Merge branch 'master' into registry-727

2025-06-09 06:04:56 +02:00 · 2018-02-24 08:26:10 +02:00 · 2018-02-24 08:26:10 +02:00 · 1e5face668
commit 1e5face668
parent b42d06024e a6c2b31629
99 changed files with 1134 additions and 566 deletions
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@ -1,5 +1,4 @@
---
+plugins:
 engines:
  brakeman:
    enabled: true
  bundler-audit:
@ -14,8 +13,6 @@ engines:
      languages:
      - ruby
      - javascript
      - python
      - php
  eslint:
    enabled: true
  fixme:
@ -33,24 +30,9 @@ engines:
    checks:
      IrresponsibleModule:
        enabled: false
-ratings:
+exclude_patterns:
-  paths:
+- "config/"
-  - Gemfile.lock
+- "db/"
-  - "**.erb"
+- "vendor/"
-  - "**.haml"
+- "spec/"
-  - "**.rb"
+- "test/"
  - "**.rhtml"
  - "**.slim"
  - "**.css"
  - "**.coffee"
  - "**.inc"
  - "**.js"
  - "**.jsx"
  - "**.module"
  - "**.php"
  - "**.py"
 exclude_paths:
 - config/
 - db/
 - spec/
 - vendor/
--- a/.reek
+++ b/.reek
@ -34,7 +34,6 @@ UncommunicativeVariableName:
  - Admin::SettingsController#create
  - Epp::DomainsController#renew
  - Epp::DomainsController#update
  - Epp::SessionsController#connection_limit_ok?
  - Epp::SessionsController#login
  - EppController
  - EppController#create_full_selectors
@ -172,7 +171,6 @@ DuplicateMethodCall:
  - Epp::PollsController#ack_poll
  - Epp::PollsController#poll
  - Epp::PollsController#req_poll
  - Epp::SessionsController#connection_limit_ok?
  - Epp::SessionsController#ip_white?
  - Epp::SessionsController#login
  - Epp::SessionsController#login_params
@ -538,7 +536,6 @@ IrresponsibleModule:
  - DomainStatus
  - DomainTransfer
  - Epp::Contact
  - EppSession
  - Invoice
  - InvoiceItem
  - Keyrelay
@ -960,7 +957,6 @@ FeatureEnvy:
  - ActionDispatch::Flash#call
  - Ransack::Adapters::ActiveRecord::Context#evaluate
  - EppConstraint#matches?
  - Requests::SessionHelpers#sign_in_to_epp_area
 TooManyMethods:
  exclude:
  - Epp::ContactsController
@ -1027,7 +1023,6 @@ PrimaDonnaMethod:
  - Contact
  - Domain
  - Epp::Domain
  - EppSession
  - RegistrantVerification
  - Registrar
 BooleanParameter:
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -1 +1,4 @@
 inherit_from: .rubocop_todo.yml
 Style/Alias:
  EnforcedStyle: prefer_alias_method
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@ -655,11 +655,6 @@ Performance/StringReplacement:
    - 'app/models/directo.rb'
    - 'app/models/dnskey.rb'
 # Offense count: 1
 Security/MarshalLoad:
  Exclude:
    - 'app/models/epp_session.rb'
 # Offense count: 4
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SupportedStyles.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,8 @@
 22.02.2018
 * BUG: Registrar: contact list export is not limited to 75 records any more [#721](https://github.com/internetee/registry/issues/721)
 * BUG: EPP: domain and associated objects are not validated on domain delete [#707](https://github.com/internetee/registry/issues/707)
 * EPP: improved session management (db constraints, model and db structure refactor, auto-tests) [#700](https://github.com/internetee/registry/issues/700)
 11.02.2018
 * BUG: Disable all object validations on domain transfer [#701](https://github.com/internetee/registry/issues/701)
--- a/app/api/repp/domain_transfers_v1.rb
+++ b/app/api/repp/domain_transfers_v1.rb
@ -15,6 +15,7 @@ module Repp
        new_registrar = current_user.registrar
        domain_transfers = params['data']['domainTransfers']
        successful_domain_transfers = []
        errors = []
        domain_transfers.each do |domain_transfer|
@ -24,7 +25,8 @@ module Repp
          if domain
            if domain.transfer_code == transfer_code
-              domain.transfer(new_registrar)
+              DomainTransfer.request(domain, new_registrar)
              successful_domain_transfers << { type: 'domain_transfer' }
            else
              errors << { title: "#{domain_name} transfer code is wrong" }
            end
@ -34,9 +36,8 @@ module Repp
        end
        if errors.none?
-          status 204
+          status 200
-          body false
+          @response = { data: successful_domain_transfers }
          @response = {}
        else
          status 400
          @response = { errors: errors }
--- a/app/controllers/epp/domains_controller.rb
+++ b/app/controllers/epp/domains_controller.rb
@ -142,6 +142,13 @@ class Epp::DomainsController < EppController
    authorize! :transfer, @domain, @password
    action = params[:parsed_frame].css('transfer').first[:op]
    if @domain.non_transferable?
      throw :epp_error, {
        code: '2304',
        msg: I18n.t(:object_status_prohibits_operation)
      }
    end
    @domain_transfer = @domain.transfer(params[:parsed_frame], action, current_user)
    if @domain_transfer
--- a/app/controllers/epp/polls_controller.rb
+++ b/app/controllers/epp/polls_controller.rb
@ -6,6 +6,8 @@ class Epp::PollsController < EppController
    ack_poll if params[:parsed_frame].css('poll').first['op'] == 'ack'
  end
  private
  def req_poll
    @message = current_user.queued_messages.last
@ -49,8 +51,6 @@ class Epp::PollsController < EppController
    render_epp_response 'epp/poll/poll_ack'
  end
  private
  def validate_poll
    requires_attribute 'poll', 'op', values: %(ack req), allow_blank: true
  end
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@ -74,7 +74,7 @@ class Epp::SessionsController < EppController
      success = false
    end
-    if success && !connection_limit_ok?
+    if success && EppSession.limit_reached?(@api_user.registrar)
      epp_errors << {
        msg: 'Authentication error; server closing connection (connection limit reached)',
        code: '2501'
@ -91,8 +91,10 @@ class Epp::SessionsController < EppController
        end
      end
-      epp_session[:api_user_id] = @api_user.id
+      epp_session = EppSession.new
-      epp_session.update_column(:registrar_id, @api_user.registrar_id)
+      epp_session.session_id = epp_session_id
      epp_session.user = @api_user
      epp_session.save!
      render_epp_response('login_success')
    else
      response.headers['X-EPP-Returncode'] = '2500'
@ -113,17 +115,16 @@ class Epp::SessionsController < EppController
    true
  end
-  def connection_limit_ok?
+  def logout
-    return true if Rails.env.test? || Rails.env.development?
+    unless signed_in?
-    c = EppSession.where(
+      epp_errors << {
-      'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 1.second
+        code: 2201,
-    ).count
+        msg: 'Authorization error'
-
+      }
-    return false if c >= 4
+      handle_errors
-    true
+      return
    end
  def logout
    @api_user = current_user # cache current_user for logging
    epp_session.destroy
    response.headers['X-EPP-Returncode'] = '1500'
--- a/app/controllers/epp_controller.rb
+++ b/app/controllers/epp_controller.rb
@ -4,11 +4,12 @@ class EppController < ApplicationController
  protect_from_forgery with: :null_session
  skip_before_action :verify_authenticity_token
  before_action :ensure_session_id_passed
  before_action :generate_svtrid
  before_action :latin_only
  before_action :validate_against_schema
  before_action :validate_request
-  before_action :update_epp_session
+  before_action :update_epp_session, if: 'signed_in?'
  around_action :catch_epp_errors
@ -86,41 +87,13 @@ class EppController < ApplicationController
    @params_hash ||= Hash.from_xml(params[:frame]).with_indifferent_access
  end
  # SESSION MANAGEMENT
  def epp_session
-    cookies # Probably does some initialization
+    EppSession.find_by(session_id: epp_session_id)
    cookie = env['rack.request.cookie_hash'] || {}
    EppSession.find_or_initialize_by(session_id: cookie['session'])
  end
  def update_epp_session
    iptables_counter_update
    e_s = epp_session
    return if e_s.new_record?
    if !Rails.env.development? && (e_s.updated_at < Time.zone.now - 5.minutes)
      @api_user = current_user # cache current_user for logging
      e_s.destroy
      response.headers['X-EPP-Returncode'] = '1500'
      epp_errors << {
        msg: t('session_timeout'),
        code: '2201'
      }
      handle_errors and return
    else
      e_s.update_column(:updated_at, Time.zone.now)
    end
  end
  def current_user
-    @current_user ||= ApiUser.find_by_id(epp_session[:api_user_id])
+    return unless signed_in?
-    # by default PaperTrail uses before filter and at that
+    epp_session.user
    # time current_user is not yet present
    ::PaperTrail.whodunnit = user_log_str(@current_user)
    ::PaperSession.session = epp_session.session_id if epp_session.session_id.present?
    @current_user
  end
  # ERROR + RESPONSE HANDLING
@ -362,7 +335,6 @@ class EppController < ApplicationController
  # rubocop: disable Metrics/CyclomaticComplexity
  # rubocop: disable Metrics/PerceivedComplexity
  def write_to_epp_log
    # return nil if EPP_LOG_ENABLED
    request_command = params[:command] || params[:action] # error receives :command, other methods receive :action
    frame = params[:raw_frame] || params[:frame]
@ -397,4 +369,42 @@ class EppController < ApplicationController
    name = self.class.to_s.sub("Epp::","").sub("Controller","").underscore.singularize
    instance_variable_get("@#{name}")
  end
  private
  def signed_in?
    epp_session
  end
  def epp_session_id
    cookies[:session] # Passed by mod_epp https://github.com/mod-epp/mod-epp#requestscript-interface
  end
  def ensure_session_id_passed
    raise 'EPP session id is empty' unless epp_session_id.present?
  end
  def update_epp_session
    iptables_counter_update
    if session_timeout_reached?
      @api_user = current_user # cache current_user for logging
      epp_session.destroy
      response.headers['X-EPP-Returncode'] = '1500'
      epp_errors << {
        msg: t('session_timeout'),
        code: '2201'
      }
      handle_errors and return
    else
      epp_session.update_column(:updated_at, Time.zone.now)
    end
  end
  def session_timeout_reached?
    timeout = 5.minutes
    epp_session.updated_at < (Time.zone.now - timeout)
  end
 end
--- a/app/controllers/registrar/contacts_controller.rb
+++ b/app/controllers/registrar/contacts_controller.rb
@ -50,11 +50,9 @@ class Registrar
      normalize_search_parameters do
        @q = contacts.search(params[:q])
-        @contacts = @q.result.page(params[:page])
+        @contacts = @q.result
      end
      @contacts = @contacts.per(params[:results_per_page]) if params[:results_per_page].to_i > 0
      respond_to do |format|
        format.csv { render text: @contacts.to_csv }
        format.pdf do
--- a/app/models/concerns/domain/transferable.rb
+++ b/app/models/concerns/domain/transferable.rb
@ -2,31 +2,18 @@ module Concerns::Domain::Transferable
  extend ActiveSupport::Concern
  included do
-    after_initialize :generate_transfer_code, if: 'new_record? && transfer_code.blank?'
+    after_initialize :generate_transfer_code, if: :generate_transfer_code?
  end
  def non_transferable?
    !transferable?
  end
  def transfer(new_registrar)
    old_registrar = registrar
    self.registrar = new_registrar
    regenerate_transfer_code
    contact_codes = contacts.pluck(:code).sort.uniq
    registrant_code = registrant.code
    transaction do
      old_registrar.messages.create!(
        body: I18n.t('domain_transfer_was_approved', contacts: contact_codes, registrant: registrant_code),
        attached_obj_id: id,
        attached_obj_type: self.class.name
      )
      domain_transfers.create!(
        transfer_requested_at: Time.zone.now,
        old_registrar: old_registrar,
        new_registrar: new_registrar
      )
      transfer_contacts(new_registrar)
      save!
    end
@ -34,6 +21,24 @@ module Concerns::Domain::Transferable
  private
  def transferable?
    (statuses & [
      DomainStatus::PENDING_DELETE_CONFIRMATION,
      DomainStatus::PENDING_CREATE,
      DomainStatus::PENDING_UPDATE,
      DomainStatus::PENDING_DELETE,
      DomainStatus::PENDING_RENEW,
      DomainStatus::PENDING_TRANSFER,
      DomainStatus::FORCE_DELETE,
      DomainStatus::SERVER_TRANSFER_PROHIBITED,
      DomainStatus::CLIENT_TRANSFER_PROHIBITED
    ]).empty?
  end
  def generate_transfer_code?
    new_record? && transfer_code.blank?
  end
  def generate_transfer_code
    self.transfer_code = SecureRandom.hex
  end
--- a/app/models/domain.rb
+++ b/app/models/domain.rb
@ -49,7 +49,7 @@ class Domain < ActiveRecord::Base
  accepts_nested_attributes_for :domain_statuses, allow_destroy: true,
                                                  reject_if: proc { |attrs| attrs[:value].blank? }
-  has_many :domain_transfers, dependent: :destroy
+  has_many :transfers, class_name: 'DomainTransfer', dependent: :destroy
  has_many :dnskeys, dependent: :destroy
@ -280,7 +280,7 @@ class Domain < ActiveRecord::Base
  end
  def pending_transfer
-    domain_transfers.find_by(status: DomainTransfer::PENDING)
+    transfers.find_by(status: DomainTransfer::PENDING)
  end
  def server_holdable?
--- a/app/models/domain_transfer.rb
+++ b/app/models/domain_transfer.rb
@ -10,6 +10,26 @@ class DomainTransfer < ActiveRecord::Base
  SERVER_APPROVED = 'serverApproved'
  before_create :set_wait_until
  class << self
    def request(domain, new_registrar)
      domain_transfer = create!(
        transfer_requested_at: Time.zone.now,
        domain: domain,
        old_registrar: domain.registrar,
        new_registrar: new_registrar
      )
      domain_transfer.approve if approve_automatically?
    end
    private
    def approve_automatically?
      Setting.transfer_wait_time.zero?
    end
  end
  def set_wait_until
    wait_time = Setting.transfer_wait_time
    return if wait_time == 0
@ -17,6 +37,7 @@ class DomainTransfer < ActiveRecord::Base
  end
  before_create :set_status
  def set_status
    if Setting.transfer_wait_time > 0
      self.status = PENDING unless status
@ -36,11 +57,29 @@ class DomainTransfer < ActiveRecord::Base
    status == PENDING
  end
-  def notify_losing_registrar(contacts, registrant)
+  def approve
    transaction do
      self.status = SERVER_APPROVED
      save!
      notify_old_registrar
      domain.transfer(new_registrar)
    end
  end
  private
  def notify_old_registrar
    old_contacts_codes = domain.contacts.pluck(:code).sort.uniq.join(', ')
    old_registrant_code = domain.registrant.code
    old_registrar.messages.create!(
-      body: I18n.t('domain_transfer_was_approved', contacts: contacts, registrant: registrant),
+      body: I18n.t('messages.texts.domain_transfer',
                   domain_name: domain.name,
                   old_contacts_codes: old_contacts_codes,
                   old_registrant_code: old_registrant_code),
      attached_obj_id: id,
-      attached_obj_type: self.class.to_s
+      attached_obj_type: self.class.name
    )
  end
 end
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@ -556,8 +556,6 @@ class Epp::Domain < Domain
  end
  def epp_destroy(frame, user_id)
    return false unless valid?
    check_discarded
    if doc = attach_legal_document(Epp::Domain.parse_legal_document_from_frame(frame))
@ -630,7 +628,7 @@ class Epp::Domain < Domain
    case action
    when 'query'
-      return domain_transfers.last if domain_transfers.any?
+      return transfers.last if transfers.any?
    when 'request'
      return pending_transfer if pending_transfer
      return query_transfer(frame, current_user)
@ -646,13 +644,6 @@ class Epp::Domain < Domain
  # rubocop: disable Metrics/MethodLength
  # rubocop: disable Metrics/AbcSize
  def query_transfer(frame, current_user)
    unless transferrable?
      throw :epp_error, {
        code: '2304',
        msg: I18n.t(:object_status_prohibits_operation)
      }
    end
    if current_user.registrar == registrar
      throw :epp_error, {
        code: '2002',
@ -660,11 +651,8 @@ class Epp::Domain < Domain
      }
    end
    old_contact_codes = contacts.pluck(:code).sort.uniq
    old_registrant_code = registrant.code
    transaction do
-      dt = domain_transfers.create!(
+      dt = transfers.create!(
        transfer_requested_at: Time.zone.now,
        old_registrar: registrar,
        new_registrar: current_user.registrar
@ -679,8 +667,8 @@ class Epp::Domain < Domain
      end
      if dt.approved?
        dt.send(:notify_old_registrar)
        transfer_contacts(current_user.registrar)
        dt.notify_losing_registrar(old_contact_codes, old_registrant_code)
        regenerate_transfer_code
        self.registrar = current_user.registrar
      end
@ -813,20 +801,6 @@ class Epp::Domain < Domain
    true
  end
  def transferrable?
    (statuses & [
        DomainStatus::PENDING_DELETE_CONFIRMATION,
        DomainStatus::PENDING_CREATE,
        DomainStatus::PENDING_UPDATE,
        DomainStatus::PENDING_DELETE,
        DomainStatus::PENDING_RENEW,
        DomainStatus::PENDING_TRANSFER,
        DomainStatus::FORCE_DELETE,
        DomainStatus::SERVER_TRANSFER_PROHIBITED,
        DomainStatus::CLIENT_TRANSFER_PROHIBITED
    ]).empty?
  end
  ## SHARED
  # For domain transfer
--- a/app/models/epp_session.rb
+++ b/app/models/epp_session.rb
@ -1,36 +1,14 @@
 class EppSession < ActiveRecord::Base
-  before_save :marshal_data!
+  belongs_to :user, required: true
-  belongs_to :registrar
+  validates :session_id, uniqueness: true, presence: true
  # rubocop: disable Rails/ReadWriteAttribute
  # Turned back to read_attribute, thus in Rails 4
  # there is differences between self[:data] and read_attribute.
  def data
    @data ||= self.class.unmarshal(read_attribute(:data)) || {}
  end
  # rubocop: enable Rails/ReadWriteAttribute
-  def [](key)
+  def self.limit_per_registrar
-    data[key.to_sym]
+    4
  end
-  def []=(key, value)
+  def self.limit_reached?(registrar)
-    data[key.to_sym] = value
+    count = where(user_id: registrar.api_users.ids).where('updated_at >= ?', Time.zone.now - 1.second).count
-    save!
+    count >= limit_per_registrar
  end
  def marshal_data!
    self.data = self.class.marshal(data)
  end
  class << self
    def marshal(data)
      ::Base64.encode64(Marshal.dump(data)) if data
    end
    def unmarshal(data)
      return data unless data.is_a? String
      Marshal.load(::Base64.decode64(data)) if data
    end
  end
 end
--- a/app/models/message.rb
+++ b/app/models/message.rb
@ -1,6 +1,6 @@
 class Message < ActiveRecord::Base
  include Versions # version/message_version.rb
-  belongs_to :registrar
+  belongs_to :registrar, required: true
  before_create -> { self.queued = true }
--- a/app/models/registrar.rb
+++ b/app/models/registrar.rb
@ -137,15 +137,6 @@ class Registrar < ActiveRecord::Base
    cash_account.account_activities.create!(args)
  end
  def domain_transfers
    at = DomainTransfer.arel_table
    DomainTransfer.where(
      at[:new_registrar_id].eq(id).or(
        at[:old_registrar_id].eq(id)
      )
    )
  end
  def address
    [street, city, state, zip].reject(&:blank?).compact.join(', ')
  end
--- a/app/views/epp/sessions/login_fail.xml.builder
+++ b/app/views/epp/sessions/login_fail.xml.builder
@ -1,9 +0,0 @@
 xml.epp_head do
  xml.response do
    xml.result('code' => '2501') do
      xml.msg(@msg || 'Authentication error; server closing connection')
    end
    render('epp/shared/trID', builder: xml)
  end
 end
--- a/app/views/registrar/polls/show.haml
+++ b/app/views/registrar/polls/show.haml
@ -2,7 +2,7 @@
  - msg_q = @data.css('msgQ').first
  .row
    .col-sm-12
-      %h2= t('messages', count: msg_q['count'])
+      %h2= t '.header', count: msg_q['count']
  %hr
    .row
      .col-md-12
@ -75,7 +75,7 @@
 - else
  .row
    .col-sm-12
-      %h2= t('messages', count: 0)
+      %h2= t '.header', count: 0
  %hr
    .row
      .col-md-12
--- a/config/initializers/initial_settings.rb
+++ b/config/initializers/initial_settings.rb
@ -73,6 +73,3 @@ if con.present? && con.table_exists?('settings')
  Setting.save_default(:registry_swift, 'LHVBEE22')
  Setting.save_default(:registry_invoice_contact, 'Martti Õigus')
 end
 # dev only setting
 EPP_LOG_ENABLED = true # !Rails.env.test?
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -214,20 +214,12 @@ en:
      blank: 'is missing'
      epp_domain_reserved: 'Domain name is reserved'
      epp_obj_does_not_exist: 'Object does not exist'
      epp_command_failed: 'Command failed'
      epp_authorization_error: 'Authorization error'
      epp_authentication_error: 'Authentication error'
      epp_id_taken: 'Contact id already exists'
      epp_domain_not_found: 'Domain not found'
      epp_exp_dates_do_not_match: 'Given and current expire dates do not match'
      epp_registrant_not_found: 'Registrant not found'
      epp_command_syntax_error: 'Command syntax error'
      required_parameter_missing: 'Required parameter missing: %{key}'
      attr_missing: 'Required parameter missing: %{key}'
      repeating_postal_info: 'Only one of each postal info types may be provided'
      invalid_type: 'PostalInfo type is invalid'
      unimplemented_command: 'Unimplemented command'
      domain_exists_but_belongs_to_other_registrar: 'Domain exists but belongs to other registrar'
      required_ident_attribute_missing: "Required ident attribute missing: %{key}"
      invalid_iso31661_alpha2: does not conform to ISO 3166-1 alpha-2 standard
      invalid_iso8601_date: has invalid date format YYYY-MM-DD (ISO 8601)
@ -451,7 +443,6 @@ en:
  client_side_status_editing_error: 'Parameter value policy error. Client-side object status management not supported'
  switch_to: Switch to
  admin_menu: Admin
  domain_transfer_was_approved: 'Domain transfer was approved, associated contacts were: %{contacts} and registrant was %{registrant}'
  business_registry_service_not_available: "Business Registry service Ärireg is not available"
  # DEPP
@ -526,7 +517,6 @@ en:
  address: 'Address'
  street: 'Street'
  city: 'City'
  messages: 'Messages (%{count})'
  message: 'Message'
  message_no: 'Message #%{id}'
  queue_date: 'Queue date'
@ -754,7 +744,6 @@ en:
  parameter_value_range_error: 'Parameter value range error: %{key}'
  payment_received: 'Payment received'
  api_user_not_found: 'API user not found'
  domain_already_belongs_to_the_querying_registrar: 'Domain already belongs to the querying registrar'
  notes: Notes
  active_price_for_this_operation_is: 'Active price for this operation is %{price}'
  active_price_missing_for_this_operation: 'Active price missing for this operation!'
--- a/config/locales/messages.en.yml
+++ b/config/locales/messages.en.yml
@ -0,0 +1,7 @@
 en:
  messages:
    texts:
      domain_transfer: >-
        Transfer of domain %{domain_name} has been approved.
        It was associated with registrant %{old_registrant_code}
        and contacts %{old_contacts_codes}.
--- a/config/locales/registrar/polls.en.yml
+++ b/config/locales/registrar/polls.en.yml
@ -0,0 +1,5 @@
 en:
  registrar:
    polls:
      show:
        header: Messages (%{count})
--- a/db/migrate/20180206213435_change_epp_sessions_session_id_to_not_null.rb
+++ b/db/migrate/20180206213435_change_epp_sessions_session_id_to_not_null.rb
@ -0,0 +1,5 @@
 class ChangeEppSessionsSessionIdToNotNull < ActiveRecord::Migration
  def change
    change_column_null :epp_sessions, :session_id, false
  end
 end
--- a/db/migrate/20180206234620_add_epp_sessions_user_id.rb
+++ b/db/migrate/20180206234620_add_epp_sessions_user_id.rb
@ -0,0 +1,5 @@
 class AddEppSessionsUserId < ActiveRecord::Migration
  def change
    add_reference :epp_sessions, :user, foreign_key: true
  end
 end
--- a/db/migrate/20180207071528_extract_user_id_from_epp_sessions_data.rb
+++ b/db/migrate/20180207071528_extract_user_id_from_epp_sessions_data.rb
@ -0,0 +1,10 @@
 class ExtractUserIdFromEppSessionsData < ActiveRecord::Migration
  def change
    EppSession.all.each do |epp_session|
      user_id = Marshal.load(::Base64.decode64(epp_session.data_before_type_cast))[:api_user_id]
      user = ApiUser.find(user_id)
      epp_session.user = user
      epp_session.save!
    end
  end
 end
--- a/db/migrate/20180207072139_remove_epp_sessions_data.rb
+++ b/db/migrate/20180207072139_remove_epp_sessions_data.rb
@ -0,0 +1,5 @@
 class RemoveEppSessionsData < ActiveRecord::Migration
  def change
    remove_column :epp_sessions, :data, :string
  end
 end
--- a/db/migrate/20180211011450_change_messages_registrar_id_to_not_null.rb
+++ b/db/migrate/20180211011450_change_messages_registrar_id_to_not_null.rb
@ -0,0 +1,5 @@
 class ChangeMessagesRegistrarIdToNotNull < ActiveRecord::Migration
  def change
    change_column_null :messages, :registrar_id, false
  end
 end
--- a/db/migrate/20180211011948_add_messages_registrar_id_fk.rb
+++ b/db/migrate/20180211011948_add_messages_registrar_id_fk.rb
@ -0,0 +1,5 @@
 class AddMessagesRegistrarIdFk < ActiveRecord::Migration
  def change
    add_foreign_key :messages, :registrars, name: 'messages_registrar_id_fk'
  end
 end
--- a/db/migrate/20180212123810_remove_epp_sessions_registrar_id.rb
+++ b/db/migrate/20180212123810_remove_epp_sessions_registrar_id.rb
@ -0,0 +1,5 @@
 class RemoveEppSessionsRegistrarId < ActiveRecord::Migration
  def change
    remove_column :epp_sessions, :registrar_id, :integer
  end
 end
--- a/db/migrate/20180212152810_add_epp_sessions_session_id_unique_constraint.rb
+++ b/db/migrate/20180212152810_add_epp_sessions_session_id_unique_constraint.rb
@ -0,0 +1,13 @@
 class AddEppSessionsSessionIdUniqueConstraint < ActiveRecord::Migration
  def up
    execute <<-SQL
      ALTER TABLE epp_sessions ADD CONSTRAINT unique_session_id UNIQUE (session_id)
    SQL
  end
  def down
    execute <<-SQL
      ALTER TABLE epp_sessions DROP CONSTRAINT unique_session_id
    SQL
  end
 end
--- a/db/migrate/20180212154731_remove_epp_sessions_session_id_unique_index.rb
+++ b/db/migrate/20180212154731_remove_epp_sessions_session_id_unique_index.rb
@ -0,0 +1,5 @@
 class RemoveEppSessionsSessionIdUniqueIndex < ActiveRecord::Migration
  def change
    remove_index :epp_sessions, name: :index_epp_sessions_on_session_id
  end
 end
--- a/db/migrate/20180213183818_change_epp_sessions_user_id_to_not_null.rb
+++ b/db/migrate/20180213183818_change_epp_sessions_user_id_to_not_null.rb
@ -0,0 +1,5 @@
 class ChangeEppSessionsUserIdToNotNull < ActiveRecord::Migration
  def change
    change_column_null :epp_sessions, :user_id, false
  end
 end
--- a/db/migrate/20180214200224_add_domain_transfers_constraints.rb
+++ b/db/migrate/20180214200224_add_domain_transfers_constraints.rb
@ -0,0 +1,7 @@
 class AddDomainTransfersConstraints < ActiveRecord::Migration
  def change
    change_column_null :domain_transfers, :domain_id, false
    change_column_null :domain_transfers, :old_registrar_id, false
    change_column_null :domain_transfers, :new_registrar_id, false
  end
 end
--- a/db/migrate/20180214213743_change_messages_body_to_not_null.rb
+++ b/db/migrate/20180214213743_change_messages_body_to_not_null.rb
@ -0,0 +1,5 @@
 class ChangeMessagesBodyToNotNull < ActiveRecord::Migration
  def change
    change_column_null :messages, :body, false
  end
 end
--- a/db/migrate/20180218004148_change_messages_attached_obj_id_type_to_int.rb
+++ b/db/migrate/20180218004148_change_messages_attached_obj_id_type_to_int.rb
@ -0,0 +1,5 @@
 class ChangeMessagesAttachedObjIdTypeToInt < ActiveRecord::Migration
  def change
    change_column :messages, :attached_obj_id, 'integer USING attached_obj_id::integer'
  end
 end
--- a/db/structure.sql
+++ b/db/structure.sql
@ -954,12 +954,12 @@ ALTER SEQUENCE domain_statuses_id_seq OWNED BY domain_statuses.id;
 CREATE TABLE domain_transfers (
    id integer NOT NULL,
-    domain_id integer,
+    domain_id integer NOT NULL,
    status character varying,
    transfer_requested_at timestamp without time zone,
    transferred_at timestamp without time zone,
-    old_registrar_id integer,
+    old_registrar_id integer NOT NULL,
-    new_registrar_id integer,
+    new_registrar_id integer NOT NULL,
    created_at timestamp without time zone,
    updated_at timestamp without time zone,
    wait_until timestamp without time zone
@ -1050,11 +1050,10 @@ ALTER SEQUENCE domains_id_seq OWNED BY domains.id;
 CREATE TABLE epp_sessions (
    id integer NOT NULL,
-    session_id character varying,
+    session_id character varying NOT NULL,
    data text,
    created_at timestamp without time zone,
    updated_at timestamp without time zone,
-    registrar_id integer
+    user_id integer NOT NULL
 );
@ -2184,10 +2183,10 @@ ALTER SEQUENCE mail_templates_id_seq OWNED BY mail_templates.id;
 CREATE TABLE messages (
    id integer NOT NULL,
-    registrar_id integer,
+    registrar_id integer NOT NULL,
-    body character varying,
+    body character varying NOT NULL,
    attached_obj_type character varying,
-    attached_obj_id character varying,
+    attached_obj_id integer,
    queued boolean,
    created_at timestamp without time zone,
    updated_at timestamp without time zone,
@ -3635,6 +3634,14 @@ ALTER TABLE ONLY contacts
    ADD CONSTRAINT unique_contact_code UNIQUE (code);
 --
 -- Name: unique_session_id; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: 
 --
 ALTER TABLE ONLY epp_sessions
    ADD CONSTRAINT unique_session_id UNIQUE (session_id);
 --
 -- Name: unique_zone_origin; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace: 
 --
@ -3886,13 +3893,6 @@ CREATE INDEX index_domains_on_registrar_id ON domains USING btree (registrar_id)
 CREATE INDEX index_domains_on_statuses ON domains USING gin (statuses);
 --
 -- Name: index_epp_sessions_on_session_id; Type: INDEX; Schema: public; Owner: -; Tablespace: 
 --
 CREATE UNIQUE INDEX index_epp_sessions_on_session_id ON epp_sessions USING btree (session_id);
 --
 -- Name: index_epp_sessions_on_updated_at; Type: INDEX; Schema: public; Owner: -; Tablespace: 
 --
@ -4484,6 +4484,14 @@ ALTER TABLE ONLY domain_transfers
    ADD CONSTRAINT fk_rails_87b8e40c63 FOREIGN KEY (domain_id) REFERENCES domains(id);
 --
 -- Name: fk_rails_adff2dc8e3; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
 ALTER TABLE ONLY epp_sessions
    ADD CONSTRAINT fk_rails_adff2dc8e3 FOREIGN KEY (user_id) REFERENCES users(id);
 --
 -- Name: fk_rails_b80dbb973d; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
@ -4516,6 +4524,14 @@ ALTER TABLE ONLY account_activities
    ADD CONSTRAINT fk_rails_d2cc3c2fa9 FOREIGN KEY (price_id) REFERENCES prices(id);
 --
 -- Name: messages_registrar_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
 ALTER TABLE ONLY messages
    ADD CONSTRAINT messages_registrar_id_fk FOREIGN KEY (registrar_id) REFERENCES registrars(id);
 --
 -- Name: user_registrar_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: -
 --
@ -5070,3 +5086,29 @@ INSERT INTO schema_migrations (version) VALUES ('20180126104536');
 INSERT INTO schema_migrations (version) VALUES ('20180126104903');
 INSERT INTO schema_migrations (version) VALUES ('20180206213435');
 INSERT INTO schema_migrations (version) VALUES ('20180206234620');
 INSERT INTO schema_migrations (version) VALUES ('20180207071528');
 INSERT INTO schema_migrations (version) VALUES ('20180207072139');
 INSERT INTO schema_migrations (version) VALUES ('20180211011450');
 INSERT INTO schema_migrations (version) VALUES ('20180211011948');
 INSERT INTO schema_migrations (version) VALUES ('20180212123810');
 INSERT INTO schema_migrations (version) VALUES ('20180212152810');
 INSERT INTO schema_migrations (version) VALUES ('20180212154731');
 INSERT INTO schema_migrations (version) VALUES ('20180213183818');
 INSERT INTO schema_migrations (version) VALUES ('20180214200224');
 INSERT INTO schema_migrations (version) VALUES ('20180214213743');
 INSERT INTO schema_migrations (version) VALUES ('20180218004148');
--- a/doc/controllers_complete.svg
+++ b/doc/controllers_complete.svg
@ -71,7 +71,6 @@
 <path fill="none" stroke="black" d="M532,-320.5C532,-320.5 656,-320.5 656,-320.5 662,-320.5 668,-326.5 668,-332.5 668,-332.5 668,-491.5 668,-491.5 668,-497.5 662,-503.5 656,-503.5 656,-503.5 532,-503.5 532,-503.5 526,-503.5 520,-497.5 520,-491.5 520,-491.5 520,-332.5 520,-332.5 520,-326.5 526,-320.5 532,-320.5"/>
 <text text-anchor="middle" x="594" y="-488.3" font-family="Times,serif" font-size="14.00">Epp::SessionsController</text>
 <polyline fill="none" stroke="black" points="520,-480.5 668,-480.5 "/>
 <text text-anchor="start" x="528" y="-465.3" font-family="Times,serif" font-size="14.00">connection_limit_ok?</text>
 <text text-anchor="start" x="528" y="-450.3" font-family="Times,serif" font-size="14.00">hello</text>
 <text text-anchor="start" x="528" y="-435.3" font-family="Times,serif" font-size="14.00">ip_white?</text>
 <text text-anchor="start" x="528" y="-420.3" font-family="Times,serif" font-size="14.00">login</text>
@ -87,9 +86,7 @@
 <path fill="none" stroke="black" d="M-288,-561C-288,-561 -184,-561 -184,-561 -178,-561 -172,-567 -172,-573 -172,-573 -172,-687 -172,-687 -172,-693 -178,-699 -184,-699 -184,-699 -288,-699 -288,-699 -294,-699 -300,-693 -300,-687 -300,-687 -300,-573 -300,-573 -300,-567 -294,-561 -288,-561"/>
 <text text-anchor="middle" x="-236" y="-683.8" font-family="Times,serif" font-size="14.00">Epp::PollsController</text>
 <polyline fill="none" stroke="black" points="-300,-676 -172,-676 "/>
 <text text-anchor="start" x="-292" y="-660.8" font-family="Times,serif" font-size="14.00">ack_poll</text>
 <text text-anchor="start" x="-292" y="-645.8" font-family="Times,serif" font-size="14.00">poll</text>
 <text text-anchor="start" x="-292" y="-630.8" font-family="Times,serif" font-size="14.00">req_poll</text>
 <polyline fill="none" stroke="black" points="-300,-623 -172,-623 "/>
 <polyline fill="none" stroke="black" points="-300,-599 -172,-599 "/>
 <text text-anchor="start" x="-292" y="-583.8" font-family="Times,serif" font-size="14.00">_layout</text>
@ -681,7 +678,6 @@
 <text text-anchor="start" x="-72.5" y="74.2" font-family="Times,serif" font-size="14.00">render_epp_response</text>
 <text text-anchor="start" x="-72.5" y="89.2" font-family="Times,serif" font-size="14.00">requires</text>
 <text text-anchor="start" x="-72.5" y="104.2" font-family="Times,serif" font-size="14.00">requires_attribute</text>
 <text text-anchor="start" x="-72.5" y="119.2" font-family="Times,serif" font-size="14.00">update_epp_session</text>
 <text text-anchor="start" x="-72.5" y="134.2" font-family="Times,serif" font-size="14.00">validate_request</text>
 <text text-anchor="start" x="-72.5" y="149.2" font-family="Times,serif" font-size="14.00">write_to_epp_log</text>
 <text text-anchor="start" x="-72.5" y="164.2" font-family="Times,serif" font-size="14.00">xml_attrs_present?</text>
--- a/doc/repp/v1/domain_transfers.md
+++ b/doc/repp/v1/domain_transfers.md
@ -28,9 +28,21 @@ Authorization: Basic dGVzdDp0ZXN0dGVzdA==
 #### Response on success
 ```
-HTTP/1.1 204
+HTTP/1.1 200
 Content-Type: application/json
 {
   "data":[
      {
         "type":"domain_transfer"
      },
      {
         "type":"domain_transfer"
      }
   ]
 }
 ```
 #### Response on failure
 ```
 HTTP/1.1 400
--- a/lib/tasks/dev.rake
+++ b/lib/tasks/dev.rake
@ -49,9 +49,9 @@ namespace :dev do
      account = create(:account, registrar: registrar, balance: 1_000_000)
      api_user = create(:api_user, username: 'test', password: 'testtest', registrar: registrar)
-      epp_session = build(:epp_session, registrar: registrar)
+      epp_session = EppSession.new
-      epp_session[:api_user_id] = api_user.id
+      epp_session.session_id = 'test'
-      epp_session.registrar_id = registrar.id
+      epp_session.user = api_user
      epp_session.save!
      domain_counter = 1.step
--- a/spec/factories/epp_session.rb
+++ b/spec/factories/epp_session.rb
@ -1,5 +1,6 @@
 FactoryBot.define do
  factory :epp_session do
-
+    sequence(:session_id) { |n| "test#{n}" }
    association :user, factory: :api_user
  end
 end
--- a/spec/factories/message.rb
+++ b/spec/factories/message.rb
@ -1,5 +0,0 @@
 FactoryBot.define do
  factory :message do
    body 'fabricator body'
  end
 end
--- a/spec/models/epp_session.rb
+++ b/spec/models/epp_session.rb
@ -1,21 +0,0 @@
 require 'rails_helper'
 describe EppSession do
  let(:epp_session) { create(:epp_session) }
  it 'has marshalled data' do
    expect(epp_session.read_attribute(:data)).to_not be_blank
    expect(epp_session.read_attribute(:data).class).to eq(String)
    expect(epp_session.data.class).to eq(Hash)
  end
  it 'stores data' do
    expect(epp_session[:api_user_id]).to eq(1)
    epp_session[:api_user_id] = 3
    expect(epp_session[:api_user_id]).to eq(3)
    epp_session =  EppSession.find_by(session_id: 'test')
    expect(epp_session[:api_user_id]).to eq(3)
  end
 end
--- a/spec/models/message_spec.rb
+++ b/spec/models/message_spec.rb
@ -1,47 +0,0 @@
 require 'rails_helper'
 describe Message do
  context 'with invalid attribute' do
    before :all do
      @mssage = Message.new
    end
    it 'should not be valid' do
      @mssage.valid?
      @mssage.errors.full_messages.should match_array([
        "Body is missing"
      ])
    end
    it 'should not have any versions' do
      @mssage.versions.should == []
    end
  end
  context 'with valid attributes' do
    before :all do
      @mssage = create(:message)
    end
    it 'should be valid' do
      @mssage.valid?
      @mssage.errors.full_messages.should match_array([])
    end
    it 'should be valid twice' do
      @mssage = create(:message)
      @mssage.valid?
      @mssage.errors.full_messages.should match_array([])
    end
    it 'should have one version' do
      with_versioning do
        @mssage.versions.should == []
        @mssage.body = 'New body'
        @mssage.save
        @mssage.errors.full_messages.should match_array([])
        @mssage.versions.size.should == 1
      end
    end
  end
 end
--- a/spec/requests/epp/contact/create/ident_spec.rb
+++ b/spec/requests/epp/contact/create/ident_spec.rb
@ -1,11 +1,14 @@
 require 'rails_helper'
 RSpec.describe 'EPP contact:create' do
-  let(:request) { post '/epp/command/create', frame: request_xml }
+  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  before do
    Setting.address_processing = false
-    sign_in_to_epp_area
+    login_as user
  end
  context 'when all ident params are valid' do
--- a/spec/requests/epp/contact/create/phone_spec.rb
+++ b/spec/requests/epp/contact/create/phone_spec.rb
@ -2,7 +2,10 @@ require 'rails_helper'
 require_relative '../shared/phone'
 RSpec.describe 'EPP contact:create' do
-  let(:request) { post '/epp/command/create', frame: request_xml }
+  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let(:request_xml) { <<-XML
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
@ -27,7 +30,7 @@ RSpec.describe 'EPP contact:create' do
  }
  before do
-    sign_in_to_epp_area
+    login_as user
    allow(Contact).to receive(:address_processing?).and_return(false)
  end
--- a/spec/requests/epp/contact/create_spec.rb
+++ b/spec/requests/epp/contact/create_spec.rb
@ -1,6 +1,9 @@
 require 'rails_helper'
 RSpec.describe 'EPP contact:create' do
  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request_xml_with_address) { '<?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
      <command>
@ -36,7 +39,7 @@ RSpec.describe 'EPP contact:create' do
  subject(:address_saved) { Contact.last.attributes.slice(*Contact.address_attribute_names).compact.any? }
  before do
-    sign_in_to_epp_area
+    login_as user
  end
  context 'when address processing is enabled' do
@ -46,17 +49,17 @@ RSpec.describe 'EPP contact:create' do
    context 'with address' do
      it 'returns epp code of 1000' do
-        post '/epp/command/create', frame: request_xml_with_address
+        post '/epp/command/create', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_code).to eq('1000')
      end
      it 'returns epp description' do
-        post '/epp/command/create', frame: request_xml_with_address
+        post '/epp/command/create', { frame: request_xml_with_address}, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_description).to eq('Command completed successfully')
      end
      it 'saves address' do
-        post '/epp/command/create', frame: request_xml_with_address
+        post '/epp/command/create', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(address_saved).to be_truthy
      end
    end
@ -69,17 +72,17 @@ RSpec.describe 'EPP contact:create' do
    context 'with address' do
      it 'returns epp code of 1100' do
-        post '/epp/command/create', frame: request_xml_with_address
+        post '/epp/command/create', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_code).to eq('1100')
      end
      it 'returns epp description' do
-        post '/epp/command/create', frame: request_xml_with_address
+        post '/epp/command/create', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_description).to eq('Command completed successfully; Postal address data discarded')
      end
      it 'does not save address' do
-        post '/epp/command/create', frame: request_xml_with_address
+        post '/epp/command/create', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(address_saved).to be_falsey
      end
    end
@ -110,12 +113,12 @@ RSpec.describe 'EPP contact:create' do
      }
      it 'returns epp code of 1000' do
-        post '/epp/command/create', frame: request_xml_without_address
+        post '/epp/command/create', { frame: request_xml_without_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_code).to eq('1000')
      end
      it 'returns epp description' do
-        post '/epp/command/create', frame: request_xml_without_address
+        post '/epp/command/create', { frame: request_xml_without_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_description).to eq('Command completed successfully')
      end
    end
--- a/spec/requests/epp/contact/delete/used_spec.rb
+++ b/spec/requests/epp/contact/delete/used_spec.rb
@ -1,10 +1,11 @@
 require 'rails_helper'
 RSpec.describe 'EPP contact:delete' do
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:user) { create(:api_user, registrar: registrar) }
  let(:registrar) { create(:registrar) }
  let!(:registrant) { create(:registrant, registrar: registrar, code: 'TEST') }
-  let(:request) { post '/epp/command/delete', frame: request_xml }
+  let(:request) { post '/epp/command/delete', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let(:request_xml) { <<-XML
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
@ -20,7 +21,7 @@ RSpec.describe 'EPP contact:delete' do
  }
  before do
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when contact is used' do
--- a/spec/requests/epp/contact/info_spec.rb
+++ b/spec/requests/epp/contact/info_spec.rb
@ -1,6 +1,9 @@
 require 'rails_helper'
 RSpec.describe 'EPP contact:update' do
  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request_xml) { '<?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
      <command>
@ -19,7 +22,7 @@ RSpec.describe 'EPP contact:update' do
                              .count }
  before do
-    sign_in_to_epp_area
+    login_as user
    create(:contact, code: 'TEST')
  end
@ -29,12 +32,12 @@ RSpec.describe 'EPP contact:update' do
    end
    it 'returns epp code of 1000' do
-      post '/epp/command/info', frame: request_xml
+      post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response_code).to eq('1000')
    end
    it 'returns address' do
-      post '/epp/command/info', frame: request_xml
+      post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(address_count).to_not be_zero
    end
  end
@ -45,12 +48,12 @@ RSpec.describe 'EPP contact:update' do
    end
    it 'returns epp code of 1000' do
-      post '/epp/command/info', frame: request_xml
+      post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response_code).to eq('1000')
    end
    it 'does not return address' do
-      post '/epp/command/info', frame: request_xml
+      post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(address_count).to be_zero
    end
  end
--- a/spec/requests/epp/contact/update/ident_spec.rb
+++ b/spec/requests/epp/contact/update/ident_spec.rb
@ -3,8 +3,11 @@ require 'rails_helper'
 # https://github.com/internetee/registry/issues/576
 RSpec.describe 'EPP contact:update' do
  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:ident) { contact.identifier }
-  let(:request) { post '/epp/command/update', frame: request_xml }
+  let(:request) { post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let(:request_xml) { <<-XML
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
@ -30,7 +33,7 @@ RSpec.describe 'EPP contact:update' do
  }
  before do
-    sign_in_to_epp_area
+    login_as user
  end
  context 'when contact ident is valid' do
--- a/spec/requests/epp/contact/update/phone_spec.rb
+++ b/spec/requests/epp/contact/update/phone_spec.rb
@ -2,8 +2,11 @@ require 'rails_helper'
 require_relative '../shared/phone'
 RSpec.describe 'EPP contact:update' do
  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let!(:contact) { create(:contact, code: 'TEST') }
-  let(:request) { post '/epp/command/update', frame: request_xml }
+  let(:request) { post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let(:request_xml) { <<-XML
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
@ -22,7 +25,7 @@ RSpec.describe 'EPP contact:update' do
  }
  before do
-    sign_in_to_epp_area
+    login_as user
    allow(Contact).to receive(:address_processing?).and_return(false)
  end
--- a/spec/requests/epp/contact/update_spec.rb
+++ b/spec/requests/epp/contact/update_spec.rb
@ -1,6 +1,9 @@
 require 'rails_helper'
 RSpec.describe 'EPP contact:update' do
  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request_xml_with_address) { '<?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
      <command>
@ -33,7 +36,7 @@ RSpec.describe 'EPP contact:update' do
  subject(:response_description) { response_xml.css('result msg').text }
  before do
-    sign_in_to_epp_area
+    login_as user
    create(:contact, code: 'TEST')
  end
@ -44,12 +47,12 @@ RSpec.describe 'EPP contact:update' do
    context 'with address' do
      it 'returns epp code of 1000' do
-        post '/epp/command/update', frame: request_xml_with_address
+        post '/epp/command/update', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_code).to eq('1000')
      end
      it 'returns epp description' do
-        post '/epp/command/update', frame: request_xml_with_address
+        post '/epp/command/update', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_description).to eq('Command completed successfully')
      end
    end
@ -62,12 +65,12 @@ RSpec.describe 'EPP contact:update' do
    context 'with address' do
      it 'returns epp code of 1100' do
-        post '/epp/command/update', frame: request_xml_with_address
+        post '/epp/command/update', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_code).to eq('1100')
      end
      it 'returns epp description' do
-        post '/epp/command/update', frame: request_xml_with_address
+        post '/epp/command/update', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_description).to eq('Command completed successfully; Postal address data discarded')
      end
    end
@ -92,12 +95,12 @@ RSpec.describe 'EPP contact:update' do
      }
      it 'returns epp code of 1000' do
-        post '/epp/command/update', frame: request_xml_without_address
+        post '/epp/command/update', { frame: request_xml_without_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_code).to eq('1000')
      end
      it 'returns epp description' do
-        post '/epp/command/update', frame: request_xml_without_address
+        post '/epp/command/update', { frame: request_xml_without_address }, 'HTTP_COOKIE' => "session=#{session_id}"
        expect(response_description).to eq('Command completed successfully')
      end
    end
--- a/spec/requests/epp/domain/create/account_balance_spec.rb
+++ b/spec/requests/epp/domain/create/account_balance_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:create', settings: false do
-  let(:request) { post '/epp/command/create', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:contact) { create(:contact, code: 'test') }
  let!(:zone) { create(:zone, origin: 'test') }
@ -36,7 +37,7 @@ RSpec.describe 'EPP domain:create', settings: false do
  before :example do
    travel_to Time.zone.parse('05.07.2010')
    Setting.days_to_renew_domain_before_expire = 0
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when account balance is sufficient' do
--- a/spec/requests/epp/domain/create/default_period_spec.rb
+++ b/spec/requests/epp/domain/create/default_period_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:create', settings: false do
-  let(:request) { post '/epp/command/create', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:contact) { create(:contact, code: 'test') }
  let!(:zone) { create(:zone, origin: 'test') }
@ -37,7 +38,7 @@ RSpec.describe 'EPP domain:create', settings: false do
  before :example do
    travel_to Time.zone.parse('05.07.2010 10:30')
    Setting.days_to_renew_domain_before_expire = 0
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when period is absent' do
--- a/spec/requests/epp/domain/create/optional_nameserver_spec.rb
+++ b/spec/requests/epp/domain/create/optional_nameserver_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:create', settings: false do
-  let(:request) { post '/epp/command/create', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:registrar) { create(:registrar_with_unlimited_balance) }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:contact) { create(:contact, code: 'test') }
@ -17,7 +18,7 @@ RSpec.describe 'EPP domain:create', settings: false do
  before :example do
    travel_to Time.zone.parse('05.07.2010')
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when nameserver is optional' do
--- a/spec/requests/epp/domain/create/period_spec.rb
+++ b/spec/requests/epp/domain/create/period_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:create', settings: false do
-  let(:request) { post '/epp/command/create', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:contact) { create(:contact, code: 'test') }
  let!(:zone) { create(:zone, origin: 'test') }
@ -10,7 +11,7 @@ RSpec.describe 'EPP domain:create', settings: false do
  before :example do
    travel_to Time.zone.parse('05.07.2010 10:30')
    Setting.days_to_renew_domain_before_expire = 0
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when period is 3 months' do
--- a/spec/requests/epp/domain/create/price_spec.rb
+++ b/spec/requests/epp/domain/create/price_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:create', settings: false do
-  let(:request) { post '/epp/command/create', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:contact) { create(:contact, code: 'test') }
  let!(:zone) { create(:zone, origin: 'test') }
@ -30,7 +31,7 @@ RSpec.describe 'EPP domain:create', settings: false do
  before :example do
    travel_to Time.zone.parse('05.07.2010')
    Setting.days_to_renew_domain_before_expire = 0
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when price is present' do
--- a/spec/requests/epp/domain/create/required_nameserver_spec.rb
+++ b/spec/requests/epp/domain/create/required_nameserver_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:create', settings: false do
-  let(:request) { post '/epp/command/create', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:registrar) { create(:registrar_with_unlimited_balance) }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:contact) { create(:contact, code: 'test') }
@ -17,7 +18,7 @@ RSpec.describe 'EPP domain:create', settings: false do
  before :example do
    travel_to Time.zone.parse('05.07.2010')
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when nameserver is required' do
--- a/spec/requests/epp/domain/delete/discarded_spec.rb
+++ b/spec/requests/epp/domain/delete/discarded_spec.rb
@ -1,6 +1,9 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:delete' do
  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request_xml) { <<-XML
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
@ -21,14 +24,14 @@ RSpec.describe 'EPP domain:delete' do
  }
  before :example do
-    sign_in_to_epp_area
+    login_as user
  end
  context 'when domain is not discarded' do
    let!(:domain) { create(:domain, name: 'test.com') }
    it 'returns epp code of 1001' do
-      post '/epp/command/delete', frame: request_xml
+      post '/epp/command/delete', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response).to have_code_of(1001)
    end
  end
@ -37,7 +40,7 @@ RSpec.describe 'EPP domain:delete' do
    let!(:domain) { create(:domain_discarded, name: 'test.com') }
    it 'returns epp code of 2105' do
-      post '/epp/command/delete', frame: request_xml
+      post '/epp/command/delete', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response).to have_code_of(2105)
    end
  end
--- a/spec/requests/epp/domain/renew/account_balance_spec.rb
+++ b/spec/requests/epp/domain/renew/account_balance_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:renew' do
-  let(:request) { post '/epp/command/renew', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:zone) { create(:zone, origin: 'test') }
  let!(:price) { create(:price,
@ -16,7 +17,7 @@ RSpec.describe 'EPP domain:renew' do
  before :example do
    Setting.days_to_renew_domain_before_expire = 0
    travel_to Time.zone.parse('05.07.2010')
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when account balance is sufficient' do
--- a/spec/requests/epp/domain/renew/default_period_spec.rb
+++ b/spec/requests/epp/domain/renew/default_period_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:renew', settings: false do
-  let(:request) { post '/epp/command/renew', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:zone) { create(:zone, origin: 'test') }
  let!(:registrar) { create(:registrar_with_unlimited_balance) }
@ -37,7 +38,7 @@ RSpec.describe 'EPP domain:renew', settings: false do
  before :example do
    travel_to Time.zone.parse('05.07.2010')
    Setting.days_to_renew_domain_before_expire = 0
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when period is absent' do
--- a/spec/requests/epp/domain/renew/expire_time_spec.rb
+++ b/spec/requests/epp/domain/renew/expire_time_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:renew' do
-  let(:request) { post '/epp/command/renew', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:registrar) { create(:registrar_with_unlimited_balance) }
  let!(:zone) { create(:zone, origin: 'test') }
@ -17,7 +18,7 @@ RSpec.describe 'EPP domain:renew' do
  before :example do
    Setting.days_to_renew_domain_before_expire = 0
    travel_to Time.zone.parse('05.07.2010')
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when given expire time and current match' do
--- a/spec/requests/epp/domain/renew/max_expire_time_spec.rb
+++ b/spec/requests/epp/domain/renew/max_expire_time_spec.rb
@ -1,6 +1,7 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:renew' do
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:registrar) { create(:registrar_with_unlimited_balance) }
  let!(:zone) { create(:zone, origin: 'test') }
@ -19,7 +20,7 @@ RSpec.describe 'EPP domain:renew' do
  before :example do
    travel_to Time.zone.parse('05.07.2010')
    Setting.days_to_renew_domain_before_expire = 0
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when domain can be renewed' do
@ -45,12 +46,12 @@ RSpec.describe 'EPP domain:renew' do
    }
    it 'returns epp code of 1000' do
-      post '/epp/command/renew', frame: request_xml
+      post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response_code).to eq('1000')
    end
    it 'returns epp description' do
-      post '/epp/command/renew', frame: request_xml
+      post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response_description).to eq('Command completed successfully')
    end
  end
@ -78,12 +79,12 @@ RSpec.describe 'EPP domain:renew' do
    }
    it 'returns epp code of 2105' do
-      post '/epp/command/renew', frame: request_xml
+      post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response_code).to eq('2105')
    end
    it 'returns epp description' do
-      post '/epp/command/renew', frame: request_xml
+      post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response_description).to eq('Object is not eligible for renewal; ' \
        'Expiration date must be before 2021-07-05')
    end
--- a/spec/requests/epp/domain/renew/period_spec.rb
+++ b/spec/requests/epp/domain/renew/period_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:renew', settings: false do
-  let(:request) { post '/epp/command/renew', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:zone) { create(:zone, origin: 'test') }
  let!(:registrar) { create(:registrar_with_unlimited_balance) }
@ -14,7 +15,7 @@ RSpec.describe 'EPP domain:renew', settings: false do
  before :example do
    travel_to Time.zone.parse('05.07.2010')
    Setting.days_to_renew_domain_before_expire = 0
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when period is 3 months' do
--- a/spec/requests/epp/domain/renew/price_spec.rb
+++ b/spec/requests/epp/domain/renew/price_spec.rb
@ -1,7 +1,8 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:renew', settings: false do
-  let(:request) { post '/epp/command/renew', frame: request_xml }
+  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:user) { create(:api_user_epp, registrar: registrar) }
  let!(:zone) { create(:zone, origin: 'test') }
  let!(:registrar) { create(:registrar_with_unlimited_balance) }
@ -29,7 +30,7 @@ RSpec.describe 'EPP domain:renew', settings: false do
  before :example do
    travel_to Time.zone.parse('05.07.2010')
    Setting.days_to_renew_domain_before_expire = 0
-    sign_in_to_epp_area(user: user)
+    login_as user
  end
  context 'when price is present' do
--- a/spec/requests/epp/domain/transfer/discarded_spec.rb
+++ b/spec/requests/epp/domain/transfer/discarded_spec.rb
@ -1,42 +0,0 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:transfer' do
  let(:request_xml) { <<-XML
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
      <command>
        <transfer op="request">
          <domain:transfer xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
            <domain:name>test.com</domain:name>
            <domain:authInfo>
              <domain:pw>98oiewslkfkd</domain:pw>
            </domain:authInfo>
          </domain:transfer>
        </transfer>
      </command>
    </epp>
  XML
  }
  before :example do
    sign_in_to_epp_area
  end
  context 'when domain is not discarded' do
    let!(:domain) { create(:domain, name: 'test.com') }
    it 'returns epp code of 1000' do
      post '/epp/command/transfer', frame: request_xml
      expect(response).to have_code_of(1000)
    end
  end
  context 'when domain is discarded' do
    let!(:domain) { create(:domain_discarded, name: 'test.com') }
    it 'returns epp code of 2105' do
      post '/epp/command/transfer', frame: request_xml
      expect(response).to have_code_of(2105)
    end
  end
 end
--- a/spec/requests/epp/domain/update/discarded_spec.rb
+++ b/spec/requests/epp/domain/update/discarded_spec.rb
@ -1,6 +1,9 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:update' do
  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request_xml) { <<-XML
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
@ -16,14 +19,14 @@ RSpec.describe 'EPP domain:update' do
  }
  before :example do
-    sign_in_to_epp_area
+    login_as user
  end
  context 'when domain is not discarded' do
    let!(:domain) { create(:domain, name: 'test.com') }
    it 'returns epp code of 1000' do
-      post '/epp/command/update', frame: request_xml
+      post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response).to have_code_of(1000)
    end
  end
@ -32,7 +35,7 @@ RSpec.describe 'EPP domain:update' do
    let!(:domain) { create(:domain_discarded, name: 'test.com') }
    it 'returns epp code of 2105' do
-      post '/epp/command/update', frame: request_xml
+      post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response).to have_code_of(2105)
    end
  end
--- a/spec/requests/epp/domain/update/nameserver_add_spec.rb
+++ b/spec/requests/epp/domain/update/nameserver_add_spec.rb
@ -1,13 +1,16 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:update' do
  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let!(:domain) { create(:domain, name: 'test.com') }
  subject(:response_xml) { Nokogiri::XML(response.body) }
  subject(:response_code) { response_xml.xpath('//xmlns:result').first['code'] }
  subject(:response_description) { response_xml.css('result msg').text }
  before :example do
-    sign_in_to_epp_area
+    login_as user
    allow(Domain).to receive(:nameserver_required?).and_return(false)
    Setting.ns_min_count = 2
@ -37,12 +40,12 @@ RSpec.describe 'EPP domain:update' do
    }
    it 'returns epp code of 2308' do
-      post '/epp/command/update', frame: request_xml
+      post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response_code).to eq('2308'), "Expected EPP code of 2308, got #{response_code} (#{response_description})"
    end
    it 'returns epp description' do
-      post '/epp/command/update', frame: request_xml
+      post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      description = 'Data management policy violation;' \
        " Nameserver count must be between #{Setting.ns_min_count}-#{Setting.ns_max_count}" \
@ -78,12 +81,12 @@ RSpec.describe 'EPP domain:update' do
    }
    it 'returns epp code of 1000' do
-      post '/epp/command/update', frame: request_xml
+      post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response_code).to eq('1000'), "Expected EPP code of 1000, got #{response_code} (#{response_description})"
    end
    it 'removes inactive status' do
-      post '/epp/command/update', frame: request_xml
+      post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      domain = Domain.find_by(name: 'test.com')
      expect(domain.statuses).to_not include(DomainStatus::INACTIVE)
--- a/spec/requests/epp/domain/update/nameserver_remove_spec.rb
+++ b/spec/requests/epp/domain/update/nameserver_remove_spec.rb
@ -1,13 +1,15 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:update' do
  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  subject(:response_xml) { Nokogiri::XML(response.body) }
  subject(:response_code) { response_xml.xpath('//xmlns:result').first['code'] }
  subject(:response_description) { response_xml.css('result msg').text }
  before :example do
-    sign_in_to_epp_area
+    login_as user
    allow(Domain).to receive(:nameserver_required?).and_return(false)
  end
@ -43,12 +45,12 @@ RSpec.describe 'EPP domain:update' do
    end
    it 'returns epp code of 2308' do
-      post '/epp/command/update', frame: request_xml
+      post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response_code).to eq('2308'), "Expected EPP code of 2308, got #{response_code} (#{response_description})"
    end
    it 'returns epp description' do
-      post '/epp/command/update', frame: request_xml
+      post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      description = 'Data management policy violation;' \
      " Nameserver count must be between #{Setting.ns_min_count}-#{Setting.ns_max_count}" \
@ -91,13 +93,13 @@ RSpec.describe 'EPP domain:update' do
    end
    it 'returns epp code of 1000' do
-      post '/epp/command/update', frame: request_xml
+      post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
      expect(response_code).to eq('1000'), "Expected EPP code of 1000, got #{response_code} (#{response_description})"
    end
    describe 'domain' do
      it 'has status of inactive' do
-        post '/epp/command/update', frame: request_xml
+        post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
        domain = Domain.find_by(name: 'test.com')
        expect(domain.statuses).to include(DomainStatus::INACTIVE)
      end
--- a/spec/requests/epp/domain/update/registrant_change/same_as_current_spec.rb
+++ b/spec/requests/epp/domain/update/registrant_change/same_as_current_spec.rb
@ -1,11 +1,14 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:update' do
-  let(:request) { post '/epp/command/update', frame: request_xml }
+  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:domain) { create(:domain, name: 'test.com', registrant: registrant) }
  before :example do
-    sign_in_to_epp_area
+    login_as user
  end
  context 'when registrant change confirmation is enabled' do
--- a/spec/requests/epp/domain/update/registrant_change/verified_spec.rb
+++ b/spec/requests/epp/domain/update/registrant_change/verified_spec.rb
@ -1,13 +1,16 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:update' do
-  let(:request) { post '/epp/command/update', frame: request_xml }
+  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let!(:registrant) { create(:registrant, code: 'old-code') }
  let!(:domain) { create(:domain, name: 'test.com', registrant: registrant) }
  let!(:new_registrant) { create(:registrant, code: 'new-code') }
  before :example do
-    sign_in_to_epp_area
+    login_as user
  end
  context 'when registrant change confirmation is enabled' do
--- a/spec/requests/epp/domain/update/status_spec.rb
+++ b/spec/requests/epp/domain/update/status_spec.rb
@ -1,7 +1,10 @@
 require 'rails_helper'
 RSpec.describe 'EPP domain:update' do
-  let(:request) { post '/epp/command/update', frame: request_xml }
+  let(:registrar) { create(:registrar) }
  let(:user) { create(:api_user_epp, registrar: registrar) }
  let(:session_id) { create(:epp_session, user: user).session_id }
  let(:request) { post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
  let(:request_xml) { <<-XML
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
@ -17,7 +20,7 @@ RSpec.describe 'EPP domain:update' do
  }
  before :example do
-    sign_in_to_epp_area
+    login_as user
  end
  context 'when domain has both SERVER_DELETE_PROHIBITED and PENDING_UPDATE statuses' do
--- a/spec/support/requests/session_helpers.rb
+++ b/spec/support/requests/session_helpers.rb
@ -1,34 +1,5 @@
 module Requests
  module SessionHelpers
    def sign_in_to_epp_area(user: create(:api_user_epp))
      login_xml = "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?>
      <epp xmlns=\"https://epp.tld.ee/schema/epp-ee-1.0.xsd\">
        <command>
          <login>
            <clID>#{user.username}</clID>
            <pw>#{user.password}</pw>
            <options>
              <version>1.0</version>
              <lang>en</lang>
            </options>
            <svcs>
              <objURI>https://epp.tld.ee/schema/domain-eis-1.0.xsd</objURI>
              <objURI>https://epp.tld.ee/schema/contact-ee-1.1.xsd</objURI>
              <objURI>urn:ietf:params:xml:ns:host-1.0</objURI>
              <objURI>urn:ietf:params:xml:ns:keyrelay-1.0</objURI>
              <svcExtension>
                <extURI>urn:ietf:params:xml:ns:secDNS-1.1</extURI>
                <extURI>https://epp.tld.ee/schema/eis-1.0.xsd</extURI>
              </svcExtension>
            </svcs>
          </login>
          <clTRID>ABC-12345</clTRID>
        </command>
      </epp>"
      post '/epp/session/login', frame: login_xml
    end
    def sign_in_to_admin_area(user: create(:admin_user))
      post admin_sessions_path, admin_user: { username: user.username, password: user.password }
    end
--- a/test/fixtures/contacts.yml
+++ b/test/fixtures/contacts.yml
@ -9,6 +9,17 @@ john:
  code: john-001
  auth_info: cacb5b
 william:
  name: William
  email: william@inbox.test
  phone: '+555.555'
  ident: 1234
  ident_type: priv
  ident_country_code: US
  registrar: bestnames
  code: william-001
  auth_info: 6573d0
 jane:
  name: Jane
  email: jane@mail.test
@ -34,5 +45,6 @@ acme_ltd:
 invalid:
  name: any
  code: any
  email: invalid@invalid.test
  auth_info: any
  registrar: bestnames
--- a/test/fixtures/domain_contacts.yml
+++ b/test/fixtures/domain_contacts.yml
@ -3,6 +3,11 @@ shop_jane:
  contact: jane
  type: AdminDomainContact
 shop_william:
  domain: shop
  contact: william
  type: TechDomainContact
 airport_john:
  domain: airport
  contact: john
@ -12,3 +17,13 @@ library_john:
  domain: library
  contact: john
  type: AdminDomainContact
 invalid_invalid_admin:
  domain: invalid
  contact: invalid
  type: AdminDomainContact
 invalid_invalid_tech:
  domain: invalid
  contact: invalid
  type: TechDomainContact
--- a/test/fixtures/domain_transfers.yml
+++ b/test/fixtures/domain_transfers.yml
@ -0,0 +1,7 @@
 shop:
  status: serverApproved
  transfer_requested_at: 2010-07-05
  transferred_at: 2010-07-05
  domain: shop
  old_registrar: bestnames
  new_registrar: goodnames
--- a/test/fixtures/domains.yml
+++ b/test/fixtures/domains.yml
@ -27,3 +27,10 @@ library:
  valid_to: 2010-07-05
  period: 1
  period_unit: m
 invalid:
  name: invalid.test
  transfer_code: any
  valid_to: 2010-07-05
  registrar: bestnames
  registrant: invalid
--- a/test/fixtures/epp_sessions.yml
+++ b/test/fixtures/epp_sessions.yml
@ -1,9 +1,7 @@
 api_bestnames:
-  session_id: 1
+  session_id: api_bestnames
-  registrar: bestnames
+  user: api_bestnames
  data: <%= Base64.encode64(Marshal.dump({api_user_id: ActiveRecord::Fixtures.identify(:api_bestnames)})) %>
 api_goodnames:
-  session_id: 2
+  session_id: api_goodnames
-  registrar: goodnames
+  user: api_goodnames
  data: <%= Base64.encode64(Marshal.dump({api_user_id: ActiveRecord::Fixtures.identify(:api_goodnames)})) %>
--- a/test/fixtures/messages.yml
+++ b/test/fixtures/messages.yml
@ -0,0 +1,4 @@
 greeting:
  body: Welcome!
  queued: true
  registrar: bestnames
--- a/test/integration/api/domain_transfers_test.rb
+++ b/test/integration/api/domain_transfers_test.rb
@ -1,13 +1,57 @@
 require 'test_helper'
 class APIDomainTransfersTest < ActionDispatch::IntegrationTest
-  def test_transfers_domain
+  def setup
-    request_params = { format: :json,
+    @domain = domains(:shop)
-                       data: { domainTransfers: [{ domainName: 'shop.test', transferCode: '65078d5' }] } }
+    Setting.transfer_wait_time = 0 # Auto-approval
  end
  def test_returns_domain_transfers
    post '/repp/v1/domain_transfers', request_params, { 'HTTP_AUTHORIZATION' => http_auth_key }
-    assert_response 204
+    assert_response 200
-    assert_equal registrars(:goodnames), domains(:shop).registrar
+    assert_equal ({ data: [{
-    assert_empty response.body
+                             type: 'domain_transfer'
                           }] }),
                 JSON.parse(response.body, symbolize_names: true)
  end
  def test_creates_new_domain_transfer
    assert_difference -> { @domain.transfers.size } do
      post '/repp/v1/domain_transfers', request_params, { 'HTTP_AUTHORIZATION' => http_auth_key }
    end
  end
  def test_approves_automatically_if_auto_approval_is_enabled
    post '/repp/v1/domain_transfers', request_params, { 'HTTP_AUTHORIZATION' => http_auth_key }
    assert @domain.transfers.last.approved?
  end
  def test_changes_registrar
    post '/repp/v1/domain_transfers', request_params, { 'HTTP_AUTHORIZATION' => http_auth_key }
    @domain.reload
    assert_equal registrars(:goodnames), @domain.registrar
  end
  def test_regenerates_transfer_code
    @old_transfer_code = @domain.transfer_code
    post '/repp/v1/domain_transfers', request_params, { 'HTTP_AUTHORIZATION' => http_auth_key }
    @domain.reload
    refute_equal @domain.transfer_code, @old_transfer_code
  end
  def test_notifies_old_registrar
    @old_registrar = @domain.registrar
    assert_difference -> { @old_registrar.messages.count } do
      post '/repp/v1/domain_transfers', request_params, { 'HTTP_AUTHORIZATION' => http_auth_key }
    end
  end
  def test_duplicates_registrant_admin_and_tech_contacts
    assert_difference 'Contact.count', 3 do
      post '/repp/v1/domain_transfers', request_params, { 'HTTP_AUTHORIZATION' => http_auth_key }
    end
  end
  def test_fails_if_domain_does_not_exist
@ -24,13 +68,18 @@ class APIDomainTransfersTest < ActionDispatch::IntegrationTest
                       data: { domainTransfers: [{ domainName: 'shop.test', transferCode: 'wrong' }] } }
    post '/repp/v1/domain_transfers', request_params, { 'HTTP_AUTHORIZATION' => http_auth_key }
    assert_response 400
-    refute_equal registrars(:goodnames), domains(:shop).registrar
+    refute_equal registrars(:goodnames), @domain.registrar
    assert_equal ({ errors: [{ title: 'shop.test transfer code is wrong' }] }),
                 JSON.parse(response.body, symbolize_names: true)
  end
  private
  def request_params
    { format: :json,
      data: { domainTransfers: [{ domainName: 'shop.test', transferCode: '65078d5' }] } }
  end
  def http_auth_key
    ActionController::HttpAuthentication::Basic.encode_credentials('test_goodnames', 'testtest')
  end
--- a/test/integration/epp/domain/create/transfer_code_test.rb
+++ b/test/integration/epp/domain/create/transfer_code_test.rb
@ -3,7 +3,6 @@ require 'test_helper'
 class EppDomainCreateTransferCodeTest < ActionDispatch::IntegrationTest
  def setup
    travel_to Time.zone.parse('2010-07-05')
    login_as users(:api_bestnames)
  end
  def test_generates_default
@ -27,9 +26,10 @@ class EppDomainCreateTransferCodeTest < ActionDispatch::IntegrationTest
      </epp>
    XML
-    session_id = epp_sessions(:api_bestnames).session_id
+    post '/epp/command/create', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    post '/epp/command/create', { frame: request_xml }, { 'HTTP_COOKIE' => "session=#{session_id}" }
    refute_empty Domain.find_by(name: 'brandnew.test').transfer_code
    assert_equal '1000', Nokogiri::XML(response.body).at_css('result')[:code]
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
  def test_honors_custom
@ -56,8 +56,9 @@ class EppDomainCreateTransferCodeTest < ActionDispatch::IntegrationTest
      </epp>
    XML
-    session_id = epp_sessions(:api_bestnames).session_id
+    post '/epp/command/create', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    post '/epp/command/create', { frame: request_xml }, { 'HTTP_COOKIE' => "session=#{session_id}" }
    assert_equal '1058ad73', Domain.find_by(name: 'brandnew.test').transfer_code
    assert_equal '1000', Nokogiri::XML(response.body).at_css('result')[:code]
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
 end
--- a/test/integration/epp/domain/domain_delete_test.rb
+++ b/test/integration/epp/domain/domain_delete_test.rb
@ -0,0 +1,28 @@
 require 'test_helper'
 class EppDomainDeleteTest < ActionDispatch::IntegrationTest
  def test_bypasses_domain_and_registrant_and_contacts_validation
    request_xml = <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <delete>
            <domain:delete xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
              <domain:name>invalid.test</domain:name>
            </domain:delete>
          </delete>
          <extension>
            <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
              <eis:legalDocument type="pdf">dGVzdCBmYWlsCg==</eis:legalDocument>
            </eis:extdata>
          </extension>
        </command>
      </epp>
    XML
    post '/epp/command/delete', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    assert_includes Domain.find_by(name: 'invalid.test').statuses, DomainStatus::PENDING_DELETE_CONFIRMATION
    assert_equal '1001', Nokogiri::XML(response.body).at_css('result')[:code]
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
 end
--- a/test/integration/epp/domain/transfer/transfer_code_test.rb
+++ b/test/integration/epp/domain/transfer/transfer_code_test.rb
@ -1,20 +1,16 @@
 require 'test_helper'
-class EppDomainTransferTransferCodeTest < ActionDispatch::IntegrationTest
+class EppDomainTransferBaseTest < ActionDispatch::IntegrationTest
-  def setup
+  def test_non_existent_domain
    login_as users(:api_goodnames)
  end
  def test_wrong
    request_xml = <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <transfer op="request">
            <domain:transfer xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
-              <domain:name>shop.test</domain:name>
+              <domain:name>non-existent.test</domain:name>
              <domain:authInfo>
-                <domain:pw>wrong</domain:pw>
+                <domain:pw>any</domain:pw>
              </domain:authInfo>
            </domain:transfer>
          </transfer>
@ -22,9 +18,7 @@ class EppDomainTransferTransferCodeTest < ActionDispatch::IntegrationTest
      </epp>
    XML
-    session_id = epp_sessions(:api_goodnames).session_id
+    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
-    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => "session=#{session_id}" }
+    assert_equal '2303', Nokogiri::XML(response.body).at_css('result')[:code]
    refute_equal registrars(:goodnames), domains(:shop).registrar
    assert Nokogiri::XML(response.body).at_css('result[code="2201"]')
  end
 end
--- a/test/integration/epp/domain/transfer/domain_transfer_test.rb
+++ b/test/integration/epp/domain/transfer/domain_transfer_test.rb
@ -1,53 +0,0 @@
 require 'test_helper'
 class EppDomainTransferTest < ActionDispatch::IntegrationTest
  def setup
    login_as users(:api_goodnames)
  end
  def test_successfully_transfers_domain
    request_xml = <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <transfer op="request">
            <domain:transfer xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
              <domain:name>shop.test</domain:name>
              <domain:authInfo>
                <domain:pw>65078d5</domain:pw>
              </domain:authInfo>
            </domain:transfer>
          </transfer>
        </command>
      </epp>
    XML
    session_id = epp_sessions(:api_goodnames).session_id
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => "session=#{session_id}" }
    assert_equal registrars(:goodnames), domains(:shop).registrar
    assert Nokogiri::XML(response.body).at_css('result[code="1000"]')
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
  def test_non_existent_domain
    request_xml = <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <transfer op="request">
            <domain:transfer xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
              <domain:name>non-existent.test</domain:name>
              <domain:authInfo>
                <domain:pw>any</domain:pw>
              </domain:authInfo>
            </domain:transfer>
          </transfer>
        </command>
      </epp>
    XML
    session_id = epp_sessions(:api_goodnames).session_id
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => "session=#{session_id}" }
    assert Nokogiri::XML(response.body).at_css('result[code="2303"]')
  end
 end
--- a/test/integration/epp/domain/transfer/query_test.rb
+++ b/test/integration/epp/domain/transfer/query_test.rb
@ -0,0 +1,61 @@
 require 'test_helper'
 class EppDomainTransferQueryTest < ActionDispatch::IntegrationTest
  def test_returns_domain_transfer_details
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    xml_doc = Nokogiri::XML(response.body)
    assert_equal '1000', xml_doc.at_css('result')[:code]
    assert_equal 1, xml_doc.css('result').size
    assert_equal 'shop.test', xml_doc.xpath('//domain:name', 'domain' => 'https://epp.tld.ee/schema/domain-eis-1.0.xsd').text
    assert_equal 'serverApproved', xml_doc.xpath('//domain:trStatus', 'domain' => 'https://epp.tld.ee/schema/domain-eis-1.0.xsd').text
    assert_equal 'goodnames', xml_doc.xpath('//domain:reID', 'domain' => 'https://epp.tld.ee/schema/domain-eis-1.0.xsd').text
    assert_equal 'bestnames', xml_doc.xpath('//domain:acID', 'domain' => 'https://epp.tld.ee/schema/domain-eis-1.0.xsd').text
  end
  def test_wrong_transfer_code
    request_xml = <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <transfer op="query">
            <domain:transfer xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
              <domain:name>shop.test</domain:name>
              <domain:authInfo>
                <domain:pw>wrong</domain:pw>
              </domain:authInfo>
            </domain:transfer>
          </transfer>
        </command>
      </epp>
    XML
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    assert_equal '2201', Nokogiri::XML(response.body).at_css('result')[:code]
  end
  def test_no_domain_transfer
    domains(:shop).transfers.delete_all
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    assert_equal '2303', Nokogiri::XML(response.body).at_css('result')[:code]
  end
  private
  def request_xml
    <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <transfer op="query">
            <domain:transfer xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
              <domain:name>shop.test</domain:name>
              <domain:authInfo>
                <domain:pw>65078d5</domain:pw>
              </domain:authInfo>
            </domain:transfer>
          </transfer>
        </command>
      </epp>
    XML
  end
 end
--- a/test/integration/epp/domain/transfer/request_test.rb
+++ b/test/integration/epp/domain/transfer/request_test.rb
@ -0,0 +1,137 @@
 require 'test_helper'
 class EppDomainTransferRequestTest < ActionDispatch::IntegrationTest
  def setup
    @domain = domains(:shop)
    Setting.transfer_wait_time = 0
  end
  def test_transfers_domain_at_once
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    assert_equal '1000', Nokogiri::XML(response.body).at_css('result')[:code]
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
  def test_creates_new_domain_transfer
    assert_difference -> { @domain.transfers.size } do
      post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    end
  end
  def test_approves_automatically_if_auto_approval_is_enabled
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    assert_equal 'serverApproved', Nokogiri::XML(response.body).xpath('//domain:trStatus', 'domain' =>
      'https://epp.tld.ee/schema/domain-eis-1.0.xsd').text
  end
  def test_changes_registrar
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    @domain.reload
    assert_equal registrars(:goodnames), @domain.registrar
  end
  def test_regenerates_transfer_code
    @old_transfer_code = @domain.transfer_code
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    @domain.reload
    refute_equal @domain.transfer_code, @old_transfer_code
  end
  def test_notifies_old_registrar
    @old_registrar = @domain.registrar
    assert_difference -> { @old_registrar.messages.count } do
      post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    end
  end
  def test_duplicates_registrant_admin_and_tech_contacts
    assert_difference 'Contact.count', 3 do
      post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    end
  end
  def test_saves_legal_document
    assert_difference -> { @domain.legal_documents(true).size } do
      post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    end
  end
  def test_non_transferable_domain
    @domain.update!(statuses: [DomainStatus::SERVER_TRANSFER_PROHIBITED])
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    domains(:shop).reload
    assert_equal registrars(:bestnames), domains(:shop).registrar
    assert_equal '2304', Nokogiri::XML(response.body).at_css('result')[:code]
  end
  def test_discarded_domain
    @domain.update!(statuses: [DomainStatus::DELETE_CANDIDATE])
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    @domain.reload
    assert_equal registrars(:bestnames), @domain.registrar
    assert_equal '2105', Nokogiri::XML(response.body).at_css('result')[:code]
  end
  def test_same_registrar
    assert_no_difference -> { @domain.transfers.size } do
      post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    end
    assert_equal '2002', Nokogiri::XML(response.body).at_css('result')[:code]
  end
  def test_wrong_transfer_code
    request_xml = <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <transfer op="request">
            <domain:transfer xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
              <domain:name>shop.test</domain:name>
              <domain:authInfo>
                <domain:pw>wrong</domain:pw>
              </domain:authInfo>
            </domain:transfer>
          </transfer>
        </command>
      </epp>
    XML
    post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
    @domain.reload
    refute_equal registrars(:goodnames), @domain.registrar
    assert_equal '2201', Nokogiri::XML(response.body).at_css('result')[:code]
  end
  private
  def request_xml
    <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <transfer op="request">
            <domain:transfer xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
              <domain:name>shop.test</domain:name>
              <domain:authInfo>
                <domain:pw>65078d5</domain:pw>
              </domain:authInfo>
            </domain:transfer>
          </transfer>
          <extension>
            <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
              <eis:legalDocument type="pdf">test</eis:legalDocument>
            </eis:extdata>
          </extension>
        </command>
      </epp>
    XML
  end
 end
--- a/test/integration/epp/domain/update/transfer_code_test.rb
+++ b/test/integration/epp/domain/update/transfer_code_test.rb
@ -1,10 +1,6 @@
 require 'test_helper'
 class EppDomainUpdateTest < ActionDispatch::IntegrationTest
  def setup
    login_as users(:api_bestnames)
  end
  def test_overwrites_existing
    request_xml = <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
@ -24,8 +20,9 @@ class EppDomainUpdateTest < ActionDispatch::IntegrationTest
      </epp>
    XML
-    session_id = epp_sessions(:api_bestnames).session_id
+    post '/epp/command/update', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    post '/epp/command/update', { frame: request_xml }, { 'HTTP_COOKIE' => "session=#{session_id}" }
    assert_equal 'f0ff7d17b0', domains(:shop).transfer_code
    assert_equal '1000', Nokogiri::XML(response.body).at_css('result')[:code]
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
 end
--- a/test/integration/epp/login/credentials_test.rb
+++ b/test/integration/epp/login/credentials_test.rb
@ -0,0 +1,64 @@
 require 'test_helper'
 class EppLoginCredentialsTest < ActionDispatch::IntegrationTest
  def test_correct_credentials
    request_xml = <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <login>
            <clID>test_bestnames</clID>
            <pw>testtest</pw>
            <options>
              <version>1.0</version>
              <lang>en</lang>
            </options>
            <svcs>
              <objURI>https://epp.tld.ee/schema/domain-eis-1.0.xsd</objURI>
              <objURI>https://epp.tld.ee/schema/contact-ee-1.1.xsd</objURI>
              <objURI>urn:ietf:params:xml:ns:host-1.0</objURI>
              <objURI>urn:ietf:params:xml:ns:keyrelay-1.0</objURI>
            </svcs>
          </login>
        </command>
      </epp>
    XML
    post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
    assert EppSession.find_by(session_id: 'new_session_id')
    assert_equal users(:api_bestnames), EppSession.find_by(session_id: 'new_session_id').user
    assert Nokogiri::XML(response.body).at_css('result[code="1000"]')
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
  def test_already_logged_in
    assert true # Handled by mod_epp
  end
  def test_wrong_credentials
    request_xml = <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <login>
            <clID>non-existent</clID>
            <pw>valid-but-wrong</pw>
            <options>
              <version>1.0</version>
              <lang>en</lang>
            </options>
            <svcs>
              <objURI>https://epp.tld.ee/schema/domain-eis-1.0.xsd</objURI>
              <objURI>https://epp.tld.ee/schema/contact-ee-1.1.xsd</objURI>
              <objURI>urn:ietf:params:xml:ns:host-1.0</objURI>
              <objURI>urn:ietf:params:xml:ns:keyrelay-1.0</objURI>
            </svcs>
          </login>
        </command>
      </epp>
    XML
    post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=any_random_string' }
    assert Nokogiri::XML(response.body).at_css('result[code="2501"]')
  end
 end
--- a/test/integration/epp/login/session_limit_test.rb
+++ b/test/integration/epp/login/session_limit_test.rb
@ -0,0 +1,63 @@
 require 'test_helper'
 class EppLoginSessionLimitTest < ActionDispatch::IntegrationTest
  def setup
    travel_to Time.zone.parse('2010-07-05')
    EppSession.delete_all
  end
  def test_not_reached
    (EppSession.limit_per_registrar - 1).times do
      EppSession.create!(session_id: SecureRandom.hex,
                         user: users(:api_bestnames),
                         updated_at: Time.zone.parse('2010-07-05'))
    end
    assert_difference 'EppSession.count' do
      post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
    end
    assert Nokogiri::XML(response.body).at_css('result[code="1000"]')
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
  def test_reached
    EppSession.limit_per_registrar.times do
      EppSession.create!(session_id: SecureRandom.hex,
                         user: users(:api_bestnames),
                         updated_at: Time.zone.parse('2010-07-05'))
    end
    assert_no_difference 'EppSession.count' do
      post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
    end
    assert Nokogiri::XML(response.body).at_css('result[code="2501"]')
  end
  private
  def request_xml
    <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <login>
            <clID>test_bestnames</clID>
            <pw>testtest</pw>
            <options>
              <version>1.0</version>
              <lang>en</lang>
            </options>
            <svcs>
              <objURI>https://epp.tld.ee/schema/domain-eis-1.0.xsd</objURI>
              <objURI>https://epp.tld.ee/schema/contact-ee-1.1.xsd</objURI>
              <objURI>urn:ietf:params:xml:ns:host-1.0</objURI>
              <objURI>urn:ietf:params:xml:ns:keyrelay-1.0</objURI>
            </svcs>
          </login>
        </command>
      </epp>
    XML
  end
 end
--- a/test/integration/epp/logout_test.rb
+++ b/test/integration/epp/logout_test.rb
@ -0,0 +1,37 @@
 require 'test_helper'
 class EppLogoutTest < ActionDispatch::IntegrationTest
  def test_success_response
    post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    assert Nokogiri::XML(response.body).at_css('result[code="1500"]')
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
  def test_ends_current_session
    post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    assert_nil EppSession.find_by(session_id: 'api_bestnames')
  end
  def test_keeps_other_sessions_intact
    post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    assert EppSession.find_by(session_id: 'api_goodnames')
  end
  def test_anonymous_user
    post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=non-existent' }
    assert Nokogiri::XML(response.body).at_css('result[code="2201"]')
  end
  private
  def request_xml
    <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <logout/>
        </command>
      </epp>
    XML
  end
 end
--- a/test/integration/epp/poll_test.rb
+++ b/test/integration/epp/poll_test.rb
@ -0,0 +1,30 @@
 require 'test_helper'
 class EppPollTest < ActionDispatch::IntegrationTest
  def test_messages
    post '/epp/command/poll', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    assert_equal '1301', Nokogiri::XML(response.body).at_css('result')[:code]
    assert_equal 1, Nokogiri::XML(response.body).css('msgQ').size
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
  def test_no_messages
    registrars(:bestnames).messages.delete_all(:delete_all)
    post '/epp/command/poll', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
    assert_equal '1300', Nokogiri::XML(response.body).at_css('result')[:code]
    assert_equal 1, Nokogiri::XML(response.body).css('result').size
  end
  private
  def request_xml
    <<-XML
      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
        <command>
          <poll op="req"/>
        </command>
      </epp>
    XML
  end
 end
--- a/test/integration/registrar/domains_test.rb
+++ b/test/integration/registrar/domains_test.rb
@ -9,6 +9,7 @@ class RegistrarDomainsTest < ActionDispatch::IntegrationTest
      Domain,Transfer code,Registrant name,Registrant code,Date of expiry
      library.test,45118f5,Acme Ltd,acme-ltd-001,2010-07-05
      shop.test,65078d5,John,john-001,2010-07-05
      invalid.test,any,any,any,2010-07-05
      airport.test,55438j5,John,john-001,2010-07-05
    CSV
--- a/test/models/contact/contact_test.rb
+++ b/test/models/contact/contact_test.rb
@ -5,7 +5,7 @@ class ContactTest < ActiveSupport::TestCase
    @contact = contacts(:john)
  end
-  def test_validates
+  def test_valid_fixture_is_valid
    assert @contact.valid?
  end
--- a/test/models/domain/domain_test.rb
+++ b/test/models/domain/domain_test.rb
@ -5,7 +5,11 @@ class DomainTest < ActiveSupport::TestCase
    @domain = domains(:shop)
  end
-  def test_validates
+  def test_valid_fixture_is_valid
    assert @domain.valid?
  end
  def test_invalid_fixture_is_invalid
    assert domains(:invalid).invalid?
  end
 end
--- a/test/models/domain/domain_transfer_test.rb
+++ b/test/models/domain/domain_transfer_test.rb
@ -1,6 +1,6 @@
 require 'test_helper'
-class DomainTransferTest < ActiveSupport::TestCase
+class DomainTransferableTest < ActiveSupport::TestCase
  def setup
    @domain = domains(:shop)
    @new_registrar = registrars(:goodnames)
@ -45,22 +45,4 @@ class DomainTransferTest < ActiveSupport::TestCase
    @domain.transfer(@new_registrar)
    refute_same old_transfer_code, @domain.transfer_code
  end
  def test_creates_domain_transfer
    assert_difference 'DomainTransfer.count' do
      @domain.transfer(@new_registrar)
    end
  end
  def test_creates_message
    assert_difference 'Message.count' do
      @domain.transfer(@new_registrar)
    end
  end
  def test_copies_contacts
    assert_difference 'Contact.count', 2 do
      @domain.transfer(@new_registrar)
    end
  end
 end
--- a/test/models/domain_transfer_test.rb
+++ b/test/models/domain_transfer_test.rb
@ -0,0 +1,32 @@
 require 'test_helper'
 class DomainTransferTest < ActiveSupport::TestCase
  def setup
    @domain_transfer = domain_transfers(:shop)
  end
  def test_approval
    @domain_transfer.approve
    @domain_transfer.reload
    assert @domain_transfer.approved?
  end
  def test_notifies_old_registrar_on_approval
    old_registrar = @domain_transfer.old_registrar
    assert_difference -> { old_registrar.messages.count } do
      @domain_transfer.approve
    end
    body = 'Transfer of domain shop.test has been approved.' \
      ' It was associated with registrant john-001' \
      ' and contacts jane-001, william-001.'
    id = @domain_transfer.id
    class_name = @domain_transfer.class.name
    message = old_registrar.messages.last
    assert_equal body, message.body
    assert_equal id, message.attached_obj_id
    assert_equal class_name, message.attached_obj_type
  end
 end
--- a/test/models/epp_session_test.rb
+++ b/test/models/epp_session_test.rb
@ -0,0 +1,63 @@
 require 'test_helper'
 class EppSessionTest < ActiveSupport::TestCase
  def setup
    @epp_session = epp_sessions(:api_bestnames)
  end
  def test_valid
    assert @epp_session.valid?
  end
  def test_invalid_without_session_id
    @epp_session.session_id = nil
    @epp_session.validate
    assert @epp_session.invalid?
  end
  def test_invalid_without_user
    @epp_session.user = nil
    @epp_session.validate
    assert @epp_session.invalid?
  end
  def test_invalid_if_persisted_record_with_the_same_session_id_exists
    epp_session = EppSession.new(session_id: @epp_session.session_id, user: @epp_session.user)
    epp_session.validate
    assert epp_session.invalid?
  end
  # Having session_id constraints at the database level is crucial
  def test_database_session_id_unique_constraint
    epp_session = EppSession.new(session_id: @epp_session.session_id, user: @epp_session.user)
    assert_raises ActiveRecord::RecordNotUnique do
      epp_session.save(validate: false)
    end
  end
  def test_database_session_id_not_null_constraint
    @epp_session.session_id = nil
    assert_raises ActiveRecord::StatementInvalid do
      @epp_session.save(validate: false)
    end
  end
  def test_limit_per_registrar
    assert_equal 4, EppSession.limit_per_registrar
  end
  def test_limit_is_per_registrar
    travel_to Time.zone.parse('2010-07-05')
    EppSession.delete_all
    EppSession.limit_per_registrar.times do
      EppSession.create!(session_id: SecureRandom.hex,
                         user: users(:api_goodnames),
                         updated_at: Time.zone.parse('2010-07-05'))
    end
    refute EppSession.limit_reached?(registrars(:bestnames))
  end
 end
--- a/test/models/message_test.rb
+++ b/test/models/message_test.rb
@ -0,0 +1,21 @@
 require 'test_helper'
 class MessageTest < ActiveSupport::TestCase
  def setup
    @message = messages(:greeting)
  end
  def test_valid
    assert @message.valid?
  end
  def test_invalid_without_body
    @message.body = nil
    assert @message.invalid?
  end
  def test_invalid_without_registrar
    @message.registrar = nil
    assert @message.invalid?
  end
 end