Allow creation of reserved domains using allocation tokens

Unlike anchor tenants, these domains can be registered for any number of years, but only during GA, as third parties cannot register domains pre-GA except through the anchor tenant program. Since this is new functionality, unlike creation of anchor tenants, there is no fallback provided to send codes through the domain authcode; they must be sent using the allocation token extension. And note that, like with anchor tenants, providing the domain-specific allocation token overrides any other reserved types that might apply to that domain. No changes are necessary to the domain application create flow because of the above restriction to GA. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=212310701
google · Sep 11, 2018 · 1b3df82 · 1b3df82
1 parent 9c280f9
commit 1b3df82
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 5 deletions.
diff --git a/java/google/registry/flows/domain/DomainCreateFlow.java b/java/google/registry/flows/domain/DomainCreateFlow.java
@@ -23,6 +23,7 @@
 import static google.registry.flows.domain.DomainFlowUtils.createFeeCreateResponse;
 import static google.registry.flows.domain.DomainFlowUtils.getReservationTypes;
 import static google.registry.flows.domain.DomainFlowUtils.isAnchorTenant;
+import static google.registry.flows.domain.DomainFlowUtils.isValidReservedCreate;
 import static google.registry.flows.domain.DomainFlowUtils.validateCreateCommandContactsAndNameservers;
 import static google.registry.flows.domain.DomainFlowUtils.validateDomainAllowedOnCreateRestrictedTld;
 import static google.registry.flows.domain.DomainFlowUtils.validateDomainName;
@@ -276,7 +277,7 @@ public final EppResponse run() throws EppException {
       if (launchCreate.isPresent()) {
         verifyLaunchPhaseMatchesRegistryPhase(registry, launchCreate.get(), now);
       }
-      if (!isAnchorTenant) {
+      if (!isAnchorTenant && !isValidReservedCreate(domainName, allocationToken)) {
         verifyNotReserved(domainName, isSunriseCreate);
       }
       if (hasClaimsNotice) {

diff --git a/java/google/registry/flows/domain/DomainFlowUtils.java b/java/google/registry/flows/domain/DomainFlowUtils.java
@@ -247,9 +247,7 @@ public static String validateDomainNameWithIdnTables(InternetDomainName domainNa
     return idnTableName.get();
   }
 
-  /**
-   * Returns whether the information for a given domain create request is for a valid anchor tenant.
-   */
+  /** Returns whether a given domain create request is for a valid anchor tenant. */
   public static boolean isAnchorTenant(
       InternetDomainName domainName,
       Optional<AllocationToken> token,
@@ -278,6 +276,17 @@ public static boolean isAnchorTenant(
     return metadataExtension.isPresent() && metadataExtension.get().getIsAnchorTenant();
   }
 
+  /** Returns whether a given domain create request is for a valid reserved domain. */
+  public static boolean isValidReservedCreate(
+      InternetDomainName domainName, Optional<AllocationToken> token) {
+    // If the domain is reserved for specific use, then check if the allocation token exists and
+    // is for this domain.
+    return getReservationTypes(domainName).contains(RESERVED_FOR_SPECIFIC_USE)
+        && token.isPresent()
+        && token.get().getDomainName().isPresent()
+        && token.get().getDomainName().get().equals(domainName.toString());
+  }
+
   /** Check if the registrar running the flow has access to the TLD in question. */
   public static void checkAllowedAccessToTld(String clientId, String tld) throws EppException {
     if (!Registrar.loadByClientIdCached(clientId).get().getAllowedTlds().contains(tld)) {

diff --git a/javatests/google/registry/flows/domain/DomainCreateFlowTest.java b/javatests/google/registry/flows/domain/DomainCreateFlowTest.java
@@ -189,7 +189,8 @@ public void initCreateTest() {
                     "resdom,RESERVED_FOR_SPECIFIC_USE",
                     "anchor,RESERVED_FOR_ANCHOR_TENANT",
                     "test-and-validate,NAME_COLLISION",
-                    "badcrash,NAME_COLLISION"))
+                    "badcrash,NAME_COLLISION"),
+                persistReservedList("global-list", "resdom,FULLY_BLOCKED"))
             .build());
     persistClaimsList(ImmutableMap.of("example-one", CLAIMS_KEY));
   }
@@ -1031,6 +1032,25 @@ public void testSuccess_anchorTenant_viaAuthCode_withClaims() throws Exception {
     assertClaimsLordn();
   }
 
+  @Test
+  public void testSuccess_reservedDomain_viaAllocationTokenExtension() throws Exception {
+    AllocationToken token =
+        persistResource(
+            new AllocationToken.Builder().setToken("abc123").setDomainName("resdom.tld").build());
+    // Despite the domain being FULLY_BLOCKED, the non-superuser create succeeds the domain is also
+    // RESERVED_FOR_SPECIFIC_USE and the correct allocation token is passed.
+    setEppInput("domain_create_allocationtoken.xml", ImmutableMap.of("DOMAIN", "resdom.tld"));
+    persistContactsAndHosts();
+    runFlowAssertResponse(
+        loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "resdom.tld")));
+    assertSuccessfulCreate("tld", ImmutableSet.of());
+    assertNoLordn();
+    AllocationToken reloadedToken = ofy().load().entity(token).now();
+    assertThat(reloadedToken.isRedeemed()).isTrue();
+    assertThat(reloadedToken.getRedemptionHistoryEntry())
+        .isEqualTo(Key.create(getHistoryEntries(reloadResourceByForeignKey()).get(0)));
+  }
+
   @Test
   public void testSuccess_superuserReserved() throws Exception {
     setEppInput("domain_create_reserved.xml");