12T00:00:00.000Z\n")
                 .setRecipients(ImmutableList.of(new InternetAddress("notification@test.example")))
                 .build());
   }

core/src/test/java/google/registry/ui/server/console/ConsoleUserDataActionTest.java

@@ -21,13 +21,8 @@ import static jakarta.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
 import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableMap;
-import com.google.gson.Gson;
-import google.registry.model.console.User;
-import google.registry.persistence.transaction.JpaTestExtensions;
-import google.registry.request.RequestModule;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.ConsoleApiParamsUtils;
-import google.registry.testing.DatabaseHelper;
 import google.registry.testing.FakeResponse;
 import jakarta.servlet.http.Cookie;
 import java.io.IOException;
@@ -35,41 +30,25 @@ import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link google.registry.ui.server.console.ConsoleUserDataAction}. */
-class ConsoleUserDataActionTest {
-
-  private static final Gson GSON = RequestModule.provideGson();
-
-  private ConsoleApiParams consoleApiParams;
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().buildIntegrationTestExtension();
+class ConsoleUserDataActionTest extends ConsoleActionBaseTestCase {
 
   @Test
   void testSuccess_hasXSRFCookie() throws IOException {
-    User user = DatabaseHelper.createAdminUser("email@email.com");
-    AuthResult authResult = AuthResult.createUser(user);
-    ConsoleUserDataAction action =
-        createAction(Optional.of(ConsoleApiParamsUtils.createFake(authResult)));
+    ConsoleUserDataAction action = createAction(Optional.of(consoleApiParams));
     action.run();
-    List<Cookie> cookies = ((FakeResponse) consoleApiParams.response()).getCookies();
+    List<Cookie> cookies = response.getCookies();
     assertThat(cookies.stream().map(cookie -> cookie.getName()).collect(toImmutableList()))
         .containsExactly("X-CSRF-Token");
   }
 
   @Test
   void testSuccess_getContactInfo() throws IOException {
-    User user = DatabaseHelper.createAdminUser("email@email.com");
-    AuthResult authResult = AuthResult.createUser(user);
-    ConsoleUserDataAction action =
-        createAction(Optional.of(ConsoleApiParamsUtils.createFake(authResult)));
+    ConsoleUserDataAction action = createAction(Optional.of(consoleApiParams));
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
-    Map jsonObject =
-        GSON.fromJson(((FakeResponse) consoleApiParams.response()).getPayload(), Map.class);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    Map jsonObject = GSON.fromJson(response.getPayload(), Map.class);
     assertThat(jsonObject)
         .containsExactly(
             "userRoles",
@@ -92,7 +71,7 @@ class ConsoleUserDataActionTest {
   void testFailure_notAuthenticated() throws IOException {
     ConsoleUserDataAction action = createAction(Optional.empty());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_UNAUTHORIZED);
+    assertThat(response.getStatus()).isEqualTo(SC_UNAUTHORIZED);
   }
 
   private ConsoleUserDataAction createAction(Optional<ConsoleApiParams> maybeConsoleApiParams)
@@ -101,6 +80,7 @@ class ConsoleUserDataActionTest {
         maybeConsoleApiParams.orElseGet(
             () -> ConsoleApiParamsUtils.createFake(AuthResult.NOT_AUTHENTICATED));
     when(consoleApiParams.request().getMethod()).thenReturn("GET");
+    response = (FakeResponse) consoleApiParams.response();
     return new ConsoleUserDataAction(
         consoleApiParams, "Nomulus", "support@example.com", "+1 (212) 867 5309", "test");
   }

core/src/test/java/google/registry/ui/server/console/ConsoleUsersActionTest.java

@@ -29,14 +29,11 @@ import com.google.api.services.directory.Directory.Users.Delete;
 import com.google.api.services.directory.Directory.Users.Insert;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
-import com.google.gson.Gson;
 import google.registry.model.console.GlobalRole;
 import google.registry.model.console.RegistrarRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.persistence.VKey;
-import google.registry.persistence.transaction.JpaTestExtensions;
-import google.registry.request.RequestModule;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.CloudTasksHelper;
 import google.registry.testing.ConsoleApiParamsUtils;
@@ -53,11 +50,8 @@ import java.util.stream.Collectors;
 import java.util.stream.IntStream;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
-class ConsoleUsersActionTest {
-
-  private static final Gson GSON = RequestModule.provideGson();
+class ConsoleUsersActionTest extends ConsoleActionBaseTestCase {
 
   private final Directory directory = mock(Directory.class);
   private final Users users = mock(Users.class);
@@ -70,12 +64,6 @@ class ConsoleUsersActionTest {
   private StringGenerator passwordGenerator =
       new DeterministicStringGenerator("abcdefghijklmnopqrstuvwxyz");
 
-  private ConsoleApiParams consoleApiParams;
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().buildIntegrationTestExtension();
-
   @BeforeEach
   void beforeEach() {
     User dbUser1 =
@@ -130,7 +118,6 @@ class ConsoleUsersActionTest {
             Optional.of("GET"),
             Optional.empty());
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getPayload())
         .isEqualTo(
             "[{\"emailAddress\":\"test1@test.com\",\"role\":\"PRIMARY_CONTACT\"},{\"emailAddress\":\"test2@test.com\",\"role\":\"PRIMARY_CONTACT\"}]");
@@ -155,7 +142,6 @@ class ConsoleUsersActionTest {
             Optional.of("GET"),
             Optional.empty());
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getStatus()).isEqualTo(HttpServletResponse.SC_FORBIDDEN);
   }
 
@@ -172,7 +158,6 @@ class ConsoleUsersActionTest {
     when(directory.users()).thenReturn(users);
     when(users.insert(any(com.google.api.services.directory.model.User.class))).thenReturn(insert);
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
     assertThat(response.getPayload()).contains("Email prefix is invalid");
   }
@@ -190,7 +175,6 @@ class ConsoleUsersActionTest {
     when(directory.users()).thenReturn(users);
     when(users.insert(any(com.google.api.services.directory.model.User.class))).thenReturn(insert);
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getStatus()).isEqualTo(SC_CREATED);
     assertThat(response.getPayload())
         .contains(
@@ -215,7 +199,6 @@ class ConsoleUsersActionTest {
     when(directory.users()).thenReturn(users);
     when(users.delete(any(String.class))).thenReturn(delete);
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getStatus()).isEqualTo(SC_FORBIDDEN);
     assertThat(response.getPayload())
         .contains("Can't update user not associated with registrarId TheRegistrar");
@@ -234,7 +217,6 @@ class ConsoleUsersActionTest {
     when(directory.users()).thenReturn(users);
     when(users.delete(any(String.class))).thenReturn(delete);
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
     assertThat(response.getPayload()).contains("User email-1@email.com doesn't exist");
   }
@@ -258,7 +240,6 @@ class ConsoleUsersActionTest {
     when(directory.users()).thenReturn(users);
     when(users.delete(any(String.class))).thenReturn(delete);
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertThat(DatabaseHelper.loadByKeyIfPresent(VKey.create(User.class, "test2@test.com")))
         .isEmpty();
@@ -299,7 +280,6 @@ class ConsoleUsersActionTest {
     when(directory.users()).thenReturn(users);
     when(users.delete(any(String.class))).thenReturn(delete);
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getStatus()).isEqualTo(SC_OK);
     Optional<User> actualUser =
         DatabaseHelper.loadByKeyIfPresent(VKey.create(User.class, "test4@test.com"));
@@ -343,7 +323,6 @@ class ConsoleUsersActionTest {
     when(directory.users()).thenReturn(users);
     when(users.insert(any(com.google.api.services.directory.model.User.class))).thenReturn(insert);
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
     assertThat(response.getPayload()).contains("Total users amount per registrar is limited to 4");
   }
@@ -372,7 +351,6 @@ class ConsoleUsersActionTest {
                 new UserData("test2@test.com", RegistrarRole.ACCOUNT_MANAGER.toString(), null)));
     action.cloudTasksUtils = cloudTasksHelper.getTestCloudTasksUtils();
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertThat(
             DatabaseHelper.loadByKey(VKey.create(User.class, "test2@test.com"))
@@ -398,7 +376,6 @@ class ConsoleUsersActionTest {
             Optional.of(
                 new UserData("test3@test.com", RegistrarRole.ACCOUNT_MANAGER.toString(), null)));
     action.run();
-    var response = ((FakeResponse) consoleApiParams.response());
     assertThat(response.getStatus()).isEqualTo(SC_FORBIDDEN);
     assertThat(response.getPayload())
         .contains("Can't update user not associated with registrarId TheRegistrar");
@@ -413,6 +390,7 @@ class ConsoleUsersActionTest {
         maybeConsoleApiParams.orElseGet(
             () -> ConsoleApiParamsUtils.createFake(AuthResult.NOT_AUTHENTICATED));
     when(consoleApiParams.request().getMethod()).thenReturn(method.orElse("GET"));
+    response = (FakeResponse) consoleApiParams.response();
     return new ConsoleUsersAction(
         consoleApiParams,
         directory,

core/src/test/java/google/registry/ui/server/console/RegistrarsActionTest.java

@@ -28,7 +28,6 @@ import static org.mockito.Mockito.when;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
-import com.google.gson.Gson;
 import google.registry.model.console.ConsoleUpdateHistory;
 import google.registry.model.console.GlobalRole;
 import google.registry.model.console.RegistrarRole;
@@ -36,7 +35,6 @@ import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarPoc;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.Action;
 import google.registry.request.RequestModule;
 import google.registry.request.auth.AuthResult;
@@ -51,13 +49,9 @@ import java.util.Map;
 import java.util.Optional;
 import java.util.stream.Collectors;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link google.registry.ui.server.console.RegistrarsAction}. */
-class RegistrarsActionTest {
-
-  private static final Gson GSON = RequestModule.provideGson();
-  private ConsoleApiParams consoleApiParams;
+class RegistrarsActionTest extends ConsoleActionBaseTestCase {
 
   private StringGenerator passwordGenerator =
       new DeterministicStringGenerator("abcdefghijklmnopqrstuvwxyz");
@@ -94,10 +88,6 @@ class RegistrarsActionTest {
           "{ \"street\": [\"test street\"], \"city\": \"test city\", \"state\": \"test state\","
               + " \"zip\": \"00700\", \"countryCode\": \"US\" }");
 
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().buildIntegrationTestExtension();
-
   @Test
   void testSuccess_onlyRealAndOteRegistrars() {
     Registrar registrar = persistNewRegistrar("registrarId");
@@ -115,8 +105,8 @@ class RegistrarsActionTest {
                 createUser(
                     new UserRoles.Builder().setGlobalRole(GlobalRole.SUPPORT_LEAD).build())));
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
-    String payload = ((FakeResponse) consoleApiParams.response()).getPayload();
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    String payload = response.getPayload();
 
     var actualRegistrarIds =
         ImmutableList.copyOf(GSON.fromJson(payload, Registrar[].class)).stream()
@@ -135,8 +125,8 @@ class RegistrarsActionTest {
             AuthResult.createUser(
                 createUser(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())));
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
-    String payload = ((FakeResponse) consoleApiParams.response()).getPayload();
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    String payload = response.getPayload();
     assertThat(
             ImmutableList.of(
                     "\"registrarId\":\"NewRegistrar\"",
@@ -162,8 +152,8 @@ class RegistrarsActionTest {
                         .build())));
 
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
-    String payload = ((FakeResponse) consoleApiParams.response()).getPayload();
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    String payload = response.getPayload();
     Registrar[] registrars = GSON.fromJson(payload, Registrar[].class);
     assertThat(registrars).hasLength(1);
     assertThat(registrars[0].getRegistrarId()).isEqualTo("registrarId");
@@ -171,12 +161,9 @@ class RegistrarsActionTest {
 
   @Test
   void testSuccess_createRegistrar() {
-    RegistrarsAction action =
-        createAction(
-            Action.Method.POST,
-            AuthResult.createUser(createUser(new UserRoles.Builder().setIsAdmin(true).build())));
+    RegistrarsAction action = createAction(Action.Method.POST, AuthResult.createUser(fteUser));
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     Registrar r = loadRegistrar("regIdTest");
     assertThat(r).isNotNull();
     assertThat(
@@ -202,14 +189,10 @@ class RegistrarsActionTest {
                           .filter(entry -> !entry.getKey().equals(key))
                           .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)));
               RegistrarsAction action =
-                  createAction(
-                      Action.Method.POST,
-                      AuthResult.createUser(
-                          createUser(new UserRoles.Builder().setIsAdmin(true).build())));
+                  createAction(Action.Method.POST, AuthResult.createUser(fteUser));
               action.run();
-              assertThat(((FakeResponse) consoleApiParams.response()).getStatus())
-                  .isEqualTo(SC_BAD_REQUEST);
-              assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+              assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+              assertThat(response.getPayload())
                   .isEqualTo(
                       String.format(
                           "Missing value for %s", userFriendlyKeysToRegistrarKeys.get(key)));
@@ -219,13 +202,10 @@ class RegistrarsActionTest {
   @Test
   void testFailure_createRegistrar_existingRegistrar() {
     saveRegistrar("regIdTest");
-    RegistrarsAction action =
-        createAction(
-            Action.Method.POST,
-            AuthResult.createUser(createUser(new UserRoles.Builder().setIsAdmin(true).build())));
+    RegistrarsAction action = createAction(Action.Method.POST, AuthResult.createUser(fteUser));
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo("Registrar with registrarId regIdTest already exists");
   }
 
@@ -237,6 +217,7 @@ class RegistrarsActionTest {
   private RegistrarsAction createAction(Action.Method method, AuthResult authResult) {
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
     when(consoleApiParams.request().getMethod()).thenReturn(method.toString());
+    response = (FakeResponse) consoleApiParams.response();
     if (method.equals(Action.Method.GET)) {
       return new RegistrarsAction(
           consoleApiParams, Optional.ofNullable(null), passwordGenerator, passcodeGenerator);

core/src/test/java/google/registry/ui/server/console/domains/ConsoleBulkDomainActionTest.java

@@ -17,7 +17,6 @@ package google.registry.ui.server.console.domains;
 import static com.google.common.truth.Truth.assertThat;
 import static google.registry.model.common.FeatureFlag.FeatureName.MINIMUM_DATASET_CONTACTS_OPTIONAL;
 import static google.registry.model.common.FeatureFlag.FeatureStatus.INACTIVE;
-import static google.registry.testing.DatabaseHelper.createTld;
 import static google.registry.testing.DatabaseHelper.loadByEntity;
 import static google.registry.testing.DatabaseHelper.loadSingleton;
 import static google.registry.testing.DatabaseHelper.persistActiveContact;
@@ -33,36 +32,28 @@ import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSortedMap;
-import com.google.gson.Gson;
 import com.google.gson.JsonElement;
 import google.registry.flows.DaggerEppTestComponent;
 import google.registry.flows.EppController;
 import google.registry.flows.EppTestComponent;
 import google.registry.model.common.FeatureFlag;
 import google.registry.model.console.ConsoleUpdateHistory;
-import google.registry.model.console.GlobalRole;
 import google.registry.model.console.RegistrarRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.model.domain.Domain;
 import google.registry.model.eppcommon.StatusValue;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.ConsoleApiParamsUtils;
-import google.registry.testing.FakeClock;
 import google.registry.testing.FakeResponse;
-import google.registry.tools.GsonUtils;
+import google.registry.ui.server.console.ConsoleActionBaseTestCase;
 import google.registry.ui.server.console.ConsoleApiParams;
 import java.util.Optional;
-import org.joda.time.DateTime;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link ConsoleBulkDomainAction}. */
-public class ConsoleBulkDomainActionTest {
-
-  private static final Gson GSON = GsonUtils.provideGson();
+public class ConsoleBulkDomainActionTest extends ConsoleActionBaseTestCase {
 
   private static ImmutableSet<StatusValue> serverSuspensionStatuses =
       ImmutableSet.of(
@@ -72,14 +63,7 @@ public class ConsoleBulkDomainActionTest {
           StatusValue.SERVER_DELETE_PROHIBITED,
           StatusValue.SERVER_HOLD);
 
-  private final FakeClock clock = new FakeClock(DateTime.parse("2024-05-13T00:00:00.000Z"));
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().withClock(clock).buildIntegrationTestExtension();
-
   private EppController eppController;
-  private FakeResponse fakeResponse;
   private Domain domain;
 
   @BeforeEach
@@ -96,7 +80,6 @@ public class ConsoleBulkDomainActionTest {
             .build()
             .startRequest()
             .eppController();
-    createTld("tld");
     domain =
         persistDomainWithDependentResources(
             "example",
@@ -115,8 +98,8 @@ public class ConsoleBulkDomainActionTest {
             GSON.toJsonTree(
                 ImmutableMap.of("domainList", ImmutableList.of("example.tld"), "reason", "test")));
     action.run();
-    assertThat(fakeResponse.getStatus()).isEqualTo(SC_OK);
-    assertThat(fakeResponse.getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getPayload())
         .isEqualTo(
             """
 {"example.tld":{"message":"Command completed successfully; action pending",\
@@ -129,22 +112,14 @@ public class ConsoleBulkDomainActionTest {
 
   @Test
   void testSuccess_suspend() throws Exception {
-    User adminUser =
-        persistResource(
-            new User.Builder()
-                .setEmailAddress("email@email.com")
-                .setUserRoles(
-                    new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).setIsAdmin(true).build())
-                .build());
     ConsoleBulkDomainAction action =
         createAction(
             "SUSPEND",
             GSON.toJsonTree(
-                ImmutableMap.of("domainList", ImmutableList.of("example.tld"), "reason", "test")),
-            adminUser);
+                ImmutableMap.of("domainList", ImmutableList.of("example.tld"), "reason", "test")));
     action.run();
-    assertThat(fakeResponse.getStatus()).isEqualTo(SC_OK);
-    assertThat(fakeResponse.getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getPayload())
         .isEqualTo(
             """
             {"example.tld":{"message":"Command completed successfully","responseCode":1000}}""");
@@ -157,25 +132,17 @@ public class ConsoleBulkDomainActionTest {
 
   @Test
   void testSuccess_unsuspend() throws Exception {
-    User adminUser =
-        persistResource(
-            new User.Builder()
-                .setEmailAddress("email@email.com")
-                .setUserRoles(
-                    new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).setIsAdmin(true).build())
-                .build());
     persistResource(domain.asBuilder().addStatusValues(serverSuspensionStatuses).build());
     ConsoleBulkDomainAction action =
         createAction(
             "UNSUSPEND",
             GSON.toJsonTree(
-                ImmutableMap.of("domainList", ImmutableList.of("example.tld"), "reason", "test")),
-            adminUser);
+                ImmutableMap.of("domainList", ImmutableList.of("example.tld"), "reason", "test")));
     assertThat(loadByEntity(domain).getStatusValues())
         .containsAtLeastElementsIn(serverSuspensionStatuses);
     action.run();
-    assertThat(fakeResponse.getStatus()).isEqualTo(SC_OK);
-    assertThat(fakeResponse.getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getPayload())
         .isEqualTo(
             """
             {"example.tld":{"message":"Command completed successfully","responseCode":1000}}""");
@@ -197,8 +164,8 @@ public class ConsoleBulkDomainActionTest {
                     "reason",
                     "test")));
     action.run();
-    assertThat(fakeResponse.getStatus()).isEqualTo(SC_OK);
-    assertThat(fakeResponse.getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getPayload())
         .isEqualTo(
             """
 {"example.tld":{"message":"Command completed successfully; action pending","responseCode":1001},\
@@ -214,8 +181,8 @@ public class ConsoleBulkDomainActionTest {
   void testFailure_badActionString() {
     ConsoleBulkDomainAction action = createAction("bad", GSON.toJsonTree(ImmutableMap.of()));
     action.run();
-    assertThat(fakeResponse.getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(fakeResponse.getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo(
             "No enum constant"
                 + " google.registry.ui.server.console.domains.ConsoleDomainActionType.BulkAction.bad");
@@ -225,8 +192,8 @@ public class ConsoleBulkDomainActionTest {
   void testFailure_emptyBody() {
     ConsoleBulkDomainAction action = createAction("DELETE", null);
     action.run();
-    assertThat(fakeResponse.getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(fakeResponse.getPayload()).isEqualTo("Bulk action payload must be present");
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload()).isEqualTo("Bulk action payload must be present");
   }
 
   @Test
@@ -247,7 +214,7 @@ public class ConsoleBulkDomainActionTest {
                         .build())
                 .build());
     action.run();
-    assertThat(fakeResponse.getStatus()).isEqualTo(SC_FORBIDDEN);
+    assertThat(response.getStatus()).isEqualTo(SC_FORBIDDEN);
   }
 
   // @ptkach - reenable with suspend change
@@ -271,21 +238,14 @@ public class ConsoleBulkDomainActionTest {
   // }
 
   private ConsoleBulkDomainAction createAction(String action, JsonElement payload) {
-    User user =
-        persistResource(
-            new User.Builder()
-                .setEmailAddress("email@email.com")
-                .setUserRoles(
-                    new UserRoles.Builder().setIsAdmin(true).setGlobalRole(GlobalRole.FTE).build())
-                .build());
-    return createAction(action, payload, user);
+    return createAction(action, payload, fteUser);
   }
 
   private ConsoleBulkDomainAction createAction(String action, JsonElement payload, User user) {
     AuthResult authResult = AuthResult.createUser(user);
     ConsoleApiParams params = ConsoleApiParamsUtils.createFake(authResult);
     when(params.request().getMethod()).thenReturn("POST");
-    fakeResponse = (FakeResponse) params.response();
+    response = (FakeResponse) params.response();
     return new ConsoleBulkDomainAction(
         params, eppController, "TheRegistrar", action, Optional.ofNullable(payload));
   }

core/src/test/java/google/registry/ui/server/console/settings/ContactActionTest.java

@@ -20,7 +20,6 @@ import static google.registry.model.registrar.RegistrarPoc.Type.ABUSE;
 import static google.registry.model.registrar.RegistrarPoc.Type.ADMIN;
 import static google.registry.model.registrar.RegistrarPoc.Type.MARKETING;
 import static google.registry.model.registrar.RegistrarPoc.Type.TECH;
-import static google.registry.testing.DatabaseHelper.createAdminUser;
 import static google.registry.testing.DatabaseHelper.insertInDb;
 import static google.registry.testing.DatabaseHelper.loadAllOf;
 import static google.registry.testing.SqlHelper.saveRegistrar;
@@ -36,19 +35,16 @@ import static org.mockito.Mockito.when;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
-import com.google.gson.Gson;
 import google.registry.model.console.RegistrarRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarPoc;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.Action;
-import google.registry.request.RequestModule;
 import google.registry.request.auth.AuthResult;
 import google.registry.testing.ConsoleApiParamsUtils;
 import google.registry.testing.FakeResponse;
-import google.registry.ui.server.console.ConsoleApiParams;
+import google.registry.ui.server.console.ConsoleActionBaseTestCase;
 import google.registry.util.EmailMessage;
 import jakarta.mail.internet.AddressException;
 import jakarta.mail.internet.InternetAddress;
@@ -57,10 +53,9 @@ import java.util.HashMap;
 import java.util.Optional;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link google.registry.ui.server.console.settings.ContactAction}. */
-class ContactActionTest {
+class ContactActionTest extends ConsoleActionBaseTestCase {
   private static String jsonRegistrar1 =
       "{\"name\":\"Test Registrar 1\","
           + "\"emailAddress\":\"test.registrar1@example.com\","
@@ -70,17 +65,10 @@ class ContactActionTest {
           + "\"visibleInWhoisAsTech\":false,\"visibleInDomainWhoisAsAbuse\":false}";
 
   private Registrar testRegistrar;
-  private ConsoleApiParams consoleApiParams;
   private RegistrarPoc adminPoc;
   private RegistrarPoc techPoc;
   private RegistrarPoc marketingPoc;
 
-  private static final Gson GSON = RequestModule.provideGson();
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().buildIntegrationTestExtension();
-
   @BeforeEach
   void beforeEach() {
     testRegistrar = saveRegistrar("registrarId");
@@ -122,28 +110,19 @@ class ContactActionTest {
   @Test
   void testSuccess_getContactInfo() throws IOException {
     insertInDb(adminPoc);
-    ContactAction action =
-        createAction(
-            Action.Method.GET,
-            AuthResult.createUser(createAdminUser("email@email.com")),
-            testRegistrar.getRegistrarId());
+    ContactAction action = createAction(Action.Method.GET, fteUser, testRegistrar.getRegistrarId());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
-        .isEqualTo("[" + jsonRegistrar1 + "]");
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getPayload()).isEqualTo("[" + jsonRegistrar1 + "]");
   }
 
   @Test
   void testSuccess_noOp() throws IOException {
     insertInDb(adminPoc);
     ContactAction action =
-        createAction(
-            Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
-            testRegistrar.getRegistrarId(),
-            adminPoc);
+        createAction(Action.Method.POST, fteUser, testRegistrar.getRegistrarId(), adminPoc);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     verify(consoleApiParams.sendEmailUtils().gmailClient, never()).sendEmail(any());
   }
 
@@ -151,14 +130,10 @@ class ContactActionTest {
   void testSuccess_onlyContactsWithNonEmptyType() throws IOException {
     adminPoc = adminPoc.asBuilder().setTypes(ImmutableSet.of()).build();
     insertInDb(adminPoc);
-    ContactAction action =
-        createAction(
-            Action.Method.GET,
-            AuthResult.createUser(createAdminUser("email@email.com")),
-            testRegistrar.getRegistrarId());
+    ContactAction action = createAction(Action.Method.GET, fteUser, testRegistrar.getRegistrarId());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload()).isEqualTo("[]");
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getPayload()).isEqualTo("[]");
   }
 
   @Test
@@ -166,13 +141,9 @@ class ContactActionTest {
     insertInDb(adminPoc);
     ContactAction action =
         createAction(
-            Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
-            testRegistrar.getRegistrarId(),
-            adminPoc,
-            techPoc);
+            Action.Method.POST, fteUser, testRegistrar.getRegistrarId(), adminPoc, techPoc);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertThat(
             loadAllOf(RegistrarPoc.class).stream()
                 .filter(r -> r.registrarId.equals(testRegistrar.getRegistrarId()))
@@ -186,13 +157,9 @@ class ContactActionTest {
     insertInDb(techPoc.asBuilder().setEmailAddress("incorrect@email.com").build());
     ContactAction action =
         createAction(
-            Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
-            testRegistrar.getRegistrarId(),
-            adminPoc,
-            techPoc);
+            Action.Method.POST, fteUser, testRegistrar.getRegistrarId(), adminPoc, techPoc);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     HashMap<String, String> testResult = new HashMap<>();
     loadAllOf(RegistrarPoc.class).stream()
         .filter(r -> r.registrarId.equals(testRegistrar.getRegistrarId()))
@@ -210,13 +177,13 @@ class ContactActionTest {
     ContactAction action =
         createAction(
             Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
+            fteUser,
             testRegistrar.getRegistrarId(),
             adminPoc,
             techPoc.asBuilder().setEmailAddress("test.registrar1@example.com").build());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo(
             "One email address (test.registrar1@example.com) cannot be used for multiple contacts");
     assertThat(
@@ -232,13 +199,12 @@ class ContactActionTest {
     ContactAction action =
         createAction(
             Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
+            fteUser,
             testRegistrar.getRegistrarId(),
             adminPoc.asBuilder().setTypes(ImmutableSet.of(ABUSE)).build());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
-        .isEqualTo("Must have at least one primary contact");
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload()).isEqualTo("Must have at least one primary contact");
     assertThat(
             loadAllOf(RegistrarPoc.class).stream()
                 .filter(r -> r.registrarId.equals(testRegistrar.getRegistrarId()))
@@ -253,7 +219,7 @@ class ContactActionTest {
     ContactAction action =
         createAction(
             Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
+            fteUser,
             testRegistrar.getRegistrarId(),
             adminPoc
                 .asBuilder()
@@ -261,8 +227,8 @@ class ContactActionTest {
                 .setTypes(ImmutableSet.of(ADMIN, TECH))
                 .build());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo("Please provide a phone number for at least one technical contact");
     assertThat(
             loadAllOf(RegistrarPoc.class).stream()
@@ -276,12 +242,12 @@ class ContactActionTest {
     ContactAction action =
         createAction(
             Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
+            fteUser,
             testRegistrar.getRegistrarId(),
             adminPoc.asBuilder().setPhoneNumber(null).setVisibleInDomainWhoisAsAbuse(true).build());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo("The abuse contact visible in domain WHOIS query must have a phone number");
     assertThat(
             loadAllOf(RegistrarPoc.class).stream()
@@ -297,12 +263,12 @@ class ContactActionTest {
     ContactAction action =
         createAction(
             Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
+            fteUser,
             testRegistrar.getRegistrarId(),
             adminPoc.asBuilder().setVisibleInDomainWhoisAsAbuse(false).build());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo("An abuse contact visible in domain WHOIS query must be designated");
     assertThat(
             loadAllOf(RegistrarPoc.class).stream()
@@ -317,7 +283,7 @@ class ContactActionTest {
     ContactAction action =
         createAction(
             Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
+            fteUser,
             testRegistrar.getRegistrarId(),
             adminPoc
                 .asBuilder()
@@ -325,8 +291,8 @@ class ContactActionTest {
                 .setRegistryLockEmailAddress("lock@example.com")
                 .build());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo("Cannot set registry lock password directly on new contact");
     assertThat(
             loadAllOf(RegistrarPoc.class).stream()
@@ -347,12 +313,12 @@ class ContactActionTest {
     ContactAction action =
         createAction(
             Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
+            fteUser,
             testRegistrar.getRegistrarId(),
             adminPoc.asBuilder().setRegistryLockEmailAddress("unlock@example.com").build());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo("Cannot modify registryLockEmailAddress through the UI");
     assertThat(
             loadAllOf(RegistrarPoc.class).stream()
@@ -374,12 +340,12 @@ class ContactActionTest {
     ContactAction action =
         createAction(
             Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
+            fteUser,
             testRegistrar.getRegistrarId(),
             adminPoc.asBuilder().setAllowedToSetRegistryLockPassword(true).build());
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_BAD_REQUEST);
-    assertThat(((FakeResponse) consoleApiParams.response()).getPayload())
+    assertThat(response.getStatus()).isEqualTo(SC_BAD_REQUEST);
+    assertThat(response.getPayload())
         .isEqualTo("Cannot modify isAllowedToSetRegistryLockPassword through the UI");
     assertThat(
             loadAllOf(RegistrarPoc.class).stream()
@@ -392,13 +358,9 @@ class ContactActionTest {
   void testSuccess_sendsEmail() throws IOException, AddressException {
     insertInDb(techPoc.asBuilder().setEmailAddress("incorrect@email.com").build());
     ContactAction action =
-        createAction(
-            Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
-            testRegistrar.getRegistrarId(),
-            techPoc);
+        createAction(Action.Method.POST, fteUser, testRegistrar.getRegistrarId(), techPoc);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     verify(consoleApiParams.sendEmailUtils().gmailClient, times(1))
         .sendEmail(
             EmailMessage.newBuilder()
@@ -407,7 +369,7 @@ class ContactActionTest {
                         + " environment")
                 .setBody(
                     "The following changes were made in registry unittest environment to the"
-                        + " registrar registrarId by admin email@email.com:\n"
+                        + " registrar registrarId by admin fte@email.tld:\n"
                         + "\n"
                         + "contacts:\n"
                         + "    ADDED:\n"
@@ -442,13 +404,9 @@ class ContactActionTest {
     insertInDb(adminPoc, techPoc, marketingPoc);
     ContactAction action =
         createAction(
-            Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
-            testRegistrar.getRegistrarId(),
-            adminPoc,
-            techPoc);
+            Action.Method.POST, fteUser, testRegistrar.getRegistrarId(), adminPoc, techPoc);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     assertThat(
             loadAllOf(RegistrarPoc.class).stream()
                 .filter(r -> r.registrarId.equals(testRegistrar.getRegistrarId()))
@@ -463,43 +421,39 @@ class ContactActionTest {
     ContactAction action =
         createAction(
             Action.Method.POST,
-            AuthResult.createUser(
-                new User.Builder()
-                    .setEmailAddress("email@email.com")
-                    .setUserRoles(
-                        new UserRoles.Builder()
-                            .setRegistrarRoles(
-                                ImmutableMap.of(
-                                    testRegistrar.getRegistrarId(), RegistrarRole.ACCOUNT_MANAGER))
-                            .build())
-                    .build()),
+            new User.Builder()
+                .setEmailAddress("email@email.com")
+                .setUserRoles(
+                    new UserRoles.Builder()
+                        .setRegistrarRoles(
+                            ImmutableMap.of(
+                                testRegistrar.getRegistrarId(), RegistrarRole.ACCOUNT_MANAGER))
+                        .build())
+                .build(),
             testRegistrar.getRegistrarId(),
             techPoc);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_FORBIDDEN);
+    assertThat(response.getStatus()).isEqualTo(SC_FORBIDDEN);
   }
 
   @Test
   void testFailure_changesAdminEmail() throws Exception {
     insertInDb(adminPoc.asBuilder().setEmailAddress("oldemail@example.com").build());
     ContactAction action =
-        createAction(
-            Action.Method.POST,
-            AuthResult.createUser(createAdminUser("email@email.com")),
-            testRegistrar.getRegistrarId(),
-            adminPoc);
+        createAction(Action.Method.POST, fteUser, testRegistrar.getRegistrarId(), adminPoc);
     action.run();
-    FakeResponse fakeResponse = (FakeResponse) consoleApiParams.response();
+    FakeResponse fakeResponse = response;
     assertThat(fakeResponse.getStatus()).isEqualTo(400);
     assertThat(fakeResponse.getPayload())
         .isEqualTo("Cannot remove or change the email address of primary contacts");
   }
 
   private ContactAction createAction(
-      Action.Method method, AuthResult authResult, String registrarId, RegistrarPoc... contacts)
+      Action.Method method, User user, String registrarId, RegistrarPoc... contacts)
       throws IOException {
-    consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
+    consoleApiParams = ConsoleApiParamsUtils.createFake(AuthResult.createUser(user));
     when(consoleApiParams.request().getMethod()).thenReturn(method.toString());
+    response = (FakeResponse) consoleApiParams.response();
     if (method.equals(Action.Method.GET)) {
       return new ContactAction(consoleApiParams, registrarId, Optional.empty());
     } else {

core/src/test/java/google/registry/ui/server/console/settings/RdapRegistrarFieldsActionTest.java

@@ -26,13 +26,11 @@ import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSetMultimap;
 import com.google.common.collect.Maps;
-import com.google.gson.Gson;
 import google.registry.model.console.ConsoleUpdateHistory;
 import google.registry.model.console.RegistrarRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.model.registrar.Registrar;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.Action;
 import google.registry.request.RequestModule;
 import google.registry.request.auth.AuthResult;
@@ -40,24 +38,18 @@ import google.registry.request.auth.AuthenticatedRegistrarAccessor;
 import google.registry.request.auth.AuthenticatedRegistrarAccessor.Role;
 import google.registry.testing.ConsoleApiParamsUtils;
 import google.registry.testing.DatabaseHelper;
-import google.registry.testing.FakeClock;
 import google.registry.testing.FakeResponse;
-import google.registry.ui.server.console.ConsoleApiParams;
+import google.registry.ui.server.console.ConsoleActionBaseTestCase;
 import google.registry.ui.server.console.ConsoleModule;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.StringReader;
 import java.util.HashMap;
-import org.joda.time.DateTime;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link RdapRegistrarFieldsAction}. */
-public class RdapRegistrarFieldsActionTest {
+public class RdapRegistrarFieldsActionTest extends ConsoleActionBaseTestCase {
 
-  private ConsoleApiParams consoleApiParams;
-  private static final Gson GSON = RequestModule.provideGson();
-  private final FakeClock clock = new FakeClock(DateTime.parse("2023-08-01T00:00:00.000Z"));
   private final AuthenticatedRegistrarAccessor registrarAccessor =
       AuthenticatedRegistrarAccessor.createForTesting(
           ImmutableSetMultimap.of("TheRegistrar", Role.OWNER, "NewRegistrar", Role.OWNER));
@@ -81,10 +73,6 @@ public class RdapRegistrarFieldsActionTest {
               "{\"street\": [\"123 Example Boulevard\"], \"city\": \"Williamsburg\", \"state\":"
                   + " \"NY\", \"zip\": \"11201\", \"countryCode\": \"US\"}"));
 
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().withClock(clock).buildIntegrationTestExtension();
-
   @Test
   void testSuccess_setsAllFields() throws Exception {
     Registrar oldRegistrar = Registrar.loadRequiredRegistrarCached("TheRegistrar");
@@ -113,7 +101,7 @@ public class RdapRegistrarFieldsActionTest {
                 + " \"NL\", \"zip\": \"10011\", \"countryCode\": \"CA\"}"));
     RdapRegistrarFieldsAction action = createAction();
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
     Registrar newRegistrar = Registrar.loadByRegistrarId("TheRegistrar").get(); // skip cache
     assertThat(newRegistrar.getLocalizedAddress().toJsonMap()).isEqualTo(addressMap);
     assertThat(newRegistrar.getPhoneNumber()).isEqualTo("+1.4155552671");
@@ -130,34 +118,30 @@ public class RdapRegistrarFieldsActionTest {
   @Test
   void testFailure_noAccessToRegistrar() throws Exception {
     Registrar newRegistrar = Registrar.loadByRegistrarIdCached("NewRegistrar").get();
-    AuthResult onlyTheRegistrar =
-        AuthResult.createUser(
-            new User.Builder()
-                .setEmailAddress("email@email.example")
-                .setUserRoles(
-                    new UserRoles.Builder()
-                        .setRegistrarRoles(
-                            ImmutableMap.of("TheRegistrar", RegistrarRole.PRIMARY_CONTACT))
-                        .build())
-                .build());
+    User onlyTheRegistrar =
+        new User.Builder()
+            .setEmailAddress("email@email.example")
+            .setUserRoles(
+                new UserRoles.Builder()
+                    .setRegistrarRoles(
+                        ImmutableMap.of("TheRegistrar", RegistrarRole.PRIMARY_CONTACT))
+                    .build())
+            .build();
     uiRegistrarMap.put("registrarId", "NewRegistrar");
     RdapRegistrarFieldsAction action = createAction(onlyTheRegistrar);
     action.run();
-    assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_FORBIDDEN);
+    assertThat(response.getStatus()).isEqualTo(SC_FORBIDDEN);
     // should be no change
     assertThat(DatabaseHelper.loadByEntity(newRegistrar)).isEqualTo(newRegistrar);
   }
 
-  private AuthResult defaultUserAuth() {
-    return AuthResult.createUser(DatabaseHelper.createAdminUser("email@email.example"));
-  }
-
   private RdapRegistrarFieldsAction createAction() throws IOException {
-    return createAction(defaultUserAuth());
+    return createAction(fteUser);
   }
 
-  private RdapRegistrarFieldsAction createAction(AuthResult authResult) throws IOException {
-    consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
+  private RdapRegistrarFieldsAction createAction(User user) throws IOException {
+    consoleApiParams = ConsoleApiParamsUtils.createFake(AuthResult.createUser(user));
+    response = (FakeResponse) consoleApiParams.response();
     when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.POST.toString());
     doReturn(new BufferedReader(new StringReader(uiRegistrarMap.toString())))
         .when(consoleApiParams.request())

core/src/test/java/google/registry/ui/server/console/settings/SecurityActionTest.java

@@ -27,20 +27,14 @@ import static org.mockito.Mockito.when;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSetMultimap;
 import com.google.common.collect.ImmutableSortedMap;
-import com.google.gson.Gson;
 import google.registry.flows.certs.CertificateChecker;
 import google.registry.model.console.ConsoleUpdateHistory;
 import google.registry.model.registrar.Registrar;
-import google.registry.persistence.transaction.JpaTestExtensions;
 import google.registry.request.Action;
 import google.registry.request.RequestModule;
-import google.registry.request.auth.AuthResult;
 import google.registry.request.auth.AuthenticatedRegistrarAccessor;
-import google.registry.testing.ConsoleApiParamsUtils;
-import google.registry.testing.DatabaseHelper;
-import google.registry.testing.FakeClock;
 import google.registry.testing.FakeResponse;
-import google.registry.ui.server.console.ConsoleApiParams;
+import google.registry.ui.server.console.ConsoleActionBaseTestCase;
 import google.registry.ui.server.console.ConsoleModule;
 import java.io.BufferedReader;
 import java.io.IOException;
@@ -49,19 +43,15 @@ import java.util.Optional;
 import org.joda.time.DateTime;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.RegisterExtension;
 
 /** Tests for {@link google.registry.ui.server.console.settings.SecurityAction}. */
-class SecurityActionTest {
+class SecurityActionTest extends ConsoleActionBaseTestCase {
 
   private static String jsonRegistrar1 =
       String.format(
           "{\"registrarId\": \"registrarId\", \"clientCertificate\": \"%s\","
               + " \"ipAddressAllowList\": [\"192.168.1.1/32\"]}",
           SAMPLE_CERT2);
-  private static final Gson GSON = RequestModule.provideGson();
-  private ConsoleApiParams consoleApiParams;
-  private final FakeClock clock = new FakeClock();
   private Registrar testRegistrar;
 
   private AuthenticatedRegistrarAccessor registrarAccessor =
@@ -77,10 +67,6 @@ class SecurityActionTest {
           ImmutableSet.of("secp256r1", "secp384r1"),
           clock);
 
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().withClock(clock).buildIntegrationTestExtension();
-
   @BeforeEach
   void beforeEach() {
     testRegistrar = saveRegistrar("registrarId");
@@ -91,7 +77,6 @@ class SecurityActionTest {
     clock.setTo(DateTime.parse("2020-11-01T00:00:00Z"));
     SecurityAction action =
         createAction(
-            AuthResult.createUser(DatabaseHelper.createAdminUser("email@email.com")),
             testRegistrar.getRegistrarId());
     action.run();
     assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
@@ -105,9 +90,7 @@ class SecurityActionTest {
     assertThat(history.getDescription()).hasValue("registrarId");
   }
 
-  private SecurityAction createAction(AuthResult authResult, String registrarId)
-      throws IOException {
-    consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
+  private SecurityAction createAction(String registrarId) throws IOException {
     when(consoleApiParams.request().getMethod()).thenReturn(Action.Method.POST.toString());
     doReturn(new BufferedReader(new StringReader(jsonRegistrar1)))
         .when(consoleApiParams.request())

core/src/test/java/google/registry/webdriver/ConsoleScreenshotTest.java

@@ -16,12 +16,16 @@ package google.registry.webdriver;
 
 import static com.google.common.truth.Truth.assertThat;
 import static google.registry.server.Fixture.BASIC;
+import static google.registry.testing.DatabaseHelper.persistResource;
 
 import com.google.common.collect.ImmutableMap;
 import google.registry.model.console.GlobalRole;
 import google.registry.model.console.RegistrarRole;
+import google.registry.model.registrar.Registrar;
 import google.registry.server.RegistryTestServer;
 import java.util.List;
+import org.joda.time.DateTime;
+import org.joda.time.DateTimeZone;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Timeout;
 import org.junit.jupiter.api.condition.EnabledIfSystemProperty;
@@ -74,6 +78,10 @@ public class ConsoleScreenshotTest {
   @BeforeEach
   void beforeEach() throws Exception {
     server.setRegistrarRoles(ImmutableMap.of("TheRegistrar", RegistrarRole.ACCOUNT_MANAGER));
+    Registrar registrar = Registrar.loadByRegistrarId("TheRegistrar").get();
+    registrar =
+        registrar.asBuilder().setLastPocVerificationDate(DateTime.now(DateTimeZone.UTC)).build();
+    persistResource(registrar);
     loadHomePage();
   }
 

core/src/test/resources/google/registry/flows/domain_check.xml

@@ -0,0 +1,11 @@
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <command>
+    <check>
+      <domain:check
+       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>%DOMAIN%</domain:name>
+      </domain:check>
+    </check>
+    <clTRID>ABC-12345</clTRID>
+  </command>
+</epp>

core/src/test/resources/google/registry/tools/server/domain_create_contacts.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <command>
+    <create>
+      <domain:create
+       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>example.tld</domain:name>
+        <domain:period unit="y">1</domain:period>
+        <domain:registrant>crr-admin</domain:registrant>
+        <domain:contact type="admin">crr-admin</domain:contact>
+        <domain:contact type="tech">crr-tech</domain:contact>
+        <domain:authInfo>
+          <domain:pw>abcdefghijklmnop</domain:pw>
+        </domain:authInfo>
+      </domain:create>
+    </create>
+    <clTRID>RegistryTool</clTRID>
+  </command>
+</epp>

core/src/test/resources/google/registry/tools/server/domain_create_minimal.xml

@@ -6,9 +6,6 @@
        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
         <domain:name>example.tld</domain:name>
         <domain:period unit="y">1</domain:period>
-        <domain:registrant>crr-admin</domain:registrant>
-        <domain:contact type="admin">crr-admin</domain:contact>
-        <domain:contact type="tech">crr-tech</domain:contact>
         <domain:authInfo>
           <domain:pw>abcdefghijklmnop</domain:pw>
         </domain:authInfo>

db/src/main/resources/sql/er_diagram/brief_er_diagram.html

@@ -261,26 +261,26 @@ td.section {
     </tr>
     <tr>
      <td class="property_name">generated on</td>
-     <td class="property_value">2025-04-18 20:02:20</td>
+     <td class="property_value">2025-06-02 14:41:34</td>
     </tr>
     <tr>
      <td class="property_name">last flyway file</td>
-     <td id="lastFlywayFile" class="property_value">V192__add_last_poc_verification_date.sql</td>
+     <td id="lastFlywayFile" class="property_value">V195__registrar_poc_id.sql</td>
     </tr>
    </tbody>
   </table>
   <p>&nbsp;</p>
   <p>&nbsp;</p>
-  <svg viewBox="0.00 0.00 4903.00 3666.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="erDiagram" style="overflow: hidden; width: 100%; height: 800px">
-   <g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 3662)">
+  <svg viewBox="0.00 0.00 4903.00 3732.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="erDiagram" style="overflow: hidden; width: 100%; height: 800px">
+   <g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 3728)">
     <title>
      SchemaCrawler_Diagram
     </title>
-    <polygon fill="white" stroke="transparent" points="-4,4 -4,-3662 4899,-3662 4899,4 -4,4" />
+    <polygon fill="white" stroke="transparent" points="-4,4 -4,-3728 4899,-3728 4899,4 -4,4" />
     <text text-anchor="start" x="4655" y="-29.8" font-family="Helvetica,sans-Serif" font-size="14.00">generated by</text>
     <text text-anchor="start" x="4738" y="-29.8" font-family="Helvetica,sans-Serif" font-size="14.00">SchemaCrawler 16.25.2</text>
     <text text-anchor="start" x="4654" y="-10.8" font-family="Helvetica,sans-Serif" font-size="14.00">generated on</text>
-    <text text-anchor="start" x="4738" y="-10.8" font-family="Helvetica,sans-Serif" font-size="14.00">2025-04-18 20:02:20</text>
+    <text text-anchor="start" x="4738" y="-10.8" font-family="Helvetica,sans-Serif" font-size="14.00">2025-06-02 14:41:34</text>
     <polygon fill="none" stroke="#888888" points="4651,-4 4651,-44 4887,-44 4887,-4 4651,-4" /> <!-- allocationtoken_a08ccbef -->
     <g id="node1" class="node">
      <title>
@@ -404,7 +404,7 @@ td.section {
      <polyline fill="none" stroke="black" points="769.5,-845.99 774.5,-845.99 " />
      <text text-anchor="start" x="790" y="-849.8" font-family="Helvetica,sans-Serif" font-size="14.00">fk_billing_event_cancellation_matching_billing_recurrence_id</text>
     </g> <!-- registrar_6e1503e3 -->
-    <g id="node35" class="node">
+    <g id="node36" class="node">
      <title>
       registrar_6e1503e3
      </title>
@@ -765,7 +765,7 @@ td.section {
      <polyline fill="none" stroke="black" points="209.49,-1035.98 213.47,-1032.96 " />
      <text text-anchor="start" x="1269" y="-620.8" font-family="Helvetica,sans-Serif" font-size="14.00">fk_domain_transfer_losing_registrar_id</text>
     </g> <!-- tld_f1fa57e2 -->
-    <g id="node46" class="node">
+    <g id="node47" class="node">
      <title>
       tld_f1fa57e2
      </title>
@@ -1153,7 +1153,7 @@ td.section {
      <text text-anchor="start" x="4742.5" y="-1956.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
      <polygon fill="none" stroke="#888888" points="4532,-1950.5 4532,-2047.5 4867,-2047.5 4867,-1950.5 4532,-1950.5" />
     </g> <!-- user_f2216f01 -->
-    <g id="node48" class="node">
+    <g id="node49" class="node">
      <title>
       user_f2216f01
      </title>
@@ -1900,74 +1900,87 @@ td.section {
      <text text-anchor="start" x="4719.5" y="-2648.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
      <text text-anchor="start" x="4739.5" y="-2648.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
      <polygon fill="none" stroke="#888888" points="4551,-2642 4551,-2720 4848,-2720 4848,-2642 4551,-2642" />
-    </g> <!-- premiumentry_b0060b91 -->
+    </g> <!-- passwordresetrequest_8484e7b1 -->
     <g id="node32" class="node">
+     <title>
+      passwordresetrequest_8484e7b1
+     </title>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4554.5,-2766 4554.5,-2785 4770.5,-2785 4770.5,-2766 4554.5,-2766" />
+     <text text-anchor="start" x="4556.5" y="-2772.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."PasswordResetRequest"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4770.5,-2766 4770.5,-2785 4844.5,-2785 4844.5,-2766 4770.5,-2766" />
+     <text text-anchor="start" x="4805.5" y="-2771.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="4556.5" y="-2753.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">verification_code</text>
+     <text text-anchor="start" x="4718.5" y="-2752.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4772.5" y="-2752.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <polygon fill="none" stroke="#888888" points="4553.5,-2746 4553.5,-2786 4845.5,-2786 4845.5,-2746 4553.5,-2746" />
+    </g> <!-- premiumentry_b0060b91 -->
+    <g id="node33" class="node">
      <title>
       premiumentry_b0060b91
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4585.5,-2785 4585.5,-2804 4740.5,-2804 4740.5,-2785 4585.5,-2785" />
-     <text text-anchor="start" x="4587.5" y="-2791.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."PremiumEntry"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4740.5,-2785 4740.5,-2804 4814.5,-2804 4814.5,-2785 4740.5,-2785" />
-     <text text-anchor="start" x="4775.5" y="-2790.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="4587.5" y="-2772.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
-     <text text-anchor="start" x="4706.5" y="-2771.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4742.5" y="-2771.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
-     <text text-anchor="start" x="4587.5" y="-2753.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">domain_label</text>
-     <text text-anchor="start" x="4706.5" y="-2752.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4742.5" y="-2752.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <polygon fill="none" stroke="#888888" points="4584,-2746.5 4584,-2805.5 4815,-2805.5 4815,-2746.5 4584,-2746.5" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="4585.5,-2851 4585.5,-2870 4740.5,-2870 4740.5,-2851 4585.5,-2851" />
+     <text text-anchor="start" x="4587.5" y="-2857.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."PremiumEntry"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4740.5,-2851 4740.5,-2870 4814.5,-2870 4814.5,-2851 4740.5,-2851" />
+     <text text-anchor="start" x="4775.5" y="-2856.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="4587.5" y="-2838.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
+     <text text-anchor="start" x="4706.5" y="-2837.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4742.5" y="-2837.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
+     <text text-anchor="start" x="4587.5" y="-2819.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">domain_label</text>
+     <text text-anchor="start" x="4706.5" y="-2818.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4742.5" y="-2818.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <polygon fill="none" stroke="#888888" points="4584,-2812.5 4584,-2871.5 4815,-2871.5 4815,-2812.5 4584,-2812.5" />
     </g> <!-- premiumlist_7c3ea68b -->
-    <g id="node33" class="node">
+    <g id="node34" class="node">
      <title>
       premiumlist_7c3ea68b
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="3921,-2784 3921,-2803 4066,-2803 4066,-2784 3921,-2784" />
-     <text text-anchor="start" x="3923" y="-2790.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."PremiumList"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4066,-2784 4066,-2803 4176,-2803 4176,-2784 4066,-2784" />
-     <text text-anchor="start" x="4137" y="-2789.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="3923" y="-2771.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
-     <text text-anchor="start" x="4029" y="-2770.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4068" y="-2770.8" font-family="Helvetica,sans-Serif" font-size="14.00">bigserial not null</text>
-     <text text-anchor="start" x="4029" y="-2751.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4068" y="-2751.8" font-family="Helvetica,sans-Serif" font-size="14.00">auto-incremented</text>
-     <text text-anchor="start" x="3923" y="-2732.8" font-family="Helvetica,sans-Serif" font-size="14.00">name</text>
-     <text text-anchor="start" x="4029" y="-2732.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4068" y="-2732.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <polygon fill="none" stroke="#888888" points="3919.5,-2726 3919.5,-2804 4176.5,-2804 4176.5,-2726 3919.5,-2726" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="3921,-2850 3921,-2869 4066,-2869 4066,-2850 3921,-2850" />
+     <text text-anchor="start" x="3923" y="-2856.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."PremiumList"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4066,-2850 4066,-2869 4176,-2869 4176,-2850 4066,-2850" />
+     <text text-anchor="start" x="4137" y="-2855.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="3923" y="-2837.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
+     <text text-anchor="start" x="4029" y="-2836.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4068" y="-2836.8" font-family="Helvetica,sans-Serif" font-size="14.00">bigserial not null</text>
+     <text text-anchor="start" x="4029" y="-2817.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4068" y="-2817.8" font-family="Helvetica,sans-Serif" font-size="14.00">auto-incremented</text>
+     <text text-anchor="start" x="3923" y="-2798.8" font-family="Helvetica,sans-Serif" font-size="14.00">name</text>
+     <text text-anchor="start" x="4029" y="-2798.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4068" y="-2798.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <polygon fill="none" stroke="#888888" points="3919.5,-2792 3919.5,-2870 4176.5,-2870 4176.5,-2792 3919.5,-2792" />
     </g> <!-- premiumentry_b0060b91&#45;&gt;premiumlist_7c3ea68b -->
     <g id="edge36" class="edge">
      <title>
       premiumentry_b0060b91:w-&gt;premiumlist_7c3ea68b:e
      </title>
-     <path fill="none" stroke="black" d="M4566.39,-2775C4403.38,-2775 4353.85,-2775 4187.11,-2775" />
-     <polygon fill="black" stroke="black" points="4574.5,-2775 4584.5,-2779.5 4579.5,-2775 4584.5,-2775 4584.5,-2775 4584.5,-2775 4579.5,-2775 4584.5,-2770.5 4574.5,-2775 4574.5,-2775" />
-     <ellipse fill="none" stroke="black" cx="4570.5" cy="-2775" rx="4" ry="4" />
-     <polygon fill="black" stroke="black" points="4178,-2780 4178,-2770 4180,-2770 4180,-2780 4178,-2780" />
-     <polyline fill="none" stroke="black" points="4177,-2775 4182,-2775 " />
-     <polygon fill="black" stroke="black" points="4183,-2780 4183,-2770 4185,-2770 4185,-2780 4183,-2780" />
-     <polyline fill="none" stroke="black" points="4182,-2775 4187,-2775 " />
-     <text text-anchor="start" x="4273.5" y="-2778.8" font-family="Helvetica,sans-Serif" font-size="14.00">fko0gw90lpo1tuee56l0nb6y6g5</text>
+     <path fill="none" stroke="black" d="M4566.39,-2841C4403.38,-2841 4353.85,-2841 4187.11,-2841" />
+     <polygon fill="black" stroke="black" points="4574.5,-2841 4584.5,-2845.5 4579.5,-2841 4584.5,-2841 4584.5,-2841 4584.5,-2841 4579.5,-2841 4584.5,-2836.5 4574.5,-2841 4574.5,-2841" />
+     <ellipse fill="none" stroke="black" cx="4570.5" cy="-2841" rx="4" ry="4" />
+     <polygon fill="black" stroke="black" points="4178,-2846 4178,-2836 4180,-2836 4180,-2846 4178,-2846" />
+     <polyline fill="none" stroke="black" points="4177,-2841 4182,-2841 " />
+     <polygon fill="black" stroke="black" points="4183,-2846 4183,-2836 4185,-2836 4185,-2846 4183,-2846" />
+     <polyline fill="none" stroke="black" points="4182,-2841 4187,-2841 " />
+     <text text-anchor="start" x="4273.5" y="-2844.8" font-family="Helvetica,sans-Serif" font-size="14.00">fko0gw90lpo1tuee56l0nb6y6g5</text>
     </g> <!-- rderevision_83396864 -->
-    <g id="node34" class="node">
+    <g id="node35" class="node">
      <title>
       rderevision_83396864
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4589.5,-2890 4589.5,-2909 4732.5,-2909 4732.5,-2890 4589.5,-2890" />
-     <text text-anchor="start" x="4591.5" y="-2896.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."RdeRevision"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4732.5,-2890 4732.5,-2909 4810.5,-2909 4810.5,-2890 4732.5,-2890" />
-     <text text-anchor="start" x="4771.5" y="-2895.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="4591.5" y="-2877.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">tld</text>
-     <text text-anchor="start" x="4681.5" y="-2876.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4734.5" y="-2876.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <text text-anchor="start" x="4591.5" y="-2858.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">mode</text>
-     <text text-anchor="start" x="4681.5" y="-2857.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4734.5" y="-2857.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <text text-anchor="start" x="4591.5" y="-2839.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">"date"</text>
-     <text text-anchor="start" x="4681.5" y="-2838.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4734.5" y="-2838.8" font-family="Helvetica,sans-Serif" font-size="14.00">date not null</text>
-     <polygon fill="none" stroke="#888888" points="4588,-2832 4588,-2910 4811,-2910 4811,-2832 4588,-2832" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="4589.5,-2956 4589.5,-2975 4732.5,-2975 4732.5,-2956 4589.5,-2956" />
+     <text text-anchor="start" x="4591.5" y="-2962.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."RdeRevision"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4732.5,-2956 4732.5,-2975 4810.5,-2975 4810.5,-2956 4732.5,-2956" />
+     <text text-anchor="start" x="4771.5" y="-2961.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="4591.5" y="-2943.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">tld</text>
+     <text text-anchor="start" x="4681.5" y="-2942.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4734.5" y="-2942.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <text text-anchor="start" x="4591.5" y="-2924.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">mode</text>
+     <text text-anchor="start" x="4681.5" y="-2923.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4734.5" y="-2923.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <text text-anchor="start" x="4591.5" y="-2905.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">"date"</text>
+     <text text-anchor="start" x="4681.5" y="-2904.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4734.5" y="-2904.8" font-family="Helvetica,sans-Serif" font-size="14.00">date not null</text>
+     <polygon fill="none" stroke="#888888" points="4588,-2898 4588,-2976 4811,-2976 4811,-2898 4588,-2898" />
     </g> <!-- registrarpoc_ab47054d -->
-    <g id="node36" class="node">
+    <g id="node37" class="node">
      <title>
       registrarpoc_ab47054d
      </title>
@@ -1996,7 +2009,7 @@ td.section {
      <polyline fill="none" stroke="black" points="208.93,-1035.36 212.36,-1031.72 " />
      <text text-anchor="start" x="246" y="-222.8" font-family="Helvetica,sans-Serif" font-size="14.00">fk_registrar_poc_registrar_id</text>
     </g> <!-- registrarupdatehistory_8a38bed4 -->
-    <g id="node37" class="node">
+    <g id="node38" class="node">
      <title>
       registrarupdatehistory_8a38bed4
      </title>
@@ -2028,7 +2041,7 @@ td.section {
      <polyline fill="none" stroke="black" points="209,-1035.43 212.49,-1031.85 " />
      <text text-anchor="start" x="231" y="-142.8" font-family="Helvetica,sans-Serif" font-size="14.00">fkregistrarupdatehistoryregistrarid</text>
     </g> <!-- registrarpocupdatehistory_31e5d9aa -->
-    <g id="node38" class="node">
+    <g id="node39" class="node">
      <title>
       registrarpocupdatehistory_31e5d9aa
      </title>
@@ -2076,205 +2089,205 @@ td.section {
      <polyline fill="none" stroke="black" points="727.49,-165.72 732.48,-165.44 " />
      <text text-anchor="start" x="851.5" y="-151.8" font-family="Helvetica,sans-Serif" font-size="14.00">fkregistrarpocupdatehistoryemailaddress</text>
     </g> <!-- registrylock_ac88663e -->
-    <g id="node39" class="node">
+    <g id="node40" class="node">
      <title>
       registrylock_ac88663e
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4571.5,-3051 4571.5,-3070 4718.5,-3070 4718.5,-3051 4571.5,-3051" />
-     <text text-anchor="start" x="4573.5" y="-3057.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."RegistryLock"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4718.5,-3051 4718.5,-3070 4828.5,-3070 4828.5,-3051 4718.5,-3051" />
-     <text text-anchor="start" x="4789.5" y="-3056.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="4573.5" y="-3038.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
-     <text text-anchor="start" x="4699.5" y="-3037.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4720.5" y="-3037.8" font-family="Helvetica,sans-Serif" font-size="14.00">bigserial not null</text>
-     <text text-anchor="start" x="4699.5" y="-3018.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4720.5" y="-3018.8" font-family="Helvetica,sans-Serif" font-size="14.00">auto-incremented</text>
-     <text text-anchor="start" x="4573.5" y="-2999.8" font-family="Helvetica,sans-Serif" font-size="14.00">registrar_id</text>
-     <text text-anchor="start" x="4699.5" y="-2999.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4720.5" y="-2999.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <text text-anchor="start" x="4573.5" y="-2980.8" font-family="Helvetica,sans-Serif" font-size="14.00">repo_id</text>
-     <text text-anchor="start" x="4699.5" y="-2980.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4720.5" y="-2980.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <text text-anchor="start" x="4573.5" y="-2961.8" font-family="Helvetica,sans-Serif" font-size="14.00">verification_code</text>
-     <text text-anchor="start" x="4699.5" y="-2961.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4720.5" y="-2961.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <text text-anchor="start" x="4573.5" y="-2942.8" font-family="Helvetica,sans-Serif" font-size="14.00">relock_revision_id</text>
-     <text text-anchor="start" x="4699.5" y="-2942.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4720.5" y="-2942.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8</text>
-     <polygon fill="none" stroke="#888888" points="4570,-2936.5 4570,-3071.5 4829,-3071.5 4829,-2936.5 4570,-2936.5" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="4571.5,-3117 4571.5,-3136 4718.5,-3136 4718.5,-3117 4571.5,-3117" />
+     <text text-anchor="start" x="4573.5" y="-3123.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."RegistryLock"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4718.5,-3117 4718.5,-3136 4828.5,-3136 4828.5,-3117 4718.5,-3117" />
+     <text text-anchor="start" x="4789.5" y="-3122.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="4573.5" y="-3104.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
+     <text text-anchor="start" x="4699.5" y="-3103.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4720.5" y="-3103.8" font-family="Helvetica,sans-Serif" font-size="14.00">bigserial not null</text>
+     <text text-anchor="start" x="4699.5" y="-3084.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4720.5" y="-3084.8" font-family="Helvetica,sans-Serif" font-size="14.00">auto-incremented</text>
+     <text text-anchor="start" x="4573.5" y="-3065.8" font-family="Helvetica,sans-Serif" font-size="14.00">registrar_id</text>
+     <text text-anchor="start" x="4699.5" y="-3065.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4720.5" y="-3065.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <text text-anchor="start" x="4573.5" y="-3046.8" font-family="Helvetica,sans-Serif" font-size="14.00">repo_id</text>
+     <text text-anchor="start" x="4699.5" y="-3046.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4720.5" y="-3046.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <text text-anchor="start" x="4573.5" y="-3027.8" font-family="Helvetica,sans-Serif" font-size="14.00">verification_code</text>
+     <text text-anchor="start" x="4699.5" y="-3027.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4720.5" y="-3027.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <text text-anchor="start" x="4573.5" y="-3008.8" font-family="Helvetica,sans-Serif" font-size="14.00">relock_revision_id</text>
+     <text text-anchor="start" x="4699.5" y="-3008.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4720.5" y="-3008.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8</text>
+     <polygon fill="none" stroke="#888888" points="4570,-3002.5 4570,-3137.5 4829,-3137.5 4829,-3002.5 4570,-3002.5" />
     </g> <!-- registrylock_ac88663e&#45;&gt;registrylock_ac88663e -->
     <g id="edge64" class="edge">
      <title>
       registrylock_ac88663e:w-&gt;registrylock_ac88663e:e
      </title>
-     <path fill="none" stroke="black" d="M4554.85,-2953.77C4489.6,-2992.23 4503.78,-3093.5 4700,-3093.5 4902.83,-3093.5 4911.14,-3073.57 4838.29,-3045.63" />
-     <polygon fill="black" stroke="black" points="4562.44,-2950.23 4573.4,-2950.08 4566.97,-2948.11 4571.5,-2946 4571.5,-2946 4571.5,-2946 4566.97,-2948.11 4569.6,-2941.92 4562.44,-2950.23 4562.44,-2950.23" />
-     <ellipse fill="none" stroke="black" cx="4558.81" cy="-2951.92" rx="4" ry="4" />
-     <polygon fill="black" stroke="black" points="4827.7,-3047.04 4831.18,-3037.66 4833.05,-3038.36 4829.57,-3047.73 4827.7,-3047.04" />
-     <polyline fill="none" stroke="black" points="4828.5,-3042 4833.19,-3043.74 " />
-     <polygon fill="black" stroke="black" points="4832.39,-3048.77 4835.86,-3039.4 4837.74,-3040.09 4834.26,-3049.47 4832.39,-3048.77" />
-     <polyline fill="none" stroke="black" points="4833.19,-3043.74 4837.88,-3045.48 " />
-     <text text-anchor="start" x="4618" y="-3097.3" font-family="Helvetica,sans-Serif" font-size="14.00">fk2lhcwpxlnqijr96irylrh1707</text>
+     <path fill="none" stroke="black" d="M4554.85,-3019.77C4489.6,-3058.23 4503.78,-3159.5 4700,-3159.5 4902.83,-3159.5 4911.14,-3139.57 4838.29,-3111.63" />
+     <polygon fill="black" stroke="black" points="4562.44,-3016.23 4573.4,-3016.08 4566.97,-3014.11 4571.5,-3012 4571.5,-3012 4571.5,-3012 4566.97,-3014.11 4569.6,-3007.92 4562.44,-3016.23 4562.44,-3016.23" />
+     <ellipse fill="none" stroke="black" cx="4558.81" cy="-3017.92" rx="4" ry="4" />
+     <polygon fill="black" stroke="black" points="4827.7,-3113.04 4831.18,-3103.66 4833.05,-3104.36 4829.57,-3113.73 4827.7,-3113.04" />
+     <polyline fill="none" stroke="black" points="4828.5,-3108 4833.19,-3109.74 " />
+     <polygon fill="black" stroke="black" points="4832.39,-3114.77 4835.86,-3105.4 4837.74,-3106.09 4834.26,-3115.47 4832.39,-3114.77" />
+     <polyline fill="none" stroke="black" points="4833.19,-3109.74 4837.88,-3111.48 " />
+     <text text-anchor="start" x="4618" y="-3163.3" font-family="Helvetica,sans-Serif" font-size="14.00">fk2lhcwpxlnqijr96irylrh1707</text>
     </g> <!-- reservedentry_1a7b8520 -->
-    <g id="node40" class="node">
+    <g id="node41" class="node">
      <title>
       reservedentry_1a7b8520
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4584.5,-3169 4584.5,-3188 4741.5,-3188 4741.5,-3169 4584.5,-3169" />
-     <text text-anchor="start" x="4586.5" y="-3175.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."ReservedEntry"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4741.5,-3169 4741.5,-3188 4815.5,-3188 4815.5,-3169 4741.5,-3169" />
-     <text text-anchor="start" x="4776.5" y="-3174.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="4586.5" y="-3156.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
-     <text text-anchor="start" x="4706.5" y="-3155.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4743.5" y="-3155.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
-     <text text-anchor="start" x="4586.5" y="-3137.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">domain_label</text>
-     <text text-anchor="start" x="4706.5" y="-3136.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4743.5" y="-3136.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <polygon fill="none" stroke="#888888" points="4583,-3130.5 4583,-3189.5 4816,-3189.5 4816,-3130.5 4583,-3130.5" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="4584.5,-3235 4584.5,-3254 4741.5,-3254 4741.5,-3235 4584.5,-3235" />
+     <text text-anchor="start" x="4586.5" y="-3241.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."ReservedEntry"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4741.5,-3235 4741.5,-3254 4815.5,-3254 4815.5,-3235 4741.5,-3235" />
+     <text text-anchor="start" x="4776.5" y="-3240.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="4586.5" y="-3222.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
+     <text text-anchor="start" x="4706.5" y="-3221.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4743.5" y="-3221.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
+     <text text-anchor="start" x="4586.5" y="-3203.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">domain_label</text>
+     <text text-anchor="start" x="4706.5" y="-3202.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4743.5" y="-3202.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <polygon fill="none" stroke="#888888" points="4583,-3196.5 4583,-3255.5 4816,-3255.5 4816,-3196.5 4583,-3196.5" />
     </g> <!-- reservedlist_b97c3f1c -->
-    <g id="node41" class="node">
+    <g id="node42" class="node">
      <title>
       reservedlist_b97c3f1c
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="3920,-3168 3920,-3187 4066,-3187 4066,-3168 3920,-3168" />
-     <text text-anchor="start" x="3922" y="-3174.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."ReservedList"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4066,-3168 4066,-3187 4176,-3187 4176,-3168 4066,-3168" />
-     <text text-anchor="start" x="4137" y="-3173.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="3922" y="-3155.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
-     <text text-anchor="start" x="4029" y="-3154.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4068" y="-3154.8" font-family="Helvetica,sans-Serif" font-size="14.00">bigserial not null</text>
-     <text text-anchor="start" x="4029" y="-3135.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4068" y="-3135.8" font-family="Helvetica,sans-Serif" font-size="14.00">auto-incremented</text>
-     <text text-anchor="start" x="3922" y="-3116.8" font-family="Helvetica,sans-Serif" font-size="14.00">name</text>
-     <text text-anchor="start" x="4029" y="-3116.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4068" y="-3116.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <polygon fill="none" stroke="#888888" points="3919,-3110 3919,-3188 4177,-3188 4177,-3110 3919,-3110" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="3920,-3234 3920,-3253 4066,-3253 4066,-3234 3920,-3234" />
+     <text text-anchor="start" x="3922" y="-3240.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."ReservedList"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4066,-3234 4066,-3253 4176,-3253 4176,-3234 4066,-3234" />
+     <text text-anchor="start" x="4137" y="-3239.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="3922" y="-3221.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
+     <text text-anchor="start" x="4029" y="-3220.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4068" y="-3220.8" font-family="Helvetica,sans-Serif" font-size="14.00">bigserial not null</text>
+     <text text-anchor="start" x="4029" y="-3201.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4068" y="-3201.8" font-family="Helvetica,sans-Serif" font-size="14.00">auto-incremented</text>
+     <text text-anchor="start" x="3922" y="-3182.8" font-family="Helvetica,sans-Serif" font-size="14.00">name</text>
+     <text text-anchor="start" x="4029" y="-3182.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4068" y="-3182.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <polygon fill="none" stroke="#888888" points="3919,-3176 3919,-3254 4177,-3254 4177,-3176 3919,-3176" />
     </g> <!-- reservedentry_1a7b8520&#45;&gt;reservedlist_b97c3f1c -->
     <g id="edge65" class="edge">
      <title>
       reservedentry_1a7b8520:w-&gt;reservedlist_b97c3f1c:e
      </title>
-     <path fill="none" stroke="black" d="M4565.44,-3159C4402.83,-3159 4353.42,-3159 4187.08,-3159" />
-     <polygon fill="black" stroke="black" points="4573.5,-3159 4583.5,-3163.5 4578.5,-3159 4583.5,-3159 4583.5,-3159 4583.5,-3159 4578.5,-3159 4583.5,-3154.5 4573.5,-3159 4573.5,-3159" />
-     <ellipse fill="none" stroke="black" cx="4569.5" cy="-3159" rx="4" ry="4" />
-     <polygon fill="black" stroke="black" points="4178,-3164 4178,-3154 4180,-3154 4180,-3164 4178,-3164" />
-     <polyline fill="none" stroke="black" points="4177,-3159 4182,-3159 " />
-     <polygon fill="black" stroke="black" points="4183,-3164 4183,-3154 4185,-3154 4185,-3164 4183,-3164" />
-     <polyline fill="none" stroke="black" points="4182,-3159 4187,-3159 " />
-     <text text-anchor="start" x="4275" y="-3162.8" font-family="Helvetica,sans-Serif" font-size="14.00">fkgq03rk0bt1hb915dnyvd3vnfc</text>
+     <path fill="none" stroke="black" d="M4565.44,-3225C4402.83,-3225 4353.42,-3225 4187.08,-3225" />
+     <polygon fill="black" stroke="black" points="4573.5,-3225 4583.5,-3229.5 4578.5,-3225 4583.5,-3225 4583.5,-3225 4583.5,-3225 4578.5,-3225 4583.5,-3220.5 4573.5,-3225 4573.5,-3225" />
+     <ellipse fill="none" stroke="black" cx="4569.5" cy="-3225" rx="4" ry="4" />
+     <polygon fill="black" stroke="black" points="4178,-3230 4178,-3220 4180,-3220 4180,-3230 4178,-3230" />
+     <polyline fill="none" stroke="black" points="4177,-3225 4182,-3225 " />
+     <polygon fill="black" stroke="black" points="4183,-3230 4183,-3220 4185,-3220 4185,-3230 4183,-3230" />
+     <polyline fill="none" stroke="black" points="4182,-3225 4187,-3225 " />
+     <text text-anchor="start" x="4275" y="-3228.8" font-family="Helvetica,sans-Serif" font-size="14.00">fkgq03rk0bt1hb915dnyvd3vnfc</text>
     </g> <!-- serversecret_6cc90f09 -->
-    <g id="node42" class="node">
+    <g id="node43" class="node">
      <title>
       serversecret_6cc90f09
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4590.5,-3236 4590.5,-3255 4735.5,-3255 4735.5,-3236 4590.5,-3236" />
-     <text text-anchor="start" x="4592.5" y="-3242.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."ServerSecret"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4735.5,-3236 4735.5,-3255 4809.5,-3255 4809.5,-3236 4735.5,-3236" />
-     <text text-anchor="start" x="4770.5" y="-3241.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="4592.5" y="-3223.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">id</text>
-     <text text-anchor="start" x="4669.5" y="-3222.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4737.5" y="-3222.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
-     <polygon fill="none" stroke="#888888" points="4589,-3216 4589,-3256 4810,-3256 4810,-3216 4589,-3216" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="4590.5,-3302 4590.5,-3321 4735.5,-3321 4735.5,-3302 4590.5,-3302" />
+     <text text-anchor="start" x="4592.5" y="-3308.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."ServerSecret"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4735.5,-3302 4735.5,-3321 4809.5,-3321 4809.5,-3302 4735.5,-3302" />
+     <text text-anchor="start" x="4770.5" y="-3307.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="4592.5" y="-3289.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">id</text>
+     <text text-anchor="start" x="4669.5" y="-3288.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4737.5" y="-3288.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
+     <polygon fill="none" stroke="#888888" points="4589,-3282 4589,-3322 4810,-3322 4810,-3282 4589,-3282" />
     </g> <!-- signedmarkrevocationentry_99c39721 -->
-    <g id="node43" class="node">
+    <g id="node44" class="node">
      <title>
       signedmarkrevocationentry_99c39721
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4539.5,-3321 4539.5,-3340 4785.5,-3340 4785.5,-3321 4539.5,-3321" />
-     <text text-anchor="start" x="4541.5" y="-3327.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."SignedMarkRevocationEntry"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4785.5,-3321 4785.5,-3340 4859.5,-3340 4859.5,-3321 4785.5,-3321" />
-     <text text-anchor="start" x="4820.5" y="-3326.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="4541.5" y="-3308.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
-     <text text-anchor="start" x="4698.5" y="-3307.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4787.5" y="-3307.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
-     <text text-anchor="start" x="4541.5" y="-3289.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">smd_id</text>
-     <text text-anchor="start" x="4698.5" y="-3288.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4787.5" y="-3288.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <polygon fill="none" stroke="#888888" points="4538.5,-3282.5 4538.5,-3341.5 4860.5,-3341.5 4860.5,-3282.5 4538.5,-3282.5" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="4539.5,-3387 4539.5,-3406 4785.5,-3406 4785.5,-3387 4539.5,-3387" />
+     <text text-anchor="start" x="4541.5" y="-3393.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."SignedMarkRevocationEntry"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4785.5,-3387 4785.5,-3406 4859.5,-3406 4859.5,-3387 4785.5,-3387" />
+     <text text-anchor="start" x="4820.5" y="-3392.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="4541.5" y="-3374.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
+     <text text-anchor="start" x="4698.5" y="-3373.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4787.5" y="-3373.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
+     <text text-anchor="start" x="4541.5" y="-3355.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">smd_id</text>
+     <text text-anchor="start" x="4698.5" y="-3354.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4787.5" y="-3354.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <polygon fill="none" stroke="#888888" points="4538.5,-3348.5 4538.5,-3407.5 4860.5,-3407.5 4860.5,-3348.5 4538.5,-3348.5" />
     </g> <!-- signedmarkrevocationlist_c5d968fb -->
-    <g id="node44" class="node">
+    <g id="node45" class="node">
      <title>
       signedmarkrevocationlist_c5d968fb
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="3875,-3321 3875,-3340 4111,-3340 4111,-3321 3875,-3321" />
-     <text text-anchor="start" x="3877" y="-3327.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."SignedMarkRevocationList"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4111,-3321 4111,-3340 4221,-3340 4221,-3321 4111,-3321" />
-     <text text-anchor="start" x="4182" y="-3326.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="3877" y="-3308.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
-     <text text-anchor="start" x="4029" y="-3307.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4113" y="-3307.8" font-family="Helvetica,sans-Serif" font-size="14.00">bigserial not null</text>
-     <text text-anchor="start" x="4029" y="-3288.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4113" y="-3288.8" font-family="Helvetica,sans-Serif" font-size="14.00">auto-incremented</text>
-     <polygon fill="none" stroke="#888888" points="3874,-3282.5 3874,-3341.5 4222,-3341.5 4222,-3282.5 3874,-3282.5" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="3875,-3387 3875,-3406 4111,-3406 4111,-3387 3875,-3387" />
+     <text text-anchor="start" x="3877" y="-3393.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."SignedMarkRevocationList"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4111,-3387 4111,-3406 4221,-3406 4221,-3387 4111,-3387" />
+     <text text-anchor="start" x="4182" y="-3392.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="3877" y="-3374.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">revision_id</text>
+     <text text-anchor="start" x="4029" y="-3373.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4113" y="-3373.8" font-family="Helvetica,sans-Serif" font-size="14.00">bigserial not null</text>
+     <text text-anchor="start" x="4029" y="-3354.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4113" y="-3354.8" font-family="Helvetica,sans-Serif" font-size="14.00">auto-incremented</text>
+     <polygon fill="none" stroke="#888888" points="3874,-3348.5 3874,-3407.5 4222,-3407.5 4222,-3348.5 3874,-3348.5" />
     </g> <!-- signedmarkrevocationentry_99c39721&#45;&gt;signedmarkrevocationlist_c5d968fb -->
     <g id="edge66" class="edge">
      <title>
       signedmarkrevocationentry_99c39721:w-&gt;signedmarkrevocationlist_c5d968fb:e
      </title>
-     <path fill="none" stroke="black" d="M4520.16,-3311C4397.65,-3311 4358.34,-3311 4232.05,-3311" />
-     <polygon fill="black" stroke="black" points="4528.5,-3311 4538.5,-3315.5 4533.5,-3311 4538.5,-3311 4538.5,-3311 4538.5,-3311 4533.5,-3311 4538.5,-3306.5 4528.5,-3311 4528.5,-3311" />
-     <ellipse fill="none" stroke="black" cx="4524.5" cy="-3311" rx="4" ry="4" />
-     <polygon fill="black" stroke="black" points="4223,-3316 4223,-3306 4225,-3306 4225,-3316 4223,-3316" />
-     <polyline fill="none" stroke="black" points="4222,-3311 4227,-3311 " />
-     <polygon fill="black" stroke="black" points="4228,-3316 4228,-3306 4230,-3306 4230,-3316 4228,-3316" />
-     <polyline fill="none" stroke="black" points="4227,-3311 4232,-3311 " />
-     <text text-anchor="start" x="4284" y="-3314.8" font-family="Helvetica,sans-Serif" font-size="14.00">fk5ivlhvs3121yx2li5tqh54u4</text>
+     <path fill="none" stroke="black" d="M4520.16,-3377C4397.65,-3377 4358.34,-3377 4232.05,-3377" />
+     <polygon fill="black" stroke="black" points="4528.5,-3377 4538.5,-3381.5 4533.5,-3377 4538.5,-3377 4538.5,-3377 4538.5,-3377 4533.5,-3377 4538.5,-3372.5 4528.5,-3377 4528.5,-3377" />
+     <ellipse fill="none" stroke="black" cx="4524.5" cy="-3377" rx="4" ry="4" />
+     <polygon fill="black" stroke="black" points="4223,-3382 4223,-3372 4225,-3372 4225,-3382 4223,-3382" />
+     <polyline fill="none" stroke="black" points="4222,-3377 4227,-3377 " />
+     <polygon fill="black" stroke="black" points="4228,-3382 4228,-3372 4230,-3372 4230,-3382 4228,-3382" />
+     <polyline fill="none" stroke="black" points="4227,-3377 4232,-3377 " />
+     <text text-anchor="start" x="4284" y="-3380.8" font-family="Helvetica,sans-Serif" font-size="14.00">fk5ivlhvs3121yx2li5tqh54u4</text>
     </g> <!-- spec11threatmatch_a61228a6 -->
-    <g id="node45" class="node">
+    <g id="node46" class="node">
      <title>
       spec11threatmatch_a61228a6
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4549.5,-3464 4549.5,-3483 4739.5,-3483 4739.5,-3464 4549.5,-3464" />
-     <text text-anchor="start" x="4551.5" y="-3470.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."Spec11ThreatMatch"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4739.5,-3464 4739.5,-3483 4849.5,-3483 4849.5,-3464 4739.5,-3464" />
-     <text text-anchor="start" x="4810.5" y="-3469.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="4551.5" y="-3451.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">id</text>
-     <text text-anchor="start" x="4679.5" y="-3450.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4741.5" y="-3450.8" font-family="Helvetica,sans-Serif" font-size="14.00">bigserial not null</text>
-     <text text-anchor="start" x="4679.5" y="-3431.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4741.5" y="-3431.8" font-family="Helvetica,sans-Serif" font-size="14.00">auto-incremented</text>
-     <text text-anchor="start" x="4551.5" y="-3412.8" font-family="Helvetica,sans-Serif" font-size="14.00">check_date</text>
-     <text text-anchor="start" x="4679.5" y="-3412.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4741.5" y="-3412.8" font-family="Helvetica,sans-Serif" font-size="14.00">date not null</text>
-     <text text-anchor="start" x="4551.5" y="-3393.8" font-family="Helvetica,sans-Serif" font-size="14.00">registrar_id</text>
-     <text text-anchor="start" x="4679.5" y="-3393.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4741.5" y="-3393.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <text text-anchor="start" x="4551.5" y="-3374.8" font-family="Helvetica,sans-Serif" font-size="14.00">tld</text>
-     <text text-anchor="start" x="4679.5" y="-3374.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4741.5" y="-3374.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <polygon fill="none" stroke="#888888" points="4548.5,-3368 4548.5,-3484 4850.5,-3484 4850.5,-3368 4548.5,-3368" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="4549.5,-3530 4549.5,-3549 4739.5,-3549 4739.5,-3530 4549.5,-3530" />
+     <text text-anchor="start" x="4551.5" y="-3536.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."Spec11ThreatMatch"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4739.5,-3530 4739.5,-3549 4849.5,-3549 4849.5,-3530 4739.5,-3530" />
+     <text text-anchor="start" x="4810.5" y="-3535.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="4551.5" y="-3517.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">id</text>
+     <text text-anchor="start" x="4679.5" y="-3516.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4741.5" y="-3516.8" font-family="Helvetica,sans-Serif" font-size="14.00">bigserial not null</text>
+     <text text-anchor="start" x="4679.5" y="-3497.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4741.5" y="-3497.8" font-family="Helvetica,sans-Serif" font-size="14.00">auto-incremented</text>
+     <text text-anchor="start" x="4551.5" y="-3478.8" font-family="Helvetica,sans-Serif" font-size="14.00">check_date</text>
+     <text text-anchor="start" x="4679.5" y="-3478.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4741.5" y="-3478.8" font-family="Helvetica,sans-Serif" font-size="14.00">date not null</text>
+     <text text-anchor="start" x="4551.5" y="-3459.8" font-family="Helvetica,sans-Serif" font-size="14.00">registrar_id</text>
+     <text text-anchor="start" x="4679.5" y="-3459.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4741.5" y="-3459.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <text text-anchor="start" x="4551.5" y="-3440.8" font-family="Helvetica,sans-Serif" font-size="14.00">tld</text>
+     <text text-anchor="start" x="4679.5" y="-3440.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4741.5" y="-3440.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <polygon fill="none" stroke="#888888" points="4548.5,-3434 4548.5,-3550 4850.5,-3550 4850.5,-3434 4548.5,-3434" />
     </g> <!-- tmchcrl_d282355 -->
-    <g id="node47" class="node">
+    <g id="node48" class="node">
      <title>
       tmchcrl_d282355
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4604.5,-3530 4604.5,-3549 4721.5,-3549 4721.5,-3530 4604.5,-3530" />
-     <text text-anchor="start" x="4606.5" y="-3536.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."TmchCrl"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4721.5,-3530 4721.5,-3549 4795.5,-3549 4795.5,-3530 4721.5,-3530" />
-     <text text-anchor="start" x="4756.5" y="-3535.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="4606.5" y="-3517.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">id</text>
-     <text text-anchor="start" x="4669.5" y="-3516.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4723.5" y="-3516.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
-     <polygon fill="none" stroke="#888888" points="4603,-3510 4603,-3550 4796,-3550 4796,-3510 4603,-3510" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="4604.5,-3596 4604.5,-3615 4721.5,-3615 4721.5,-3596 4604.5,-3596" />
+     <text text-anchor="start" x="4606.5" y="-3602.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."TmchCrl"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4721.5,-3596 4721.5,-3615 4795.5,-3615 4795.5,-3596 4721.5,-3596" />
+     <text text-anchor="start" x="4756.5" y="-3601.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="4606.5" y="-3583.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">id</text>
+     <text text-anchor="start" x="4669.5" y="-3582.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4723.5" y="-3582.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
+     <polygon fill="none" stroke="#888888" points="4603,-3576 4603,-3616 4796,-3616 4796,-3576 4603,-3576" />
     </g> <!-- userupdatehistory_24efd476 -->
-    <g id="node49" class="node">
+    <g id="node50" class="node">
      <title>
       userupdatehistory_24efd476
      </title>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4570.5,-3634 4570.5,-3653 4754.5,-3653 4754.5,-3634 4570.5,-3634" />
-     <text text-anchor="start" x="4572.5" y="-3640.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."UserUpdateHistory"</text>
-     <polygon fill="#e9c2f2" stroke="transparent" points="4754.5,-3634 4754.5,-3653 4828.5,-3653 4828.5,-3634 4754.5,-3634" />
-     <text text-anchor="start" x="4789.5" y="-3639.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
-     <text text-anchor="start" x="4572.5" y="-3621.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">history_revision_id</text>
-     <text text-anchor="start" x="4724.5" y="-3620.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4756.5" y="-3620.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
-     <text text-anchor="start" x="4572.5" y="-3601.8" font-family="Helvetica,sans-Serif" font-size="14.00">email_address</text>
-     <text text-anchor="start" x="4724.5" y="-3601.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4756.5" y="-3601.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <text text-anchor="start" x="4572.5" y="-3582.8" font-family="Helvetica,sans-Serif" font-size="14.00">history_acting_user</text>
-     <text text-anchor="start" x="4724.5" y="-3582.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
-     <text text-anchor="start" x="4756.5" y="-3582.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
-     <polygon fill="none" stroke="#888888" points="4569.5,-3576 4569.5,-3654 4829.5,-3654 4829.5,-3576 4569.5,-3576" />
+     <polygon fill="#e9c2f2" stroke="transparent" points="4570.5,-3700 4570.5,-3719 4754.5,-3719 4754.5,-3700 4570.5,-3700" />
+     <text text-anchor="start" x="4572.5" y="-3706.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">public."UserUpdateHistory"</text>
+     <polygon fill="#e9c2f2" stroke="transparent" points="4754.5,-3700 4754.5,-3719 4828.5,-3719 4828.5,-3700 4754.5,-3700" />
+     <text text-anchor="start" x="4789.5" y="-3705.8" font-family="Helvetica,sans-Serif" font-size="14.00">[table]</text>
+     <text text-anchor="start" x="4572.5" y="-3687.8" font-family="Helvetica,sans-Serif" font-weight="bold" font-style="italic" font-size="14.00">history_revision_id</text>
+     <text text-anchor="start" x="4724.5" y="-3686.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4756.5" y="-3686.8" font-family="Helvetica,sans-Serif" font-size="14.00">int8 not null</text>
+     <text text-anchor="start" x="4572.5" y="-3667.8" font-family="Helvetica,sans-Serif" font-size="14.00">email_address</text>
+     <text text-anchor="start" x="4724.5" y="-3667.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4756.5" y="-3667.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <text text-anchor="start" x="4572.5" y="-3648.8" font-family="Helvetica,sans-Serif" font-size="14.00">history_acting_user</text>
+     <text text-anchor="start" x="4724.5" y="-3648.8" font-family="Helvetica,sans-Serif" font-size="14.00"> </text>
+     <text text-anchor="start" x="4756.5" y="-3648.8" font-family="Helvetica,sans-Serif" font-size="14.00">text not null</text>
+     <polygon fill="none" stroke="#888888" points="4569.5,-3642 4569.5,-3720 4829.5,-3720 4829.5,-3642 4569.5,-3642" />
     </g>
    </g>
   </svg>
@@ -2689,7 +2702,7 @@ td.section {
     <tr>
      <td class="spacer"></td>
      <td class="minwidth"></td>
-     <td class="minwidth">default '2021-05-31 20:00:00-04'::timestamp with time zone</td>
+     <td class="minwidth">default '2021-06-01 00:00:00+00'::timestamp with time zone</td>
     </tr>
     <tr>
      <td colspan="3"></td>
@@ -4982,6 +4995,37 @@ td.section {
    </tbody>
   </table>
   <p>&nbsp;</p>
+  <table>
+   <caption style="background-color: #E9C2F2;">
+    <span id="passwordresetrequest_8484e7b1" class="caption_name">public."PasswordResetRequest"</span> <span class="caption_description">[table]</span>
+   </caption>
+   <tbody>
+    <tr>
+     <td class="spacer"></td>
+     <td class="minwidth"><b><i>verification_code</i></b></td>
+     <td class="minwidth">text not null</td>
+    </tr>
+    <tr>
+     <td colspan="3"></td>
+    </tr>
+    <tr>
+     <td colspan="3" class="section">Primary Key</td>
+    </tr>
+    <tr>
+     <td colspan="3"></td>
+    </tr>
+    <tr>
+     <td colspan="2" class="name">"PasswordResetRequest_pkey"</td>
+     <td class="description right">[primary key]</td>
+    </tr>
+    <tr>
+     <td class="spacer"></td>
+     <td class="minwidth">verification_code</td>
+     <td class="minwidth"></td>
+    </tr>
+   </tbody>
+  </table>
+  <p>&nbsp;</p>
   <table>
    <caption style="background-color: #E9C2F2;">
     <span id="pollmessage_614a523e" class="caption_name">public."PollMessage"</span> <span class="caption_description">[table]</span>

db/src/main/resources/sql/flyway.txt

@@ -190,3 +190,6 @@ V189__remove_fk_consoleeppactionhistory.sql
 V190__remove_fk_registrarupdatehistory.sql
 V191__remove_fk_registrarpocupdatehistory.sql
 V192__add_last_poc_verification_date.sql
+V193__password_reset_request.sql
+V194__password_reset_request_registrar.sql
+V195__registrar_poc_id.sql

db/src/main/resources/sql/flyway/V193__password_reset_request.sql

@@ -0,0 +1,23 @@
+-- Copyright 2025 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+CREATE TABLE "PasswordResetRequest" (
+    type text NOT NULL,
+    request_time timestamptz NOT NULL,
+    requester text NOT NULL,
+    fulfillment_time timestamptz,
+    destination_email text NOT NULL,
+    verification_code text NOT NULL,
+    PRIMARY KEY (verification_code)
+);

db/src/main/resources/sql/flyway/V194__password_reset_request_registrar.sql

@@ -0,0 +1,17 @@
+-- Copyright 2025 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+ALTER TABLE "PasswordResetRequest" ADD COLUMN registrar_id text;
+UPDATE "PasswordResetRequest" SET registrar_id = '' WHERE registrar_id IS NULL;
+ALTER TABLE "PasswordResetRequest" ALTER COLUMN registrar_id SET NOT NULL;

db/src/main/resources/sql/flyway/V195__registrar_poc_id.sql

@@ -0,0 +1,15 @@
+-- Copyright 2025 The Nomulus Authors. All Rights Reserved.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+ALTER TABLE "RegistrarPoc" ADD COLUMN IF NOT EXISTS id BIGSERIAL;

db/src/main/resources/sql/schema/nomulus.golden.sql

@@ -842,6 +842,21 @@ CREATE SEQUENCE public."Package_promotion_id_seq"
 ALTER SEQUENCE public."Package_promotion_id_seq" OWNED BY public."PackagePromotion".package_promotion_id;
 
 
+--
+-- Name: PasswordResetRequest; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE public."PasswordResetRequest" (
+    type text NOT NULL,
+    request_time timestamp with time zone NOT NULL,
+    requester text NOT NULL,
+    fulfillment_time timestamp with time zone,
+    destination_email text NOT NULL,
+    verification_code text NOT NULL,
+    registrar_id text NOT NULL
+);
+
+
 --
 -- Name: PollMessage; Type: TABLE; Schema: public; Owner: -
 --
@@ -1005,7 +1020,8 @@ CREATE TABLE public."RegistrarPoc" (
     visible_in_whois_as_admin boolean NOT NULL,
     visible_in_whois_as_tech boolean NOT NULL,
     registry_lock_email_address text,
-    registrar_id text NOT NULL
+    registrar_id text NOT NULL,
+    id bigint NOT NULL
 );
 
 
@@ -1038,6 +1054,25 @@ CREATE TABLE public."RegistrarPocUpdateHistory" (
 );
 
 
+--
+-- Name: RegistrarPoc_id_seq; Type: SEQUENCE; Schema: public; Owner: -
+--
+
+CREATE SEQUENCE public."RegistrarPoc_id_seq"
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+
+--
+-- Name: RegistrarPoc_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
+--
+
+ALTER SEQUENCE public."RegistrarPoc_id_seq" OWNED BY public."RegistrarPoc".id;
+
+
 --
 -- Name: RegistrarUpdateHistory; Type: TABLE; Schema: public; Owner: -
 --
@@ -1430,6 +1465,13 @@ ALTER TABLE ONLY public."PackagePromotion" ALTER COLUMN package_promotion_id SET
 ALTER TABLE ONLY public."PremiumList" ALTER COLUMN revision_id SET DEFAULT nextval('public."PremiumList_revision_id_seq"'::regclass);
 
 
+--
+-- Name: RegistrarPoc id; Type: DEFAULT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public."RegistrarPoc" ALTER COLUMN id SET DEFAULT nextval('public."RegistrarPoc_id_seq"'::regclass);
+
+
 --
 -- Name: RegistryLock revision_id; Type: DEFAULT; Schema: public; Owner: -
 --
@@ -1682,6 +1724,14 @@ ALTER TABLE ONLY public."PackagePromotion"
     ADD CONSTRAINT "PackagePromotion_pkey" PRIMARY KEY (package_promotion_id);
 
 
+--
+-- Name: PasswordResetRequest PasswordResetRequest_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY public."PasswordResetRequest"
+    ADD CONSTRAINT "PasswordResetRequest_pkey" PRIMARY KEY (verification_code);
+
+
 --
 -- Name: PollMessage PollMessage_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --

java-format/google-java-format-git-diff.sh

@@ -40,7 +40,7 @@ where:
     show   show the effect of the formatting as unified diff"
 
 SCRIPT_DIR="$(realpath $(dirname $0))"
-JAR_NAME="google-java-format-1.23.0-all-deps.jar"
+JAR_NAME="google-java-format-1.27.0-all-deps.jar"
 
 # Make sure we have a valid python interpreter.
 if [ -z "$PYTHON" ]; then

util/src/main/java/google/registry/util/RegistryEnvironment.java

@@ -61,9 +61,6 @@ public enum RegistryEnvironment {
   /** Name of the environmental variable of the container name. */
   private static final String CONTAINER_ENV = "CONTAINER_NAME";
 
-  private static final boolean ON_JETTY =
-      Boolean.parseBoolean(System.getProperty(JETTY_PROPERTY, "false"));
-
   private static final boolean IS_CANARY =
       System.getenv().getOrDefault(CONTAINER_ENV, "").endsWith("-canary");
 
@@ -100,8 +97,9 @@ public enum RegistryEnvironment {
     return valueOf(Ascii.toUpperCase(System.getProperty(PROPERTY, UNITTEST.name())));
   }
 
+  // TODO(b/416299900): remove method after GAE is removed.
   public static boolean isOnJetty() {
-    return ON_JETTY;
+    return Boolean.parseBoolean(System.getProperty(JETTY_PROPERTY, "false"));
   }
 
   public static boolean isCanary() {