Remove references to contacts in domain flows (#2944)

We've moved on from contacts entirely now so the only thing we really
need to do is make sure that people don't include contacts in domain
creates or updates. This also makes auth code checking easier too,
because now the only auth code that you're allowed to provide is the
domain auth code (not a contact auth code)

Author: gbrodman

core/src/main/java/google/registry/batch/RemoveAllDomainContactsAction.java

@@ -22,7 +22,6 @@
 import dagger.Module;
 import dagger.Provides;
 import google.registry.flows.picker.FlowPicker;
-import google.registry.model.contact.ContactHistory;
 import google.registry.model.domain.DomainHistory;
 import google.registry.model.domain.metadata.MetadataExtension;
 import google.registry.model.eppcommon.AuthInfo;
@@ -267,23 +266,6 @@ B makeHistoryEntryBuilder(
     return builder;
   }
 
-  /**
-   * Provides a partially filled in {@link ContactHistory.Builder}
-   *
-   * <p>This is not marked with {@link FlowScope} so that each retry gets a fresh one. Otherwise,
-   * the fact that the builder is one-use would cause NPEs.
-   */
-  @Provides
-  static ContactHistory.Builder provideContactHistoryBuilder(
-      Trid trid,
-      @InputXml byte[] inputXmlBytes,
-      @Superuser boolean isSuperuser,
-      @RegistrarId String registrarId,
-      EppInput eppInput) {
-    return makeHistoryEntryBuilder(
-        new ContactHistory.Builder(), trid, inputXmlBytes, isSuperuser, registrarId, eppInput);
-  }
-
   /**
    * Provides a partially filled in {@link HostHistory.Builder}
    *

core/src/main/java/google/registry/flows/FlowModule.java

@@ -16,7 +16,6 @@
 
 import static com.google.common.collect.Sets.intersection;
 import static google.registry.model.EppResourceUtils.isLinked;
-import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Sets;
@@ -37,7 +36,6 @@
 import google.registry.model.EppResource.ForeignKeyedEppResource;
 import google.registry.model.EppResource.ResourceWithTransferData;
 import google.registry.model.ForeignKeyUtils;
-import google.registry.model.contact.Contact;
 import google.registry.model.domain.Domain;
 import google.registry.model.domain.DomainBase;
 import google.registry.model.domain.Period;
@@ -124,14 +122,6 @@ public static void verifyAuthInfoPresentForResourceTransfer(Optional<AuthInfo> a
     }
   }
 
-  /** Check that the given AuthInfo is either missing or else is valid for the given resource. */
-  public static void verifyOptionalAuthInfo(Optional<AuthInfo> authInfo, Contact contact)
-      throws EppException {
-    if (authInfo.isPresent()) {
-      verifyAuthInfo(authInfo.get(), contact);
-    }
-  }
-
   /** Check that the given AuthInfo is either missing or else is valid for the given resource. */
   public static void verifyOptionalAuthInfo(Optional<AuthInfo> authInfo, Domain domain)
       throws EppException {
@@ -142,37 +132,14 @@ public static void verifyOptionalAuthInfo(Optional<AuthInfo> authInfo, Domain do
 
   /** Check that the given {@link AuthInfo} is valid for the given domain. */
   public static void verifyAuthInfo(AuthInfo authInfo, Domain domain) throws EppException {
-    final String authRepoId = authInfo.getPw().getRepoId();
-    String authPassword = authInfo.getPw().getValue();
-    if (authRepoId == null) {
-      // If no roid is specified, check the password against the domain's password.
-      String domainPassword = domain.getAuthInfo().getPw().getValue();
-      if (!domainPassword.equals(authPassword)) {
-        throw new BadAuthInfoForResourceException();
-      }
-      return;
-    }
-    // The roid should match one of the contacts.
-    Optional<VKey<Contact>> foundContact =
-        domain.getReferencedContacts().stream()
-            .filter(key -> key.getKey().equals(authRepoId))
-            .findFirst();
-    if (foundContact.isEmpty()) {
+    String authRepoId = authInfo.getPw().getRepoId();
+    // Previously one could auth against a contact, but we no longer hold any contact info
+    if (authRepoId != null) {
       throw new BadAuthInfoForResourceException();
     }
-    // Check the authInfo against the contact.
-    verifyAuthInfo(authInfo, tm().loadByKey(foundContact.get()));
-  }
-
-  /** Check that the given {@link AuthInfo} is valid for the given contact. */
-  public static void verifyAuthInfo(AuthInfo authInfo, Contact contact) throws EppException {
-    String authRepoId = authInfo.getPw().getRepoId();
     String authPassword = authInfo.getPw().getValue();
-    String contactPassword = contact.getAuthInfo().getPw().getValue();
-    if (!contactPassword.equals(authPassword)
-        // It's unnecessary to specify a repoId on a contact auth info, but if it's there validate
-        // it. The usual case of this is validating a domain's auth using this method.
-        || (authRepoId != null && !authRepoId.equals(contact.getRepoId()))) {
+    String domainPassword = domain.getAuthInfo().getPw().getValue();
+    if (!domainPassword.equals(authPassword)) {
       throw new BadAuthInfoForResourceException();
     }
   }

core/src/main/java/google/registry/flows/ResourceFlowUtils.java

@@ -167,7 +167,6 @@
  * @error {@link DomainFlowUtils.DomainLabelBlockedByBsaException}
  * @error {@link DomainFlowUtils.DomainLabelTooLongException}
  * @error {@link DomainFlowUtils.DomainReservedException}
- * @error {@link DomainFlowUtils.DuplicateContactForRoleException}
  * @error {@link DomainFlowUtils.EmptyDomainNamePartException}
  * @error {@link DomainFlowUtils.ExceedsMaxRegistrationYearsException}
  * @error {@link DomainFlowUtils.ExpiredClaimException}
@@ -188,7 +187,6 @@
  * @error {@link DomainFlowUtils.MaxSigLifeNotSupportedException}
  * @error {@link DomainFlowUtils.MissingBillingAccountMapException}
  * @error {@link DomainFlowUtils.MissingClaimsNoticeException}
- * @error {@link DomainFlowUtils.MissingContactTypeException}
  * @error {@link DomainFlowUtils.NameserversNotAllowedForTldException}
  * @error {@link DomainFlowUtils.NameserversNotSpecifiedForTldWithNameserverAllowListException}
  * @error {@link DomainFlowUtils.PremiumNameBlockedException}
@@ -221,7 +219,8 @@ public final class DomainCreateFlow implements MutatingFlow {
   @Inject DomainPricingLogic pricingLogic;
   @Inject DomainDeletionTimeCache domainDeletionTimeCache;
 
-  @Inject DomainCreateFlow() {}
+  @Inject
+  DomainCreateFlow() {}
 
   @Override
   public EppResponse run() throws EppException {
@@ -378,12 +377,10 @@ public EppResponse run() throws EppException {
             .setLaunchNotice(hasClaimsNotice ? launchCreate.get().getNotice() : null)
             .setSmdId(signedMarkId)
             .setDsData(secDnsCreate.map(SecDnsCreateExtension::getDsData).orElse(null))
-            .setRegistrant(command.getRegistrant())
             .setAuthInfo(command.getAuthInfo())
             .setDomainName(targetId)
             .setNameservers(command.getNameservers().stream().collect(toImmutableSet()))
             .setStatusValues(statuses)
-            .setContacts(command.getContacts())
             .addGracePeriod(
                 GracePeriod.forBillingEvent(GracePeriodStatus.ADD, repoId, createBillingEvent))
             .setLordnPhase(

core/src/main/java/google/registry/flows/domain/DomainCreateFlow.java

@@ -157,7 +157,8 @@ public Base64RequiredForEncodedSignedMarksException() {
   }
 
   /** The provided mark does not match the desired domain label. */
-  static class NoMarksFoundMatchingDomainException extends RequiredParameterMissingException {
+  public static class NoMarksFoundMatchingDomainException
+      extends RequiredParameterMissingException {
     public NoMarksFoundMatchingDomainException() {
       super("The provided mark does not match the desired domain label");
     }