From 06e080ed439be17e27ae08b64a2e314659a18e7d Mon Sep 17 00:00:00 2001
From: Artur Beljajev <artur.beljajev@internet.ee>
Date: Fri, 21 Jul 2017 02:29:54 +0300
Subject: [PATCH] Deny contact ident modification on EPP contact:update

#569
---
 app/models/epp/contact.rb                     | 13 +++++-
 .../requests/epp/contact/update/ident_spec.rb | 42 +++++++++++++++++++
 2 files changed, 53 insertions(+), 2 deletions(-)
 create mode 100644 spec/requests/epp/contact/update/ident_spec.rb

diff --git a/app/models/epp/contact.rb b/app/models/epp/contact.rb
index 845331f07..b3f85d6ba 100644
--- a/app/models/epp/contact.rb
+++ b/app/models/epp/contact.rb
@@ -174,6 +174,10 @@ class Epp::Contact < Contact
       self.ident_updated_at ||= Time.zone.now
       ident_frame = frame.css('ident').first
 
+      if ident_frame.text.present?
+        deny_ident_update
+      end
+
       if ident_frame && ident_attr_valid?(ident_frame)
         org_priv = %w(org priv).freeze
         if ident_country_code.blank? && org_priv.include?(ident_type) && org_priv.include?(ident_frame.attr('type'))
@@ -187,10 +191,10 @@ class Epp::Contact < Contact
           at.merge!(ident_type: ident_frame.attr('type'))
           at.merge!(ident_country_code: ident_frame.attr('cc')) if ident_frame.attr('cc').present?
         else
-          throw :epp_error, {code: '2306', msg: I18n.t(:ident_update_error)}
+          deny_ident_update
         end
       else
-        throw :epp_error, {code: '2306', msg: I18n.t(:ident_update_error)}
+        deny_ident_update
       end
     end
 
@@ -259,4 +263,9 @@ class Epp::Contact < Contact
     self.legal_document_id = doc.id
   end
 
+  private
+
+  def deny_ident_update
+    throw :epp_error, { code: '2306', msg: I18n.t(:ident_update_error) }
+  end
 end
diff --git a/spec/requests/epp/contact/update/ident_spec.rb b/spec/requests/epp/contact/update/ident_spec.rb
new file mode 100644
index 000000000..948a38c97
--- /dev/null
+++ b/spec/requests/epp/contact/update/ident_spec.rb
@@ -0,0 +1,42 @@
+require 'rails_helper'
+
+RSpec.describe 'EPP contact:update' do
+  let(:request) { post '/epp/command/update', frame: request_xml }
+  let(:request_xml) { <<-XML
+    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+      <command>
+        <update>
+          <contact:update xmlns:contact="https://epp.tld.ee/schema/contact-ee-1.1.xsd">
+            <contact:id>TEST</contact:id>
+            <contact:chg>
+              <contact:postalInfo>
+                <contact:name>test</contact:name>
+              </contact:postalInfo>
+            </contact:chg>
+          </contact:update>
+        </update>
+        <extension>
+          <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
+            <eis:ident cc="US" type="org">test</eis:ident>
+          </eis:extdata>
+        </extension>
+      </command>
+    </epp>
+  XML
+  }
+
+  before do
+    sign_in_to_epp_area
+  end
+
+  context 'when :ident tag is given and a contact has been imported from legacy software' do
+    let(:contact) { build(:contact, code: 'TEST', ident: nil, ident_type: nil, ident_country_code: nil) }
+
+    specify do
+      contact.save(validate: false)
+      request
+      expect(response).to have_code_of(2306)
+    end
+  end
+end