Merge branch 'master' of github.com:domify/registry

app/controllers/admin/white_ips_controller.rb

@@ -0,0 +1,56 @@
+class Admin::WhiteIpsController < AdminController
+  load_and_authorize_resource
+
+  before_action :set_registrar, only: [:new, :show, :edit, :destroy, :update]
+
+  def new
+    @white_ip = WhiteIp.new(registrar: @registrar)
+  end
+
+  def show; end
+
+  def edit; end
+
+  def destroy
+    if @white_ip.destroy
+      flash[:notice] = I18n.t('record_deleted')
+      redirect_to admin_registrar_path(@registrar)
+    else
+      flash.now[:alert] = I18n.t('failed_to_delete_record')
+      render 'show'
+    end
+  end
+
+  def create
+    @white_ip = WhiteIp.new(white_ip_params)
+    @registrar = @white_ip.registrar
+
+    if @white_ip.save
+      flash[:notice] = I18n.t('record_created')
+      redirect_to [:admin, @registrar, @white_ip]
+    else
+      flash.now[:alert] = I18n.t('failed_to_create_record')
+      render 'new'
+    end
+  end
+
+  def update
+    if @white_ip.update(white_ip_params)
+      flash[:notice] = I18n.t('record_updated')
+      redirect_to [:admin, @registrar, @white_ip]
+    else
+      flash.now[:alert] = I18n.t('failed_to_update_record')
+      render 'edit'
+    end
+  end
+
+  private
+
+  def set_registrar
+    @registrar = Registrar.find_by(id: params[:registrar_id])
+  end
+
+  def white_ip_params
+    params.require(:white_ip).permit(:ipv4, :ipv6, :interface, :registrar_id)
+  end
+end

app/controllers/epp/sessions_controller.rb

@@ -18,7 +18,7 @@ class Epp::SessionsController < EppController
       @api_user = ApiUser.find_by(login_params)
     end
 
-    if @api_user.try(:active) && cert_valid
+    if @api_user.try(:active) && cert_valid && ip_white?
       if parsed_frame.css('newPW').first
         unless @api_user.update(password: parsed_frame.css('newPW').first.text)
           response.headers['X-EPP-Returncode'] = '2200'
@@ -33,6 +33,17 @@ class Epp::SessionsController < EppController
       render_epp_response('login_fail')
     end
   end
+
+  def ip_white?
+    if @api_user
+      unless @api_user.registrar.epp_ip_white?(request.ip)
+        @msg = t('ip_is_not_whitelisted')
+        return false
+      end
+    end
+    true
+  end
+
   # rubocop: enable Metrics/PerceivedComplexity
   # rubocop: enable Metrics/CyclomaticComplexity
 

app/controllers/epp_controller.rb

@@ -236,6 +236,8 @@ class EppController < ApplicationController
   end
   # rubocop: enable Style/PredicateName
 
+  # rubocop: disable Metrics/PerceivedComplexity
+  # rubocop: disable Metrics/CyclomaticComplexity
   def write_to_epp_log
     # return nil if EPP_LOG_ENABLED
     request_command = params[:command] || params[:action] # error receives :command, other methods receive :action
@@ -257,4 +259,6 @@ class EppController < ApplicationController
       ip: request.ip
     })
   end
+  # rubocop: enable Metrics/PerceivedComplexity
+  # rubocop: enable Metrics/CyclomaticComplexity
 end

app/controllers/registrant/domain_update_confirms_controller.rb

@@ -8,6 +8,8 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
     @domain = nil unless @domain.registrant_update_confirmable?(params[:token])
   end
 
+  # rubocop: disable Metrics/PerceivedComplexity
+  # rubocop: disable Metrics/CyclomaticComplexity
   def update
     @domain = Domain.find(params[:id])
     unless @domain.registrant_update_confirmable?(params[:token])
@@ -37,4 +39,6 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
       end
     end
   end
+  # rubocop: enable Metrics/PerceivedComplexity
+  # rubocop: enable Metrics/CyclomaticComplexity
 end

app/controllers/registrar/domains_controller.rb

@@ -24,7 +24,7 @@ class Registrar::DomainsController < Registrar::DeppController # EPP controller
     if response_ok?
       render 'info'
     else
-      flash[:alert] = t(:domain_not_found)
+      flash[:alert] = @data.css('msg').text
       redirect_to registrar_domains_url and return
     end
   end
@@ -118,9 +118,9 @@ class Registrar::DomainsController < Registrar::DeppController # EPP controller
   end
 
   def init_contacts_autocomplete_map
-    @contacts_autocomplete_map ||= 
+    @contacts_autocomplete_map ||=
       current_user.registrar.contacts.pluck(:name, :code).map { |c| ["#{c.second} #{c.first}", c.second] }
-    # @priv_contacts_autocomplete_map ||= 
+    # @priv_contacts_autocomplete_map ||=
       # current_user.registrar.priv_contacts.pluck(:name, :code).map { |c| ["#{c.second} #{c.first}", c.second] }
   end
 end

app/controllers/registrar/sessions_controller.rb

@@ -5,6 +5,8 @@ class Registrar::SessionsController < Devise::SessionsController
     false
   end
 
+  before_action :check_ip
+
   def login
     @depp_user = Depp::User.new
   end
@@ -139,4 +141,11 @@ class Registrar::SessionsController < Devise::SessionsController
     return User.new unless idc
     ApiUser.find_by(identity_code: idc) || User.new
   end
+
+  private
+
+  def check_ip
+    return if WhiteIp.registrar_ip_white?(request.ip)
+    render text: t('ip_is_not_whitelisted') and return
+  end
 end

app/controllers/registrar_controller.rb

@@ -1,5 +1,6 @@
 class RegistrarController < ApplicationController
-  before_action :authenticate_user!
+  before_action :authenticate_user!, :check_ip
+  # before_action :check_ip
   layout 'registrar/application'
 
   include Registrar::ApplicationHelper
@@ -9,6 +10,14 @@ class RegistrarController < ApplicationController
     false
   end
 
+  def check_ip
+    return unless current_user
+    return if current_user.registrar.registrar_ip_white?(request.ip)
+    flash[:alert] = t('ip_is_not_whitelisted')
+    sign_out(current_user)
+    redirect_to registrar_login_path and return
+  end
+
   helper_method :head_title_sufix
   def head_title_sufix
     t(:registrar_head_title_sufix)