diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb index c68e60e09..951a55584 100644 --- a/app/controllers/epp/sessions_controller.rb +++ b/app/controllers/epp/sessions_controller.rb @@ -18,7 +18,7 @@ class Epp::SessionsController < EppController @api_user = ApiUser.find_by(login_params) end - if @api_user.try(:active) && cert_valid && ip_white? + if @api_user.try(:active) && cert_valid && ip_white? && connection_limit_ok? if parsed_frame.css('newPW').first unless @api_user.update(password: parsed_frame.css('newPW').first.text) response.headers['X-EPP-Returncode'] = '2200' @@ -27,6 +27,7 @@ class Epp::SessionsController < EppController end epp_session[:api_user_id] = @api_user.id + epp_session.update_column(:registrar_id, @api_user.registrar_id) render_epp_response('login_success') else response.headers['X-EPP-Returncode'] = '2200' @@ -45,12 +46,24 @@ class Epp::SessionsController < EppController true end + def connection_limit_ok? + c = EppSession.where( + 'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes + ).count + + if c >= 4 + @msg = t('connection_limit_reached') + return false + end + true + end + # rubocop: enable Metrics/PerceivedComplexity # rubocop: enable Metrics/CyclomaticComplexity def logout @api_user = current_user # cache current_user for logging - epp_session[:api_user_id] = nil + epp_session.destroy response.headers['X-EPP-Returncode'] = '1500' render_epp_response('logout') end diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb index 0fa45ac6e..ad389e0c5 100644 --- a/app/controllers/registrar/sessions_controller.rb +++ b/app/controllers/registrar/sessions_controller.rb @@ -147,7 +147,7 @@ class Registrar::SessionsController < Devise::SessionsController def check_ip return if Rails.env.development? return if WhiteIp.registrar_ip_white?(request.ip) - render text: t('ip_is_not_whitelisted') and return + render text: t('access_denied') and return end def role_base_root_url(user) diff --git a/app/controllers/registrar_controller.rb b/app/controllers/registrar_controller.rb index 0bc56c356..e1b6b5a3c 100644 --- a/app/controllers/registrar_controller.rb +++ b/app/controllers/registrar_controller.rb @@ -18,7 +18,7 @@ class RegistrarController < ApplicationController end return if Rails.env.development? return if current_user.registrar.registrar_ip_white?(request.ip) - flash[:alert] = t('ip_is_not_whitelisted') + flash[:alert] = t('access_denied') sign_out(current_user) redirect_to registrar_login_path and return end diff --git a/app/models/epp_session.rb b/app/models/epp_session.rb index 816155f21..f051b50ed 100644 --- a/app/models/epp_session.rb +++ b/app/models/epp_session.rb @@ -1,8 +1,9 @@ class EppSession < ActiveRecord::Base before_save :marshal_data! + belongs_to :registrar # rubocop: disable Rails/ReadWriteAttribute - # Turned back to read_attribute, thus in Rails 4 + # Turned back to read_attribute, thus in Rails 4 # there is differences between self[:data] and read_attribute. def data @data ||= self.class.unmarshal(read_attribute(:data)) || {} diff --git a/config/locales/en.yml b/config/locales/en.yml index 0e5bdfc56..7997ae15e 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -797,3 +797,5 @@ en: registrant_domain_verification_rejected_failed: 'Something went wrong' ip_is_not_whitelisted: 'IP is not whitelisted' no_permission: 'No permission' + access_denied: 'Access denied' + connection_limit_reached: 'Connection limit reached' diff --git a/db/migrate/20150520164507_add_registrar_id_to_epp_session.rb b/db/migrate/20150520164507_add_registrar_id_to_epp_session.rb new file mode 100644 index 000000000..2eaf1434c --- /dev/null +++ b/db/migrate/20150520164507_add_registrar_id_to_epp_session.rb @@ -0,0 +1,5 @@ +class AddRegistrarIdToEppSession < ActiveRecord::Migration + def change + add_column :epp_sessions, :registrar_id, :integer + end +end diff --git a/db/schema.rb b/db/schema.rb index b0b227c79..7fb839e17 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -317,6 +317,7 @@ ActiveRecord::Schema.define(version: 20150520163237) do t.text "data" t.datetime "created_at" t.datetime "updated_at" + t.integer "registrar_id" end add_index "epp_sessions", ["session_id"], name: "index_epp_sessions_on_session_id", unique: true, using: :btree diff --git a/db/seeds.rb b/db/seeds.rb index 3ee57babd..3b4cef281 100644 --- a/db/seeds.rb +++ b/db/seeds.rb @@ -44,7 +44,6 @@ ApiUser.where( admin1 = { username: 'user1', password: 'testtest', - password_confirmation: 'testtest', email: 'user1@example.ee', identity_code: '37810013855', country_code: 'EE' @@ -52,7 +51,6 @@ admin1 = { admin2 = { username: 'user2', password: 'testtest', - password_confirmation: 'testtest', email: 'user2@example.ee', identity_code: '37810010085', country_code: 'EE' @@ -60,7 +58,6 @@ admin2 = { admin3 = { username: 'user3', password: 'testtest', - password_confirmation: 'testtest', email: 'user3@example.ee', identity_code: '37810010727', country_code: 'EE' @@ -69,7 +66,7 @@ admin3 = { [admin1, admin2, admin3].each do |at| admin = AdminUser.where(at) next if admin.present? - admin = AdminUser.new(at) + admin = AdminUser.new(at.merge({ password_confirmation: 'testtest' })) admin.roles = ['admin'] admin.save end diff --git a/spec/features/registrar/sessions_spec.rb b/spec/features/registrar/sessions_spec.rb index e969d507d..4a5c19a84 100644 --- a/spec/features/registrar/sessions_spec.rb +++ b/spec/features/registrar/sessions_spec.rb @@ -5,7 +5,7 @@ feature 'Sessions', type: :feature do it 'should not see login page' do WhiteIp.destroy_all visit registrar_login_path - page.should have_text('IP is not whitelisted') + page.should have_text('Access denied') end it 'should see log in' do @@ -23,7 +23,7 @@ feature 'Sessions', type: :feature do fill_in 'depp_user_tag', with: @api_user_invalid_ip.username fill_in 'depp_user_password', with: @api_user_invalid_ip.password click_button 'Log in' - page.should have_text('IP is not whitelisted') + page.should have_text('Access denied') end end