Skip to content

Allow for change of registry lock passwords in User objects #2609

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gbrodman merged 1 commit into from
Nov 14, 2024
Merged

Allow for change of registry lock passwords in User objects #2609

gbrodman merged 1 commit into from
Nov 14, 2024
+107 −5

Conversation

@gbrodman
Copy link
Collaborator

@gbrodman gbrodman commented Nov 12, 2024
edited by jianglai
Loading

This essentially enables the "forgot password" flow

This change is Reviewable

ptkach
ptkach requested changes Nov 12, 2024
View reviewed changes
Copy link
Collaborator

@ptkach ptkach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 2 files reviewed, 1 unresolved discussion (waiting on @gbrodman)

core/src/main/java/google/registry/tools/UpdateUserCommand.java line 30 at r1 (raw file):

public class UpdateUserCommand extends CreateOrUpdateUserCommand {

  @Parameter(names = "--remove_registry_lock_password", description = "Removes the registry ")

Should we replace it with more broad - update_password, which can be used to remove as well, by providing an empty string

gbrodman
gbrodman commented Nov 12, 2024
View reviewed changes
Copy link
Collaborator Author

@gbrodman gbrodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 2 files reviewed, 1 unresolved discussion (waiting on @ptkach)

core/src/main/java/google/registry/tools/UpdateUserCommand.java line 30 at r1 (raw file):

Previously, ptkach (Pavlo Tkach) wrote…

Should we replace it with more broad - update_password, which can be used to remove as well, by providing an empty string

I don't think so, because then it allows support to change things that maybe they shouldn't be able to change. This is clearer for sure

ptkach
ptkach requested changes Nov 12, 2024
View reviewed changes
Copy link
Collaborator

@ptkach ptkach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 2 files reviewed, 1 unresolved discussion (waiting on @gbrodman)

core/src/main/java/google/registry/tools/UpdateUserCommand.java line 30 at r1 (raw file):

Previously, gbrodman wrote…

I don't think so, because then it allows support to change things that maybe they shouldn't be able to change. This is clearer for sure

it can be put behind the check for user role or admin flag or both

gbrodman
gbrodman commented Nov 12, 2024
View reviewed changes
Copy link
Collaborator Author

@gbrodman gbrodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 2 files reviewed, 1 unresolved discussion (waiting on @ptkach)

core/src/main/java/google/registry/tools/UpdateUserCommand.java line 30 at r1 (raw file):

Previously, ptkach (Pavlo Tkach) wrote…

it can be put behind the check for user role or admin flag or both

No, we don't have a way of injecting the user running the command into the command itself unfortunately.

But either way, eh we can do this.

@gbrodman gbrodman force-pushed the removeRLockPassword branch from b84a591 to 4110599 Compare November 12, 2024 18:00
ptkach
ptkach requested changes Nov 12, 2024
View reviewed changes
Copy link
Collaborator

@ptkach ptkach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 2 of 3 files at r2, all commit messages.
Reviewable status: 2 of 3 files reviewed, 2 unresolved discussions (waiting on @gbrodman)

core/src/main/java/google/registry/tools/UpdateUserCommand.java line 43 at r2 (raw file):

        checkArgumentPresent(
            tm().loadByKeyIfPresent(VKey.create(User.class, email)), "User %s not found", email);
    if (!removeRegistryLockPassword && registryLockPassword == null) {

do you think that executeInTransaction from CreateOrUpdateUserCommand.java might be a better place for applying the updates, comparing to getExistingUser method?

@gbrodman gbrodman force-pushed the removeRLockPassword branch from 4110599 to 6bdabda Compare November 12, 2024 19:08
gbrodman
gbrodman commented Nov 12, 2024
View reviewed changes
Copy link
Collaborator Author

@gbrodman gbrodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 2 of 3 files reviewed, 2 unresolved discussions (waiting on @ptkach)

core/src/main/java/google/registry/tools/UpdateUserCommand.java line 43 at r2 (raw file):

Previously, ptkach (Pavlo Tkach) wrote…

do you think that executeInTransaction from CreateOrUpdateUserCommand.java might be a better place for applying the updates, comparing to getExistingUser method?

It's a bit awkward but sure

@gbrodman gbrodman changed the title Allow for removal of registry lock passwords in User objects Allow for change of registry lock passwords in User objects Nov 12, 2024
gbrodman
gbrodman commented Nov 14, 2024
View reviewed changes
Copy link
Collaborator Author

@gbrodman gbrodman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

friendly ping

Reviewable status: 1 of 4 files reviewed, 2 unresolved discussions (waiting on @ptkach)

@gbrodman gbrodman force-pushed the removeRLockPassword branch from 6bdabda to dff1801 Compare November 14, 2024 20:09
@gbrodman
Allow for removal of registry lock passwords in User objects
9896c06 
This essentially enables the "forgot password" flow
@gbrodman gbrodman force-pushed the removeRLockPassword branch from dff1801 to 9896c06 Compare November 14, 2024 20:15
ptkach
ptkach approved these changes Nov 14, 2024
View reviewed changes
Copy link
Collaborator

@ptkach ptkach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 4 of 4 files at r4, all commit messages.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @gbrodman)

core/src/main/java/google/registry/tools/CreateOrUpdateUserCommand.java line 117 at r4 (raw file):

      } else {
        checkArgument(
            user != null && user.getRegistryLockEmailAddress().isPresent(),

good catch that we need to check both param and existing user.

@gbrodman gbrodman enabled auto-merge November 14, 2024 20:40
@gbrodman gbrodman added this pull request to the merge queue Nov 14, 2024
Merged via the queue into google:master with commit e54075f Nov 14, 2024
6 checks passed
@gbrodman gbrodman deleted the removeRLockPassword branch November 14, 2024 21:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ptkach ptkach ptkach approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gbrodman @ptkach