zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-06 04:37:30 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into registry-790

Browse source
This commit is contained in:
Artur Beljajev 2018-08-27 15:24:05 +03:00
commit 3d51a93f95
104 changed files with 728 additions and 557 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/api/repp/api.rb
View file

@ -4,7 +4,7 @@ module Repp
prefix :repp
http_basic do |username, password|
@current_user ||= ApiUser.find_by(username: username, password: password)
@current_user ||= ApiUser.find_by(username: username, plain_text_password: password)
if @current_user
true
else

7
app/controllers/admin/api_users_controller.rb
View file

@ -32,7 +32,10 @@ module Admin
end
def update
params[:api_user].delete(:password) if params[:api_user][:password].blank?
if params[:api_user][:plain_text_password].blank?
params[:api_user].delete(:plain_text_password)
end
if @api_user.update(api_user_params)
flash[:notice] = I18n.t('record_updated')
redirect_to [:admin, @api_user]
@ -59,7 +62,7 @@ module Admin
end
def api_user_params
params.require(:api_user).permit(:username, :password, :active,
params.require(:api_user).permit(:username, :plain_text_password, :active,
:registrar_id, :registrar_typeahead,
:identity_code, { roles: [] })
end

14
app/controllers/admin/base_controller.rb
View file

@ -1,10 +1,20 @@
module Admin
class BaseController < ApplicationController
before_action :authenticate_user!
before_action :authenticate_admin_user!
helper_method :head_title_sufix
def head_title_sufix
t(:admin_head_title_sufix)
end
private
def current_ability
@current_ability ||= Ability.new(current_admin_user)
end
def user_for_paper_trail
current_admin_user ? current_admin_user.id_role_username : 'anonymous'
end
end
end
end

7
app/controllers/admin/dashboard_controller.rb Normal file
View file

@ -0,0 +1,7 @@
module Admin
class DashboardController < BaseController
authorize_resource class: false
def show; end
end
end

9
app/controllers/admin/dashboards_controller.rb
View file

@ -1,9 +0,0 @@
module Admin
class DashboardsController < BaseController
authorize_resource class: false
def show
redirect_to [:admin, :domains] if can? :show, Domain
end
end
end

4
app/controllers/admin/pending_deletes_controller.rb
View file

@ -6,7 +6,7 @@ module Admin
def update
authorize! :update, :pending
if registrant_verification.domain_registrant_delete_confirm!("admin #{current_user.username}")
if registrant_verification.domain_registrant_delete_confirm!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)
@ -16,7 +16,7 @@ module Admin
def destroy
authorize! :destroy, :pending
if registrant_verification.domain_registrant_delete_reject!("admin #{current_user.username}")
if registrant_verification.domain_registrant_delete_reject!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)

4
app/controllers/admin/pending_updates_controller.rb
View file

@ -6,7 +6,7 @@ module Admin
def update
authorize! :update, :pending
if registrant_verification.domain_registrant_change_confirm!("admin #{current_user.username}")
if registrant_verification.domain_registrant_change_confirm!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied)
else
redirect_to edit_admin_domain_path(@domain.id), alert: t(:failure)
@ -15,7 +15,7 @@ module Admin
def destroy
authorize! :destroy, :pending
if registrant_verification.domain_registrant_change_reject!("admin #{current_user.username}")
if registrant_verification.domain_registrant_change_reject!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)

29
app/controllers/admin/sessions_controller.rb
View file

@ -1,28 +1,17 @@
module Admin
class SessionsController < Devise::SessionsController
skip_authorization_check only: :create
private
def login
@admin_user = AdminUser.new
def after_sign_in_path_for(_resource_or_scope)
admin_domains_path
end
def create
if params[:admin_user].blank?
@admin_user = AdminUser.new
flash[:alert] = 'Something went wrong'
return render 'login'
end
def after_sign_out_path_for(_resource_or_scope)
new_admin_user_session_path
end
@admin_user = AdminUser.find_by(username: params[:admin_user][:username])
@admin_user ||= AdminUser.new(username: params[:admin_user][:username])
if @admin_user.valid_password?(params[:admin_user][:password])
sign_in @admin_user, event: :authentication
redirect_to admin_root_url, notice: I18n.t(:welcome)
else
flash[:alert] = 'Authorization error'
render 'login'
end
def user_for_paper_trail
current_admin_user ? current_admin_user.id_role_username : 'anonymous'
end
end
end
end

2
app/controllers/api/v1/registrant/contacts_controller.rb
View file

@ -35,7 +35,7 @@ module Api
private
def set_contacts_pool
country_code, ident = current_user.registrant_ident.to_s.split '-'
country_code, ident = current_registrant_user.registrant_ident.to_s.split '-'
associated_domain_ids = begin
BusinessRegistryCache.fetch_by_ident_and_cc(ident, country_code).associated_domain_ids
end

4
app/controllers/api/v1/registrant/domains_controller.rb
View file

@ -16,12 +16,12 @@ module Api
status: :bad_request) && return
end
@domains = associated_domains(current_user).limit(limit).offset(offset)
@domains = associated_domains(current_registrant_user).limit(limit).offset(offset)
render json: @domains
end
def show
domain_pool = associated_domains(current_user)
domain_pool = associated_domains(current_registrant_user)
@domain = domain_pool.find_by(uuid: params[:uuid])
if @domain

52
app/controllers/application_controller.rb
View file

@ -12,63 +12,15 @@ class ApplicationController < ActionController::Base
end
rescue_from CanCan::AccessDenied do |exception|
redirect_to current_root_url, alert: exception.message
redirect_to root_url, alert: exception.message
end
helper_method :registrant_request?, :registrar_request?, :admin_request?, :current_root_url
helper_method :available_languages
def registrant_request?
request.path.match(/^\/registrant/)
end
def registrar_request?
request.path.match(/^\/registrar/)
end
def admin_request?
request.path.match(/^\/admin/)
end
def current_root_url
if registrar_request?
registrar_root_url
elsif registrant_request?
registrant_login_url
elsif admin_request?
admin_root_url
end
end
def after_sign_in_path_for(_resource)
rt = session[:user_return_to].to_s.presence
login_paths = [admin_login_path, registrar_login_path, '/login']
return rt if rt && !login_paths.include?(rt)
current_root_url
end
def after_sign_out_path_for(_resource)
if registrar_request?
registrar_login_url
elsif registrant_request?
registrant_login_url
elsif admin_request?
admin_login_url
end
end
def info_for_paper_trail
{ uuid: request.uuid }
end
def user_for_paper_trail
user_log_str(current_user)
end
def user_log_str(user)
user.nil? ? 'public' : user.id_role_username
end
def comma_support_for(parent_key, key)
return if params[parent_key].blank?
return if params[parent_key][key].blank?
@ -80,4 +32,4 @@ class ApplicationController < ActionController::Base
def available_languages
{ en: 'English', et: 'Estonian' }.invert
end
end
end

4
app/controllers/epp/sessions_controller.rb
View file

@ -81,7 +81,7 @@ class Epp::SessionsController < EppController
if success
if params[:parsed_frame].css('newPW').first
unless @api_user.update(password: params[:parsed_frame].css('newPW').first.text)
unless @api_user.update(plain_text_password: params[:parsed_frame].css('newPW').first.text)
response.headers['X-EPP-Returncode'] = '2500'
handle_errors(@api_user) and return
end
@ -128,7 +128,7 @@ class Epp::SessionsController < EppController
def login_params
user = params[:parsed_frame].css('clID').first.text
pw = params[:parsed_frame].css('pw').first.text
{ username: user, password: pw }
{ username: user, plain_text_password: pw }
end
private

3
app/controllers/registrant/contacts_controller.rb
View file

@ -3,7 +3,6 @@ class Registrant::ContactsController < RegistrantController
def show
@contact = Contact.where(id: contacts).find_by(id: params[:id])
@current_user = current_user
authorize! :read, @contact
end
@ -22,7 +21,7 @@ class Registrant::ContactsController < RegistrantController
def domain_ids
@domain_ids ||= begin
ident_cc, ident = @current_user.registrant_ident.to_s.split '-'
ident_cc, ident = current_registrant_user.registrant_ident.to_s.split '-'
BusinessRegistryCache.fetch_by_ident_and_cc(ident, ident_cc).associated_domain_ids
end
end

3
app/controllers/registrant/domain_delete_confirms_controller.rb
View file

@ -19,7 +19,8 @@ class Registrant::DomainDeleteConfirmsController < RegistrantController
domain_name: @domain.name,
verification_token: params[:token])
initiator = current_user ? current_user.username : t(:user_not_authenticated)
initiator = current_registrant_user ? current_registrant_user.username :
t(:user_not_authenticated)
if params[:rejected]
if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}")

3
app/controllers/registrant/domain_update_confirms_controller.rb
View file

@ -19,7 +19,8 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
domain_name: @domain.name,
verification_token: params[:token])
initiator = current_user ? current_user.username : t(:user_not_authenticated)
initiator = current_registrant_user ? current_registrant_user.username :
t(:user_not_authenticated)
if params[:rejected]
if @registrant_verification.domain_registrant_change_reject!("email link, #{initiator}")

4
app/controllers/registrant/domains_controller.rb
View file

@ -54,13 +54,13 @@ class Registrant::DomainsController < RegistrantController
end
def domains
ident_cc, ident = @current_user.registrant_ident.split '-'
ident_cc, ident = current_registrant_user.registrant_ident.split '-'
begin
BusinessRegistryCache.fetch_associated_domains ident, ident_cc
rescue Soap::Arireg::NotAvailableError => error
flash[:notice] = I18n.t(error.json[:message])
Rails.logger.fatal("[EXCEPTION] #{error.to_s}")
current_user.domains
current_registrant_user.domains
end
end

26
app/controllers/registrant/sessions_controller.rb
View file

@ -1,8 +1,7 @@
class Registrant::SessionsController < Devise::SessionsController
layout 'registrant/application'
def login
end
def new; end
def id
id_code, id_issuer = request.env['SSL_CLIENT_S_DN'], request.env['SSL_CLIENT_I_DN_O']
@ -10,11 +9,10 @@ class Registrant::SessionsController < Devise::SessionsController
@user = RegistrantUser.find_or_create_by_idc_data(id_code, id_issuer)
if @user
sign_in(@user, event: :authentication)
redirect_to registrant_root_url
sign_in_and_redirect(:registrant_user, @user, event: :authentication)
else
flash[:alert] = t('login_failed_check_id_card')
redirect_to registrant_login_url
redirect_to new_registrant_user_session_url
end
end
@ -68,7 +66,7 @@ class Registrant::SessionsController < Devise::SessionsController
when 'USER_AUTHENTICATED'
@user = RegistrantUser.find_by(registrant_ident: "#{session[:user_country]}-#{session[:user_id_code]}")
sign_in @user
sign_in(:registrant_user, @user)
flash[:notice] = t(:welcome)
flash.keep(:notice)
render js: "window.location = '#{registrant_root_path}'"
@ -97,4 +95,18 @@ class Registrant::SessionsController < Devise::SessionsController
return User.new unless idc
ApiUser.find_by(identity_code: idc) || User.new
end
end
private
def after_sign_in_path_for(_resource_or_scope)
registrant_root_path
end
def after_sign_out_path_for(_resource_or_scope)
new_registrant_user_session_path
end
def user_for_paper_trail
current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous'
end
end

15
app/controllers/registrant_controller.rb
View file

@ -1,11 +1,22 @@
class RegistrantController < ApplicationController
before_action :authenticate_user!
before_action :authenticate_registrant_user!
layout 'registrant/application'
include Registrant::ApplicationHelper
helper_method :head_title_sufix
def head_title_sufix
t(:registrant_head_title_sufix)
end
end
private
def current_ability
@current_ability ||= Ability.new(current_registrant_user, request.remote_ip)
end
def user_for_paper_trail
current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous'
end
end

2
app/controllers/registrar/account_activities_controller.rb
View file

@ -4,7 +4,7 @@ class Registrar
def index
params[:q] ||= {}
account = current_user.registrar.cash_account
account = current_registrar_user.registrar.cash_account
ca_cache = params[:q][:created_at_lteq]
begin

14
app/controllers/registrar/base_controller.rb
View file

@ -2,7 +2,7 @@ class Registrar
class BaseController < ApplicationController
include Registrar::ApplicationHelper
before_action :authenticate_user!
before_action :authenticate_registrar_user!
before_action :check_ip_restriction
helper_method :depp_controller?
helper_method :head_title_sufix
@ -10,21 +10,21 @@ class Registrar
protected
def current_ability
@current_ability ||= Ability.new(current_user, request.remote_ip)
@current_ability ||= Ability.new(current_registrar_user, request.remote_ip)
end
private
def check_ip_restriction
ip_restriction = Authorization::RestrictedIP.new(request.ip)
allowed = ip_restriction.can_access_registrar_area?(current_user.registrar)
allowed = ip_restriction.can_access_registrar_area?(current_registrar_user.registrar)
return if allowed
sign_out current_user
sign_out current_registrar_user
flash[:alert] = t('registrar.authorization.ip_not_allowed', ip: request.ip)
redirect_to registrar_login_url
redirect_to new_registrar_user_session_url
end
def depp_controller?
@ -34,5 +34,9 @@ class Registrar
def head_title_sufix
t(:registrar_head_title_sufix)
end
def user_for_paper_trail
current_registrar_user ? current_registrar_user.id_role_username : 'anonymous'
end
end
end

2
app/controllers/registrar/bulk_change_controller.rb
View file

@ -10,7 +10,7 @@ class Registrar
private
def available_contacts
current_user.registrar.contacts.order(:name).pluck(:name, :code)
current_registrar_user.registrar.contacts.order(:name).pluck(:name, :code)
end
def default_tab

6
app/controllers/registrar/contacts_controller.rb
View file

@ -21,11 +21,11 @@ class Registrar
end
if params[:statuses_contains]
contacts = current_user.registrar.contacts.includes(:registrar).where(
contacts = current_registrar_user.registrar.contacts.includes(:registrar).where(
"contacts.statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
)
else
contacts = current_user.registrar.contacts.includes(:registrar)
contacts = current_registrar_user.registrar.contacts.includes(:registrar)
end
normalize_search_parameters do
@ -45,7 +45,7 @@ class Registrar
@contacts = Contact.find_by(name: params[:q][:name_matches])
end
contacts = current_user.registrar.contacts.includes(:registrar)
contacts = current_registrar_user.registrar.contacts.includes(:registrar)
contacts = contacts.filter_by_states(params[:statuses_contains]) if params[:statuses_contains]
normalize_search_parameters do

4
app/controllers/registrar/current_user_controller.rb
View file

@ -3,9 +3,9 @@ class Registrar
skip_authorization_check
def switch
raise 'Cannot switch to unlinked user' unless current_user.linked_with?(new_user)
raise 'Cannot switch to unlinked user' unless current_registrar_user.linked_with?(new_user)
sign_in(new_user)
sign_in(:registrar_user, new_user)
redirect_to :back, notice: t('.switched', new_user: new_user)
end

13
app/controllers/registrar/dashboard_controller.rb
View file

@ -1,13 +0,0 @@
class Registrar
class DashboardController < BaseController
authorize_resource class: false
def show
if can?(:show, :poll)
redirect_to registrar_poll_url and return
elsif can?(:show, Invoice)
redirect_to registrar_invoices_url and return
end
end
end
end

2
app/controllers/registrar/deposits_controller.rb
View file

@ -7,7 +7,7 @@ class Registrar
end
def create
@deposit = Deposit.new(deposit_params.merge(registrar: current_user.registrar))
@deposit = Deposit.new(deposit_params.merge(registrar: current_registrar_user.registrar))
@invoice = @deposit.issue_prepayment_invoice
if @invoice

10
app/controllers/registrar/depp_controller.rb
View file

@ -5,13 +5,13 @@ class Registrar
rescue_from(Errno::ECONNRESET, Errno::ECONNREFUSED) do |exception|
logger.error 'COULD NOT CONNECT TO REGISTRY'
logger.error exception.backtrace.join("\n")
redirect_to registrar_login_url, alert: t(:no_connection_to_registry)
redirect_to new_registrar_user_session_url, alert: t(:no_connection_to_registry)
end
before_action :authenticate_user
def authenticate_user
redirect_to registrar_login_url and return unless depp_current_user
redirect_to new_registrar_user_session_url and return unless depp_current_user
end
def depp_controller?
@ -19,10 +19,10 @@ class Registrar
end
def depp_current_user
return nil unless current_user
return nil unless current_registrar_user
@depp_current_user ||= Depp::User.new(
tag: current_user.username,
password: current_user.password
tag: current_registrar_user.username,
password: current_registrar_user.plain_text_password
)
end

3
app/controllers/registrar/domain_transfers_controller.rb
View file

@ -21,7 +21,8 @@ class Registrar
uri = URI.parse("#{ENV['repp_url']}domain_transfers")
request = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
request.body = { data: { domainTransfers: domain_transfers } }.to_json
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username,
current_registrar_user.plain_text_password)
if Rails.env.test?

8
app/controllers/registrar/domains_controller.rb
View file

@ -16,11 +16,11 @@ class Registrar
end
if params[:statuses_contains]
domains = current_user.registrar.domains.includes(:registrar, :registrant).where(
domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant).where(
"statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
)
else
domains = current_user.registrar.domains.includes(:registrar, :registrant)
domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant)
end
normalize_search_parameters do
@ -142,7 +142,7 @@ class Registrar
def search_contacts
authorize! :create, Depp::Domain
scope = current_user.registrar.contacts.limit(10)
scope = current_registrar_user.registrar.contacts.limit(10)
if params[:query].present?
escaped_str = ActiveRecord::Base.connection.quote_string params[:query]
scope = scope.where("name ilike '%#{escaped_str}%' OR code ilike '%#{escaped_str}%' ")
@ -159,7 +159,7 @@ class Registrar
def contacts
current_user.registrar.contacts
current_registrar_user.registrar.contacts
end
def normalize_search_parameters

3
app/controllers/registrar/invoices_controller.rb
View file

@ -6,7 +6,8 @@ class Registrar
def index
params[:q] ||= {}
invoices = current_user.registrar.invoices.includes(:invoice_items, :account_activity)
invoices = current_registrar_user.registrar.invoices
.includes(:invoice_items, :account_activity)
normalize_search_parameters do
@q = invoices.search(params[:q])

3
app/controllers/registrar/nameservers_controller.rb
View file

@ -12,7 +12,8 @@ class Registrar
attributes: { hostname: params[:new_hostname],
ipv4: ipv4,
ipv6: ipv6 } } }.to_json
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username,
current_registrar_user.plain_text_password)
if Rails.env.test?
response = Net::HTTP.start(uri.hostname, uri.port,

4
app/controllers/registrar/profile_controller.rb
View file

@ -5,13 +5,13 @@ class Registrar
helper_method :linked_users
def show
@user = current_user
@user = current_registrar_user
end
private
def linked_users
current_user.linked_users
current_registrar_user.linked_users
end
end
end

60
app/controllers/registrar/sessions_controller.rb
View file

@ -3,12 +3,8 @@ class Registrar
before_action :check_ip_restriction
helper_method :depp_controller?
def login
@depp_user = Depp::User.new
end
def create
@depp_user = Depp::User.new(params[:depp_user].merge(pki: !(Rails.env.development? || Rails.env.test?)))
@depp_user = Depp::User.new(depp_user_params)
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'].blank?
@depp_user.errors.add(:base, :webserver_missing_user_name_directive)
@ -26,11 +22,12 @@ class Registrar
@depp_user.errors.add(:base, :webserver_client_cert_directive_should_be_required)
end
@api_user = ApiUser.find_by(username: params[:depp_user][:tag], password: params[:depp_user][:password])
@api_user = ApiUser.find_by(username: sign_in_params[:username],
plain_text_password: sign_in_params[:password])
unless @api_user
@depp_user.errors.add(:base, t(:no_such_user))
render 'login' and return
show_error and return
end
if @depp_user.pki
@ -41,14 +38,13 @@ class Registrar
if @depp_user.errors.none?
if @api_user.active?
sign_in @api_user
redirect_to registrar_root_url
sign_in_and_redirect(:registrar_user, @api_user)
else
@depp_user.errors.add(:base, :not_active)
render 'login'
show_error and return
end
else
render 'login'
show_error and return
end
end
@ -56,11 +52,10 @@ class Registrar
@user = ApiUser.find_by_idc_data_and_allowed(request.env['SSL_CLIENT_S_DN'], request.ip)
if @user
sign_in(@user, event: :authentication)
redirect_to registrar_root_url
sign_in_and_redirect(:registrar_user, @user, event: :authentication)
else
flash[:alert] = t('no_such_user')
redirect_to registrar_login_url
redirect_to new_registrar_user_session_url
end
end
@ -117,7 +112,7 @@ class Registrar
render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok
when 'USER_AUTHENTICATED'
@user = find_user_by_idc_and_allowed(session[:user_id_code])
sign_in @user
sign_in(:registrar_user, @user)
flash[:notice] = t(:welcome)
flash.keep(:notice)
render js: "window.location = '#{registrar_root_url}'"
@ -163,8 +158,6 @@ class Registrar
end
end
def check_ip_restriction
ip_restriction = Authorization::RestrictedIP.new(request.ip)
allowed = ip_restriction.can_access_registrar_area_sign_in_page?
@ -173,5 +166,36 @@ class Registrar
render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
end
def current_ability
@current_ability ||= Ability.new(current_registrar_user, request.remote_ip)
end
def after_sign_in_path_for(_resource_or_scope)
if can?(:show, :poll)
registrar_root_path
else
registrar_profile_path
end
end
def after_sign_out_path_for(_resource_or_scope)
new_registrar_user_session_path
end
def user_for_paper_trail
current_registrar_user ? current_registrar_user.id_role_username : 'anonymous'
end
def depp_user_params
params = sign_in_params
params[:tag] = params.delete(:username)
params.merge!(pki: !(Rails.env.development? || Rails.env.test?))
params
end
def show_error
redirect_to new_registrar_user_session_url, alert: @depp_user.errors.full_messages.first
end
end
end
end

3
app/controllers/registrar/tech_contacts_controller.rb
View file

@ -8,7 +8,8 @@ class Registrar
request = Net::HTTP::Patch.new(uri)
request.set_form_data(current_contact_id: params[:current_contact_id],
new_contact_id: params[:new_contact_id])
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username,
current_registrar_user.plain_text_password)
if Rails.env.test?
response = Net::HTTP.start(uri.hostname, uri.port,

6
app/helpers/application_helper.rb
View file

@ -89,4 +89,8 @@ module ApplicationHelper
types.delete('ddoc')
".#{types.join(',.')}"
end
end
def body_css_class
[controller_path.split('/').map!(&:dasherize), action_name.dasherize, 'page'].join('-')
end
end

3
app/models/ability.rb
View file

@ -31,8 +31,6 @@ class Ability
end
def epp # Registrar/api_user dynamic role
can :view, :registrar_dashboard
if @user.registrar.api_ip_white?(@ip)
can :manage, :poll
can :manage, Depp::Contact
@ -71,7 +69,6 @@ class Ability
end
def billing # Registrar/api_user dynamic role
can :view, :registrar_dashboard
can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id }
can :manage, :deposit
can :read, AccountActivity

3
app/models/admin_user.rb
View file

@ -9,7 +9,8 @@ class AdminUser < User
ROLES = %w(user customer_service admin) # should not match to api_users roles
devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable
devise :database_authenticatable, :trackable, :validatable, :timeoutable,
authentication_keys: [:username]
def self.min_password_length
Devise.password_length.min

8
app/models/api_user.rb
View file

@ -2,11 +2,12 @@ require 'open3'
class ApiUser < User
include EppErrors
devise :database_authenticatable, :trackable, :timeoutable, authentication_keys: [:username]
def epp_code_map
{
'2306' => [ # Parameter policy error
[:password, :blank]
%i[plain_text_password blank]
]
}
end
@ -19,8 +20,8 @@ class ApiUser < User
belongs_to :registrar
has_many :certificates
validates :username, :password, :registrar, :roles, presence: true
validates :password, length: { minimum: min_password_length }
validates :username, :plain_text_password, :registrar, :roles, presence: true
validates :plain_text_password, length: { minimum: min_password_length }
validates :username, uniqueness: true
delegate :code, :name, to: :registrar, prefix: true
@ -30,6 +31,7 @@ class ApiUser < User
SUPER = 'super'
EPP = 'epp'
BILLING = 'billing'
ROLES = %w(super epp billing) # should not match to admin roles

2
app/models/registrant_user.rb
View file

@ -2,6 +2,8 @@ class RegistrantUser < User
ACCEPTED_ISSUER = 'AS Sertifitseerimiskeskus'
attr_accessor :idc_data
devise :database_authenticatable, :trackable, :timeoutable
def ability
@ability ||= Ability.new(self)
end

1
app/models/user.rb
View file

@ -1,6 +1,5 @@
class User < ActiveRecord::Base
include Versions # version/user_version.rb
devise :trackable, :timeoutable
attr_accessor :phone

4
app/views/admin/api_users/_form.haml
View file

@ -11,9 +11,9 @@
= f.text_field :username, required: true, autofocus: true, class: 'form-control'
.form-group
.col-md-4.control-label
= f.label :password, nil, class: 'required'
= f.label :plain_text_password, nil, class: 'required'
.col-md-7
= f.text_field :password, required: true, class: 'form-control'
= f.text_field :plain_text_password, required: true, class: 'form-control'
.form-group
.col-md-4.control-label

2
app/views/admin/api_users/show.haml
View file

@ -21,7 +21,7 @@
%dd= @api_user.username
%dt= t(:password)
%dd= @api_user.password
%dd= @api_user.plain_text_password
%dt= t(:registrar_name)
%dd= link_to(@api_user.registrar, admin_registrar_path(@api_user.registrar))

6
app/views/admin/base/_menu.haml
View file

@ -39,6 +39,6 @@
%li= link_to t('.repp_log'), admin_repp_logs_path(created_after: 'today')
%li= link_to t('.que'), '/admin/que'
- if signed_in?
%ul.nav.navbar-nav.navbar-right
%li= link_to t(:log_out, user: current_user), '/admin/logout'
%ul.nav.navbar-nav.navbar-right
%li= link_to t('.sign_out'), destroy_admin_user_session_path, method: :delete,
class: 'navbar-link'

0
app/views/admin/dashboards/show.haml → app/views/admin/dashboard/show.html.erb
View file

29
app/views/admin/sessions/_links.html.erb Normal file
View file

@ -0,0 +1,29 @@
<%- if controller_name != 'sessions' %>
<%= link_to "Log in", new_session_path(resource_name) %><br/>
<% end -%>
<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
<%= link_to "Sign up", new_registration_path(resource_name) %><br/>
<% end -%>
<%- if devise_mapping.recoverable? && controller_name != 'passwords' &&
controller_name != 'registrations' %>
<%= link_to "Forgot your password?", new_password_path(resource_name) %><br/>
<% end -%>
<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
<br/>
<% end -%>
<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) &&
controller_name != 'unlocks' %>
<%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br/>
<% end -%>
<%- if devise_mapping.omniauthable? %>
<%- resource_class.omniauth_providers.each do |provider| %>
<%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}",
omniauth_authorize_path(resource_name, provider) %><br/>
<% end -%>
<% end -%>

15
app/views/admin/sessions/login.haml
View file

@ -1,15 +0,0 @@
.row
.form-signin.col-md-6.center-block.text-center
%h2.form-signin-heading.text-center Eesti Interneti SA
%hr
.form-signin
= form_for(@admin_user, url: admin_sessions_path, method: :create, html: {class: 'form-signin'}) do |f|
= render 'admin/shared/errors', object: f.object
- error_class = f.object.errors.any? ? 'has-error' : ''
%div{class: error_class}
= f.text_field :username, class: 'form-control', placeholder: t(:username), required: true
= f.password_field :password, class: 'form-control',
autocomplete: 'off', placeholder: t(:password), required: true
%button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t(:log_in)

29
app/views/admin/sessions/new.html.erb Normal file
View file

@ -0,0 +1,29 @@
<div class="row">
<%= form_for resource, as: resource_name, url: session_path(resource_name),
html: { class: 'col-md-6 form-signin center-block text-center' } do |f| %>
<h1 class="form-signin-heading text-center"><%= t '.header_html' %></h1>
<hr>
<%= f.label :username, class: 'sr-only' %>
<%= f.text_field :username, placeholder: AdminUser.human_attribute_name(:username),
required: true,
autofocus: true,
class: 'form-control' %>
<%= f.label :password, class: 'sr-only' %>
<%= f.password_field :password, placeholder: AdminUser.human_attribute_name(:password),
required: true,
class: 'form-control' %>
<% if devise_mapping.rememberable? -%>
<div class="checkbox">
<label><%= f.check_box :remember_me %> <%= t '.remember_checkbox' %> %></label>
</div>
<% end -%>
<%= f.submit t('.sign_in_btn'), class: 'btn btn-lg btn-primary btn-block' %>
<% end %>
</div>
<%= render 'links' %>

5
app/views/admin/shared/_errors.haml
View file

@ -1,5 +0,0 @@
- if object.errors.any?
%p.text-danger
- object.errors.each do |attr, err|
= err
%br

4
app/views/layouts/admin/base.haml
View file

@ -10,7 +10,7 @@
= csrf_meta_tags
= stylesheet_link_tag 'admin-manifest', media: 'all'
= favicon_link_tag 'favicon.ico'
%body{:style => env_style}
%body{:style => env_style, class: body_css_class}
.navbar.navbar-inverse.navbar-static-top{role: "navigation"}
.container
.navbar-header
@ -19,7 +19,7 @@
%span.icon-bar
%span.icon-bar
%span.icon-bar
= link_to admin_dashboard_path, class: 'navbar-brand' do
= link_to admin_root_path, class: 'navbar-brand' do
= ENV['app_name']
- if unstable_env.present?
.text-center

4
app/views/layouts/devise.haml
View file

@ -9,7 +9,7 @@
= csrf_meta_tags
= stylesheet_link_tag 'admin-manifest', media: 'all'
= favicon_link_tag 'favicon.ico'
%body{:style => env_style}
%body{:style => env_style, class: body_css_class}
.navbar.navbar-inverse.navbar-static-top{role: "navigation"}
.container
.navbar-header
@ -18,7 +18,7 @@
%span.icon-bar
%span.icon-bar
%span.icon-bar
= link_to admin_dashboard_path, class: 'navbar-brand' do
= link_to new_admin_user_session_path, class: 'navbar-brand' do
= ENV['app_name']
- if unstable_env.present?
.text-center

8
app/views/layouts/registrant/application.html.erb
View file

@ -14,7 +14,7 @@
<%= stylesheet_link_tag 'registrant-manifest', media: 'all' %>
<%= favicon_link_tag 'favicon.ico' %>
</head>
<body>
<body class="<%= body_css_class %>">
<!-- Fixed navbar
-->
<nav class="navbar navbar-default navbar-fixed-top">
@ -37,7 +37,7 @@
<% end %>
<% end %>
</div>
<% if current_user %>
<% if current_registrant_user %>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav public-nav">
<% if can? :view, Depp::Domain %>
@ -54,9 +54,9 @@
<% end %>
</ul>
<ul class="nav navbar-nav navbar-right">
<% if user_signed_in? %>
<% if registrant_user_signed_in? %>
<li>
<%= link_to t(:log_out, user: current_user), '/registrant/logout' %>
<%= link_to t(:log_out, user: current_registrant_user), destroy_registrant_user_session_path, method: :delete %>
</li>
<% end %>
</ul>

5
app/views/layouts/registrar/base.html.erb
View file

@ -14,7 +14,7 @@
<%= stylesheet_link_tag 'registrar-manifest', media: 'all' %>
<%= favicon_link_tag 'favicon.ico' %>
</head>
<body>
<body class="<%= body_css_class %>">
<nav class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
@ -24,7 +24,8 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<%= link_to registrar_root_path, class: 'navbar-brand' do %>
<%= link_to can?(:show, :poll) ? registrar_root_path : registrar_profile_path,
class: 'navbar-brand' do %>
<%= t(:registrar_head_title) %>
<% if unstable_env.present? %>
<div class="text-center">

5
app/views/layouts/registrar/sessions.html.erb
View file

@ -13,12 +13,11 @@
<%= stylesheet_link_tag 'registrar-manifest', media: 'all' %>
<%= javascript_include_tag 'registrar-manifest' %>
</head>
<body>
<body class="<%= body_css_class %>">
<nav class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<%= link_to registrar_root_path, class: 'navbar-brand',
id: 'registrar-home-btn' do %>
<%= link_to new_registrar_user_session_path, class: 'navbar-brand' do %>
<%= t(:registrar_head_title) %>
<% if unstable_env.present? %>
<div class="text-center">

11
app/views/registrant/sessions/login.haml
View file

@ -1,11 +0,0 @@
.row
.form-signin.col-md-6.center-block.text-center
%h2.form-signin-heading.text-center= t(:log_in)
%hr
.row
=t "only_estonian_residets_can_signin"
%br
= link_to '/registrant/login/mid' do
= image_tag 'mid.gif'
= link_to '/registrant/id', method: :post do
= image_tag 'id_card.gif'

4
app/views/registrant/sessions/login_mid.haml
View file

@ -1,12 +1,12 @@
.row
.form-signin.col-md-4.center-block.text-center
%h2.form-signin-heading.text-center= t(:log_in_with_mid)
%h2.form-signin-heading.text-center= t '.header'
%hr
= form_for @user, url: registrant_mid_path, auto_html5_validation: false,
html: {class: 'form-signin'} do |f|
= f.text_field :phone, class: 'form-control',
placeholder: t(:phone_no), autocomplete: 'off', required: true
%button.btn.btn-lg.btn-primary.btn-block.js-login{:type => 'submit'}= t(:log_in)
%button.btn.btn-lg.btn-primary.btn-block.js-login{:type => 'submit'}= t '.submit_btn'
- if ['development', 'alpha'].include?(Rails.env)
%div.text-center

18
app/views/registrant/sessions/new.html.erb Normal file
View file

@ -0,0 +1,18 @@
<div class="row">
<div class="form-signin col-md-6 center-block text-center">
<h2 class="form-signin-heading text-center">
<%= t '.header' %>
</h2>
<hr/>
<div class="row">
<%= t '.hint' %>
</div>
<br/>
<%= link_to '/registrant/login/mid' do %>
<%= image_tag 'mid.gif' %>
<% end %>
<%= link_to '/registrant/id', method: :post do %>
<%= image_tag 'id_card.gif' %>
<% end %>
</div>
</div>

4
app/views/registrar/base/_current_user.html.erb
View file

@ -1,5 +1,5 @@
<% current_user_presenter = UserPresenter.new(user: current_user, view: self) %>
<% current_user_presenter = UserPresenter.new(user: current_registrar_user, view: self) %>
<%= link_to current_user_presenter.login_with_role, registrar_profile_path, id: 'registrar-profile-btn',
class: 'navbar-link' %>
<span class="text-muted">|</span>
<%= link_to t('.sign_out'), registrar_destroy_user_session_path, method: :delete, class: 'navbar-link' %>
<%= link_to t('.sign_out'), destroy_registrar_user_session_path, method: :delete, class: 'navbar-link' %>

3
app/views/registrar/dashboard/show.haml
View file

@ -1,3 +0,0 @@
.panel.panel-default
.panel-body
= t('welcome_to_eis_registrar_portal')

4
app/views/registrar/invoices/index.haml
View file

@ -4,8 +4,8 @@
= render 'shared/title', name: t(:your_account)
= t(:your_current_account_balance_is,
balance: currency(current_user.registrar.cash_account.balance),
currency: current_user.registrar.cash_account.currency)
balance: currency(current_registrar_user.registrar.cash_account.balance),
currency: current_registrar_user.registrar.cash_account.currency)
%h1= t(:invoices)
.row

22
app/views/registrar/sessions/login.haml
View file

@ -1,22 +0,0 @@
.row
.form-signin.col-md-6.center-block.text-center
%h2.form-signin-heading.text-center= t(:log_in)
%hr
= form_for @depp_user, url: registrar_sessions_path, html: {class: 'form-signin'} do |f|
= render 'registrar/shared/errors', object: f.object
- error_class = f.object.errors.any? ? 'has-error' : ''
%div{class: error_class}
= f.text_field :tag, class: 'form-control', placeholder: t(:username), required: true
= f.password_field :password, class: 'form-control',
autocomplete: 'off', placeholder: t(:password), required: true
%button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t('.login_btn')
%hr
= link_to '/registrar/login/mid', id: 'login-with-mobile-id-btn' do
= image_tag 'mid.gif'
= link_to '/registrar/id', method: :post do
= image_tag 'id_card.gif'

4
app/views/registrar/sessions/login_mid.haml
View file

@ -1,12 +1,12 @@
.row
.form-signin.col-md-4.center-block.text-center
%h2.form-signin-heading.text-center= t(:log_in_with_mid)
%h2.form-signin-heading.text-center= t '.header'
%hr
= form_for @user, url: registrar_mid_path, auto_html5_validation: false,
html: {class: 'form-signin'} do |f|
= f.text_field :phone, class: 'form-control',
placeholder: t(:phone_no), autocomplete: 'off', required: true
%button.btn.btn-lg.btn-primary.btn-block.js-login{:type => 'submit'}= t('.login_btn')
%button.btn.btn-lg.btn-primary.btn-block.js-login{:type => 'submit'}= t '.submit_btn'
- if ['development', 'alpha'].include?(Rails.env)
%div.text-center

30
app/views/registrar/sessions/new.html.erb Normal file
View file

@ -0,0 +1,30 @@
<div class="row">
<div class="form-signin col-md-6 center-block text-center">
<h1 class="form-signin-heading text-center"><%= t '.header_html' %></h1>
<hr>
<%= form_for resource, as: resource_name, url: session_path(resource_name) do |f| %>
<%= f.text_field :username, placeholder: ApiUser.human_attribute_name(:username),
autofocus: true,
required: true,
class: 'form-control' %>
<%= f.password_field :password,
placeholder: ApiUser.human_attribute_name(:password),
required: true,
class: 'form-control' %>
<%= f.submit t('.submit_btn'), class: 'btn btn-lg btn-primary btn-block' %>
<% end %>
<hr>
<%= link_to '/registrar/login/mid', id: 'login-with-mobile-id-btn' do %>
<%= image_tag 'mid.gif' %>
<% end %>
<%= link_to '/registrar/id', method: :post do %>
<%= image_tag 'id_card.gif' %>
<% end %>
</div>
</div>

5
app/views/registrar/shared/_errors.haml
View file

@ -1,5 +0,0 @@
- if object.errors.any?
%p.text-danger
- object.errors.each do |attr, err|
= err
%br

82
config/initializers/devise.rb
View file

@ -1,26 +1,31 @@
require 'devise_custom_failure'
# frozen_string_literal: true
# Use this hook to configure devise mailer, warden hooks and so forth.
# Many of these configuration options can be set straight in your model.
Devise.setup do |config|
config.warden do |manager|
manager.failure_app = DeviseCustomFailure
end
# The secret key used by Devise. Devise uses this key to generate
# random tokens. Changing this key will render invalid all existing
# confirmation, reset password and unlock tokens in the database.
# Devise will use the `secret_key_base` as its `secret_key`
# by default. You can change it below and use your own secret key.
config.secret_key = ENV['devise_secret']
# ==> Controller configuration
# Configure the parent class to the devise controllers.
# config.parent_controller = 'DeviseController'
# ==> Mailer Configuration
# Configure the e-mail address which will be shown in Devise::Mailer,
# note that it will be overwritten if you use your own mailer class
# with default "from" parameter.
config.mailer_sender = 'noreply@example.com'
config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'
# Configure the class responsible to send e-mails.
# config.mailer = 'Devise::Mailer'
# Configure the parent class responsible to send e-mails.
# config.parent_mailer = 'ActionMailer::Base'
# ==> ORM configuration
# Load and configure the ORM. Supports :active_record (default) and
# :mongoid (bson_ext recommended) by default. Other ORMs may be
@ -35,7 +40,7 @@ Devise.setup do |config|
# session. If you need permissions, you should implement that in a before filter.
# You can also supply a hash where the value is a boolean determining whether
# or not authentication should be aborted when the value is not present.
# config.authentication_keys = [ :email ]
# config.authentication_keys = [:email]
# Configure parameters from the request object used for authentication. Each entry
# given should be a request method and it will automatically be passed to the
@ -67,7 +72,7 @@ Devise.setup do |config|
# :database = Support basic authentication with authentication key + password
# config.http_authenticatable = false
# If http headers should be returned for AJAX requests. True by default.
# If 401 status code should be returned for AJAX requests. True by default.
# config.http_authenticatable_on_xhr = true
# The realm used in Http Basic Authentication. 'Application' by default.
@ -91,20 +96,31 @@ Devise.setup do |config|
# from the server. You can disable this option at your own risk.
# config.clean_up_csrf_token_on_authentication = true
# When false, Devise will not attempt to reload routes on eager load.
# This can reduce the time taken to boot the app but if your application
# requires the Devise mappings to be loaded during boot time the application
# won't boot properly.
# config.reload_routes = true
# ==> Configuration for :database_authenticatable
# For bcrypt, this is the cost for hashing the password and defaults to 10. If
# using other encryptors, it sets how many times you want the password re-encrypted.
# For bcrypt, this is the cost for hashing the password and defaults to 11. If
# using other algorithms, it sets how many times you want the password to be hashed.
#
# Limiting the stretches to just one in testing will increase the performance of
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
# a value less than 10 in other environments. Note that, for bcrypt (the default
# encryptor), the cost increases exponentially with the number of stretches (e.g.
# algorithm), the cost increases exponentially with the number of stretches (e.g.
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
config.stretches = Rails.env.test? ? 1 : 10
config.stretches = Rails.env.test? ? 1 : 11
# Setup a pepper to generate the encrypted password.
# config.pepper = '4d1b39f778c3ea5b415476ce410f337a27895181a8ccd586c60e50e0f7284' \
# '3d5d6ded80558ed7a4637de6b3a1504379270af6eee995fd9a329e4f4c5daa33882'
# Set up a pepper to generate the hashed password.
# config.pepper = '1fc02c7f3a9d5d0dc6c3e49828eb45d29e5fdb3136f78ee0063a2cdf774b7ed53ea40176d5823703554b7f015dd23c0e491fb488bb705a0768db32d02b1d088d'
# Send a notification to the original email when the user's email is changed.
# config.send_email_changed_notification = false
# Send a notification email when the user's password is changed.
# config.send_password_change_notification = false
# ==> Configuration for :confirmable
# A period that the user is allowed to access the website even without
@ -129,11 +145,11 @@ Devise.setup do |config|
config.reconfirmable = true
# Defines which key will be used when confirming an account
# config.confirmation_keys = [ :email ]
# config.confirmation_keys = [:email]
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
config.remember_for = 2.weeks
# config.remember_for = 2.weeks
# Invalidates all the remember me tokens when the user signs out.
config.expire_all_remember_me_on_sign_out = true
@ -152,15 +168,12 @@ Devise.setup do |config|
# Email regex used to validate email formats. It simply asserts that
# one (and only one) @ exists in the given string. This is mainly
# to give user feedback and not to assert the e-mail validity.
# config.email_regexp = /\A[^@]+@[^@]+\z/
config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
# ==> Configuration for :timeoutable
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again. Default is 30 minutes.
config.timeout_in = ENV['user_session_timeout'].to_i.seconds if ENV['user_session_timeout']
# If true, expires auth token on session timeout.
# config.expire_auth_token_on_timeout = false
# config.timeout_in = 30.minutes
# ==> Configuration for :lockable
# Defines which strategy will be used to lock an account.
@ -169,7 +182,7 @@ Devise.setup do |config|
# config.lock_strategy = :failed_attempts
# Defines which key will be used when locking and unlocking an account
# config.unlock_keys = [ :email ]
# config.unlock_keys = [:email]
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
@ -186,24 +199,28 @@ Devise.setup do |config|
# config.unlock_in = 1.hour
# Warn on the last attempt before the account is locked.
# config.last_attempt_warning = false
# config.last_attempt_warning = true
# ==> Configuration for :recoverable
#
# Defines which key will be used when recovering the password for an account
# config.reset_password_keys = [ :email ]
# config.reset_password_keys = [:email]
# Time interval you can reset your password with a reset password key.
# Don't put a too small interval or your users won't have the time to
# change their passwords.
config.reset_password_within = 6.hours
# When set to false, does not sign a user in automatically after their password is
# reset. Defaults to true, so a user is signed in automatically after a reset.
# config.sign_in_after_reset_password = true
# ==> Configuration for :encryptable
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
# :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
# :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
# and :restful_authentication_sha1 (then you should set stretches to 10, and copy
# REST_AUTH_SITE_KEY to pepper).
# Allow you to use another hashing or encryption algorithm besides bcrypt (default).
# You can use :sha1, :sha512 or algorithms from others authentication tools as
# :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
# for default behavior) and :restful_authentication_sha1 (then you should set
# stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
#
# Require the `devise-encryptable` gem when using anything other than bcrypt
# config.encryptor = :sha512
@ -220,7 +237,7 @@ Devise.setup do |config|
# Set this configuration to false if you want /users/sign_out to sign out
# only the current scope. By default, Devise signs out all scopes.
# config.sign_out_all_scopes = true
config.sign_out_all_scopes = false
# ==> Navigation configuration
# Lists the formats that should be treated as navigational. Formats like
@ -260,8 +277,7 @@ Devise.setup do |config|
# The router that invoked `devise_for`, in the example above, would be:
# config.router_name = :my_engine
#
# When using omniauth, Devise cannot automatically set Omniauth path,
# When using OmniAuth, Devise cannot automatically set OmniAuth path,
# so you need to do it manually. For the users scope, it would be:
# config.omniauth_path_prefix = '/my_engine/users/auth'
end

5
config/locales/admin/base.en.yml Normal file
View file

@ -0,0 +1,5 @@
en:
admin:
base:
menu:
sign_out: Sign out

7
config/locales/admin/sessions.en.yml Normal file
View file

@ -0,0 +1,7 @@
en:
admin:
sessions:
new:
header_html: Eesti Interneti SA<br>Admin portal
sign_in_btn: Sign in
remember_checkbox: Remember me

16
config/locales/api_users.en.yml Normal file
View file

@ -0,0 +1,16 @@
en:
activerecord:
attributes:
api_user:
plain_text_password: Password
errors:
models:
api_user:
attributes:
username:
blank: 'Username is missing'
taken: 'Username already exists'
plain_text_password:
blank: 'Password is missing'
registrar:
blank: 'Registrar is missing'

10
config/locales/devise.en.yml
View file

@ -9,12 +9,12 @@ en:
failure:
already_authenticated: "You are already signed in."
inactive: "Your account is not activated yet."
invalid: "Invalid email or password."
invalid: "Invalid %{authentication_keys} or password."
locked: "Your account is locked."
last_attempt: "You have one more attempt before your account is locked."
not_found_in_database: "Invalid email address or password."
not_found_in_database: "Invalid %{authentication_keys} or password."
timeout: "Your session expired. Please sign in again to continue."
unauthenticated: "You need to sign in."
unauthenticated: "You need to sign in before continuing."
unconfirmed: "You have to confirm your email address before continuing."
mailer:
confirmation_instructions:
@ -23,6 +23,10 @@ en:
subject: "Reset password instructions"
unlock_instructions:
subject: "Unlock instructions"
email_changed:
subject: "Email Changed"
password_change:
subject: "Password Changed"
omniauth_callbacks:
failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
success: "Successfully authenticated from %{kind} account."

14
config/locales/en.yml
View file

@ -135,16 +135,6 @@ en:
registrar:
blank: 'Registrar is missing'
api_user:
attributes:
username:
blank: 'Username is missing'
taken: 'Username already exists'
password:
blank: 'Password is missing'
registrar:
blank: 'Registrar is missing'
dnskey:
attributes:
alg:
@ -400,7 +390,6 @@ en:
invoices: 'Invoices'
no_such_user: 'No such user'
phone_no: 'Phone number'
log_in_with_mid: 'Log in with mobile-id'
confirmation_sms_was_sent_to_your_phone_verification_code_is: 'Confirmation sms was sent to your phone. Verification code is %{code}.'
user_signature_is_invalid: 'User signature is invalid'
session_timeout: 'Session timeout'
@ -432,7 +421,6 @@ en:
blank: "Password can't be blank"
username: 'Username'
log_in: 'Log in'
domains: 'Domains'
register: 'Register'
contacts: 'Contacts'
@ -729,7 +717,6 @@ en:
mail_templates: Mail Templates
failure: "It was not saved"
contact_is_not_valid: 'Contact %{value} is not valid, please fix the invalid contact'
welcome_to_eis_registrar_portal: 'Welcome to EIS Registrar portal'
next: 'Next'
previous: 'Previous'
personal_domain_verification_url: 'Personal domain verification url'
@ -741,7 +728,6 @@ en:
test_registrar: "Test registrar"
verified_confirm: 'Verified status is for cases when current registrant is the one applying for the update. Legal document signed by the registrant is required. Are you sure this update is properly verified with the registrant?'
verified: 'Verified'
only_estonian_residets_can_signin: "Access currently available only to Estonian citizens and e-residents with Estonian ID-card or Mobile-ID."
deleted: 'Deleted'
cant_match_version: 'Impossible match version with request'
user_not_authenticated: "user not authenticated"

1
config/locales/et.yml
View file

@ -1,7 +1,6 @@
et:
username: 'Kasutajanimi'
password: 'Parool'
log_in: 'Logi sisse'
date:
# Don't forget the nil at the beginning; there's no such thing as a 0th month

12
config/locales/registrant/sessions.en.yml Normal file
View file

@ -0,0 +1,12 @@
en:
registrant:
sessions:
new:
header: Log in
hint: >-
Access currently available only to Estonian citizens and e-residents with Estonian ID-card
or Mobile-ID.
login_mid:
header: Log in with mobile-id
submit_btn: Login

8
config/locales/registrar/sessions.en.yml
View file

@ -1,7 +1,9 @@
en:
registrar:
sessions:
login:
login_btn: Login
new:
header_html: Eesti Interneti SA<br>Registrar Portal
submit_btn: Login
login_mid:
login_btn: Login
header: Log in with mobile-id
submit_btn: Login

86
config/routes.rb
View file

@ -31,8 +31,17 @@ Rails.application.routes.draw do
# REGISTRAR ROUTES
namespace :registrar do
resource :dashboard
root 'dashboard#show'
root 'polls#show'
devise_for :users, path: '', class_name: 'ApiUser', skip: %i[sessions]
devise_scope :registrar_user do
get 'login/mid' => 'sessions#login_mid'
post 'login/mid' => 'sessions#mid'
post 'login/mid_status' => 'sessions#mid_status'
post 'id' => 'sessions#id'
post 'mid' => 'sessions#mid'
end
resources :invoices do
member do
@ -45,18 +54,6 @@ Rails.application.routes.draw do
resources :deposits
resources :account_activities
devise_scope :user do
get 'login' => 'sessions#login'
get 'login/mid' => 'sessions#login_mid'
post 'login/mid' => 'sessions#mid'
post 'login/mid_status' => 'sessions#mid_status'
post 'sessions' => 'sessions#create'
post 'id' => 'sessions#id'
post 'mid' => 'sessions#mid'
delete 'logout', to: '/devise/sessions#destroy', as: :destroy_user_session
end
put 'current_user/switch/:new_user_id', to: 'current_user#switch', as: :switch_current_user
resource :profile, controller: :profile, only: :show
@ -87,7 +84,7 @@ Rails.application.routes.draw do
end
end
resource :poll do
resource :poll, only: %i[show destroy] do
collection do
post 'confirm_keyrelay'
post 'confirm_transfer'
@ -109,9 +106,33 @@ Rails.application.routes.draw do
get 'pay/go/:bank' => 'payments#pay', as: 'payment_with'
end
scope :registrar do
devise_scope :registrar_user do
get 'sign_in', to: 'registrar/sessions#new', as: :new_registrar_user_session
# /registrar/sessions path is hardcoded in Apache config for certificate-based authentication
# See https://github.com/internetee/registry/blob/master/README.md#installation
# Client certificate is asked only on login form submission, therefore the path must be
# different from the one in `new_registrar_user_session` route
post 'sessions', to: 'registrar/sessions#create', as: :registrar_user_session
delete 'sign_out', to: 'registrar/sessions#destroy', as: :destroy_registrar_user_session
end
end
namespace :registrant do
root 'domains#index'
# POST /registrant/sign_in is not used
devise_for :users, path: '', class_name: 'RegistrantUser'
devise_scope :registrant_user do
get 'login/mid' => 'sessions#login_mid'
post 'login/mid' => 'sessions#mid'
post 'login/mid_status' => 'sessions#mid_status'
post 'mid' => 'sessions#mid'
post 'id' => 'sessions#id'
end
resources :registrars, only: :show
resources :contacts, only: :show
resources :domains, only: %i[index show] do
@ -126,22 +147,13 @@ Rails.application.routes.draw do
resources :domain_update_confirms, only: %i[show update]
resources :domain_delete_confirms, only: %i[show update]
devise_scope :user do
get 'login' => 'sessions#login'
get 'login/mid' => 'sessions#login_mid'
post 'login/mid' => 'sessions#mid'
post 'login/mid_status' => 'sessions#mid_status'
post 'sessions' => 'sessions#create'
post 'mid' => 'sessions#mid'
post 'id' => 'sessions#id'
get 'logout' => '/devise/sessions#destroy'
end
end
# ADMIN ROUTES
namespace :admin do
root 'dashboard#show'
devise_for :users, path: '', class_name: 'AdminUser'
resources :keyrelays
resources :zonefiles
resources :zones, controller: 'dns/zones', except: %i[show destroy]
@ -243,26 +255,14 @@ Rails.application.routes.draw do
end
resources :delayed_jobs
resource :dashboard
resources :epp_logs
resources :repp_logs
devise_scope :user do
get 'login' => 'sessions#login'
post 'sessions' => 'sessions#create'
get 'logout' => '/devise/sessions#destroy'
end
authenticate :user do
authenticate :admin_user do
mount Que::Web, at: 'que'
end
root 'dashboards#show'
end
devise_for :users
root to: redirect('admin/login')
end
# To prevent users seeing the default welcome message "Welcome aboard" from Rails
root to: redirect('admin/sign_in')
end

5
db/migrate/20180713154915_rename_users_password_to_plain_text_password.rb Normal file
View file

@ -0,0 +1,5 @@
class RenameUsersPasswordToPlainTextPassword < ActiveRecord::Migration
def change
rename_column :users, :password, :plain_text_password
end
end

4
db/structure.sql
View file

@ -2282,7 +2282,7 @@ ALTER SEQUENCE public.settings_id_seq OWNED BY public.settings.id;
CREATE TABLE public.users (
id integer NOT NULL,
username character varying,
password character varying,
plain_text_password character varying,
created_at timestamp without time zone,
updated_at timestamp without time zone,
email character varying,
@ -4759,3 +4759,5 @@ INSERT INTO schema_migrations (version) VALUES ('20180613030330');
INSERT INTO schema_migrations (version) VALUES ('20180613045614');
INSERT INTO schema_migrations (version) VALUES ('20180713154915');

8
doc/controllers_complete.svg
View file

@ -433,14 +433,6 @@
<path fill="none" stroke="black" d="M-467.5,-480.5C-467.5,-480.5 -344.5,-480.5 -344.5,-480.5 -338.5,-480.5 -332.5,-486.5 -332.5,-492.5 -332.5,-492.5 -332.5,-681.5 -332.5,-681.5 -332.5,-687.5 -338.5,-693.5 -344.5,-693.5 -344.5,-693.5 -467.5,-693.5 -467.5,-693.5 -473.5,-693.5 -479.5,-687.5 -479.5,-681.5 -479.5,-681.5 -479.5,-492.5 -479.5,-492.5 -479.5,-486.5 -473.5,-480.5 -467.5,-480.5"/>
<text text-anchor="middle" x="-406" y="-678.3" font-family="Times,serif" font-size="14.00">ApplicationController</text>
<polyline fill="none" stroke="black" points="-479.5,-670.5 -332.5,-670.5 "/>
<text text-anchor="start" x="-471.5" y="-655.3" font-family="Times,serif" font-size="14.00">admin_request?</text>
<text text-anchor="start" x="-471.5" y="-640.3" font-family="Times,serif" font-size="14.00">after_sign_in_path_for</text>
<text text-anchor="start" x="-471.5" y="-625.3" font-family="Times,serif" font-size="14.00">after_sign_out_path_for</text>
<text text-anchor="start" x="-471.5" y="-610.3" font-family="Times,serif" font-size="14.00">api_user_log_str</text>
<text text-anchor="start" x="-471.5" y="-595.3" font-family="Times,serif" font-size="14.00">current_root_url</text>
<text text-anchor="start" x="-471.5" y="-565.3" font-family="Times,serif" font-size="14.00">registrant_request?</text>
<text text-anchor="start" x="-471.5" y="-550.3" font-family="Times,serif" font-size="14.00">registrar_request?</text>
<text text-anchor="start" x="-471.5" y="-535.3" font-family="Times,serif" font-size="14.00">user_for_paper_trail</text>
<polyline fill="none" stroke="black" points="-479.5,-527.5 -332.5,-527.5 "/>
<polyline fill="none" stroke="black" points="-479.5,-503.5 -332.5,-503.5 "/>
<text text-anchor="start" x="-471.5" y="-488.3" font-family="Times,serif" font-size="14.00">_layout</text>

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 67 KiB

After

Width:  |  Height:  |  Size: 66 KiB

Before After
Before After

4
doc/registrant-api/v1/authentication.md
View file

@ -38,7 +38,7 @@ Content-type: application/json
#### Response
```
HTTP/1.1 201
Content-Type: application.json
Content-Type: application/json
{
@ -70,7 +70,7 @@ Content-type: application/json
#### Response
```
HTTP/1.1 201
Content-Type: application.json
Content-Type: application/json
{

4
doc/registrant-api/v1/contact.md
View file

@ -148,7 +148,7 @@ Content-type: application/json
```
HTTP/1.1 200
Content-Type: application.json
Content-Type: application/json
{
"uuid": "84c62f3d-e56f-40fa-9ca4-dc0137778949",
@ -184,7 +184,7 @@ Content-Type: application.json
### Response on failure
```
HTTP/1.1 400
Content-Type: application.json
Content-Type: application/json
{
"errors": [

18
lib/devise_custom_failure.rb
View file

@ -1,18 +0,0 @@
class DeviseCustomFailure < Devise::FailureApp
def redirect_url
return registrant_login_url if request.original_fullpath.to_s.match(%r{^\/registrant})
return registrar_login_url if request.original_fullpath.to_s.match(%r{^\/registrar})
return '/admin' if request.original_fullpath.to_s.match(%r{^\/admin\/que})
return admin_login_url if request.original_fullpath.to_s.match(%r{^\/admin})
root_url
end
# You need to override respond to eliminate recall
def respond
if http_auth?
http_auth
else
redirect
end
end
end

4
lib/tasks/import.rake
View file

@ -145,7 +145,7 @@ namespace :import do
if y.try(:cert) == 'idkaart'
id_users << ApiUser.new({
username: y.try(:password) ? y.try(:password) : y.try(:password),
password: ('a'..'z').to_a.shuffle.first(8).join,
plain_text_password: ('a'..'z').to_a.shuffle.first(8).join,
identity_code: y.try(:password) ? y.try(:password) : y.try(:password),
registrar_id: Registrar.find_by(legacy_id: x.try(:id)).try(:id),
roles: ['billing'],
@ -154,7 +154,7 @@ namespace :import do
else
temp << ApiUser.new({
username: x.handle.try(:strip),
password: y.try(:password) ? y.try(:password) : ('a'..'z').to_a.shuffle.first(8).join,
plain_text_password: y.try(:password) ? y.try(:password) : ('a'..'z').to_a.shuffle.first(8).join,
registrar_id: Registrar.find_by(legacy_id: x.try(:id)).try(:id),
roles: ['epp'],
legacy_id: y.try(:id)

2
spec/api/repp/contact_v1_spec.rb
View file

@ -45,6 +45,6 @@ RSpec.describe Repp::ContactV1, db: true do
end
def http_auth_key
ActionController::HttpAuthentication::Basic.encode_credentials(user.username, user.password)
ActionController::HttpAuthentication::Basic.encode_credentials(user.username, user.plain_text_password)
end
end

2
spec/factories/api_user.rb
View file

@ -1,7 +1,7 @@
FactoryBot.define do
factory :api_user do
sequence(:username) { |n| "test#{n}" }
password 'a' * ApiUser.min_password_length
plain_text_password 'a' * ApiUser.min_password_length
roles ['super']
registrar

8
spec/features/registrar/home_link_spec.rb
View file

@ -1,8 +0,0 @@
require 'rails_helper'
RSpec.feature 'Registrar area home link', db: true do
scenario 'is visible' do
visit registrar_login_url
expect(page).to have_link('registrar-home-btn', href: registrar_root_path)
end
end

39
spec/features/registrar/sign_in/password_spec.rb
View file

@ -1,39 +0,0 @@
require 'rails_helper'
RSpec.feature 'Registrar area password sign-in' do
scenario 'signs in the user with valid credentials' do
create(:api_user_with_unlimited_balance,
active: true,
login: 'test',
password: 'testtest')
visit registrar_login_path
sign_in_with 'test', 'testtest'
expect(page).to have_text(t('registrar.base.current_user.sign_out'))
end
scenario 'notifies the user with invalid credentials' do
create(:api_user, login: 'test', password: 'testtest')
visit registrar_login_path
sign_in_with 'test', 'invalid'
expect(page).to have_text('No such user')
end
scenario 'notifies the user with inactive account' do
create(:api_user, active: false, login: 'test', password: 'testtest')
visit registrar_login_path
sign_in_with 'test', 'testtest'
expect(page).to have_text('User is not active')
end
def sign_in_with(username, password)
fill_in 'depp_user_tag', with: username
fill_in 'depp_user_password', with: password
click_button 'Login'
end
end

14
spec/features/registrar/sign_out_spec.rb
View file

@ -1,14 +0,0 @@
require 'rails_helper'
RSpec.feature 'Registrar area sign-out', settings: false do
background do
sign_in_to_registrar_area(user: create(:api_user_with_unlimited_balance))
end
scenario 'signs the user out' do
visit registrar_root_path
click_on t('registrar.base.current_user.sign_out')
expect(page).to have_text('Signed out successfully.')
end
end

19
spec/requests/registrar/ip_restriction_spec.rb
View file

@ -2,11 +2,11 @@ require 'rails_helper'
RSpec.describe 'Registrar area IP restriction', settings: false do
before do
@original_registrar_ip_whitelist_enabled = Setting.registrar_ip_whitelist_enabled
@original_registrar_ip_whitelist_enabled_setting = Setting.registrar_ip_whitelist_enabled
end
after do
Setting.registrar_ip_whitelist_enabled = @original_registrar_ip_whitelist_enabled
Setting.registrar_ip_whitelist_enabled = @original_registrar_ip_whitelist_enabled_setting
end
context 'when authenticated' do
@ -22,12 +22,11 @@ RSpec.describe 'Registrar area IP restriction', settings: false do
context 'when ip is allowed' do
let!(:white_ip) { create(:white_ip,
ipv4: '127.0.0.1',
registrar: controller.current_user.registrar,
registrar: controller.current_registrar_user.registrar,
interfaces: [WhiteIp::REGISTRAR]) }
specify do
get registrar_root_url
follow_redirect!
expect(response).to be_success
end
end
@ -35,13 +34,12 @@ RSpec.describe 'Registrar area IP restriction', settings: false do
context 'when ip is not allowed' do
it 'signs the user out' do
get registrar_root_url
follow_redirect!
expect(controller.current_user).to be_nil
expect(controller.current_registrar_user).to be_nil
end
it 'redirects to login url' do
get registrar_root_url
expect(response).to redirect_to(registrar_login_url)
expect(response).to redirect_to(new_registrar_user_session_url)
end
end
end
@ -49,7 +47,6 @@ RSpec.describe 'Registrar area IP restriction', settings: false do
context 'when IP restriction is disabled' do
specify do
get registrar_root_url
follow_redirect!
expect(response).to be_success
end
end
@ -67,14 +64,14 @@ RSpec.describe 'Registrar area IP restriction', settings: false do
interfaces: [WhiteIp::REGISTRAR]) }
specify do
get registrar_login_path
get new_registrar_user_session_path
expect(response).to be_success
end
end
context 'when ip is not allowed' do
specify do
get registrar_login_path
get new_registrar_user_session_path
expect(response.body).to match "Access denied"
end
end
@ -82,7 +79,7 @@ RSpec.describe 'Registrar area IP restriction', settings: false do
context 'when IP restriction is disabled' do
specify do
get registrar_login_path
get new_registrar_user_session_path
expect(response).to be_success
end
end

17
spec/requests/registrar/linked_users_spec.rb
View file

@ -6,7 +6,7 @@ RSpec.describe 'Registrar area linked users', db: false do
let!(:current_user) { create(:api_user, id: 1, identity_code: 'code') }
before do
sign_in_to_registrar_area(user: current_user)
sign_in current_user
end
context 'when ip is allowed' do
@ -23,7 +23,7 @@ RSpec.describe 'Registrar area linked users', db: false do
it 'signs in as a new user' do
put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_url }
follow_redirect!
expect(controller.current_user.id).to eq(2)
expect(controller.current_registrar_user.id).to eq(2)
end
it 'redirects back' do
@ -40,15 +40,6 @@ RSpec.describe 'Registrar area linked users', db: false do
put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_path }
end.to raise_error('Cannot switch to unlinked user')
end
it 'does not sign in as a new user' do
suppress StandardError do
put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_path }
end
follow_redirect!
expect(controller.current_user.id).to eq(1)
end
end
end
@ -62,7 +53,7 @@ RSpec.describe 'Registrar area linked users', db: false do
specify do
put '/registrar/current_user/switch/2'
expect(response).to redirect_to(registrar_login_url)
expect(response).to redirect_to(new_registrar_user_session_url)
end
end
end
@ -70,7 +61,7 @@ RSpec.describe 'Registrar area linked users', db: false do
context 'when user is not authenticated' do
specify do
put '/registrar/current_user/switch/2'
expect(response).to redirect_to(registrar_login_url)
expect(response).to redirect_to(new_registrar_user_session_url)
end
end
end

16
spec/requests/registrar/sign_in/password_spec.rb
View file

@ -1,16 +0,0 @@
require 'rails_helper'
RSpec.describe 'Registrar area password sign-in', settings: false do
let!(:user) { create(:api_user, active: true, login: 'test', password: 'testtest') }
it 'signs the user in' do
post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' }
follow_redirect!
expect(controller.current_user).to eq(user)
end
it 'redirects to root url' do
post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' }
expect(response).to redirect_to(registrar_root_url)
end
end

18
spec/requests/registrar/sign_out_spec.rb
View file

@ -1,18 +0,0 @@
require 'rails_helper'
RSpec.describe 'Registrar area sign-out', settings: false do
before do
sign_in_to_registrar_area
end
it 'signs the user out' do
delete registrar_destroy_user_session_path
follow_redirect!
expect(controller.current_user).to be_nil
end
it 'redirects to login url' do
delete registrar_destroy_user_session_path
expect(response).to redirect_to(registrar_login_url)
end
end

9
spec/routing/registrar/domains_routing_spec.rb
View file

@ -1,9 +0,0 @@
require 'rails_helper'
RSpec.describe Registrar::DomainsController do
describe 'routing' do
it 'routes to #index' do
expect(get: '/registrar/domains').to route_to('registrar/domains#index')
end
end
end

9
spec/routing/registrar/sessions_routing_spec.rb
View file

@ -1,9 +0,0 @@
require 'rails_helper'
RSpec.describe Registrar::SessionsController do
describe 'routing' do
it 'routes to #login' do
expect(get: '/registrar/login').to route_to('registrar/sessions#login')
end
end
end

10
spec/support/features/session_helpers.rb
View file

@ -1,19 +1,19 @@
module Features
module SessionHelpers
def sign_in_to_admin_area(user: create(:admin_user))
visit admin_login_url
visit new_admin_user_session_url
fill_in 'admin_user[username]', with: user.username
fill_in 'admin_user[password]', with: user.password
click_button 'Log in'
click_button 'Sign in'
end
def sign_in_to_registrar_area(user: create(:api_user))
visit registrar_login_url
visit new_registrar_user_session_url
fill_in 'depp_user_tag', with: user.username
fill_in 'depp_user_password', with: user.password
fill_in 'registrar_user_username', with: user.username
fill_in 'registrar_user_password', with: user.plain_text_password
click_button 'Login'
end

6
spec/support/requests/session_helpers.rb
View file

@ -1,11 +1,11 @@
module Requests
module SessionHelpers
def sign_in_to_admin_area(user: create(:admin_user))
post admin_sessions_path, admin_user: { username: user.username, password: user.password }
post admin_user_session_path, admin_user: { username: user.username, password: user.password }
end
def sign_in_to_registrar_area(user: create(:api_user))
post registrar_sessions_path, { depp_user: { tag: user.username, password: user.password } }
post registrar_user_session_path, { registrar_user: { username: user.username, password: user.plain_text_password } }
end
end
end
end

2
test/fixtures/contacts.yml vendored
View file

@ -14,7 +14,7 @@ william: &william
name: William
email: william@inbox.test
phone: '+555.555'
fax: +555.555
fax: '+666.6'
ident: 1234
ident_type: priv
ident_country_code: US

11
test/fixtures/registrars.yml vendored
View file

@ -40,13 +40,4 @@ complete:
accounting_customer_code: US0001
language: en
vat_no: US12345
vat_rate: 0.05
not_in_use:
name: any
reg_no: any
code: any
email: any@example.com
country_code: US
accounting_customer_code: any
language: en
vat_rate: 0.05

5
test/fixtures/users.yml vendored
View file

@ -1,6 +1,6 @@
api_bestnames:
username: test_bestnames
password: testtest
plain_text_password: testtest
type: ApiUser
registrar: bestnames
active: true
@ -9,7 +9,7 @@ api_bestnames:
api_goodnames:
username: test_goodnames
password: testtest
plain_text_password: testtest
type: ApiUser
registrar: goodnames
active: true
@ -18,6 +18,7 @@ api_goodnames:
admin:
username: test
encrypted_password: <%= Devise::Encryptor.digest(AdminUser, 'testtest') %>
type: AdminUser
country_code: US
roles:

33
test/integration/epp/login/password_change_test.rb Normal file
View file

@ -0,0 +1,33 @@
require 'test_helper'
class EppLoginPasswordChangeTest < ActionDispatch::IntegrationTest
def test_password_change
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<login>
<clID>test_bestnames</clID>
<pw>testtest</pw>
<newPW>new-password</newPW>
<options>
<version>1.0</version>
<lang>en</lang>
</options>
<svcs>
<objURI>https://epp.tld.ee/schema/domain-eis-1.0.xsd</objURI>
<objURI>https://epp.tld.ee/schema/contact-ee-1.1.xsd</objURI>
<objURI>urn:ietf:params:xml:ns:host-1.0</objURI>
<objURI>urn:ietf:params:xml:ns:keyrelay-1.0</objURI>
</svcs>
</login>
</command>
</epp>
XML
post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
assert_equal 'new-password', users(:api_bestnames).plain_text_password
assert_equal '1000', Nokogiri::XML(response.body).at_css('result')[:code]
assert_equal 1, Nokogiri::XML(response.body).css('result').size
end
end

25
test/system/admin_area/api_users/new_test.rb Normal file
View file

@ -0,0 +1,25 @@
require 'test_helper'
class AdminAreaNewApiUserTest < ApplicationSystemTestCase
setup do
sign_in users(:admin)
end
def test_new_api_user_creation_with_required_params
visit admin_api_users_url
click_link_or_button 'New API user'
fill_in 'Username', with: 'newtest'
fill_in 'Password', with: 'testtest'
find('#api_user_registrar_id', visible: false).set(registrars(:bestnames).id)
assert_difference 'ApiUser.count' do
click_link_or_button 'Save'
end
assert_current_path admin_api_user_path(ApiUser.last)
assert_text 'Record created'
assert_text 'Username newtest'
assert_text 'Password testtest'
end
end

22
test/system/admin_area/protected_area_test.rb Normal file
View file

@ -0,0 +1,22 @@
require 'test_helper'
class AdminAreaProtectedAreaTest < ApplicationSystemTestCase
def test_anonymous_user_is_asked_to_authenticate_when_navigating_to_protected_area
visit admin_domains_url
assert_text 'You need to sign in before continuing'
assert_current_path new_admin_user_session_path
end
def test_authenticated_user_can_access_protected_area
sign_in users(:admin)
visit admin_domains_url
assert_current_path admin_domains_path
end
def test_authenticated_user_is_not_asked_to_authenticate_again
sign_in users(:admin)
visit new_admin_user_session_url
assert_text 'You are already signed in'
assert_current_path admin_domains_path
end
end

44
test/system/admin_area/sign_in_test.rb Normal file
View file

@ -0,0 +1,44 @@
require 'test_helper'
class AdminAreaSignInTest < ApplicationSystemTestCase
setup do
@user = users(:admin)
end
def test_correct_username_and_password
visit new_admin_user_session_url
fill_in 'admin_user_username', with: @user.username
fill_in 'admin_user_password', with: 'testtest'
click_button 'Sign in'
assert_text 'Signed in successfully'
assert_current_path admin_domains_path
end
def test_wrong_password
visit new_admin_user_session_url
fill_in 'admin_user_username', with: @user.username
fill_in 'admin_user_password', with: 'wrong'
click_button 'Sign in'
assert_text 'Invalid Username or password'
assert_current_path new_admin_user_session_path
end
def test_retry_with_correct_username_and_password
visit new_admin_user_session_url
fill_in 'admin_user_username', with: @user.username
fill_in 'admin_user_password', with: 'wrong'
click_button 'Sign in'
assert_text 'Invalid Username or password'
assert_current_path new_admin_user_session_path
fill_in 'admin_user_username', with: @user.username
fill_in 'admin_user_password', with: 'testtest'
click_button 'Sign in'
assert_text 'Signed in successfully'
assert_current_path admin_domains_path
end
end

15
test/system/admin_area/sign_out_test.rb Normal file
View file

@ -0,0 +1,15 @@
require 'test_helper'
class AdminAreaSignOutTest < ApplicationSystemTestCase
setup do
sign_in users(:admin)
end
def test_logout
visit admin_root_url
click_on 'Sign out'
assert_text 'Signed out successfully'
assert_current_path new_admin_user_session_path
end
end

Some files were not shown because too many files have changed in this diff Show more