zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-27 21:16:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add rate limiting to all repp actions

Browse source
This commit is contained in:
Thiago Youssef 2022-08-02 06:14:47 -03:00 committed by olegphenomenon
parent fb60466194
commit 2a58bf3849
48 changed files with 757 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/repp/v1/accounts_controller.rb
View file

@ -3,6 +3,9 @@ module Repp
class AccountsController < BaseController # rubocop:disable Metrics/ClassLength
load_and_authorize_resource
THROTTLED_ACTIONS = %i[index balance details update_auto_reload_balance disable_auto_reload_balance switch_user update].freeze
include Shunter::Integration::Throttle
api :get, '/repp/v1/accounts'
desc 'Get all activities'
def index

9
app/controllers/repp/v1/base_controller.rb
View file

@ -27,6 +27,10 @@ module Repp
@response = { code: 2201, message: 'Authorization error' }
logger.error e.to_s
render(json: @response, status: :unauthorized)
rescue Shunter::ThrottleError => e
@response = { code: 2502, message: Shunter.default_error_message }
logger.error e.to_s
render(json: @response, status: :bad_request)
ensure
create_repp_log
end
@ -167,6 +171,11 @@ module Repp
data[:abilities] = Ability.new(current_user).permissions
data
end
def throttled_user
authorize!(:throttled_user, @domain) unless current_user
current_user
end
end
end
end

3
app/controllers/repp/v1/contacts_controller.rb
View file

@ -5,6 +5,9 @@ module Repp
before_action :find_contact, only: %i[show update destroy]
skip_around_action :log_request, only: :search
THROTTLED_ACTIONS = %i[index check search create show update destroy].freeze
include Shunter::Integration::Throttle
api :get, '/repp/v1/contacts'
desc 'Get all existing contacts'
def index

3
app/controllers/repp/v1/domains/admin_contacts_controller.rb
View file

@ -2,6 +2,9 @@ module Repp
module V1
module Domains
class AdminContactsController < BaseContactsController
THROTTLED_ACTIONS = %i[update].freeze
include Shunter::Integration::Throttle
def update
super

3
app/controllers/repp/v1/domains/contacts_controller.rb
View file

@ -4,6 +4,9 @@ module Repp
class ContactsController < BaseContactsController
before_action :set_domain, only: %i[index create destroy]
THROTTLED_ACTIONS = %i[index create destroy update].freeze
include Shunter::Integration::Throttle
def_param_group :contacts_apidoc do
param :contacts, Array, required: true, desc: 'Array of new linked contacts' do
param :code, String, required: true, desc: 'Contact code'

3
app/controllers/repp/v1/domains/dnssec_controller.rb
View file

@ -4,6 +4,9 @@ module Repp
class DnssecController < BaseController
before_action :set_domain, only: %i[index create destroy]
THROTTLED_ACTIONS = %i[index create destroy].freeze
include Shunter::Integration::Throttle
def_param_group :dns_keys_apidoc do
param :flags, String, required: true, desc: '256 (KSK) or 257 (ZSK)'
param :protocol, String, required: true, desc: 'Key protocol (3)'

3
app/controllers/repp/v1/domains/nameservers_controller.rb
View file

@ -5,6 +5,9 @@ module Repp
before_action :set_domain, only: %i[index create destroy]
before_action :set_nameserver, only: %i[destroy]
THROTTLED_ACTIONS = %i[index create destroy].freeze
include Shunter::Integration::Throttle
api :GET, '/repp/v1/domains/:domain_name/nameservers'
desc "Get domain's nameservers"
def index

3
app/controllers/repp/v1/domains/renews_controller.rb
View file

@ -6,6 +6,9 @@ module Repp
before_action :select_renewable_domains, only: [:bulk_renew]
before_action :set_domain, only: [:create]
THROTTLED_ACTIONS = %i[create bulk_renew].freeze
include Shunter::Integration::Throttle
api :POST, 'repp/v1/domains/:domain_name/renew'
desc 'Renew domain'
param :renews, Hash, required: true, desc: 'Renew parameters' do

3
app/controllers/repp/v1/domains/statuses_controller.rb
View file

@ -5,6 +5,9 @@ module Repp
before_action :set_domain, only: %i[update destroy]
before_action :verify_status
THROTTLED_ACTIONS = %i[update destroy].freeze
include Shunter::Integration::Throttle
api :DELETE, '/repp/v1/domains/:domain_name/statuses/:status'
param :domain_name, String, desc: 'Domain name'
desc 'Remove status from specific domain'

3
app/controllers/repp/v1/domains/transfers_controller.rb
View file

@ -4,6 +4,9 @@ module Repp
class TransfersController < BaseController
before_action :set_domain, only: [:create]
THROTTLED_ACTIONS = %i[create].freeze
include Shunter::Integration::Throttle
api :POST, 'repp/v1/domains/:domain_name/transfer'
desc 'Transfer a specific domain'
param :transfer, Hash, required: true, desc: 'Renew parameters' do

3
app/controllers/repp/v1/domains_controller.rb
View file

@ -8,6 +8,9 @@ module Repp
before_action :forward_registrar_id, only: %i[create update destroy]
before_action :set_domain, only: %i[update]
THROTTLED_ACTIONS = %i[transfer_info transfer index create show update destroy].freeze
include Shunter::Integration::Throttle
api :GET, '/repp/v1/domains'
desc 'Get all existing domains'
def index

3
app/controllers/repp/v1/invoices_controller.rb
View file

@ -4,6 +4,9 @@ module Repp
class InvoicesController < BaseController # rubocop:disable Metrics/ClassLength
load_and_authorize_resource
THROTTLED_ACTIONS = %i[download add_credit send_to_recipient cancel index show].freeze
include Shunter::Integration::Throttle
# rubocop:disable Metrics/MethodLength
api :get, '/repp/v1/invoices'
desc 'Get all invoices'

3
app/controllers/repp/v1/registrar/auth_controller.rb
View file

@ -6,6 +6,9 @@ module Repp
skip_before_action :check_ip_restriction, only: :tara_callback
skip_before_action :validate_client_certs, only: :tara_callback
THROTTLED_ACTIONS = %i[index].freeze
include Shunter::Integration::Throttle
api :GET, 'repp/v1/registrar/auth'
desc 'check user auth info and return data'
def index

3
app/controllers/repp/v1/registrar/nameservers_controller.rb
View file

@ -4,6 +4,9 @@ module Repp
class NameserversController < BaseController
before_action :verify_nameserver_existance, only: %i[update]
THROTTLED_ACTIONS = %i[put].freeze
include Shunter::Integration::Throttle
api :PUT, 'repp/v1/registrar/nameservers'
desc 'bulk nameserver change'
param :data, Hash, required: true, desc: 'Object holding nameserver changes' do

3
app/controllers/repp/v1/registrar/notifications_controller.rb
View file

@ -4,6 +4,9 @@ module Repp
class NotificationsController < BaseController
before_action :set_notification, only: %i[update show]
THROTTLED_ACTIONS = %i[all_notifications index show update].freeze
include Shunter::Integration::Throttle
api :GET, '/repp/v1/registrar/notifications'
desc 'Get the latest unread poll message'
def index

3
app/controllers/repp/v1/registrar/summary_controller.rb
View file

@ -2,6 +2,9 @@ module Repp
module V1
module Registrar
class SummaryController < BaseController
THROTTLED_ACTIONS = %i[index].freeze
include Shunter::Integration::Throttle
api :GET, 'repp/v1/registrar/summary'
desc 'check user summary info and return data'

23
test/integration/api/domain_admin_contacts_test.rb
View file

@ -10,6 +10,8 @@ class APIDomainAdminContactsTest < ApplicationIntegrationTest
@admin_new.update(ident: @admin_current.ident,
ident_type: @admin_current.ident_type,
ident_country_code: @admin_current.ident_country_code)
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_replace_all_admin_contacts_when_ident_data_doesnt_match
@ -148,6 +150,27 @@ class APIDomainAdminContactsTest < ApplicationIntegrationTest
JSON.parse(response.body, symbolize_names: true)
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
domain = domains(:airport)
domain.admin_contacts = [@admin_current]
patch '/repp/v1/domains/admin_contacts', params: { current_contact_id: @admin_current.code,
new_contact_id: @admin_new.code },
headers: { 'HTTP_AUTHORIZATION' => http_auth_key }
patch '/repp/v1/domains/admin_contacts', params: { current_contact_id: @admin_current.code,
new_contact_id: @admin_new.code },
headers: { 'HTTP_AUTHORIZATION' => http_auth_key }
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
private
def http_auth_key

18
test/integration/repp/v1/accounts/activities_list_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1AccountsActivitiesListTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_returns_account_activities
@ -67,4 +70,19 @@ class ReppV1AccountsActivitiesListTest < ActionDispatch::IntegrationTest
assert_equal @user.registrar.cash_account.activities.count, json[:data][:activities].length
assert_equal json[:data][:activities][0][:description], activity.description
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get repp_v1_accounts_path, headers: @auth_headers
get repp_v1_accounts_path, headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

20
test/integration/repp/v1/accounts/balance_test.rb
View file

@ -8,9 +8,12 @@ class ReppV1BalanceTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_can_query_balance
get '/repp/v1/accounts/balance', headers: @auth_headers
@ -49,5 +52,20 @@ class ReppV1BalanceTest < ActionDispatch::IntegrationTest
assert trans[:created_at].to_date.to_s(:db) >= started_from
assert trans[:created_at].to_date.to_s(:db) >= end_to
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get '/repp/v1/accounts/balance', headers: @auth_headers
get '/repp/v1/accounts/balance', headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end
end

20
test/integration/repp/v1/accounts/details_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1AccountsDetailsTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_returns_account_details
@ -19,4 +22,19 @@ class ReppV1AccountsDetailsTest < ActionDispatch::IntegrationTest
assert_equal @user.registrar.billing_email, json[:data][:account][:billing_email]
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get '/repp/v1/accounts/details', headers: @auth_headers
get '/repp/v1/accounts/details', headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

28
test/integration/repp/v1/accounts/switch_user_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1AccountsSwitchUserTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_switches_to_linked_api_user
@ -48,4 +51,27 @@ class ReppV1AccountsSwitchUserTest < ActionDispatch::IntegrationTest
assert_response :bad_request
assert_equal 'Cannot switch to unlinked user', json[:message]
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
new_user = users(:api_goodnames)
new_user.update(identity_code: '1234')
request_body = {
account: {
new_user_id: new_user.id,
},
}
put '/repp/v1/accounts/switch_user', headers: @auth_headers, params: request_body
put '/repp/v1/accounts/switch_user', headers: @auth_headers, params: request_body
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

46
test/integration/repp/v1/accounts/update_auto_reload_balance_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1AccountsUpdateAutoReloadBalanceTest < ActionDispatch::IntegrationTes
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_updates_auto_reload_balance
@ -66,4 +69,45 @@ class ReppV1AccountsUpdateAutoReloadBalanceTest < ActionDispatch::IntegrationTes
assert_nil @user.registrar.settings['balance_auto_reload']
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
amount = 100
threshold = 10
request_body = {
type: {
amount: amount,
threshold: threshold,
},
}
post '/repp/v1/accounts/update_auto_reload_balance', headers: @auth_headers,
params: request_body
post '/repp/v1/accounts/update_auto_reload_balance', headers: @auth_headers,
params: request_body
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get '/repp/v1/accounts/disable_auto_reload_balance', headers: @auth_headers
get '/repp/v1/accounts/disable_auto_reload_balance', headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

27
test/integration/repp/v1/accounts/update_details_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1AccountsUpdateDetailsTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_updates_details
@ -27,4 +30,26 @@ class ReppV1AccountsUpdateDetailsTest < ActionDispatch::IntegrationTest
assert_equal(request_body[:account][:billing_email], @user.registrar.billing_email)
assert_equal(request_body[:account][:iban], @user.registrar.iban)
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
request_body = {
account: {
billing_email: 'donaldtrump@yandex.ru',
iban: 'GB331111111111111111',
},
}
put '/repp/v1/accounts', headers: @auth_headers, params: request_body
put '/repp/v1/accounts', headers: @auth_headers, params: request_body
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

19
test/integration/repp/v1/contacts/check_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1ContactsCheckTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_code_based_check_returns_true_for_available_contact
@ -27,4 +30,20 @@ class ReppV1ContactsCheckTest < ActionDispatch::IntegrationTest
assert_equal contact.code, json[:data][:contact][:code]
assert_equal false, json[:data][:contact][:available]
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
contact = contacts(:jack)
get "/repp/v1/contacts/check/#{contact.code}", headers: @auth_headers
get "/repp/v1/contacts/check/#{contact.code}", headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

31
test/integration/repp/v1/contacts/create_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1ContactsCreateTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_creates_new_contact
@ -153,4 +156,32 @@ class ReppV1ContactsCreateTest < ActionDispatch::IntegrationTest
contact = Contact.find_by(code: json[:data][:contact][:code])
assert contact.legal_documents.any?
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
request_body = {
contact: {
name: 'Donald Trump',
phone: '+372.51111112',
email: 'donald@trumptower.com',
ident: {
ident_type: 'priv',
ident_country_code: 'EE',
ident: '39708290069',
},
},
}
post '/repp/v1/contacts', headers: @auth_headers, params: request_body
post '/repp/v1/contacts', headers: @auth_headers, params: request_body
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

18
test/integration/repp/v1/contacts/delete_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1ContactsDeleteTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_deletes_unassociated_contact
@ -44,4 +47,19 @@ class ReppV1ContactsDeleteTest < ActionDispatch::IntegrationTest
assert_response :not_found
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
delete "/repp/v1/contacts/#{contacts(:invalid_email).code}", headers: @auth_headers
delete "/repp/v1/contacts/#{contacts(:john).code}", headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

18
test/integration/repp/v1/contacts/list_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1ContactsListTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_returns_registrar_contacts
@ -79,4 +82,19 @@ class ReppV1ContactsListTest < ActionDispatch::IntegrationTest
assert_equal @user.registrar.contacts.count, json[:data][:contacts].length
assert_equal json[:data][:contacts][0][:code], contact.code
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get repp_v1_contacts_path, headers: @auth_headers
get repp_v1_contacts_path, headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

19
test/integration/repp/v1/contacts/search_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1ContactsSearchTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_searches_all_contacts_by_id
@ -40,4 +43,18 @@ class ReppV1ContactsSearchTest < ActionDispatch::IntegrationTest
assert json[:data].is_a? Array
assert_equal json[:data].length, 0
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get '/repp/v1/contacts/search', headers: @auth_headers, params: { query: '000' }
get '/repp/v1/contacts/search', headers: @auth_headers, params: { query: 'j' }
json = JSON.parse(response.body, symbolize_names: true)
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

20
test/integration/repp/v1/contacts/show_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1ContactsShowTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_returns_error_when_not_found
@ -42,4 +45,21 @@ class ReppV1ContactsShowTest < ActionDispatch::IntegrationTest
assert_equal 2303, json[:code]
assert_equal 'Object does not exist', json[:message]
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
contact = @user.registrar.contacts.first
get repp_v1_contact_path(id: contact.code), headers: @auth_headers
get repp_v1_contact_path(id: contact.code), headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

24
test/integration/repp/v1/contacts/update_test.rb
View file

@ -8,6 +8,9 @@ class ReppV1ContactsUpdateTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_updates_contact
@ -118,4 +121,25 @@ class ReppV1ContactsUpdateTest < ActionDispatch::IntegrationTest
assert_equal 2308, json[:code]
assert_equal 'Ident update is not allowed. Consider creating new contact object', json[:message]
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
request_body = {
"contact": {
"email": "donaldtrump@yandex.ru"
}
}
put "/repp/v1/contacts/#{@contact.code}", headers: @auth_headers, params: request_body
put "/repp/v1/contacts/#{@contact.code}", headers: @auth_headers, params: request_body
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

27
test/integration/repp/v1/domains/bulk_renew_test.rb
View file

@ -8,6 +8,9 @@ class ReppV1DomainsBulkRenewTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_renews_domains
@ -129,6 +132,30 @@ class ReppV1DomainsBulkRenewTest < ActionDispatch::IntegrationTest
assert_equal 'Invalid renew period', json[:message]
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
payload = {
"domains": [
'shop.test',
'airport.test',
'library.test'
],
"renew_period": "1y"
}
post "/repp/v1/domains/renew/bulk", headers: @auth_headers, params: payload
post "/repp/v1/domains/renew/bulk", headers: @auth_headers, params: payload
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
private
def set_status_for_domain(domain, statuses)

20
test/integration/repp/v1/domains/contacts_test.rb
View file

@ -8,6 +8,9 @@ class ReppV1DomainsContactsTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_shows_existing_domain_contacts
@ -22,6 +25,21 @@ class ReppV1DomainsContactsTest < ActionDispatch::IntegrationTest
assert_equal @domain.tech_contacts.length, json[:data][:tech_contacts].length
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get "/repp/v1/domains/#{@domain.name}/contacts", headers: @auth_headers
get "/repp/v1/domains/#{@domain.name}/contacts", headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
def test_can_add_new_admin_contacts
new_contact = contacts(:john)
refute @domain.admin_contacts.find_by(code: new_contact.code).present?
@ -71,7 +89,7 @@ class ReppV1DomainsContactsTest < ActionDispatch::IntegrationTest
def test_can_remove_tech_contacts
Spy.on_instance_method(Actions::DomainUpdate, :validate_email).and_return(true)
contact = contacts(:john)
payload = { contacts: [ { code: contact.code, type: 'tech' } ] }
post "/repp/v1/domains/#{@domain.name}/contacts", headers: @auth_headers, params: payload

18
test/integration/repp/v1/domains/dnssec_test.rb
View file

@ -8,6 +8,9 @@ class ReppV1DomainsDnssecTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_shows_dnssec_keys_associated_with_domain
@ -120,4 +123,19 @@ class ReppV1DomainsDnssecTest < ActionDispatch::IntegrationTest
assert @domain.dnskeys.empty?
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get "/repp/v1/domains/#{@domain.name}/dnssec", headers: @auth_headers
get "/repp/v1/domains/#{@domain.name}/dnssec", headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

18
test/integration/repp/v1/domains/list_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1DomainsListTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_returns_registrar_domains
@ -92,4 +95,19 @@ class ReppV1DomainsListTest < ActionDispatch::IntegrationTest
assert_equal @user.registrar.domains.count, json[:data][:domains].length
assert_equal json[:data][:domains][0][:name], domain.name
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get repp_v1_domains_path, headers: @auth_headers
get repp_v1_domains_path, headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

18
test/integration/repp/v1/domains/nameservers_test.rb
View file

@ -8,6 +8,9 @@ class ReppV1DomainsNameserversTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_can_add_new_nameserver
@ -30,6 +33,21 @@ class ReppV1DomainsNameserversTest < ActionDispatch::IntegrationTest
assert_equal payload[:nameservers][0][:ipv6], @domain.nameservers.last.ipv6
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get "/repp/v1/domains/#{@domain.name}/nameservers", headers: @auth_headers
get "/repp/v1/domains/#{@domain.name}/nameservers", headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
def test_can_remove_existing_nameserver
payload = {
nameservers: [

17
test/integration/repp/v1/domains/statuses_test.rb
View file

@ -8,6 +8,9 @@ class ReppV1DomainsStatusesTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_client_hold_can_be_added
@ -79,4 +82,18 @@ class ReppV1DomainsStatusesTest < ActionDispatch::IntegrationTest
assert_equal 2306, json[:code]
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
put repp_v1_domain_status_path(domain_id: @domain.name, id: DomainStatus::CLIENT_HOLD), headers: @auth_headers
put repp_v1_domain_status_path(domain_id: @domain.name, id: DomainStatus::CLIENT_HOLD), headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

21
test/integration/repp/v1/domains/transfer_info_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1DomainsTransferInfoTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@domain = domains(:shop)
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_can_query_domain_info
@ -51,4 +54,22 @@ class ReppV1DomainsTransferInfoTest < ActionDispatch::IntegrationTest
assert_response :ok
assert_equal 1000, json[:code]
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
headers = @auth_headers
headers['Auth-Code'] = @domain.transfer_code
get "/repp/v1/domains/#{@domain.name}/transfer_info", headers: headers
get "/repp/v1/domains/#{@domain.name}/transfer_info", headers: headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

19
test/integration/repp/v1/domains/transfer_test.rb
View file

@ -8,6 +8,9 @@ class ReppV1DomainsTransferTest < ActionDispatch::IntegrationTest
@domain = domains(:hospital)
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_transfers_scoped_domain
@ -152,4 +155,20 @@ class ReppV1DomainsTransferTest < ActionDispatch::IntegrationTest
assert_not @domain.registrar == @user.registrar
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
payload = { transfer: { transfer_code: @domain.transfer_code } }
post "/repp/v1/domains/#{@domain.name}/transfer", headers: @auth_headers, params: payload
post "/repp/v1/domains/#{@domain.name}/transfer", headers: @auth_headers, params: payload
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

39
test/integration/repp/v1/invoices/add_credit_test.rb
View file

@ -24,6 +24,8 @@ class ReppV1InvoicesAddCreditTest < ActionDispatch::IntegrationTest
message: 'success'
}
stub_request(:post, "https://eis_billing_system:3000/api/v1/e_invoice/e_invoice").to_return(status: 200, body: msg2.to_json, headers: {})
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
teardown do
@ -101,4 +103,39 @@ class ReppV1InvoicesAddCreditTest < ActionDispatch::IntegrationTest
assert_response :bad_request
assert_equal "Amount is too small. Minimum deposit is #{Setting.minimum_deposit} EUR", json[:message]
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
request_body = {
invoice: {
amount: 100,
description: 'Add credit',
},
}
Setting.registry_vat_prc = 0.1
ENV['billing_system_integrated'] = 'true'
if Feature.billing_system_integrated?
invoice_n = Invoice.order(number: :desc).last.number
stub_request(:post, 'https://eis_billing_system:3000/api/v1/invoice_generator/invoice_number_generator')
.to_return(status: 200, body: "{\"invoice_number\":\"#{invoice_n + 3}\"}", headers: {})
stub_request(:post, 'https://eis_billing_system:3000/api/v1/e_invoice/e_invoice')
.to_return(status: 200, body: '', headers: {})
end
post '/repp/v1/invoices/add_credit', headers: @auth_headers,
params: request_body
post '/repp/v1/invoices/add_credit', headers: @auth_headers,
params: request_body
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

2
test/integration/repp/v1/invoices/cancel_test.rb
View file

@ -41,4 +41,4 @@ class ReppV1InvoicesCancelTest < ActionDispatch::IntegrationTest
invoice.reload
assert_not invoice.cancelled?
end
end
end

22
test/integration/repp/v1/invoices/download_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1InvoicesDownloadTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_returns_invoice_as_pdf
@ -19,4 +22,21 @@ class ReppV1InvoicesDownloadTest < ActionDispatch::IntegrationTest
assert_equal "attachment; filename=\"Invoice-2.pdf\"; filename*=UTF-8''Invoice-2.pdf", response.headers['Content-Disposition']
assert_not_empty response.body
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
invoice = @user.registrar.invoices.first
get "/repp/v1/invoices/#{invoice.id}/download", headers: @auth_headers
get "/repp/v1/invoices/#{invoice.id}/download", headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

20
test/integration/repp/v1/invoices/list_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1InvoicesListTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_returns_registrar_invoices
@ -82,4 +85,19 @@ class ReppV1InvoicesListTest < ActionDispatch::IntegrationTest
assert_equal (@user.registrar.invoices.count - offset), json[:data][:invoices].length
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get repp_v1_invoices_path, headers: @auth_headers
get repp_v1_invoices_path, headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

31
test/integration/repp/v1/invoices/send_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1InvoicesSendTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_sends_invoice_to_recipient
@ -36,4 +39,30 @@ class ReppV1InvoicesSendTest < ActionDispatch::IntegrationTest
assert_equal 'Invoice no. 1', email.subject
assert email.attachments['invoice-1.pdf']
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
invoice = invoices(:one)
recipient = 'donaldtrump@yandex.ru'
request_body = {
invoice: {
id: invoice.id,
recipient: recipient,
},
}
post "/repp/v1/invoices/#{invoice.id}/send_to_recipient", headers: @auth_headers,
params: request_body
post "/repp/v1/invoices/#{invoice.id}/send_to_recipient", headers: @auth_headers,
params: request_body
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

22
test/integration/repp/v1/invoices/show_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1InvoicesShowTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_returns_error_when_not_found
@ -30,4 +33,21 @@ class ReppV1InvoicesShowTest < ActionDispatch::IntegrationTest
assert_equal invoice.id, json[:data][:invoice][:id]
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
invoice = @user.registrar.invoices.first
get repp_v1_invoice_path(id: invoice.id), headers: @auth_headers
get repp_v1_invoice_path(id: invoice.id), headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

20
test/integration/repp/v1/registrar/auth/check_info_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1RegistrarAuthCheckInfoTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_returns_valid_user_auth_values
@ -35,4 +38,19 @@ class ReppV1RegistrarAuthCheckInfoTest < ActionDispatch::IntegrationTest
assert_response :unauthorized
assert_equal json[:message], 'Invalid authorization information'
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get '/repp/v1/registrar/auth', headers: @auth_headers
get '/repp/v1/registrar/auth', headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end

2
test/integration/repp/v1/registrar/auth/tara_callback_test.rb
View file

@ -43,4 +43,4 @@ class ReppV1RegistrarAuthTaraCallbackTest < ActionDispatch::IntegrationTest
assert_response :unauthorized
assert_equal 'No such user', json[:message]
end
end
end

52
test/integration/repp/v1/registrar/notifications_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1RegistrarNotificationsTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_all_unreaded_poll_messages
@ -20,6 +23,22 @@ class ReppV1RegistrarNotificationsTest < ActionDispatch::IntegrationTest
assert_equal json[:data].last[:text], notification.last.text
end
def test_all_notifications_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
notification = @user.registrar.notifications.where(read: false).order(created_at: :desc).all
get "/repp/v1/registrar/notifications/all_notifications", headers: @auth_headers
get "/repp/v1/registrar/notifications/all_notifications", headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
def test_gets_latest_unread_poll_message
notification = @user.registrar.notifications.where(read: false).order(created_at: :desc).first
get "/repp/v1/registrar/notifications", headers: @auth_headers
@ -31,6 +50,22 @@ class ReppV1RegistrarNotificationsTest < ActionDispatch::IntegrationTest
assert_equal notification.text, json[:data][:text]
end
def test_index_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
notification = @user.registrar.notifications.where(read: false).order(created_at: :desc).first
get "/repp/v1/registrar/notifications", headers: @auth_headers
get "/repp/v1/registrar/notifications", headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
def test_can_read_specific_notification_by_id
notification = @user.registrar.notifications.order(created_at: :desc).second
@ -43,6 +78,23 @@ class ReppV1RegistrarNotificationsTest < ActionDispatch::IntegrationTest
assert_equal notification.text, json[:data][:text]
end
def test_show_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
notification = @user.registrar.notifications.order(created_at: :desc).second
get "/repp/v1/registrar/notifications/#{notification.id}", headers: @auth_headers
get "/repp/v1/registrar/notifications/#{notification.id}", headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
def test_can_mark_notification_as_read
@auth_headers['Content-Type'] = 'application/json'
notification = @user.registrar.notifications.where(read: false).order(created_at: :desc).first

20
test/integration/repp/v1/registrar/summary_test.rb
View file

@ -7,6 +7,9 @@ class ReppV1RegistrarSummaryTest < ActionDispatch::IntegrationTest
token = "Basic #{token}"
@auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new
adapter&.clear!
end
def test_checks_user_summary_info
@ -40,4 +43,19 @@ class ReppV1RegistrarSummaryTest < ActionDispatch::IntegrationTest
assert_nil json[:data][:notification]
assert_nil json[:data][:notifications_count]
end
end
def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1'
ENV["shunter_enabled"] = 'true'
get '/repp/v1/registrar/summary', headers: @auth_headers
get '/repp/v1/registrar/summary', headers: @auth_headers
json = JSON.parse(response.body, symbolize_names: true)
assert_response :bad_request
assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000'
ENV["shunter_enabled"] = 'false'
end
end