Merge remote-tracking branch 'origin/master' into 1422-record-payment-method-and-failed-payments

CHANGELOG.md

@@ -1,3 +1,11 @@
+04.02.2020
+* Fixed bug that allowed bypassing blocked domain validation using punycode [#1142](https://github.com/internetee/registry/issues/1142)
+* SimpleIDN gem update to 0.0.9 [#1508](https://github.com/internetee/registry/pull/1508)
+
+31.01.2020
+* Instant payments marks specific invoice as paid [#1500](https://github.com/internetee/registry/issues/1500)
+* Sending invoice payment date to accounting [#1416](https://github.com/internetee/registry/issues/1416)
+
 29.01.2020
 * Fixed the invoice binding bug where process failed if registrar tried to load a sum that they have used before [#1496](https://github.com/internetee/registry/issues/1496)
 

Gemfile

@@ -37,7 +37,7 @@ gem 'grape'
 
 # registry specfic
 gem 'isikukood' # for EE-id validation
-gem 'simpleidn', '0.0.7' # For punycode
+gem 'simpleidn', '0.0.9' # For punycode
 gem 'money-rails'
 gem 'data_migrate'
 gem 'whenever', '0.9.4', require: false

Gemfile.lock

@@ -382,7 +382,7 @@ GEM
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    simpleidn (0.0.7)
+    simpleidn (0.0.9)
     sinatra (2.0.7)
       mustermann (~> 1.0)
       rack (~> 2.0)
@@ -491,7 +491,7 @@ DEPENDENCIES
   select2-rails (= 3.5.9.3)
   selectize-rails (= 0.12.1)
   simplecov
-  simpleidn (= 0.0.7)
+  simpleidn (= 0.0.9)
   uglifier
   validates_email_format_of (= 1.6.3)
   webdrivers

app/models/directo.rb

@@ -22,14 +22,16 @@ class Directo < ApplicationRecord
             counter += 1
 
             num     = invoice.number
+            paid_at = invoice.account_activity.bank_transaction&.paid_at&.strftime("%Y-%m-%d")
             mappers[num] = invoice
             xml.invoice(
-                "SalesAgent"  => Setting.directo_sales_agent,
-                "Number"      => num,
-                "InvoiceDate" => invoice.issue_date.strftime("%Y-%m-%d"),
-                "PaymentTerm" => Setting.directo_receipt_payment_term,
-                "Currency"    => invoice.currency,
-                "CustomerCode"=> invoice.buyer.accounting_customer_code
+              "SalesAgent"  => Setting.directo_sales_agent,
+              "Number"      => num,
+              "InvoiceDate" => invoice.issue_date.strftime("%Y-%m-%d"),
+              'TransactionDate' => paid_at,
+              "PaymentTerm" => Setting.directo_receipt_payment_term,
+              "Currency"    => invoice.currency,
+              "CustomerCode"=> invoice.buyer.accounting_customer_code
             ){
               xml.line(
                   "ProductID"      => Setting.directo_receipt_product_name,

app/models/dns/domain_name.rb

@@ -60,7 +60,8 @@ module DNS
     end
 
     def blocked?
-      BlockedDomain.where(name: name).any?
+      BlockedDomain.where(name: name).any? ||
+        BlockedDomain.where(name: SimpleIDN.to_unicode(name)).any?
     end
 
     def reserved?

app/validators/domain_name_validator.rb

@@ -33,7 +33,9 @@ class DomainNameValidator < ActiveModel::EachValidator
 
     def validate_blocked(value)
       return true unless value
-      return false if BlockedDomain.where(name: value).count.positive?
+      return false if BlockedDomain.where(name: value).any?
+      return false if BlockedDomain.where(name: SimpleIDN.to_unicode(value)).any?
+
       DNS::Zone.where(origin: value).count.zero?
     end
   end

test/fixtures/blocked_domains.yml

@@ -1,2 +1,4 @@
 one:
   name: blocked.test
+idn:
+  name: blockedäöüõ.test

test/integration/epp/domain/create/base_test.rb

@@ -144,6 +144,36 @@ class EppDomainCreateBaseTest < EppTestCase
     assert_epp_response :data_management_policy_violation
   end
 
+  def test_blocked_punicode_domain_cannot_be_registered
+    blocked_domain = 'blockedäöüõ.test'
+    assert BlockedDomain.find_by(name: blocked_domain)
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <create>
+            <domain:create xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+              <domain:name>#{SimpleIDN.to_ascii('blockedäöüõ.test')}</domain:name>
+              <domain:registrant>#{contacts(:john).code}</domain:registrant>
+            </domain:create>
+          </create>
+          <extension>
+            <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
+            </eis:extdata>
+          </extension>
+        </command>
+      </epp>
+    XML
+
+    assert_no_difference 'Domain.count' do
+      post epp_create_path, params: { frame: request_xml },
+           headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+    end
+    assert_epp_response :data_management_policy_violation
+  end
+
   def test_reserved_domain_cannot_be_registered_with_wrong_registration_code
     request_xml = <<-XML
       <?xml version="1.0" encoding="UTF-8" standalone="no"?>

test/models/directo_test.rb

@@ -0,0 +1,20 @@
+require 'test_helper'
+
+class DirectoTest < ActiveSupport::TestCase
+  setup do
+    @invoice = invoices(:one)
+  end
+
+  def test_xml_is_include_transaction_date
+    @invoice.update(total: @invoice.account_activity.bank_transaction.sum)
+    @invoice.account_activity.bank_transaction.update(paid_at: Time.zone.now)
+
+    stub_request(:post, ENV['directo_invoice_url']).with do |request|
+      request.body.include? 'TransactionDate'
+    end
+
+    assert_nothing_raised do
+      Directo.send_receipts
+    end
+  end
+end

test/models/dns/domain_name_test.rb

@@ -131,7 +131,10 @@ class DNS::DomainNameTest < ActiveSupport::TestCase
 
   def test_blocked
     assert_equal 'blocked.test', blocked_domains(:one).name
+    assert_equal 'blockedäöüõ.test', blocked_domains(:idn).name
     assert DNS::DomainName.new('blocked.test').blocked?
+    assert DNS::DomainName.new('blockedäöüõ.test').blocked?
+    assert DNS::DomainName.new(SimpleIDN.to_ascii('blockedäöüõ.test')).blocked?
     assert_not DNS::DomainName.new('nonblocked .test').blocked?
   end