Merge branch 'master' of github.com:domify/registry

2025-07-02 01:03:35 +02:00 · 2015-05-20 21:00:03 +03:00 · 2015-05-20 21:00:03 +03:00 · 17bf5c373e
commit 17bf5c373e
parent 84cd0b8378 6a63c258f6
9 changed files with 30 additions and 11 deletions
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@ -18,7 +18,7 @@ class Epp::SessionsController < EppController
      @api_user = ApiUser.find_by(login_params)
    end

-    if @api_user.try(:active) && cert_valid && ip_white?
+    if @api_user.try(:active) && cert_valid && ip_white? && connection_limit_ok?
      if parsed_frame.css('newPW').first
        unless @api_user.update(password: parsed_frame.css('newPW').first.text)
          response.headers['X-EPP-Returncode'] = '2200'
@ -27,6 +27,7 @@ class Epp::SessionsController < EppController
      end

      epp_session[:api_user_id] = @api_user.id
+      epp_session.update_column(:registrar_id, @api_user.registrar_id)
      render_epp_response('login_success')
    else
      response.headers['X-EPP-Returncode'] = '2200'
@ -45,12 +46,24 @@ class Epp::SessionsController < EppController
    true
  end

+  def connection_limit_ok?
+    c = EppSession.where(
+      'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes
+    ).count
+
+    if c >= 4
+      @msg = t('connection_limit_reached')
+      return false
+    end
+    true
+  end
+
  # rubocop: enable Metrics/PerceivedComplexity
  # rubocop: enable Metrics/CyclomaticComplexity

  def logout
    @api_user = current_user # cache current_user for logging
-    epp_session[:api_user_id] = nil
+    epp_session.destroy
    response.headers['X-EPP-Returncode'] = '1500'
    render_epp_response('logout')
  end
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -147,7 +147,7 @@ class Registrar::SessionsController < Devise::SessionsController
  def check_ip
    return if Rails.env.development?
    return if WhiteIp.registrar_ip_white?(request.ip)
-    render text: t('ip_is_not_whitelisted') and return
+    render text: t('access_denied') and return
  end

  def role_base_root_url(user)
--- a/app/controllers/registrar_controller.rb
+++ b/app/controllers/registrar_controller.rb
@ -18,7 +18,7 @@ class RegistrarController < ApplicationController
    end
    return if Rails.env.development?
    return if current_user.registrar.registrar_ip_white?(request.ip)
-    flash[:alert] = t('ip_is_not_whitelisted')
+    flash[:alert] = t('access_denied')
    sign_out(current_user)
    redirect_to registrar_login_path and return
  end
--- a/app/models/epp_session.rb
+++ b/app/models/epp_session.rb
@ -1,6 +1,7 @@
 class EppSession < ActiveRecord::Base
  before_save :marshal_data!

+  belongs_to :registrar
  # rubocop: disable Rails/ReadWriteAttribute
  # Turned back to read_attribute, thus in Rails 4
  # there is differences between self[:data] and read_attribute.
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -797,3 +797,5 @@ en:
  registrant_domain_verification_rejected_failed: 'Something went wrong'
  ip_is_not_whitelisted: 'IP is not whitelisted'
  no_permission: 'No permission'
+  access_denied: 'Access denied'
+  connection_limit_reached: 'Connection limit reached'
--- a/db/migrate/20150520164507_add_registrar_id_to_epp_session.rb
+++ b/db/migrate/20150520164507_add_registrar_id_to_epp_session.rb
@ -0,0 +1,5 @@
+class AddRegistrarIdToEppSession < ActiveRecord::Migration
+  def change
+    add_column :epp_sessions, :registrar_id, :integer
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -317,6 +317,7 @@ ActiveRecord::Schema.define(version: 20150520163237) do
    t.text     "data"
    t.datetime "created_at"
    t.datetime "updated_at"
+    t.integer  "registrar_id"
  end

  add_index "epp_sessions", ["session_id"], name: "index_epp_sessions_on_session_id", unique: true, using: :btree
--- a/db/seeds.rb
+++ b/db/seeds.rb
@ -44,7 +44,6 @@ ApiUser.where(
 admin1 = {
  username: 'user1',
  password: 'testtest',
-  password_confirmation: 'testtest',
  email: 'user1@example.ee',
  identity_code: '37810013855',
  country_code: 'EE'
@ -52,7 +51,6 @@ admin1 = {
 admin2 = {
  username: 'user2',
  password: 'testtest',
-  password_confirmation: 'testtest',
  email: 'user2@example.ee',
  identity_code: '37810010085',
  country_code: 'EE'
@ -60,7 +58,6 @@ admin2 = {
 admin3 = {
  username: 'user3',
  password: 'testtest',
-  password_confirmation: 'testtest',
  email: 'user3@example.ee',
  identity_code: '37810010727',
  country_code: 'EE'
@ -69,7 +66,7 @@ admin3 = {
 [admin1, admin2, admin3].each do |at|
  admin = AdminUser.where(at)
  next if admin.present?
-  admin = AdminUser.new(at)
+  admin = AdminUser.new(at.merge({ password_confirmation: 'testtest' }))
  admin.roles = ['admin']
  admin.save
 end
--- a/spec/features/registrar/sessions_spec.rb
+++ b/spec/features/registrar/sessions_spec.rb
@ -5,7 +5,7 @@ feature 'Sessions', type: :feature do
    it 'should not see login page' do
      WhiteIp.destroy_all
      visit registrar_login_path
-      page.should have_text('IP is not whitelisted')
+      page.should have_text('Access denied')
    end

    it 'should see log in' do
@ -23,7 +23,7 @@ feature 'Sessions', type: :feature do
      fill_in 'depp_user_tag', with: @api_user_invalid_ip.username
      fill_in 'depp_user_password', with: @api_user_invalid_ip.password
      click_button 'Log in'
-      page.should have_text('IP is not whitelisted')
+      page.should have_text('Access denied')
    end
  end