Add RegistrarUpdateHistory objects for console changes

Author: gbrodman

core/src/main/java/google/registry/ui/server/console/ConsoleApiAction.java

@@ -35,6 +35,7 @@
 import google.registry.config.RegistryConfig;
 import google.registry.export.sheet.SyncRegistrarsSheetAction;
 import google.registry.model.console.ConsolePermission;
+import google.registry.model.console.ConsoleUpdateHistory;
 import google.registry.model.console.GlobalRole;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
@@ -208,10 +209,10 @@ protected void sendExternalUpdates(
                 registrar.getRegistrarName(), registrar.getRegistrarId(), environment),
             String.format(
                 """
-                  The following changes were made in registry %s environment to the registrar %s by\
-                   %s:
+                The following changes were made in registry %s environment to the registrar %s by\
+                 %s:
 
-                  %s""",
+                %s""",
                 environment,
                 registrar.getRegistrarId(),
                 consoleApiParams.authResult().userIdForLogging(),
@@ -261,6 +262,14 @@ public static EmailInfo create(
     }
   }
 
+  protected void finishAndPersistConsoleUpdateHistory(ConsoleUpdateHistory.Builder<?, ?> builder) {
+    builder.setActingUser(consoleApiParams.authResult().user().get());
+    builder.setUrl(consoleApiParams.request().getRequestURI());
+    builder.setMethod(consoleApiParams.request().getMethod());
+    builder.setModificationTime(tm().getTransactionTime());
+    tm().put(builder.build());
+  }
+
   /** Specialized exception class used for failure when a user doesn't have the right permission. */
   private static class ConsolePermissionForbiddenException extends RuntimeException {
     private ConsolePermissionForbiddenException(String message) {

core/src/main/java/google/registry/ui/server/console/ConsoleEppPasswordAction.java

@@ -24,9 +24,12 @@
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
+import com.google.gson.Gson;
 import com.google.gson.annotations.Expose;
 import google.registry.flows.EppException.AuthenticationErrorException;
 import google.registry.flows.PasswordOnlyTransportCredentials;
+import google.registry.model.console.ConsoleUpdateHistory;
+import google.registry.model.console.RegistrarUpdateHistory;
 import google.registry.model.console.User;
 import google.registry.model.registrar.Registrar;
 import google.registry.request.Action;
@@ -53,16 +56,18 @@ public class ConsoleEppPasswordAction extends ConsoleApiAction {
   private final PasswordOnlyTransportCredentials credentials =
       new PasswordOnlyTransportCredentials();
   private final AuthenticatedRegistrarAccessor registrarAccessor;
-
+  private final Gson gson;
   private final Optional<EppPasswordData> eppPasswordChangeRequest;
 
   @Inject
   public ConsoleEppPasswordAction(
       ConsoleApiParams consoleApiParams,
       AuthenticatedRegistrarAccessor registrarAccessor,
+      Gson gson,
       @Parameter("eppPasswordChangeRequest") Optional<EppPasswordData> eppPasswordChangeRequest) {
     super(consoleApiParams);
     this.registrarAccessor = registrarAccessor;
+    this.gson = gson;
     this.eppPasswordChangeRequest = eppPasswordChangeRequest;
   }
 
@@ -106,6 +111,11 @@ protected void postHandler(User user) {
               Registrar updatedRegistrar =
                   registrar.asBuilder().setPassword(eppRequestBody.newPassword()).build();
               tm().put(updatedRegistrar);
+              finishAndPersistConsoleUpdateHistory(
+                  new RegistrarUpdateHistory.Builder()
+                      .setType(ConsoleUpdateHistory.Type.REGISTRAR_UPDATE)
+                      .setRegistrar(updatedRegistrar)
+                      .setRequestBody(gson.toJson(eppRequestBody)));
               sendExternalUpdates(
                   ImmutableMap.of("password", new DiffUtils.DiffPair("********", "••••••••")),
                   registrar,

core/src/main/java/google/registry/ui/server/console/ConsoleUpdateRegistrarAction.java

@@ -22,7 +22,10 @@
 
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableSet;
+import com.google.gson.Gson;
 import google.registry.model.console.ConsolePermission;
+import google.registry.model.console.ConsoleUpdateHistory;
+import google.registry.model.console.RegistrarUpdateHistory;
 import google.registry.model.console.User;
 import google.registry.model.registrar.Registrar;
 import google.registry.request.Action;
@@ -45,12 +48,16 @@
     auth = Auth.AUTH_PUBLIC_LOGGED_IN)
 public class ConsoleUpdateRegistrarAction extends ConsoleApiAction {
   static final String PATH = "/console-api/registrar";
+  private final Gson gson;
   private final Optional<Registrar> registrar;
 
   @Inject
   ConsoleUpdateRegistrarAction(
-      ConsoleApiParams consoleApiParams, @Parameter("registrar") Optional<Registrar> registrar) {
+      ConsoleApiParams consoleApiParams,
+      Gson gson,
+      @Parameter("registrar") Optional<Registrar> registrar) {
     super(consoleApiParams);
+    this.gson = gson;
     this.registrar = registrar;
   }
 
@@ -99,6 +106,11 @@ protected void postHandler(User user) {
                       .build();
 
               tm().put(updatedRegistrar);
+              finishAndPersistConsoleUpdateHistory(
+                  new RegistrarUpdateHistory.Builder()
+                      .setType(ConsoleUpdateHistory.Type.REGISTRAR_UPDATE)
+                      .setRegistrar(updatedRegistrar)
+                      .setRequestBody(gson.toJson(registrarParam)));
               sendExternalUpdatesIfNecessary(
                   EmailInfo.create(
                       existingRegistrar.get(),

core/src/main/java/google/registry/ui/server/console/RegistrarsAction.java

@@ -28,6 +28,8 @@
 import com.google.common.collect.Streams;
 import com.google.gson.Gson;
 import google.registry.model.console.ConsolePermission;
+import google.registry.model.console.ConsoleUpdateHistory;
+import google.registry.model.console.RegistrarUpdateHistory;
 import google.registry.model.console.User;
 import google.registry.model.registrar.Registrar;
 import google.registry.model.registrar.RegistrarBase;
@@ -175,6 +177,11 @@ protected void postHandler(User user) {
                   "Registrar with registrarId %s already exists",
                   registrar.getRegistrarId());
               tm().putAll(registrar, contact);
+              finishAndPersistConsoleUpdateHistory(
+                  new RegistrarUpdateHistory.Builder()
+                      .setType(ConsoleUpdateHistory.Type.REGISTRAR_UPDATE)
+                      .setRegistrar(registrar)
+                      .setRequestBody(gson.toJson(registrar)));
             });
   }
 

core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java

@@ -22,9 +22,12 @@
 import static jakarta.servlet.http.HttpServletResponse.SC_OK;
 
 import com.google.common.collect.ImmutableSet;
+import com.google.gson.Gson;
 import google.registry.flows.certs.CertificateChecker;
 import google.registry.flows.certs.CertificateChecker.InsecureCertificateException;
 import google.registry.model.console.ConsolePermission;
+import google.registry.model.console.ConsoleUpdateHistory;
+import google.registry.model.console.RegistrarUpdateHistory;
 import google.registry.model.console.User;
 import google.registry.model.registrar.Registrar;
 import google.registry.request.Action;
@@ -50,6 +53,7 @@ public class SecurityAction extends ConsoleApiAction {
   static final String PATH = "/console-api/settings/security";
   private final String registrarId;
   private final AuthenticatedRegistrarAccessor registrarAccessor;
+  private final Gson gson;
   private final Optional<Registrar> registrar;
   private final CertificateChecker certificateChecker;
 
@@ -58,11 +62,13 @@ public SecurityAction(
       ConsoleApiParams consoleApiParams,
       CertificateChecker certificateChecker,
       AuthenticatedRegistrarAccessor registrarAccessor,
+      Gson gson,
       @Parameter("registrarId") String registrarId,
       @Parameter("registrar") Optional<Registrar> registrar) {
     super(consoleApiParams);
     this.registrarId = registrarId;
     this.registrarAccessor = registrarAccessor;
+    this.gson = gson;
     this.registrar = registrar;
     this.certificateChecker = certificateChecker;
   }
@@ -117,6 +123,11 @@ private void setResponse(Registrar savedRegistrar) {
 
     Registrar updatedRegistrar = updatedRegistrarBuilder.build();
     tm().put(updatedRegistrar);
+    finishAndPersistConsoleUpdateHistory(
+        new RegistrarUpdateHistory.Builder()
+            .setType(ConsoleUpdateHistory.Type.REGISTRAR_UPDATE)
+            .setRegistrar(updatedRegistrar)
+            .setRequestBody(gson.toJson(registrar.get())));
 
     sendExternalUpdatesIfNecessary(
         EmailInfo.create(savedRegistrar, updatedRegistrar, ImmutableSet.of(), ImmutableSet.of()));

core/src/main/java/google/registry/ui/server/console/settings/WhoisRegistrarFieldsAction.java

@@ -21,7 +21,10 @@
 import static jakarta.servlet.http.HttpServletResponse.SC_FORBIDDEN;
 import static jakarta.servlet.http.HttpServletResponse.SC_OK;
 
+import com.google.gson.Gson;
 import google.registry.model.console.ConsolePermission;
+import google.registry.model.console.ConsoleUpdateHistory;
+import google.registry.model.console.RegistrarUpdateHistory;
 import google.registry.model.console.User;
 import google.registry.model.registrar.Registrar;
 import google.registry.request.Action;
@@ -53,15 +56,18 @@ public class WhoisRegistrarFieldsAction extends ConsoleApiAction {
 
   static final String PATH = "/console-api/settings/whois-fields";
   private final AuthenticatedRegistrarAccessor registrarAccessor;
+  private final Gson gson;
   private final Optional<Registrar> registrar;
 
   @Inject
   public WhoisRegistrarFieldsAction(
       ConsoleApiParams consoleApiParams,
       AuthenticatedRegistrarAccessor registrarAccessor,
+      Gson gson,
       @Parameter("registrar") Optional<Registrar> registrar) {
     super(consoleApiParams);
     this.registrarAccessor = registrarAccessor;
+    this.gson = gson;
     this.registrar = registrar;
   }
 
@@ -104,6 +110,11 @@ private void loadAndModifyRegistrar(Registrar providedRegistrar, User user) {
             .setEmailAddress(providedRegistrar.getEmailAddress())
             .build();
     tm().put(newRegistrar);
+    finishAndPersistConsoleUpdateHistory(
+        new RegistrarUpdateHistory.Builder()
+            .setType(ConsoleUpdateHistory.Type.REGISTRAR_UPDATE)
+            .setRegistrar(newRegistrar)
+            .setRequestBody(gson.toJson(registrar.get())));
     sendExternalUpdatesIfNecessary(
         EmailInfo.create(
             savedRegistrar,

core/src/test/java/google/registry/testing/ConsoleApiParamsUtils.java

@@ -45,6 +45,7 @@ public static ConsoleApiParams createFake(AuthResult authResult) {
                   xsrfTokenManager.generateToken(
                       authResult.user().map(User::getEmailAddress).orElse("")))
             });
+    when(request.getRequestURI()).thenReturn("/console/fake-url");
     return ConsoleApiParams.create(
         request, new FakeResponse(), authResult, sendEmailUtils, xsrfTokenManager);
   }

core/src/test/java/google/registry/testing/DatabaseHelper.java

@@ -1294,6 +1294,11 @@ public static <T> ImmutableList<T> loadByEntitiesIfPresent(Iterable<T> entities)
     return tm().transact(() -> tm().loadByEntitiesIfPresent(entities));
   }
 
+  /** Loads the only instance of this particular class, or empty if none exists. */
+  public static <T> Optional<T> loadSingleton(Class<T> clazz) {
+    return tm().transact(() -> tm().loadSingleton(clazz));
+  }
+
   /** Returns whether or not the given entity exists in Cloud SQL. */
   public static boolean existsInDb(ImmutableObject object) {
     return tm().transact(() -> tm().exists(object));

core/src/test/java/google/registry/ui/server/console/ConsoleEppPasswordActionTest.java

@@ -17,6 +17,7 @@
 import static com.google.common.truth.Truth.assertThat;
 import static google.registry.request.auth.AuthenticatedRegistrarAccessor.Role.OWNER;
 import static google.registry.testing.DatabaseHelper.loadRegistrar;
+import static google.registry.testing.DatabaseHelper.loadSingleton;
 import static google.registry.testing.DatabaseHelper.persistResource;
 import static jakarta.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
 import static jakarta.servlet.http.HttpServletResponse.SC_FORBIDDEN;
@@ -32,6 +33,7 @@
 import com.google.gson.Gson;
 import google.registry.flows.PasswordOnlyTransportCredentials;
 import google.registry.model.console.GlobalRole;
+import google.registry.model.console.RegistrarUpdateHistory;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.model.registrar.Registrar;
@@ -41,6 +43,7 @@
 import google.registry.request.auth.AuthResult;
 import google.registry.request.auth.AuthenticatedRegistrarAccessor;
 import google.registry.testing.ConsoleApiParamsUtils;
+import google.registry.testing.DatabaseHelper;
 import google.registry.testing.FakeResponse;
 import google.registry.tools.GsonUtils;
 import google.registry.ui.server.console.ConsoleEppPasswordAction.EppPasswordData;
@@ -139,6 +142,10 @@ void testSuccess_passwordUpdated() throws IOException {
         () -> {
           credentials.validate(loadRegistrar("TheRegistrar"), "randomPassword");
         });
+    assertThat(loadSingleton(RegistrarUpdateHistory.class).get().getRequestBody())
+        .isEqualTo(
+            "{\"registrarId\":\"TheRegistrar\",\"oldPassword\":\"foobar\",\"newPassword\":"
+                + "\"randomPassword\",\"newPasswordRepeat\":\"randomPassword\"}");
   }
 
   private ConsoleEppPasswordAction createAction(
@@ -150,6 +157,7 @@ private ConsoleEppPasswordAction createAction(
             .setEmailAddress("[email protected]")
             .setUserRoles(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())
             .build();
+    DatabaseHelper.putInDb(user);
 
     AuthResult authResult = AuthResult.createUser(user);
     consoleApiParams = ConsoleApiParamsUtils.createFake(authResult);
@@ -169,6 +177,6 @@ private ConsoleEppPasswordAction createAction(
             GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON));
 
     return new ConsoleEppPasswordAction(
-        consoleApiParams, authenticatedRegistrarAccessor, maybePasswordChangeRequest);
+        consoleApiParams, authenticatedRegistrarAccessor, GSON, maybePasswordChangeRequest);
   }
 }

core/src/test/java/google/registry/ui/server/console/ConsoleUpdateRegistrarActionTest.java

@@ -15,8 +15,10 @@
 package google.registry.ui.server.console;
 
 import static com.google.common.truth.Truth.assertThat;
+import static google.registry.model.ImmutableObjectSubject.assertAboutImmutableObjects;
 import static google.registry.model.registrar.RegistrarPocBase.Type.WHOIS;
 import static google.registry.testing.DatabaseHelper.createTlds;
+import static google.registry.testing.DatabaseHelper.loadSingleton;
 import static google.registry.testing.DatabaseHelper.persistResource;
 import static jakarta.servlet.http.HttpServletResponse.SC_BAD_REQUEST;
 import static jakarta.servlet.http.HttpServletResponse.SC_OK;
@@ -29,6 +31,7 @@
 import com.google.common.collect.ImmutableSet;
 import com.google.gson.Gson;
 import google.registry.model.console.GlobalRole;
+import google.registry.model.console.RegistrarUpdateHistory;
 import google.registry.model.console.User;
 import google.registry.model.console.UserRoles;
 import google.registry.model.registrar.Registrar;
@@ -85,10 +88,11 @@ void beforeEach() throws Exception {
             .setRegistryLockAllowed(false)
             .build());
     user =
-        new User.Builder()
-            .setEmailAddress("[email protected]")
-            .setUserRoles(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())
-            .build();
+        persistResource(
+            new User.Builder()
+                .setEmailAddress("[email protected]")
+                .setUserRoles(new UserRoles.Builder().setGlobalRole(GlobalRole.FTE).build())
+                .build());
     consoleApiParams = createParams();
   }
 
@@ -104,6 +108,9 @@ void testSuccess_updatesRegistrar() throws IOException {
     assertThat(newRegistrar.getAllowedTlds()).containsExactly("app", "dev");
     assertThat(newRegistrar.isRegistryLockAllowed()).isFalse();
     assertThat(((FakeResponse) consoleApiParams.response()).getStatus()).isEqualTo(SC_OK);
+    assertAboutImmutableObjects()
+        .that(newRegistrar)
+        .hasFieldsEqualTo(loadSingleton(RegistrarUpdateHistory.class).get().getRegistrar());
   }
 
   @Test
@@ -172,6 +179,6 @@ ConsoleUpdateRegistrarAction createAction(String requestData) throws IOException
     Optional<Registrar> maybeRegistrarUpdateData =
         ConsoleModule.provideRegistrar(
             GSON, RequestModule.provideJsonBody(consoleApiParams.request(), GSON));
-    return new ConsoleUpdateRegistrarAction(consoleApiParams, maybeRegistrarUpdateData);
+    return new ConsoleUpdateRegistrarAction(consoleApiParams, GSON, maybeRegistrarUpdateData);
   }
 }