Merge branch 'master' into log-error-when-cert-path-is-missing

This commit is contained in:
Georg Kahest 2020-08-18 16:42:31 +03:00
commit 0e188bae57
452 changed files with 10511 additions and 3955 deletions

View file

@ -23,11 +23,11 @@ module Admin
@q.sorts = 'id desc' if @q.sorts.empty?
@account_activities = @q.result.page(params[:page]).per(params[:results_per_page])
sort = @account_activities.orders.map(&:to_sql).join(",")
# can do here inline SQL as it's our
if params[:page] && params[:page].to_i > 1
@sum = @q.result.reorder(sort).limit(@account_activities.offset_value).sum(:sum) + @b.result.where("account_activities.id NOT IN (#{@q.result.select(:id).to_sql})").sum(:sum)
@sum = @q.result.limit(@account_activities.offset_value).sum(:sum) +
@b.result.where("account_activities.id NOT IN (#{@q.result.select(:id).to_sql})")
.sum(:sum)
else
@sum = @b.result.where("account_activities.id NOT IN (#{@q.result.select(:id).to_sql})").sum(:sum)
end

View file

@ -1,7 +1,6 @@
module Admin
class ApiUsersController < BaseController
load_and_authorize_resource
before_action :set_api_user, only: [:show, :edit, :update, :destroy]
def index
@q = ApiUser.includes(:registrar).search(params[:q])
@ -9,18 +8,17 @@ module Admin
end
def new
@registrar = Registrar.find_by(id: params[:registrar_id])
@api_user = ApiUser.new(registrar: @registrar)
@api_user = registrar.api_users.build
end
def create
@api_user = ApiUser.new(api_user_params)
@api_user = registrar.api_users.build(api_user_params)
if @api_user.save
flash[:notice] = I18n.t('record_created')
redirect_to [:admin, @api_user]
if @api_user.valid?
@api_user.save!
redirect_to admin_registrar_api_user_path(@api_user.registrar, @api_user),
notice: t('.created')
else
flash.now[:alert] = I18n.t('failed_to_create_record')
render 'new'
end
end
@ -32,39 +30,31 @@ module Admin
end
def update
if params[:api_user][:plain_text_password].blank?
params[:api_user].delete(:plain_text_password)
end
@api_user.attributes = api_user_params
if @api_user.update(api_user_params)
flash[:notice] = I18n.t('record_updated')
redirect_to [:admin, @api_user]
if @api_user.valid?
@api_user.save!
redirect_to admin_registrar_api_user_path(@api_user.registrar, @api_user),
notice: t('.updated')
else
flash.now[:alert] = I18n.t('failed_to_update_record')
render 'edit'
end
end
def destroy
if @api_user.destroy
flash[:notice] = I18n.t('record_deleted')
redirect_to admin_api_users_path
else
flash.now[:alert] = I18n.t('failed_to_delete_record')
render 'show'
end
@api_user.destroy!
redirect_to admin_registrar_path(@api_user.registrar), notice: t('.deleted')
end
private
def set_api_user
@api_user = ApiUser.find(params[:id])
end
def api_user_params
params.require(:api_user).permit(:username, :plain_text_password, :active,
:registrar_id, :registrar_typeahead,
:identity_code, { roles: [] })
end
def registrar
Registrar.find(params[:registrar_id])
end
end
end

View file

@ -60,7 +60,7 @@ module Admin
end
def bind_invoices
@bank_statement.bind_invoices
@bank_statement.bind_invoices(manual: true)
flash[:notice] = t('invoices_were_fully_binded') if @bank_statement.fully_binded?
flash[:warning] = t('invoices_were_partially_binded') if @bank_statement.partially_binded?

View file

@ -34,7 +34,7 @@ module Admin
end
def bind
if @bank_transaction.bind_invoice(params[:invoice_no])
if @bank_transaction.bind_invoice(params[:invoice_no], manual: true)
flash[:notice] = I18n.t('record_created')
redirect_to [:admin, @bank_transaction]
else

View file

@ -2,6 +2,7 @@ module Admin
class BaseController < ApplicationController
before_action :authenticate_admin_user!
helper_method :head_title_sufix
before_action :set_paper_trail_whodunnit
def head_title_sufix
t(:admin_head_title_sufix)
@ -17,4 +18,4 @@ module Admin
current_admin_user ? current_admin_user.id_role_username : 'anonymous'
end
end
end
end

View file

@ -34,7 +34,7 @@ module Admin
if @certificate.destroy
flash[:notice] = I18n.t('record_deleted')
redirect_to admin_api_user_path(@api_user)
redirect_to admin_registrar_api_user_path(@api_user.registrar, @api_user)
else
flash.now[:alert] = I18n.t('failed_to_delete_record')
render 'show'

View file

@ -3,6 +3,7 @@ module Admin
load_and_authorize_resource
before_action :set_contact, only: [:show]
helper_method :ident_types
helper_method :domain_filter_params
def index
params[:q] ||= {}
@ -12,19 +13,27 @@ module Admin
search_params[:registrant_domains_id_not_null] = 1
end
contacts = Contact.includes(:registrar).joins(:registrar).select('contacts.*, registrars.name')
contacts = Contact.includes(:registrar).joins(:registrar)
.select('contacts.*, registrars.name')
contacts = contacts.filter_by_states(params[:statuses_contains].join(',')) if params[:statuses_contains]
contacts = contacts.where("ident_country_code is null or ident_country_code=''") if params[:only_no_country_code].eql?('1')
contacts = filter_by_flags(contacts)
normalize_search_parameters do
@q = contacts.search(search_params)
@contacts = @q.result.uniq.page(params[:page])
@contacts = @q.result.distinct.page(params[:page])
end
@contacts = @contacts.per(params[:results_per_page]) if params[:results_per_page].to_i.positive?
end
def filter_by_flags(contacts)
if params[:only_no_country_code].eql?('1')
contacts = contacts.where("ident_country_code is null or ident_country_code=''")
end
contacts = contacts.email_verification_failed if params[:email_verification_failed].eql?('1')
contacts
end
def search
render json: Contact.search_by_query(params[:q])
end
@ -84,5 +93,9 @@ module Admin
def ident_types
Contact::Ident.types
end
def domain_filter_params
params.permit(:domain_filter)
end
end
end

View file

@ -0,0 +1,74 @@
# frozen_string_literal: true
module Admin
class DisputesController < BaseController
load_and_authorize_resource
before_action :set_dispute, only: %i[show edit update delete]
# GET /admin/disputes
def index
params[:q] ||= {}
@disputes = sortable_dispute_query_for(Dispute.active.all, params[:q])
@closed_disputes = sortable_dispute_query_for(Dispute.closed.all, params[:q], closed: true)
end
# GET /admin/disputes/1
def show; end
# GET /admin/disputes/new
def new
@dispute = Dispute.new
end
# GET /admin/disputes/1/edit
def edit; end
# POST /admin/disputes
def create
@dispute = Dispute.new(dispute_params)
if @dispute.save
notice = 'Dispute was successfully created'
notice += @dispute.domain ? '.' : ' for domain that is not registered.'
redirect_to admin_disputes_url, notice: notice
else
render :new
end
end
# PATCH/PUT /admin/disputes/1
def update
if @dispute.update(dispute_params.except(:domain_name))
redirect_to admin_disputes_url, notice: 'Dispute was successfully updated.'
else
render :edit
end
end
# DELETE /admin/disputes/1
def delete
@dispute.close(initiator: 'Admin')
redirect_to admin_disputes_url, notice: 'Dispute was successfully closed.'
end
private
def sortable_dispute_query_for(disputes, query, closed: false)
@q = disputes.order(:domain_name).search(query)
disputes = @q.result.page(closed ? params[:closed_page] : params[:page])
return disputes.per(params[:results_per_page]) if params[:results_per_page].present?
disputes
end
# Use callbacks to share common setup or constraints between actions.
def set_dispute
@dispute = Dispute.find(params[:id])
end
# Only allow a trusted parameter "white list" through.
def dispute_params
params.require(:dispute).permit(:domain_name, :password, :starts_at, :comment)
end
end
end

View file

@ -5,21 +5,27 @@ module Admin
authorize! :manage, domain
domain.transaction do
domain.schedule_force_delete
domain.schedule_force_delete(type: force_delete_type)
domain.registrar.notifications.create!(text: t('force_delete_set_on_domain',
domain_name: domain.name))
domain_name: domain.name,
outzone_date: domain.outzone_date,
purge_date: domain.purge_date))
if notify_by_email?
DomainDeleteMailer.forced(domain: domain,
registrar: domain.registrar,
registrant: domain.registrant,
template_name: params[:template_name]).deliver_now
end
notify_by_email if notify_by_email?
end
redirect_to edit_admin_domain_url(domain), notice: t('.scheduled')
end
def notify_by_email
if force_delete_type == :fast_track
send_email
domain.update(contact_notification_sent_date: Time.zone.today)
else
domain.update(template_name: params[:template_name])
end
end
def destroy
authorize! :manage, domain
domain.cancel_force_delete
@ -33,7 +39,22 @@ module Admin
end
def notify_by_email?
ActiveRecord::Type::Boolean.new.type_cast_from_user(params[:notify_by_email])
ActiveRecord::Type::Boolean.new.cast(params[:notify_by_email])
end
def send_email
DomainDeleteMailer.forced(domain: domain,
registrar: domain.registrar,
registrant: domain.registrant,
template_name: params[:template_name]).deliver_now
end
def force_delete_type
soft_delete? ? :soft : :fast_track
end
def soft_delete?
ActiveRecord::Type::Boolean.new.cast(params[:soft_delete])
end
end
end

View file

@ -5,7 +5,11 @@ module Admin
def show
@ld = LegalDocument.find(params[:id])
filename = @ld.path.split('/').last
send_data File.open(@ld.path).read, filename: filename
file = File.open(@ld.path)&.read
send_data file, filename: filename
rescue Errno::ENOENT
flash[:notice] = I18n.t('legal_doc_not_found')
redirect_to [:admin, @ld.documentable]
end
end
end

View file

@ -29,7 +29,6 @@ module Admin
# steal token
token = @domain.registrant_verification_token
@registrant_verification = RegistrantVerification.new(domain_id: @domain.id,
domain_name: @domain.name,
verification_token: token)
end

View file

@ -26,7 +26,6 @@ module Admin
# steal token
token = @domain.registrant_verification_token
@registrant_verification = RegistrantVerification.new(domain_id: @domain.id,
domain_name: @domain.name,
verification_token: token)
end

View file

@ -74,6 +74,8 @@ module Admin
:vat_rate,
:accounting_customer_code,
:billing_email,
:legaldoc_optout,
:legaldoc_optout_comment,
:iban,
:language)
end

View file

@ -13,7 +13,7 @@ module Admin
send_data @zonefile, filename: "#{params[:origin]}.txt"
else
flash[:alert] = 'Origin not supported'
redirect_to :back
redirect_back(fallback_location: root_path)
end
end
end

View file

@ -5,7 +5,7 @@ module Api
def cors_preflight_check
set_access_control_headers
render text: ''
render plain: ''
end
def set_access_control_headers

View file

@ -30,6 +30,8 @@ module Api
raise "Invalid status #{params[:status]}"
end
auction.mark_deadline(params[:registration_deadline]) if params[:registration_deadline]
if auction.payment_not_received? || auction.domain_not_registered?
update_whois_from_auction(Auction.pending(auction.domain))
else

View file

@ -1,8 +1,8 @@
require 'rails5_api_controller_backport'
module Api
module V1
class BaseController < ActionController::API
rescue_from ActiveRecord::RecordNotFound, with: :not_found_error
private
def authenticate
@ -10,6 +10,12 @@ module Api
head :unauthorized unless ip_allowed
end
def not_found_error
uuid = params['uuid']
json = { error: 'Not Found', uuid: uuid, message: 'Record not found' }
render json: json, status: :not_found
end
def allowed_ips
ENV['auction_api_allowed_ips'].split(',').map(&:strip)
end

View file

@ -1,4 +1,3 @@
require 'rails5_api_controller_backport'
require 'auth_token/auth_token_creator'
module Api
@ -16,7 +15,7 @@ module Api
end
def eid
user = RegistrantUser.find_or_create_by_api_data(eid_params)
user = RegistrantUser.find_or_create_by_api_data(eid_params.to_h)
token = create_token(user)
if token

View file

@ -1,4 +1,3 @@
require 'rails5_api_controller_backport'
require 'auth_token/auth_token_decryptor'
module Api
@ -45,7 +44,7 @@ module Api
# This controller does not inherit from ApplicationController,
# so user_for_paper_trail method is not usable.
def set_paper_trail_whodunnit
::PaperTrail.whodunnit = current_registrant_user.id_role_username
::PaperTrail.request.whodunnit = current_registrant_user.id_role_username
end
def show_not_found_error

View file

@ -1,9 +1,10 @@
class ApplicationController < ActionController::Base
check_authorization unless: :devise_controller?
before_action :set_paper_trail_whodunnit
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
protect_from_forgery with: :exception, prepend: true
before_action do
resource = controller_name.singularize.to_sym
@ -32,4 +33,4 @@ class ApplicationController < ActionController::Base
def available_languages
{ en: 'English', et: 'Estonian' }.invert
end
end
end

View file

@ -1,9 +1,8 @@
module Epp
class BaseController < ActionController::Base
class AuthorizationError < StandardError; end
check_authorization
skip_before_action :verify_authenticity_token
check_authorization
layout false
before_action :ensure_session_id_passed
@ -11,7 +10,7 @@ module Epp
before_action :latin_only
before_action :validate_against_schema
before_action :validate_request
before_action :update_epp_session, if: 'signed_in?'
before_action :update_epp_session, if: -> { signed_in? }
around_action :wrap_exceptions
@ -21,6 +20,7 @@ module Epp
rescue_from StandardError, with: :respond_with_command_failed_error
rescue_from AuthorizationError, with: :respond_with_authorization_error
rescue_from ActiveRecord::RecordNotFound, with: :respond_with_object_does_not_exist_error
before_action :set_paper_trail_whodunnit
protected
@ -119,7 +119,7 @@ module Epp
end
def render_epp_response(*args)
@response = render_to_string(*args, formats: 'xml')
@response = render_to_string(*args, formats: [:xml])
render xml: @response
write_to_epp_log
end
@ -395,7 +395,12 @@ module Epp
end
def log_exception(exception)
logger.error(([exception.message] + exception.backtrace).join($INPUT_RECORD_SEPARATOR))
notify_airbrake(exception)
end
def user_for_paper_trail
current_user ? current_user.id_role_username : 'anonymous'
end
end
end

View file

@ -1,3 +1,5 @@
require 'deserializers/xml/contact_update'
module Epp
class ContactsController < BaseController
before_action :find_contact, only: [:info, :update, :delete]
@ -43,9 +45,14 @@ module Epp
def update
authorize! :update, @contact, @password
frame = params[:parsed_frame]
collected_data = ::Deserializers::Xml::ContactUpdate.new(params[:parsed_frame])
action = Actions::ContactUpdate.new(@contact,
collected_data.contact,
collected_data.legal_document,
collected_data.ident,
current_user)
if @contact.update_attributes(frame, current_user)
if action.call
if !address_processing? && address_given?
@response_code = 1100
@response_description = t('epp.contacts.completed_without_address')

View file

@ -2,6 +2,7 @@ module Epp
class DomainsController < BaseController
before_action :find_domain, only: %i[info renew update transfer delete]
before_action :find_password, only: %i[info update transfer delete]
before_action :set_paper_trail_whodunnit
def info
authorize! :info, @domain
@ -91,7 +92,7 @@ module Epp
status: Auction.statuses[:payment_received])
active_auction.domain_registered!
end
Dispute.close_by_domain(@domain.name)
render_epp_response '/epp/domains/create'
else
handle_errors(@domain)
@ -102,21 +103,17 @@ module Epp
def update
authorize! :update, @domain, @password
if @domain.update(params[:parsed_frame], current_user)
if @domain.epp_pending_update.present?
render_epp_response '/epp/domains/success_pending'
else
render_epp_response '/epp/domains/success'
end
else
handle_errors(@domain)
end
updated = @domain.update(params[:parsed_frame], current_user)
(handle_errors(@domain) && return) unless updated
pending = @domain.epp_pending_update.present?
render_epp_response "/epp/domains/success#{'_pending' if pending}"
end
def delete
authorize! :delete, @domain, @password
handle_errors(@domain) and return unless @domain.can_be_deleted?
(handle_errors(@domain) && return) unless @domain.can_be_deleted?
if @domain.epp_destroy(params[:parsed_frame], current_user.id)
if @domain.epp_pending_delete.present?
@ -240,7 +237,7 @@ module Epp
mutually_exclusive 'keyData', 'dsData'
@prefix = nil
requires 'extension > extdata > legalDocument'
requires 'extension > extdata > legalDocument' if current_user.legaldoc_mandatory?
optional_attribute 'period', 'unit', values: %w(d m y)
@ -249,7 +246,7 @@ module Epp
def validate_update
if element_count('update > chg > registrant') > 0
requires 'extension > extdata > legalDocument'
requires 'extension > extdata > legalDocument' if current_user.legaldoc_mandatory?
end
@prefix = 'update > update >'
@ -259,8 +256,6 @@ module Epp
end
def validate_delete
requires 'extension > extdata > legalDocument'
@prefix = 'delete > delete >'
requires 'name'
end
@ -311,6 +306,7 @@ module Epp
def status_editing_disabled
return true if Setting.client_status_editing_enabled
return true if check_client_hold
return true if params[:parsed_frame].css('status').empty?
epp_errors << {
code: '2306',
@ -318,6 +314,11 @@ module Epp
}
end
def check_client_hold
statuses = params[:parsed_frame].css('status').map { |element| element['s'] }
statuses == [::DomainStatus::CLIENT_HOLD]
end
def balance_ok?(operation, period = nil, unit = nil)
@domain_pricelist = @domain.pricelist(operation, period.try(:to_i), unit)
if @domain_pricelist.try(:price) # checking if price list is not found

View file

@ -1,6 +1,7 @@
module Epp
class SessionsController < BaseController
skip_authorization_check only: [:hello, :login, :logout]
before_action :set_paper_trail_whodunnit
def hello
render_epp_response('greeting')
@ -29,7 +30,8 @@ module Epp
end
if !Rails.env.development? && (!webclient_request && @api_user)
unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
request.env['HTTP_SSL_CLIENT_S_DN_CN'])
epp_errors << {
msg: 'Authentication error; server closing connection (certificate is not valid)',
code: '2501'

View file

@ -1,10 +1,12 @@
class Registrant::ContactsController < RegistrantController
helper_method :domain
helper_method :fax_enabled?
helper_method :domain_filter_params
skip_authorization_check only: %i[edit update]
before_action :set_contact, only: [:show]
def show
@contact = current_user_contacts.find(params[:id])
@requester_contact = Contact.find_by(ident: current_registrant_user.ident)
authorize! :read, @contact
end
@ -29,6 +31,13 @@ class Registrant::ContactsController < RegistrantController
private
def set_contact
id = params[:id]
contact = domain.contacts.find_by(id: id) || current_user_contacts.find_by(id: id)
contact ||= Contact.find_by(id: id, ident: domain.registrant.ident)
@contact = contact
end
def domain
current_user_domains.find(params[:domain_id])
end
@ -99,4 +108,8 @@ class Registrant::ContactsController < RegistrantController
http.request(request)
end
end
def domain_filter_params
params.permit(:domain_filter)
end
end

View file

@ -4,6 +4,7 @@ class Registrant::DomainDeleteConfirmsController < RegistrantController
def show
return if params[:confirmed] || params[:rejected]
@domain = Domain.find(params[:id])
@domain = nil unless @domain.registrant_delete_confirmable?(params[:token])
end
@ -16,28 +17,28 @@ class Registrant::DomainDeleteConfirmsController < RegistrantController
end
@registrant_verification = RegistrantVerification.new(domain_id: @domain.id,
domain_name: @domain.name,
verification_token: params[:token])
initiator = current_registrant_user ? current_registrant_user.username :
t(:user_not_authenticated)
if params[:rejected]
if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}")
flash[:notice] = t(:registrant_domain_verification_rejected)
redirect_to registrant_domain_delete_confirm_path(@domain.id, rejected: true)
else
flash[:alert] = t(:registrant_domain_delete_rejected_failed)
return render 'show'
end
elsif params[:confirmed]
if @registrant_verification.domain_registrant_delete_confirm!("email link #{initiator}")
flash[:notice] = t(:registrant_domain_verification_confirmed)
redirect_to registrant_domain_delete_confirm_path(@domain.id, confirmed: true)
else
flash[:alert] = t(:registrant_domain_delete_confirmed_failed)
return render 'show'
end
confirmed = params[:confirmed] ? true : false
action = if confirmed
@registrant_verification.domain_registrant_delete_confirm!("email link #{initiator}")
else
@registrant_verification.domain_registrant_delete_reject!("email link #{initiator}")
end
fail_msg = t("registrant_domain_delete_#{confirmed ? 'confirmed' : 'rejected'}_failed".to_sym)
success_msg = t("registrant_domain_verification_#{confirmed ? 'confirmed' : 'rejected'}".to_sym)
flash[:alert] = action ? success_msg : fail_msg
(render 'show' && return) unless action
if confirmed
redirect_to registrant_domain_delete_confirm_path(@domain.id, confirmed: true)
else
redirect_to registrant_domain_delete_confirm_path(@domain.id, rejected: true)
end
end
end

View file

@ -16,7 +16,6 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
end
@registrant_verification = RegistrantVerification.new(domain_id: @domain.id,
domain_name: @domain.name,
verification_token: params[:token])
initiator = current_registrant_user ? current_registrant_user.username :
@ -32,6 +31,8 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
end
elsif params[:confirmed]
if @registrant_verification.domain_registrant_change_confirm!("email link, #{initiator}")
Dispute.close_by_domain(@domain.name) if @domain.disputed?
flash[:notice] = t(:registrant_domain_verification_confirmed)
redirect_to registrant_domain_update_confirm_path(@domain.id, confirmed: true)
else

View file

@ -76,4 +76,4 @@ class Registrant::DomainsController < RegistrantController
params.require(:q).permit(:name_matches, :registrant_ident_eq, :valid_to_gteq, :valid_to_lteq,
:results_per_page)
end
end
end

View file

@ -1,5 +1,6 @@
class RegistrantController < ApplicationController
before_action :authenticate_registrant_user!
before_action :set_paper_trail_whodunnit
layout 'registrant/application'
include Registrant::ApplicationHelper
@ -33,4 +34,4 @@ class RegistrantController < ApplicationController
flash.now[:notice] = t('registrant.company_register_unavailable')
current_registrant_user.direct_domains
end
end
end

View file

@ -6,6 +6,7 @@ class Registrar
before_action :check_ip_restriction
helper_method :depp_controller?
helper_method :head_title_sufix
before_action :set_paper_trail_whodunnit
protected

View file

@ -3,6 +3,7 @@ class Registrar
before_action :init_epp_contact
helper_method :address_processing?
helper_method :ident_types
helper_method :domain_filter_params
def index
authorize! :view, Depp::Contact
@ -16,12 +17,13 @@ class Registrar
search_params[:registrant_domains_id_not_null] = 1
end
if params[:statuses_contains]
contacts = current_registrar_user.registrar.contacts.includes(:registrar).where(
"contacts.statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
)
else
contacts = current_registrar_user.registrar.contacts.includes(:registrar)
contacts = current_registrar_user.registrar.contacts.includes(:registrar)
status_list = params[:statuses_contains]
if status_list
contacts_ids = contacts.select { |c| (c.statuses & status_list.to_a) == status_list.to_a }
.map(&:id)
contacts = contacts.where(id: contacts_ids)
end
normalize_search_parameters do
@ -68,7 +70,7 @@ class Registrar
def create
authorize! :create, Depp::Contact
@contact = Depp::Contact.new(params[:depp_contact])
@contact = Depp::Contact.new(contact_params)
if @contact.save
redirect_to registrar_contact_url(@contact.id)
@ -79,9 +81,9 @@ class Registrar
def update
authorize! :edit, Depp::Contact
@contact = Depp::Contact.new(params[:depp_contact])
@contact = Depp::Contact.new(contact_params)
if @contact.update_attributes(params[:depp_contact])
if @contact.update_attributes(contact_params)
redirect_to registrar_contact_url(@contact.id)
else
render 'edit'
@ -95,7 +97,7 @@ class Registrar
def destroy
authorize! :delete, Depp::Contact
@contact = Depp::Contact.new(params[:depp_contact])
@contact = Depp::Contact.new(contact_params_for_delete)
if @contact.delete
redirect_to registrar_contacts_url, notice: t(:destroyed)
@ -104,6 +106,12 @@ class Registrar
end
end
protected
def domain_filter_params
params.permit(:domain_filter)
end
private
def init_epp_contact
@ -131,5 +139,22 @@ class Registrar
def ident_types
Contact::Ident.types
end
def contact_params
params.require(:depp_contact).permit(:id,
:name,
:email,
:phone,
:org_name,
:ident, :ident_type, :ident_country_code,
:street, :city, :zip, :state, :country_code,
:password,
:legal_document,
:code)
end
def contact_params_for_delete
params.require(:depp_contact).permit(:id, :password, :legal_document)
end
end
end

View file

@ -6,7 +6,7 @@ class Registrar
raise 'Cannot switch to unlinked user' unless current_registrar_user.linked_with?(new_user)
sign_in(:registrar_user, new_user)
redirect_to :back, notice: t('.switched', new_user: new_user)
redirect_back(fallback_location: root_path, notice: t('.switched', new_user: new_user))
end
private

View file

@ -2,16 +2,17 @@ class Registrar
class DomainsController < DeppController
before_action :init_domain, except: :new
helper_method :contacts
helper_method :search_params
def index
authorize! :view, Depp::Domain
params[:q] ||= {}
params[:q].delete_if { |_k, v| v.blank? }
if params[:q].length == 1 && params[:q][:name_matches].present?
@domain = Domain.find_by(name: params[:q][:name_matches])
if @domain
redirect_to info_registrar_domains_url(domain_name: @domain.name) and return
if search_params.to_h.delete_if { |_key, value| value.blank? }.length == 1 &&
search_params[:name_matches].present?
domain = Domain.find_by(name: search_params[:name_matches])
if domain
redirect_to info_registrar_domains_url(domain_name: domain.name) and return
end
end
@ -24,15 +25,15 @@ class Registrar
end
normalize_search_parameters do
@q = domains.search(params[:q])
@q = domains.search(search_params)
@domains = @q.result.page(params[:page])
if @domains.count == 0 && params[:q][:name_matches] !~ /^%.+%$/
# if we do not get any results, add wildcards to the name field and search again
n_cache = params[:q][:name_matches]
params[:q][:name_matches] = "%#{params[:q][:name_matches]}%"
@q = domains.search(params[:q])
# if we do not get any results, add wildcards to the name field and search again
if @domains.count == 0 && search_params[:name_matches] !~ /^%.+%$/
new_search_params = search_params.to_h
new_search_params[:name_matches] = "%#{new_search_params[:name_matches]}%"
@q = domains.search(new_search_params)
@domains = @q.result.page(params[:page])
params[:q][:name_matches] = n_cache # we don't want to show wildcards in search form
end
end
@ -58,6 +59,7 @@ class Registrar
def info
authorize! :info, Depp::Domain
@data = @domain.info(params[:domain_name]) if params[:domain_name]
@client_holded = client_holded(@data)
if response_ok?
render 'info'
else
@ -84,7 +86,7 @@ class Registrar
def create
authorize! :create, Depp::Domain
@domain_params = params[:domain]
@domain_params = domain_params.to_h
@data = @domain.create(@domain_params)
if response_ok?
@ -98,12 +100,14 @@ class Registrar
authorize! :update, Depp::Domain
@data = @domain.info(params[:domain_name])
@domain_params = Depp::Domain.construct_params_from_server_data(@data)
@dispute = Dispute.active.find_by(domain_name: params[:domain_name])
end
def update
authorize! :update, Depp::Domain
@domain_params = params[:domain]
@data = @domain.update(@domain_params)
@dispute = Dispute.active.find_by(domain_name: @domain_params[:name])
if response_ok?
redirect_to info_registrar_domains_url(domain_name: @domain_params[:name])
@ -152,29 +156,60 @@ class Registrar
render json: scope.pluck(:name, :code).map { |c| { display_key: "#{c.second} #{c.first}", value: c.second } }
end
def remove_hold
authorize! :remove_hold, Depp::Domain
return unless params[:domain_name]
@data = @domain.remove_hold(params)
flash[:alert] = @data.css('msg').text unless response_ok?
redirect_to info_registrar_domains_url(domain_name: params[:domain_name])
end
private
def init_domain
@domain = Depp::Domain.new(current_user: depp_current_user)
end
def client_holded(data)
data.css('status')&.map { |element| element.attribute('s').value }
&.any? { |status| status == DomainStatus::CLIENT_HOLD }
end
def contacts
current_registrar_user.registrar.contacts
end
def normalize_search_parameters
ca_cache = params[:q][:valid_to_lteq]
ca_cache = search_params[:valid_to_lteq]
begin
end_time = params[:q][:valid_to_lteq].try(:to_date)
params[:q][:valid_to_lteq] = end_time.try(:end_of_day)
end_time = search_params[:valid_to_lteq].try(:to_date)
search_params[:valid_to_lteq] = end_time.try(:end_of_day)
rescue
logger.warn('Invalid date')
end
yield
params[:q][:valid_to_lteq] = ca_cache
search_params[:valid_to_lteq] = ca_cache
end
def search_params
params.fetch(:q, {}).permit(:name_matches,
:registrant_ident_eq,
:contacts_ident_eq,
:nameservers_hostname_eq,
:valid_to_gteq,
:valid_to_lteq,
:s)
end
def domain_params
params.require(:domain).permit(:name, :period, :registrant, :registrant_helper, :reserved_pw,
:verified, :legal_document, contacts_attributes: {},
nameservers_attributes: {},
dnskeys_attributes: {})
end
end
end

View file

@ -5,48 +5,51 @@ class Registrar
skip_authorization_check # actually anyone can pay, no problems at all
skip_before_action :authenticate_registrar_user!, :check_ip_restriction,
only: [:back, :callback]
before_action :check_supported_payment_method
before_action :check_supported_payment_method, only: [:pay]
def pay
invoice = Invoice.find(params[:invoice_id])
bank = params[:bank]
opts = {
return_url: registrar_return_payment_with_url(
bank, invoice_id: invoice
),
response_url: registrar_response_payment_with_url(
bank, invoice_id: invoice
)
}
@payment = ::PaymentOrders.create_with_type(bank, invoice, opts)
@payment.create_transaction
channel = params[:bank]
@payment_order = PaymentOrder.new_with_type(type: channel, invoice: invoice)
@payment_order.save
@payment_order.reload
@payment_order.return_url = registrar_return_payment_with_url(@payment_order)
@payment_order.response_url = registrar_response_payment_with_url(@payment_order)
@payment_order.save
@payment_order.reload
end
def back
invoice = Invoice.find(params[:invoice_id])
opts = { response: params }
@payment = ::PaymentOrders.create_with_type(params[:bank], invoice, opts)
if @payment.valid_response_from_intermediary? && @payment.settled_payment?
@payment.complete_transaction
@payment_order = PaymentOrder.find_by!(id: params[:payment_order])
@payment_order.update!(response: params.to_unsafe_h)
if invoice.paid?
flash[:notice] = t(:pending_applied)
if @payment_order.payment_received?
@payment_order.complete_transaction
if @payment_order.invoice.paid?
flash[:notice] = t('.payment_successful')
else
flash[:alert] = t(:something_wrong)
flash[:alert] = t('.successful_payment_backend_error')
end
else
flash[:alert] = t(:something_wrong)
@payment_order.create_failure_report
flash[:alert] = t('.payment_not_received')
end
redirect_to registrar_invoice_path(invoice)
redirect_to registrar_invoice_path(@payment_order.invoice)
end
def callback
invoice = Invoice.find(params[:invoice_id])
opts = { response: params }
@payment = ::PaymentOrders.create_with_type(params[:bank], invoice, opts)
@payment_order = PaymentOrder.find_by!(id: params[:payment_order])
@payment_order.update!(response: params.to_unsafe_h)
if @payment.valid_response_from_intermediary? && @payment.settled_payment?
@payment.complete_transaction
if @payment_order.payment_received?
@payment_order.complete_transaction
else
@payment_order.create_failure_report
end
render status: 200, json: { status: 'ok' }
@ -55,13 +58,9 @@ class Registrar
private
def check_supported_payment_method
return if supported_payment_method?
raise StandardError.new("Not supported payment method")
end
return if PaymentOrder.supported_method?(params[:bank], shortname: true)
def supported_payment_method?
PaymentOrders::PAYMENT_METHODS.include?(params[:bank])
raise(StandardError, 'Not supported payment method')
end
end
end

View file

@ -31,7 +31,8 @@ class Registrar
end
if @depp_user.pki
unless @api_user.registrar_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
request.env['HTTP_SSL_CLIENT_S_DN_CN'], api: false)
@depp_user.errors.add(:base, :invalid_cert)
end
end
@ -55,7 +56,7 @@ class Registrar
ip_allowed = restricted_ip.can_access_registrar_area?(resource.registrar)
unless ip_allowed
render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
render plain: t('registrar.authorization.ip_not_allowed', ip: request.ip)
warden.logout(:registrar_user)
return
end
@ -171,7 +172,7 @@ class Registrar
return if allowed
render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
render plain: t('registrar.authorization.ip_not_allowed', ip: request.ip)
end
def current_ability
@ -205,4 +206,4 @@ class Registrar
redirect_to new_registrar_user_session_url, alert: @depp_user.errors.full_messages.first
end
end
end
end

View file

@ -19,7 +19,7 @@ class Registrar
xml_dir_path = Rails.root + 'app/views/registrar/xml_consoles/epp_requests'
xml = File.read("#{xml_dir_path}/#{params[:obj]}/#{params[:epp_action]}.xml")
xml.gsub!('<clTRID>ABC-12345</clTRID>', "<clTRID>#{cl_trid}</clTRID>")
render text: xml
render plain: xml
end
end
end

View file

@ -0,0 +1,23 @@
module Repp
module V1
class AuctionsController < ActionController::API
def index
auctions = Auction.started
render json: { count: auctions.count,
auctions: auctions_to_json(auctions) }
end
private
def auctions_to_json(auctions)
auctions.map do |e|
{
domain_name: e.domain,
punycode_domain_name: SimpleIDN.to_ascii(e.domain),
}
end
end
end
end
end

View file

@ -0,0 +1,15 @@
module Repp
module V1
class RetainedDomainsController < ActionController::API
def index
domains = RetainedDomains.new(query_params)
render json: { count: domains.count, domains: domains.to_jsonable }
end
def query_params
params.permit(:type)
end
end
end
end