testing

This is only enabled for admins, for now at least. It sends an email to
the registry lock email address to reset it.

.github/workflows/codeql.yml

@@ -6,8 +6,6 @@ on:
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ 'master' ]
-  schedule:
-    - cron: '24 4 * * *'
 
 jobs:
   analyze:
@@ -49,13 +47,13 @@ jobs:
 
     # Build with Gradle
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v3
+      uses: gradle/actions/setup-gradle@v4
       with:
         build-scan-publish: true
-        build-scan-terms-of-service-url: "https://gradle.com/terms-of-service"
-        build-scan-terms-of-service-agree: "yes"
+        build-scan-terms-of-use-url: "https://gradle.com/terms-of-service"
+        build-scan-terms-of-use-agree: "yes"
     - name: Execute Gradle build
-      run: ./gradlew build -x test -x jIFC
+      run: ./gradlew --no-daemon --no-build-cache --no-configuration-cache --rerun-tasks clean build -x test -x jIFC
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)

CONTRIBUTORS

@@ -34,6 +34,8 @@ Guy Bensky <guyben@google.com>
 Weimin Yu <weiminyu@google.com>
 Shicong Huang <shicong@google.com>
 Gustav Brodman <gbrodman@google.com>
+Aman Sanger <sangera@google.com>
 Sarah Botwinick <sarahbot@google.com>
 Legina Chen <legina@google.com>
 Rachel Guan <rachelguan@google.com>
+Juan Celhay <jicelhay@google.com>

README.md

@@ -12,16 +12,16 @@ Nomulus is an open source, scalable, cloud-based service for operating
 [top-level domains](https://en.wikipedia.org/wiki/Top-level_domain) (TLDs). It
 is the authoritative source for the TLDs that it runs, meaning that it is
 responsible for tracking domain name ownership and handling registrations,
-renewals, availability checks, and WHOIS requests. End-user registrants (i.e.
+renewals, availability checks, and WHOIS requests. End-user registrants (i.e.,
 people or companies that want to register a domain name) use an intermediate
 domain name registrar acting on their behalf to interact with the registry.
 
-Nomulus runs on [Google App Engine][gae] and is written primarily in Java. It is
-the software that [Google Registry](https://www.registry.google/) uses to
-operate TLDs such as .google, .app, .how, .soy, and .みんな. It can run any
-number of TLDs in a single shared registry system using horizontal scaling. Its
-source code is publicly available in this repository under the [Apache 2.0 free
-and open source license](https://www.apache.org/licenses/LICENSE-2.0).
+Nomulus runs on [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine)
+and is written primarily in Java. It is the software that
+[Google Registry](https://www.registry.google/) uses to operate TLDs such as .google,
+.app, .how, .soy, and .みんな. It can run any number of TLDs in a single shared registry
+system using horizontal scaling. Its source code is publicly available in this
+repository under the [Apache 2.0 free and open source license](https://www.apache.org/licenses/LICENSE-2.0).
 
 ## Getting started
 
@@ -30,8 +30,8 @@ running system:
 
 *   [Install
     guide](https://github.com/google/nomulus/blob/master/docs/install.md)
-*   View the source code for the [GAE app](https://github.com/google/nomulus/tree/master/core/src/main/java/google/registry)
-    and for the [GKE proxy](https://github.com/google/nomulus/tree/master/proxy/src/main/java/google/registry)
+*   View the source code for the [Main HTTP server](https://github.com/google/nomulus/tree/master/core/src/main/java/google/registry)
+    and for the [EPP proxy](https://github.com/google/nomulus/tree/master/proxy/src/main/java/google/registry)
 *   [Other docs](https://github.com/google/nomulus/tree/master/docs)
 *   [Javadoc](https://javadoc.nomulus.foo/)
 *   [Nomulus discussion
@@ -54,9 +54,11 @@ Nomulus has the following capabilities:
     checking, updating, and transferring domain names.
 *   **[DNS](https://en.wikipedia.org/wiki/Domain_Name_System) interface**: The
     registry provides a pluggable interface that can be implemented to handle
-    different DNS providers. It includes a sample implementation using Google
-    Cloud DNS as well as an RFC 2136 compliant implementation that works with
-    BIND.
+    different DNS providers. It includes a sample implementation using [Google
+    Cloud DNS](https://cloud.google.com/dns/), as well as an RFC 2136 compliant
+    implementation that works with BIND. If you are using Google Cloud DNS, you
+    may need to understand its capabilities and provide your own
+    multi-[AS](https://en.wikipedia.org/wiki/Autonomous_system_\(Internet\)) solution.
 *   **[WHOIS](https://en.wikipedia.org/wiki/WHOIS)**: A text-based protocol that
     returns ownership and contact information on registered domain names.
 *   **[Registration Data Access Protocol
@@ -68,7 +70,7 @@ Nomulus has the following capabilities:
     provider to allow take-over by another registry operator in the event of
     serious failure. This is required by ICANN for all [new
     gTLDs](https://newgtlds.icann.org/).
-*   **Premium pricing**: Communicates prices for premium domain names (i.e.
+*   **Premium pricing**: Communicates prices for premium domain names (i.e.,
     those that are highly desirable) and supports configurable premium
     registration and renewal prices. An extensible interface allows fully
     programmatic pricing.
@@ -91,56 +93,50 @@ Nomulus has the following capabilities:
 *   **Administrative tool**: Performs the full range of administrative tasks
     needed to manage a running registry system, including creating and
     configuring new TLDs.
-*   **DNS interface**: An interface for DNS operations is provided so you can
-    write an implementation for your chosen provider, along with a sample
-    implementation that uses [Google Cloud DNS](https://cloud.google.com/dns/).
-    If you are using Google Cloud DNS you may need to understand its
-    capabilities and provide your own
-    multi-[AS](https://en.wikipedia.org/wiki/Autonomous_system_\(Internet\))
-    solution.
-*   **GAE Proxy**: App Engine Standard only serves HTTP/S traffic. A proxy to
-    forward traffic on EPP and WHOIS ports to App Engine via HTTPS is provided.
-    Instructions on setting up the proxy on
-    [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/)
-    is [available](https://github.com/google/nomulus/blob/master/docs/proxy-setup.md).
-    Running the proxy on GKE supports IPv4 and IPv6 access, per ICANN's
-    requirements for gTLDs. The proxy can also run as a single jar file, or on
-    other Kubernetes providers, with modifications.
+*   **Secure storage of cryptographic keys**: A keyring interface is
+      provided for plugging in your own implementation (see [configuration
+      doc](https://github.com/google/nomulus/blob/master/docs/configuration.md)
+      for details), and an implementation based on
+      [Google Cloud Secret Manager](https://cloud.google.com/security/products/secret-manager) is
+      available.
+*   **TPC Proxy**: Nomulus is built on top of the [Jetty](https://jetty.org/)
+    container that implements the [Jakarta Servlet](https://jakarta.ee/specifications/servlet/)
+    specification and only serves HTTP/S traffic. A proxy to translate raw TCP traffic (e.g., EPP)
+    to and from HTTP is provided.
+    Instructions on setting up the proxy
+    are [available](https://github.com/google/nomulus/blob/master/docs/proxy-setup.md).
+    The proxy can either run in a separate cluster and communicate to Nomulus public HTTP
+    endpoints via the Internet, or as a sidecar with the Nomulus image in the same pod and
+    communicate to it via loopback.
 
 ## Additional components
 
 Registry operators interested in deploying Nomulus will likely require some
-additional components that are need to be configured separately.
+additional components that need to be configured separately.
 
 *   A way to invoice registrars for domain name registrations and accept
     payments. Nomulus records the information required to generate invoices in
     [billing
     events](https://github.com/google/nomulus/blob/master/docs/code-structure.md#billing-events).
 *   Fully automated reporting to meet ICANN's requirements for gTLDs. Nomulus
-    includes substantial reporting functionality but some additional work will
+    includes substantial reporting functionality, but some additional work will
     be required by the operator in this area.
-*   A secure method for storing cryptographic keys. A keyring interface is
-    provided for plugging in your own implementation (see [configuration
-    doc](https://github.com/google/nomulus/blob/master/docs/configuration.md)
-    for details).
+
 *   System status and uptime monitoring.
 
 ## Outside references
 
-*   [Donuts](http://donuts.domains) Registry has helped review the code and
-    provided valuable feedback
+*   [Identity Digital](http://identity.digital) has helped review the code and
+    provided valuable feedback.
 *   [CoCCa](http://cocca.org.nz) and [FRED](https://fred.nic.cz) are other
-    open-source registry platforms in use by many TLDs
+    open-source registry platforms in use by many TLDs.
 *   We are not aware of any fully open source domain registrar projects, but
     open source EPP Toolkits (not yet tested with Nomulus; may require
     integration work) include:
-    *   [EPP RTK Project](http://epp-rtk.sourceforge.net/)
-    *   [CentralNic](https://www.centralnic.com/registry/labs)
+    *   [Universal Registry/Registrar Toolkit](https://sourceforge.net/projects/epp-rtk/)
     *   [ari-toolkit](https://github.com/AusRegistry/ari-toolkit)
     *   [Net::DRI](https://metacpan.org/pod/Net::DRI)
 *   Some Open Source DNS Projects that may be useful, but which we have not
     tested:
-    *   [AtomiaDNS](http://atomiadns.com/)
-    *   [PowerDNS](https://doc.powerdns.com/md/)
-
-[gae]:https://cloud.google.com/appengine/docs/about-the-standard-environment
+    *   [AtomiaDNS](https://github.com/atomia/atomiadns)
+    *   [PowerDNS](https://github.com/PowerDNS/pdns)

appengine_war.gradle

@@ -47,20 +47,9 @@ war {
 
 if (project.path == ":services:default") {
     war {
-        from("${coreResourcesDir}/google/registry/ui") {
-            include "registrar_bin.js"
-            if (environment != "production") {
-                include "registrar_bin.js.map"
-            }
-            into("assets/js")
-        }
-        from("${coreResourcesDir}/google/registry/ui/css") {
-            include "registrar*"
-            into("assets/css")
-        }
-        from("${coreResourcesDir}/google/registry/ui/assets/images") {
-            include "**/*"
-            into("assets/images")
+        from("${coreResourcesDir}/google/registry/ui/html") {
+            include "*.html"
+            into("registrar")
         }
     }
 }
@@ -101,10 +90,8 @@ explodeWar.doLast {
 
 appengineDeployAll.mustRunAfter ':console-webapp:deploy'
 appengineDeployAll.finalizedBy ':deployCloudSchedulerAndQueue'
-rootProject.deploy.dependsOn appengineDeployAll
 
 rootProject.stage.dependsOn appengineStage
-tasks['war'].dependsOn ':core:compileProdJS'
 tasks['war'].dependsOn ':core:processResources'
 tasks['war'].dependsOn ':core:jar'
 

build.gradle

@@ -95,26 +95,22 @@ task stage {
   description = 'Generates application directories for all services.'
 }
 
-// App-engine environment configuration.  We set up all of the variables in
-// the root project.
-
-def environments = ['production', 'sandbox', 'alpha', 'crash', 'qa']
-
 def gcpProject = null
 
 apply from: "${rootDir.path}/projects.gradle"
 
 if (environment == '') {
-    // Keep the project null, this will prevent deployment.  Set the
+    // Keep the project null, this will prevent deployment. Set the
     // environment to "alpha" because other code needs this property to
     // explode the war file.
     environment = 'alpha'
-} else if (environment != 'production' && environment != 'sandbox') {
+} else {
     gcpProject = projects[environment]
     if (gcpProject == null) {
         throw new GradleException("-Penvironment must be one of " +
                                   "${projects.keySet()}.")
     }
+    project(':console-webapp').setProperty('configuration', environment)
 }
 
 rootProject.ext.environment = environment
@@ -561,7 +557,7 @@ task deployCloudSchedulerAndQueue {
         commandLine 'go', 'run',
                 "./deployCloudSchedulerAndQueue.go",
                 "${rootDir}/core/src/main/java/google/registry/config/files/nomulus-config-${env}.yaml",
-                "${rootDir}/core/src/main/java/google/registry/env/${env}/default/WEB-INF/cloud-scheduler-tasks.xml",
+                "${rootDir}/core/src/main/java/google/registry/config/files/tasks/cloud-scheduler-tasks-${env}.xml",
                 "domain-registry-${env}"
       }
       exec {
@@ -569,7 +565,7 @@ task deployCloudSchedulerAndQueue {
         commandLine 'go', 'run',
                 "./deployCloudSchedulerAndQueue.go",
                 "${rootDir}/core/src/main/java/google/registry/config/files/nomulus-config-${env}.yaml",
-                "${rootDir}/core/src/main/java/google/registry/env/common/default/WEB-INF/cloud-tasks-queue.xml",
+                "${rootDir}/core/src/main/java/google/registry/config/files/cloud-tasks-queue.xml",
                 "domain-registry-${env}"
       }
     }

common/build.gradle

@@ -65,4 +65,5 @@ dependencies {
 
   testImplementation deps['org.junit.jupiter:junit-jupiter-api']
   testImplementation deps['org.junit.jupiter:junit-jupiter-engine']
+  testImplementation deps['org.junit.platform:junit-platform-launcher']
 }

common/gradle.lockfile

@@ -3,7 +3,7 @@
 # This file is expected to be part of source control.
 aopalliance:aopalliance:1.0=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
 com.github.ben-manes.caffeine:caffeine:3.0.5=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
-com.github.ben-manes.caffeine:caffeine:3.1.8=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
+com.github.ben-manes.caffeine:caffeine:3.2.0=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
 com.github.kevinstern:software-and-algorithms:1.0=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
 com.google.auto.service:auto-service-annotations:1.0.1=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
 com.google.auto.value:auto-value-annotations:1.11.0=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
@@ -12,7 +12,7 @@ com.google.auto:auto-common:1.2.1=annotationProcessor,errorprone,testAnnotationP
 com.google.code.findbugs:jsr305:3.0.2=annotationProcessor,checkstyle,compileClasspath,deploy_jar,errorprone,runtimeClasspath,testAnnotationProcessor,testCompileClasspath,testRuntimeClasspath,testing,testingAnnotationProcessor,testingCompileClasspath
 com.google.errorprone:error_prone_annotation:2.23.0=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
 com.google.errorprone:error_prone_annotations:2.23.0=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
-com.google.errorprone:error_prone_annotations:2.28.0=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
+com.google.errorprone:error_prone_annotations:2.36.0=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
 com.google.errorprone:error_prone_annotations:2.7.1=checkstyle
 com.google.errorprone:error_prone_check_api:2.23.0=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
 com.google.errorprone:error_prone_core:2.23.0=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
@@ -36,10 +36,11 @@ commons-beanutils:commons-beanutils:1.9.4=checkstyle
 commons-collections:commons-collections:3.2.2=checkstyle
 info.picocli:picocli:4.6.2=checkstyle
 io.github.eisop:dataflow-errorprone:3.34.0-eisop1=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
-io.github.java-diff-utils:java-diff-utils:4.12=annotationProcessor,compileClasspath,deploy_jar,errorprone,runtimeClasspath,testAnnotationProcessor,testCompileClasspath,testRuntimeClasspath,testing,testingAnnotationProcessor,testingCompileClasspath
-jakarta.inject:jakarta.inject-api:1.0.5=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
+io.github.java-diff-utils:java-diff-utils:4.12=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
+io.github.java-diff-utils:java-diff-utils:4.15=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
+jakarta.inject:jakarta.inject-api:2.0.1=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
 javax.inject:javax.inject:1=annotationProcessor,errorprone,testAnnotationProcessor,testingAnnotationProcessor
-joda-time:joda-time:2.13.0=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
+joda-time:joda-time:2.13.1=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
 junit:junit:4.13.2=testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
 net.sf.saxon:Saxon-HE:10.6=checkstyle
 org.antlr:antlr4-runtime:4.9.3=checkstyle
@@ -54,12 +55,13 @@ org.jacoco:org.jacoco.ant:0.8.12=jacocoAnt
 org.jacoco:org.jacoco.core:0.8.12=jacocoAnt
 org.jacoco:org.jacoco.report:0.8.12=jacocoAnt
 org.javassist:javassist:3.28.0-GA=checkstyle
-org.jspecify:jspecify:0.3.0=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
-org.junit.jupiter:junit-jupiter-api:5.11.0=testCompileClasspath,testRuntimeClasspath
-org.junit.jupiter:junit-jupiter-engine:5.11.0=testCompileClasspath,testRuntimeClasspath
-org.junit.platform:junit-platform-commons:1.11.0=testCompileClasspath,testRuntimeClasspath
-org.junit.platform:junit-platform-engine:1.11.0=testCompileClasspath,testRuntimeClasspath
-org.junit:junit-bom:5.11.0=testCompileClasspath,testRuntimeClasspath
+org.jspecify:jspecify:1.0.0=compileClasspath,deploy_jar,runtimeClasspath,testCompileClasspath,testRuntimeClasspath,testing,testingCompileClasspath
+org.junit.jupiter:junit-jupiter-api:5.12.1=testCompileClasspath,testRuntimeClasspath
+org.junit.jupiter:junit-jupiter-engine:5.12.1=testCompileClasspath,testRuntimeClasspath
+org.junit.platform:junit-platform-commons:1.12.1=testCompileClasspath,testRuntimeClasspath
+org.junit.platform:junit-platform-engine:1.12.1=testCompileClasspath,testRuntimeClasspath
+org.junit.platform:junit-platform-launcher:1.12.1=testCompileClasspath,testRuntimeClasspath
+org.junit:junit-bom:5.12.1=testCompileClasspath,testRuntimeClasspath
 org.opentest4j:opentest4j:1.3.0=testCompileClasspath,testRuntimeClasspath
 org.ow2.asm:asm-commons:9.7=jacocoAnt
 org.ow2.asm:asm-tree:9.7=jacocoAnt

common/src/main/java/google/registry/util/SystemClock.java

@@ -16,8 +16,8 @@ package google.registry.util;
 
 import static org.joda.time.DateTimeZone.UTC;
 
+import jakarta.inject.Inject;
 import javax.annotation.concurrent.ThreadSafe;
-import javax.inject.Inject;
 import org.joda.time.DateTime;
 
 /** Clock implementation that proxies to the real system clock. */

common/src/main/java/google/registry/util/SystemSleeper.java

@@ -17,9 +17,9 @@ package google.registry.util;
 import static com.google.common.base.Preconditions.checkArgument;
 
 import com.google.common.util.concurrent.Uninterruptibles;
+import jakarta.inject.Inject;
 import java.io.Serializable;
 import javax.annotation.concurrent.ThreadSafe;
-import javax.inject.Inject;
 import org.joda.time.ReadableDuration;
 
 /** Implementation of {@link Sleeper} for production use. */

common/src/testing/java/google/registry/testing/truth/TextDiffSubject.java

@@ -63,6 +63,7 @@ public class TextDiffSubject extends Subject {
 
   private final ImmutableList<String> actual;
   private DiffFormat diffFormat = DiffFormat.SIDE_BY_SIDE_MARKDOWN;
+  private ImmutableList<String> comments = ImmutableList.of();
 
   protected TextDiffSubject(FailureMetadata metadata, List<String> actual) {
     super(metadata, actual);
@@ -83,10 +84,22 @@ public class TextDiffSubject extends Subject {
     return this;
   }
 
+  /** If set, ignore lines that start with the given string. */
+  public TextDiffSubject ignoringLinesStartingWith(String... comments) {
+    this.comments = ImmutableList.copyOf(comments);
+    return this;
+  }
+
+  private ImmutableList<String> filterComments(List<String> lines) {
+    return lines.stream()
+        .filter(line -> comments.stream().noneMatch(line::startsWith))
+        .collect(ImmutableList.toImmutableList());
+  }
+
   public void hasSameContentAs(List<String> expectedContent) {
     checkNotNull(expectedContent, "expectedContent");
-    ImmutableList<String> expected = ImmutableList.copyOf(expectedContent);
-    if (expected.equals(actual)) {
+    ImmutableList<String> expected = filterComments(expectedContent);
+    if (filterComments(expected).equals(filterComments(actual))) {
       return;
     }
     String diffString = diffFormat.generateDiff(expected, actual);

config/dependency-license/allowed_licenses.json

@@ -305,7 +305,6 @@
     {
       // "Apache License, Version 2.0".
       "moduleLicense": null,
-      "moduleVersion": "26.26.0",
       "moduleName": "com.google.cloud:libraries-bom"
     },
     {
@@ -370,7 +369,6 @@
     // "Apache License, Version 2.0".
     {
       "moduleLicense": null,
-      "moduleVersion": "1.33.0",
       "moduleName": "io.opentelemetry:opentelemetry-bom"
     },
     {

config/presubmits.py

@@ -25,7 +25,11 @@ import textwrap
 import re
 
 # We should never analyze any generated files
-UNIVERSALLY_SKIPPED_PATTERNS = {"/build/", "cloudbuild-caches", "/out/", ".git/", ".gradle/", "/dist/", "karma.conf.js", "polyfills.ts", "test.ts", "/docs/console-endpoints/"}
+UNIVERSALLY_SKIPPED_PATTERNS = {"/build/", "cloudbuild-caches", "/out/", ".git/",
+     ".gradle/", "/dist/", "/console-alpha/", "/console-crash/", "/console-qa",
+     "/console-sandbox", "/console-production", "karma.conf.js", "polyfills.ts",
+     "test.ts", "/docs/console-endpoints/", "/bin/generated-sources/",
+     "/bin/generated-test-sources/", "src/main/generated", "src/test/generated"}
 # We can't rely on CI to have the Enum package installed so we do this instead.
 FORBIDDEN = 1
 REQUIRED = 2
@@ -87,11 +91,9 @@ PRESUBMITS = {
     PresubmitCheck(
         r".*Copyright 20\d{2} The Nomulus Authors\. All Rights Reserved\.",
         ("java", "js", "soy", "sql", "py", "sh", "gradle", "ts"), {
-            ".git", "/build/", "/bin/generated-sources/", "/bin/generated-test-sources/",
-            "node_modules/", "LoggerConfig.java", "registrar_bin.",
+            ".git", "/build/", "node_modules/", "LoggerConfig.java", "registrar_bin.",
             "registrar_dbg.", "google-java-format-diff.py",
-            "nomulus.golden.sql", "soyutils_usegoog.js", "javascript/checks.js",
-            "/src/main/generated", "/src/test/generated"
+            "nomulus.golden.sql", "soyutils_usegoog.js", "javascript/checks.js"
         }, REQUIRED):
         "File did not include the license header.",
 
@@ -208,6 +210,12 @@ PRESUBMITS = {
         {"/node_modules/"},
     ):
         "Do not use javax.servlet.* Use jakarta.servlet.* instead.",
+    PresubmitCheck(
+        r".*javax\.inject\..*",
+        "java",
+        {"/node_modules/"},
+    ):
+        "Do not use javax.inject.* Use jakarta.inject.* instead.",
 }
 
 # Note that this regex only works for one kind of Flyway file.  If we want to

console-webapp/.gitignore

@@ -44,3 +44,4 @@ Thumbs.db
 
 # Build artifact
 /staged/dist
+/staged/console-*

console-webapp/angular.json

@@ -96,11 +96,17 @@
               "sourceMap": true,
               "namedChunks": true
             },
-            "development": {
+            "qa": {
               "optimization": false,
               "extractLicenses": false,
               "sourceMap": true,
               "namedChunks": true
+            },
+            "development": {
+              "optimization": false,
+              "extractLicenses": false,
+              "sourceMap": true,
+              "namedChunks": true,
             }
           },
           "defaultConfiguration": "production"
@@ -120,6 +126,9 @@
             "sandbox": {
               "buildTarget": "console-webapp:build:sandbox"
             },
+            "qa": {
+              "buildTarget": "console-webapp:build:qa"
+            },
             "development": {
               "buildTarget": "console-webapp:build:development"
             }

console-webapp/build.gradle

@@ -40,15 +40,55 @@ task runConsoleWebappUnitTests(type: Exec) {
 task buildConsoleWebapp(type: Exec) {
   workingDir "${consoleDir}/"
   executable 'npm'
-  def configuration = project.hasProperty('configuration') ?
-    project.getProperty('configuration') :
-    'production'
+  def configuration = project.getProperty('configuration')
   args 'run', "build", "--configuration=${configuration}"
   doFirst {
     println "Building console for environment: ${configuration}"
   }
 }
 
+task buildConsoleForAll() {}
+
+def createConsoleTask = { env ->
+  project.tasks.register("buildConsoleFor${env.capitalize()}", Exec) {
+    workingDir "${consoleDir}/"
+    executable 'npm'
+    args 'run', 'build', "--configuration=${env}"
+    doFirst {
+      println "Building console for environment: ${env}"
+    }
+    doLast {
+      copy {
+        from "${consoleDir}/staged/dist/"
+        into "${consoleDir}/staged/console-${env}"
+      }
+      delete "${consoleDir}/staged/dist"
+    }
+    dependsOn(tasks.npmInstallDeps)
+  }
+  project.tasks.register("deleteConsoleFor${env.capitalize()}", Delete) {
+    delete "${consoleDir}/staged/console-${env}"
+  }
+  tasks.named('clean') {
+    dependsOn(tasks.named("deleteConsoleFor${env.capitalize()}"))
+  }
+  tasks.named('buildConsoleForAll') {
+    dependsOn(tasks.named("buildConsoleFor${env.capitalize()}"))
+  }
+}
+
+['alpha', 'crash', 'qa', 'sandbox', 'production'].forEach {env ->
+  createConsoleTask(env)
+}
+
+// Force an order so we don't run these tasks in parallel.
+tasks.buildConsoleForCrash.mustRunAfter(tasks.buildConsoleForAlpha)
+tasks.buildConsoleForQa.mustRunAfter(tasks.buildConsoleForCrash)
+tasks.buildConsoleForSandbox.mustRunAfter(tasks.buildConsoleForQa)
+tasks.buildConsoleForProduction.mustRunAfter(tasks.buildConsoleForSandbox)
+// This task must run last, otherwise the previous tasks will have deleted the "dist" folder.
+tasks.buildConsoleWebapp.mustRunAfter(tasks.buildConsoleForProduction)
+
 task applyFormatting(type: Exec) {
   workingDir "${consoleDir}/"
   executable 'npm'
@@ -61,16 +101,9 @@ task checkFormatting(type: Exec) {
   args 'run', 'prettify:check'
 }
 
-task deploy(type: Exec) {
-  workingDir "${consoleDir}/staged"
-  executable 'gcloud'
-  args 'app', 'deploy', "${projectParam}", '--quiet'
-}
-
 tasks.buildConsoleWebapp.dependsOn(tasks.npmInstallDeps)
 tasks.runConsoleWebappUnitTests.dependsOn(tasks.npmInstallDeps)
 tasks.applyFormatting.dependsOn(tasks.npmInstallDeps)
 tasks.checkFormatting.dependsOn(tasks.npmInstallDeps)
 tasks.build.dependsOn(tasks.checkFormatting)
 tasks.build.dependsOn(tasks.runConsoleWebappUnitTests)
-tasks.deploy.dependsOn(tasks.buildConsoleWebapp)

console-webapp/gradle.properties

@@ -0,0 +1 @@
+configuration=production

console-webapp/package.json

@@ -16,31 +16,31 @@
   },
   "private": true,
   "dependencies": {
-    "@angular/animations": "^18.0.2",
-    "@angular/cdk": "^18.0.2",
-    "@angular/common": "^18.0.2",
-    "@angular/compiler": "^18.0.2",
-    "@angular/core": "^18.0.2",
-    "@angular/forms": "^18.0.2",
-    "@angular/material": "^18.0.2",
-    "@angular/platform-browser": "^18.0.2",
-    "@angular/platform-browser-dynamic": "^18.0.2",
-    "@angular/router": "^18.0.2",
+    "@angular/animations": "^19.1.4",
+    "@angular/cdk": "^19.1.2",
+    "@angular/common": "^19.1.4",
+    "@angular/compiler": "^19.1.4",
+    "@angular/core": "^19.1.4",
+    "@angular/forms": "^19.1.4",
+    "@angular/material": "^19.1.2",
+    "@angular/platform-browser": "^19.1.4",
+    "@angular/platform-browser-dynamic": "^19.1.4",
+    "@angular/router": "^19.1.4",
     "rxjs": "~7.5.0",
     "tslib": "^2.3.0",
-    "zone.js": "~0.14.2"
+    "zone.js": "~0.15.0"
   },
   "devDependencies": {
-    "@angular-devkit/build-angular": "^18.0.3",
-    "@angular-eslint/builder": "18.0.1",
-    "@angular-eslint/eslint-plugin": "18.0.1",
-    "@angular-eslint/eslint-plugin-template": "18.0.1",
-    "@angular-eslint/schematics": "18.0.1",
-    "@angular-eslint/template-parser": "18.0.1",
-    "@angular/cli": "~18.0.3",
-    "@angular/compiler-cli": "^18.0.2",
+    "@angular-devkit/build-angular": "^19.1.5",
+    "@angular-eslint/builder": "19.0.2",
+    "@angular-eslint/eslint-plugin": "19.0.2",
+    "@angular-eslint/eslint-plugin-template": "19.0.2",
+    "@angular-eslint/schematics": "19.0.2",
+    "@angular-eslint/template-parser": "19.0.2",
+    "@angular/cli": "~19.1.5",
+    "@angular/compiler-cli": "^19.1.4",
     "@types/jasmine": "~4.0.0",
-    "@types/node": "^18.11.18",
+    "@types/node": "^18.19.74",
     "@typescript-eslint/eslint-plugin": "^7.2.0",
     "@typescript-eslint/parser": "^7.2.0",
     "concurrently": "^7.6.0",
@@ -52,6 +52,6 @@
     "karma-jasmine": "~5.1.0",
     "karma-jasmine-html-reporter": "~2.0.0",
     "prettier": "2.8.7",
-    "typescript": "~5.4.5"
+    "typescript": "^5.7.3"
   }
 }

console-webapp/src/app/app-routing.module.ts

@@ -18,17 +18,14 @@ import { BillingInfoComponent } from './billingInfo/billingInfo.component';
 import { DomainListComponent } from './domains/domainList.component';
 import { HomeComponent } from './home/home.component';
 import { RegistryLockVerifyComponent } from './lock/registryLockVerify.component';
-import { NewOteComponent } from './ote/newOte.component';
-import { OteStatusComponent } from './ote/oteStatus.component';
 import { RegistrarDetailsComponent } from './registrar/registrarDetails.component';
 import { RegistrarComponent } from './registrar/registrarsTable.component';
 import { ResourcesComponent } from './resources/resources.component';
 import ContactComponent from './settings/contact/contact.component';
 import SecurityComponent from './settings/security/security.component';
 import { SettingsComponent } from './settings/settings.component';
-import UsersComponent from './settings/users/users.component';
-import WhoisComponent from './settings/whois/whois.component';
 import { SupportComponent } from './support/support.component';
+import RdapComponent from './settings/rdap/rdap.component';
 
 export interface RouteWithIcon extends Route {
   iconName?: string;
@@ -37,6 +34,7 @@ export interface RouteWithIcon extends Route {
 export const PATHS = {
   NewOteComponent: 'new-ote',
   OteStatusComponent: 'ote-status/:registrarId',
+  UsersComponent: 'users',
 };
 export const routes: RouteWithIcon[] = [
   { path: '', redirectTo: '/home', pathMatch: 'full' },
@@ -85,19 +83,15 @@ export const routes: RouteWithIcon[] = [
         title: 'Contacts',
       },
       {
-        path: WhoisComponent.PATH,
-        component: WhoisComponent,
-        title: 'WHOIS Info',
+        path: RdapComponent.PATH,
+        component: RdapComponent,
+        title: 'RDAP Info',
       },
       {
         path: SecurityComponent.PATH,
         component: SecurityComponent,
         title: 'Security',
       },
-      {
-        path: UsersComponent.PATH,
-        component: UsersComponent,
-      },
     ],
   },
   // {
@@ -128,6 +122,13 @@ export const routes: RouteWithIcon[] = [
     title: 'Resources',
     iconName: 'description',
   },
+  {
+    path: PATHS.UsersComponent,
+    title: 'Users',
+    iconName: 'manage_accounts',
+    loadComponent: () =>
+      import('./users/users.component').then((mod) => mod.UsersComponent),
+  },
   {
     path: SupportComponent.PATH,
     component: SupportComponent,

console-webapp/src/app/app.component.html

@@ -7,18 +7,19 @@
     ></mat-progress-bar>
   </div>
   <mat-sidenav-container class="console-app__container">
+    <mat-sidenav-content class="console-app__content-wrapper">
+      <div class="console-app__content" role="main">
+        <router-outlet></router-outlet>
+      </div>
+    </mat-sidenav-content>
     <mat-sidenav
       [mode]="breakpointObserver.isMobileView() ? 'over' : 'side'"
       [opened]="!breakpointObserver.isMobileView()"
+      [disableClose]="!breakpointObserver.isMobileView()"
       #sidenav
       class="console-app__sidebar"
     >
       <app-navigation />
     </mat-sidenav>
-    <mat-sidenav-content class="console-app__content-wrapper">
-      <div class="console-app__content">
-        <router-outlet></router-outlet>
-      </div>
-    </mat-sidenav-content>
   </mat-sidenav-container>
 </div>

console-webapp/src/app/app.component.spec.ts

@@ -14,29 +14,124 @@
 
 import { provideHttpClient } from '@angular/common/http';
 import { provideHttpClientTesting } from '@angular/common/http/testing';
-import { TestBed } from '@angular/core/testing';
-import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
+import { ComponentFixture, fakeAsync, TestBed } from '@angular/core/testing';
+import { NoopAnimationsModule } from '@angular/platform-browser/animations';
 import { AppComponent } from './app.component';
-import { MaterialModule } from './material.module';
-import { BackendService } from './shared/services/backend.service';
-import { AppRoutingModule } from './app-routing.module';
+import { routes } from './app-routing.module';
+import { AppModule } from './app.module';
+import { PocReminderComponent } from './shared/components/pocReminder/pocReminder.component';
+import { RouterModule } from '@angular/router';
+import { MatSnackBar, MatSnackBarModule } from '@angular/material/snack-bar';
+import { UserData, UserDataService } from './shared/services/userData.service';
+import { Registrar, RegistrarService } from './registrar/registrar.service';
+import { MatSidenavModule } from '@angular/material/sidenav';
+import { signal, WritableSignal } from '@angular/core';
 
 describe('AppComponent', () => {
+  let component: AppComponent;
+  let fixture: ComponentFixture<AppComponent>;
+  let mockRegistrarService: {
+    registrar: WritableSignal<Partial<Registrar> | null | undefined>;
+    registrarId: WritableSignal<string>;
+    registrars: WritableSignal<Array<Partial<Registrar>>>;
+  };
+  let mockUserDataService: { userData: WritableSignal<Partial<UserData>> };
+  let mockSnackBar: jasmine.SpyObj<MatSnackBar>;
+
+  const dummyPocReminderComponent = class {}; // Dummy class for type checking
+
   beforeEach(async () => {
+    mockRegistrarService = {
+      registrar: signal<Registrar | null | undefined>(undefined),
+      registrarId: signal('123'),
+      registrars: signal([]),
+    };
+
+    mockUserDataService = {
+      userData: signal({
+        globalRole: 'NONE',
+      }),
+    };
+
+    mockSnackBar = jasmine.createSpyObj('MatSnackBar', ['openFromComponent']);
+
     await TestBed.configureTestingModule({
-      declarations: [AppComponent],
-      imports: [MaterialModule, BrowserAnimationsModule, AppRoutingModule],
+      imports: [
+        MatSidenavModule,
+        NoopAnimationsModule,
+        MatSnackBarModule,
+        AppModule,
+        RouterModule.forRoot(routes),
+      ],
       providers: [
-        BackendService,
+        { provide: RegistrarService, useValue: mockRegistrarService },
+        { provide: UserDataService, useValue: mockUserDataService },
+        { provide: MatSnackBar, useValue: mockSnackBar },
+        { provide: PocReminderComponent, useClass: dummyPocReminderComponent },
         provideHttpClient(),
         provideHttpClientTesting(),
       ],
     }).compileComponents();
+
+    fixture = TestBed.createComponent(AppComponent);
+    component = fixture.componentInstance;
+  });
+
+  afterEach(() => {
+    jasmine.clock().uninstall();
   });
 
   it('should create the app', () => {
     const fixture = TestBed.createComponent(AppComponent);
+    fixture.detectChanges();
     const app = fixture.componentInstance;
     expect(app).toBeTruthy();
   });
+
+  describe('PoC Verification Reminder', () => {
+    beforeEach(() => {
+      jasmine.clock().install();
+    });
+
+    it('should open snackbar if lastPocVerificationDate is older than one year', fakeAsync(() => {
+      const MOCK_TODAY = new Date('2024-07-15T10:00:00.000Z');
+      jasmine.clock().mockDate(MOCK_TODAY);
+
+      const twoYearsAgo = new Date(MOCK_TODAY);
+      twoYearsAgo.setFullYear(MOCK_TODAY.getFullYear() - 2);
+
+      mockRegistrarService.registrar.set({
+        lastPocVerificationDate: twoYearsAgo.toISOString(),
+      });
+
+      fixture.detectChanges();
+      TestBed.flushEffects();
+
+      expect(mockSnackBar.openFromComponent).toHaveBeenCalledWith(
+        PocReminderComponent,
+        {
+          horizontalPosition: 'center',
+          verticalPosition: 'top',
+          duration: 1000000000,
+        }
+      );
+    }));
+
+    it('should NOT open snackbar if lastPocVerificationDate is within last year', fakeAsync(() => {
+      const MOCK_TODAY = new Date('2024-07-15T10:00:00.000Z');
+      jasmine.clock().mockDate(MOCK_TODAY);
+
+      const sixMonthsAgo = new Date(MOCK_TODAY);
+      sixMonthsAgo.setMonth(MOCK_TODAY.getMonth() - 6);
+
+      mockRegistrarService.registrar.set({
+        lastPocVerificationDate: sixMonthsAgo.toISOString(),
+      });
+
+      fixture.detectChanges();
+      TestBed.flushEffects();
+
+      expect(mockSnackBar.openFromComponent).not.toHaveBeenCalled();
+    }));
+  });
 });

console-webapp/src/app/app.component.ts

@@ -12,18 +12,21 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { AfterViewInit, Component, ViewChild } from '@angular/core';
+import { AfterViewInit, Component, effect, ViewChild } from '@angular/core';
 import { MatSidenav } from '@angular/material/sidenav';
 import { NavigationEnd, Router } from '@angular/router';
 import { RegistrarService } from './registrar/registrar.service';
 import { BreakPointObserverService } from './shared/services/breakPoint.service';
 import { GlobalLoaderService } from './shared/services/globalLoader.service';
 import { UserDataService } from './shared/services/userData.service';
+import { MatSnackBar } from '@angular/material/snack-bar';
+import { PocReminderComponent } from './shared/components/pocReminder/pocReminder.component';
 
 @Component({
   selector: 'app-root',
   templateUrl: './app.component.html',
   styleUrls: ['./app.component.scss'],
+  standalone: false,
 })
 export class AppComponent implements AfterViewInit {
   @ViewChild(MatSidenav)
@@ -34,8 +37,28 @@ export class AppComponent implements AfterViewInit {
     protected userDataService: UserDataService,
     protected globalLoader: GlobalLoaderService,
     protected breakpointObserver: BreakPointObserverService,
-    private router: Router
-  ) {}
+    private router: Router,
+    private _snackBar: MatSnackBar
+  ) {
+    effect(() => {
+      const registrar = this.registrarService.registrar();
+      const oneYearAgo = new Date();
+      oneYearAgo.setFullYear(oneYearAgo.getFullYear() - 1);
+      oneYearAgo.setHours(0, 0, 0, 0);
+      if (
+        registrar &&
+        registrar.lastPocVerificationDate &&
+        new Date(registrar.lastPocVerificationDate) < oneYearAgo &&
+        this.userDataService?.userData()?.globalRole === 'NONE'
+      ) {
+        this._snackBar.openFromComponent(PocReminderComponent, {
+          horizontalPosition: 'center',
+          verticalPosition: 'top',
+          duration: 1000000000,
+        });
+      }
+    });
+  }
 
   ngAfterViewInit() {
     this.router.events.subscribe((event) => {

console-webapp/src/app/app.module.ts

@@ -26,14 +26,16 @@ import { BackendService } from './shared/services/backend.service';
 import { provideHttpClient } from '@angular/common/http';
 import { MAT_FORM_FIELD_DEFAULT_OPTIONS } from '@angular/material/form-field';
 import { BillingInfoComponent } from './billingInfo/billingInfo.component';
-import { DomainListComponent } from './domains/domainList.component';
+import {
+  DomainListComponent,
+  ReasonDialogComponent,
+  ResponseDialogComponent,
+} from './domains/domainList.component';
 import { RegistryLockComponent } from './domains/registryLock.component';
 import { HeaderComponent } from './header/header.component';
 import { HomeComponent } from './home/home.component';
 import { RegistryLockVerifyComponent } from './lock/registryLockVerify.component';
 import { NavigationComponent } from './navigation/navigation.component';
-import { NewOteComponent } from './ote/newOte.component';
-import { OteStatusComponent } from './ote/oteStatus.component';
 import NewRegistrarComponent from './registrar/newRegistrar.component';
 import { RegistrarDetailsComponent } from './registrar/registrarDetails.component';
 import { RegistrarSelectorComponent } from './registrar/registrarSelector.component';
@@ -45,8 +47,6 @@ import EppPasswordEditComponent from './settings/security/eppPasswordEdit.compon
 import SecurityComponent from './settings/security/security.component';
 import SecurityEditComponent from './settings/security/securityEdit.component';
 import { SettingsComponent } from './settings/settings.component';
-import WhoisComponent from './settings/whois/whois.component';
-import WhoisEditComponent from './settings/whois/whoisEdit.component';
 import { NotificationsComponent } from './shared/components/notifications/notifications.component';
 import { SelectedRegistrarWrapper } from './shared/components/selectedRegistrarWrapper/selectedRegistrarWrapper.component';
 import { LocationBackDirective } from './shared/directives/locationBack.directive';
@@ -57,6 +57,18 @@ import { UserDataService } from './shared/services/userData.service';
 import { SnackBarModule } from './snackbar.module';
 import { SupportComponent } from './support/support.component';
 import { TldsComponent } from './tlds/tlds.component';
+import { ForceFocusDirective } from './shared/directives/forceFocus.directive';
+import RdapComponent from './settings/rdap/rdap.component';
+import RdapEditComponent from './settings/rdap/rdapEdit.component';
+import { PocReminderComponent } from './shared/components/pocReminder/pocReminder.component';
+
+@NgModule({
+  declarations: [SelectedRegistrarWrapper],
+  imports: [MaterialModule],
+  exports: [SelectedRegistrarWrapper],
+  providers: [],
+})
+export class SelectedRegistrarModule {}
 
 @NgModule({
   declarations: [
@@ -65,28 +77,31 @@ import { TldsComponent } from './tlds/tlds.component';
     ContactDetailsComponent,
     DomainListComponent,
     EppPasswordEditComponent,
+    ForceFocusDirective,
     HeaderComponent,
     HomeComponent,
     LocationBackDirective,
-    UserLevelVisibility,
     NavigationComponent,
     NewRegistrarComponent,
     NotificationsComponent,
+    RdapComponent,
+    RdapEditComponent,
+    ReasonDialogComponent,
+    PocReminderComponent,
     RegistrarComponent,
     RegistrarDetailsComponent,
-    RegistryLockComponent,
     RegistrarSelectorComponent,
+    RegistryLockComponent,
     RegistryLockVerifyComponent,
     ResourcesComponent,
+    ResponseDialogComponent,
     SecurityComponent,
     SecurityEditComponent,
-    SelectedRegistrarWrapper,
     SettingsComponent,
     SettingsContactComponent,
     SupportComponent,
     TldsComponent,
-    WhoisComponent,
-    WhoisEditComponent,
+    UserLevelVisibility,
   ],
   bootstrap: [AppComponent],
   imports: [
@@ -95,9 +110,9 @@ import { TldsComponent } from './tlds/tlds.component';
     BrowserModule,
     FormsModule,
     MaterialModule,
+    SelectedRegistrarModule,
     SnackBarModule,
   ],
-  exports: [SelectedRegistrarWrapper],
   providers: [
     BackendService,
     BreakPointObserverService,

console-webapp/src/app/billingInfo/billingInfo.component.html

@@ -1,16 +1,20 @@
 <app-selected-registrar-wrapper>
-  <h1 class="mat-headline-4">Billing Info</h1>
+  <h1 class="mat-headline-4" forceFocus>Billing Info</h1>
   <div class="console-app__billing">
     <div>
       <div class="console-app__billing-subhead">
         Billing records and information
       </div>
-      <a class="text-l" href="{{ driveFolderUrl() }}" target="_blank"
+      <a
+        class="text-l"
+        href="{{ driveFolderUrl() }}"
+        target="_blank"
+        aria-label="View billing records on Google Drive"
         >View on Google Drive</a
       >
     </div>
     <div>
-      <img src="./assets/billing.png" />
+      <img src="./assets/billing.png" alt="Generic billing image" />
     </div>
   </div>
 </app-selected-registrar-wrapper>

console-webapp/src/app/billingInfo/billingInfo.component.scss

@@ -16,7 +16,7 @@
     width: 100%;
   }
   &-subhead {
-    font-size: 20px;
+    font-size: 1.25rem;
     margin-bottom: 20px;
   }
 }

console-webapp/src/app/billingInfo/billingInfo.component.ts

@@ -20,6 +20,7 @@ import { MatSnackBar } from '@angular/material/snack-bar';
   selector: 'app-billingInfo',
   templateUrl: './billingInfo.component.html',
   styleUrls: ['./billingInfo.component.scss'],
+  standalone: false,
 })
 export class BillingInfoComponent {
   public static PATH = 'billingInfo';

console-webapp/src/app/domains/domainList.component.html

@@ -1,6 +1,6 @@
 <app-selected-registrar-wrapper>
   <div class="console-app-domains">
-    <h1 class="mat-headline-4">Domains</h1>
+    <h1 class="mat-headline-4" forceFocus>Domains</h1>
 
     <div
       class="console-app-domains__actions-wrapper"
@@ -24,11 +24,37 @@
     </div>
     } @else {
     <mat-menu #actions="matMenu">
-      <ng-template matMenuContent let-domainName="domainName">
-        <button mat-menu-item (click)="openRegistryLock(domainName)">
+      <ng-template
+        matMenuContent
+        let-domainName="domainName"
+        let-domain="domain"
+      >
+        <button
+          mat-menu-item
+          (click)="openRegistryLock(domainName)"
+          aria-label="Access registry lock for domain"
+        >
           <mat-icon>key</mat-icon>
           <span>Registry Lock</span>
         </button>
+        <button
+          mat-menu-item
+          (click)="onSuspendClick(domainName)"
+          [elementId]="getElementIdForSuspendUnsuspend()"
+          [disabled]="isDomainUnsuspendable(domain)"
+        >
+          <mat-icon>lock_clock</mat-icon>
+          <span>Suspend</span>
+        </button>
+        <button
+          mat-menu-item
+          (click)="onUnsuspendClick(domainName)"
+          [elementId]="getElementIdForSuspendUnsuspend()"
+          [disabled]="!isDomainUnsuspendable(domain)"
+        >
+          <mat-icon>lock_open</mat-icon>
+          <span>Unsuspend</span>
+        </button>
       </ng-template>
     </mat-menu>
     <div
@@ -65,16 +91,67 @@
             />
           </mat-form-field>
 
+          <div
+            class="console-app__domains-selection"
+            [elementId]="getElementIdForBulkDelete()"
+            [ngClass]="{ active: selection.hasValue() }"
+          >
+            <div class="console-app__domains-selection-text">
+              {{ selection.selected.length }} Selected
+            </div>
+            <div class="console-app__domains-selection-actions">
+              <button
+                mat-flat-button
+                aria-label="Delete Selected Domains"
+                [attr.aria-hidden]="!selection.hasValue()"
+                (click)="deleteSelectedDomains()"
+              >
+                Delete Selected Domains
+              </button>
+            </div>
+          </div>
+
           <mat-table
             [dataSource]="dataSource"
             class="mat-elevation-z0"
             class="console-app__domains-table"
           >
+            <!-- Checkbox Column -->
+            <ng-container matColumnDef="select">
+              <mat-header-cell *matHeaderCellDef>
+                <mat-checkbox
+                  (change)="$event ? toggleAllRows() : null"
+                  [checked]="selection.hasValue() && isAllSelected"
+                  [indeterminate]="selection.hasValue() && !isAllSelected"
+                  [aria-label]="checkboxLabel()"
+                  [elementId]="getElementIdForBulkDelete()"
+                >
+                </mat-checkbox>
+              </mat-header-cell>
+              <mat-cell *matCellDef="let row">
+                <mat-checkbox
+                  (click)="$event.stopPropagation()"
+                  (change)="$event ? selection.toggle(row) : null"
+                  [checked]="selection.isSelected(row)"
+                  [aria-label]="checkboxLabel(row)"
+                  [elementId]="getElementIdForBulkDelete()"
+                >
+                </mat-checkbox>
+              </mat-cell>
+            </ng-container>
+
             <ng-container matColumnDef="domainName">
               <mat-header-cell *matHeaderCellDef>Domain Name</mat-header-cell>
-              <mat-cell *matCellDef="let element">{{
-                element.domainName
-              }}</mat-cell>
+              <mat-cell *matCellDef="let element">
+                <mat-icon
+                  *ngIf="getOperationMessage(element.domainName)"
+                  [matTooltip]="getOperationMessage(element.domainName)"
+                  matTooltipPosition="above"
+                  class="primary-text"
+                  >info</mat-icon
+                >
+                <span>{{ element.domainName }}</span>
+              </mat-cell>
             </ng-container>
 
             <ng-container matColumnDef="creationTime">
@@ -95,9 +172,9 @@
 
             <ng-container matColumnDef="statuses">
               <mat-header-cell *matHeaderCellDef>Statuses</mat-header-cell>
-              <mat-cell *matCellDef="let element">{{
-                element.statuses
-              }}</mat-cell>
+              <mat-cell *matCellDef="let element">
+                <span>{{ element.statuses?.join(", ") }}</span>
+              </mat-cell>
             </ng-container>
 
             <ng-container matColumnDef="registryLock">
@@ -115,7 +192,10 @@
                 <button
                   mat-icon-button
                   [matMenuTriggerFor]="actions"
-                  [matMenuTriggerData]="{ domainName: element.domainName }"
+                  [matMenuTriggerData]="{
+                    domainName: element.domainName,
+                    domain: element
+                  }"
                   aria-label="Domain actions"
                 >
                   <mat-icon>more_horiz</mat-icon>

console-webapp/src/app/domains/domainList.component.scss

@@ -12,6 +12,22 @@
     }
   }
 
+  &__domains-selection {
+    height: 60px;
+    max-height: 0;
+    transition: max-height 0.2s linear;
+    display: flex;
+    align-items: center;
+    overflow: hidden;
+    gap: 20px;
+    &-text {
+      font-weight: bold;
+    }
+    &.active {
+      max-height: 60px;
+    }
+  }
+
   &-domains__download {
     position: absolute;
     top: -55px;
@@ -36,6 +52,27 @@
     .mat-column-registryLock {
       max-width: 150px;
     }
+    .mat-column-statuses span {
+      padding: 10px 0;
+      overflow: hidden;
+      word-break: break-word;
+    }
+    .mat-column-select {
+      max-width: 60px;
+      padding-left: 15px;
+    }
+    .mat-column-domainName {
+      position: relative;
+      padding-left: 25px;
+      mat-icon {
+        position: absolute;
+        left: 0;
+      }
+    }
+    mat-cell:has([style*="display: none"]),
+    mat-header-cell:has([style*="display: none"]) {
+      display: none;
+    }
   }
 
   &__domains-spinner {

console-webapp/src/app/domains/domainList.component.spec.ts

@@ -21,6 +21,7 @@ import { MaterialModule } from '../material.module';
 import { BackendService } from '../shared/services/backend.service';
 import { DomainListComponent } from './domainList.component';
 import { FormsModule } from '@angular/forms';
+import { AppModule } from '../app.module';
 
 describe('DomainListComponent', () => {
   let component: DomainListComponent;
@@ -29,7 +30,12 @@ describe('DomainListComponent', () => {
   beforeEach(async () => {
     await TestBed.configureTestingModule({
       declarations: [DomainListComponent],
-      imports: [MaterialModule, BrowserAnimationsModule, FormsModule],
+      imports: [
+        MaterialModule,
+        BrowserAnimationsModule,
+        FormsModule,
+        AppModule,
+      ],
       providers: [
         BackendService,
         provideHttpClient(),

console-webapp/src/app/domains/domainList.component.ts

@@ -12,27 +12,123 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { HttpErrorResponse } from '@angular/common/http';
-import { Component, ViewChild, effect } from '@angular/core';
+import { SelectionModel } from '@angular/cdk/collections';
+import { HttpErrorResponse, HttpStatusCode } from '@angular/common/http';
+import { Component, effect, Inject, ViewChild } from '@angular/core';
 import { MatPaginator, PageEvent } from '@angular/material/paginator';
 import { MatSnackBar } from '@angular/material/snack-bar';
 import { MatTableDataSource } from '@angular/material/table';
-import { Subject, debounceTime } from 'rxjs';
+import { debounceTime, filter, Subject, take } from 'rxjs';
 import { RegistrarService } from '../registrar/registrar.service';
-import { Domain, DomainListService } from './domainList.service';
+import {
+  BULK_ACTION_NAME,
+  Domain,
+  DomainListService,
+} from './domainList.service';
 import { RegistryLockComponent } from './registryLock.component';
 import { RegistryLockService } from './registryLock.service';
+import {
+  MAT_DIALOG_DATA,
+  MatDialog,
+  MatDialogRef,
+} from '@angular/material/dialog';
+import { RESTRICTED_ELEMENTS } from '../shared/directives/userLevelVisiblity.directive';
+
+interface DomainResponse {
+  message: string;
+  responseCode: string;
+}
+
+interface DomainData {
+  [domain: string]: DomainResponse;
+}
+
+@Component({
+  selector: 'app-response-dialog',
+  template: `
+    <h2 mat-dialog-title>{{ data.title }}</h2>
+    <mat-dialog-content [innerHTML]="data.content" />
+    <mat-dialog-actions>
+      <button mat-button (click)="onClose()">Close</button>
+    </mat-dialog-actions>
+  `,
+  standalone: false,
+})
+export class ResponseDialogComponent {
+  constructor(
+    public dialogRef: MatDialogRef<ReasonDialogComponent>,
+    @Inject(MAT_DIALOG_DATA)
+    public data: { title: string; content: string }
+  ) {}
+
+  onClose(): void {
+    this.dialogRef.close();
+  }
+}
+
+enum Operation {
+  deleting = 'deleting',
+  suspending = 'suspending',
+  unsuspending = 'unsuspending',
+}
+
+@Component({
+  selector: 'app-reason-dialog',
+  template: `
+    <h2 mat-dialog-title>
+      Please provide the (EPP) reason for {{ data.operation }} the domain(s):
+    </h2>
+    <mat-dialog-content>
+      <mat-form-field appearance="outline" style="width:100%">
+        <textarea matInput [(ngModel)]="reason" rows="4"></textarea>
+      </mat-form-field>
+    </mat-dialog-content>
+    <mat-dialog-actions>
+      <button mat-button (click)="onCancel()">Cancel</button>
+      <button mat-button color="warn" (click)="onSave()" [disabled]="!reason">
+        Save
+      </button>
+    </mat-dialog-actions>
+  `,
+  standalone: false,
+})
+export class ReasonDialogComponent {
+  reason: string = '';
+  constructor(
+    public dialogRef: MatDialogRef<ReasonDialogComponent>,
+    @Inject(MAT_DIALOG_DATA)
+    public data: { operation: Operation }
+  ) {}
+
+  onSave(): void {
+    this.dialogRef.close(this.reason);
+  }
+
+  onCancel(): void {
+    this.dialogRef.close();
+  }
+}
 
 @Component({
   selector: 'app-domain-list',
   templateUrl: './domainList.component.html',
   styleUrls: ['./domainList.component.scss'],
+  standalone: false,
 })
 export class DomainListComponent {
   public static PATH = 'domain-list';
+  private static SUSPENDED_STATUSES = [
+    'SERVER_RENEW_PROHIBITED',
+    'SERVER_TRANSFER_PROHIBITED',
+    'SERVER_UPDATE_PROHIBITED',
+    'SERVER_DELETE_PROHIBITED',
+    'SERVER_HOLD',
+  ];
   private readonly DEBOUNCE_MS = 500;
+  isAllSelected = false;
 
   displayedColumns: string[] = [
+    'select',
     'domainName',
     'creationTime',
     'registrationExpirationTime',
@@ -42,6 +138,7 @@ export class DomainListComponent {
   ];
 
   dataSource: MatTableDataSource<Domain> = new MatTableDataSource();
+  selection = new SelectionModel<Domain>(true, [], undefined, this.isChecked());
   isLoading = true;
 
   searchTermSubject = new Subject<string>();
@@ -51,13 +148,18 @@ export class DomainListComponent {
   resultsPerPage = 50;
   totalResults?: number = 0;
 
+  reason: string = '';
+
+  operationResult: DomainData | undefined;
+
   @ViewChild(MatPaginator, { static: true }) paginator!: MatPaginator;
 
   constructor(
     protected domainListService: DomainListService,
     protected registrarService: RegistrarService,
     protected registryLockService: RegistryLockService,
-    private _snackBar: MatSnackBar
+    private _snackBar: MatSnackBar,
+    private dialog: MatDialog
   ) {
     effect(() => {
       this.pageNumber = 0;
@@ -91,7 +193,10 @@ export class DomainListComponent {
   loadLocks() {
     this.registryLockService.retrieveLocks().subscribe({
       error: (err: HttpErrorResponse) => {
-        this._snackBar.open(err.message);
+        if (err.status !== HttpStatusCode.Forbidden) {
+          // Some users may not have registry lock permissions and that's OK
+          this._snackBar.open(err.message);
+        }
       },
     });
   }
@@ -131,6 +236,184 @@ export class DomainListComponent {
   onPageChange(event: PageEvent) {
     this.pageNumber = event.pageIndex;
     this.resultsPerPage = event.pageSize;
+    this.selection.clear();
     this.reloadData();
   }
+
+  toggleAllRows() {
+    if (this.isAllSelected) {
+      this.selection.clear();
+      this.isAllSelected = false;
+      return;
+    }
+
+    this.selection.select(...this.dataSource.data);
+    this.isAllSelected = true;
+  }
+
+  checkboxLabel(row?: Domain): string {
+    if (!row) {
+      return `${this.isAllSelected ? 'deselect' : 'select'} all`;
+    }
+    return `${this.selection.isSelected(row) ? 'deselect' : 'select'} row ${
+      row.domainName
+    }`;
+  }
+
+  private isChecked(): ((o1: Domain, o2: Domain) => boolean) | undefined {
+    return (o1: Domain, o2: Domain) => {
+      if (!o1.domainName || !o2.domainName) {
+        return false;
+      }
+
+      return this.isAllSelected || o1.domainName === o2.domainName;
+    };
+  }
+
+  getElementIdForBulkDelete() {
+    return RESTRICTED_ELEMENTS.BULK_DELETE;
+  }
+
+  getElementIdForSuspendUnsuspend() {
+    return RESTRICTED_ELEMENTS.SUSPEND;
+  }
+
+  getOperationMessage(domain: string) {
+    if (this.operationResult && this.operationResult[domain])
+      return this.operationResult[domain].message;
+    return '';
+  }
+
+  isDomainUnsuspendable(domain: Domain) {
+    return DomainListComponent.SUSPENDED_STATUSES.every((s) =>
+      domain.statuses.includes(s)
+    );
+  }
+
+  sendDeleteRequest(reason: string) {
+    this.isLoading = true;
+    this.domainListService
+      .bulkDomainAction(
+        this.selection.selected.map((d) => d.domainName),
+        reason,
+        this.registrarService.registrarId(),
+        BULK_ACTION_NAME.DELETE
+      )
+      .pipe(take(1))
+      .subscribe({
+        next: (result: DomainData) => {
+          this.isLoading = false;
+          const successCount = Object.keys(result).filter((domainName) =>
+            result[domainName].responseCode.toString().startsWith('1')
+          ).length;
+          const failureCount = Object.keys(result).length - successCount;
+          this.dialog.open(ResponseDialogComponent, {
+            data: {
+              title: 'Domain Deletion Results',
+              content: `Successfully deleted - ${successCount} domain(s)<br/>Failed to delete - ${failureCount} domain(s)<br/>${
+                failureCount
+                  ? 'Some domains could not be deleted due to ongoing processes or server errors. '
+                  : ''
+              }Please check the table for more information.`,
+            },
+          });
+          this.selection.clear();
+          this.operationResult = result;
+          this.reloadData();
+        },
+        error: (err: HttpErrorResponse) => {
+          this.isLoading = false;
+          this._snackBar.open(err.error || err.message);
+        },
+      });
+  }
+
+  deleteSelectedDomains() {
+    const dialogRef = this.dialog.open(ReasonDialogComponent, {
+      data: {
+        operation: Operation.deleting,
+      },
+    });
+
+    dialogRef
+      .afterClosed()
+      .pipe(
+        take(1),
+        filter((reason) => !!reason)
+      )
+      .subscribe(this.sendDeleteRequest.bind(this));
+  }
+
+  sendSuspendUnsuspendRequest(
+    domainName: string,
+    reason: string,
+    actionName: BULK_ACTION_NAME
+  ) {
+    this.isLoading = true;
+    this.domainListService
+      .bulkDomainAction(
+        [domainName],
+        reason,
+        this.registrarService.registrarId(),
+        actionName
+      )
+      .pipe(take(1))
+      .subscribe({
+        next: (result: DomainData) => {
+          this.isLoading = false;
+          if (result[domainName].responseCode.toString().startsWith('2')) {
+            this._snackBar.open(result[domainName].message);
+          } else {
+            this.reloadData();
+          }
+        },
+        error: (err: HttpErrorResponse) => {
+          this.isLoading = false;
+          this._snackBar.open(err.error || err.message);
+        },
+      });
+  }
+  onSuspendClick(domainName: string) {
+    const dialogRef = this.dialog.open(ReasonDialogComponent, {
+      data: {
+        operation: Operation.suspending,
+      },
+    });
+
+    dialogRef
+      .afterClosed()
+      .pipe(
+        take(1),
+        filter((reason) => !!reason)
+      )
+      .subscribe((reason) => {
+        this.sendSuspendUnsuspendRequest(
+          domainName,
+          reason,
+          BULK_ACTION_NAME.SUSPEND
+        );
+      });
+  }
+
+  onUnsuspendClick(domainName: string) {
+    const dialogRef = this.dialog.open(ReasonDialogComponent, {
+      data: {
+        operation: Operation.unsuspending,
+      },
+    });
+
+    dialogRef
+      .afterClosed()
+      .pipe(
+        take(1),
+        filter((reason) => !!reason)
+      )
+      .subscribe((reason) => {
+        this.sendSuspendUnsuspendRequest(
+          domainName,
+          reason,
+          BULK_ACTION_NAME.UNSUSPEND
+        );
+      });
+  }
 }

console-webapp/src/app/domains/domainList.service.ts

@@ -35,6 +35,12 @@ export interface DomainListResult {
   totalResults: number;
 }
 
+export enum BULK_ACTION_NAME {
+  DELETE = 'DELETE',
+  SUSPEND = 'SUSPEND',
+  UNSUSPEND = 'UNSUSPEND',
+}
+
 @Injectable({
   providedIn: 'root',
 })
@@ -48,7 +54,6 @@ export class DomainListService {
     private backendService: BackendService,
     private registrarService: RegistrarService
   ) {}
-
   retrieveDomains(
     pageNumber?: number,
     resultsPerPage?: number,
@@ -71,4 +76,18 @@ export class DomainListService {
         })
       );
   }
+
+  bulkDomainAction(
+    domains: string[],
+    reason: string,
+    registrarId: string,
+    actionName: BULK_ACTION_NAME
+  ) {
+    return this.backendService.bulkDomainAction(
+      domains,
+      reason,
+      actionName,
+      registrarId
+    );
+  }
 }

console-webapp/src/app/domains/registryLock.component.html

@@ -49,6 +49,7 @@
       color="primary"
       type="submit"
       [disabled]="!unlockDomain.valid"
+      aria-label="Submit domain unlock request"
     >
       Save
     </button>
@@ -73,6 +74,7 @@
       color="primary"
       type="submit"
       [disabled]="!lockDomain.valid"
+      aria-label="Submit domain lock request"
     >
       Save
     </button>

console-webapp/src/app/domains/registryLock.component.ts

@@ -25,6 +25,7 @@ import { RegistryLockService } from './registryLock.service';
   selector: 'app-registry-lock',
   templateUrl: './registryLock.component.html',
   styleUrls: ['./registryLock.component.scss'],
+  standalone: false,
 })
 export class RegistryLockComponent {
   readonly isLocked = computed(() =>

console-webapp/src/app/header/header.component.html

@@ -2,7 +2,7 @@
   <mat-toolbar>
     <button
       mat-icon-button
-      aria-label="Open menu"
+      aria-label="Open navigation menu"
       (click)="toggleNavPane()"
       *ngIf="breakpointObserver.isMobileView()"
       class="console-app__menu-btn"
@@ -12,6 +12,7 @@
     <a
       [routerLink]="'/home'"
       routerLinkActive="active"
+      aria-label="Google Registry logo"
       class="console-app__logo"
     >
       <svg

console-webapp/src/app/header/header.component.spec.ts

@@ -17,6 +17,12 @@ import { ComponentFixture, TestBed } from '@angular/core/testing';
 import { HeaderComponent } from './header.component';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 import { MaterialModule } from '../material.module';
+import { ActivatedRoute } from '@angular/router';
+import { AppModule, SelectedRegistrarModule } from '../app.module';
+import { AppRoutingModule } from '../app-routing.module';
+import { BackendService } from '../shared/services/backend.service';
+import { provideHttpClient } from '@angular/common/http';
+import { provideHttpClientTesting } from '@angular/common/http/testing';
 
 describe('HeaderComponent', () => {
   let component: HeaderComponent;
@@ -24,7 +30,19 @@ describe('HeaderComponent', () => {
 
   beforeEach(async () => {
     await TestBed.configureTestingModule({
-      imports: [MaterialModule, BrowserAnimationsModule],
+      imports: [
+        SelectedRegistrarModule,
+        MaterialModule,
+        BrowserAnimationsModule,
+        AppRoutingModule,
+        AppModule,
+      ],
+      providers: [
+        BackendService,
+        { provide: ActivatedRoute, useValue: {} as ActivatedRoute },
+        provideHttpClient(),
+        provideHttpClientTesting(),
+      ],
       declarations: [HeaderComponent],
     }).compileComponents();
 

console-webapp/src/app/header/header.component.ts

@@ -19,6 +19,7 @@ import { BreakPointObserverService } from '../shared/services/breakPoint.service
   selector: 'app-header',
   templateUrl: './header.component.html',
   styleUrls: ['./header.component.scss'],
+  standalone: false,
 })
 export class HeaderComponent {
   private isNavOpen = false;

console-webapp/src/app/home/home.component.spec.ts

@@ -16,6 +16,7 @@ import { ComponentFixture, TestBed } from '@angular/core/testing';
 
 import { HomeComponent } from './home.component';
 import { MaterialModule } from '../material.module';
+import { AppModule } from '../app.module';
 
 describe('HomeComponent', () => {
   let component: HomeComponent;
@@ -23,7 +24,7 @@ describe('HomeComponent', () => {
 
   beforeEach(async () => {
     await TestBed.configureTestingModule({
-      imports: [MaterialModule],
+      imports: [MaterialModule, AppModule],
       declarations: [HomeComponent],
     }).compileComponents();
 

console-webapp/src/app/home/home.component.ts

@@ -25,6 +25,7 @@ import { BreakPointObserverService } from '../shared/services/breakPoint.service
   selector: 'app-home',
   templateUrl: './home.component.html',
   styleUrls: ['./home.component.scss'],
+  standalone: false,
 })
 export class HomeComponent {
   constructor(

console-webapp/src/app/lock/registryLockVerify.component.scss

@@ -3,7 +3,7 @@
     margin-top: 30px;
   }
   &-subhead {
-    font-size: 20px;
+    font-size: 1.25rem;
     margin-bottom: 20px;
   }
 }

console-webapp/src/app/lock/registryLockVerify.component.ts

@@ -25,6 +25,7 @@ import { DomainListComponent } from '../domains/domainList.component';
   templateUrl: './registryLockVerify.component.html',
   styleUrls: ['./registryLockVerify.component.scss'],
   providers: [RegistryLockVerifyService],
+  standalone: false,
 })
 export class RegistryLockVerifyComponent {
   public static PATH = 'registry-lock-verify';

console-webapp/src/app/navigation/navigation.component.html

@@ -6,7 +6,9 @@
   <mat-tree-node
     *matTreeNodeDef="let node"
     matTreeNodeToggle
+    tabindex="0"
     (click)="onClick(node)"
+    (keyup.enter)="onClick(node)"
     [class.active]="router.url.includes(node.path)"
     [elementId]="getElementId(node)"
   >
@@ -18,6 +20,8 @@
   <mat-nested-tree-node
     *matTreeNodeDef="let node; when: hasChild"
     (click)="onClick(node)"
+    tabindex="0"
+    (keyup.enter)="onClick(node)"
   >
     <div class="mat-tree-node" [class.active]="router.url.includes(node.path)">
       <button

console-webapp/src/app/navigation/navigation.component.ts

@@ -17,8 +17,9 @@ import { Component } from '@angular/core';
 import { MatTreeNestedDataSource } from '@angular/material/tree';
 import { NavigationEnd, Router } from '@angular/router';
 import { Subscription } from 'rxjs';
-import { RouteWithIcon, routes } from '../app-routing.module';
+import { RouteWithIcon, routes, PATHS } from '../app-routing.module';
 import { RESTRICTED_ELEMENTS } from '../shared/directives/userLevelVisiblity.directive';
+import { RegistrarComponent } from '../registrar/registrarsTable.component';
 
 interface NavMenuNode extends RouteWithIcon {
   parentRoute?: RouteWithIcon;
@@ -32,6 +33,7 @@ interface NavMenuNode extends RouteWithIcon {
   selector: 'app-navigation',
   templateUrl: './navigation.component.html',
   styleUrls: ['./navigation.component.scss'],
+  standalone: false,
 })
 export class NavigationComponent {
   renderRouter: boolean = true;
@@ -55,13 +57,16 @@ export class NavigationComponent {
   }
 
   ngOnDestroy() {
-    this.subscription.unsubscribe();
+    this.subscription && this.subscription.unsubscribe();
   }
 
   getElementId(node: RouteWithIcon) {
-    return node.path === 'registrars'
-      ? RESTRICTED_ELEMENTS.REGISTRAR_ELEMENT
-      : null;
+    if (node.path === RegistrarComponent.PATH) {
+      return RESTRICTED_ELEMENTS.REGISTRAR_ELEMENT;
+    } else if (node.path === PATHS.UsersComponent) {
+      return RESTRICTED_ELEMENTS.USERS;
+    }
+    return null;
   }
 
   syncExpandedNavigationWithRoute(url: string) {

console-webapp/src/app/ote/newOte.component.html

@@ -30,7 +30,14 @@
         >
       </mat-form-field>
     </p>
-    <button mat-flat-button color="primary" type="submit">Save</button>
+    <button
+      mat-flat-button
+      color="primary"
+      type="submit"
+      aria-label="Submit new OT&E account"
+    >
+      Save
+    </button>
   </form>
   }
 </div>

console-webapp/src/app/ote/newOte.component.ts

@@ -26,7 +26,6 @@ export interface OteCreateResponse extends Map<string, string> {
 
 @Component({
   selector: 'app-ote',
-  standalone: true,
   imports: [MaterialModule, SnackBarModule],
   templateUrl: './newOte.component.html',
   styleUrls: ['./newOte.component.scss'],

console-webapp/src/app/ote/oteStatus.component.ts

@@ -31,7 +31,6 @@ export interface OteStatusResponse {
 
 @Component({
   selector: 'app-ote-status',
-  standalone: true,
   imports: [MaterialModule, SnackBarModule, CommonModule],
   templateUrl: './oteStatus.component.html',
   styleUrls: ['./oteStatus.component.scss'],

console-webapp/src/app/registrar/newRegistrar.component.html

@@ -175,6 +175,7 @@ JPY=billing-id-for-yen"
       mat-flat-button
       color="primary"
       type="submit"
+      aria-label="Submit new registrar request"
     >
       Save
     </button>

console-webapp/src/app/registrar/newRegistrar.component.ts

@@ -33,6 +33,7 @@ interface LocalizedAddressStreet {
   templateUrl: './newRegistrar.component.html',
   styleUrls: ['./newRegistrar.component.scss'],
   encapsulation: ViewEncapsulation.None,
+  standalone: false,
 })
 export default class NewRegistrarComponent {
   protected newRegistrar: Registrar;
@@ -47,7 +48,6 @@ export default class NewRegistrarComponent {
     this.newRegistrar = {
       registrarId: '',
       url: '',
-      whoisServer: '',
       registrarName: '',
       icannReferralEmail: '',
       localizedAddress: {

console-webapp/src/app/registrar/registrar.service.ts

@@ -50,17 +50,16 @@ export interface SecuritySettings
   ipAddressAllowList?: Array<IpAllowListItem>;
 }
 
-export interface WhoisRegistrarFields {
+export interface RdapRegistrarFields {
   ianaIdentifier?: number;
   icannReferralEmail: string;
   localizedAddress: Address;
   registrarId: string;
   url: string;
-  whoisServer: string;
 }
 
 export interface Registrar
-  extends WhoisRegistrarFields,
+  extends RdapRegistrarFields,
     SecuritySettingsBackendModel {
   allowedTlds?: string[];
   billingAccountMap?: object;
@@ -72,6 +71,7 @@ export interface Registrar
   registrarName: string;
   registryLockAllowed?: boolean;
   type?: string;
+  lastPocVerificationDate?: string;
 }
 
 @Injectable({

console-webapp/src/app/registrar/registrarDetails.component.html

@@ -1,4 +1,8 @@
-<div class="console-app__registrar-view">
+<div
+  class="console-app__registrar-view"
+  cdkTrapFocus
+  [cdkTrapFocusAutoCapture]="true"
+>
   <h1 class="mat-headline-4">Registrars</h1>
   <mat-divider></mat-divider>
   <div class="console-app__registrar-view-content">
@@ -12,7 +16,7 @@
         *ngIf="oteButtonVisible"
         mat-stroked-button
         (click)="checkOteStatus()"
-        aria-label="Check OT&E account"
+        aria-label="Check OT&E account status"
         [elementId]="getElementIdForOteBlock()"
       >
         Check OT&E Status

console-webapp/src/app/registrar/registrarDetails.component.ts

@@ -27,6 +27,7 @@ import { environment } from '../../environments/environment';
   selector: 'app-registrar-details',
   templateUrl: './registrarDetails.component.html',
   styleUrls: ['./registrarDetails.component.scss'],
+  standalone: false,
 })
 export class RegistrarDetailsComponent implements OnInit {
   public static PATH = 'registrars/:id';

console-webapp/src/app/registrar/registrarSelector.component.html

@@ -11,6 +11,7 @@
       [ngModelOptions]="{ standalone: true }"
       (focus)="onFocus()"
       [matAutocomplete]="auto"
+      spellcheck="false"
     />
     <mat-autocomplete
       autoActiveFirstOption

console-webapp/src/app/registrar/registrarSelector.component.ts

@@ -19,6 +19,7 @@ import { RegistrarService } from './registrar.service';
   selector: 'app-registrar-selector',
   templateUrl: './registrarSelector.component.html',
   styleUrls: ['./registrarSelector.component.scss'],
+  standalone: false,
 })
 export class RegistrarSelectorComponent {
   registrarInput = signal<string>(this.registrarService.registrarId());

console-webapp/src/app/registrar/registrarsTable.component.html

@@ -3,7 +3,7 @@
 } @else {
 <div class="console-app__registrars">
   <div class="console-app__registrars-header">
-    <h1 class="mat-headline-4">Registrars</h1>
+    <h1 class="mat-headline-4" forceFocus>Registrars</h1>
     <div class="spacer"></div>
     <button
       mat-stroked-button
@@ -59,6 +59,8 @@
         <mat-row
           *matRowDef="let row; columns: displayedColumns"
           (click)="openDetails(row.registrarId)"
+          tabindex="0"
+          (keyup.enter)="openDetails(row.registrarId)"
         ></mat-row>
       </mat-table>
 

console-webapp/src/app/registrar/registrarsTable.component.ts

@@ -78,6 +78,7 @@ export const columns = [
   templateUrl: './registrarsTable.component.html',
   styleUrls: ['./registrarsTable.component.scss'],
   encapsulation: ViewEncapsulation.None,
+  standalone: false,
 })
 export class RegistrarComponent {
   public static PATH = 'registrars';

console-webapp/src/app/resources/resources.component.html

@@ -1,4 +1,4 @@
-<h1 class="mat-headline-4">Resources</h1>
+<h1 class="mat-headline-4" forceFocus>Resources</h1>
 <div class="console-app__resources">
   <div>
     <div class="console-app__resources-subhead">Technical resources</div>
@@ -11,6 +11,6 @@
     >
   </div>
   <div>
-    <img src="./assets/resources.png" />
+    <img src="./assets/resources.png" alt="Generic resources image" />
   </div>
 </div>

console-webapp/src/app/resources/resources.component.scss

@@ -16,7 +16,7 @@
     width: 100%;
   }
   &-subhead {
-    font-size: 20px;
+    font-size: 1.25rem;
     margin-bottom: 20px;
   }
 }

console-webapp/src/app/resources/resources.component.ts

@@ -19,6 +19,7 @@ import { UserDataService } from '../shared/services/userData.service';
   selector: 'app-resources',
   templateUrl: './resources.component.html',
   styleUrls: ['./resources.component.scss'],
+  standalone: false,
 })
 export class ResourcesComponent {
   public static PATH = 'resources';

console-webapp/src/app/settings/contact/contact.component.html

@@ -32,7 +32,9 @@
     <mat-header-row *matHeaderRowDef="displayedColumns"></mat-header-row>
     <mat-row
       *matRowDef="let row; columns: displayedColumns"
+      tabindex="0"
       (click)="openDetails(row)"
+      (keyup.enter)="openDetails(row)"
     ></mat-row>
   </mat-table>
   }

console-webapp/src/app/settings/contact/contact.component.ts

@@ -16,17 +16,14 @@ import { Component, effect, ViewEncapsulation } from '@angular/core';
 import { MatTableDataSource } from '@angular/material/table';
 import { take } from 'rxjs';
 import { RegistrarService } from 'src/app/registrar/registrar.service';
-import {
-  ContactService,
-  contactTypeToViewReadyContact,
-  ViewReadyContact,
-} from './contact.service';
+import { ContactService, ViewReadyContact } from './contact.service';
 
 @Component({
   selector: 'app-contact',
   templateUrl: './contact.component.html',
   styleUrls: ['./contact.component.scss'],
   encapsulation: ViewEncapsulation.None,
+  standalone: false,
 })
 export default class ContactComponent {
   public static PATH = 'contact';

console-webapp/src/app/settings/contact/contact.service.ts

@@ -35,7 +35,7 @@ export const contactTypeToTextMap: contactTypesToUserFriendlyTypes = {
   LEGAL: 'Legal contact',
   MARKETING: 'Marketing contact',
   TECH: 'Technical contact',
-  WHOIS: 'WHOIS-Inquiry contact',
+  WHOIS: 'RDAP-Inquiry contact',
 };
 
 type UserFriendlyType = (typeof contactTypeToTextMap)[contactType];
@@ -59,7 +59,10 @@ export interface ViewReadyContact extends Contact {
 export function contactTypeToViewReadyContact(c: Contact): ViewReadyContact {
   return {
     ...c,
-    userFriendlyTypes: c.types?.map((cType) => contactTypeToTextMap[cType]),
+    userFriendlyTypes: (c.types || []).map(
+      (cType) => contactTypeToTextMap[cType]
+    ),
+    types: c.types || [],
   };
 }
 
@@ -83,7 +86,7 @@ export class ContactService {
       : contactTypeToViewReadyContact({
           emailAddress: '',
           name: '',
-          types: ['ADMIN'],
+          types: ['TECH'],
           faxNumber: '',
           phoneNumber: '',
           registrarId: '',
@@ -98,19 +101,21 @@ export class ContactService {
     );
   }
 
-  saveContacts(contacts: ViewReadyContact[]): Observable<Contact[]> {
+  updateContact(contact: ViewReadyContact) {
     return this.backend
-      .postContacts(this.registrarService.registrarId(), contacts)
+      .updateContact(this.registrarService.registrarId(), contact)
       .pipe(switchMap((_) => this.fetchContacts()));
   }
 
   addContact(contact: ViewReadyContact) {
-    const newContacts = this.contacts().concat([contact]);
-    return this.saveContacts(newContacts);
+    return this.backend
+      .createContact(this.registrarService.registrarId(), contact)
+      .pipe(switchMap((_) => this.fetchContacts()));
   }
 
   deleteContact(contact: ViewReadyContact) {
-    const newContacts = this.contacts().filter((c) => c !== contact);
-    return this.saveContacts(newContacts);
+    return this.backend
+      .deleteContact(this.registrarService.registrarId(), contact)
+      .pipe(switchMap((_) => this.fetchContacts()));
   }
 }

console-webapp/src/app/settings/contact/contactDetails.component.html

@@ -1,4 +1,9 @@
-<div class="console-app__contact" *ngIf="contactService.contactInEdit">
+<div
+  class="console-app__contact"
+  *ngIf="contactService.contactInEdit"
+  cdkTrapFocus
+  [cdkTrapFocusAutoCapture]="true"
+>
   <div class="console-app__contact-controls">
     <button
       mat-icon-button
@@ -51,6 +56,7 @@
           [required]="true"
           [(ngModel)]="contactService.contactInEdit.emailAddress"
           [ngModelOptions]="{ standalone: true }"
+          [disabled]="emailAddressIsDisabled()"
         />
       </mat-form-field>
 
@@ -80,24 +86,28 @@
         <mat-icon color="accent">error</mat-icon>Required to select at least one
       </p>
       <div class="">
-        <mat-checkbox
+        <ng-container
           *ngFor="let contactType of contactTypeToTextMap | keyvalue"
-          [checked]="checkboxIsChecked(contactType.key)"
-          (change)="checkboxOnChange($event, contactType.key)"
-          [disabled]="checkboxIsDisabled(contactType.key)"
         >
-          {{ contactType.value }}
-        </mat-checkbox>
+          <mat-checkbox
+            *ngIf="shouldDisplayCheckbox(contactType.key)"
+            [checked]="checkboxIsChecked(contactType.key)"
+            (change)="checkboxOnChange($event, contactType.key)"
+            [disabled]="checkboxIsDisabled(contactType.key)"
+          >
+            {{ contactType.value }}
+          </mat-checkbox>
+        </ng-container>
       </div>
     </section>
 
     <section>
-      <h1>WHOIS Preferences</h1>
+      <h1>RDAP Preferences</h1>
       <div>
         <mat-checkbox
           [(ngModel)]="contactService.contactInEdit.visibleInWhoisAsAdmin"
           [ngModelOptions]="{ standalone: true }"
-          >Show in Registrar WHOIS record as admin contact</mat-checkbox
+          >Show in Registrar RDAP record as admin contact</mat-checkbox
         >
       </div>
 
@@ -105,7 +115,7 @@
         <mat-checkbox
           [(ngModel)]="contactService.contactInEdit.visibleInWhoisAsTech"
           [ngModelOptions]="{ standalone: true }"
-          >Show in Registrar WHOIS record as technical contact</mat-checkbox
+          >Show in Registrar RDAP record as technical contact</mat-checkbox
         >
       </div>
 
@@ -113,8 +123,8 @@
         <mat-checkbox
           [(ngModel)]="contactService.contactInEdit.visibleInDomainWhoisAsAbuse"
           [ngModelOptions]="{ standalone: true }"
-          >Show Phone and Email in Domain WHOIS Record as registrar abuse
-          contact (per CL&D requirements)</mat-checkbox
+          >Show Phone and Email in Domain RDAP Record as registrar abuse contact
+          (per CL&D requirements)</mat-checkbox
         >
       </div>
     </section>
@@ -123,6 +133,7 @@
       mat-flat-button
       color="primary"
       type="submit"
+      aria-label="Save contact updates"
     >
       Save
     </button>
@@ -170,13 +181,13 @@
     <mat-card-content>
       <mat-list role="list">
         <mat-list-item role="listitem">
-          <h2>WHOIS Preferences</h2>
+          <h2>RDAP Preferences</h2>
         </mat-list-item>
         @if(contactService.contactInEdit.visibleInWhoisAsAdmin) {
         <mat-divider></mat-divider>
         <mat-list-item role="listitem">
           <span class="console-app__list-value"
-            >Show in Registrar WHOIS record as admin contact</span
+            >Show in Registrar RDAP record as admin contact</span
           >
         </mat-list-item>
         } @if(contactService.contactInEdit.visibleInWhoisAsTech) {
@@ -186,14 +197,14 @@
           *ngIf="contactService.contactInEdit.visibleInWhoisAsTech"
         >
           <span class="console-app__list-value"
-            >Show in Registrar WHOIS record as technical contact</span
+            >Show in Registrar RDAP record as technical contact</span
           >
         </mat-list-item>
         } @if(contactService.contactInEdit.visibleInDomainWhoisAsAbuse) {
         <mat-divider></mat-divider>
         <mat-list-item role="listitem">
           <span class="console-app__list-value"
-            >Show Phone and Email in Domain WHOIS Record as registrar abuse
+            >Show Phone and Email in Domain RDAP Record as registrar abuse
             contact (per CL&D requirements)</span
           >
         </mat-list-item>

console-webapp/src/app/settings/contact/contactDetails.component.ts

@@ -27,6 +27,7 @@ import {
   selector: 'app-contact-details',
   templateUrl: './contactDetails.component.html',
   styleUrls: ['./contactDetails.component.scss'],
+  standalone: false,
 })
 export class ContactDetailsComponent {
   protected contactTypeToTextMap = contactTypeToTextMap;
@@ -68,9 +69,13 @@ export class ContactDetailsComponent {
 
   save(e: SubmitEvent) {
     e.preventDefault();
+    if ((this.contactService.contactInEdit.types || []).length === 0) {
+      this._snackBar.open('Required to select contact type');
+      return;
+    }
     const request = this.contactService.isContactNewView
       ? this.contactService.addContact(this.contactService.contactInEdit)
-      : this.contactService.saveContacts(this.contactService.contacts());
+      : this.contactService.updateContact(this.contactService.contactInEdit);
     request.subscribe({
       complete: () => {
         this.goBack();
@@ -81,6 +86,10 @@ export class ContactDetailsComponent {
     });
   }
 
+  shouldDisplayCheckbox(type: string) {
+    return type !== 'ADMIN' || this.checkboxIsChecked(type);
+  }
+
   checkboxIsChecked(type: string) {
     return this.contactService.contactInEdit.types.includes(
       type as contactType
@@ -88,6 +97,9 @@ export class ContactDetailsComponent {
   }
 
   checkboxIsDisabled(type: string) {
+    if (type === 'ADMIN') {
+      return true;
+    }
     return (
       this.contactService.contactInEdit.types.length === 1 &&
       this.contactService.contactInEdit.types[0] === (type as contactType)
@@ -104,4 +116,8 @@ export class ContactDetailsComponent {
         );
     }
   }
+
+  emailAddressIsDisabled() {
+    return this.contactService.contactInEdit.types.includes('ADMIN');
+  }
 }

console-webapp/src/app/settings/rdap/rdap.component.html

@@ -1,18 +1,18 @@
-@if(whoisService.editing) {
-<app-whois-edit></app-whois-edit>
+@if(rdapService.editing) {
+<app-rdap-edit></app-rdap-edit>
 } @else {
-<div class="console-app__whois">
-  <div class="console-app__whois-controls">
+<div class="console-app__rdap">
+  <div class="console-app__rdap-controls">
     <span>
-      General registrar information for your WHOIS record. This information is
-      always visible in WHOIS.
+      General registrar information for your RDAP record. This information is
+      always visible in RDAP.
     </span>
     <div class="spacer"></div>
     <button
       mat-flat-button
       color="primary"
-      aria-label="Edit WHOIS record"
-      (click)="whoisService.editing = true"
+      aria-label="Edit RDAP record"
+      (click)="rdapService.editing = true"
     >
       <mat-icon>edit</mat-icon>
       Edit
@@ -61,45 +61,5 @@
       </mat-list>
     </mat-card-content>
   </mat-card>
-
-  <mat-card appearance="outlined">
-    <mat-card-content>
-      <mat-list role="list">
-        <mat-list-item role="listitem">
-          <h2>Technical Info</h2>
-        </mat-list-item>
-        <mat-divider></mat-divider>
-        <mat-list-item role="listitem">
-          <span class="console-app__list-key">IANA Identifier</span>
-          <span class="console-app__list-value">{{
-            registrarService.registrar()?.ianaIdentifier
-          }}</span>
-        </mat-list-item>
-        <mat-divider></mat-divider>
-        <mat-list-item role="listitem">
-          <div>
-            <span class="console-app__list-key">ICANN Referral Email</span>
-            <span class="console-app__list-value">{{
-              registrarService.registrar()?.icannReferralEmail
-            }}</span>
-          </div>
-        </mat-list-item>
-        <mat-divider></mat-divider>
-        <mat-list-item role="listitem">
-          <span class="console-app__list-key">WHOIS server</span>
-          <span class="console-app__list-value">{{
-            registrarService.registrar()?.whoisServer
-          }}</span>
-        </mat-list-item>
-        <mat-divider></mat-divider>
-        <mat-list-item role="listitem">
-          <span class="console-app__list-key">Referral URL</span>
-          <span class="console-app__list-value">{{
-            registrarService.registrar()?.url
-          }}</span>
-        </mat-list-item>
-      </mat-list>
-    </mat-card-content>
-  </mat-card>
 </div>
 }

console-webapp/src/app/settings/rdap/rdap.component.scss

@@ -1,4 +1,4 @@
-.console-app__whois {
+.console-app__rdap {
   max-width: 616px;
 
   &-controls {

console-webapp/src/app/settings/rdap/rdap.component.spec.ts

@@ -20,15 +20,15 @@ import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 import { MaterialModule } from 'src/app/material.module';
 import { RegistrarService } from 'src/app/registrar/registrar.service';
 import { BackendService } from 'src/app/shared/services/backend.service';
-import WhoisComponent from './whois.component';
+import RdapComponent from './rdap.component';
 
-describe('WhoisComponent', () => {
-  let component: WhoisComponent;
-  let fixture: ComponentFixture<WhoisComponent>;
+describe('RdapComponent', () => {
+  let component: RdapComponent;
+  let fixture: ComponentFixture<RdapComponent>;
 
   beforeEach(async () => {
     await TestBed.configureTestingModule({
-      declarations: [WhoisComponent],
+      declarations: [RdapComponent],
       imports: [MaterialModule, BrowserAnimationsModule],
       providers: [
         BackendService,
@@ -45,7 +45,7 @@ describe('WhoisComponent', () => {
       ],
     }).compileComponents();
 
-    fixture = TestBed.createComponent(WhoisComponent);
+    fixture = TestBed.createComponent(RdapComponent);
     component = fixture.componentInstance;
     fixture.detectChanges();
   });

console-webapp/src/app/settings/rdap/rdap.component.ts

@@ -14,16 +14,16 @@
 
 import { Component, computed } from '@angular/core';
 import { RegistrarService } from 'src/app/registrar/registrar.service';
-
-import { WhoisService } from './whois.service';
+import { RdapService } from './rdap.service';
 
 @Component({
-  selector: 'app-whois',
-  templateUrl: './whois.component.html',
-  styleUrls: ['./whois.component.scss'],
+  selector: 'app-rdap',
+  templateUrl: './rdap.component.html',
+  styleUrls: ['./rdap.component.scss'],
+  standalone: false,
 })
-export default class WhoisComponent {
-  public static PATH = 'whois';
+export default class RdapComponent {
+  public static PATH = 'rdap';
   formattedAddress = computed(() => {
     let result = '';
     const registrar = this.registrarService.registrar();
@@ -46,7 +46,7 @@ export default class WhoisComponent {
   });
 
   constructor(
-    public whoisService: WhoisService,
+    public rdapService: RdapService,
     public registrarService: RegistrarService
   ) {}
 }

console-webapp/src/app/settings/rdap/rdap.service.ts

@@ -16,14 +16,14 @@ import { Injectable } from '@angular/core';
 import { switchMap } from 'rxjs';
 import {
   RegistrarService,
-  WhoisRegistrarFields,
+  RdapRegistrarFields,
 } from 'src/app/registrar/registrar.service';
 import { BackendService } from 'src/app/shared/services/backend.service';
 
 @Injectable({
   providedIn: 'root',
 })
-export class WhoisService {
+export class RdapService {
   editing: boolean = false;
 
   constructor(
@@ -31,8 +31,8 @@ export class WhoisService {
     private registrarService: RegistrarService
   ) {}
 
-  saveChanges(newWhoisRegistrarFields: WhoisRegistrarFields) {
-    return this.backend.postWhoisRegistrarFields(newWhoisRegistrarFields).pipe(
+  saveChanges(newRdapRegistrarFields: RdapRegistrarFields) {
+    return this.backend.postRdapRegistrarFields(newRdapRegistrarFields).pipe(
       switchMap(() => {
         return this.registrarService.loadRegistrars();
       })

console-webapp/src/app/settings/rdap/rdapEdit.component.html

@@ -1,22 +1,27 @@
-<div class="console-app__whois-edit" *ngIf="registrarInEdit">
+<div
+  class="console-app__rdap-edit"
+  *ngIf="registrarInEdit"
+  cdkTrapFocus
+  [cdkTrapFocusAutoCapture]="true"
+>
   <button
     mat-icon-button
-    class="console-app__whois-edit-back"
-    aria-label="Back to whois view"
-    (click)="whoisService.editing = false"
+    class="console-app__rdap-edit-back"
+    aria-label="Back to rdap view"
+    (click)="rdapService.editing = false"
   >
     <mat-icon>arrow_back</mat-icon>
   </button>
 
-  <div class="console-app__whois-edit-controls">
+  <div class="console-app__rdap-edit-controls">
     <span>
-      General registrar information for your WHOIS record. This information is
-      always visible in WHOIS.
+      General registrar information for your RDAP record. This information is
+      always visible in RDAP.
     </span>
     <div class="spacer"></div>
   </div>
 
-  <div class="console-app__whois-edit">
+  <div class="console-app__rdap-edit">
     <h1>Personal info</h1>
 
     <form (ngSubmit)="save($event)">
@@ -110,41 +115,14 @@
         />
       </mat-form-field>
 
-      <h1>Technical info</h1>
-
-      <mat-form-field appearance="outline">
-        <mat-label>WHOIS server: </mat-label>
-        <input
-          matInput
-          type="text"
-          [(ngModel)]="registrarInEdit.whoisServer"
-          [ngModelOptions]="{ standalone: true }"
-        />
-      </mat-form-field>
-
-      <mat-form-field appearance="outline">
-        <mat-label>Referral URL: </mat-label>
-        <input
-          matInput
-          type="text"
-          [(ngModel)]="registrarInEdit.url"
-          [ngModelOptions]="{ standalone: true }"
-        />
-      </mat-form-field>
-
-      @if((userDataService.userData()?.globalRole || 'NONE') !== "NONE") {
-      <mat-form-field appearance="outline">
-        <mat-label>ICANN Referral Email: </mat-label>
-        <input
-          matInput
-          type="text"
-          [(ngModel)]="registrarInEdit.icannReferralEmail"
-          [ngModelOptions]="{ standalone: true }"
-        />
-      </mat-form-field>
-      }
-
-      <button mat-flat-button color="primary" type="submit">Save</button>
+      <button
+        mat-flat-button
+        color="primary"
+        type="submit"
+        aria-label="Save RDAO settings"
+      >
+        Save
+      </button>
     </form>
   </div>
 </div>

console-webapp/src/app/settings/rdap/rdapEdit.component.scss

@@ -1,4 +1,4 @@
-.console-app__whois-edit {
+.console-app__rdap-edit {
   max-width: 616px;
 
   &-controls {

console-webapp/src/app/settings/rdap/rdapEdit.component.ts

@@ -20,19 +20,20 @@ import {
   RegistrarService,
 } from 'src/app/registrar/registrar.service';
 import { UserDataService } from 'src/app/shared/services/userData.service';
-import { WhoisService } from './whois.service';
+import { RdapService } from './rdap.service';
 
 @Component({
-  selector: 'app-whois-edit',
-  templateUrl: './whoisEdit.component.html',
-  styleUrls: ['./whoisEdit.component.scss'],
+  selector: 'app-rdap-edit',
+  templateUrl: './rdapEdit.component.html',
+  styleUrls: ['./rdapEdit.component.scss'],
+  standalone: false,
 })
-export default class WhoisEditComponent {
+export default class RdapEditComponent {
   registrarInEdit: Registrar | undefined;
 
   constructor(
     public userDataService: UserDataService,
-    public whoisService: WhoisService,
+    public rdapService: RdapService,
     public registrarService: RegistrarService,
     private _snackBar: MatSnackBar
   ) {
@@ -48,9 +49,9 @@ export default class WhoisEditComponent {
     e.preventDefault();
     if (!this.registrarInEdit) return;
 
-    this.whoisService.saveChanges(this.registrarInEdit).subscribe({
+    this.rdapService.saveChanges(this.registrarInEdit).subscribe({
       complete: () => {
-        this.whoisService.editing = false;
+        this.rdapService.editing = false;
       },
       error: (err: HttpErrorResponse) => {
         this._snackBar.open(err.error);

console-webapp/src/app/settings/security/eppPasswordEdit.component.html

@@ -1,4 +1,8 @@
-<div class="settings-security__edit-password">
+<div
+  class="settings-security__edit-password"
+  cdkTrapFocus
+  [cdkTrapFocusAutoCapture]="true"
+>
   <p>
     <button
       mat-icon-button

console-webapp/src/app/settings/security/eppPasswordEdit.component.ts

@@ -33,6 +33,7 @@ type errorFriendlyText = { [type in errorCode]: String };
   selector: 'app-epp-password-edit',
   templateUrl: './eppPasswordEdit.component.html',
   styleUrls: ['./eppPasswordEdit.component.scss'],
+  standalone: false,
 })
 export default class EppPasswordEditComponent {
   MIN_MAX_LENGHT = new String(

console-webapp/src/app/settings/security/security.component.spec.ts

@@ -42,7 +42,7 @@ describe('SecurityComponent', () => {
     fetchSecurityDetailsSpy =
       securityServiceSpy.fetchSecurityDetails.and.returnValue(of());
 
-    saveSpy = securityServiceSpy.saveChanges;
+    saveSpy = securityServiceSpy.saveChanges.and.returnValue(of());
 
     await TestBed.configureTestingModule({
       declarations: [SecurityEditComponent, SecurityComponent],

console-webapp/src/app/settings/security/security.component.ts

@@ -23,6 +23,7 @@ import { SecurityService, apiToUiConverter } from './security.service';
   selector: 'app-security',
   templateUrl: './security.component.html',
   styleUrls: ['./security.component.scss'],
+  standalone: false,
 })
 export default class SecurityComponent {
   public static PATH = 'security';

console-webapp/src/app/settings/security/securityEdit.component.html

@@ -1,4 +1,8 @@
-<div class="settings-security__edit">
+<div
+  class="settings-security__edit"
+  cdkTrapFocus
+  [cdkTrapFocusAutoCapture]="true"
+>
   <h1>IP Allowlist</h1>
   <p>
     Restrict access to EPP production servers to the following IP/IPv6
@@ -10,6 +14,7 @@
       <mat-form-field appearance="outline">
         <input
           matInput
+          [disabled]="isUpdating"
           type="text"
           [(ngModel)]="ip.value"
           [ngModelOptions]="{ standalone: true }"
@@ -18,14 +23,22 @@
       <button
         matSuffix
         mat-icon-button
-        aria-label="Remove"
+        [attr.aria-label]="'Remove IP entry ' + ip.value"
         (click)="removeIpEntry(ip)"
+        [disabled]="isUpdating"
       >
         <mat-icon>close</mat-icon>
       </button>
     </div>
     }
-    <button mat-button color="primary" (click)="createIpEntry()" type="button">
+    <button
+      mat-button
+      [disabled]="isUpdating"
+      color="primary"
+      (click)="createIpEntry()"
+      aria-label="Add new IP address"
+      type="button"
+    >
       + Add IP
     </button>
 
@@ -35,6 +48,7 @@
       <textarea
         class="console-app__clientCertificateValue"
         matInput
+        [disabled]="isUpdating"
         [(ngModel)]="dataSource.clientCertificate"
         [ngModelOptions]="{ standalone: true }"
       ></textarea>
@@ -44,6 +58,7 @@
     <mat-form-field appearance="outline">
       <textarea
         matInput
+        [disabled]="isUpdating"
         [(ngModel)]="dataSource.failoverClientCertificate"
         [ngModelOptions]="{ standalone: true }"
       ></textarea>
@@ -51,6 +66,7 @@
     <button
       mat-flat-button
       color="primary"
+      [disabled]="isUpdating"
       aria-label="Save security settings"
       type="submit"
       class="settings-security__edit-save"

console-webapp/src/app/settings/security/securityEdit.component.ts

@@ -26,9 +26,11 @@ import { SecurityService, apiToUiConverter } from './security.service';
   selector: 'app-security-edit',
   templateUrl: './securityEdit.component.html',
   styleUrls: ['./securityEdit.component.scss'],
+  standalone: false,
 })
 export default class SecurityEditComponent {
   dataSource: SecuritySettings = {};
+  isUpdating = false;
 
   constructor(
     public securityService: SecurityService,
@@ -43,12 +45,15 @@ export default class SecurityEditComponent {
   }
 
   save() {
+    this.isUpdating = true;
     this.securityService.saveChanges(this.dataSource).subscribe({
       complete: () => {
+        this.isUpdating = false;
         this.goBack();
       },
       error: (err: HttpErrorResponse) => {
-        this._snackBar.open(err.error);
+        this._snackBar.open(err.error || err.message);
+        this.isUpdating = false;
       },
     });
   }

console-webapp/src/app/settings/settings.component.html

@@ -1,6 +1,6 @@
 <app-selected-registrar-wrapper>
   <div class="console-settings">
-    <h1 class="mat-headline-4">Settings</h1>
+    <h1 class="mat-headline-4" forceFocus>Settings</h1>
     <nav
       mat-tab-nav-bar
       mat-stretch-tabs="false"
@@ -10,22 +10,31 @@
       <a
         mat-tab-link
         routerLink="contact"
-        routerLinkActive="active-link"
+        routerLinkActive
         queryParamsHandling="merge"
+        #rla="routerLinkActive"
+        [active]="rla.isActive"
+        aria-label="Access contacts settings"
         >Contacts</a
       >
       <a
         mat-tab-link
-        routerLink="whois"
-        routerLinkActive="active-link"
+        routerLink="rdap"
+        routerLinkActive
         queryParamsHandling="merge"
-        >WHOIS Info</a
+        #rla2="routerLinkActive"
+        [active]="rla2.isActive"
+        aria-label="Access rdap settings"
+        >RDAP Info</a
       >
       <a
         mat-tab-link
         routerLink="security"
-        routerLinkActive="active-link"
+        routerLinkActive
         queryParamsHandling="merge"
+        #rla3="routerLinkActive"
+        [active]="rla3.isActive"
+        aria-label="Access security settings"
         >Security</a
       >
     </nav>

console-webapp/src/app/settings/settings.component.scss

@@ -13,14 +13,6 @@
 // limitations under the License.
 
 .console-settings {
-  .mdc-tab {
-    &.active-link {
-      border-bottom: 2px solid var(--primary);
-      .mdc-tab__text-label {
-        color: var(--primary);
-      }
-    }
-  }
   nav {
     margin-bottom: 40px;
   }

console-webapp/src/app/settings/settings.component.spec.ts

@@ -17,6 +17,12 @@ import { ComponentFixture, TestBed } from '@angular/core/testing';
 import { SettingsComponent } from './settings.component';
 import { MaterialModule } from '../material.module';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
+import { ActivatedRoute } from '@angular/router';
+import { AppModule, SelectedRegistrarModule } from '../app.module';
+import { BackendService } from '../shared/services/backend.service';
+import { provideHttpClient } from '@angular/common/http';
+import { provideHttpClientTesting } from '@angular/common/http/testing';
+import { AppRoutingModule } from '../app-routing.module';
 
 describe('SettingsComponent', () => {
   let component: SettingsComponent;
@@ -24,7 +30,19 @@ describe('SettingsComponent', () => {
 
   beforeEach(async () => {
     await TestBed.configureTestingModule({
-      imports: [MaterialModule, BrowserAnimationsModule],
+      imports: [
+        SelectedRegistrarModule,
+        MaterialModule,
+        BrowserAnimationsModule,
+        AppRoutingModule,
+        AppModule,
+      ],
+      providers: [
+        BackendService,
+        { provide: ActivatedRoute, useValue: {} as ActivatedRoute },
+        provideHttpClient(),
+        provideHttpClientTesting(),
+      ],
       declarations: [SettingsComponent],
     }).compileComponents();
 

console-webapp/src/app/settings/settings.component.ts

@@ -19,6 +19,7 @@ import { Component, ViewEncapsulation } from '@angular/core';
   templateUrl: './settings.component.html',
   styleUrls: ['./settings.component.scss'],
   encapsulation: ViewEncapsulation.None,
+  standalone: false,
 })
 export class SettingsComponent {
   public static PATH = 'settings';

console-webapp/src/app/settings/users/users.component.html

@@ -1 +0,0 @@
-<p>users works!</p>

console-webapp/src/app/shared/components/notifications/notifications.component.ts

@@ -24,6 +24,7 @@ interface Notification {
   selector: 'app-notifications',
   templateUrl: './notifications.component.html',
   styleUrls: ['./notifications.component.scss'],
+  standalone: false,
 })
 export class NotificationsComponent {
   protected mockNotifications: Notification[] = [

console-webapp/src/app/shared/components/pocReminder/pocReminder.component.html

@@ -0,0 +1,14 @@
+<div class="console-app__pocReminder">
+  <p class="">
+    Please take a moment to complete annual review of
+    <a routerLink="/settings">contacts</a>.
+  </p>
+  <span matSnackBarActions>
+    <button mat-button matSnackBarAction (click)="confirmReviewed()">
+      Confirm reviewed
+    </button>
+    <button mat-button matSnackBarAction (click)="snackBarRef.dismiss()">
+      Close
+    </button>
+  </span>
+</div>

console-webapp/src/app/shared/components/pocReminder/pocReminder.component.scss

@@ -0,0 +1,5 @@
+.console-app__pocReminder {
+  a {
+    color: white !important;
+  }
+}

console-webapp/src/app/shared/components/pocReminder/pocReminder.component.ts

@@ -0,0 +1,53 @@
+// Copyright 2025 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import { Component } from '@angular/core';
+import { MatSnackBar, MatSnackBarRef } from '@angular/material/snack-bar';
+import { RegistrarService } from '../../../registrar/registrar.service';
+import { HttpErrorResponse } from '@angular/common/http';
+
+@Component({
+  selector: 'app-poc-reminder',
+  templateUrl: './pocReminder.component.html',
+  styleUrls: ['./pocReminder.component.scss'],
+  standalone: false,
+})
+export class PocReminderComponent {
+  constructor(
+    public snackBarRef: MatSnackBarRef<PocReminderComponent>,
+    private registrarService: RegistrarService,
+    private _snackBar: MatSnackBar
+  ) {}
+
+  confirmReviewed() {
+    if (this.registrarService.registrar()) {
+      const todayMidnight = new Date();
+      todayMidnight.setHours(0, 0, 0, 0);
+      this.registrarService
+        // @ts-ignore - if check  above won't allow empty object to be submitted
+        .updateRegistrar({
+          ...this.registrarService.registrar(),
+          lastPocVerificationDate: todayMidnight.toISOString(),
+        })
+        .subscribe({
+          error: (err: HttpErrorResponse) => {
+            this._snackBar.open(err.error || err.message);
+          },
+          next: () => {
+            this.snackBarRef.dismiss();
+          },
+        });
+    }
+  }
+}

console-webapp/src/app/shared/components/selectedRegistrarWrapper/selectedRegistrarWrapper.component.ts

@@ -31,6 +31,7 @@ import { RegistrarService } from 'src/app/registrar/registrar.service';
     </div>
     }
   `,
+  standalone: false,
 })
 export class SelectedRegistrarWrapper {
   constructor(protected registrarService: RegistrarService) {}

console-webapp/src/app/shared/directives/forceFocus.directive.ts

@@ -1,4 +1,4 @@
-// Copyright 2017 The Nomulus Authors. All Rights Reserved.
+// Copyright 2025 The Nomulus Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -12,5 +12,20 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-@javax.annotation.ParametersAreNonnullByDefault
-package google.registry.ui.server.registrar;
+import { Directive, ElementRef, effect } from '@angular/core';
+
+@Directive({
+  selector: '[forceFocus]',
+  standalone: false,
+})
+export class ForceFocusDirective {
+  constructor(private el: ElementRef) {
+    effect(this.processElement.bind(this));
+  }
+
+  processElement() {
+    this.el.nativeElement.tabIndex = '1';
+    this.el.nativeElement.focus();
+    this.el.nativeElement.tabIndex = '-1';
+  }
+}

console-webapp/src/app/shared/directives/locationBack.directive.ts

@@ -17,6 +17,7 @@ import { Directive, HostListener } from '@angular/core';
 
 @Directive({
   selector: '[backButton]',
+  standalone: false,
 })
 export class LocationBackDirective {
   constructor(private location: Location) {}

console-webapp/src/app/shared/directives/userLevelVisiblity.directive.ts

@@ -18,14 +18,24 @@ import { UserDataService } from '../services/userData.service';
 export enum RESTRICTED_ELEMENTS {
   REGISTRAR_ELEMENT,
   OTE,
+  USERS,
+  BULK_DELETE,
+  SUSPEND,
 }
 
 export const DISABLED_ELEMENTS_PER_ROLE = {
-  NONE: [RESTRICTED_ELEMENTS.REGISTRAR_ELEMENT, RESTRICTED_ELEMENTS.OTE],
+  NONE: [
+    RESTRICTED_ELEMENTS.REGISTRAR_ELEMENT,
+    RESTRICTED_ELEMENTS.OTE,
+    RESTRICTED_ELEMENTS.SUSPEND,
+  ],
+  SUPPORT_LEAD: [],
+  SUPPORT_AGENT: [],
 };
 
 @Directive({
   selector: '[elementId]',
+  standalone: false,
 })
 export class UserLevelVisibility {
   @Input() elementId!: RESTRICTED_ELEMENTS | null;

console-webapp/src/app/shared/services/backend.service.ts

@@ -21,10 +21,11 @@ import { DomainLocksResult } from 'src/app/domains/registryLock.service';
 import { RegistryLockVerificationResponse } from 'src/app/lock/registryLockVerify.service';
 import { OteCreateResponse } from 'src/app/ote/newOte.component';
 import { OteStatusResponse } from 'src/app/ote/oteStatus.component';
+import { User } from 'src/app/users/users.service';
 import {
   Registrar,
   SecuritySettingsBackendModel,
-  WhoisRegistrarFields,
+  RdapRegistrarFields,
 } from '../../registrar/registrar.service';
 import { Contact } from '../../settings/contact/contact.service';
 import { EppPasswordBackendModel } from '../../settings/security/security.service';
@@ -69,13 +70,26 @@ export class BackendService {
       .pipe(catchError((err) => this.errorCatcher<Contact[]>(err)));
   }
 
-  postContacts(
-    registrarId: string,
-    contacts: Contact[]
-  ): Observable<Contact[]> {
-    return this.http.post<Contact[]>(
+  updateContact(registrarId: string, contact: Contact): Observable<Contact> {
+    return this.http.put<Contact>(
       `/console-api/settings/contacts?registrarId=${registrarId}`,
-      contacts
+      contact
+    );
+  }
+
+  createContact(registrarId: string, contact: Contact): Observable<Contact> {
+    return this.http.post<Contact>(
+      `/console-api/settings/contacts?registrarId=${registrarId}`,
+      contact
+    );
+  }
+
+  deleteContact(registrarId: string, contact: Contact): Observable<Contact> {
+    return this.http.delete<Contact>(
+      `/console-api/settings/contacts?registrarId=${registrarId}`,
+      {
+        body: JSON.stringify(contact),
+      }
     );
   }
 
@@ -159,18 +173,61 @@ export class BackendService {
     );
   }
 
+  getUsers(registrarId: string): Observable<User[]> {
+    return this.http
+      .get<User[]>(`/console-api/users?registrarId=${registrarId}`)
+      .pipe(catchError((err) => this.errorCatcher<User[]>(err)));
+  }
+
+  createUser(registrarId: string, maybeUser: User | null): Observable<User> {
+    return this.http
+      .post<User>(`/console-api/users?registrarId=${registrarId}`, maybeUser)
+      .pipe(catchError((err) => this.errorCatcher<User>(err)));
+  }
+
+  deleteUser(registrarId: string, user: User): Observable<any> {
+    return this.http
+      .delete<any>(`/console-api/users?registrarId=${registrarId}`, {
+        body: JSON.stringify(user),
+      })
+      .pipe(catchError((err) => this.errorCatcher<any>(err)));
+  }
+
+  bulkDomainAction(
+    domainNames: string[],
+    reason: string,
+    bulkDomainAction: string,
+    registrarId: string
+  ) {
+    return this.http
+      .post<any>(
+        `/console-api/bulk-domain?registrarId=${registrarId}&bulkDomainAction=${bulkDomainAction}`,
+        {
+          domainList: domainNames,
+          reason,
+        }
+      )
+      .pipe(catchError((err) => this.errorCatcher<any>(err)));
+  }
+
+  updateUser(registrarId: string, updatedUser: User): Observable<any> {
+    return this.http
+      .put<User>(`/console-api/users?registrarId=${registrarId}`, updatedUser)
+      .pipe(catchError((err) => this.errorCatcher<any>(err)));
+  }
+
   getUserData(): Observable<UserData> {
     return this.http
       .get<UserData>('/console-api/userdata')
       .pipe(catchError((err) => this.errorCatcher<UserData>(err)));
   }
 
-  postWhoisRegistrarFields(
-    whoisRegistrarFields: WhoisRegistrarFields
-  ): Observable<WhoisRegistrarFields> {
-    return this.http.post<WhoisRegistrarFields>(
-      '/console-api/settings/whois-fields',
-      whoisRegistrarFields
+  postRdapRegistrarFields(
+    rdapRegistrarFields: RdapRegistrarFields
+  ): Observable<RdapRegistrarFields> {
+    return this.http.post<RdapRegistrarFields>(
+      '/console-api/settings/rdap-fields',
+      rdapRegistrarFields
     );
   }
 
@@ -223,4 +280,15 @@ export class BackendService {
       `/console-api/registry-lock-verify?lockVerificationCode=${lockVerificationCode}`
     );
   }
+
+  requestRegistryLockPasswordReset(
+    registrarId: string,
+    registryLockEmail: string
+  ) {
+    return this.http.post('/console-api/password-reset-request', {
+      type: 'REGISTRY_LOCK',
+      registrarId,
+      registryLockEmail,
+    });
+  }
 }

console-webapp/src/app/shared/services/userData.service.ts

@@ -27,6 +27,7 @@ export interface UserData {
   supportEmail: string;
   supportPhoneNumber: string;
   technicalDocsUrl: string;
+  userRoles?: Map<string, string>;
 }
 
 @Injectable({

console-webapp/src/app/support/support.component.html

@@ -10,7 +10,10 @@
     For help with OT&E sandbox and certification, or new technical requirements
     for any of our new TLD launches.
   </p>
-  <a class="text-l" href="mailto:registry-integration@google.com"
+  <a
+    class="text-l"
+    href="mailto:registry-integration@google.com"
+    aria-label="Email us with OT&E sandbox/certification or new TLD technical requirements questions."
     >registry-integration&#64;google.com</a
   >
   <p class="text-l">
@@ -19,6 +22,7 @@
   </p>
   <a
     class="text-l"
+    aria-label="Email support with general purpose questions."
     href="mailto:{{ userDataService.userData()?.supportEmail }}"
     >{{ userDataService.userData()?.supportEmail }}</a
   >

console-webapp/src/app/support/support.component.ts

@@ -19,6 +19,7 @@ import { UserDataService } from '../shared/services/userData.service';
   selector: 'app-support',
   templateUrl: './support.component.html',
   styleUrls: ['./support.component.scss'],
+  standalone: false,
 })
 export class SupportComponent {
   public static PATH = 'support';

console-webapp/src/app/tlds/tlds.component.ts

@@ -18,5 +18,6 @@ import { Component } from '@angular/core';
   selector: 'app-tlds',
   templateUrl: './tlds.component.html',
   styleUrls: ['./tlds.component.scss'],
+  standalone: false,
 })
 export class TldsComponent {}

console-webapp/src/app/users/userDetails.component.html

@@ -0,0 +1,118 @@
+<div
+  class="console-app__user-details"
+  cdkTrapFocus
+  [cdkTrapFocusAutoCapture]="true"
+>
+  @if(isEditing) {
+  <h1 class="mat-headline-4">Editing {{ userDetails().emailAddress }}</h1>
+  <mat-divider></mat-divider>
+  <div class="console-app__user-details-controls">
+    <button
+      mat-icon-button
+      aria-label="Back to view user"
+      (click)="isEditing = false"
+    >
+      <mat-icon>arrow_back</mat-icon>
+    </button>
+  </div>
+  <app-user-edit-form
+    [user]="userDetails()"
+    (onEditComplete)="saveEdit($event)"
+  />
+  } @else { @if(isNewUser) {
+  <h1 class="mat-headline-4">
+    {{ userDetails().emailAddress + " successfully created" }}
+  </h1>
+  } @else {
+  <h1 class="mat-headline-4">User details</h1>
+  }
+  <mat-divider></mat-divider>
+  <div class="console-app__user-details-controls">
+    <button mat-icon-button aria-label="Back to users list" (click)="goBack()">
+      <mat-icon>arrow_back</mat-icon>
+    </button>
+    <div class="spacer"></div>
+    <button
+      mat-flat-button
+      color="primary"
+      aria-label="Edit User"
+      (click)="isEditing = true"
+    >
+      <mat-icon>edit</mat-icon>
+      Edit
+    </button>
+    <button
+      mat-icon-button
+      aria-label="Delete User"
+      (click)="deleteUser()"
+      [disabled]="isLoading"
+    >
+      <mat-icon>delete</mat-icon>
+    </button>
+  </div>
+  <div *ngIf="isNewUser" class="console-app__user-details-save-password">
+    <mat-icon>priority_high</mat-icon>
+    Please save the password. For your security, we do not store passwords in a
+    recoverable format.
+  </div>
+
+  <p *ngIf="isLoading">
+    <mat-progress-bar mode="query"></mat-progress-bar>
+  </p>
+
+  <mat-card appearance="outlined">
+    <mat-card-content>
+      <mat-list role="list">
+        <mat-list-item role="listitem">
+          <h2>User details</h2>
+        </mat-list-item>
+        <mat-divider></mat-divider>
+        <mat-list-item role="listitem">
+          <span class="console-app__list-key">User email</span>
+          <span class="console-app__list-value">{{
+            userDetails().emailAddress
+          }}</span>
+        </mat-list-item>
+        <mat-divider></mat-divider>
+        <mat-list-item role="listitem">
+          <span class="console-app__list-key">User role</span>
+          <span class="console-app__list-value">{{
+            roleToDescription(userDetails().role)
+          }}</span>
+        </mat-list-item>
+        @if (userDetails().registryLockEmailAddress) {
+        <mat-divider></mat-divider>
+        <mat-list-item role="listitem">
+          <span class="console-app__list-key">Registry Lock email</span>
+          <span class="console-app__list-value">{{
+            userDetails().registryLockEmailAddress
+          }}</span>
+        </mat-list-item>
+        } @if (userDetails().password) {
+        <mat-divider></mat-divider>
+        <mat-list-item role="listitem">
+          <span class="console-app__list-key">Password</span>
+          <span
+            class="console-app__list-value console-app__user-details-password"
+          >
+            <input
+              [type]="isPasswordVisible ? 'text' : 'password'"
+              [value]="userDetails().password"
+              aria-label="Password field"
+              readonly
+            />
+            <button
+              mat-button
+              aria-hidden="true"
+              (click)="isPasswordVisible = !isPasswordVisible"
+            >
+              {{ isPasswordVisible ? "Hide" : "View" }} password
+            </button>
+          </span>
+        </mat-list-item>
+        }
+      </mat-list>
+    </mat-card-content>
+  </mat-card>
+  }
+</div>

console-webapp/src/app/users/userDetails.component.scss

@@ -0,0 +1,42 @@
+// Copyright 2024 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+.console-app {
+  &__user-details {
+    max-width: 616px;
+    &-controls {
+      display: flex;
+      align-items: center;
+      margin: 20px 0;
+    }
+    &-password {
+      input {
+        border: none;
+        background: transparent;
+      }
+    }
+    &-save-password {
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      padding: 15px 10px;
+      margin-bottom: 20px;
+      border: 1px solid #ddd;
+      border-radius: 10px;
+    }
+    .console-app__list-key {
+      width: 160px;
+    }
+  }
+}

console-webapp/src/app/users/userDetails.component.ts

@@ -0,0 +1,107 @@
+// Copyright 2024 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import { CommonModule } from '@angular/common';
+import { Component, computed } from '@angular/core';
+import { MatSnackBar } from '@angular/material/snack-bar';
+import { SelectedRegistrarModule } from '../app.module';
+import { MaterialModule } from '../material.module';
+import { RegistrarService } from '../registrar/registrar.service';
+import { SnackBarModule } from '../snackbar.module';
+import { UsersService, roleToDescription, User } from './users.service';
+import { FormsModule } from '@angular/forms';
+import { UserEditFormComponent } from './userEditForm.component';
+
+@Component({
+  selector: 'app-user-edit',
+  templateUrl: './userDetails.component.html',
+  styleUrls: ['./userDetails.component.scss'],
+  imports: [
+    FormsModule,
+    MaterialModule,
+    SnackBarModule,
+    CommonModule,
+    SelectedRegistrarModule,
+    UserEditFormComponent,
+  ],
+  providers: [],
+})
+export class UserDetailsComponent {
+  isEditing = false;
+  isPasswordVisible = false;
+  isNewUser = false;
+  isLoading = false;
+
+  userDetails = computed(() => {
+    return this.usersService
+      .users()
+      .filter(
+        (u) => u.emailAddress === this.usersService.currentlyOpenUserEmail()
+      )[0];
+  });
+
+  constructor(
+    protected registrarService: RegistrarService,
+    protected usersService: UsersService,
+    private _snackBar: MatSnackBar
+  ) {
+    if (this.usersService.isNewUser) {
+      this.isNewUser = true;
+      this.usersService.isNewUser = false;
+    }
+  }
+
+  roleToDescription(role: string) {
+    return roleToDescription(role);
+  }
+
+  deleteUser() {
+    if (
+      confirm(
+        'This will permanently delete the user ' +
+          this.userDetails().emailAddress
+      )
+    ) {
+      this.isLoading = true;
+      this.usersService.deleteUser(this.userDetails()).subscribe({
+        error: (err) => {
+          this._snackBar.open(err.error || err.message);
+          this.isLoading = false;
+        },
+        complete: () => {
+          this.isLoading = false;
+          this.goBack();
+        },
+      });
+    }
+  }
+
+  goBack() {
+    this.usersService.currentlyOpenUserEmail.set('');
+  }
+
+  saveEdit(user: User) {
+    this.isLoading = true;
+    this.usersService.updateUser(user).subscribe({
+      error: (err) => {
+        this._snackBar.open(err.error || err.message);
+        this.isLoading = false;
+      },
+      complete: () => {
+        this.isLoading = false;
+        this.isEditing = false;
+      },
+    });
+  }
+}

console-webapp/src/app/users/userEditForm.component.html

@@ -0,0 +1,57 @@
+<div class="console-app__user-edit">
+  <form (ngSubmit)="saveEdit($event)" #form>
+    <p *ngIf="isNew()">
+      <mat-form-field appearance="outline">
+        <mat-label
+          >User name prefix:
+          <mat-icon
+            matTooltip="Prefix will be combined with registrar ID to create a unique user name - {prefix}.{registrarId}@registry.google"
+            >help_outline</mat-icon
+          ></mat-label
+        >
+        <input
+          matInput
+          minlength="3"
+          maxlength="3"
+          [required]="true"
+          [(ngModel)]="user().emailAddress"
+          [ngModelOptions]="{ standalone: true }"
+        />
+      </mat-form-field>
+    </p>
+    <p>
+      <mat-form-field appearance="outline">
+        <mat-label
+          >User Role:
+          <mat-icon
+            matTooltip="Viewer role doesn't allow making updates; Editor role allows updates, like Contacts delete or SSL certificate change"
+            >help_outline</mat-icon
+          ></mat-label
+        >
+        <mat-select [(ngModel)]="user().role" name="userRole">
+          <mat-option value="PRIMARY_CONTACT">Editor</mat-option>
+          <mat-option value="ACCOUNT_MANAGER">Viewer</mat-option>
+        </mat-select>
+      </mat-form-field>
+    </p>
+    <button
+      mat-flat-button
+      color="primary"
+      aria-label="Save user"
+      type="submit"
+      aria-label="Save changes to the user"
+    >
+      Save
+    </button>
+  </form>
+  @if(userDataService.userData()?.isAdmin) {
+  <button
+    mat-flat-button
+    color="primary"
+    aria-label="Reset registry lock password"
+    (click)="requestRegistryLockPasswordReset()"
+  >
+    Reset registry lock password
+  </button>
+  }
+</div>

console-webapp/src/app/users/userEditForm.component.scss

@@ -1,4 +1,4 @@
-// Copyright 2024 The Nomulus Authors. All Rights Reserved.
+// Copyright 2025 The Nomulus Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -11,3 +11,10 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+
+.console-app__user-edit {
+  button {
+    display: block;
+    margin-bottom: 5px;
+  }
+}

console-webapp/src/app/users/userEditForm.component.ts

@@ -0,0 +1,139 @@
+// Copyright 2024 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import { CommonModule } from '@angular/common';
+import {
+  Component,
+  ElementRef,
+  EventEmitter,
+  Inject,
+  input,
+  Output,
+  ViewChild,
+} from '@angular/core';
+import { MaterialModule } from '../material.module';
+import { FormsModule } from '@angular/forms';
+import { User, UsersService } from './users.service';
+import { UserDataService } from '../shared/services/userData.service';
+import { BackendService } from '../shared/services/backend.service';
+import { RegistrarService } from '../registrar/registrar.service';
+import {
+  MAT_DIALOG_DATA,
+  MatDialog,
+  MatDialogRef,
+} from '@angular/material/dialog';
+import { filter, switchMap, take } from 'rxjs';
+import { MatSnackBar } from '@angular/material/snack-bar';
+import { HttpErrorResponse } from '@angular/common/http';
+
+@Component({
+  selector: 'app-reset-lock-password-dialog',
+  template: `
+    <h2 mat-dialog-title>Please confirm the password reset:</h2>
+    <mat-dialog-content>
+      This will send a registry lock password reset email to
+      {{ data.registryLockEmailAddress }}.
+    </mat-dialog-content>
+    <mat-dialog-actions>
+      <button mat-button (click)="onCancel()">Cancel</button>
+      <button mat-button color="warn" (click)="onSave()">Confirm</button>
+    </mat-dialog-actions>
+  `,
+  imports: [CommonModule, MaterialModule],
+})
+export class ResetRegistryLockPasswordComponent {
+  constructor(
+    public dialogRef: MatDialogRef<ResetRegistryLockPasswordComponent>,
+    @Inject(MAT_DIALOG_DATA)
+    public data: { registryLockEmailAddress: string }
+  ) {}
+
+  onSave(): void {
+    this.dialogRef.close(true);
+  }
+
+  onCancel(): void {
+    this.dialogRef.close(false);
+  }
+}
+
+@Component({
+  selector: 'app-user-edit-form',
+  templateUrl: './userEditForm.component.html',
+  styleUrls: ['./userEditForm.component.scss'],
+  imports: [FormsModule, MaterialModule, CommonModule],
+  providers: [],
+})
+export class UserEditFormComponent {
+  @ViewChild('form') form!: ElementRef;
+  isNew = input<boolean>(false);
+  user = input<User, User>(
+    {
+      emailAddress: '',
+      role: 'ACCOUNT_MANAGER',
+      registryLockEmailAddress: '',
+    },
+    { transform: (user: User) => structuredClone(user) }
+  );
+
+  @Output() onEditComplete = new EventEmitter<User>();
+
+  constructor(
+    protected userDataService: UserDataService,
+    private backendService: BackendService,
+    private resetRegistryLockPasswordDialog: MatDialog,
+    private registrarService: RegistrarService,
+    private usersService: UsersService,
+    private _snackBar: MatSnackBar
+  ) {}
+
+  saveEdit(e: SubmitEvent) {
+    e.preventDefault();
+    if (this.form.nativeElement.checkValidity()) {
+      this.onEditComplete.emit(this.user());
+    } else {
+      this.form.nativeElement.reportValidity();
+    }
+  }
+
+  sendRegistryLockPasswordResetRequest() {
+    return this.backendService.requestRegistryLockPasswordReset(
+      this.registrarService.registrarId(),
+      this.user().registryLockEmailAddress!
+    );
+  }
+
+  requestRegistryLockPasswordReset() {
+    const dialogRef = this.resetRegistryLockPasswordDialog.open(
+      ResetRegistryLockPasswordComponent,
+      {
+        data: {
+          registryLockEmailAddress: this.user().registryLockEmailAddress,
+        },
+      }
+    );
+    dialogRef
+      .afterClosed()
+      .pipe(
+        take(1),
+        filter((result) => !!result)
+      )
+      .pipe(switchMap((_) => this.sendRegistryLockPasswordResetRequest()))
+      .subscribe({
+        next: (_) => this.usersService.currentlyOpenUserEmail.set(''),
+        error: (err: HttpErrorResponse) =>
+          this._snackBar.open(err.error || err.message),
+      });
+  }
+}