Merge branch 'master' into refactor-messages

# Conflicts:
#	db/structure.sql

app/models/ability.rb

@@ -31,8 +31,6 @@ class Ability
   end
 
   def epp # Registrar/api_user dynamic role
-    can :view, :registrar_dashboard
-
     if @user.registrar.api_ip_white?(@ip)
       can :manage, :poll
       can :manage, Depp::Contact
@@ -71,7 +69,6 @@ class Ability
   end
 
   def billing # Registrar/api_user dynamic role
-    can :view, :registrar_dashboard
     can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id }
     can :manage, :deposit
     can :read, AccountActivity

app/models/admin_user.rb

@@ -9,7 +9,8 @@ class AdminUser < User
 
   ROLES = %w(user customer_service admin) # should not match to api_users roles
 
-  devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable
+  devise :database_authenticatable, :trackable, :validatable, :timeoutable,
+         authentication_keys: [:username]
 
   def self.min_password_length
     Devise.password_length.min

app/models/api_user.rb

@@ -2,11 +2,12 @@ require 'open3'
 
 class ApiUser < User
   include EppErrors
+  devise :database_authenticatable, :trackable, :timeoutable, authentication_keys: [:username]
 
   def epp_code_map
     {
       '2306' => [ # Parameter policy error
-        [:password, :blank]
+        %i[plain_text_password blank]
       ]
     }
   end
@@ -19,8 +20,8 @@ class ApiUser < User
   belongs_to :registrar
   has_many :certificates
 
-  validates :username, :password, :registrar, :roles, presence: true
-  validates :password, length: { minimum: min_password_length }
+  validates :username, :plain_text_password, :registrar, :roles, presence: true
+  validates :plain_text_password, length: { minimum: min_password_length }
   validates :username, uniqueness: true
 
   delegate :code, :name, to: :registrar, prefix: true
@@ -30,6 +31,7 @@ class ApiUser < User
 
   SUPER = 'super'
   EPP = 'epp'
+  BILLING = 'billing'
 
   ROLES = %w(super epp billing) # should not match to admin roles
 

app/models/certificate.rb

@@ -87,14 +87,14 @@ class Certificate < ActiveRecord::Base
     -extensions usr_cert -notext -md sha256 \
     -in #{csr_file.path} -out #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
 
-    if err.match(/Data Base Updated/)
+    if err.match?(/Data Base Updated/)
       crt_file.rewind
       self.crt = crt_file.read
       self.md5 = OpenSSL::Digest::MD5.new(parsed_crt.to_der).to_s
       save!
     else
       logger.error('FAILED TO CREATE CLIENT CERTIFICATE')
-      if err.match(/TXT_DB error number 2/)
+      if err.match?(/TXT_DB error number 2/)
         errors.add(:base, I18n.t('failed_to_create_crt_csr_already_signed'))
         logger.error('CSR ALREADY SIGNED')
       else

app/models/concerns/versions.rb

@@ -34,16 +34,12 @@ module Versions
     end
 
     def user_from_id_role_username(str)
-      user = ApiUser.find_by(id: $1) if str =~ /^(\d+)-(ApiUser:|api-)/
-      unless user.present?
-        user = AdminUser.find_by(id: $1) if str =~ /^(\d+)-AdminUser:/
-        unless user.present?
-          # on import we copied Registrar name, which may eql code
-          registrar = Registrar.find_by(name: str)
-          # assume each registrar has only one user
-          user = registrar.api_users.first if registrar
-        end
-      end
+      registrar = Registrar.find_by(name: str)
+      user = registrar.api_users.first if registrar
+
+      str_match = str.match(/^(\d+)-(ApiUser:|api-|AdminUser:)/)
+      user ||= User.find_by(id: str_match[1]) if str_match
+
       user
     end
 

app/models/nameserver.rb

@@ -100,18 +100,18 @@ class Nameserver < ActiveRecord::Base
 
   def check_puny_symbols
     regexp = /(\A|\.)..--/
-    errors.add(:hostname, :invalid) if hostname =~ regexp
+    errors.add(:hostname, :invalid) if hostname.match?(regexp)
   end
 
   def validate_ipv4_format
     ipv4.to_a.each do |ip|
-      errors.add(:ipv4, :invalid) unless ip =~ IPV4_REGEXP
+      errors.add(:ipv4, :invalid) unless ip.match?(IPV4_REGEXP)
     end
   end
 
   def validate_ipv6_format
     ipv6.to_a.each do |ip|
-      errors.add(:ipv6, :invalid) unless ip =~ IPV6_REGEXP
+      errors.add(:ipv6, :invalid) unless ip.match?(IPV6_REGEXP)
     end
   end
 end

app/models/registrant_user.rb

@@ -2,6 +2,8 @@ class RegistrantUser < User
   ACCEPTED_ISSUER = 'AS Sertifitseerimiskeskus'
   attr_accessor :idc_data
 
+  devise :database_authenticatable, :trackable, :timeoutable
+
   def ability
     @ability ||= Ability.new(self)
   end

app/models/user.rb

@@ -1,6 +1,5 @@
 class User < ActiveRecord::Base
   include Versions # version/user_version.rb
-  devise :trackable, :timeoutable
 
   attr_accessor :phone