Merge branch 'master' into log-error-when-cert-path-is-missing

.codeclimate.yml

@@ -23,12 +23,15 @@ plugins:
   rubocop:
     enabled: true
     channel: rubocop-0-74
+checks:
+  method-lines:
+    config:
+      threshold: 40
 exclude_patterns:
   - "app/models/version/"
   - "bin/"
   - "config/"
   - "db/"
-  - "lib/action_controller/"
   - "lib/core_monkey_patches/"
   - "lib/daemons/"
   - "lib/gem_monkey_patches/"

.ruby-version

@@ -1 +1 @@
-2.4.7
+2.6.5

.travis.yml

@@ -1,11 +1,7 @@
 language: ruby
-rvm:
-  - 2.4
-  - 2.5
 cache: bundler
 env:
   - DB=postgresql
-bundler_args: --without development staging production
 before_install:
   - "wget -N http://chromedriver.storage.googleapis.com/2.43/chromedriver_linux64.zip -P ~/"
   - "unzip ~/chromedriver_linux64.zip -d ~/"
@@ -13,19 +9,26 @@ before_install:
   - "sudo mv -f ~/chromedriver /usr/local/share/"
   - "sudo chmod +x /usr/local/share/chromedriver"
   - "sudo ln -s /usr/local/share/chromedriver /usr/local/bin/chromedriver"
-  - "gem uninstall -v '>= 2' -i $(rvm gemdir)@global -ax bundler || true"
+  - "bundle config set without 'development staging production'"
-  - "gem install bundler -v '< 2'"
+  - "bundle config set deployment '[secure]'"
 before_script:
   - "cp config/application.yml.sample config/application.yml"
+  - "echo \"openssl_config_path: 'test/fixtures/files/test_ca/openssl.cnf'\" >> config/application.yml"
+  - "echo \"crl_dir:      'test/fixtures/files/test_ca/crl'\" >> config/application.yml"
+  - "echo \"crl_path:     'test/fixtures/files/test_ca/crl/crl.pem'\" >> config/application.yml"
+  - "echo \"ca_cert_path: 'test/fixtures/files/test_ca/certs/ca.crt.pem'\" >> config/application.yml"
+  - "echo \"ca_key_path:  'test/fixtures/files/test_ca/private/ca.key.pem'\" >> config/application.yml"
+  - "echo \"ca_key_password: 'password'\" >> config/application.yml"
   - "cp config/database_travis.yml config/database.yml"
   - "bundle exec rake db:setup:all"
+  - "bundle exec rake data:migrate"
   - "curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter"
   - "chmod +x ./cc-test-reporter"
   - "./cc-test-reporter before-build"
-script:
-  - "bundle exec rake test"
 after_script:
   - "./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT"
+script:
+  - "bundle exec rails test test/*"
 services:
   - postgresql
 addons:

CHANGELOG.md

@@ -1,3 +1,259 @@
+14.08.2020
+* Added handling of second lvl zoness managed by the registry in whois records [#1661](https://github.com/internetee/registry/issues/1661)
+
+13.08.2020
+* Removed keystore gem and replaced LHV JKS with PKCS12 [#1645](https://github.com/internetee/registry/issues/1645)
+
+11.08.2020
+* Fixed postal address saving bug with disabled address processing [#1650](https://github.com/internetee/registry/issues/1650)
+
+07.08.2020
+* Restored creator and updator strings to contacts and related object records [#1636](https://github.com/internetee/registry/issues/1636)
+* Security gem updates: sdoc to 1.1 and json to 2.3.1 [#1657](https://github.com/internetee/registry/pull/1657)
+
+04.08.2020
+* Fixed registrant verification for domain delete [#1631](https://github.com/internetee/registry/issues/1631)
+* Fixed domain transfer issue when one person was present in the same role more than once (different objects) [#1651](https://github.com/internetee/registry/issues/1651)
+
+03.08.2020
+* Fixed 0 vat issue with invoices sent to Directo [#1647](https://github.com/internetee/registry/issues/1647)
+
+17.07.2020
+* Added turemail gem for validating email addresses syntactically and on MX record level [#297](https://github.com/internetee/registry/issues/297)
+
+15.07.2020
+* Reapplied race condition fix after fixing the data in prod env [#1612](https://github.com/internetee/registry/issues/1612)
+
+07.07.2020
+* Fixed legaldoc validation [#1634](https://github.com/internetee/registry/issues/1634)
+* Disabled collection cashe versioning [#1637](https://github.com/internetee/registry/pull/1637)
+
+03.07.2020
+* 1-character domains are now valid but blocked by default [#1625](https://github.com/internetee/registry/issues/1625)
+
+02.07.2020
+* Adding legaldoc to domain:delete is now optional [#1624](https://github.com/internetee/registry/issues/1624)
+* Setting to make legaldoc functionality optional [#1623](https://github.com/internetee/registry/issues/1623)
+
+01.07.2020
+* Reverted race condition fix due to data issues in production (#1612) [#1622](https://github.com/internetee/registry/pull/1622)
+* Added legaldoc opt-out option for approved registrars [#1620](https://github.com/internetee/registry/issues/1620)
+
+29.06.2020
+* Bumped rack to 2.2.3 [#1618](https://github.com/internetee/registry/pull/1618)
+* Actionpack security update to 6.0.3.2 [#1619](https://github.com/internetee/registry/pull/1619)
+
+26.06.2020
+* Fixed race condition in domain update by adding new db constratints [#1612](https://github.com/internetee/registry/issues/1612)
+* Refactored contact validation [#1617](https://github.com/internetee/registry/pull/1617)
+
+19.06.2020
+* Regsitrant API returns now DNSSEC info [#1613](https://github.com/internetee/registry/pull/1613)
+* Updated domain expiration email notification texts [#1614](https://github.com/internetee/registry/pull/1614)
+
+15.06.2020
+* Added contact email to registrant API [#1611](https://github.com/internetee/registry/pull/1611)
+
+12.06.2020
+* Extracted Xml deserializing from EPP Contact and Domain classes [#1601](https://github.com/internetee/registry/pull/1601)
+* Fixed whois data update issue with child object updates [#1604](https://github.com/internetee/registry/issues/1604)
+
+11.06.2020
+* Auction API returns json on error [#1605](https://github.com/internetee/registry/issues/1605)
+* Fixed account activity index in admin [#1606](https://github.com/internetee/registry/issues/1606)
+
+08.06.2020
+* Bumped websocket-extensions to 0.1.5 [#1602](https://github.com/internetee/registry/pull/1602)
+
+04.06.2020
+* Moved dev config to sample file [#1599](https://github.com/internetee/registry/pull/1599)
+* Post Rails6 upgrade fixes [#1598](https://github.com/internetee/registry/pull/1598)
+
+03.06.2020
+* Upgraded Rails to 6.0.3 [#1593](https://github.com/internetee/registry/pull/1593)
+
+02.06.2020
+* Fixed registration deadline format for whois/restwhois [#1595](https://github.com/internetee/registry/pull/1595)
+
+01.06.2020
+* Improved error handling in case legal doc is not found for downloading [#1452](https://github.com/internetee/registry/issues/1452)
+
+29.05.2020
+* Bump kaminari to 1.2.1 [#1592](https://github.com/internetee/registry/pull/1592)
+
+28.05.2020
+* REPP returns list of disputed domains [#1588](https://github.com/internetee/registry/issues/1588)
+* Updated Directo gem [#1590](https://github.com/internetee/registry/pull/1590)
+* Updated LHV gem [#1591](https://github.com/internetee/registry/pull/1591)
+
+25.05.2020
+* Fixed registrant change verification bug for disputed domains [#1586](https://github.com/internetee/registry/issues/1586)
+
+22.05.2020
+* New solution for managing domains with effective dispute commitee decision [#269](https://github.com/internetee/registry/issues/269)
+* Bump puma from 4.3.5 [#1585](https://github.com/internetee/registry/pull/1585)
+* Run all CI tests [#1584](https://github.com/internetee/registry/pull/1584)
+
+21.05.2020
+* Fixed contact view access bug in registrant [#1527](https://github.com/internetee/registry/pull/1527)
+* REPP returns list of domains currently at auction [#1582](https://github.com/internetee/registry/pull/1582)
+
+18.05.2020
+* REPP returns list of reserved and blocked domains [#1569](https://github.com/internetee/registry/issues/1569)
+
+14.05.2020
+* Deleted certificates are now revoked first [#952](https://github.com/internetee/registry/issues/952)
+
+11.05.2020
+* Auction process due dates are now available over whois and rest-whois [#1201](https://github.com/internetee/registry/issues/1201)
+
+30.04.2020
+* Fix for internal error on opening domain history with legacy id record [#1576](https://github.com/internetee/registry/issues/1576)
+
+27.04.2020
+* Downgrade SimpleCov to 0.17 due to incompatibiilty with CodeClimate [#1575](https://github.com/internetee/registry/pull/1575)
+
+17.04.2020
+* Webinterfaces have now clickable version string pointing to the latest deployed commit in github [#1345](https://github.com/internetee/registry/pull/1345)
+
+15.04.2020
+* Updated Rails to 5.2 and fixed acitionview security issue [#1568](https://github.com/internetee/registry/issues/1568) 
+
+25.03.2020
+* Implemented Directo gem [#1547](https://github.com/internetee/registry/pull/1547)
+
+11.03.2020
+* Fixed glue record issues when using 2nd level domain as host [#1562](https://github.com/internetee/registry/issues/1562)
+
+10.03.2020
+* Updated lhv, e-invoice & company_register gem due to security updates [#1564](https://github.com/internetee/registry/pull/1564)
+
+06.03.2020
+* Record payment method and failed payments [#1422](https://github.com/internetee/registry/issues/1422)
+
+04.03.2020
+* Bump Puma to 4.3.3 [#1557](https://github.com/internetee/registry/pull/1557)
+
+03.03.2020
+* Admin: fixed import of th6 bank statement [#1551](https://github.com/internetee/registry/issues/1551)
+
+02.03.2020
+* Registrar: fixed statuses based contact filtering [#1004](https://github.com/internetee/registry/issues/1004)
+
+28.02.2020
+* Registrar: fixed account switching [#1535](https://github.com/internetee/registry/issues/1535)
+
+27.02.2020
+* Registrar: fixed the verified checkbox bug that did not change the element value to yes in epp request [#1540](https://github.com/internetee/registry/issues/1540)
+* Ruby version update to 2.6.5 [#1545](https://github.com/internetee/registry/pull/1545)
+
+26.02.2020
+* Registrar: added an option to remove clientHold status [#1481](https://github.com/internetee/registry/issues/1481)
+* Admin: fixed domain status removal issue [#1543](https://github.com/internetee/registry/issues/1543)
+* Implemented consistent and automated data migrations [#1298](https://github.com/internetee/registry/issues/1298)
+
+20.02.2020
+* E-invoice sending to Que to manage resending in case of an error [#1509](https://github.com/internetee/registry/issues/1509)
+* Check to make sure all monthly invoices fit in available invoice number range [#277](https://github.com/internetee/registry/issues/277)
+* Disabled aurbreak performance monitoring [#1534](https://github.com/internetee/registry/pull/1534)
+
+14.02.2020
+* Fixed Papertrail warnings [#1530](https://github.com/internetee/registry/issues/1530)
+
+12.02.2020
+* Fixed papertrails double recording issue [#1526](https://github.com/internetee/registry/issues/1526)
+* Requests to Directo are now saved for both credit and monthly invoices [#344](https://github.com/internetee/registry/issues/344)
+
+10.02.2020
+* Resolved Money gem deprecation warning and silenced all warnings due plan to replace papertrail [#1522](https://github.com/internetee/registry/pull/1522)
+
+06.02.2020
+* Permit & turn ActiveController::Parameters to hash on domain create [#1516](https://github.com/internetee/registry/issues/1516)
+
+05.02.2020
+* Ruby version upgrade to 2.6.3 [#846](https://github.com/internetee/registry/issues/846)
+* Added retries & raise to connect api to handle timeouts [#1474](https://github.com/internetee/registry/issues/1474)
+* Added logging of XML if there is NoMethodError#text on xml data fields [#1475](https://github.com/internetee/registry/issues/1475)
+
+04.02.2020
+* Fixed bug that allowed bypassing blocked domain validation using punycode [#1142](https://github.com/internetee/registry/issues/1142)
+* SimpleIDN gem update to 0.0.9 [#1508](https://github.com/internetee/registry/pull/1508)
+
+31.01.2020
+* Instant payments marks specific invoice as paid [#1500](https://github.com/internetee/registry/issues/1500)
+* Sending invoice payment date to accounting [#1416](https://github.com/internetee/registry/issues/1416)
+
+29.01.2020
+* Fixed the invoice binding bug where process failed if registrar tried to load a sum that they have used before [#1496](https://github.com/internetee/registry/issues/1496)
+
+28.01.2020
+* Registrar: fixed sorting of domain view [#1461](https://github.com/internetee/registry/issues/1461)
+* clientHold status is now set once instead of resetting it every time the job is run [#1480](https://github.com/internetee/registry/issues/1480)
+
+27.01.2020
+* Admin: fixed history view for domains with legacy id [#1489](https://github.com/internetee/registry/issues/1489)
+
+23.01.2020
+* Payment invoice matching by looking for ref nr in description field [#1415](https://github.com/internetee/registry/issues/1415)
+
+22.01.2020
+* ForceDelete poll messages with outzone and purge dates [#1478](https://github.com/internetee/registry/issues/1478)
+
+21.01.2020
+* Registrant change cancels automatically force delete process [#1479](https://github.com/internetee/registry/issues/1479)
+
+20.01.2020
+* ForceDelete email notifications are sent to all contacts + info and domain@domain [#1477](https://github.com/internetee/registry/issues/1477)
+
+18.01.2020
+* New ForceDelete procedure [#1428](https://github.com/internetee/registry/issues/1428)
+
+16.01.2020
+* Added tests for registrant verification [#1430](https://github.com/internetee/registry/pull/1430)
+
+14.01.2020
+* removed authinfo element from contact:info response for non-sponsoring registrars [#1446](https://github.com/internetee/registry/issues/1446)
+
+13.01.2020
+* resolved internal error on registrant confirmation [#1468](https://github.com/internetee/registry/issues/1468)
+
+10.01.2020
+* updated ForceDelete email templates according new regulation [#1466](https://github.com/internetee/registry/issues/1466) 
+* regenerated WHOIS db schema [#1436](https://github.com/internetee/registry/pull/1436)
+
+09.01.2020
+* serverForceDelete status does not block removing clientHold status [#1462](https://github.com/internetee/registry/pull/1462) 
+
+06.01.2020
+* Updated e-invoice gem [#1456](https://github.com/internetee/registry/pull/1456)
+* Bumped rack gem to 2.0.8 [#1448](https://github.com/internetee/registry/pull/1448)
+
+03.01.2020
+* Added an option for registrars to add and remove clientHold status on domains [#1454](https://github.com/internetee/registry/pull/1454)
+* Fixed contact view internal error in admin [#1458](https://github.com/internetee/registry/issues/1458)
+
+27.12.2019
+* Records in registrant_verifications are now archived by PaperTrail [#1425](https://github.com/internetee/registry/issues/1425)
+
+16.12.2019
+* Bump puma from 4.2.1 to 4.3.1 [#1437](https://github.com/internetee/registry/pull/1437)
+* Refactored API user management [#1435](https://github.com/internetee/registry/pull/1435)
+* Ignoring legacy database columns at ActiveRecord level [#1377](https://github.com/internetee/registry/issues/1377)
+* Removed Ruby version from Travis config and let it use .ruby-version [#1441](https://github.com/internetee/registry/pull/1441)
+* Removed `fill_ident_country` postgresql function as unused [#1439](https://github.com/internetee/registry/pull/1439)
+
+12.12.2019
+* Updated e-invoice gem [#1429](https://github.com/internetee/registry/pull/1429)
+* Upgraded bundler to 2.0.2 [#1433](https://github.com/internetee/registry/pull/1433)
+* Set not null constraint on contact.name db column [#1417](https://github.com/internetee/registry/pull/1417)
+* Removed domain name from registrant_verifications table [#1431](https://github.com/internetee/registry/pull/1431)
+
+19.11.2019
+* Updated Rails to 5.0.7 [#377](https://github.com/internetee/registry/issues/377)
+
+15.11.2019
+* Restored EPP exception logging to syslog [#1371](https://github.com/internetee/registry/issues/1371)
+
 11.11.2019
 * Removed code for displaying errors in nameserver and dnskey data as unused [#1411](https://github.com/internetee/registry/pull/1411)
 

Dockerfile

@@ -1,4 +1,4 @@
-FROM internetee/ruby:2.4
+FROM internetee/ruby:2.6-buster
 
 RUN mkdir -p /opt/webapps/app/tmp/pids
 WORKDIR /opt/webapps/app

Gemfile

@@ -1,15 +1,9 @@
-# Use https only for accessing github
-# https://github.com/bundler/bundler/pull/3447
-git_source(:github) do |repo_name|
-  repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
-  "https://github.com/#{repo_name}.git"
-end if Bundler::VERSION < '2'
-
 source 'https://rubygems.org'
 
 # core
-gem 'iso8601',      '0.8.6' # for dates and times
+gem 'bootsnap', '>= 1.1.0', require: false
-gem 'rails',        '4.2.11.1' # when update, all initializers eis_custom files needs check/update
+gem 'iso8601', '0.12.1' # for dates and times
+gem 'rails', '~> 6.0'
 gem 'rest-client'
 gem 'uglifier'
 
@@ -17,11 +11,13 @@ gem 'uglifier'
 gem 'figaro', '1.1.1'
 
 # model related
-gem 'pg',                        '0.19.0'
+gem 'activerecord-import'
+gem 'paper_trail', '~> 10.3'
+gem 'pg',                        '1.2.2'
 # 1.8 is for Rails < 5.0
-gem 'ransack', '~> 1.8'
+gem 'ransack', '~> 2.3'
+gem 'truemail', '~> 1.7' # validates email by regexp, mail server existence and address existence
 gem 'validates_email_format_of', '1.6.3' # validates email against RFC 2822 and RFC 3696
-gem 'paper_trail', '~> 4.0'
 
 # 0.7.3 is the latest for Rails 4.2, however, it is absent on Rubygems server
 # https://github.com/huacnlee/rails-settings-cached/issues/165
@@ -30,12 +26,12 @@ gem 'nokogiri'
 
 # style
 gem 'bootstrap-sass', '~> 3.4'
-gem 'sass-rails',     '5.0.6'   # sass style
+gem 'coffee-rails', '>= 5.0'
-gem 'coffee-rails', '~> 4.2'
 gem 'jquery-rails'
 gem 'selectize-rails', '0.12.1' # include selectize.js for select
 gem 'kaminari'
 gem 'coderay',          '1.1.0'   # xml console visualize
+gem 'sass-rails'
 gem 'select2-rails',    '3.5.9.3' # for autocomplete
 gem 'cancancan'
 gem 'devise', '~> 4.7'
@@ -43,10 +39,10 @@ gem 'devise', '~> 4.7'
 gem 'grape'
 
 # registry specfic
+gem 'data_migrate', '~> 6.1'
 gem 'isikukood' # for EE-id validation
-gem 'simpleidn', '0.0.7' # For punycode
+gem 'simpleidn', '0.1.1' # For punycode
 gem 'money-rails'
-gem 'data_migrate'
 gem 'whenever', '0.9.4', require: false
 
 # country listing
@@ -66,34 +62,36 @@ gem 'daemons-rails', '1.2.1'
 gem 'que-web'
 gem 'pdfkit'
 gem 'jquery-ui-rails', '5.0.5'
-gem 'active_model-errors_details' # Backport from Rails 5, https://github.com/rails/rails/pull/18322
 gem 'airbrake'
 
 gem 'company_register', github: 'internetee/company_register', branch: :master
 gem 'e_invoice', github: 'internetee/e_invoice', branch: :master
-gem 'lhv', github: 'internetee/lhv', tag: 'v0.1.0'
+gem 'lhv', github: 'internetee/lhv', branch: 'master'
 gem 'domain_name'
 gem 'haml', '~> 5.0'
-gem 'wkhtmltopdf-binary'
+gem 'wkhtmltopdf-binary', '~> 0.12.5.1'
+
+gem 'directo', github: 'internetee/directo', branch: 'master'
 
 group :development do
   # deploy
+  gem 'listen', '3.2.1'
   gem 'mina', '0.3.1' # for fast deployment
 end
 
 group :development, :test do
   gem 'pry', '0.10.1'
-  gem 'sdoc',          '0.4.1'  # bundle exec rake doc:rails generates the API under doc/api.
   gem 'railroady',     '1.3.0'  # to generate database diagrams
   gem 'autodoc'
   gem 'puma'
+  gem 'sdoc', '~> 1.1'
 end
 
 group :test do
   gem 'capybara'
   gem 'database_cleaner'
-  gem 'simplecov', require: false
+  gem 'minitest', '~> 5.14'
+  gem 'simplecov', '0.17.1', require: false # CC last supported v0.17
   gem 'webdrivers'
   gem 'webmock'
-  gem 'minitest', '~> 5.10.0'
 end

Gemfile.lock

@@ -1,15 +1,24 @@
 GIT
   remote: https://github.com/internetee/company_register.git
-  revision: da7130542304fc543c90d54cd037d019a777c526
+  revision: 86d691997aa7def9f86d88f6c92cabb86cd65487
   branch: master
   specs:
     company_register (0.1.0)
       activesupport
       savon
 
+GIT
+  remote: https://github.com/internetee/directo.git
+  revision: 8ff8a382d004ffb85722a6a7a68a020bd4d7159b
+  branch: master
+  specs:
+    directo (1.0.1)
+      money (~> 6.13)
+      nokogiri (~> 1.10)
+
 GIT
   remote: https://github.com/internetee/e_invoice.git
-  revision: 917318bd546322408b83567745375c998619c926
+  revision: b374ffd7be77b559b30c7a0210dc0df5ac3ed723
   branch: master
   specs:
     e_invoice (0.1.0)
@@ -19,15 +28,15 @@ GIT
 
 GIT
   remote: https://github.com/internetee/epp-xml.git
-  revision: 5dd542e67ef26d58365f30e553254d6db809277d
+  revision: 27959f8cb244ea5eabaeeee747984988b454e840
   specs:
     epp-xml (1.1.0)
-      activesupport (~> 4.1)
+      activesupport (>= 4.1)
       builder (~> 3.2)
 
 GIT
   remote: https://github.com/internetee/epp.git
-  revision: 76f9fd487d0ca3865b6f706c5a72703951c03996
+  revision: af7cefda37ac81d14b1d12641cde410776082d59
   branch: master
   specs:
     epp (1.5.0)
@@ -36,11 +45,11 @@ GIT
 
 GIT
   remote: https://github.com/internetee/lhv.git
-  revision: e211516bc5fff2139584d4da41c17511863c229d
+  revision: 1825240b3bf8b262418cc6c8ef7ed1aba386dd7d
-  tag: v0.1.0
+  branch: master
   specs:
     lhv (0.1.0)
-      keystores
+      logger
       nokogiri
 
 GIT
@@ -58,70 +67,87 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    actionmailer (4.2.11.1)
+    actioncable (6.0.3.2)
-      actionpack (= 4.2.11.1)
+      actionpack (= 6.0.3.2)
-      actionview (= 4.2.11.1)
+      nio4r (~> 2.0)
-      activejob (= 4.2.11.1)
+      websocket-driver (>= 0.6.1)
+    actionmailbox (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      activejob (= 6.0.3.2)
+      activerecord (= 6.0.3.2)
+      activestorage (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+      mail (>= 2.7.1)
+    actionmailer (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      actionview (= 6.0.3.2)
+      activejob (= 6.0.3.2)
       mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
-    actionpack (4.2.11.1)
+    actionpack (6.0.3.2)
-      actionview (= 4.2.11.1)
+      actionview (= 6.0.3.2)
-      activesupport (= 4.2.11.1)
+      activesupport (= 6.0.3.2)
-      rack (~> 1.6)
+      rack (~> 2.0, >= 2.0.8)
-      rack-test (~> 0.6.2)
+      rack-test (>= 0.6.3)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (4.2.11.1)
+    actiontext (6.0.3.2)
-      activesupport (= 4.2.11.1)
+      actionpack (= 6.0.3.2)
+      activerecord (= 6.0.3.2)
+      activestorage (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+      nokogiri (>= 1.8.5)
+    actionview (6.0.3.2)
+      activesupport (= 6.0.3.2)
       builder (~> 3.1)
-      erubis (~> 2.7.0)
+      erubi (~> 1.4)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    active_model-errors_details (1.3.1)
+    activejob (6.0.3.2)
-      activemodel (>= 3.2.13, < 5.0.0)
+      activesupport (= 6.0.3.2)
-      activesupport
+      globalid (>= 0.3.6)
-    activejob (4.2.11.1)
+    activemodel (6.0.3.2)
-      activesupport (= 4.2.11.1)
+      activesupport (= 6.0.3.2)
-      globalid (>= 0.3.0)
+    activerecord (6.0.3.2)
-    activemodel (4.2.11.1)
+      activemodel (= 6.0.3.2)
-      activesupport (= 4.2.11.1)
+      activesupport (= 6.0.3.2)
-      builder (~> 3.1)
+    activerecord-import (1.0.5)
-    activerecord (4.2.11.1)
+      activerecord (>= 3.2)
-      activemodel (= 4.2.11.1)
+    activestorage (6.0.3.2)
-      activesupport (= 4.2.11.1)
+      actionpack (= 6.0.3.2)
-      arel (~> 6.0)
+      activejob (= 6.0.3.2)
-    activesupport (4.2.11.1)
+      activerecord (= 6.0.3.2)
-      i18n (~> 0.7)
+      marcel (~> 0.3.1)
+    activesupport (6.0.3.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
+      zeitwerk (~> 2.2, >= 2.2.2)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    airbrake (9.4.3)
+    airbrake (10.0.5)
-      airbrake-ruby (~> 4.6)
+      airbrake-ruby (~> 4.13)
-    airbrake-ruby (4.6.0)
+    airbrake-ruby (4.15.0)
       rbtree3 (~> 0.5)
     akami (1.3.1)
       gyoku (>= 0.4.0)
       nokogiri
-    arel (6.0.4)
+    autodoc (0.7.4)
-    autodoc (0.6.0)
       actionpack
       activesupport (>= 3.0.0)
       rspec
-    autoprefixer-rails (9.4.8)
+    autoprefixer-rails (9.8.4)
       execjs
-    axiom-types (0.1.1)
-      descendants_tracker (~> 0.0.4)
-      ice_nine (~> 0.11.0)
-      thread_safe (~> 0.3, >= 0.3.1)
     bcrypt (3.1.13)
+    bootsnap (1.4.6)
+      msgpack (~> 1.0)
     bootstrap-sass (3.4.1)
       autoprefixer-rails (>= 5.2.1)
       sassc (>= 2.0.0)
-    builder (3.2.3)
+    builder (3.2.4)
-    cancancan (3.0.1)
+    cancancan (3.1.0)
-    capybara (3.29.0)
+    capybara (3.33.0)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
@@ -132,228 +158,262 @@ GEM
     childprocess (3.0.0)
     chronic (0.10.2)
     coderay (1.1.0)
-    coercible (1.0.0)
+    coffee-rails (5.0.0)
-      descendants_tracker (~> 0.0.1)
-    coffee-rails (4.2.2)
       coffee-script (>= 2.2.0)
-      railties (>= 4.0.0)
+      railties (>= 5.2.0)
     coffee-script (2.4.1)
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    concurrent-ruby (1.1.5)
+    concurrent-ruby (1.1.6)
-    countries (3.0.0)
+    countries (3.0.1)
-      i18n_data (~> 0.8.0)
+      i18n_data (~> 0.10.0)
       sixarm_ruby_unaccent (~> 1.1)
       unicode_utils (~> 1.4)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    crass (1.0.5)
+    crass (1.0.6)
-    daemons (1.2.4)
+    daemons (1.3.1)
     daemons-rails (1.2.1)
       daemons
       multi_json (~> 1.0)
-    data_migrate (5.3.2)
+    data_migrate (6.3.0)
-      rails (>= 4.2)
+      rails (>= 5.0)
-    database_cleaner (1.6.1)
+    database_cleaner (1.8.5)
-    descendants_tracker (0.0.4)
+    devise (4.7.2)
-      thread_safe (~> 0.3, >= 0.3.1)
-    devise (4.7.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
-    diff-lcs (1.3)
+    diff-lcs (1.4.4)
     docile (1.3.2)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    equalizer (0.0.11)
+    dry-configurable (0.11.6)
+      concurrent-ruby (~> 1.0)
+      dry-core (~> 0.4, >= 0.4.7)
+      dry-equalizer (~> 0.2)
+    dry-container (0.7.2)
+      concurrent-ruby (~> 1.0)
+      dry-configurable (~> 0.1, >= 0.1.3)
+    dry-core (0.4.9)
+      concurrent-ruby (~> 1.0)
+    dry-equalizer (0.3.0)
+    dry-inflector (0.2.0)
+    dry-logic (1.0.6)
+      concurrent-ruby (~> 1.0)
+      dry-core (~> 0.2)
+      dry-equalizer (~> 0.2)
+    dry-types (1.4.0)
+      concurrent-ruby (~> 1.0)
+      dry-container (~> 0.3)
+      dry-core (~> 0.4, >= 0.4.4)
+      dry-equalizer (~> 0.3)
+      dry-inflector (~> 0.1, >= 0.1.2)
+      dry-logic (~> 1.0, >= 1.0.2)
+    erubi (1.9.0)
     erubis (2.7.0)
     execjs (2.7.0)
-    ffi (1.9.25)
+    ffi (1.13.1)
     figaro (1.1.1)
       thor (~> 0.14)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
-    grape (1.2.3)
+    grape (1.3.3)
       activesupport
       builder
+      dry-types (>= 1.1)
       mustermann-grape (~> 1.0.0)
       rack (>= 1.3.0)
       rack-accept
-      virtus (>= 1.0.0)
     gyoku (1.3.1)
       builder (>= 2.1.2)
     haml (5.1.2)
       temple (>= 0.8.0)
       tilt
-    hashdiff (1.0.0)
+    hashdiff (1.0.1)
     hpricot (0.8.6)
+    http-accept (1.7.0)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
     httpclient (2.8.3)
     httpi (2.4.4)
       rack
       socksify
-    i18n (0.9.5)
+    i18n (1.8.3)
       concurrent-ruby (~> 1.0)
-    i18n_data (0.8.0)
+    i18n_data (0.10.0)
-    ice_nine (0.11.2)
     isikukood (0.1.2)
-    iso8601 (0.8.6)
+    iso8601 (0.12.1)
-    jquery-rails (4.3.5)
+    jquery-rails (4.4.0)
       rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (5.0.5)
       railties (>= 3.2.16)
-    json (1.8.6)
+    json (2.3.1)
-    kaminari (1.1.1)
+    kaminari (1.2.1)
       activesupport (>= 4.1.0)
-      kaminari-actionview (= 1.1.1)
+      kaminari-actionview (= 1.2.1)
-      kaminari-activerecord (= 1.1.1)
+      kaminari-activerecord (= 1.2.1)
-      kaminari-core (= 1.1.1)
+      kaminari-core (= 1.2.1)
-    kaminari-actionview (1.1.1)
+    kaminari-actionview (1.2.1)
       actionview
-      kaminari-core (= 1.1.1)
+      kaminari-core (= 1.2.1)
-    kaminari-activerecord (1.1.1)
+    kaminari-activerecord (1.2.1)
       activerecord
-      kaminari-core (= 1.1.1)
+      kaminari-core (= 1.2.1)
-    kaminari-core (1.1.1)
+    kaminari-core (1.2.1)
-    keystores (0.4.0)
+    libxml-ruby (3.2.0)
-    libxml-ruby (3.1.0)
+    listen (3.2.1)
-    loofah (2.3.1)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    logger (1.4.2)
+    loofah (2.6.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
+    marcel (0.3.3)
+      mimemagic (~> 0.3.2)
     method_source (0.8.2)
-    mime-types (3.1)
+    mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
+    mime-types-data (3.2020.0512)
+    mimemagic (0.3.5)
     mina (0.3.1)
       open4 (~> 1.3.4)
       rake
     mini_mime (1.0.2)
     mini_portile2 (2.4.0)
-    minitest (5.10.3)
+    minitest (5.14.1)
-    monetize (1.9.0)
+    monetize (1.9.4)
       money (~> 6.12)
-    money (6.12.0)
+    money (6.13.8)
-      i18n (>= 0.6.4, < 1.1)
+      i18n (>= 0.6.4, <= 2)
-    money-rails (1.12.0)
+    money-rails (1.13.3)
       activesupport (>= 3.0)
       monetize (~> 1.9.0)
-      money (~> 6.12.0)
+      money (~> 6.13.2)
       railties (>= 3.0)
-    multi_json (1.13.1)
+    msgpack (1.3.3)
-    mustermann (1.0.3)
+    multi_json (1.14.1)
-    mustermann-grape (1.0.0)
+    mustermann (1.1.1)
-      mustermann (~> 1.0.0)
+      ruby2_keywords (~> 0.0.1)
+    mustermann-grape (1.0.1)
+      mustermann (>= 1.0.0)
     netrc (0.11.0)
     nio4r (2.5.2)
-    nokogiri (1.10.4)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
     nori (2.6.0)
     open4 (1.3.4)
     orm_adapter (0.5.0)
-    paper_trail (4.2.0)
+    paper_trail (10.3.1)
-      activerecord (>= 3.0, < 6.0)
+      activerecord (>= 4.2)
-      activesupport (>= 3.0, < 6.0)
       request_store (~> 1.1)
-    pdfkit (0.8.4.1)
+    pdfkit (0.8.4.3.1)
-    pg (0.19.0)
+    pg (1.2.2)
+    polyamorous (2.3.2)
+      activerecord (>= 5.2.1)
     pry (0.10.1)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       slop (~> 3.4)
-    public_suffix (4.0.1)
+    public_suffix (4.0.5)
-    puma (4.2.1)
+    puma (4.3.5)
       nio4r (~> 2.0)
     que (0.14.3)
     que-web (0.7.2)
       erubis
       que (~> 0.8)
       sinatra
-    rack (1.6.11)
+    rack (2.2.3)
     rack-accept (0.4.5)
       rack (>= 0.4)
-    rack-protection (1.5.5)
+    rack-protection (2.0.8.1)
       rack
-    rack-test (0.6.3)
+    rack-test (1.1.0)
-      rack (>= 1.0)
+      rack (>= 1.0, < 3)
     railroady (1.3.0)
-    rails (4.2.11.1)
+    rails (6.0.3.2)
-      actionmailer (= 4.2.11.1)
+      actioncable (= 6.0.3.2)
-      actionpack (= 4.2.11.1)
+      actionmailbox (= 6.0.3.2)
-      actionview (= 4.2.11.1)
+      actionmailer (= 6.0.3.2)
-      activejob (= 4.2.11.1)
+      actionpack (= 6.0.3.2)
-      activemodel (= 4.2.11.1)
+      actiontext (= 6.0.3.2)
-      activerecord (= 4.2.11.1)
+      actionview (= 6.0.3.2)
-      activesupport (= 4.2.11.1)
+      activejob (= 6.0.3.2)
-      bundler (>= 1.3.0, < 2.0)
+      activemodel (= 6.0.3.2)
-      railties (= 4.2.11.1)
+      activerecord (= 6.0.3.2)
-      sprockets-rails
+      activestorage (= 6.0.3.2)
-    rails-deprecated_sanitizer (1.0.3)
+      activesupport (= 6.0.3.2)
-      activesupport (>= 4.2.0.alpha)
+      bundler (>= 1.3.0)
-    rails-dom-testing (1.0.9)
+      railties (= 6.0.3.2)
-      activesupport (>= 4.2.0, < 5.0)
+      sprockets-rails (>= 2.0.0)
-      nokogiri (~> 1.6)
+    rails-dom-testing (2.0.3)
-      rails-deprecated_sanitizer (>= 1.0.1)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
     rails-settings-cached (0.7.2)
       rails (>= 4.2.0)
-    railties (4.2.11.1)
+    railties (6.0.3.2)
-      actionpack (= 4.2.11.1)
+      actionpack (= 6.0.3.2)
-      activesupport (= 4.2.11.1)
+      activesupport (= 6.0.3.2)
+      method_source
       rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
+      thor (>= 0.20.3, < 2.0)
-    rake (12.3.3)
+    rake (13.0.1)
-    ransack (1.8.10)
+    ransack (2.3.2)
-      actionpack (>= 3.0, < 5.2)
+      activerecord (>= 5.2.1)
-      activerecord (>= 3.0, < 5.2)
+      activesupport (>= 5.2.1)
-      activesupport (>= 3.0, < 5.2)
       i18n
-    rbtree3 (0.5.0)
+      polyamorous (= 2.3.2)
-    rdoc (4.3.0)
+    rb-fsevent (0.10.4)
-    regexp_parser (1.6.0)
+    rb-inotify (0.10.1)
-    request_store (1.4.1)
+      ffi (~> 1.0)
+    rbtree3 (0.6.0)
+    rdoc (6.2.1)
+    regexp_parser (1.7.1)
+    request_store (1.5.0)
       rack (>= 1.4)
-    responders (2.4.1)
+    responders (3.0.1)
-      actionpack (>= 4.2.0, < 6.0)
+      actionpack (>= 5.0)
-      railties (>= 4.2.0, < 6.0)
+      railties (>= 5.0)
-    rest-client (2.0.1)
+    rest-client (2.1.0)
+      http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rspec (3.6.0)
+    rspec (3.9.0)
-      rspec-core (~> 3.6.0)
+      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.6.0)
+      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.6.0)
+      rspec-mocks (~> 3.9.0)
-    rspec-core (3.6.0)
+    rspec-core (3.9.2)
-      rspec-support (~> 3.6.0)
+      rspec-support (~> 3.9.3)
-    rspec-expectations (3.6.0)
+    rspec-expectations (3.9.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.6.0)
+      rspec-support (~> 3.9.0)
-    rspec-mocks (3.6.0)
+    rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.6.0)
+      rspec-support (~> 3.9.0)
-    rspec-support (3.6.0)
+    rspec-support (3.9.3)
-    rubyzip (2.0.0)
+    ruby2_keywords (0.0.2)
+    rubyzip (2.3.0)
     safe_yaml (1.0.5)
-    sass (3.4.23)
+    sass-rails (6.0.0)
-    sass-rails (5.0.6)
+      sassc-rails (~> 2.1, >= 2.1.1)
-      railties (>= 4.0.0, < 6)
+    sassc (2.4.0)
-      sass (~> 3.1)
+      ffi (~> 1.9)
-      sprockets (>= 2.8, < 4.0)
+    sassc-rails (2.1.2)
-      sprockets-rails (>= 2.0, < 4.0)
+      railties (>= 4.0.0)
-      tilt (>= 1.1, < 3)
+      sassc (>= 2.0)
-    sassc (2.0.0)
+      sprockets (> 3.0)
-      ffi (~> 1.9.6)
+      sprockets-rails
-      rake
+      tilt
-    savon (2.12.0)
+    savon (2.12.1)
       akami (~> 1.2)
       builder (>= 2.1.2)
       gyoku (~> 1.2)
@@ -361,13 +421,12 @@ GEM
       nokogiri (>= 1.8.1)
       nori (~> 2.4)
       wasabi (~> 3.4)
-    sdoc (0.4.1)
+    sdoc (1.1.0)
-      json (~> 1.7, >= 1.7.7)
+      rdoc (>= 5.0)
-      rdoc (~> 4.0)
     select2-rails (3.5.9.3)
       thor (~> 0.14)
     selectize-rails (0.12.1)
-    selenium-webdriver (3.142.6)
+    selenium-webdriver (3.142.7)
       childprocess (>= 0.5, < 4.0)
       rubyzip (>= 1.2.2)
     simplecov (0.17.1)
@@ -375,15 +434,17 @@ GEM
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    simpleidn (0.0.7)
+    simpleidn (0.1.1)
-    sinatra (1.4.8)
+      unf (~> 0.1.4)
-      rack (~> 1.5)
+    sinatra (2.0.8.1)
-      rack-protection (~> 1.4)
+      mustermann (~> 1.0)
-      tilt (>= 1.3, < 3)
+      rack (~> 2.0)
+      rack-protection (= 2.0.8.1)
+      tilt (~> 2.0)
     sixarm_ruby_unaccent (1.2.0)
     slop (3.6.0)
     socksify (1.7.1)
-    sprockets (3.7.2)
+    sprockets (4.0.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.2.1)
@@ -394,59 +455,62 @@ GEM
     thor (0.20.3)
     thread_safe (0.3.6)
     tilt (2.0.10)
-    tzinfo (1.2.5)
+    truemail (1.8.0)
+      simpleidn (~> 0.1.1)
+    tzinfo (1.2.7)
       thread_safe (~> 0.1)
-    uglifier (4.1.11)
+    uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.7.6)
+    unf_ext (0.0.7.7)
     unicode_utils (1.4.0)
     validates_email_format_of (1.6.3)
       i18n
-    virtus (1.0.5)
+    warden (1.2.8)
-      axiom-types (~> 0.1)
+      rack (>= 2.0.6)
-      coercible (~> 1.0)
-      descendants_tracker (~> 0.0, >= 0.0.3)
-      equalizer (~> 0.0, >= 0.0.9)
-    warden (1.2.7)
-      rack (>= 1.0)
     wasabi (3.5.0)
       httpi (~> 2.0)
       nokogiri (>= 1.4.2)
-    webdrivers (4.1.3)
+    webdrivers (4.4.1)
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (>= 3.0, < 4.0)
-    webmock (3.7.6)
+    webmock (3.8.3)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
+    websocket-driver (0.7.2)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
     whenever (0.9.4)
       chronic (>= 0.6.3)
-    wkhtmltopdf-binary (0.12.4)
+    wkhtmltopdf-binary (0.12.5.4)
     xpath (3.2.0)
       nokogiri (~> 1.8)
+    zeitwerk (2.3.1)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  active_model-errors_details
+  activerecord-import
   airbrake
   autodoc
+  bootsnap (>= 1.1.0)
   bootstrap-sass (~> 3.4)
   cancancan
   capybara
   coderay (= 1.1.0)
-  coffee-rails (~> 4.2)
+  coffee-rails (>= 5.0)
   company_register!
   countries
   daemons-rails (= 1.2.1)
-  data_migrate
+  data_migrate (~> 6.1)
   database_cleaner
   devise (~> 4.7)
   digidoc_client!
+  directo!
   domain_name
   e_invoice!
   epp!
@@ -455,39 +519,41 @@ DEPENDENCIES
   grape
   haml (~> 5.0)
   isikukood
-  iso8601 (= 0.8.6)
+  iso8601 (= 0.12.1)
   jquery-rails
   jquery-ui-rails (= 5.0.5)
   kaminari
   lhv!
+  listen (= 3.2.1)
   mina (= 0.3.1)
-  minitest (~> 5.10.0)
+  minitest (~> 5.14)
   money-rails
   nokogiri
-  paper_trail (~> 4.0)
+  paper_trail (~> 10.3)
   pdfkit
-  pg (= 0.19.0)
+  pg (= 1.2.2)
   pry (= 0.10.1)
   puma
   que
   que-web
   railroady (= 1.3.0)
-  rails (= 4.2.11.1)
+  rails (~> 6.0)
   rails-settings-cached (= 0.7.2)
-  ransack (~> 1.8)
+  ransack (~> 2.3)
   rest-client
-  sass-rails (= 5.0.6)
+  sass-rails
-  sdoc (= 0.4.1)
+  sdoc (~> 1.1)
   select2-rails (= 3.5.9.3)
   selectize-rails (= 0.12.1)
-  simplecov
+  simplecov (= 0.17.1)
-  simpleidn (= 0.0.7)
+  simpleidn (= 0.1.1)
+  truemail (~> 1.7)
   uglifier
   validates_email_format_of (= 1.6.3)
   webdrivers
   webmock
   whenever (= 0.9.4)
-  wkhtmltopdf-binary
+  wkhtmltopdf-binary (~> 0.12.5.1)
 
 BUNDLED WITH
-   1.17.3
+   2.1.4

Rakefile

@@ -1,6 +1,6 @@
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require File.expand_path('../config/application', __FILE__)
+require_relative 'config/application'
 
 Rails.application.load_tasks

app/api/repp/api.rb

@@ -30,7 +30,8 @@ module Repp
         webclient_cert_name = ENV['webclient_cert_common_name'] || 'webclient'
         error! "Webclient #{message} #{webclient_cert_name}", 401 if webclient_cert_name != request_name
       else
-        unless @current_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
+        unless @current_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
+                                     request.env['HTTP_SSL_CLIENT_S_DN_CN'])
           error! "#{message} #{@current_user.username}", 401
         end
       end

app/assets/config/manifest.js

@@ -0,0 +1,3 @@
+  //= link_tree ../images
+  //= link_directory ../javascripts .js
+  //= link_directory ../stylesheets .css

app/assets/javascripts/admin/autocomplete.js.coffee

@@ -47,12 +47,6 @@ class @Autocomplete
       selector: '.js-contact-typeahead'
       hiddenSelector: '.js-contact-id'
 
-  @bindAdminRegistrarSearch: ->
-    Autocomplete.bindTypeahead
-      remote: '/admin/registrars/search'
-      selector: '.js-registrar-typeahead'
-      hiddenSelector: '.js-registrar-id'
-
   @bindClientContactSearch: ->
     Autocomplete.bindTypeahead
       remote: '/client/contacts/search'

app/assets/stylesheets/shared/general.sass

@@ -15,6 +15,9 @@ body > .container
   padding-top: 15px
   font-size: 10px
 
+a.footer-version-link
+  color: black
+
 .nowrap
   white-space: nowrap
 

app/controllers/admin/account_activities_controller.rb

@@ -23,11 +23,11 @@ module Admin
       @q.sorts = 'id desc' if @q.sorts.empty?
 
       @account_activities = @q.result.page(params[:page]).per(params[:results_per_page])
-      sort = @account_activities.orders.map(&:to_sql).join(",")
 
-      # can do here inline SQL as it's our
       if params[:page] && params[:page].to_i > 1
-        @sum = @q.result.reorder(sort).limit(@account_activities.offset_value).sum(:sum) + @b.result.where("account_activities.id NOT IN (#{@q.result.select(:id).to_sql})").sum(:sum)
+        @sum = @q.result.limit(@account_activities.offset_value).sum(:sum) +
+               @b.result.where("account_activities.id NOT IN (#{@q.result.select(:id).to_sql})")
+                 .sum(:sum)
       else
         @sum = @b.result.where("account_activities.id NOT IN (#{@q.result.select(:id).to_sql})").sum(:sum)
       end

app/controllers/admin/api_users_controller.rb

@@ -1,7 +1,6 @@
 module Admin
   class ApiUsersController < BaseController
     load_and_authorize_resource
-    before_action :set_api_user, only: [:show, :edit, :update, :destroy]
 
     def index
       @q = ApiUser.includes(:registrar).search(params[:q])
@@ -9,18 +8,17 @@ module Admin
     end
 
     def new
-      @registrar = Registrar.find_by(id: params[:registrar_id])
+      @api_user = registrar.api_users.build
-      @api_user = ApiUser.new(registrar: @registrar)
     end
 
     def create
-      @api_user = ApiUser.new(api_user_params)
+      @api_user = registrar.api_users.build(api_user_params)
 
-      if @api_user.save
+      if @api_user.valid?
-        flash[:notice] = I18n.t('record_created')
+        @api_user.save!
-        redirect_to [:admin, @api_user]
+        redirect_to admin_registrar_api_user_path(@api_user.registrar, @api_user),
+                    notice: t('.created')
       else
-        flash.now[:alert] = I18n.t('failed_to_create_record')
         render 'new'
       end
     end
@@ -32,39 +30,31 @@ module Admin
     end
 
     def update
-      if params[:api_user][:plain_text_password].blank?
+      @api_user.attributes = api_user_params
-        params[:api_user].delete(:plain_text_password)
-      end
 
-      if @api_user.update(api_user_params)
+      if @api_user.valid?
-        flash[:notice] = I18n.t('record_updated')
+        @api_user.save!
-        redirect_to [:admin, @api_user]
+        redirect_to admin_registrar_api_user_path(@api_user.registrar, @api_user),
+                    notice: t('.updated')
       else
-        flash.now[:alert] = I18n.t('failed_to_update_record')
         render 'edit'
       end
     end
 
     def destroy
-      if @api_user.destroy
+      @api_user.destroy!
-        flash[:notice] = I18n.t('record_deleted')
+      redirect_to admin_registrar_path(@api_user.registrar), notice: t('.deleted')
-        redirect_to admin_api_users_path
-      else
-        flash.now[:alert] = I18n.t('failed_to_delete_record')
-        render 'show'
-      end
     end
 
     private
 
-    def set_api_user
-      @api_user = ApiUser.find(params[:id])
-    end
-
     def api_user_params
       params.require(:api_user).permit(:username, :plain_text_password, :active,
-                                       :registrar_id, :registrar_typeahead,
                                        :identity_code, { roles: [] })
     end
+
+    def registrar
+      Registrar.find(params[:registrar_id])
+    end
   end
 end

app/controllers/admin/bank_statements_controller.rb

@@ -60,7 +60,7 @@ module Admin
     end
 
     def bind_invoices
-      @bank_statement.bind_invoices
+      @bank_statement.bind_invoices(manual: true)
 
       flash[:notice] = t('invoices_were_fully_binded') if @bank_statement.fully_binded?
       flash[:warning] = t('invoices_were_partially_binded') if @bank_statement.partially_binded?

app/controllers/admin/bank_transactions_controller.rb

@@ -34,7 +34,7 @@ module Admin
     end
 
     def bind
-      if @bank_transaction.bind_invoice(params[:invoice_no])
+      if @bank_transaction.bind_invoice(params[:invoice_no], manual: true)
         flash[:notice] = I18n.t('record_created')
         redirect_to [:admin, @bank_transaction]
       else

app/controllers/admin/base_controller.rb

@@ -2,6 +2,7 @@ module Admin
   class BaseController < ApplicationController
     before_action :authenticate_admin_user!
     helper_method :head_title_sufix
+    before_action :set_paper_trail_whodunnit
 
     def head_title_sufix
       t(:admin_head_title_sufix)

app/controllers/admin/certificates_controller.rb

@@ -34,7 +34,7 @@ module Admin
 
       if @certificate.destroy
         flash[:notice] = I18n.t('record_deleted')
-        redirect_to admin_api_user_path(@api_user)
+        redirect_to admin_registrar_api_user_path(@api_user.registrar, @api_user)
       else
         flash.now[:alert] = I18n.t('failed_to_delete_record')
         render 'show'

app/controllers/admin/contacts_controller.rb

@@ -3,6 +3,7 @@ module Admin
     load_and_authorize_resource
     before_action :set_contact, only: [:show]
     helper_method :ident_types
+    helper_method :domain_filter_params
 
     def index
       params[:q] ||= {}
@@ -12,19 +13,27 @@ module Admin
         search_params[:registrant_domains_id_not_null] = 1
       end
 
-      contacts = Contact.includes(:registrar).joins(:registrar).select('contacts.*, registrars.name')
+      contacts = Contact.includes(:registrar).joins(:registrar)
+                        .select('contacts.*, registrars.name')
       contacts = contacts.filter_by_states(params[:statuses_contains].join(',')) if params[:statuses_contains]
-      contacts = contacts.where("ident_country_code is null or ident_country_code=''") if params[:only_no_country_code].eql?('1')
+      contacts = filter_by_flags(contacts)
-
 
       normalize_search_parameters do
         @q = contacts.search(search_params)
-        @contacts = @q.result.uniq.page(params[:page])
+        @contacts = @q.result.distinct.page(params[:page])
       end
 
       @contacts = @contacts.per(params[:results_per_page]) if params[:results_per_page].to_i.positive?
     end
 
+    def filter_by_flags(contacts)
+      if params[:only_no_country_code].eql?('1')
+        contacts = contacts.where("ident_country_code is null or ident_country_code=''")
+      end
+      contacts = contacts.email_verification_failed if params[:email_verification_failed].eql?('1')
+      contacts
+    end
+
     def search
       render json: Contact.search_by_query(params[:q])
     end
@@ -84,5 +93,9 @@ module Admin
     def ident_types
       Contact::Ident.types
     end
+
+    def domain_filter_params
+      params.permit(:domain_filter)
+    end
   end
 end

app/controllers/admin/disputes_controller.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Admin
+  class DisputesController < BaseController
+    load_and_authorize_resource
+    before_action :set_dispute, only: %i[show edit update delete]
+
+    # GET /admin/disputes
+    def index
+      params[:q] ||= {}
+      @disputes = sortable_dispute_query_for(Dispute.active.all, params[:q])
+      @closed_disputes = sortable_dispute_query_for(Dispute.closed.all, params[:q], closed: true)
+    end
+
+    # GET /admin/disputes/1
+    def show; end
+
+    # GET /admin/disputes/new
+    def new
+      @dispute = Dispute.new
+    end
+
+    # GET /admin/disputes/1/edit
+    def edit; end
+
+    # POST /admin/disputes
+    def create
+      @dispute = Dispute.new(dispute_params)
+      if @dispute.save
+        notice = 'Dispute was successfully created'
+        notice += @dispute.domain ? '.' : ' for domain that is not registered.'
+
+        redirect_to admin_disputes_url, notice: notice
+      else
+        render :new
+      end
+    end
+
+    # PATCH/PUT /admin/disputes/1
+    def update
+      if @dispute.update(dispute_params.except(:domain_name))
+        redirect_to admin_disputes_url, notice: 'Dispute was successfully updated.'
+      else
+        render :edit
+      end
+    end
+
+    # DELETE /admin/disputes/1
+    def delete
+      @dispute.close(initiator: 'Admin')
+      redirect_to admin_disputes_url, notice: 'Dispute was successfully closed.'
+    end
+
+    private
+
+    def sortable_dispute_query_for(disputes, query, closed: false)
+      @q = disputes.order(:domain_name).search(query)
+      disputes = @q.result.page(closed ? params[:closed_page] : params[:page])
+      return disputes.per(params[:results_per_page]) if params[:results_per_page].present?
+
+      disputes
+    end
+
+    # Use callbacks to share common setup or constraints between actions.
+    def set_dispute
+      @dispute = Dispute.find(params[:id])
+    end
+
+    # Only allow a trusted parameter "white list" through.
+    def dispute_params
+      params.require(:dispute).permit(:domain_name, :password, :starts_at, :comment)
+    end
+  end
+end

app/controllers/admin/domains/force_delete_controller.rb

@@ -5,21 +5,27 @@ module Admin
         authorize! :manage, domain
 
         domain.transaction do
-          domain.schedule_force_delete
+          domain.schedule_force_delete(type: force_delete_type)
           domain.registrar.notifications.create!(text: t('force_delete_set_on_domain',
-                                                         domain_name: domain.name))
+                                                         domain_name: domain.name,
+                                                         outzone_date: domain.outzone_date,
+                                                         purge_date: domain.purge_date))
 
-          if notify_by_email?
+          notify_by_email if notify_by_email?
-            DomainDeleteMailer.forced(domain: domain,
-                                      registrar: domain.registrar,
-                                      registrant: domain.registrant,
-                                      template_name: params[:template_name]).deliver_now
-          end
         end
 
         redirect_to edit_admin_domain_url(domain), notice: t('.scheduled')
       end
 
+      def notify_by_email
+        if force_delete_type == :fast_track
+          send_email
+          domain.update(contact_notification_sent_date: Time.zone.today)
+        else
+          domain.update(template_name: params[:template_name])
+        end
+      end
+
       def destroy
         authorize! :manage, domain
         domain.cancel_force_delete
@@ -33,7 +39,22 @@ module Admin
       end
 
       def notify_by_email?
-        ActiveRecord::Type::Boolean.new.type_cast_from_user(params[:notify_by_email])
+        ActiveRecord::Type::Boolean.new.cast(params[:notify_by_email])
+      end
+
+      def send_email
+        DomainDeleteMailer.forced(domain: domain,
+                                  registrar: domain.registrar,
+                                  registrant: domain.registrant,
+                                  template_name: params[:template_name]).deliver_now
+      end
+
+      def force_delete_type
+        soft_delete? ? :soft : :fast_track
+      end
+
+      def soft_delete?
+        ActiveRecord::Type::Boolean.new.cast(params[:soft_delete])
       end
     end
   end

app/controllers/admin/legal_documents_controller.rb

@@ -5,7 +5,11 @@ module Admin
     def show
       @ld = LegalDocument.find(params[:id])
       filename = @ld.path.split('/').last
-      send_data File.open(@ld.path).read, filename: filename
+      file = File.open(@ld.path)&.read
+      send_data file, filename: filename
+    rescue Errno::ENOENT
+      flash[:notice] = I18n.t('legal_doc_not_found')
+      redirect_to [:admin, @ld.documentable]
     end
   end
 end

app/controllers/admin/pending_deletes_controller.rb

@@ -29,7 +29,6 @@ module Admin
       # steal token
       token = @domain.registrant_verification_token
       @registrant_verification = RegistrantVerification.new(domain_id: @domain.id,
-                                                            domain_name: @domain.name,
                                                             verification_token: token)
     end
 

app/controllers/admin/pending_updates_controller.rb

@@ -26,7 +26,6 @@ module Admin
       # steal token
       token = @domain.registrant_verification_token
       @registrant_verification = RegistrantVerification.new(domain_id: @domain.id,
-                                                            domain_name: @domain.name,
                                                             verification_token: token)
     end
 

app/controllers/admin/registrars_controller.rb

@@ -74,6 +74,8 @@ module Admin
                                         :vat_rate,
                                         :accounting_customer_code,
                                         :billing_email,
+                                        :legaldoc_optout,
+                                        :legaldoc_optout_comment,
                                         :iban,
                                         :language)
     end

app/controllers/admin/zonefiles_controller.rb

@@ -13,7 +13,7 @@ module Admin
         send_data @zonefile, filename: "#{params[:origin]}.txt"
       else
         flash[:alert] = 'Origin not supported'
-        redirect_to :back
+        redirect_back(fallback_location: root_path)
       end
     end
   end

app/controllers/api/cors_controller.rb

@@ -5,7 +5,7 @@ module Api
 
     def cors_preflight_check
       set_access_control_headers
-      render text: ''
+      render plain: ''
     end
 
     def set_access_control_headers

app/controllers/api/v1/auctions_controller.rb

@@ -30,6 +30,8 @@ module Api
           raise "Invalid status #{params[:status]}"
         end
 
+        auction.mark_deadline(params[:registration_deadline]) if params[:registration_deadline]
+
         if auction.payment_not_received? || auction.domain_not_registered?
           update_whois_from_auction(Auction.pending(auction.domain))
         else

app/controllers/api/v1/base_controller.rb

@@ -1,8 +1,8 @@
-require 'rails5_api_controller_backport'
-
 module Api
   module V1
     class BaseController < ActionController::API
+      rescue_from ActiveRecord::RecordNotFound, with: :not_found_error
+
       private
 
       def authenticate
@@ -10,6 +10,12 @@ module Api
         head :unauthorized unless ip_allowed
       end
 
+      def not_found_error
+        uuid = params['uuid']
+        json = { error: 'Not Found', uuid: uuid, message: 'Record not found' }
+        render json: json, status: :not_found
+      end
+
       def allowed_ips
         ENV['auction_api_allowed_ips'].split(',').map(&:strip)
       end

app/controllers/api/v1/registrant/auth_controller.rb

@@ -1,4 +1,3 @@
-require 'rails5_api_controller_backport'
 require 'auth_token/auth_token_creator'
 
 module Api
@@ -16,7 +15,7 @@ module Api
         end
 
         def eid
-          user = RegistrantUser.find_or_create_by_api_data(eid_params)
+          user = RegistrantUser.find_or_create_by_api_data(eid_params.to_h)
           token = create_token(user)
 
           if token

app/controllers/api/v1/registrant/base_controller.rb

@@ -1,4 +1,3 @@
-require 'rails5_api_controller_backport'
 require 'auth_token/auth_token_decryptor'
 
 module Api
@@ -45,7 +44,7 @@ module Api
         # This controller does not inherit from ApplicationController,
         # so user_for_paper_trail method is not usable.
         def set_paper_trail_whodunnit
-          ::PaperTrail.whodunnit = current_registrant_user.id_role_username
+          ::PaperTrail.request.whodunnit = current_registrant_user.id_role_username
         end
 
         def show_not_found_error

app/controllers/application_controller.rb

@@ -1,9 +1,10 @@
 class ApplicationController < ActionController::Base
   check_authorization unless: :devise_controller?
+  before_action :set_paper_trail_whodunnit
 
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  protect_from_forgery with: :exception, prepend: true
 
   before_action do
     resource = controller_name.singularize.to_sym

app/controllers/epp/base_controller.rb

@@ -1,9 +1,8 @@
 module Epp
   class BaseController < ActionController::Base
     class AuthorizationError < StandardError; end
-
-    check_authorization
     skip_before_action :verify_authenticity_token
+    check_authorization
     layout false
 
     before_action :ensure_session_id_passed
@@ -11,7 +10,7 @@ module Epp
     before_action :latin_only
     before_action :validate_against_schema
     before_action :validate_request
-    before_action :update_epp_session, if: 'signed_in?'
+    before_action :update_epp_session, if: -> { signed_in? }
 
     around_action :wrap_exceptions
 
@@ -21,6 +20,7 @@ module Epp
     rescue_from StandardError, with: :respond_with_command_failed_error
     rescue_from AuthorizationError, with: :respond_with_authorization_error
     rescue_from ActiveRecord::RecordNotFound, with: :respond_with_object_does_not_exist_error
+    before_action :set_paper_trail_whodunnit
 
     protected
 
@@ -119,7 +119,7 @@ module Epp
     end
 
     def render_epp_response(*args)
-      @response = render_to_string(*args, formats: 'xml')
+      @response = render_to_string(*args, formats: [:xml])
       render xml: @response
       write_to_epp_log
     end
@@ -395,7 +395,12 @@ module Epp
     end
 
     def log_exception(exception)
+      logger.error(([exception.message] + exception.backtrace).join($INPUT_RECORD_SEPARATOR))
       notify_airbrake(exception)
     end
+
+    def user_for_paper_trail
+      current_user ? current_user.id_role_username : 'anonymous'
+    end
   end
 end

app/controllers/epp/contacts_controller.rb

@@ -1,3 +1,5 @@
+require 'deserializers/xml/contact_update'
+
 module Epp
   class ContactsController < BaseController
     before_action :find_contact, only: [:info, :update, :delete]
@@ -43,9 +45,14 @@ module Epp
     def update
       authorize! :update, @contact, @password
 
-      frame = params[:parsed_frame]
+      collected_data = ::Deserializers::Xml::ContactUpdate.new(params[:parsed_frame])
+      action = Actions::ContactUpdate.new(@contact,
+                                          collected_data.contact,
+                                          collected_data.legal_document,
+                                          collected_data.ident,
+                                          current_user)
 
-      if @contact.update_attributes(frame, current_user)
+      if action.call
         if !address_processing? && address_given?
           @response_code = 1100
           @response_description = t('epp.contacts.completed_without_address')

app/controllers/epp/domains_controller.rb

@@ -2,6 +2,7 @@ module Epp
   class DomainsController < BaseController
     before_action :find_domain, only: %i[info renew update transfer delete]
     before_action :find_password, only: %i[info update transfer delete]
+    before_action :set_paper_trail_whodunnit
 
     def info
       authorize! :info, @domain
@@ -91,7 +92,7 @@ module Epp
                                              status: Auction.statuses[:payment_received])
             active_auction.domain_registered!
           end
-
+          Dispute.close_by_domain(@domain.name)
           render_epp_response '/epp/domains/create'
         else
           handle_errors(@domain)
@@ -102,21 +103,17 @@ module Epp
     def update
       authorize! :update, @domain, @password
 
-      if @domain.update(params[:parsed_frame], current_user)
+      updated = @domain.update(params[:parsed_frame], current_user)
-        if @domain.epp_pending_update.present?
+      (handle_errors(@domain) && return) unless updated
-          render_epp_response '/epp/domains/success_pending'
+
-        else
+      pending = @domain.epp_pending_update.present?
-          render_epp_response '/epp/domains/success'
+      render_epp_response "/epp/domains/success#{'_pending' if pending}"
-        end
-      else
-        handle_errors(@domain)
-      end
     end
 
     def delete
       authorize! :delete, @domain, @password
 
-      handle_errors(@domain) and return unless @domain.can_be_deleted?
+      (handle_errors(@domain) && return) unless @domain.can_be_deleted?
 
       if @domain.epp_destroy(params[:parsed_frame], current_user.id)
         if @domain.epp_pending_delete.present?
@@ -240,7 +237,7 @@ module Epp
       mutually_exclusive 'keyData', 'dsData'
 
       @prefix = nil
-      requires 'extension > extdata > legalDocument'
+      requires 'extension > extdata > legalDocument' if current_user.legaldoc_mandatory?
 
       optional_attribute 'period', 'unit', values: %w(d m y)
 
@@ -249,7 +246,7 @@ module Epp
 
     def validate_update
       if element_count('update > chg > registrant') > 0
-        requires 'extension > extdata > legalDocument'
+        requires 'extension > extdata > legalDocument' if current_user.legaldoc_mandatory?
       end
 
       @prefix = 'update > update >'
@@ -259,8 +256,6 @@ module Epp
     end
 
     def validate_delete
-      requires 'extension > extdata > legalDocument'
-
       @prefix = 'delete > delete >'
       requires 'name'
     end
@@ -311,6 +306,7 @@ module Epp
 
     def status_editing_disabled
       return true if Setting.client_status_editing_enabled
+      return true if check_client_hold
       return true if params[:parsed_frame].css('status').empty?
       epp_errors << {
         code: '2306',
@@ -318,6 +314,11 @@ module Epp
       }
     end
 
+    def check_client_hold
+      statuses = params[:parsed_frame].css('status').map { |element| element['s'] }
+      statuses == [::DomainStatus::CLIENT_HOLD]
+    end
+
     def balance_ok?(operation, period = nil, unit = nil)
       @domain_pricelist = @domain.pricelist(operation, period.try(:to_i), unit)
       if @domain_pricelist.try(:price) # checking if price list is not found

app/controllers/epp/sessions_controller.rb

@@ -1,6 +1,7 @@
 module Epp
   class SessionsController < BaseController
     skip_authorization_check only: [:hello, :login, :logout]
+    before_action :set_paper_trail_whodunnit
 
     def hello
       render_epp_response('greeting')
@@ -29,7 +30,8 @@ module Epp
       end
 
       if !Rails.env.development? && (!webclient_request && @api_user)
-        unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
+        unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
+                                 request.env['HTTP_SSL_CLIENT_S_DN_CN'])
           epp_errors << {
             msg: 'Authentication error; server closing connection (certificate is not valid)',
             code: '2501'

app/controllers/registrant/contacts_controller.rb

@@ -1,10 +1,12 @@
 class Registrant::ContactsController < RegistrantController
   helper_method :domain
   helper_method :fax_enabled?
+  helper_method :domain_filter_params
   skip_authorization_check only: %i[edit update]
+  before_action :set_contact, only: [:show]
 
   def show
-    @contact = current_user_contacts.find(params[:id])
+    @requester_contact = Contact.find_by(ident: current_registrant_user.ident)
     authorize! :read, @contact
   end
 
@@ -29,6 +31,13 @@ class Registrant::ContactsController < RegistrantController
 
   private
 
+  def set_contact
+    id = params[:id]
+    contact = domain.contacts.find_by(id: id) || current_user_contacts.find_by(id: id)
+    contact ||= Contact.find_by(id: id, ident: domain.registrant.ident)
+    @contact = contact
+  end
+
   def domain
     current_user_domains.find(params[:domain_id])
   end
@@ -99,4 +108,8 @@ class Registrant::ContactsController < RegistrantController
       http.request(request)
     end
   end
+
+  def domain_filter_params
+    params.permit(:domain_filter)
+  end
 end

app/controllers/registrant/domain_delete_confirms_controller.rb

@@ -4,6 +4,7 @@ class Registrant::DomainDeleteConfirmsController < RegistrantController
 
   def show
     return if params[:confirmed] || params[:rejected]
+
     @domain = Domain.find(params[:id])
     @domain = nil unless @domain.registrant_delete_confirmable?(params[:token])
   end
@@ -16,28 +17,28 @@ class Registrant::DomainDeleteConfirmsController < RegistrantController
     end
 
     @registrant_verification = RegistrantVerification.new(domain_id: @domain.id,
-                                                          domain_name: @domain.name,
                                                           verification_token: params[:token])
 
     initiator = current_registrant_user ? current_registrant_user.username :
                   t(:user_not_authenticated)
 
-    if params[:rejected]
+    confirmed = params[:confirmed] ? true : false
-      if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}")
+    action = if confirmed
-        flash[:notice] = t(:registrant_domain_verification_rejected)
+               @registrant_verification.domain_registrant_delete_confirm!("email link #{initiator}")
-        redirect_to registrant_domain_delete_confirm_path(@domain.id, rejected: true)
              else
-        flash[:alert] = t(:registrant_domain_delete_rejected_failed)
+               @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}")
-        return render 'show'
              end
-    elsif params[:confirmed]
+
-      if @registrant_verification.domain_registrant_delete_confirm!("email link #{initiator}")
+    fail_msg = t("registrant_domain_delete_#{confirmed ? 'confirmed' : 'rejected'}_failed".to_sym)
-        flash[:notice] = t(:registrant_domain_verification_confirmed)
+    success_msg = t("registrant_domain_verification_#{confirmed ? 'confirmed' : 'rejected'}".to_sym)
+
+    flash[:alert] = action ? success_msg : fail_msg
+    (render 'show' && return) unless action
+
+    if confirmed
       redirect_to registrant_domain_delete_confirm_path(@domain.id, confirmed: true)
     else
-        flash[:alert] = t(:registrant_domain_delete_confirmed_failed)
+      redirect_to registrant_domain_delete_confirm_path(@domain.id, rejected: true)
-        return render 'show'
-      end
     end
   end
 end

app/controllers/registrant/domain_update_confirms_controller.rb

@@ -16,7 +16,6 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
     end
 
     @registrant_verification = RegistrantVerification.new(domain_id: @domain.id,
-                                                          domain_name: @domain.name,
                                                           verification_token: params[:token])
 
     initiator = current_registrant_user ? current_registrant_user.username :
@@ -32,6 +31,8 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
       end
     elsif params[:confirmed]
       if @registrant_verification.domain_registrant_change_confirm!("email link, #{initiator}")
+        Dispute.close_by_domain(@domain.name) if @domain.disputed?
+
         flash[:notice] = t(:registrant_domain_verification_confirmed)
         redirect_to registrant_domain_update_confirm_path(@domain.id, confirmed: true)
       else

app/controllers/registrant_controller.rb

@@ -1,5 +1,6 @@
 class RegistrantController < ApplicationController
   before_action :authenticate_registrant_user!
+  before_action :set_paper_trail_whodunnit
   layout 'registrant/application'
 
   include Registrant::ApplicationHelper

app/controllers/registrar/base_controller.rb

@@ -6,6 +6,7 @@ class Registrar
     before_action :check_ip_restriction
     helper_method :depp_controller?
     helper_method :head_title_sufix
+    before_action :set_paper_trail_whodunnit
 
     protected
 

app/controllers/registrar/contacts_controller.rb

@@ -3,6 +3,7 @@ class Registrar
     before_action :init_epp_contact
     helper_method :address_processing?
     helper_method :ident_types
+    helper_method :domain_filter_params
 
     def index
       authorize! :view, Depp::Contact
@@ -16,12 +17,13 @@ class Registrar
         search_params[:registrant_domains_id_not_null] = 1
       end
 
-      if params[:statuses_contains]
-        contacts = current_registrar_user.registrar.contacts.includes(:registrar).where(
-          "contacts.statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
-        )
-      else
       contacts = current_registrar_user.registrar.contacts.includes(:registrar)
+      status_list = params[:statuses_contains]
+
+      if status_list
+        contacts_ids = contacts.select { |c| (c.statuses & status_list.to_a) == status_list.to_a }
+                               .map(&:id)
+        contacts = contacts.where(id: contacts_ids)
       end
 
       normalize_search_parameters do
@@ -68,7 +70,7 @@ class Registrar
 
     def create
       authorize! :create, Depp::Contact
-      @contact = Depp::Contact.new(params[:depp_contact])
+      @contact = Depp::Contact.new(contact_params)
 
       if @contact.save
         redirect_to registrar_contact_url(@contact.id)
@@ -79,9 +81,9 @@ class Registrar
 
     def update
       authorize! :edit, Depp::Contact
-      @contact = Depp::Contact.new(params[:depp_contact])
+      @contact = Depp::Contact.new(contact_params)
 
-      if @contact.update_attributes(params[:depp_contact])
+      if @contact.update_attributes(contact_params)
         redirect_to registrar_contact_url(@contact.id)
       else
         render 'edit'
@@ -95,7 +97,7 @@ class Registrar
 
     def destroy
       authorize! :delete, Depp::Contact
-      @contact = Depp::Contact.new(params[:depp_contact])
+      @contact = Depp::Contact.new(contact_params_for_delete)
 
       if @contact.delete
         redirect_to registrar_contacts_url, notice: t(:destroyed)
@@ -104,6 +106,12 @@ class Registrar
       end
     end
 
+    protected
+
+    def domain_filter_params
+      params.permit(:domain_filter)
+    end
+
     private
 
     def init_epp_contact
@@ -131,5 +139,22 @@ class Registrar
     def ident_types
       Contact::Ident.types
     end
+
+    def contact_params
+      params.require(:depp_contact).permit(:id,
+                                           :name,
+                                           :email,
+                                           :phone,
+                                           :org_name,
+                                           :ident, :ident_type, :ident_country_code,
+                                           :street, :city, :zip, :state, :country_code,
+                                           :password,
+                                           :legal_document,
+                                           :code)
+    end
+
+    def contact_params_for_delete
+      params.require(:depp_contact).permit(:id, :password, :legal_document)
+    end
   end
 end

app/controllers/registrar/current_user_controller.rb

@@ -6,7 +6,7 @@ class Registrar
       raise 'Cannot switch to unlinked user' unless current_registrar_user.linked_with?(new_user)
 
       sign_in(:registrar_user, new_user)
-      redirect_to :back, notice: t('.switched', new_user: new_user)
+      redirect_back(fallback_location: root_path, notice: t('.switched', new_user: new_user))
     end
 
     private

app/controllers/registrar/domains_controller.rb

@@ -2,16 +2,17 @@ class Registrar
   class DomainsController < DeppController
     before_action :init_domain, except: :new
     helper_method :contacts
+    helper_method :search_params
 
     def index
       authorize! :view, Depp::Domain
 
-      params[:q] ||= {}
+      if search_params.to_h.delete_if { |_key, value| value.blank? }.length == 1 &&
-      params[:q].delete_if { |_k, v| v.blank? }
+        search_params[:name_matches].present?
-      if params[:q].length == 1 && params[:q][:name_matches].present?
+        domain = Domain.find_by(name: search_params[:name_matches])
-        @domain = Domain.find_by(name: params[:q][:name_matches])
+
-        if @domain
+        if domain
-          redirect_to info_registrar_domains_url(domain_name: @domain.name) and return
+          redirect_to info_registrar_domains_url(domain_name: domain.name) and return
         end
       end
 
@@ -24,15 +25,15 @@ class Registrar
       end
 
       normalize_search_parameters do
-        @q = domains.search(params[:q])
+        @q = domains.search(search_params)
         @domains = @q.result.page(params[:page])
-        if @domains.count == 0 && params[:q][:name_matches] !~ /^%.+%$/
+
         # if we do not get any results, add wildcards to the name field and search again
-          n_cache = params[:q][:name_matches]
+        if @domains.count == 0 && search_params[:name_matches] !~ /^%.+%$/
-          params[:q][:name_matches] = "%#{params[:q][:name_matches]}%"
+          new_search_params = search_params.to_h
-          @q = domains.search(params[:q])
+          new_search_params[:name_matches] = "%#{new_search_params[:name_matches]}%"
+          @q = domains.search(new_search_params)
           @domains = @q.result.page(params[:page])
-          params[:q][:name_matches] = n_cache # we don't want to show wildcards in search form
         end
       end
 
@@ -58,6 +59,7 @@ class Registrar
     def info
       authorize! :info, Depp::Domain
       @data = @domain.info(params[:domain_name]) if params[:domain_name]
+      @client_holded = client_holded(@data)
       if response_ok?
         render 'info'
       else
@@ -84,7 +86,7 @@ class Registrar
 
     def create
       authorize! :create, Depp::Domain
-      @domain_params = params[:domain]
+      @domain_params = domain_params.to_h
       @data = @domain.create(@domain_params)
 
       if response_ok?
@@ -98,12 +100,14 @@ class Registrar
       authorize! :update, Depp::Domain
       @data = @domain.info(params[:domain_name])
       @domain_params = Depp::Domain.construct_params_from_server_data(@data)
+      @dispute = Dispute.active.find_by(domain_name: params[:domain_name])
     end
 
     def update
       authorize! :update, Depp::Domain
       @domain_params = params[:domain]
       @data = @domain.update(@domain_params)
+      @dispute = Dispute.active.find_by(domain_name: @domain_params[:name])
 
       if response_ok?
         redirect_to info_registrar_domains_url(domain_name: @domain_params[:name])
@@ -152,29 +156,60 @@ class Registrar
       render json: scope.pluck(:name, :code).map { |c| { display_key: "#{c.second} #{c.first}", value: c.second } }
     end
 
+    def remove_hold
+      authorize! :remove_hold, Depp::Domain
+      return unless params[:domain_name]
+
+      @data = @domain.remove_hold(params)
+
+      flash[:alert] = @data.css('msg').text unless response_ok?
+      redirect_to info_registrar_domains_url(domain_name: params[:domain_name])
+    end
+
     private
 
     def init_domain
       @domain = Depp::Domain.new(current_user: depp_current_user)
     end
 
+    def client_holded(data)
+      data.css('status')&.map { |element| element.attribute('s').value }
+         &.any? { |status| status == DomainStatus::CLIENT_HOLD }
+    end
 
     def contacts
       current_registrar_user.registrar.contacts
     end
 
     def normalize_search_parameters
-      ca_cache = params[:q][:valid_to_lteq]
+      ca_cache = search_params[:valid_to_lteq]
       begin
-        end_time = params[:q][:valid_to_lteq].try(:to_date)
+        end_time = search_params[:valid_to_lteq].try(:to_date)
-        params[:q][:valid_to_lteq] = end_time.try(:end_of_day)
+        search_params[:valid_to_lteq] = end_time.try(:end_of_day)
       rescue
         logger.warn('Invalid date')
       end
 
       yield
 
-      params[:q][:valid_to_lteq] = ca_cache
+      search_params[:valid_to_lteq] = ca_cache
+    end
+
+    def search_params
+      params.fetch(:q, {}).permit(:name_matches,
+                                  :registrant_ident_eq,
+                                  :contacts_ident_eq,
+                                  :nameservers_hostname_eq,
+                                  :valid_to_gteq,
+                                  :valid_to_lteq,
+                                  :s)
+    end
+
+    def domain_params
+      params.require(:domain).permit(:name, :period, :registrant, :registrant_helper, :reserved_pw,
+                                     :verified, :legal_document, contacts_attributes: {},
+                                                                 nameservers_attributes: {},
+                                                                 dnskeys_attributes: {})
     end
   end
 end

app/controllers/registrar/payments_controller.rb

@@ -5,48 +5,51 @@ class Registrar
     skip_authorization_check # actually anyone can pay, no problems at all
     skip_before_action :authenticate_registrar_user!, :check_ip_restriction,
                        only: [:back, :callback]
-    before_action :check_supported_payment_method
+
+    before_action :check_supported_payment_method, only: [:pay]
 
     def pay
       invoice = Invoice.find(params[:invoice_id])
-      bank = params[:bank]
+      channel = params[:bank]
-      opts = {
+
-        return_url: registrar_return_payment_with_url(
+      @payment_order = PaymentOrder.new_with_type(type: channel, invoice: invoice)
-          bank, invoice_id: invoice
+      @payment_order.save
-        ),
+      @payment_order.reload
-        response_url: registrar_response_payment_with_url(
+
-          bank, invoice_id: invoice
+      @payment_order.return_url = registrar_return_payment_with_url(@payment_order)
-        )
+      @payment_order.response_url = registrar_response_payment_with_url(@payment_order)
-      }
+
-      @payment = ::PaymentOrders.create_with_type(bank, invoice, opts)
+      @payment_order.save
-      @payment.create_transaction
+      @payment_order.reload
     end
 
     def back
-      invoice = Invoice.find(params[:invoice_id])
+      @payment_order = PaymentOrder.find_by!(id: params[:payment_order])
-      opts = { response: params }
+      @payment_order.update!(response: params.to_unsafe_h)
-      @payment = ::PaymentOrders.create_with_type(params[:bank], invoice, opts)
-      if @payment.valid_response_from_intermediary? && @payment.settled_payment?
-        @payment.complete_transaction
 
-        if invoice.paid?
+      if @payment_order.payment_received?
-          flash[:notice] = t(:pending_applied)
+        @payment_order.complete_transaction
+
+        if @payment_order.invoice.paid?
+          flash[:notice] = t('.payment_successful')
         else
-          flash[:alert] = t(:something_wrong)
+          flash[:alert] = t('.successful_payment_backend_error')
         end
       else
-        flash[:alert] = t(:something_wrong)
+        @payment_order.create_failure_report
+        flash[:alert] = t('.payment_not_received')
       end
-      redirect_to registrar_invoice_path(invoice)
+      redirect_to registrar_invoice_path(@payment_order.invoice)
     end
 
     def callback
-      invoice = Invoice.find(params[:invoice_id])
+      @payment_order = PaymentOrder.find_by!(id: params[:payment_order])
-      opts = { response: params }
+      @payment_order.update!(response: params.to_unsafe_h)
-      @payment = ::PaymentOrders.create_with_type(params[:bank], invoice, opts)
 
-      if @payment.valid_response_from_intermediary? && @payment.settled_payment?
+      if @payment_order.payment_received?
-        @payment.complete_transaction
+        @payment_order.complete_transaction
+      else
+        @payment_order.create_failure_report
       end
 
       render status: 200, json: { status: 'ok' }
@@ -55,13 +58,9 @@ class Registrar
     private
 
     def check_supported_payment_method
-      return if supported_payment_method?
+      return if PaymentOrder.supported_method?(params[:bank], shortname: true)
-      raise StandardError.new("Not supported payment method")
-    end
 
-
+      raise(StandardError, 'Not supported payment method')
-    def supported_payment_method?
-      PaymentOrders::PAYMENT_METHODS.include?(params[:bank])
     end
   end
 end

app/controllers/registrar/sessions_controller.rb

@@ -31,7 +31,8 @@ class Registrar
       end
 
       if @depp_user.pki
-        unless @api_user.registrar_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
+        unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
+                                 request.env['HTTP_SSL_CLIENT_S_DN_CN'], api: false)
           @depp_user.errors.add(:base, :invalid_cert)
         end
       end
@@ -55,7 +56,7 @@ class Registrar
       ip_allowed = restricted_ip.can_access_registrar_area?(resource.registrar)
 
       unless ip_allowed
-        render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
+        render plain: t('registrar.authorization.ip_not_allowed', ip: request.ip)
         warden.logout(:registrar_user)
         return
       end
@@ -171,7 +172,7 @@ class Registrar
 
       return if allowed
 
-      render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
+      render plain: t('registrar.authorization.ip_not_allowed', ip: request.ip)
     end
 
     def current_ability

app/controllers/registrar/xml_consoles_controller.rb

@@ -19,7 +19,7 @@ class Registrar
       xml_dir_path = Rails.root + 'app/views/registrar/xml_consoles/epp_requests'
       xml = File.read("#{xml_dir_path}/#{params[:obj]}/#{params[:epp_action]}.xml")
       xml.gsub!('<clTRID>ABC-12345</clTRID>', "<clTRID>#{cl_trid}</clTRID>")
-      render text: xml
+      render plain: xml
     end
   end
 end

app/controllers/repp/v1/auctions_controller.rb

@@ -0,0 +1,23 @@
+module Repp
+  module V1
+    class AuctionsController < ActionController::API
+      def index
+        auctions = Auction.started
+
+        render json: { count: auctions.count,
+                       auctions: auctions_to_json(auctions) }
+      end
+
+      private
+
+      def auctions_to_json(auctions)
+        auctions.map do |e|
+          {
+            domain_name: e.domain,
+            punycode_domain_name: SimpleIDN.to_ascii(e.domain),
+          }
+        end
+      end
+    end
+  end
+end

app/controllers/repp/v1/retained_domains_controller.rb

@@ -0,0 +1,15 @@
+module Repp
+  module V1
+    class RetainedDomainsController < ActionController::API
+      def index
+        domains = RetainedDomains.new(query_params)
+
+        render json: { count: domains.count, domains: domains.to_jsonable }
+      end
+
+      def query_params
+        params.permit(:type)
+      end
+    end
+  end
+end

app/helpers/application_helper.rb

@@ -33,6 +33,18 @@ module ApplicationHelper
     end
   end
 
+  def current_commit_link
+    hash = `git rev-parse --short HEAD`
+    current_repo = `git remote get-url origin`.gsub('com:', 'com/')
+                                              .gsub('git@', 'https://')
+                                              .gsub('.git', '')
+
+    link_to hash.to_s, "#{current_repo}/commit/#{hash}",
+            class: 'footer-version-link',
+            target: '_blank',
+            rel: 'noopener'
+  end
+
   def creator_link(model)
     return 'not present' if model.blank?
     return 'unknown'     if model.creator.blank?
@@ -96,4 +108,14 @@ module ApplicationHelper
   def body_css_class
     [controller_path.split('/').map!(&:dasherize), action_name.dasherize, 'page'].join('-')
   end
+
+  def verified_email_span(verification)
+    content_tag(:span, verification.email, class: verified_email_class(verification))
+  end
+
+  def verified_email_class(verification)
+    return 'text-danger' if verification.failed?
+    return 'text-primary' if verification.not_verified?
+    return 'text-success' if verification.verified?
+  end
 end

app/jobs/directo_invoice_forward_job.rb

@@ -0,0 +1,125 @@
+class DirectoInvoiceForwardJob < Que::Job
+  def run(monthly: false, dry: false)
+    @dry = dry
+    (@month = Time.zone.now - 1.month) if monthly
+    api_url = ENV['directo_invoice_url']
+    sales_agent = Setting.directo_sales_agent
+    payment_term = Setting.directo_receipt_payment_term
+    @prepayment_product_id = Setting.directo_receipt_product_name
+
+    @client = DirectoApi::Client.new(api_url, sales_agent, payment_term)
+    monthly ? send_monthly_invoices : send_receipts
+  end
+
+  def send_receipts
+    unsent_invoices = Invoice.where(in_directo: false).non_cancelled
+
+    Rails.logger.info("[DIRECTO] Trying to send #{unsent_invoices.count} prepayment invoices")
+    unsent_invoices.each do |invoice|
+      unless valid_invoice_conditions?(invoice)
+        Rails.logger.info "[DIRECTO] Invoice #{invoice.number} has been skipped"
+        next
+      end
+      @client.invoices.add_with_schema(invoice: invoice.as_directo_json, schema: 'prepayment')
+    end
+
+    sync_with_directo
+  end
+
+  def send_monthly_invoices
+    Registrar.where.not(test_registrar: true).find_each do |registrar|
+      fetch_monthly_summary(registrar: registrar)
+    end
+
+    return unless @client.invoices.count.positive?
+
+    sync_with_directo
+  end
+
+  def fetch_monthly_summary(registrar:)
+    return unless registrar.cash_account
+
+    summary = registrar.monthly_summary(month: @month)
+    @client.invoices.add_with_schema(invoice: summary, schema: 'summary') unless summary.nil?
+  end
+
+  def assign_monthly_numbers
+    if directo_counter_exceedable?(@client.invoices.count)
+      raise 'Directo Counter is going to be out of period!'
+    end
+
+    min_directo    = Setting.directo_monthly_number_min.presence.try(:to_i)
+    directo_number = [Setting.directo_monthly_number_last.presence.try(:to_i),
+                      min_directo].compact.max || 0
+
+    @client.invoices.each do |inv|
+      directo_number += 1
+      inv.number = directo_number
+    end
+  end
+
+  def valid_invoice_conditions?(invoice)
+    if invoice.account_activity.nil? || invoice.account_activity.bank_transaction.nil? ||
+       invoice.account_activity.bank_transaction.sum.nil? ||
+       invoice.account_activity.bank_transaction.sum != invoice.total
+      return false
+
+    end
+
+    true
+  end
+
+  def sync_with_directo
+    assign_monthly_numbers if @month
+    Rails.logger.info("[Directo] - attempting to send following XML:\n #{@client.invoices.as_xml}")
+    return if @dry
+
+    res = @client.invoices.deliver(ssl_verify: false)
+    process_directo_response(res.body, @client.invoices.as_xml)
+  rescue SocketError, Errno::ECONNREFUSED, Timeout::Error, Errno::EINVAL, Errno::ECONNRESET,
+         EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError
+    Rails.logger.info('[Directo] Failed to communicate via API')
+  end
+
+  def process_directo_response(xml, req)
+    Rails.logger.info "[Directo] - Responded with body: #{xml}"
+    Nokogiri::XML(xml).css('Result').each do |res|
+      if @month
+        mark_invoice_as_sent(res: res, req: req)
+      else
+        inv = Invoice.find_by(number: res.attributes['docid'].value.to_i)
+        mark_invoice_as_sent(invoice: inv, res: res, req: req)
+      end
+    end
+  end
+
+  def mark_invoice_as_sent(invoice: nil, res:, req:)
+    directo_record = Directo.new(response: res.as_json.to_h,
+                                 request: req, invoice_number: res.attributes['docid'].value.to_i)
+    if invoice
+      directo_record.item = invoice
+      invoice.update(in_directo: true)
+    else
+      update_directo_number(num: directo_record.invoice_number)
+    end
+
+    directo_record.save!
+  end
+
+  def update_directo_number(num:)
+    return unless num.to_i > Setting.directo_monthly_number_last.to_i
+
+    Setting.directo_monthly_number_last = num.to_i
+  end
+
+  def directo_counter_exceedable?(invoice_count)
+    min_directo    = Setting.directo_monthly_number_min.presence.try(:to_i)
+    max_directo    = Setting.directo_monthly_number_max.presence.try(:to_i)
+    last_directo   = [Setting.directo_monthly_number_last.presence.try(:to_i),
+                      min_directo].compact.max || 0
+
+    return true if max_directo && max_directo < (last_directo + invoice_count)
+
+    false
+  end
+end

app/jobs/dispute_status_update_job.rb

@@ -0,0 +1,63 @@
+class DisputeStatusUpdateJob < Que::Job
+  def run(logger: Logger.new(STDOUT))
+    @logger = logger
+
+    @backlog = { 'activated': 0, 'closed': 0, 'activate_fail': [], 'close_fail': [] }
+               .with_indifferent_access
+
+    close_disputes
+    activate_disputes
+
+    @logger.info "DisputeStatusUpdateJob - All done. Closed #{@backlog['closed']} and " \
+    "activated #{@backlog['activated']} disputes."
+
+    show_failed_disputes unless @backlog['activate_fail'].empty? && @backlog['close_fail'].empty?
+  end
+
+  def close_disputes
+    disputes = Dispute.where(closed: nil).where('expires_at < ?', Time.zone.today).all
+    @logger.info "DisputeStatusUpdateJob - Found #{disputes.count} closable disputes"
+    disputes.each do |dispute|
+      process_dispute(dispute, closing: true)
+    end
+  end
+
+  def activate_disputes
+    disputes = Dispute.where(closed: nil, starts_at: Time.zone.today).all
+    @logger.info "DisputeStatusUpdateJob - Found #{disputes.count} activatable disputes"
+
+    disputes.each do |dispute|
+      process_dispute(dispute, closing: false)
+    end
+  end
+
+  def process_dispute(dispute, closing: false)
+    intent = closing ? 'close' : 'activate'
+    success = closing ? dispute.close(initiator: 'Job') : dispute.generate_data
+    create_backlog_entry(dispute: dispute, intent: intent, successful: success)
+  end
+
+  def create_backlog_entry(dispute:, intent:, successful:)
+    if successful
+      @backlog["#{intent}d"] += 1
+      @logger.info "DisputeStatusUpdateJob - #{intent}d dispute " \
+      " for '#{dispute.domain_name}'"
+    else
+      @backlog["#{intent}_fail"] << dispute.id
+      @logger.info 'DisputeStatusUpdateJob - Failed to' \
+      "#{intent} dispute for '#{dispute.domain_name}'"
+    end
+  end
+
+  def show_failed_disputes
+    if @backlog['close_fail'].any?
+      @logger.info('DisputeStatusUpdateJob - Failed to close disputes with Ids:' \
+      "#{@backlog['close_fail']}")
+    end
+
+    return unless @backlog['activate_fail'].any?
+
+    @logger.info('DisputeStatusUpdateJob - Failed to activate disputes with Ids:' \
+    "#{@backlog['activate_fail']}")
+  end
+end

app/jobs/domain_delete_confirm_job.rb

@@ -1,6 +1,6 @@
 class DomainDeleteConfirmJob < Que::Job
   def run(domain_id, action, initiator = nil)
-    ::PaperTrail.whodunnit = "job - #{self.class.name} - #{action} by #{initiator}"
+    ::PaperTrail.request.whodunnit = "job - #{self.class.name} - #{action} by #{initiator}"
     # it's recommended to keep transaction against job table as short as possible.
     ActiveRecord::Base.transaction do
       domain = Epp::Domain.find(domain_id)

app/jobs/domain_delete_job.rb

@@ -3,7 +3,7 @@ class DomainDeleteJob < Que::Job
   def run(domain_id)
     domain = Domain.find(domain_id)
 
-    ::PaperTrail.whodunnit = "job - #{self.class.name}"
+    ::PaperTrail.request.whodunnit = "job - #{self.class.name}"
     WhoisRecord.where(domain_id: domain.id).destroy_all
 
     domain.destroy

app/jobs/domain_update_confirm_job.rb

@@ -1,6 +1,6 @@
 class DomainUpdateConfirmJob < Que::Job
   def run(domain_id, action, initiator = nil)
-    ::PaperTrail.whodunnit = "job - #{self.class.name} - #{action} by #{initiator}"
+    ::PaperTrail.request.whodunnit = "job - #{self.class.name} - #{action} by #{initiator}"
     # it's recommended to keep transaction against job table as short as possible.
     ActiveRecord::Base.transaction do
       domain = Epp::Domain.find(domain_id)

app/jobs/regenerate_subzone_whoises_job.rb

@@ -0,0 +1,11 @@
+class RegenerateSubzoneWhoisesJob < Que::Job
+  def run
+    subzones = DNS::Zone.all
+
+    subzones.each do |zone|
+      next unless zone.subzone?
+
+      UpdateWhoisRecordJob.enqueue zone.origin, 'zone'
+    end
+  end
+end

app/jobs/send_e_invoice_job.rb

@@ -0,0 +1,43 @@
+class SendEInvoiceJob < Que::Job
+  def run(invoice_id)
+    invoice = run_condition(Invoice.find_by(id: invoice_id))
+
+    invoice.to_e_invoice.deliver
+    ActiveRecord::Base.transaction do
+      invoice.update(e_invoice_sent_at: Time.zone.now)
+      log_success(invoice)
+      destroy
+    end
+  rescue StandardError => e
+    log_error(invoice: invoice, error: e)
+    raise e
+  end
+
+  private
+
+  def run_condition(invoice)
+    destroy unless invoice
+    destroy if invoice.do_not_send_e_invoice?
+    invoice
+  end
+
+  def log_success(invoice)
+    id = invoice.try(:id) || invoice
+    message = "E-Invoice for an invoice with ID # #{id} was sent successfully"
+    logger.info message
+  end
+
+  def log_error(invoice:, error:)
+    id = invoice.try(:id) || invoice
+    message = <<~TEXT.squish
+      There was an error sending e-invoice for invoice with ID # #{id}.
+      The error message was the following: #{error}
+      This job will retry.
+    TEXT
+    logger.error message
+  end
+
+  def logger
+    Rails.logger
+  end
+end

app/jobs/update_whois_record_job.rb

@@ -1,16 +1,12 @@
 class UpdateWhoisRecordJob < Que::Job
 
   def run(names, type)
-    ::PaperTrail.whodunnit = "job - #{self.class.name} - #{type}"
+    ::PaperTrail.request.whodunnit = "job - #{self.class.name} - #{type}"
 
-    klass = case type
+    klass = determine_class(type)
-      when 'reserved'then ReservedDomain
-      when 'blocked' then BlockedDomain
-      when 'domain'  then Domain
-    end
 
     Array(names).each do |name|
-      record = klass.find_by(name: name)
+      record = find_record(klass, name)
       if record
         send "update_#{type}", record
       else
@@ -19,7 +15,19 @@ class UpdateWhoisRecordJob < Que::Job
     end
   end
 
+  def find_record(klass, name)
+    klass == DNS::Zone ? klass.find_by(origin: name) : klass.find_by(name: name)
+  end
 
+  def determine_class(type)
+    case type
+    when 'reserved' then ReservedDomain
+    when 'blocked'  then BlockedDomain
+    when 'domain'   then Domain
+    when 'disputed' then Dispute.active
+    when 'zone'     then DNS::Zone
+    end
+  end
 
   def update_domain(domain)
     domain.whois_record ? domain.whois_record.save : domain.create_whois_record
@@ -33,6 +41,13 @@ class UpdateWhoisRecordJob < Que::Job
     update_reserved(record)
   end
 
+  def update_disputed(record)
+    update_reserved(record)
+  end
+
+  def update_zone(record)
+    update_reserved(record)
+  end
 
   # 1. deleting own
   # 2. trying to regenerate reserved in order domain is still in the list
@@ -41,14 +56,32 @@ class UpdateWhoisRecordJob < Que::Job
 
     BlockedDomain.find_by(name: name).try(:generate_data)
     ReservedDomain.find_by(name: name).try(:generate_data)
+    Dispute.active.find_by(domain_name: name).try(:generate_data)
   end
 
   def delete_reserved(name)
-    Domain.where(name: name).any?
+    remove_status_from_whois(domain_name: name, domain_status: 'Reserved')
-    Whois::Record.where(name: name).delete_all
   end
 
   def delete_blocked(name)
     delete_reserved(name)
   end
+
+  def delete_disputed(name)
+    return if Dispute.active.find_by(domain_name: name).present?
+
+    remove_status_from_whois(domain_name: name, domain_status: 'disputed')
+  end
+
+  def delete_zone(name)
+    WhoisRecord.where(name: name).destroy_all
+    Whois::Record.where(name: name).destroy_all
+  end
+
+  def remove_status_from_whois(domain_name:, domain_status:)
+    Whois::Record.where(name: domain_name).each do |r|
+      r.json['status'] = r.json['status'].delete_if { |status| status == domain_status }
+      r.json['status'].blank? ? r.destroy : r.save
+    end
+  end
 end

app/jobs/verify_emails_job.rb

@@ -0,0 +1,45 @@
+class VerifyEmailsJob < Que::Job
+  def run(verification_id)
+    email_address_verification = run_condition(EmailAddressVerification.find(verification_id))
+
+    return if email_address_verification.recently_verified?
+
+    ActiveRecord::Base.transaction do
+      email_address_verification.verify
+      log_success(email_address_verification)
+      destroy
+    end
+  rescue StandardError => e
+    log_error(verification: email_address_verification, error: e)
+    raise e
+  end
+
+  private
+
+  def run_condition(email_address_verification)
+    destroy unless email_address_verification
+    destroy if email_address_verification.recently_verified?
+
+    email_address_verification
+  end
+
+  def logger
+    @logger ||= Logger.new(Rails.root.join('log', 'email_verification.log'))
+  end
+
+  def log_success(verification)
+    email = verification.try(:email) || verification
+    message = "Email address #{email} verification done"
+    logger.info message
+  end
+
+  def log_error(verification:, error:)
+    email = verification.try(:email) || verification
+    message = <<~TEXT.squish
+      There was an error verifying email #{email}.
+      The error message was the following: #{error}
+      This job will retry.
+    TEXT
+    logger.error message
+  end
+end

app/mailers/domain_delete_mailer.rb

@@ -39,10 +39,12 @@ class DomainDeleteMailer < ApplicationMailer
     @registrant = RegistrantPresenter.new(registrant: registrant, view: view_context)
 
     @redemption_grace_period = Setting.redemption_grace_period
+    @expire_warning_period = Setting.expire_warning_period
+    @delete_period_length = @redemption_grace_period + @expire_warning_period
 
     subject = default_i18n_subject(domain_name: domain.name)
     mail(from: forced_email_from,
-         to: domain.primary_contact_emails,
+         to: domain.force_delete_contact_emails,
          subject: subject,
          template_path: 'mailers/domain_delete_mailer/forced',
          template_name: template_name)

app/models/ability.rb

@@ -50,6 +50,7 @@ class Ability
     can(:check,    Epp::Domain)
     can(:create,   Epp::Domain)
     can(:renew,    Epp::Domain) { |d| d.registrar_id == @user.registrar_id }
+    can(:remove_hold, Epp::Domain) { |d| d.registrar_id == @user.registrar_id }
     can(:update,   Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
     can(:transfer, Epp::Domain)
     can(:delete,   Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
@@ -99,6 +100,7 @@ class Ability
     can :manage, Invoice
     can :manage, WhiteIp
     can :manage, AccountActivity
+    can :manage, Dispute
     can :read, ApiLog::EppLog
     can :read, ApiLog::ReppLog
     can :update, :pending

app/models/account.rb

@@ -1,4 +1,4 @@
-class Account < ActiveRecord::Base
+class Account < ApplicationRecord
   include Versions
 
   belongs_to :registrar, required: true

app/models/account_activity.rb

@@ -1,4 +1,4 @@
-class AccountActivity < ActiveRecord::Base
+class AccountActivity < ApplicationRecord
   include Versions
   belongs_to :account, required: true
   belongs_to :bank_transaction

app/models/action.rb

@@ -1,5 +1,5 @@
-class Action < ActiveRecord::Base
+class Action < ApplicationRecord
-  has_paper_trail class_name: 'ActionVersion'
+  has_paper_trail versions: { class_name: 'ActionVersion' }
 
   belongs_to :user
   belongs_to :contact

app/models/actions/contact_update.rb

@@ -0,0 +1,105 @@
+module Actions
+  class ContactUpdate
+    attr_reader :contact
+    attr_reader :new_attributes
+    attr_reader :legal_document
+    attr_reader :ident
+    attr_reader :user
+
+    def initialize(contact, new_attributes, legal_document, ident, user)
+      @contact = contact
+      @new_attributes = new_attributes
+      @legal_document = legal_document
+      @ident = ident
+      @user = user
+    end
+
+    def call
+      maybe_remove_address
+      maybe_update_statuses
+      maybe_update_ident
+      maybe_attach_legal_doc
+      commit
+    end
+
+    def maybe_remove_address
+      return if Contact.address_processing?
+
+      new_attributes.delete(:city)
+      new_attributes.delete(:zip)
+      new_attributes.delete(:street)
+      new_attributes.delete(:state)
+      new_attributes.delete(:country_code)
+    end
+
+    def maybe_update_statuses
+      return unless Setting.client_status_editing_enabled
+
+      new_statuses =
+        contact.statuses - new_attributes[:statuses_to_remove] + new_attributes[:statuses_to_add]
+
+      new_attributes[:statuses] = new_statuses
+    end
+
+    def maybe_attach_legal_doc
+      return unless legal_document
+
+      document = contact.legal_documents.create(
+        document_type: legal_document[:type],
+        body: legal_document[:body]
+      )
+
+      contact.legal_document_id = document.id
+    end
+
+    def maybe_update_ident
+      return unless ident[:ident]
+
+      if contact.identifier.valid?
+        submitted_ident = ::Contact::Ident.new(code: ident[:ident],
+                                               type: ident[:ident_type],
+                                               country_code: ident[:ident_country_code])
+
+        if submitted_ident != contact.identifier
+          contact.add_epp_error('2308', nil, nil, I18n.t('epp.contacts.errors.valid_ident'))
+          @error = true
+        end
+      else
+        ident_update_attempt = ident[:ident] != contact.ident
+
+        if ident_update_attempt
+          contact.add_epp_error('2308', nil, nil, I18n.t('epp.contacts.errors.ident_update'))
+          @error = true
+        end
+
+        identifier = ::Contact::Ident.new(code: ident[:ident],
+                                          type: ident[:ident_type],
+                                          country_code: ident[:ident_country_code])
+
+        identifier.validate
+
+        contact.identifier = identifier
+        contact.ident_updated_at ||= Time.zone.now
+      end
+    end
+
+    def commit
+      return false if @error
+
+      contact.upid = user.registrar&.id
+      contact.up_date = Time.zone.now
+
+      contact.attributes = new_attributes
+
+      email_changed = contact.will_save_change_to_email?
+      old_email = contact.email_was
+      updated = contact.save
+
+      if updated && email_changed && contact.registrant?
+        ContactMailer.email_changed(contact: contact, old_email: old_email).deliver_now
+      end
+
+      updated
+    end
+  end
+end

app/models/admin_user.rb

@@ -4,7 +4,7 @@ class AdminUser < User
   validates :identity_code, presence: true, if: -> { country_code == 'EE' }
   validates :email, presence: true
   validates :password, :password_confirmation, presence: true, if: :new_record?
-  validates :password_confirmation, presence: true, if: :encrypted_password_changed?
+  validates :password_confirmation, presence: true, if: :will_save_change_to_encrypted_password?
   validate :validate_identity_code, if: -> { country_code == 'EE' }
 
   ROLES = %w(user customer_service admin) # should not match to api_users roles

app/models/api_log/db.rb

@@ -1,5 +1,5 @@
 module ApiLog
-  class Db < ActiveRecord::Base
+  class Db < ApplicationRecord
     self.abstract_class = true
     # to_sym is needed because passing a string to ActiveRecord::Base.establish_connection
     # for a configuration lookup is deprecated

app/models/api_user.rb

@@ -26,9 +26,9 @@ class ApiUser < User
   validates :username, uniqueness: true
 
   delegate :code, :name, to: :registrar, prefix: true
+  delegate :legaldoc_mandatory?, to: :registrar
 
   alias_attribute :login, :username
-  attr_accessor :registrar_typeahead
 
   SUPER = 'super'
   EPP = 'epp'
@@ -44,7 +44,7 @@ class ApiUser < User
   after_initialize :set_defaults
   def set_defaults
     return unless new_record?
-    self.active = true unless active_changed?
+    self.active = true unless saved_change_to_active?
   end
 
   class << self
@@ -53,10 +53,6 @@ class ApiUser < User
     end
   end
 
-  def registrar_typeahead
-    @registrar_typeahead || registrar || nil
-  end
-
   def to_s
     username
   end
@@ -69,24 +65,14 @@ class ApiUser < User
     registrar.notifications.unread
   end
 
-  def registrar_pki_ok?(crt, cn)
+  def pki_ok?(crt, com, api: true)
-    return false if crt.blank? || cn.blank?
+    return false if crt.blank? || com.blank?
-    crt = crt.split(' ').join("\n")
-    crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
-    crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
-    cert = OpenSSL::X509::Certificate.new(crt)
-    md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
-    certificates.registrar.exists?(md5: md5, common_name: cn)
-  end
 
-  def api_pki_ok?(crt, cn)
+    origin = api ? certificates.api : certificates.registrar
-    return false if crt.blank? || cn.blank?
+    cert = machine_readable_certificate(crt)
-    crt = crt.split(' ').join("\n")
-    crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
-    crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
-    cert = OpenSSL::X509::Certificate.new(crt)
     md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
-    certificates.api.exists?(md5: md5, common_name: cn)
+
+    origin.exists?(md5: md5, common_name: com, revoked: false)
   end
 
   def linked_users
@@ -98,4 +84,14 @@ class ApiUser < User
   def linked_with?(another_api_user)
     another_api_user.identity_code == self.identity_code
   end
+
+  private
+
+  def machine_readable_certificate(cert)
+    cert = cert.split(' ').join("\n")
+    cert.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
+    cert.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
+
+    OpenSSL::X509::Certificate.new(cert)
+  end
 end

app/models/application_record.rb

@@ -0,0 +1,3 @@
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+end

app/models/auction.rb

@@ -1,4 +1,4 @@
-class Auction < ActiveRecord::Base
+class Auction < ApplicationRecord
   enum status: {
     started: 'started',
     awaiting_payment: 'awaiting_payment',
@@ -23,10 +23,19 @@ class Auction < ActiveRecord::Base
     save!
   end
 
+  def whois_deadline
+    registration_deadline.try(:to_s, :iso8601)
+  end
+
   def mark_as_no_bids
     no_bids!
   end
 
+  def mark_deadline(registration_deadline)
+    self.registration_deadline = registration_deadline
+    save!
+  end
+
   def mark_as_payment_received
     self.status = self.class.statuses[:payment_received]
     generate_registration_code

app/models/bank_statement.rb

@@ -1,4 +1,4 @@
-class BankStatement < ActiveRecord::Base
+class BankStatement < ApplicationRecord
   include Versions
   has_many :bank_transactions
 
@@ -25,10 +25,16 @@ class BankStatement < ActiveRecord::Base
       bank_transactions.build(bt_params)
     end
 
+    prepare_dir
     self.import_file_path = "#{ENV['bank_statement_import_dir']}/#{Time.zone.now.to_formatted_s(:number)}.txt"
     File.open(import_file_path, 'w') { |f| f.write(th6_file.open.read) }
   end
 
+  def prepare_dir
+    dirname = ENV['bank_statement_import_dir']
+    FileUtils.mkdir_p(dirname) unless File.directory?(dirname)
+  end
+
   def parse_th6_row(row)
     return parse_th6_header(row) if row[4, 3].strip == '000'
     return if row[4, 3].strip == '999' # skip footer
@@ -45,7 +51,7 @@ class BankStatement < ActiveRecord::Base
       buyer_name: row[83, 35].strip,
       document_no: row[118, 8].strip,
       description: row[126, 140].strip,
-      sum: BigDecimal.new(row[268, 12].strip) / BigDecimal.new('100.0'),
+      sum: BigDecimal(row[268, 12].strip) / BigDecimal('100.0'),
       reference_no: row[280, 35].strip
     }
   end
@@ -80,7 +86,9 @@ class BankStatement < ActiveRecord::Base
     status == FULLY_BINDED
   end
 
-  def bind_invoices
+  def bind_invoices(manual: false)
-    bank_transactions.unbinded.each(&:autobind_invoice)
+    bank_transactions.unbinded.each do |transaction|
+      transaction.autobind_invoice(manual: manual)
+    end
   end
 end

app/models/bank_transaction.rb

@@ -1,4 +1,4 @@
-class BankTransaction < ActiveRecord::Base
+class BankTransaction < ApplicationRecord
   include Versions
   belongs_to :bank_statement
   has_one :account_activity
@@ -13,53 +13,72 @@ class BankTransaction < ActiveRecord::Base
 
   def binded_invoice
     return unless binded?
+
     account_activity.invoice
   end
 
-
-  def invoice_num
-    return @invoice_no if defined?(@invoice_no)
-
-    match = description.match(/^[^\d]*(\d+)/)
-    return unless match
-
-    @invoice_no = match[1].try(:to_i)
-  end
-
   def invoice
-    @invoice ||= registrar.invoices.find_by(number: invoice_num) if registrar
+    return unless registrar
+
+    @invoice ||= registrar.invoices
+                          .order(created_at: :asc)
+                          .unpaid
+                          .non_cancelled
+                          .find_by(total: sum)
   end
 
   def registrar
-    @registrar ||= Invoice.find_by(reference_no: reference_no)&.buyer
+    @registrar ||= Invoice.find_by(reference_no: parsed_ref_number)&.buyer
   end
 
-
   # For successful binding, reference number, invoice id and sum must match with the invoice
-  def autobind_invoice
+  def autobind_invoice(manual: false)
     return if binded?
     return unless registrar
-    return unless invoice_num
     return unless invoice
     return unless invoice.payable?
 
-    return if invoice.total != sum
+    channel = if manual
-    create_activity(registrar, invoice)
+                'admin_payment'
+              else
+                'system_payment'
+              end
+    create_internal_payment_record(channel: channel, invoice: invoice,
+                                   registrar: registrar)
   end
 
-  def bind_invoice(invoice_no)
+  def create_internal_payment_record(channel: nil, invoice:, registrar:)
+    if channel.nil?
+      create_activity(invoice.buyer, invoice)
+      return
+    end
+
+    payment_order = PaymentOrder.new_with_type(type: channel, invoice: invoice)
+    payment_order.save!
+
+    if create_activity(registrar, invoice)
+      payment_order.paid!
+    else
+      payment_order.update(notes: 'Failed to create activity', status: 'failed')
+    end
+  end
+
+  def bind_invoice(invoice_no, manual: false)
     if binded?
       errors.add(:base, I18n.t('transaction_is_already_binded'))
       return
     end
 
     invoice = Invoice.find_by(number: invoice_no)
+    errors.add(:base, I18n.t('invoice_was_not_found')) unless invoice
+    validate_invoice_data(invoice)
+    return if errors.any?
 
-    unless invoice
+    create_internal_payment_record(channel: (manual ? 'admin_payment' : nil), invoice: invoice,
-      errors.add(:base, I18n.t('invoice_was_not_found'))
+                                   registrar: invoice.buyer)
-      return
   end
 
+  def validate_invoice_data(invoice)
     if invoice.paid?
       errors.add(:base, I18n.t('invoice_is_already_binded'))
       return
@@ -70,23 +89,21 @@ class BankTransaction < ActiveRecord::Base
       return
     end
 
-    if invoice.total != sum
+    errors.add(:base, I18n.t('invoice_and_transaction_sums_do_not_match')) if invoice.total != sum
-      errors.add(:base, I18n.t('invoice_and_transaction_sums_do_not_match'))
-      return
-    end
-
-    create_activity(invoice.buyer, invoice)
   end
 
   def create_activity(registrar, invoice)
-    ActiveRecord::Base.transaction do
+    activity = AccountActivity.new(
-      create_account_activity!(account: registrar.cash_account,
+      account: registrar.cash_account, bank_transaction: self,
-                               invoice: invoice,
+      invoice: invoice, sum: invoice.subtotal,
-                               sum: invoice.subtotal,
+      currency: currency, description: description,
-                               currency: currency,
+      activity_type: AccountActivity::ADD_CREDIT
-                               description: description,
+    )
-                               activity_type: AccountActivity::ADD_CREDIT)
+    if activity.save
       reset_pending_registrar_balance_reload
+      true
+    else
+      false
     end
   end
 
@@ -98,4 +115,12 @@ class BankTransaction < ActiveRecord::Base
     registrar.settings['balance_auto_reload'].delete('pending')
     registrar.save!
   end
+
+  def parsed_ref_number
+    reference_no || ref_number_from_description
+  end
+
+  def ref_number_from_description
+    /(\d{7})/.match(description)[0]
+  end
 end

app/models/billing/price.rb

@@ -1,5 +1,5 @@
 module Billing
-  class Price < ActiveRecord::Base
+  class Price < ApplicationRecord
     include Concerns::Billing::Price::Expirable
 
     belongs_to :zone, class_name: 'DNS::Zone', required: true

app/models/blocked_domain.rb

@@ -1,4 +1,4 @@
-class BlockedDomain < ActiveRecord::Base
+class BlockedDomain < ApplicationRecord
   include Versions
   before_save   :generate_data
   after_destroy :remove_data

app/models/certificate.rb

@@ -1,6 +1,6 @@
 require 'open3'
 
-class Certificate < ActiveRecord::Base
+class Certificate < ApplicationRecord
   include Versions
 
   belongs_to :api_user
@@ -32,20 +32,21 @@ class Certificate < ActiveRecord::Base
       errors.add(:base, I18n.t(:invalid_csr_or_crt))
   end
 
-  before_create :parse_metadata
+  validate :assign_metadata, on: :create
-  def parse_metadata
+
-    if crt
+  def assign_metadata
-      pc = parsed_crt.try(:subject).try(:to_s) || ''
+    origin = crt ? parsed_crt : parsed_csr
-      cn = pc.scan(/\/CN=(.+)/).flatten.first
+    parse_metadata(origin)
-      self.common_name = cn.split('/').first
+  rescue NoMethodError
-      self.md5 = OpenSSL::Digest::MD5.new(parsed_crt.to_der).to_s
+    errors.add(:base, I18n.t(:invalid_csr_or_crt))
-      self.interface = API
-    elsif csr
-      pc = parsed_csr.try(:subject).try(:to_s) || ''
-      cn = pc.scan(/\/CN=(.+)/).flatten.first
-      self.common_name = cn.split('/').first
-      self.interface = REGISTRAR
   end
+
+  def parse_metadata(origin)
+    pc = origin.subject.to_s
+    cn = pc.scan(%r{\/CN=(.+)}).flatten.first
+    self.common_name = cn.split('/').first
+    self.md5 = OpenSSL::Digest::MD5.new(origin.to_der).to_s if crt
+    self.interface = crt ? API : REGISTRAR
   end
 
   def parsed_crt
@@ -116,6 +117,7 @@ class Certificate < ActiveRecord::Base
       -revoke #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
 
     if err.match(/Data Base Updated/) || err.match(/ERROR:Already revoked/)
+      self.revoked = true
       save!
       @cached_status = REVOKED
     else

app/models/concerns/contact/transferable.rb

@@ -3,7 +3,7 @@ module Concerns::Contact::Transferable
 
   included do
     validates :auth_info, presence: true
-    after_initialize :generate_auth_info, if: 'new_record? && auth_info.blank?'
+    after_initialize :generate_auth_info, if: -> { new_record? && auth_info.blank? }
   end
 
   def transfer(new_registrar)

app/models/concerns/domain/disputable.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module Concerns
+  module Domain
+    module Disputable
+      extend ActiveSupport::Concern
+
+      included do
+        validate :validate_disputed
+      end
+
+      def mark_as_disputed
+        statuses.push(DomainStatus::DISPUTED) unless statuses.include?(DomainStatus::DISPUTED)
+        save
+      end
+
+      def unmark_as_disputed
+        statuses.delete_if { |status| status == DomainStatus::DISPUTED }
+        save
+      end
+
+      def in_disputed_list?
+        @in_disputed_list ||= Dispute.active.find_by(domain_name: name).present?
+      end
+
+      def disputed?
+        Dispute.active.where(domain_name: name).any?
+      end
+
+      def validate_disputed
+        return if persisted? || !in_disputed_list?
+
+        if reserved_pw.blank?
+          errors.add(:base, :required_parameter_missing_disputed)
+          return false
+        end
+
+        return if Dispute.valid_auth?(name, reserved_pw)
+
+        errors.add(:base, :invalid_auth_information_reserved)
+      end
+    end
+  end
+end

app/models/concerns/domain/force_delete.rb

@@ -1,32 +1,116 @@
-module Concerns::Domain::ForceDelete
+module Concerns::Domain::ForceDelete # rubocop:disable Metrics/ModuleLength
   extend ActiveSupport::Concern
 
+  included do
+    store_accessor :force_delete_data,
+                   :force_delete_type,
+                   :contact_notification_sent_date,
+                   :template_name
+
+    scope :notification_not_sent,
+          lambda {
+            where("(force_delete_data->>'contact_notification_sent_date') is null")
+          }
+  end
+
+  class_methods do
+    def force_delete_scheduled
+      where('force_delete_start <= ?', Time.zone.now)
+    end
+  end
+
   def force_delete_scheduled?
     statuses.include?(DomainStatus::FORCE_DELETE)
   end
 
-  def schedule_force_delete
+  def should_notify_on_soft_force_delete?
+    force_delete_scheduled? && contact_notification_sent_date.blank? &&
+      force_delete_start.to_date <= Time.zone.now.to_date && force_delete_type.to_sym == :soft &&
+      !statuses.include?(DomainStatus::CLIENT_HOLD)
+  end
+
+  def client_holdable?
+    force_delete_scheduled? && !statuses.include?(DomainStatus::CLIENT_HOLD) &&
+      force_delete_start.present? && force_delete_lte_today && force_delete_lte_valid_date
+  end
+
+  def force_delete_lte_today
+    force_delete_start + Setting.expire_warning_period.days <= Time.zone.now
+  end
+
+  def force_delete_lte_valid_date
+    force_delete_start + Setting.expire_warning_period.days <= valid_to
+  end
+
+  def schedule_force_delete(type: :fast_track)
     if discarded?
       raise StandardError, 'Force delete procedure cannot be scheduled while a domain is discarded'
     end
 
+    type == :fast_track ? force_delete_fast_track : force_delete_soft
+  end
+
+  def add_force_delete_type(force_delete_type)
+    self.force_delete_type = force_delete_type
+  end
+
+  def force_delete_fast_track
     preserve_current_statuses_for_force_delete
     add_force_delete_statuses
-    self.force_delete_date = Time.zone.today + Setting.redemption_grace_period.days + 1.day
+    add_force_delete_type(:fast)
+    self.force_delete_date = force_delete_fast_track_start_date + 1.day
+    self.force_delete_start = Time.zone.today + 1.day
     stop_all_pending_actions
     allow_deletion
     save(validate: false)
   end
 
-  def cancel_force_delete
+  def force_delete_soft
-    restore_statuses_before_force_delete
+    preserve_current_statuses_for_force_delete
-    remove_force_delete_statuses
+    add_force_delete_statuses
-    self.force_delete_date = nil
+    add_force_delete_type(:soft)
+    calculate_soft_delete_date
+    stop_all_pending_actions
+    allow_deletion
     save(validate: false)
   end
 
+  def clear_force_delete_data
+    self.force_delete_data = nil
+  end
+
+  def cancel_force_delete
+    restore_statuses_before_force_delete
+    remove_force_delete_statuses
+    clear_force_delete_data
+    self.force_delete_date = nil
+    self.force_delete_start = nil
+    save(validate: false)
+    registrar.notifications.create!(text: I18n.t('force_delete_cancelled', domain_name: name))
+  end
+
+  def outzone_date
+    (force_delete_start || valid_to) + Setting.expire_warning_period.days
+  end
+
+  def purge_date
+    (force_delete_date&.beginning_of_day || valid_to + Setting.expire_warning_period.days +
+      Setting.redemption_grace_period.days)
+  end
+
   private
 
+  def calculate_soft_delete_date
+    years = (valid_to.to_date - Time.zone.today).to_i / 365
+    soft_delete_dates(years) if years.positive?
+  end
+
+  def soft_delete_dates(years)
+    self.force_delete_start = valid_to - years.years + 1.day
+    self.force_delete_date = force_delete_start + Setting.expire_warning_period.days +
+                             Setting.redemption_grace_period.days
+  end
+
   def stop_all_pending_actions
     statuses.delete(DomainStatus::PENDING_UPDATE)
     statuses.delete(DomainStatus::PENDING_TRANSFER)
@@ -35,7 +119,7 @@ module Concerns::Domain::ForceDelete
   end
 
   def preserve_current_statuses_for_force_delete
-    self.statuses_before_force_delete = statuses
+    self.statuses_before_force_delete = statuses.clone
   end
 
   def restore_statuses_before_force_delete
@@ -47,25 +131,21 @@ module Concerns::Domain::ForceDelete
     statuses << DomainStatus::FORCE_DELETE
     statuses << DomainStatus::SERVER_RENEW_PROHIBITED
     statuses << DomainStatus::SERVER_TRANSFER_PROHIBITED
-    statuses << DomainStatus::SERVER_UPDATE_PROHIBITED
-    statuses << DomainStatus::PENDING_DELETE
-
-    if (statuses & [DomainStatus::SERVER_HOLD, DomainStatus::CLIENT_HOLD]).empty?
-      statuses << DomainStatus::SERVER_MANUAL_INZONE
-    end
   end
 
   def remove_force_delete_statuses
     statuses.delete(DomainStatus::FORCE_DELETE)
     statuses.delete(DomainStatus::SERVER_RENEW_PROHIBITED)
     statuses.delete(DomainStatus::SERVER_TRANSFER_PROHIBITED)
-    statuses.delete(DomainStatus::SERVER_UPDATE_PROHIBITED)
+    statuses.delete(DomainStatus::CLIENT_HOLD)
-    statuses.delete(DomainStatus::PENDING_DELETE)
-    statuses.delete(DomainStatus::SERVER_MANUAL_INZONE)
   end
 
   def allow_deletion
     statuses.delete(DomainStatus::CLIENT_DELETE_PROHIBITED)
     statuses.delete(DomainStatus::SERVER_DELETE_PROHIBITED)
   end
+
+  def force_delete_fast_track_start_date
+    Time.zone.today + Setting.expire_warning_period.days + Setting.redemption_grace_period.days
+  end
 end

app/models/concerns/domain/transferable.rb

@@ -57,7 +57,8 @@ module Concerns::Domain::Transferable
 
   def transfer_domain_contacts(new_registrar)
     copied_ids = []
-    contacts.each do |contact|
+    domain_contacts.each do |dc|
+      contact = Contact.find(dc.contact_id)
       next if copied_ids.include?(contact.id) || contact.registrar == new_registrar
 
       if registrant_id_was == contact.id # registrant was copied previously, do not copy it again
@@ -66,7 +67,11 @@ module Concerns::Domain::Transferable
         oc = contact.transfer(new_registrar)
       end
 
-      domain_contacts.where(contact_id: contact.id).update_all({ contact_id: oc.id }) # n+1 workaround
+      if domain_contacts.find_by(contact_id: oc.id, domain_id: id, type: dc.type).present?
+        dc.destroy
+      else
+        dc.update(contact_id: oc.id)
+      end
       copied_ids << contact.id
     end
   end

app/models/concerns/email_verifable.rb

@@ -0,0 +1,91 @@
+module Concerns
+  module EmailVerifable
+    extend ActiveSupport::Concern
+
+    def email_verification
+      @email_verification ||= EmailAddressVerification.find_or_create_by(email: unicode_email,
+                                                                         domain: domain(email))
+    end
+
+    def billing_email_verification
+      return unless attribute_names.include?('billing_email')
+
+      @billing_email_verification ||= EmailAddressVerification
+                                      .find_or_create_by(email: unicode_billing_email,
+                                                         domain: domain(billing_email))
+    end
+
+    class_methods do
+      def domain(email)
+        Mail::Address.new(email).domain&.downcase || 'not_found'
+      rescue Mail::Field::IncompleteParseError
+        'not_found'
+      end
+
+      def local(email)
+        Mail::Address.new(email).local&.downcase || email
+      rescue Mail::Field::IncompleteParseError
+        email
+      end
+
+      def punycode_to_unicode(email)
+        return email if domain(email) == 'not_found'
+
+        local = local(email)
+        domain = SimpleIDN.to_unicode(domain(email))
+        "#{local}@#{domain}"&.downcase
+      end
+
+      def unicode_to_punycode(email)
+        return email if domain(email) == 'not_found'
+
+        local = local(email)
+        domain = SimpleIDN.to_ascii(domain(email))
+        "#{local}@#{domain}"&.downcase
+      end
+    end
+
+    def unicode_billing_email
+      self.class.punycode_to_unicode(billing_email)
+    end
+
+    def unicode_email
+      self.class.punycode_to_unicode(email)
+    end
+
+    def domain(email)
+      SimpleIDN.to_unicode(self.class.domain(email))
+    end
+
+    def punycode_to_unicode(email)
+      self.class.punycode_to_unicode(email)
+    end
+
+    def correct_email_format
+      return if email.blank?
+
+      result = email_verification.verify
+      process_result(result: result, field: :email)
+    end
+
+    def correct_billing_email_format
+      return if email.blank?
+
+      result = billing_email_verification.verify
+      process_result(result: result, field: :billing_email)
+    end
+
+    # rubocop:disable Metrics/LineLength
+    def process_result(result:, field:)
+      case result[:errors].keys.first
+      when :smtp
+        errors.add(field, I18n.t('activerecord.errors.models.contact.attributes.email.email_smtp_check_error'))
+      when :mx
+        errors.add(field, I18n.t('activerecord.errors.models.contact.attributes.email.email_mx_check_error'))
+      when :regex
+        errors.add(field, I18n.t('activerecord.errors.models.contact.attributes.email.email_regex_check_error'))
+      end
+    end
+    # rubocop:enable Metrics/LineLength
+  end
+end

app/models/concerns/epp_errors.rb

@@ -20,7 +20,7 @@ module EppErrors
       epp_errors << collect_parent_errors(attr, errors)
     end
 
-    errors[:epp_errors] = epp_errors
+    errors.add(:epp_errors, epp_errors)
     errors[:epp_errors].flatten!
   end
 

app/models/concerns/invoice/book_keeping.rb

@@ -0,0 +1,34 @@
+module Concerns
+  module Invoice
+    module BookKeeping
+      extend ActiveSupport::Concern
+
+      def as_directo_json
+        invoice = ActiveSupport::JSON.decode(ActiveSupport::JSON.encode(self))
+        invoice['customer'] = compose_directo_customer
+        invoice['issue_date'] = issue_date.strftime('%Y-%m-%d')
+        invoice['transaction_date'] = account_activity
+                                      .bank_transaction&.paid_at&.strftime('%Y-%m-%d')
+        invoice['language'] = buyer.language == 'en' ? 'ENG' : ''
+        invoice['invoice_lines'] = compose_directo_product
+
+        invoice
+      end
+
+      def compose_directo_product
+        [{ 'product_id': Setting.directo_receipt_product_name, 'description': order,
+           'quantity': 1, 'price': ActionController::Base.helpers.number_with_precision(
+             subtotal, precision: 2, separator: '.'
+           ) }].as_json
+      end
+
+      def compose_directo_customer
+        {
+          'code': buyer.accounting_customer_code,
+          'destination': buyer_country_code,
+          'vat_reg_no': buyer_vat_no,
+        }.as_json
+      end
+    end
+  end
+end

app/models/concerns/job/force_delete.rb

@@ -0,0 +1,34 @@
+module Concerns
+  module Job
+    module ForceDelete
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def start_client_hold
+          log_prepare_client_hold
+
+          ::PaperTrail.request.whodunnit = "cron - #{__method__}"
+
+          ::Domain.force_delete_scheduled.each do |domain|
+            proceed_client_hold(domain: domain)
+          end
+
+          log_end_end_force_delete_job
+        end
+
+        def proceed_client_hold(domain:)
+          notify_on_grace_period(domain) if domain.should_notify_on_soft_force_delete?
+          return unless domain.client_holdable?
+
+          domain.statuses << DomainStatus::CLIENT_HOLD
+          log_start_client_hold(domain)
+
+          domain.save(validate: false)
+          notify_client_hold(domain)
+
+          log_end_end_client_hold(domain)
+        end
+      end
+    end
+  end
+end

app/models/concerns/job/force_delete_logging.rb

@@ -0,0 +1,34 @@
+module Concerns
+  module Job
+    module ForceDeleteLogging
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def log_prepare_client_hold
+          return if Rails.env.test?
+
+          STDOUT << "#{Time.zone.now.utc} - Setting client_hold to domains\n"
+        end
+
+        def log_start_client_hold(domain)
+          return if Rails.env.test?
+
+          STDOUT << "#{Time.zone.now.utc} DomainCron.start_client_hold: ##{domain.id} "\
+                    "(#{domain.name}) #{domain.changes}\n"
+        end
+
+        def log_end_end_client_hold(domain)
+          return if Rails.env.test?
+
+          STDOUT << "#{Time.zone.now.utc} - Successfully set client_hold on (#{domain.name})"
+        end
+
+        def log_end_end_force_delete_job
+          return if Rails.env.test?
+
+          STDOUT << "#{Time.zone.now.utc} - All client_hold setting are done\n"
+        end
+      end
+    end
+  end
+end

app/models/concerns/job/force_delete_notify.rb

@@ -0,0 +1,31 @@
+module Concerns
+  module Job
+    module ForceDeleteNotify
+      extend ActiveSupport::Concern
+
+      class_methods do
+        def notify_client_hold(domain)
+          domain.registrar.notifications.create!(text: I18n.t('force_delete_set_on_domain',
+                                                              domain_name: domain.name,
+                                                              outzone_date: domain.outzone_date,
+                                                              purge_date: domain.purge_date))
+        end
+
+        def notify_on_grace_period(domain)
+          domain.registrar.notifications.create!(text: I18n.t('grace_period_started_domain',
+                                                              domain_name: domain.name,
+                                                              date: domain.force_delete_start))
+          send_mail(domain)
+          domain.update(contact_notification_sent_date: Time.zone.today)
+        end
+
+        def send_mail(domain)
+          DomainDeleteMailer.forced(domain: domain,
+                                    registrar: domain.registrar,
+                                    registrant: domain.registrant,
+                                    template_name: domain.template_name).deliver_now
+        end
+      end
+    end
+  end
+end

app/models/concerns/registrar/book_keeping.rb

@@ -0,0 +1,128 @@
+module Concerns
+  module Registrar
+    module BookKeeping
+      extend ActiveSupport::Concern
+
+      DOMAIN_TO_PRODUCT = { 'ee': '01EE', 'com.ee': '02COM', 'pri.ee': '03PRI',
+                            'fie.ee': '04FIE', 'med.ee': '05MED' }.freeze
+
+      def monthly_summary(month:)
+        activities = monthly_activites(month)
+        return unless activities.any?
+
+        invoice = {
+          'number': 1,
+          'customer': compose_directo_customer,
+          'language': language == 'en' ? 'ENG' : '', 'currency': activities.first.currency,
+          'date': month.end_of_month.strftime('%Y-%m-%d')
+        }.as_json
+
+        invoice['invoice_lines'] = prepare_invoice_lines(month: month, activities: activities)
+
+        invoice
+      end
+
+      def prepare_invoice_lines(month:, activities:)
+        lines = []
+
+        lines << { 'description': title_for_summary(month) }
+        activities.each do |activity|
+          fetch_invoice_lines(activity, lines)
+        end
+        lines << prepayment_for_all(lines)
+
+        lines.as_json
+      end
+
+      def title_for_summary(date)
+        I18n.with_locale(language == 'en' ? 'en' : 'et') do
+          I18n.t('registrar.monthly_summary_title', date: I18n.l(date, format: '%B %Y'))
+        end
+      end
+
+      def fetch_invoice_lines(activity, lines)
+        price = load_price(activity)
+        if price.duration.include? 'year'
+          price.duration.to_i.times do |duration|
+            lines << new_monthly_invoice_line(activity: activity, duration: duration + 1).as_json
+          end
+        else
+          lines << new_monthly_invoice_line(activity: activity).as_json
+        end
+      end
+
+      def monthly_activites(month)
+        AccountActivity.where(account_id: account_ids)
+                       .where(created_at: month.beginning_of_month..month.end_of_month)
+                       .where(activity_type: [AccountActivity::CREATE, AccountActivity::RENEW])
+      end
+
+      def new_monthly_invoice_line(activity:, duration: nil)
+        price = load_price(activity)
+        line = {
+          'product_id': DOMAIN_TO_PRODUCT[price.zone_name.to_sym],
+          'quantity': 1,
+          'unit': language == 'en' ? 'pc' : 'tk',
+        }
+
+        finalize_invoice_line(line, price: price, duration: duration, activity: activity)
+      end
+
+      def finalize_invoice_line(line, price:, activity:, duration:)
+        yearly = price.duration.include?('year')
+
+        line['price'] = yearly ? (price.price.amount / price.duration.to_i) : price.price.amount
+        line['description'] = description_in_language(price: price, yearly: yearly)
+
+        if duration.present?
+          add_product_timeframe(line: line, activity: activity, duration: duration) if duration > 1
+        end
+
+        line
+      end
+
+      def add_product_timeframe(line:, activity:, duration:)
+        create_time = activity.created_at
+        line['start_date'] = (create_time + (duration - 1).year).end_of_month.strftime('%Y-%m-%d')
+        line['end_date'] = (create_time + (duration - 1).year + 1).end_of_month.strftime('%Y-%m-%d')
+      end
+
+      def description_in_language(price:, yearly:)
+        timeframe_string = yearly ? 'yearly' : 'monthly'
+        locale_string = "registrar.invoice_#{timeframe_string}_product_description"
+
+        I18n.with_locale(language == 'en' ? 'en' : 'et') do
+          I18n.t(locale_string, tld: ".#{price.zone_name}", length: price.duration.to_i)
+        end
+      end
+
+      def prepayment_for_all(lines)
+        total = 0
+        en = language == 'en'
+        lines.each { |l| total += l['quantity'].to_f * l['price'].to_f }
+        {
+          'product_id': Setting.directo_receipt_product_name,
+          'description': en ? 'Domains prepayment' : 'Domeenide ettemaks',
+          'quantity': -1,
+          'price': total,
+          'unit': en ? 'pc' : 'tk',
+        }
+      end
+
+      def compose_directo_customer
+        {
+          'code': accounting_customer_code,
+          'destination': address_country_code,
+          'vat_reg_no': vat_no,
+        }.as_json
+      end
+
+      def load_price(account_activity)
+        @pricelists ||= {}
+        return @pricelists[account_activity.price_id] if @pricelists.key? account_activity.price_id
+
+        @pricelists[account_activity.price_id] = account_activity.price
+      end
+    end
+  end
+end

app/models/concerns/registrar/legal_doc.rb

@@ -0,0 +1,16 @@
+module Concerns
+  module Registrar
+    module LegalDoc
+      extend ActiveSupport::Concern
+
+      def legaldoc_mandatory?
+        !legaldoc_not_mandatory?
+      end
+
+      def legaldoc_not_mandatory?
+        setting = Setting.find_by(var: 'legal_document_is_mandatory')&.value
+        legaldoc_optout || !setting
+      end
+    end
+  end
+end

app/models/concerns/remove_hold.rb

@@ -0,0 +1,9 @@
+module RemoveHold
+  extend ActiveSupport::Concern
+
+  def remove_hold(params)
+    xml = epp_xml.update(name: { value: params[:domain_name] },
+                         rem: [status: { attrs: { s: 'clientHold' }, value: '' }])
+    current_user.request(xml)
+  end
+end

app/models/concerns/versions.rb

@@ -1,10 +1,17 @@
 # Papertrail concerns is mainly tested at country spec
 module Versions
   extend ActiveSupport::Concern
+  WITH_CHILDREN = %w[Domain Contact].freeze
 
   included do
     attr_accessor :version_loader
-    has_paper_trail class_name: "#{model_name}Version"
+
+    if WITH_CHILDREN.include?(model_name.name)
+      has_paper_trail versions: { class_name: "#{model_name}Version" },
+                      meta: { children: :children_log }
+    else
+      has_paper_trail versions: { class_name: "#{model_name}Version" }
+    end
 
     # add creator and updator
     before_create :add_creator
@@ -12,23 +19,25 @@ module Versions
     before_update :add_updator
 
     def add_creator
-      self.creator_str = ::PaperTrail.whodunnit
+      self.creator_str = ::PaperTrail.request.whodunnit
       true
     end
 
     def add_updator
-      self.updator_str = ::PaperTrail.whodunnit
+      self.updator_str = ::PaperTrail.request.whodunnit
       true
     end
 
     def creator
       return nil if creator_str.blank?
+
       creator = user_from_id_role_username creator_str
       creator.present? ? creator : creator_str
     end
 
     def updator
       return nil if updator_str.blank?
+
       updator = user_from_id_role_username updator_str
       updator.present? ? updator : updator_str
     end
@@ -45,25 +54,27 @@ module Versions
 
     # callbacks
     def touch_domain_version
-      domain.try(:touch_with_version)
+      domain.try(:touch)
     end
 
     def touch_domains_version
-      domains.each(&:touch_with_version)
+      domains.each(&:touch)
     end
   end
 
   module ClassMethods
     def all_versions_for(ids, time)
-      ver_klass    = paper_trail_version_class
+      ver_klass    = paper_trail.version_class
       from_history = ver_klass.where(item_id: ids.to_a).
           order(:item_id).
           preceding(time + 1, true).
           select("distinct on (item_id) #{ver_klass.table_name}.*").
           map do |ver|
-            o = new(ver.object)
+            valid_columns = ver.item_type.constantize&.column_names
+            o = new(ver.object&.slice(*valid_columns))
             o.version_loader = ver
-            ver.object_changes.to_h.each { |k, v| o.public_send("#{k}=", v[-1]) }
+            changes = ver.object_changes.to_h&.slice(*valid_columns)
+            changes.each { |k, v| o.public_send("#{k}=", v[-1]) }
             o
           end
       not_in_history = where(id: (ids.to_a - from_history.map(&:id)))

app/models/concerns/whois_status_populate.rb

@@ -0,0 +1,15 @@
+module WhoisStatusPopulate
+  extend ActiveSupport::Concern
+
+  def generate_json(record, domain_status:)
+    h = HashWithIndifferentAccess.new(name: record.name, status: [domain_status])
+    return h if record.json.blank?
+
+    status_arr = (record.json['status'] ||= [])
+    return record.json if status_arr.include? domain_status
+
+    status_arr.push(domain_status)
+    record.json['status'] = status_arr
+    record.json
+  end
+end

app/models/concerns/zone/whois_queryable.rb

@@ -0,0 +1,72 @@
+module Concerns
+  module Zone
+    module WhoisQueryable
+      extend ActiveSupport::Concern
+
+      included do
+        after_save :update_whois_record, if: :subzone?
+        after_destroy :update_whois_record
+      end
+
+      def subzone?
+        origin.include? '.'
+      end
+
+      def update_whois_record
+        UpdateWhoisRecordJob.enqueue origin, 'zone'
+      end
+
+      def generate_data
+        wr = Whois::Record.find_or_initialize_by(name: origin)
+        wr.json = generate_json
+        wr.save
+      end
+
+      def generate_json
+        data = {}.with_indifferent_access
+        [domain_vars, registrar_vars, registrant_vars].each do |h|
+          data.merge!(h)
+        end
+
+        data
+      end
+
+      def domain_vars
+        { disclaimer: Setting.registry_whois_disclaimer, name: origin,
+          registered: created_at.try(:to_s, :iso8601), status: ['ok (paid and in zone)'],
+          changed: updated_at.try(:to_s, :iso8601), email: Setting.registry_email,
+          admin_contacts: [contact_vars], tech_contacts: [contact_vars],
+          nameservers: nameserver_vars }
+      end
+
+      def registrar_vars
+        { registrar: Setting.registry_juridical_name, registrar_website: Setting.registry_url,
+          registrar_phone: Setting.registry_phone }
+      end
+
+      def registrant_vars
+        { registrant: Setting.registry_juridical_name, registrant_reg_no: Setting.registry_reg_no,
+          registrant_ident_country_code: Setting.registry_country_code, registrant_kind: 'org',
+          registrant_disclosed_attributes: %w[name email] }
+      end
+
+      def contact_vars
+        { name: Setting.registry_invoice_contact, email: Setting.registry_email,
+          disclosed_attributes: %w[name email] }
+      end
+
+      def nameserver_vars
+        vars = []
+        return vars unless ns_records
+
+        parsed_ns = ns_records.gsub("\r", '').gsub("\n", '')
+        parsed_ns.split("#{origin}. IN NS ").each do |ns|
+          ns.delete_suffix! '.'
+          vars << ns if ns.match? Nameserver::HOSTNAME_REGEXP
+        end
+
+        vars
+      end
+    end
+  end
+end

app/models/contact.rb

@@ -1,10 +1,13 @@
-class Contact < ActiveRecord::Base
+require 'deserializers/xml/legal_document'
+
+class Contact < ApplicationRecord
   include Versions # version/contact_version.rb
   include EppErrors
   include UserEvents
   include Concerns::Contact::Transferable
   include Concerns::Contact::Identical
   include Concerns::Contact::Disclosable
+  include Concerns::EmailVerifable
 
   belongs_to :original, class_name: self.name
   belongs_to :registrar, required: true
@@ -14,21 +17,25 @@ class Contact < ActiveRecord::Base
   has_many :registrant_domains, class_name: 'Domain', foreign_key: 'registrant_id'
   has_many :actions, dependent: :destroy
 
-  has_paper_trail class_name: "ContactVersion", meta: { children: :children_log }
-
   attr_accessor :legal_document_id
   alias_attribute :kind, :ident_type
   alias_attribute :copy_from_id, :original_id # Old attribute name; for PaperTrail
 
   accepts_nested_attributes_for :legal_documents
 
+  scope :email_verification_failed, lambda {
+    joins('LEFT JOIN email_address_verifications emv ON contacts.email = emv.email')
+      .where('success = false and verified_at IS NOT NULL')
+  }
+
   validates :name, :email, presence: true
-  validates :street, :city, :zip, :country_code, presence: true, if: 'self.class.address_processing?'
+  validates :street, :city, :zip, :country_code, presence: true, if: lambda {
+    self.class.address_processing?
+  }
 
   validates :phone, presence: true, e164: true, phone: true
 
-  validates :email, format: /@/
+  validate :correct_email_format, if: proc { |c| c.will_save_change_to_email? }
-  validates :email, email_format: { message: :invalid }, if: proc { |c| c.email_changed? }
 
   validates :code,
     uniqueness: { message: :epp_id_taken },
@@ -37,7 +44,7 @@ class Contact < ActiveRecord::Base
   validates_associated :identifier
 
   validate :validate_html
-  validate :validate_country_code, if: 'self.class.address_processing?'
+  validate :validate_country_code, if: -> { self.class.address_processing? }
 
   after_initialize do
     self.status_notes = {} if status_notes.nil?
@@ -55,6 +62,9 @@ class Contact < ActiveRecord::Base
               mapping: [%w[ident code], %w[ident_type type], %w[ident_country_code country_code]]
 
   after_save :update_related_whois_records
+  before_validation :clear_address_modifications, if: -> { !self.class.address_processing? }
+
+  self.ignored_columns = %w[legacy_id legacy_history_id]
 
   ORG = 'org'
   PRIV = 'priv'
@@ -246,10 +256,8 @@ class Contact < ActiveRecord::Base
     end
 
     def registrant_user_contacts(registrant_user)
-      # In Rails 5, can be replaced with a much simpler `or` query method and the raw SQL parts can
+      registrant_user_direct_contacts(registrant_user)
-      # be removed.
+        .or(registrant_user_indirect_contacts(registrant_user))
-      from("(#{registrant_user_direct_contacts(registrant_user).to_sql} UNION " \
-        "#{registrant_user_indirect_contacts(registrant_user).to_sql}) AS contacts")
     end
 
     def registrant_user_direct_contacts(registrant_user)
@@ -290,7 +298,7 @@ class Contact < ActiveRecord::Base
   end
 
   def to_s
-    name || '[no name]'
+    name
   end
 
   def validate_html
@@ -351,7 +359,7 @@ class Contact < ActiveRecord::Base
       return false
     end
 
-    legal_document_data = Epp::Domain.parse_legal_document_from_frame(frame)
+    legal_document_data = ::Deserializers::Xml::LegalDocument.new(frame).call
 
     if legal_document_data
 
@@ -415,45 +423,65 @@ class Contact < ActiveRecord::Base
   # if total is smaller than needed, the load more
   # we also need to sort by valid_to
   # todo: extract to drapper. Then we can remove Domain#roles
-  def all_domains(page: nil, per: nil, params: {})
+  def all_domains(page: nil, per: nil, params:, requester: nil)
-    # compose filter sql
+    filter_sql = qualified_domain_ids(params[:domain_filter])
-    filter_sql = case params[:domain_filter]
-      when "Registrant".freeze
-        %Q{select id from domains where registrant_id=#{id}}
-      when AdminDomainContact.to_s, TechDomainContact.to_s
-        %Q{select domain_id from domain_contacts where contact_id=#{id} AND type='#{params[:domain_filter]}'}
-      else
-        %Q{select domain_id from domain_contacts where contact_id=#{id}  UNION select id from domains where registrant_id=#{id}}
-    end
 
     # get sorting rules
     sorts = params.fetch(:sort, {}).first || []
-    sort  = Domain.column_names.include?(sorts.first) ? sorts.first : "valid_to"
+    sort  = %w[name registrar_name valid_to].include?(sorts.first) ? sorts.first : 'valid_to'
-    order = {"asc"=>"desc", "desc"=>"asc"}[sorts.second] || "desc"
+    order = %w[asc desc].include?(sorts.second) ? sorts.second : 'desc'
-
 
     # fetch domains
-    domains  = Domain.where("domains.id IN (#{filter_sql})")
+    domains = qualified_domain_name_list(requester, filter_sql)
     domains = domains.includes(:registrar).page(page).per(per)
 
-    if sorts.first == "registrar_name".freeze
     # using small rails hack to generate outer join
-      domains = domains.includes(:registrar).where.not(registrars: {id: nil}).order("registrars.name #{order} NULLS LAST")
+    domains = if sorts.first == 'registrar_name'.freeze
+                domains.includes(:registrar).where.not(registrars: { id: nil })
+                       .order("registrars.name #{order} NULLS LAST")
               else
-      domains = domains.order("#{sort} #{order} NULLS LAST")
+                domains.order("#{sort} #{order} NULLS LAST")
               end
 
-
-
     # adding roles. Need here to make faster sqls
     domain_c = Hash.new([])
-    registrant_domains.where(id: domains.map(&:id)).each{|d| domain_c[d.id] |= ["Registrant".freeze] }
+    registrant_domains.where(id: domains.map(&:id)).each do |d|
-    DomainContact.where(contact_id: id, domain_id: domains.map(&:id)).each{|d| domain_c[d.domain_id] |= [d.type] }
+      domain_c[d.id] |= ['Registrant'.freeze]
-    domains.each{|d| d.roles = domain_c[d.id].uniq}
+    end
+
+    DomainContact.where(contact_id: id, domain_id: domains.map(&:id)).each do |d|
+      domain_c[d.domain_id] |= [d.type]
+    end
+
+    domains.each { |d| d.roles = domain_c[d.id].uniq }
 
     domains
   end
 
+  def qualified_domain_name_list(requester, filter_sql)
+    return Domain.where('domains.id IN (?)', filter_sql) if requester.blank?
+
+    registrant_user = RegistrantUser.find_or_initialize_by(registrant_ident:
+      "#{requester.ident_country_code}-#{requester.ident}")
+    begin
+      registrant_user.domains.where('domains.id IN (?)', filter_sql)
+    rescue CompanyRegister::NotAvailableError
+      registrant_user.direct_domains.where('domains.id IN (?)', filter_sql)
+    end
+  end
+
+  def qualified_domain_ids(domain_filter)
+    registrant_ids = registrant_domains.pluck(:id)
+    return registrant_ids if domain_filter == 'Registrant'
+
+    if %w[AdminDomainContact TechDomainContact].include? domain_filter
+      DomainContact.select('domain_id').where(contact_id: id, type: domain_filter)
+    else
+      (DomainContact.select('domain_id').where(contact_id: id).pluck(:domain_id) +
+       registrant_ids).uniq
+    end
+  end
+
   def update_prohibited?
     (statuses & [
       CLIENT_UPDATE_PROHIBITED,
@@ -480,9 +508,23 @@ class Contact < ActiveRecord::Base
     ]).present?
   end
 
+  def clear_address_modifications
+    return unless modifies_address?
+
+    remove_address
+  end
+
+  def modifies_address?
+    modified = false
+    self.class.address_attribute_names.each { |field| modified = true if changes.key?(field) }
+
+    modified
+  end
+
   def update_related_whois_records
     # not doing anything if no real changes
-    return if changes.slice(*(self.class.column_names - ["updated_at", "created_at", "statuses", "status_notes"])).empty?
+    ignored_columns = %w[updated_at created_at statuses status_notes]
+    return if saved_changes.slice(*(self.class.column_names - ignored_columns)).empty?
 
     names = related_domain_descriptions.keys
     UpdateWhoisRecordJob.enqueue(names, 'domain') if names.present?

app/models/counter.rb

@@ -1,24 +0,0 @@
-class Counter
-  def initialize value = 0
-    @value = value
-  end
-  attr_accessor :value
-  def method_missing *args, &blk
-    @value.send(*args, &blk)
-  end
-  def to_s
-    @value.to_s
-  end
-
-  def now
-    @value
-  end
-
-  # pre-increment ".+" when x not present
-  def next(x = 1)
-    @value += x
-  end
-  def prev(x = 1)
-    @value -= x
-  end
-end

app/models/depp/domain.rb

@@ -1,6 +1,7 @@
 module Depp
   class Domain
     include ActiveModel::Conversion
+    include RemoveHold
     extend ActiveModel::Naming
 
     attr_accessor :name, :current_user, :epp_xml

app/models/directo.rb

@@ -1,196 +1,3 @@
-class Directo < ActiveRecord::Base
+class Directo < ApplicationRecord
-  DOMAIN_TO_PRODUCT = {"ee" => "01EE", "com.ee" => "02COM", "pri.ee" => "03PRI", "fie.ee"=>"04FIE", "med.ee" => "05MED"}.freeze
   belongs_to :item, polymorphic: true
-
-  def self.send_receipts
-    new_trans = Invoice.where(in_directo: false).non_cancelled
-    total     = new_trans.count
-    counter   = 0
-    Rails.logger.info("[DIRECTO] Will try to send #{total} invoices")
-
-    new_trans.find_in_batches(batch_size: 10).each do |group|
-      mappers = {} # need them as no direct connection between invoice
-      builder = Nokogiri::XML::Builder.new(encoding: "UTF-8") do |xml|
-        xml.invoices {
-          group.each do |invoice|
-
-            if invoice.account_activity.nil? || invoice.account_activity.bank_transaction.nil? ||
-                invoice.account_activity.bank_transaction.sum.nil? || invoice.account_activity.bank_transaction.sum != invoice.total
-              Rails.logger.info("[DIRECTO] Invoice #{invoice.number} has been skipped")
-              next
-            end
-            counter += 1
-
-            num     = invoice.number
-            mappers[num] = invoice
-            xml.invoice(
-                "SalesAgent"  => Setting.directo_sales_agent,
-                "Number"      => num,
-                "InvoiceDate" => invoice.issue_date.strftime("%Y-%m-%d"),
-                "PaymentTerm" => Setting.directo_receipt_payment_term,
-                "Currency"    => invoice.currency,
-                "CustomerCode"=> invoice.buyer.accounting_customer_code
-            ){
-              xml.line(
-                  "ProductID"      => Setting.directo_receipt_product_name,
-                  "Quantity"       => 1,
-                  "UnitPriceWoVAT" => ActionController::Base.helpers.number_with_precision(invoice.subtotal, precision: 2, separator: "."),
-                  "ProductName"    => invoice.order
-              )
-            }
-          end
-        }
-      end
-
-      data = builder.to_xml.gsub("\n",'')
-      Rails.logger.info("[Directo] XML request: #{data}")
-      response = RestClient::Request.execute(url: ENV['directo_invoice_url'], method: :post, payload: {put: "1", what: "invoice", xmldata: data}, verify_ssl: false)
-      Rails.logger.info("[Directo] Directo responded with code: #{response.code}, body: #{response.body}")
-      dump_result_to_db(mappers, response.to_s)
-    end
-
-    STDOUT << "#{Time.zone.now.utc} - Directo receipts sending finished. #{counter} of #{total} are sent\n"
-  end
-
-  def self.dump_result_to_db mappers, xml
-    Nokogiri::XML(xml).css("Result").each do |res|
-      obj = mappers[res.attributes["docid"].value.to_i]
-      obj.directo_records.create!(response: res.as_json.to_h, invoice_number: obj.number)
-      obj.update_columns(in_directo: true)
-      Rails.logger.info("[DIRECTO] Invoice #{res.attributes["docid"].value} was pushed and return is #{res.as_json.to_h.inspect}")
-    end
-  end
-
-
-  def self.send_monthly_invoices(debug: false)
-    I18n.locale    = :et
-    month          = Time.now - 1.month
-    invoices_until = month.end_of_month
-    date_format    = "%Y-%m-%d"
-    invoice_counter= Counter.new
-
-    min_directo    = Setting.directo_monthly_number_min.presence.try(:to_i)
-    max_directo    = Setting.directo_monthly_number_max.presence.try(:to_i)
-    last_directo   = [Setting.directo_monthly_number_last.presence.try(:to_i), min_directo].compact.max || 0
-    if max_directo && max_directo <= last_directo
-      raise "Directo counter is out of period (max allowed number is smaller than last counter number)"
-    end
-
-    directo_next = last_directo
-    Registrar.where.not(test_registrar: true).find_each do |registrar|
-      unless registrar.cash_account
-        Rails.logger.info("[DIRECTO] Monthly invoice for registrar #{registrar.id} has been skipped as it doesn't has cash_account")
-        next
-      end
-      counter = Counter.new(1)
-      items   = {}
-      registrar_activities = AccountActivity.where(account_id: registrar.account_ids).where("created_at BETWEEN ? AND ?",month.beginning_of_month, month.end_of_month)
-
-      # adding domains items
-      registrar_activities.where(activity_type: [AccountActivity::CREATE, AccountActivity::RENEW]).each do |activity|
-        price = load_price(activity)
-
-        if price.duration.include?('year')
-          price.duration.to_i.times do |i|
-            year = i+1
-            hash = {
-                "ProductID" => DOMAIN_TO_PRODUCT[price.zone_name],
-                "Unit" => "tk",
-                "ProductName" => ".#{price.zone_name} registreerimine: #{price.duration.to_i} aasta#{price.duration.to_i > 1 ? 't' : ''}",
-                "UnitPriceWoVAT" => price.price.amount / price.duration.to_i
-            }
-            hash["StartDate"] = (activity.created_at + (year-1).year).end_of_month.strftime(date_format) if year > 1
-            hash["EndDate"] = (activity.created_at + (year-1).year + 1).end_of_month.strftime(date_format) if year > 1
-
-            if items.has_key?(hash)
-              items[hash]["Quantity"] += 1
-            else
-              items[hash] = { "RN" => counter.next, "RR" => counter.now - i, "Quantity" => 1 }
-            end
-          end
-        else
-          1.times do |i|
-            quantity = price.account_activities
-                           .where(account_id: registrar.account_ids)
-                           .where(created_at: month.beginning_of_month..month.end_of_month)
-                           .where(activity_type: [AccountActivity::CREATE, AccountActivity::RENEW])
-                           .count
-
-            hash = {
-                "ProductID" => DOMAIN_TO_PRODUCT[price.zone_name],
-                "Unit" => "tk",
-                "ProductName" => ".#{price.zone_name} registreerimine: #{price.duration.to_i} kuud",
-                "UnitPriceWoVAT" => price.price.amount,
-            }
-
-            if items.has_key?(hash)
-              #items[hash]["Quantity"] += 1
-            else
-              items[hash] = { "RN" => counter.next, "RR" => counter.now - i, "Quantity" => quantity }
-            end
-          end
-        end
-
-
-      end
-
-      #adding prepaiments
-      if items.any?
-        total = 0
-        items.each{ |key, val| total += val["Quantity"] * key["UnitPriceWoVAT"] }
-        hash = {"ProductID" => Setting.directo_receipt_product_name, "Unit" => "tk", "ProductName" => "Domeenide ettemaks", "UnitPriceWoVAT"=>total}
-        items[hash] = {"RN"=>counter.next, "RR" => counter.now, "Quantity"=> -1}
-      end
-
-      # generating XML
-      if items.any?
-        directo_next += 1
-        invoice_counter.next
-
-        builder = Nokogiri::XML::Builder.new(encoding: "UTF-8") do |xml|
-          xml.invoices{
-            xml.invoice("Number"      =>directo_next,
-                        "InvoiceDate" =>invoices_until.strftime(date_format),
-                        "PaymentTerm" =>Setting.directo_receipt_payment_term,
-                        "CustomerCode"=>registrar.accounting_customer_code,
-                        "Language"    =>"",
-                        "Currency"    =>registrar_activities.first.currency,
-                        "SalesAgent"  =>Setting.directo_sales_agent){
-              xml.line("RN" => 1, "RR"=>1, "ProductName"=> "Domeenide registreerimine - #{I18n.l(invoices_until, format: "%B %Y").titleize}")
-              items.each do |line, val|
-                xml.line(val.merge(line))
-              end
-            }
-          }
-        end
-
-        data = builder.to_xml.gsub("\n",'')
-        Rails.logger.info("[Directo] XML request: #{data}")
-
-        if debug
-          STDOUT << "#{Time.zone.now.utc} - Directo xml had to be sent #{data}\n"
-        else
-          response = RestClient::Request.execute(url: ENV['directo_invoice_url'], method: :post, payload: {put: "1", what: "invoice", xmldata: data}, verify_ssl: false)
-          Rails.logger.info("[Directo] Directo responded with code: #{response.code}, body: #{response.body}")
-          response = response.to_s
-
-          Setting.directo_monthly_number_last = directo_next
-          Nokogiri::XML(response).css("Result").each do |res|
-            Directo.create!(request: data, response: res.as_json.to_h, invoice_number: directo_next)
-            Rails.logger.info("[DIRECTO] Invoice #{res.attributes["docid"].value} was pushed and return is #{res.as_json.to_h.inspect}")
-          end
-        end
-      else
-        Rails.logger.info("[DIRECTO] Registrar #{registrar.id} has nothing to be sent to Directo")
-      end
-
-    end
-    STDOUT << "#{Time.zone.now.utc} - Directo invoices sending finished. #{invoice_counter.now} are sent\n"
-  end
-
-  def self.load_price(account_activity)
-    @pricelists ||= {}
-    return @pricelists[account_activity.price_id] if @pricelists.has_key?(account_activity.price_id)
-    @pricelists[account_activity.price_id] = account_activity.price
-  end
 end

app/models/dispute.rb

@@ -0,0 +1,133 @@
+class Dispute < ApplicationRecord
+  include WhoisStatusPopulate
+  validates :domain_name, :password, :starts_at, :expires_at, presence: true
+  before_validation :fill_empty_passwords, :set_expiry_date
+  validate :validate_domain_name_format
+  validate :validate_domain_name_period_uniqueness
+  validate :validate_start_date
+
+  before_save :set_expiry_date, :sync_reserved_password, :generate_data
+  after_destroy :remove_data
+
+  scope :expired, -> { where('expires_at < ?', Time.zone.today) }
+  scope :active, lambda {
+    where('starts_at <= ? AND expires_at >= ? AND closed IS NULL', Time.zone.today, Time.zone.today)
+  }
+  scope :closed, -> { where.not(closed: nil) }
+
+  attr_readonly :domain_name
+
+  def domain
+    Domain.find_by(name: domain_name)
+  end
+
+  def self.close_by_domain(domain_name)
+    dispute = Dispute.active.find_by(domain_name: domain_name)
+    return false unless dispute
+
+    dispute.close(initiator: 'Registrant')
+  end
+
+  def self.valid_auth?(domain_name, password)
+    Dispute.active.find_by(domain_name: domain_name, password: password).present?
+  end
+
+  def set_expiry_date
+    return if starts_at.blank?
+
+    self.expires_at = starts_at + Setting.dispute_period_in_months.months
+  end
+
+  def generate_password
+    self.password = SecureRandom.hex
+  end
+
+  def generate_data
+    return if starts_at > Time.zone.today || expires_at < Time.zone.today
+
+    domain&.mark_as_disputed
+    return if domain
+
+    wr = Whois::Record.find_or_initialize_by(name: domain_name)
+    wr.json = @json = generate_json(wr, domain_status: 'disputed')
+    wr.save
+  end
+
+  def close(initiator: 'Unknown')
+    return false unless update(closed: Time.zone.now, initiator: initiator)
+    return if Dispute.active.where(domain_name: domain_name).any?
+
+    domain&.unmark_as_disputed
+    return true if domain
+
+    forward_to_auction_if_possible
+  end
+
+  def forward_to_auction_if_possible
+    domain = DNS::DomainName.new(domain_name)
+    if domain.available? && domain.auctionable?
+      domain.sell_at_auction
+      return true
+    end
+
+    whois_record = Whois::Record.find_by(name: domain_name)
+    remove_whois_data(whois_record)
+  end
+
+  def remove_whois_data(record)
+    return true unless record
+
+    record.json['status'] = record.json['status'].delete_if { |status| status == 'disputed' }
+    record.destroy && return if record.json['status'].blank?
+
+    record.save
+  end
+
+  def remove_data
+    UpdateWhoisRecordJob.enqueue domain_name, 'disputed'
+  end
+
+  def fill_empty_passwords
+    generate_password if password.blank?
+  end
+
+  def sync_reserved_password
+    reserved_domain = ReservedDomain.find_by(name: domain_name)
+    generate_password if password.blank?
+
+    unless reserved_domain.nil?
+      reserved_domain.password = password
+      reserved_domain.save!
+    end
+
+    generate_data
+  end
+
+  private
+
+  def validate_start_date
+    return if starts_at.nil?
+
+    errors.add(:starts_at, :future) if starts_at.future?
+  end
+
+  def validate_domain_name_format
+    return unless domain_name
+
+    zone = domain_name.reverse.rpartition('.').map(&:reverse).reverse.last
+    supported_zone = DNS::Zone.origins.include?(zone)
+
+    errors.add(:domain_name, :unsupported_zone) unless supported_zone
+  end
+
+  def validate_domain_name_period_uniqueness
+    existing_dispute = Dispute.unscoped.where(domain_name: domain_name, closed: nil)
+                              .where('expires_at >= ?', starts_at)
+
+    existing_dispute = existing_dispute.where.not(id: id) unless new_record?
+
+    return unless existing_dispute.any?
+
+    errors.add(:starts_at, 'Dispute already exists for this domain at given timeframe')
+  end
+end

app/models/dns/domain_name.rb

@@ -60,13 +60,18 @@ module DNS
     end
 
     def blocked?
-      BlockedDomain.where(name: name).any?
+      BlockedDomain.where(name: name).any? ||
+        BlockedDomain.where(name: SimpleIDN.to_unicode(name)).any?
     end
 
     def reserved?
       ReservedDomain.where(name: name).any?
     end
 
+    def disputed?
+      Dispute.active.where(domain_name: name).any?
+    end
+
     def auctionable?
       !not_auctionable?
     end
@@ -80,7 +85,7 @@ module DNS
     attr_reader :name
 
     def not_auctionable?
-      blocked? || reserved?
+      blocked? || reserved? || disputed?
     end
 
     def zone_with_same_origin?

app/models/dns/zone.rb

@@ -1,11 +1,14 @@
+# frozen_string_literal: true
+
 module DNS
-  class Zone < ActiveRecord::Base
+  class Zone < ApplicationRecord
     validates :origin, :ttl, :refresh, :retry, :expire, :minimum_ttl, :email, :master_nameserver, presence: true
     validates :ttl, :refresh, :retry, :expire, :minimum_ttl, numericality: { only_integer: true }
     validates :origin, uniqueness: true
+    include Concerns::Zone::WhoisQueryable
 
     before_destroy do
-      !used?
+      throw(:abort) if used?
     end
 
     def self.generate_zonefiles

app/models/dnskey.rb

@@ -1,4 +1,4 @@
-class Dnskey < ActiveRecord::Base
+class Dnskey < ApplicationRecord
   include Versions # version/dnskey_version.rb
   include EppErrors
 
@@ -9,10 +9,16 @@ class Dnskey < ActiveRecord::Base
   validate :validate_protocol
   validate :validate_flags
 
-  before_save -> { generate_digest if public_key_changed? && !ds_digest_changed? }
+  before_save lambda {
+    generate_digest if will_save_change_to_public_key? && !will_save_change_to_ds_digest?
+  }
 
   before_save lambda {
-    if (public_key_changed? || flags_changed? || alg_changed? || protocol_changed?) && !ds_key_tag_changed?
+    if (will_save_change_to_public_key? ||
+        will_save_change_to_flags? ||
+        will_save_change_to_alg? ||
+        will_save_change_to_protocol?) &&
+       !will_save_change_to_ds_key_tag?
       generate_ds_key_tag
     end
   }
@@ -22,6 +28,8 @@ class Dnskey < ActiveRecord::Base
   FLAGS = %w(0 256 257) # 256 = ZSK, 257 = KSK
   DS_DIGEST_TYPE = [1,2]
 
+  self.ignored_columns = %w[legacy_domain_id]
+
   def epp_code_map
     {
       '2005' => [

app/models/domain.rb

@@ -1,4 +1,4 @@
-class Domain < ActiveRecord::Base
+class Domain < ApplicationRecord
   include UserEvents
   include Versions # version/domain_version.rb
   include Concerns::Domain::Expirable
@@ -9,8 +9,7 @@ class Domain < ActiveRecord::Base
   include Concerns::Domain::Transferable
   include Concerns::Domain::RegistryLockable
   include Concerns::Domain::Releasable
-
+  include Concerns::Domain::Disputable
-  has_paper_trail class_name: "DomainVersion", meta: { children: :children_log }
 
   attr_accessor :roles
 
@@ -57,6 +56,7 @@ class Domain < ActiveRecord::Base
 
   has_many :legal_documents, as: :documentable
   accepts_nested_attributes_for :legal_documents, reject_if: proc { |attrs| attrs[:body].blank? }
+  has_many :registrant_verifications, dependent: :destroy
 
   after_initialize do
     self.pending_json = {} if pending_json.blank?
@@ -72,12 +72,13 @@ class Domain < ActiveRecord::Base
 
   before_update :manage_statuses
   def manage_statuses
-    return unless registrant_id_changed? # rollback has not yet happened
+    return unless will_save_change_to_registrant_id? # rollback has not yet happened
+
     pending_update! if registrant_verification_asked?
     true
   end
 
-  after_commit :update_whois_record, unless: 'domain_name.at_auction?'
+  after_commit :update_whois_record, unless: -> { domain_name.at_auction? }
 
   after_create :update_reserved_domains
   def update_reserved_domains
@@ -88,8 +89,8 @@ class Domain < ActiveRecord::Base
   validates :puny_label, length: { maximum: 63 }
   validates :period, presence: true, numericality: { only_integer: true }
   validates :transfer_code, presence: true
-
   validate :validate_reservation
+
   def validate_reservation
     return if persisted? || !in_reserved_list?
 
@@ -99,6 +100,7 @@ class Domain < ActiveRecord::Base
     end
 
     return if ReservedDomain.pw_for(name) == reserved_pw
+
     errors.add(:base, :invalid_auth_information_reserved)
   end
 
@@ -115,12 +117,15 @@ class Domain < ActiveRecord::Base
 
   attr_accessor :is_admin
 
-  validate :check_permissions, :unless => :is_admin
+  # Removed to comply new ForceDelete procedure
-  def check_permissions
+  # at https://github.com/internetee/registry/issues/1428#issuecomment-570561967
-    return unless force_delete_scheduled?
+  #
-    errors.add(:base, I18n.t(:object_status_prohibits_operation))
+  # validate :check_permissions, :unless => :is_admin
-    false
+  # def check_permissions
-  end
+  #   return unless force_delete_scheduled?
+  #   errors.add(:base, I18n.t(:object_status_prohibits_operation))
+  #   false
+  # end
 
   validates :nameservers, domain_nameserver: {
     min: -> { Setting.ns_min_count },
@@ -169,6 +174,8 @@ class Domain < ActiveRecord::Base
   attr_accessor :registrant_typeahead, :update_me,
     :epp_pending_update, :epp_pending_delete, :reserved_pw
 
+  self.ignored_columns = %w[legacy_id legacy_registrar_id legacy_registrant_id]
+
   def subordinate_nameservers
     nameservers.select { |x| x.hostname.end_with?(name) }
   end
@@ -191,8 +198,6 @@ class Domain < ActiveRecord::Base
     end
 
     def registrant_user_domains(registrant_user)
-      # In Rails 5, can be replaced with a much simpler `or` query method and the raw SQL parts can
-      # be removed.
       from(
         "(#{registrant_user_domains_by_registrant(registrant_user).to_sql} UNION " \
         "#{registrant_user_domains_by_contact(registrant_user).to_sql}) AS domains"
@@ -200,8 +205,6 @@ class Domain < ActiveRecord::Base
     end
 
     def registrant_user_direct_domains(registrant_user)
-      # In Rails 5, can be replaced with a much simpler `or` query method and the raw SQL parts can
-      # be removed.
       from(
         "(#{registrant_user_direct_domains_by_registrant(registrant_user).to_sql} UNION " \
         "#{registrant_user_direct_domains_by_contact(registrant_user).to_sql}) AS domains"
@@ -209,8 +212,6 @@ class Domain < ActiveRecord::Base
     end
 
     def registrant_user_administered_domains(registrant_user)
-      # In Rails 5, can be replaced with a much simpler `or` query method and the raw SQL parts can
-      # be removed.
       from(
         "(#{registrant_user_domains_by_registrant(registrant_user).to_sql} UNION " \
         "#{registrant_user_domains_by_admin_contact(registrant_user).to_sql}) AS domains"
@@ -229,7 +230,7 @@ class Domain < ActiveRecord::Base
 
     def registrant_user_domains_by_admin_contact(registrant_user)
       joins(:domain_contacts).where(domain_contacts: { contact_id: registrant_user.contacts,
-                                                       type: [AdminDomainContact] })
+                                                       type: [AdminDomainContact.name] })
     end
 
     def registrant_user_direct_domains_by_registrant(registrant_user)
@@ -283,20 +284,23 @@ class Domain < ActiveRecord::Base
   def server_holdable?
     return false if statuses.include?(DomainStatus::SERVER_HOLD)
     return false if statuses.include?(DomainStatus::SERVER_MANUAL_INZONE)
+
     true
   end
 
   def renewable?
-    if Setting.days_to_renew_domain_before_expire != 0
+    blocking_statuses = [DomainStatus::DELETE_CANDIDATE, DomainStatus::PENDING_RENEW,
+                         DomainStatus::PENDING_TRANSFER, DomainStatus::DISPUTED,
+                         DomainStatus::PENDING_UPDATE, DomainStatus::PENDING_DELETE,
+                         DomainStatus::PENDING_DELETE_CONFIRMATION]
+    return false if statuses.include_any? blocking_statuses
+    return true unless Setting.days_to_renew_domain_before_expire != 0
+
     # if you can renew domain at days_to_renew before domain expiration
-      if (expire_time.to_date - Date.today) + 1 > Setting.days_to_renew_domain_before_expire
+    if (expire_time.to_date - Time.zone.today) + 1 > Setting.days_to_renew_domain_before_expire
       return false
     end
-    end
 
-    return false if statuses.include_any?(DomainStatus::DELETE_CANDIDATE, DomainStatus::PENDING_RENEW,
-                                          DomainStatus::PENDING_TRANSFER, DomainStatus::PENDING_DELETE,
-                                          DomainStatus::PENDING_UPDATE, DomainStatus::PENDING_DELETE_CONFIRMATION)
     true
   end
 
@@ -486,9 +490,9 @@ class Domain < ActiveRecord::Base
             self.delete_date = nil
           when DomainStatus::SERVER_MANUAL_INZONE # removal causes server hold to set
             self.outzone_at = Time.zone.now if force_delete_scheduled?
-          when DomainStatus::DomainStatus::EXPIRED # removal causes server hold to set
+          when DomainStatus::EXPIRED # removal causes server hold to set
             self.outzone_at = self.expire_time + 15.day
-          when DomainStatus::DomainStatus::SERVER_HOLD # removal causes server hold to set
+          when DomainStatus::SERVER_HOLD # removal causes server hold to set
             self.outzone_at = nil
         end
       end
@@ -547,6 +551,8 @@ class Domain < ActiveRecord::Base
       activate if nameservers.reject(&:marked_for_destruction?).size >= Setting.ns_min_count
     end
 
+    cancel_force_delete if force_delete_scheduled? && will_save_change_to_registrant_id?
+
     if statuses.empty? && valid?
       statuses << DomainStatus::OK
     elsif (statuses.length > 1 && active?) || !valid?
@@ -585,6 +591,15 @@ class Domain < ActiveRecord::Base
     (admin_contacts.emails + [registrant.email]).uniq
   end
 
+  def force_delete_contact_emails
+    (primary_contact_emails + tech_contacts.pluck(:email) +
+      ["info@#{name}", "#{prepared_domain_name}@#{name}"]).uniq
+  end
+
+  def prepared_domain_name
+    name.split('.')&.first
+  end
+
   def new_registrant_email
     pending_json['new_registrant_email']
   end