Merge remote-tracking branch 'origin/feature/mosapi-client' into feature/mosapi-client

Author: njshah301

console-webapp/src/app/history/historyList.component.ts

@@ -56,7 +56,7 @@ export class HistoryListComponent {
       return { main: 'N/A', detail: null };
     }
     const parts = description.split('|');
-    const detail = parts.length > 1 ? parts[1].replace(/_/g, ' ') : null;
+    const detail = parts.length > 1 ? parts[1].replace(/_/g, ' ') : parts[0];
 
     return {
       main: parts[0],

console-webapp/src/app/settings/contact/contactDetails.component.html

@@ -57,6 +57,11 @@ <h1>Contact Details</h1>
           [(ngModel)]="contactService.contactInEdit.emailAddress"
           [ngModelOptions]="{ standalone: true }"
           [disabled]="emailAddressIsDisabled()"
+          [matTooltip]="
+            emailAddressIsDisabled()
+              ? 'Reach out to registry customer support to update email address'
+              : ''
+          "
         />
       </mat-form-field>
 
@@ -84,6 +89,7 @@ <h1>Contact Details</h1>
       <h1>Contact Type</h1>
       <p class="console-app__contact-required">
         <mat-icon color="accent">error</mat-icon>Required to select at least one
+        (primary contact can't be updated)
       </p>
       <div class="">
         <ng-container

core/src/main/java/google/registry/flows/domain/DomainDeletionTimeCache.java

@@ -20,9 +20,11 @@
 import com.github.benmanes.caffeine.cache.Caffeine;
 import com.github.benmanes.caffeine.cache.Expiry;
 import com.github.benmanes.caffeine.cache.LoadingCache;
+import com.github.benmanes.caffeine.cache.Ticker;
 import com.google.common.collect.ImmutableSet;
 import google.registry.model.ForeignKeyUtils;
 import google.registry.model.domain.Domain;
+import google.registry.util.DateTimeUtils;
 import java.util.Optional;
 import org.joda.time.DateTime;
 
@@ -55,9 +57,9 @@
 public class DomainDeletionTimeCache {
 
   // Max expiry time is ten minutes
-  private static final int MAX_EXPIRY_MILLIS = 10 * 60 * 1000;
+  private static final long NANOS_IN_ONE_MILLISECOND = 100000L;
+  private static final long MAX_EXPIRY_NANOS = 10L * 60L * 1000L * NANOS_IN_ONE_MILLISECOND;
   private static final int MAX_ENTRIES = 500;
-  private static final int NANOS_IN_ONE_MILLISECOND = 100000;
 
   /**
    * Expire after the max duration, or after the domain is set to drop (whichever comes first).
@@ -71,9 +73,13 @@ public class DomainDeletionTimeCache {
       new Expiry<>() {
         @Override
         public long expireAfterCreate(String key, DateTime value, long currentTime) {
-          long millisUntilDeletion = value.getMillis() - tm().getTransactionTime().getMillis();
-          return NANOS_IN_ONE_MILLISECOND
-              * Math.max(0L, Math.min(MAX_EXPIRY_MILLIS, millisUntilDeletion));
+          // Watch out for Long overflow
+          long deletionTimeNanos =
+              value.equals(DateTimeUtils.END_OF_TIME)
+                  ? Long.MAX_VALUE
+                  : value.getMillis() * NANOS_IN_ONE_MILLISECOND;
+          long nanosUntilDeletion = deletionTimeNanos - currentTime;
+          return Math.max(0L, Math.min(MAX_EXPIRY_NANOS, nanosUntilDeletion));
         }
 
         /** Reset the time entirely on update, as if we were creating the entry anew. */
@@ -101,9 +107,14 @@ public long expireAfterRead(
         return mostRecentResource == null ? null : mostRecentResource.deletionTime();
       };
 
+  // Unfortunately, maintenance tasks aren't necessarily already in a transaction
+  private static final Ticker TRANSACTION_TIME_TICKER =
+      () -> tm().reTransact(() -> tm().getTransactionTime().getMillis() * NANOS_IN_ONE_MILLISECOND);
+
   public static DomainDeletionTimeCache create() {
     return new DomainDeletionTimeCache(
         Caffeine.newBuilder()
+            .ticker(TRANSACTION_TIME_TICKER)
             .expireAfter(EXPIRY_POLICY)
             .maximumSize(MAX_ENTRIES)
             .build(CACHE_LOADER));

core/src/main/java/google/registry/ui/server/console/ConsoleHistoryDataAction.java

@@ -15,15 +15,19 @@
 package google.registry.ui.server.console;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.collect.ImmutableList.toImmutableList;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.request.Action.Method.GET;
 import static jakarta.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
 import static jakarta.servlet.http.HttpServletResponse.SC_OK;
 
 import com.google.common.base.Strings;
+import google.registry.config.RegistryConfig.Config;
 import google.registry.model.console.ConsolePermission;
 import google.registry.model.console.ConsoleUpdateHistory;
+import google.registry.model.console.GlobalRole;
 import google.registry.model.console.User;
+import google.registry.model.console.UserRoles;
 import google.registry.request.Action;
 import google.registry.request.Action.GaeService;
 import google.registry.request.Action.GkeService;
@@ -43,8 +47,8 @@ public class ConsoleHistoryDataAction extends ConsoleApiAction {
 
   private static final String SQL_USER_HISTORY =
       """
-            SELECT * FROM "ConsoleUpdateHistory"
-            WHERE acting_user = :actingUser
+        SELECT * FROM "ConsoleUpdateHistory"
+        WHERE acting_user = :actingUser
       """;
 
   private static final String SQL_REGISTRAR_HISTORY =
@@ -59,14 +63,18 @@ public class ConsoleHistoryDataAction extends ConsoleApiAction {
   private final String registrarId;
   private final Optional<String> consoleUserEmail;
 
+  private final String supportEmail;
+
   @Inject
   public ConsoleHistoryDataAction(
       ConsoleApiParams consoleApiParams,
+      @Config("supportEmail") String supportEmail,
       @Parameter("registrarId") String registrarId,
       @Parameter("consoleUserEmail") Optional<String> consoleUserEmail) {
     super(consoleApiParams);
     this.registrarId = registrarId;
     this.consoleUserEmail = consoleUserEmail;
+    this.supportEmail = supportEmail;
   }
 
   @Override
@@ -95,7 +103,9 @@ private void historyByUser(User user, String consoleUserEmail) {
                         .setHint("org.hibernate.fetchSize", 1000)
                         .getResultList());
 
-    consoleApiParams.response().setPayload(consoleApiParams.gson().toJson(queryResult));
+    List<ConsoleUpdateHistory> formattedHistoryList =
+        replaceActiveUserIfNecessary(queryResult, user);
+    consoleApiParams.response().setPayload(consoleApiParams.gson().toJson(formattedHistoryList));
     consoleApiParams.response().setStatus(SC_OK);
   }
 
@@ -110,7 +120,39 @@ private void historyByRegistrarId(User user, String registrarId) {
                         .setParameter("registrarId", registrarId)
                         .setHint("org.hibernate.fetchSize", 1000)
                         .getResultList());
-    consoleApiParams.response().setPayload(consoleApiParams.gson().toJson(queryResult));
+
+    List<ConsoleUpdateHistory> formattedHistoryList =
+        replaceActiveUserIfNecessary(queryResult, user);
+    consoleApiParams.response().setPayload(consoleApiParams.gson().toJson(formattedHistoryList));
     consoleApiParams.response().setStatus(SC_OK);
   }
+
+  /** Anonymizes support users in history logs if the user viewing the log is a registrar user. */
+  private List<ConsoleUpdateHistory> replaceActiveUserIfNecessary(
+      List<ConsoleUpdateHistory> historyList, User requestingUser) {
+    // Check if the user *viewing* the history is a registrar user (not a support user)
+    if (GlobalRole.NONE.equals(requestingUser.getUserRoles().getGlobalRole())) {
+      User genericSupportUser = // Fixed typo
+          new User.Builder()
+              .setEmailAddress(this.supportEmail)
+              .setUserRoles(new UserRoles.Builder().build()) // Simplified roles
+              .build();
+
+      return historyList.stream()
+          .map(
+              history -> {
+                // Check if the user who performed the action was a support user
+                if (!GlobalRole.NONE.equals(
+                    history.getActingUser().getUserRoles().getGlobalRole())) {
+                  return history.asBuilder().setActingUser(genericSupportUser).build();
+                }
+                // If acting user was a registrar user show them as-is
+                return history;
+              })
+          .collect(toImmutableList());
+    }
+
+    // If the viewing user is a support user, return the list unmodified
+    return historyList;
+  }
 }

core/src/main/java/google/registry/ui/server/console/ConsoleUpdateRegistrarAction.java

@@ -23,6 +23,7 @@
 
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableSet;
+import com.google.common.flogger.FluentLogger;
 import google.registry.model.console.ConsolePermission;
 import google.registry.model.console.ConsoleUpdateHistory;
 import google.registry.model.console.User;
@@ -47,6 +48,8 @@
     method = {POST},
     auth = Auth.AUTH_PUBLIC_LOGGED_IN)
 public class ConsoleUpdateRegistrarAction extends ConsoleApiAction {
+  private static final FluentLogger logger = FluentLogger.forEnclosingClass();
+  private static final String CHANGE_LOG_ENTRY = "%s updated on %s, old -> %s, new -> %s";
   static final String PATH = "/console-api/registrar";
   private final Optional<Registrar> registrar;
 
@@ -124,6 +127,9 @@ protected void postHandler(User user) {
                   new ConsoleUpdateHistory.Builder()
                       .setType(ConsoleUpdateHistory.Type.REGISTRAR_UPDATE)
                       .setDescription(updatedRegistrar.getRegistrarId()));
+
+              logConsoleChangesIfNecessary(updatedRegistrar, existingRegistrar.get());
+
               sendExternalUpdatesIfNecessary(
                   EmailInfo.create(
                       existingRegistrar.get(),
@@ -134,4 +140,25 @@ protected void postHandler(User user) {
 
     consoleApiParams.response().setStatus(SC_OK);
   }
+
+  private void logConsoleChangesIfNecessary(
+      Registrar updatedRegistrar, Registrar existingRegistrar) {
+    if (!updatedRegistrar.getAllowedTlds().containsAll(existingRegistrar.getAllowedTlds())) {
+      logger.atInfo().log(
+          CHANGE_LOG_ENTRY,
+          "Allowed TLDs",
+          updatedRegistrar.getRegistrarId(),
+          existingRegistrar.getAllowedTlds(),
+          updatedRegistrar.getAllowedTlds());
+    }
+
+    if (updatedRegistrar.isRegistryLockAllowed() != existingRegistrar.isRegistryLockAllowed()) {
+      logger.atInfo().log(
+          CHANGE_LOG_ENTRY,
+          "Registry lock",
+          updatedRegistrar.getRegistrarId(),
+          existingRegistrar.isRegistryLockAllowed(),
+          updatedRegistrar.isRegistryLockAllowed());
+    }
+  }
 }

core/src/test/java/google/registry/flows/domain/DomainDeletionTimeCacheTest.java

@@ -26,6 +26,7 @@
 import google.registry.testing.FakeClock;
 import java.util.Optional;
 import org.joda.time.DateTime;
+import org.joda.time.Duration;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
@@ -67,7 +68,8 @@ void testCache_returnsOldData() {
     Domain domain = persistActiveDomain("domain.tld");
     assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(END_OF_TIME);
     persistDomainAsDeleted(domain, clock.nowUtc().plusDays(1));
-    // Without intervention, the cache should have the old data
+    // Without intervention, the cache should have the old data, even if a few minutes have passed
+    clock.advanceBy(Duration.standardMinutes(5));
     assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(END_OF_TIME);
   }
 
@@ -79,6 +81,16 @@ void testCache_returnsNewDataAfterDomainCreate() {
     assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(clock.nowUtc().plusDays(1));
   }
 
+  @Test
+  void testCache_expires() {
+    Domain domain = persistActiveDomain("domain.tld");
+    assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(END_OF_TIME);
+    DateTime elevenMinutesFromNow = clock.nowUtc().plusMinutes(11);
+    persistDomainAsDeleted(domain, elevenMinutesFromNow);
+    clock.advanceBy(Duration.standardMinutes(30));
+    assertThat(getDeletionTimeFromCache("domain.tld")).hasValue(elevenMinutesFromNow);
+  }
+
   private Optional<DateTime> getDeletionTimeFromCache(String domainName) {
     return tm().transact(() -> cache.getDeletionTimeForDomain(domainName));
   }

core/src/test/java/google/registry/ui/server/console/ConsoleHistoryDataActionTest.java

@@ -40,8 +40,10 @@
 
 class ConsoleHistoryDataActionTest extends ConsoleActionBaseTestCase {
 
+  private static final String SUPPORT_EMAIL = "[email protected]";
   private static final Gson GSON = new Gson();
   private User noPermissionUser;
+  private User registrarPrimaryUser;
 
   @BeforeEach
   void beforeEach() {
@@ -56,6 +58,17 @@ void beforeEach() {
                         .build())
                 .build());
 
+    registrarPrimaryUser =
+        DatabaseHelper.persistResource(
+            new User.Builder()
+                .setEmailAddress("[email protected]")
+                .setUserRoles(
+                    new UserRoles.Builder()
+                        .setRegistrarRoles(
+                            ImmutableMap.of("TheRegistrar", RegistrarRole.PRIMARY_CONTACT))
+                        .build())
+                .build());
+
     DatabaseHelper.persistResources(
         ImmutableList.of(
             new ConsoleUpdateHistory.Builder()
@@ -85,14 +98,43 @@ void beforeEach() {
   }
 
   @Test
-  void testSuccess_getByRegistrar() {
+  void testSuccess_getByRegistrar_notAnonymizedForSupportUser() {
     ConsoleHistoryDataAction action =
         createAction(AuthResult.createUser(fteUser), "TheRegistrar", Optional.empty());
     action.run();
     assertThat(response.getStatus()).isEqualTo(SC_OK);
     List<Map<String, Object>> payload = GSON.fromJson(response.getPayload(), List.class);
     assertThat(payload.stream().map(record -> record.get("description")).collect(toImmutableList()))
         .containsExactly("TheRegistrar|Some change", "TheRegistrar|Another change");
+
+    // Assert that the support user sees the real acting users
+    List<String> actingUserEmails =
+        payload.stream()
+            .map(record -> (Map<String, Object>) record.get("actingUser"))
+            .map(userMap -> (String) userMap.get("emailAddress"))
+            .collect(toImmutableList());
+
+    assertThat(actingUserEmails).containsExactly("[email protected]", "[email protected]");
+  }
+
+  @Test
+  void testSuccess_getByRegistrar_anonymizedForRegistrarUser() {
+    ConsoleHistoryDataAction action =
+        createAction(AuthResult.createUser(registrarPrimaryUser), "TheRegistrar", Optional.empty());
+    action.run();
+    assertThat(response.getStatus()).isEqualTo(SC_OK);
+    List<Map<String, Object>> payload = GSON.fromJson(response.getPayload(), List.class);
+    assertThat(payload.stream().map(record -> record.get("description")).collect(toImmutableList()))
+        .containsExactly("TheRegistrar|Some change", "TheRegistrar|Another change");
+
+    // Assert that the registrar user sees the anonymized support user
+    List<String> actingUserEmails =
+        payload.stream()
+            .map(record -> (Map<String, Object>) record.get("actingUser"))
+            .map(userMap -> (String) userMap.get("emailAddress"))
+            .collect(toImmutableList());
+
+    assertThat(actingUserEmails).containsExactly(SUPPORT_EMAIL, "[email protected]");
   }
 
   @Test
@@ -104,6 +146,13 @@ void testSuccess_getByUser() {
     List<Map<String, Object>> payload = GSON.fromJson(response.getPayload(), List.class);
     assertThat(payload.stream().map(record -> record.get("description")).collect(toImmutableList()))
         .containsExactly("TheRegistrar|Some change", "OtherRegistrar|Some change");
+
+    List<String> actingUserEmails =
+        payload.stream()
+            .map(record -> (Map<String, Object>) record.get("actingUser"))
+            .map(userMap -> (String) userMap.get("emailAddress"))
+            .collect(toImmutableList());
+    assertThat(actingUserEmails).containsExactly("[email protected]", "[email protected]");
   }
 
   @Test
@@ -148,6 +197,7 @@ private ConsoleHistoryDataAction createAction(
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
     when(consoleApiParams.request().getMethod()).thenReturn("GET");
     response = (FakeResponse) consoleApiParams.response();
-    return new ConsoleHistoryDataAction(consoleApiParams, registrarId, consoleUserEmail);
+    return new ConsoleHistoryDataAction(
+        consoleApiParams, SUPPORT_EMAIL, registrarId, consoleUserEmail);
   }
 }

db/build.gradle

@@ -260,7 +260,7 @@ if (project.baseSchemaTag != '') {
 
   // Checks if Flyway scripts can be deployed to an existing database with
   // an older release. Please refer to SchemaTest.java for more information.
-  task schemaIncrementalDeployTest(dependsOn: processResources, type: Test) {
+  task schemaIncrementalDeployTest(dependsOn: processTestResources, type: Test) {
     useJUnitPlatform()
     include 'google/registry/sql/flyway/SchemaTest.*'
     classpath = configurations.testRuntimeClasspath