Remove registry-lock-related fields from RegistrarPoc

We've moved these over to the User class, so we should remove these for
clarity. In addition, we should make it clear (in Java at least) that
the field in the RegistryLock object refers to the email address used
for the lock in question.

Author: gbrodman

core/src/main/java/google/registry/batch/RelockDomainAction.java

@@ -15,7 +15,6 @@
 package google.registry.batch;
 
 import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.collect.ImmutableSet.toImmutableSet;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.request.Action.Method.POST;
 import static google.registry.tools.LockOrUnlockDomainCommand.REGISTRY_LOCK_STATUSES;
@@ -30,8 +29,6 @@
 import google.registry.model.domain.Domain;
 import google.registry.model.domain.RegistryLock;
 import google.registry.model.eppcommon.StatusValue;
-import google.registry.model.registrar.Registrar;
-import google.registry.model.registrar.RegistrarPoc;
 import google.registry.model.tld.RegistryLockDao;
 import google.registry.persistence.VKey;
 import google.registry.request.Action;
@@ -70,12 +67,14 @@ public class RelockDomainAction implements Runnable {
       """
       The domain %s was successfully re-locked.
 
-      Please contact support at %s if you have any questions.""";
+      Please contact support at %s if you have any questions.\
+      """;
   private static final String RELOCK_NON_RETRYABLE_FAILURE_EMAIL_TEMPLATE =
       """
       There was an error when automatically re-locking %s. Error message: %s
 
-      Please contact support at %s if you have any questions.""";
+      Please contact support at %s if you have any questions.\
+      """;
   private static final String RELOCK_TRANSIENT_FAILURE_EMAIL_TEMPLATE =
       "There was an unexpected error when automatically re-locking %s. We will continue retrying "
           + "the lock for five hours. Please contact support at %s if you have any questions";
@@ -171,7 +170,7 @@ private void applyRelock(RegistryLock oldLock) {
     domainLockUtils.administrativelyApplyLock(
         oldLock.getDomainName(),
         oldLock.getRegistrarId(),
-        oldLock.getRegistrarPocId(),
+        oldLock.getRegistryLockEmail(),
         oldLock.isSuperuser());
     logger.atInfo().log("Re-locked domain %s.", oldLock.getDomainName());
     response.setStatus(SC_OK);
@@ -221,7 +220,7 @@ private void handleNonRetryableFailure(RegistryLock oldLock, Throwable t) {
         EmailMessage.newBuilder()
             .setBody(body)
             .setSubject(String.format("Error re-locking domain %s", oldLock.getDomainName()))
-            .setRecipients(getEmailRecipients(oldLock.getRegistrarId()))
+            .setRecipients(ImmutableSet.of(getEmailRecipient(oldLock)))
             .build());
   }
 
@@ -250,7 +249,7 @@ private void sendSuccessEmail(RegistryLock oldLock) {
         EmailMessage.newBuilder()
             .setBody(body)
             .setSubject(String.format("Successful re-lock of domain %s", oldLock.getDomainName()))
-            .setRecipients(getEmailRecipients(oldLock.getRegistrarId()))
+            .setRecipients(ImmutableSet.of(getEmailRecipient(oldLock)))
             .build());
   }
 
@@ -261,7 +260,7 @@ private void sendGenericTransientFailureEmail(RegistryLock oldLock) {
     // For an unexpected failure, notify both the lock-enabled contacts and our alerting email
     ImmutableSet<InternetAddress> allRecipients =
         new ImmutableSet.Builder<InternetAddress>()
-            .addAll(getEmailRecipients(oldLock.getRegistrarId()))
+            .add(getEmailRecipient(oldLock))
             .add(alertRecipientAddress)
             .build();
     gmailClient.sendEmail(
@@ -281,31 +280,12 @@ private void sendUnknownRevisionIdAlertEmail() {
             .build());
   }
 
-  private ImmutableSet<InternetAddress> getEmailRecipients(String registrarId) {
-    Registrar registrar =
-        Registrar.loadByRegistrarIdCached(registrarId)
-            .orElseThrow(
-                () ->
-                    new IllegalStateException(String.format("Unknown registrar %s", registrarId)));
-
-    ImmutableSet<String> registryLockEmailAddresses =
-        registrar.getContacts().stream()
-            .filter(RegistrarPoc::isRegistryLockAllowed)
-            .map(RegistrarPoc::getRegistryLockEmailAddress)
-            .filter(Optional::isPresent)
-            .map(Optional::get)
-            .collect(toImmutableSet());
-
-    ImmutableSet.Builder<InternetAddress> builder = new ImmutableSet.Builder<>();
-    // can't use streams due to the 'throws' in the InternetAddress constructor
-    for (String registryLockEmailAddress : registryLockEmailAddresses) {
-      try {
-        builder.add(new InternetAddress(registryLockEmailAddress));
-      } catch (AddressException e) {
-        // This shouldn't stop any other emails going out, so swallow it
-        logger.atWarning().log("Invalid email address '%s'.", registryLockEmailAddress);
-      }
+  private InternetAddress getEmailRecipient(RegistryLock lock) {
+    try {
+      return new InternetAddress(lock.getRegistryLockEmail());
+    } catch (AddressException e) {
+      // this really shouldn't happen
+      throw new RuntimeException(e);
     }
-    return builder.build();
   }
 }

core/src/main/java/google/registry/model/domain/RegistryLock.java

@@ -101,8 +101,15 @@ public final class RegistryLock extends UpdateAutoTimestampEntity implements Bui
   @Column(nullable = false)
   private String registrarId;
 
-  /** The POC that performed the action, or null if it was a superuser. */
-  @Expose private String registrarPocId;
+  /**
+   * The email address of the user that performed the action, or null if it was a superuser.
+   *
+   * <p>Note: this is misnamed in the database due to historical reasons, where we used the
+   * registrar POC ID as the email address rather than a separate specialized field.
+   */
+  @Column(name = "registrarPocId")
+  @Expose
+  private String registryLockEmail;
 
   /** When the lock is first requested. */
   @AttributeOverrides({
@@ -161,8 +168,8 @@ public String getRegistrarId() {
     return registrarId;
   }
 
-  public String getRegistrarPocId() {
-    return registrarPocId;
+  public String getRegistryLockEmail() {
+    return registryLockEmail;
   }
 
   public DateTime getLockRequestTime() {
@@ -255,7 +262,7 @@ public RegistryLock build() {
       checkArgumentNotNull(getInstance().registrarId, "Registrar ID cannot be null");
       checkArgumentNotNull(getInstance().verificationCode, "Verification code cannot be null");
       checkArgument(
-          getInstance().registrarPocId != null || getInstance().isSuperuser,
+          getInstance().registryLockEmail != null || getInstance().isSuperuser,
           "Registrar POC ID must be provided if superuser is false");
       return super.build();
     }
@@ -275,8 +282,8 @@ public Builder setRegistrarId(String registrarId) {
       return this;
     }
 
-    public Builder setRegistrarPocId(String registrarPocId) {
-      getInstance().registrarPocId = registrarPocId;
+    public Builder setRegistryLockEmail(String registryLockEmail) {
+      getInstance().registryLockEmail = registryLockEmail;
       return this;
     }
 

core/src/main/java/google/registry/model/registrar/RegistrarPoc.java

@@ -14,16 +14,11 @@
 
 package google.registry.model.registrar;
 
-import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.base.Strings.isNullOrEmpty;
 import static com.google.common.collect.ImmutableSet.toImmutableSet;
-import static com.google.common.io.BaseEncoding.base64;
 import static google.registry.model.registrar.Registrar.checkValidEmail;
 import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
 import static google.registry.util.CollectionUtils.nullToEmptyImmutableSortedCopy;
-import static google.registry.util.PasswordUtils.SALT_SUPPLIER;
-import static google.registry.util.PasswordUtils.hashPassword;
 import static java.util.stream.Collectors.joining;
 
 import com.google.common.annotations.VisibleForTesting;
@@ -38,7 +33,6 @@
 import google.registry.model.UnsafeSerializable;
 import google.registry.persistence.VKey;
 import google.registry.persistence.transaction.QueryComposer;
-import google.registry.util.PasswordUtils;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.EnumType;
@@ -47,9 +41,7 @@
 import jakarta.persistence.IdClass;
 import java.io.Serializable;
 import java.util.Map;
-import java.util.Optional;
 import java.util.Set;
-import javax.annotation.Nullable;
 
 /**
  * A contact for a Registrar. Note, equality, hashCode and comparable have been overridden to only
@@ -107,9 +99,6 @@ public boolean isRequired() {
 
   @Id @Expose public String registrarId;
 
-  /** External email address of this contact used for registry lock confirmations. */
-  String registryLockEmailAddress;
-
   /** The voice number of the contact. */
   @Expose String phoneNumber;
 
@@ -147,22 +136,10 @@ public boolean isRequired() {
   @Expose
   boolean visibleInDomainWhoisAsAbuse = false;
 
-  /**
-   * Whether the contact is allowed to set their registry lock password through the registrar
-   * console. This will be set to false on contact creation and when the user sets a password.
-   */
+  /** Legacy field, around until we can remove the non-null constraint and the column from SQL. */
   @Column(nullable = false)
   boolean allowedToSetRegistryLockPassword = false;
 
-  /**
-   * A hashed password that exists iff this contact is registry-lock-enabled. The hash is a base64
-   * encoded SHA256 string.
-   */
-  String registryLockPasswordHash;
-
-  /** Randomly generated hash salt. */
-  String registryLockPasswordSalt;
-
   /**
    * Helper to update the contacts associated with a Registrar. This requires querying for the
    * existing contacts, deleting existing contacts that are not part of the given {@code contacts}
@@ -197,10 +174,6 @@ public String getEmailAddress() {
     return emailAddress;
   }
 
-  public Optional<String> getRegistryLockEmailAddress() {
-    return Optional.ofNullable(registryLockEmailAddress);
-  }
-
   public String getPhoneNumber() {
     return phoneNumber;
   }
@@ -229,24 +202,6 @@ public Builder asBuilder() {
     return new Builder(clone(this));
   }
 
-  public boolean isAllowedToSetRegistryLockPassword() {
-    return allowedToSetRegistryLockPassword;
-  }
-
-  public boolean isRegistryLockAllowed() {
-    return !isNullOrEmpty(registryLockPasswordHash) && !isNullOrEmpty(registryLockPasswordSalt);
-  }
-
-  public boolean verifyRegistryLockPassword(String registryLockPassword) {
-    if (isNullOrEmpty(registryLockPassword)
-        || isNullOrEmpty(registryLockPasswordSalt)
-        || isNullOrEmpty(registryLockPasswordHash)) {
-      return false;
-    }
-    return PasswordUtils.verifyPassword(
-        registryLockPassword, registryLockPasswordHash, registryLockPasswordSalt);
-  }
-
   /**
    * Returns a string representation that's human friendly.
    *
@@ -296,15 +251,12 @@ public Map<String, Object> toJsonMap() {
     return new JsonMapBuilder()
         .put("name", name)
         .put("emailAddress", emailAddress)
-        .put("registryLockEmailAddress", registryLockEmailAddress)
         .put("phoneNumber", phoneNumber)
         .put("faxNumber", faxNumber)
         .put("types", getTypes().stream().map(Object::toString).collect(joining(",")))
         .put("visibleInWhoisAsAdmin", visibleInWhoisAsAdmin)
         .put("visibleInWhoisAsTech", visibleInWhoisAsTech)
         .put("visibleInDomainWhoisAsAbuse", visibleInDomainWhoisAsAbuse)
-        .put("allowedToSetRegistryLockPassword", allowedToSetRegistryLockPassword)
-        .put("registryLockAllowed", isRegistryLockAllowed())
         .put("id", getId())
         .build();
   }
@@ -344,14 +296,6 @@ protected Builder(RegistrarPoc instance) {
     public RegistrarPoc build() {
       checkNotNull(getInstance().registrarId, "Registrar ID cannot be null");
       checkValidEmail(getInstance().emailAddress);
-      // Check allowedToSetRegistryLockPassword here because if we want to allow the user to set
-      // a registry lock password, we must also set up the correct registry lock email concurrently
-      // or beforehand.
-      if (getInstance().allowedToSetRegistryLockPassword) {
-        checkArgument(
-            !isNullOrEmpty(getInstance().registryLockEmailAddress),
-            "Registry lock email must not be null if allowing registry lock access");
-      }
       return cloneEmptyToNull(super.build());
     }
 
@@ -365,11 +309,6 @@ public Builder setEmailAddress(String emailAddress) {
       return this;
     }
 
-    public Builder setRegistryLockEmailAddress(@Nullable String registryLockEmailAddress) {
-      getInstance().registryLockEmailAddress = registryLockEmailAddress;
-      return this;
-    }
-
     public Builder setPhoneNumber(String phoneNumber) {
       getInstance().phoneNumber = phoneNumber;
       return this;
@@ -409,28 +348,6 @@ public Builder setVisibleInDomainWhoisAsAbuse(boolean visible) {
       getInstance().visibleInDomainWhoisAsAbuse = visible;
       return this;
     }
-
-    public Builder setAllowedToSetRegistryLockPassword(boolean allowedToSetRegistryLockPassword) {
-      if (allowedToSetRegistryLockPassword) {
-        getInstance().registryLockPasswordSalt = null;
-        getInstance().registryLockPasswordHash = null;
-      }
-      getInstance().allowedToSetRegistryLockPassword = allowedToSetRegistryLockPassword;
-      return this;
-    }
-
-    public Builder setRegistryLockPassword(String registryLockPassword) {
-      checkArgument(
-          getInstance().allowedToSetRegistryLockPassword,
-          "Not allowed to set registry lock password for this contact");
-      checkArgument(
-          !isNullOrEmpty(registryLockPassword), "Registry lock password was null or empty");
-      byte[] salt = SALT_SUPPLIER.get();
-      getInstance().registryLockPasswordSalt = base64().encode(salt);
-      getInstance().registryLockPasswordHash = hashPassword(registryLockPassword, salt);
-      getInstance().allowedToSetRegistryLockPassword = false;
-      return this;
-    }
   }
 
   public static ImmutableList<RegistrarPoc> loadForRegistrar(String registrarId) {

core/src/main/java/google/registry/tools/DomainLockUtils.java

@@ -74,11 +74,12 @@ public DomainLockUtils(
    * <p>The lock will not be applied until {@link #verifyVerificationCode} is called.
    */
   public RegistryLock saveNewRegistryLockRequest(
-      String domainName, String registrarId, @Nullable String registrarPocId, boolean isAdmin) {
+      String domainName, String registrarId, @Nullable String registryLockEmail, boolean isAdmin) {
     return tm().transact(
             () ->
                 RegistryLockDao.save(
-                    createLockBuilder(domainName, registrarId, registrarPocId, isAdmin).build()));
+                    createLockBuilder(domainName, registrarId, registryLockEmail, isAdmin)
+                        .build()));
   }
 
   /**
@@ -129,13 +130,13 @@ public RegistryLock verifyVerificationCode(String verificationCode, boolean isAd
    * the case of relocks, isAdmin is determined by the previous lock.
    */
   public RegistryLock administrativelyApplyLock(
-      String domainName, String registrarId, @Nullable String registrarPocId, boolean isAdmin) {
+      String domainName, String registrarId, @Nullable String registryLockEmail, boolean isAdmin) {
     return tm().transact(
             () -> {
               DateTime now = tm().getTransactionTime();
               RegistryLock newLock =
                   RegistryLockDao.save(
-                      createLockBuilder(domainName, registrarId, registrarPocId, isAdmin)
+                      createLockBuilder(domainName, registrarId, registryLockEmail, isAdmin)
                           .setLockCompletionTime(now)
                           .build());
               applyLockStatuses(newLock, now, isAdmin);
@@ -235,7 +236,7 @@ private void setAsRelock(RegistryLock newLock) {
   }
 
   private RegistryLock.Builder createLockBuilder(
-      String domainName, String registrarId, @Nullable String registrarPocId, boolean isAdmin) {
+      String domainName, String registrarId, @Nullable String registryLockEmail, boolean isAdmin) {
     DateTime now = tm().getTransactionTime();
     Domain domain = getDomain(domainName, registrarId, now);
     verifyDomainNotLocked(domain, isAdmin);
@@ -255,7 +256,7 @@ private RegistryLock.Builder createLockBuilder(
         .setDomainName(domainName)
         .setRepoId(domain.getRepoId())
         .setRegistrarId(registrarId)
-        .setRegistrarPocId(registrarPocId)
+        .setRegistryLockEmail(registryLockEmail)
         .isSuperuser(isAdmin);
   }