diff --git a/app/controllers/api/v1/registrant/base_controller.rb b/app/controllers/api/v1/registrant/base_controller.rb index 4df0d226c..06dfd8804 100644 --- a/app/controllers/api/v1/registrant/base_controller.rb +++ b/app/controllers/api/v1/registrant/base_controller.rb @@ -22,6 +22,15 @@ module Api header.gsub(pattern, '') if header&.match(pattern) end + def associated_domains(user) + country_code, ident = user.registrant_ident.split('-') + + BusinessRegistryCache.fetch_associated_domains(ident, country_code) + rescue Soap::Arireg::NotAvailableError => error + Rails.logger.fatal("[EXCEPTION] #{error}") + user.domains + end + def authenticate decryptor = AuthTokenDecryptor.create_with_defaults(bearer_token) decryptor.decrypt_token diff --git a/app/controllers/api/v1/registrant/domains_controller.rb b/app/controllers/api/v1/registrant/domains_controller.rb index 27b7b6125..49e950155 100644 --- a/app/controllers/api/v1/registrant/domains_controller.rb +++ b/app/controllers/api/v1/registrant/domains_controller.rb @@ -32,17 +32,6 @@ module Api render json: { errors: [{ base: ['Domain not found'] }] }, status: :not_found end end - - private - - def associated_domains(user) - country_code, ident = user.registrant_ident.split('-') - - BusinessRegistryCache.fetch_associated_domains(ident, country_code) - rescue Soap::Arireg::NotAvailableError => error - Rails.logger.fatal("[EXCEPTION] #{error}") - user.domains - end end end end diff --git a/app/controllers/api/v1/registrant/registry_locks_controller.rb b/app/controllers/api/v1/registrant/registry_locks_controller.rb index c3ec073b6..212d8bc21 100644 --- a/app/controllers/api/v1/registrant/registry_locks_controller.rb +++ b/app/controllers/api/v1/registrant/registry_locks_controller.rb @@ -8,16 +8,16 @@ module Api if @domain.apply_registry_lock render json: @domain else - render json: { errors: [{ base: 'Domain cannot be locked' }] }, + render json: { errors: [{ base: ['Domain cannot be locked'] }] }, status: :unprocessable_entity end end - def delete + def destroy if @domain.remove_registry_lock render json: @domain else - render json: { errors: [{ base: 'Domain cannot be unlocked' }] }, + render json: { errors: [{ base: ['Domain cannot be unlocked'] }] }, status: :unprocessable_entity end end @@ -25,7 +25,8 @@ module Api private def set_domain - @domain = Domain.find_by(uuid: params[:domain_uuid]) + domain_pool = associated_domains(current_user) + @domain = domain_pool.find_by(uuid: params[:domain_uuid]) return if @domain render json: { errors: [{ base: ['Domain not found'] }] }, diff --git a/test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb b/test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb index d05dec3d5..89bb80d97 100644 --- a/test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb +++ b/test/integration/api/registrant/registrant_api_domain_registry_lock_test.rb @@ -5,17 +5,88 @@ class RegistrantApiDomainRegistryLockTest < ApplicationIntegrationTest def setup super + @original_registry_time = Setting.days_to_keep_business_registry_cache + Setting.days_to_keep_business_registry_cache = 1 + travel_to Time.zone.parse('2010-07-05') + @user = users(:registrant) @domain = domains(:airport) @auth_headers = { 'HTTP_AUTHORIZATION' => auth_token } end + def teardown + super + + Setting.days_to_keep_business_registry_cache = @original_registry_time + travel_back + end + def test_can_lock_a_not_locked_domain + post '/api/v1/registrant/domains/2df2c1a1-8f6a-490a-81be-8bdf29866880/registry_lock', + {}, @auth_headers + + response_json = JSON.parse(response.body, symbolize_names: true) + + assert(response_json[:statuses].include?(DomainStatus::SERVER_DELETE_PROHIBITED)) + assert(response_json[:statuses].include?(DomainStatus::SERVER_TRANSFER_PROHIBITED)) + assert(response_json[:statuses].include?(DomainStatus::SERVER_UPDATE_PROHIBITED)) + + @domain.reload assert(@domain.locked_by_registrant?) end + def test_cannot_lock_a_domain_in_pending_state + @domain.statuses << DomainStatus::PENDING_UPDATE + @domain.save + + post '/api/v1/registrant/domains/2df2c1a1-8f6a-490a-81be-8bdf29866880/registry_lock', + {}, @auth_headers + + response_json = JSON.parse(response.body, symbolize_names: true) + assert_equal(422, response.status) + assert_equal({ errors: [{ base: ['Domain cannot be locked'] }] }, response_json) + end + def test_cannot_lock_an_already_locked_domain + @domain.apply_registry_lock assert(@domain.locked_by_registrant?) + + post '/api/v1/registrant/domains/2df2c1a1-8f6a-490a-81be-8bdf29866880/registry_lock', + {}, @auth_headers + + response_json = JSON.parse(response.body, symbolize_names: true) + assert_equal(422, response.status) + assert_equal({ errors: [{ base: ['Domain cannot be locked'] }] }, response_json) + end + + def test_can_unlock_a_locked_domain + @domain.apply_registry_lock + + delete '/api/v1/registrant/domains/2df2c1a1-8f6a-490a-81be-8bdf29866880/registry_lock', + {}, @auth_headers + + response_json = JSON.parse(response.body, symbolize_names: true) + assert(response_json[:statuses].include?(DomainStatus::OK)) + @domain.reload + refute(@domain.locked_by_registrant?) + end + + def test_cannot_unlock_a_not_locked_domain + delete '/api/v1/registrant/domains/2df2c1a1-8f6a-490a-81be-8bdf29866880/registry_lock', + {}, @auth_headers + + response_json = JSON.parse(response.body, symbolize_names: true) + assert_equal(422, response.status) + assert_equal({ errors: [{ base: ['Domain cannot be unlocked'] }] }, response_json) + end + + def test_returns_404_when_domain_is_not_found + post '/api/v1/registrant/domains/random-uuid/registry_lock', + {}, @auth_headers + + response_json = JSON.parse(response.body, symbolize_names: true) + assert_equal(404, response.status) + assert_equal({ errors: [{ base: ['Domain not found'] }] }, response_json) end private diff --git a/test/system/admin_area/domains/registry_lock_test.rb b/test/system/admin_area/domains/registry_lock_test.rb index 3fc053f6a..9a3276943 100644 --- a/test/system/admin_area/domains/registry_lock_test.rb +++ b/test/system/admin_area/domains/registry_lock_test.rb @@ -16,6 +16,7 @@ class RegistryLockTest < JavaScriptApplicationSystemTestCase def test_does_not_have_link_when_domain_is_not_locked visit edit_admin_domain_path(@domain) + click_link_or_button('Actions') refute(page.has_link?('Remove registry lock')) end @@ -26,7 +27,7 @@ class RegistryLockTest < JavaScriptApplicationSystemTestCase click_link_or_button('Actions') assert(page.has_link?('Remove registry lock')) - accept_confirm('Are you sure you want to remove registry lock?') do + accept_confirm('Are you sure you want to remove the registry lock?') do click_link_or_button('Remove registry lock') end @@ -46,7 +47,7 @@ class RegistryLockTest < JavaScriptApplicationSystemTestCase click_link_or_button('Actions') assert(page.has_link?('Remove registry lock')) - accept_confirm('Are you sure you want to remove registry lock that was set by registrant?') do + accept_confirm('Are you sure you want to remove the registry lock?') do click_link_or_button('Remove registry lock') end diff --git a/test/system/admin_area/domains_test.rb b/test/system/admin_area/domains_test.rb index 8103f2a8a..fddb1b328 100644 --- a/test/system/admin_area/domains_test.rb +++ b/test/system/admin_area/domains_test.rb @@ -25,5 +25,6 @@ class AdminDomainsTestTest < ApplicationSystemTestCase visit admin_domain_path(lockable_domain) assert_text 'Registry lock time 2010-07-05 00:30' + assert_text 'registryLock' end end