From 204629a62b18f62226c10f79a2d16114e7551cda Mon Sep 17 00:00:00 2001
From: olegphenomenon <oleg.hasjanov@eestiinternet.ee>
Date: Mon, 28 Mar 2022 16:35:45 +0300
Subject: [PATCH] change acceptable tokens

---
 app/controllers/eis_billing/base_controller.rb | 16 +++++++++-------
 app/services/eis_billing/base.rb               |  2 +-
 config/application.yml.sample                  |  6 ++++--
 3 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/app/controllers/eis_billing/base_controller.rb b/app/controllers/eis_billing/base_controller.rb
index aa30f2fcb..f5156b1bd 100644
--- a/app/controllers/eis_billing/base_controller.rb
+++ b/app/controllers/eis_billing/base_controller.rb
@@ -6,6 +6,8 @@ module EisBilling
     before_action :persistent
     before_action :authorized
 
+    INITIATOR = 'billing'.freeze
+
     def encode_token(payload)
       JWT.encode(payload, ENV['secret_word'])
     end
@@ -19,7 +21,7 @@ module EisBilling
       if auth_header
         token = auth_header.split(' ')[1]
         begin
-          JWT.decode(token, ENV['secret_word'], true, algorithm: 'HS256')
+          JWT.decode(token, billing_secret_key, true, algorithm: 'HS256')
         rescue JWT::DecodeError
           nil
         end
@@ -27,9 +29,9 @@ module EisBilling
     end
 
     def accessable_service
-      if decoded_token
-        decoded_token[0]['data'] == ENV['secret_access_word']
-      end
+      return decoded_token[0]['initiator'] == INITIATOR if decoded_token
+
+      false
     end
 
     def logged_in?
@@ -40,12 +42,12 @@ module EisBilling
       render json: { message: 'Access denied' }, status: :unauthorized unless logged_in?
     end
 
-    def logger
-      Rails.logger
+    def billing_secret_key
+      Rails.application.credentials.config[:billing_secret]
     end
 
     def logger
-      @logger ||= Rails.logger
+      Rails.logger
     end
 
     def persistent
diff --git a/app/services/eis_billing/base.rb b/app/services/eis_billing/base.rb
index 87ac27b84..0358f9d99 100644
--- a/app/services/eis_billing/base.rb
+++ b/app/services/eis_billing/base.rb
@@ -7,7 +7,7 @@ module EisBilling
       uri = URI(url)
       http = Net::HTTP.new(uri.host, uri.port)
 
-      unless Rails.env.development? || Rails.env.test?
+      if Rails.env.production?
         http.use_ssl = true
         http.verify_mode = OpenSSL::SSL::VERIFY_NONE
       end
diff --git a/config/application.yml.sample b/config/application.yml.sample
index 19418c19b..812e491f9 100644
--- a/config/application.yml.sample
+++ b/config/application.yml.sample
@@ -235,8 +235,10 @@ registry_demo_accredited_users_url: 'http://registry.test/api/v1/accreditation_c
 a_and_aaaa_validation_timeout: '1'
 nameserver_validation_timeout: '1'
 
-eis_billing_system_base_url_dev: 'http://eis_billing_system:3000'
-eis_billing_system_base_url_staging: 'https://st-billing.infra.tld.ee'
+eis_billing_system_base_url: 'http://eis_billing_system:3000'
+
 secret_access_word: 'please-Give-Me-accesS'
 secret_word: 'this-secret-should-be-change'
 billing_system_integrated: 'true'
+allow_accr_endspoints: 'true'
+