From 01cfddee95952fbff02f555f18c287cd04e2d9af Mon Sep 17 00:00:00 2001 From: Martin Lensment Date: Fri, 8 Aug 2014 12:13:51 +0300 Subject: [PATCH] Add XML attribute validator --- app/controllers/concerns/epp/common.rb | 13 +++++++++++++ app/helpers/epp/domains_helper.rb | 23 +++++++++++++++++------ app/models/domain.rb | 2 +- config/locales/en.yml | 2 ++ spec/epp/domain_spec.rb | 15 +++++++++------ 5 files changed, 42 insertions(+), 13 deletions(-) diff --git a/app/controllers/concerns/epp/common.rb b/app/controllers/concerns/epp/common.rb index 74f3c025b..7c8abba3f 100644 --- a/app/controllers/concerns/epp/common.rb +++ b/app/controllers/concerns/epp/common.rb @@ -38,6 +38,19 @@ module Epp::Common render '/epp/error' end + def xml_attrs_present?(ph, attributes) + attributes.each do |x| + epp_errors << {code: '2003', msg: I18n.t('errors.messages.required_parameter_missing', key: x.last)} unless has_attribute(ph, x) + end + epp_errors.empty? + end + + def has_attribute(ph, path) + path.inject(ph) do |location, key| + location.respond_to?(:keys) ? location[key] : nil + end + end + def validate_request type = OBJECT_TYPES[params_hash['epp']['xmlns:ns2']] return unless type diff --git a/app/helpers/epp/domains_helper.rb b/app/helpers/epp/domains_helper.rb index 8e4935f14..34a473f11 100644 --- a/app/helpers/epp/domains_helper.rb +++ b/app/helpers/epp/domains_helper.rb @@ -1,6 +1,19 @@ module Epp::DomainsHelper def create_domain - @domain = Domain.new(domain_create_params) + ph = params_hash['epp']['command']['create']['create'] + + unless xml_attrs_present?(ph, [['name'], ['ns'], ['authInfo'], ['contact'], ['registrant']]) + render '/epp/error' and return + end + + @domain = Domain.new(domain_create_params(ph)) + + if owner_contact_id = Contact.find_by(code: ph[:registrant]).try(:id) + @domain.owner_contact_id = owner_contact_id + else + epp_errors << {code: '2303', msg: I18n.t('errors.messages.epp_registrant_not_found'), value: {obj: 'registrant', val: ph[:registrant]}} + render '/epp/error' and return + end Domain.transaction do if @domain.save && @domain.attach_contacts(domain_contacts) && @domain.attach_nameservers(domain_nameservers) @@ -23,7 +36,7 @@ module Epp::DomainsHelper @domain = Domain.find_by(name: ph[:name]) unless @domain - epp_errors << {code: '2303', msg: I18n.t('errors.messages.epp_domain_not_found'), value: {obj: 'domain', val: ph[:name]}} + epp_errors << {code: '2303', msg: I18n.t('errors.messages.epp_domain_not_found'), value: {obj: 'name', val: ph[:name]}} render '/epp/error' and return end @@ -37,8 +50,7 @@ module Epp::DomainsHelper ### HELPER METHODS ### private - def domain_create_params - ph = params_hash['epp']['command']['create']['create'] + def domain_create_params(ph) { name: ph[:name], registrar_id: current_epp_user.registrar.try(:id), @@ -46,8 +58,7 @@ module Epp::DomainsHelper period: ph[:period].to_i, valid_from: Date.today, valid_to: Date.today + ph[:period].to_i.years, - auth_info: ph[:authInfo][:pw], - owner_contact_id: Contact.find_by(code: ph[:registrant]).try(:id) + auth_info: ph[:authInfo][:pw] } end diff --git a/app/models/domain.rb b/app/models/domain.rb index ee6ca3caf..4ff003a14 100644 --- a/app/models/domain.rb +++ b/app/models/domain.rb @@ -123,7 +123,7 @@ class Domain < ActiveRecord::Base self.period = period save else - errors[:base] << {msg: I18n.t('errors.messages.epp_exp_dates_do_not_match'), obj: 'domain', val: cur_exp_date} + errors[:base] << {msg: I18n.t('errors.messages.epp_exp_dates_do_not_match'), obj: 'curExpDate', val: cur_exp_date} false end end diff --git a/config/locales/en.yml b/config/locales/en.yml index a0caab90c..d1a66e261 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -75,3 +75,5 @@ en: epp_id_taken: 'Contact id already exists' epp_domain_not_found: 'Domain not found' epp_exp_dates_do_not_match: 'Given and current expire dates do not match' + epp_registrant_not_found: 'Registrant not found' + required_parameter_missing: 'Required parameter missing: %{key}' diff --git a/spec/epp/domain_spec.rb b/spec/epp/domain_spec.rb index 3fef6fc2a..5337058a6 100644 --- a/spec/epp/domain_spec.rb +++ b/spec/epp/domain_spec.rb @@ -63,14 +63,17 @@ describe 'EPP Domain', epp: true do it 'does not create domain without contacts and registrant' do response = epp_request('domains/create_wo_contacts_and_registrant.xml') - expect(response[:result_code]).to eq('2306') - expect(response[:msg]).to eq('Registrant is missing') + expect(response[:results][0][:result_code]).to eq('2003') + expect(response[:results][0][:msg]).to eq('Required parameter missing: contact') + + expect(response[:results][1][:result_code]).to eq('2003') + expect(response[:results][1][:msg]).to eq('Required parameter missing: registrant') end it 'does not create domain without nameservers' do response = epp_request('domains/create_wo_nameservers.xml') - expect(response[:result_code]).to eq('2004') - expect(response[:msg]).to eq('Nameservers count must be between 1-13') + expect(response[:result_code]).to eq('2003') + expect(response[:msg]).to eq('Required parameter missing: ns') end it 'does not create domain with too many nameservers' do @@ -122,8 +125,8 @@ describe 'EPP Domain', epp: true do it 'does not create a domain without admin contact' do response = epp_request('domains/create_wo_contacts.xml') - expect(response[:result_code]).to eq('2306') - expect(response[:msg]).to eq('Admin contact is missing') + expect(response[:result_code]).to eq('2003') + expect(response[:msg]).to eq('Required parameter missing: contact') expect(response[:clTRID]).to eq('ABC-12345') expect(Domain.count).to eq 0