zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-08 05:34:46 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into registry-790

Browse source
This commit is contained in:
Artur Beljajev 2018-08-27 15:24:05 +03:00
commit 3d51a93f95
104 changed files with 728 additions and 557 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/api/repp/api.rb
View file

@ -4,7 +4,7 @@ module Repp
prefix :repp
http_basic do |username, password|
@current_user ||= ApiUser.find_by(username: username, password: password)
@current_user ||= ApiUser.find_by(username: username, plain_text_password: password)
if @current_user
true
else

7
app/controllers/admin/api_users_controller.rb
View file

@ -32,7 +32,10 @@ module Admin
end
def update
params[:api_user].delete(:password) if params[:api_user][:password].blank?
if params[:api_user][:plain_text_password].blank?
params[:api_user].delete(:plain_text_password)
end
if @api_user.update(api_user_params)
flash[:notice] = I18n.t('record_updated')
redirect_to [:admin, @api_user]
@ -59,7 +62,7 @@ module Admin
end
def api_user_params
params.require(:api_user).permit(:username, :password, :active,
params.require(:api_user).permit(:username, :plain_text_password, :active,
:registrar_id, :registrar_typeahead,
:identity_code, { roles: [] })
end

14
app/controllers/admin/base_controller.rb
View file

@ -1,10 +1,20 @@
module Admin
class BaseController < ApplicationController
before_action :authenticate_user!
before_action :authenticate_admin_user!
helper_method :head_title_sufix
def head_title_sufix
t(:admin_head_title_sufix)
end
private
def current_ability
@current_ability ||= Ability.new(current_admin_user)
end
def user_for_paper_trail
current_admin_user ? current_admin_user.id_role_username : 'anonymous'
end
end
end
end

7
app/controllers/admin/dashboard_controller.rb Normal file
View file

@ -0,0 +1,7 @@
module Admin
class DashboardController < BaseController
authorize_resource class: false
def show; end
end
end

9
app/controllers/admin/dashboards_controller.rb
View file

@ -1,9 +0,0 @@
module Admin
class DashboardsController < BaseController
authorize_resource class: false
def show
redirect_to [:admin, :domains] if can? :show, Domain
end
end
end

4
app/controllers/admin/pending_deletes_controller.rb
View file

@ -6,7 +6,7 @@ module Admin
def update
authorize! :update, :pending
if registrant_verification.domain_registrant_delete_confirm!("admin #{current_user.username}")
if registrant_verification.domain_registrant_delete_confirm!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)
@ -16,7 +16,7 @@ module Admin
def destroy
authorize! :destroy, :pending
if registrant_verification.domain_registrant_delete_reject!("admin #{current_user.username}")
if registrant_verification.domain_registrant_delete_reject!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)

4
app/controllers/admin/pending_updates_controller.rb
View file

@ -6,7 +6,7 @@ module Admin
def update
authorize! :update, :pending
if registrant_verification.domain_registrant_change_confirm!("admin #{current_user.username}")
if registrant_verification.domain_registrant_change_confirm!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied)
else
redirect_to edit_admin_domain_path(@domain.id), alert: t(:failure)
@ -15,7 +15,7 @@ module Admin
def destroy
authorize! :destroy, :pending
if registrant_verification.domain_registrant_change_reject!("admin #{current_user.username}")
if registrant_verification.domain_registrant_change_reject!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)

29
app/controllers/admin/sessions_controller.rb
View file

@ -1,28 +1,17 @@
module Admin
class SessionsController < Devise::SessionsController
skip_authorization_check only: :create
private
def login
@admin_user = AdminUser.new
def after_sign_in_path_for(_resource_or_scope)
admin_domains_path
end
def create
if params[:admin_user].blank?
@admin_user = AdminUser.new
flash[:alert] = 'Something went wrong'
return render 'login'
end
def after_sign_out_path_for(_resource_or_scope)
new_admin_user_session_path
end
@admin_user = AdminUser.find_by(username: params[:admin_user][:username])
@admin_user ||= AdminUser.new(username: params[:admin_user][:username])
if @admin_user.valid_password?(params[:admin_user][:password])
sign_in @admin_user, event: :authentication
redirect_to admin_root_url, notice: I18n.t(:welcome)
else
flash[:alert] = 'Authorization error'
render 'login'
end
def user_for_paper_trail
current_admin_user ? current_admin_user.id_role_username : 'anonymous'
end
end
end
end

2
app/controllers/api/v1/registrant/contacts_controller.rb
View file

@ -35,7 +35,7 @@ module Api
private
def set_contacts_pool
country_code, ident = current_user.registrant_ident.to_s.split '-'
country_code, ident = current_registrant_user.registrant_ident.to_s.split '-'
associated_domain_ids = begin
BusinessRegistryCache.fetch_by_ident_and_cc(ident, country_code).associated_domain_ids
end

4
app/controllers/api/v1/registrant/domains_controller.rb
View file

@ -16,12 +16,12 @@ module Api
status: :bad_request) && return
end
@domains = associated_domains(current_user).limit(limit).offset(offset)
@domains = associated_domains(current_registrant_user).limit(limit).offset(offset)
render json: @domains
end
def show
domain_pool = associated_domains(current_user)
domain_pool = associated_domains(current_registrant_user)
@domain = domain_pool.find_by(uuid: params[:uuid])
if @domain

52
app/controllers/application_controller.rb
View file

@ -12,63 +12,15 @@ class ApplicationController < ActionController::Base
end
rescue_from CanCan::AccessDenied do |exception|
redirect_to current_root_url, alert: exception.message
redirect_to root_url, alert: exception.message
end
helper_method :registrant_request?, :registrar_request?, :admin_request?, :current_root_url
helper_method :available_languages
def registrant_request?
request.path.match(/^\/registrant/)
end
def registrar_request?
request.path.match(/^\/registrar/)
end
def admin_request?
request.path.match(/^\/admin/)
end
def current_root_url
if registrar_request?
registrar_root_url
elsif registrant_request?
registrant_login_url
elsif admin_request?
admin_root_url
end
end
def after_sign_in_path_for(_resource)
rt = session[:user_return_to].to_s.presence
login_paths = [admin_login_path, registrar_login_path, '/login']
return rt if rt && !login_paths.include?(rt)
current_root_url
end
def after_sign_out_path_for(_resource)
if registrar_request?
registrar_login_url
elsif registrant_request?
registrant_login_url
elsif admin_request?
admin_login_url
end
end
def info_for_paper_trail
{ uuid: request.uuid }
end
def user_for_paper_trail
user_log_str(current_user)
end
def user_log_str(user)
user.nil? ? 'public' : user.id_role_username
end
def comma_support_for(parent_key, key)
return if params[parent_key].blank?
return if params[parent_key][key].blank?
@ -80,4 +32,4 @@ class ApplicationController < ActionController::Base
def available_languages
{ en: 'English', et: 'Estonian' }.invert
end
end
end

4
app/controllers/epp/sessions_controller.rb
View file

@ -81,7 +81,7 @@ class Epp::SessionsController < EppController
if success
if params[:parsed_frame].css('newPW').first
unless @api_user.update(password: params[:parsed_frame].css('newPW').first.text)
unless @api_user.update(plain_text_password: params[:parsed_frame].css('newPW').first.text)
response.headers['X-EPP-Returncode'] = '2500'
handle_errors(@api_user) and return
end
@ -128,7 +128,7 @@ class Epp::SessionsController < EppController
def login_params
user = params[:parsed_frame].css('clID').first.text
pw = params[:parsed_frame].css('pw').first.text
{ username: user, password: pw }
{ username: user, plain_text_password: pw }
end
private

3
app/controllers/registrant/contacts_controller.rb
View file

@ -3,7 +3,6 @@ class Registrant::ContactsController < RegistrantController
def show
@contact = Contact.where(id: contacts).find_by(id: params[:id])
@current_user = current_user
authorize! :read, @contact
end
@ -22,7 +21,7 @@ class Registrant::ContactsController < RegistrantController
def domain_ids
@domain_ids ||= begin
ident_cc, ident = @current_user.registrant_ident.to_s.split '-'
ident_cc, ident = current_registrant_user.registrant_ident.to_s.split '-'
BusinessRegistryCache.fetch_by_ident_and_cc(ident, ident_cc).associated_domain_ids
end
end

3
app/controllers/registrant/domain_delete_confirms_controller.rb
View file

@ -19,7 +19,8 @@ class Registrant::DomainDeleteConfirmsController < RegistrantController
domain_name: @domain.name,
verification_token: params[:token])
initiator = current_user ? current_user.username : t(:user_not_authenticated)
initiator = current_registrant_user ? current_registrant_user.username :
t(:user_not_authenticated)
if params[:rejected]
if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}")

3
app/controllers/registrant/domain_update_confirms_controller.rb
View file

@ -19,7 +19,8 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
domain_name: @domain.name,
verification_token: params[:token])
initiator = current_user ? current_user.username : t(:user_not_authenticated)
initiator = current_registrant_user ? current_registrant_user.username :
t(:user_not_authenticated)
if params[:rejected]
if @registrant_verification.domain_registrant_change_reject!("email link, #{initiator}")

4
app/controllers/registrant/domains_controller.rb
View file

@ -54,13 +54,13 @@ class Registrant::DomainsController < RegistrantController
end
def domains
ident_cc, ident = @current_user.registrant_ident.split '-'
ident_cc, ident = current_registrant_user.registrant_ident.split '-'
begin
BusinessRegistryCache.fetch_associated_domains ident, ident_cc
rescue Soap::Arireg::NotAvailableError => error
flash[:notice] = I18n.t(error.json[:message])
Rails.logger.fatal("[EXCEPTION] #{error.to_s}")
current_user.domains
current_registrant_user.domains
end
end

26
app/controllers/registrant/sessions_controller.rb
View file

@ -1,8 +1,7 @@
class Registrant::SessionsController < Devise::SessionsController
layout 'registrant/application'
def login
end
def new; end
def id
id_code, id_issuer = request.env['SSL_CLIENT_S_DN'], request.env['SSL_CLIENT_I_DN_O']
@ -10,11 +9,10 @@ class Registrant::SessionsController < Devise::SessionsController
@user = RegistrantUser.find_or_create_by_idc_data(id_code, id_issuer)
if @user
sign_in(@user, event: :authentication)
redirect_to registrant_root_url
sign_in_and_redirect(:registrant_user, @user, event: :authentication)
else
flash[:alert] = t('login_failed_check_id_card')
redirect_to registrant_login_url
redirect_to new_registrant_user_session_url
end
end
@ -68,7 +66,7 @@ class Registrant::SessionsController < Devise::SessionsController
when 'USER_AUTHENTICATED'
@user = RegistrantUser.find_by(registrant_ident: "#{session[:user_country]}-#{session[:user_id_code]}")
sign_in @user
sign_in(:registrant_user, @user)
flash[:notice] = t(:welcome)
flash.keep(:notice)
render js: "window.location = '#{registrant_root_path}'"
@ -97,4 +95,18 @@ class Registrant::SessionsController < Devise::SessionsController
return User.new unless idc
ApiUser.find_by(identity_code: idc) || User.new
end
end
private
def after_sign_in_path_for(_resource_or_scope)
registrant_root_path
end
def after_sign_out_path_for(_resource_or_scope)
new_registrant_user_session_path
end
def user_for_paper_trail
current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous'
end
end

15
app/controllers/registrant_controller.rb
View file

@ -1,11 +1,22 @@
class RegistrantController < ApplicationController
before_action :authenticate_user!
before_action :authenticate_registrant_user!
layout 'registrant/application'
include Registrant::ApplicationHelper
helper_method :head_title_sufix
def head_title_sufix
t(:registrant_head_title_sufix)
end
end
private
def current_ability
@current_ability ||= Ability.new(current_registrant_user, request.remote_ip)
end
def user_for_paper_trail
current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous'
end
end

2
app/controllers/registrar/account_activities_controller.rb
View file

@ -4,7 +4,7 @@ class Registrar
def index
params[:q] ||= {}
account = current_user.registrar.cash_account
account = current_registrar_user.registrar.cash_account
ca_cache = params[:q][:created_at_lteq]
begin

14
app/controllers/registrar/base_controller.rb
View file

@ -2,7 +2,7 @@ class Registrar
class BaseController < ApplicationController
include Registrar::ApplicationHelper
before_action :authenticate_user!
before_action :authenticate_registrar_user!
before_action :check_ip_restriction
helper_method :depp_controller?
helper_method :head_title_sufix
@ -10,21 +10,21 @@ class Registrar
protected
def current_ability
@current_ability ||= Ability.new(current_user, request.remote_ip)
@current_ability ||= Ability.new(current_registrar_user, request.remote_ip)
end
private
def check_ip_restriction
ip_restriction = Authorization::RestrictedIP.new(request.ip)
allowed = ip_restriction.can_access_registrar_area?(current_user.registrar)
allowed = ip_restriction.can_access_registrar_area?(current_registrar_user.registrar)
return if allowed
sign_out current_user
sign_out current_registrar_user
flash[:alert] = t('registrar.authorization.ip_not_allowed', ip: request.ip)
redirect_to registrar_login_url
redirect_to new_registrar_user_session_url
end
def depp_controller?
@ -34,5 +34,9 @@ class Registrar
def head_title_sufix
t(:registrar_head_title_sufix)
end
def user_for_paper_trail
current_registrar_user ? current_registrar_user.id_role_username : 'anonymous'
end
end
end

2
app/controllers/registrar/bulk_change_controller.rb
View file

@ -10,7 +10,7 @@ class Registrar
private
def available_contacts
current_user.registrar.contacts.order(:name).pluck(:name, :code)
current_registrar_user.registrar.contacts.order(:name).pluck(:name, :code)
end
def default_tab

6
app/controllers/registrar/contacts_controller.rb
View file

@ -21,11 +21,11 @@ class Registrar
end
if params[:statuses_contains]
contacts = current_user.registrar.contacts.includes(:registrar).where(
contacts = current_registrar_user.registrar.contacts.includes(:registrar).where(
"contacts.statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
)
else
contacts = current_user.registrar.contacts.includes(:registrar)
contacts = current_registrar_user.registrar.contacts.includes(:registrar)
end
normalize_search_parameters do
@ -45,7 +45,7 @@ class Registrar
@contacts = Contact.find_by(name: params[:q][:name_matches])
end
contacts = current_user.registrar.contacts.includes(:registrar)
contacts = current_registrar_user.registrar.contacts.includes(:registrar)
contacts = contacts.filter_by_states(params[:statuses_contains]) if params[:statuses_contains]
normalize_search_parameters do

4
app/controllers/registrar/current_user_controller.rb
View file

@ -3,9 +3,9 @@ class Registrar
skip_authorization_check
def switch
raise 'Cannot switch to unlinked user' unless current_user.linked_with?(new_user)
raise 'Cannot switch to unlinked user' unless current_registrar_user.linked_with?(new_user)
sign_in(new_user)
sign_in(:registrar_user, new_user)
redirect_to :back, notice: t('.switched', new_user: new_user)
end

13
app/controllers/registrar/dashboard_controller.rb
View file

@ -1,13 +0,0 @@
class Registrar
class DashboardController < BaseController
authorize_resource class: false
def show
if can?(:show, :poll)
redirect_to registrar_poll_url and return
elsif can?(:show, Invoice)
redirect_to registrar_invoices_url and return
end
end
end
end

2
app/controllers/registrar/deposits_controller.rb
View file

@ -7,7 +7,7 @@ class Registrar
end
def create
@deposit = Deposit.new(deposit_params.merge(registrar: current_user.registrar))
@deposit = Deposit.new(deposit_params.merge(registrar: current_registrar_user.registrar))
@invoice = @deposit.issue_prepayment_invoice
if @invoice

10
app/controllers/registrar/depp_controller.rb
View file

@ -5,13 +5,13 @@ class Registrar
rescue_from(Errno::ECONNRESET, Errno::ECONNREFUSED) do |exception|
logger.error 'COULD NOT CONNECT TO REGISTRY'
logger.error exception.backtrace.join("\n")
redirect_to registrar_login_url, alert: t(:no_connection_to_registry)
redirect_to new_registrar_user_session_url, alert: t(:no_connection_to_registry)
end
before_action :authenticate_user
def authenticate_user
redirect_to registrar_login_url and return unless depp_current_user
redirect_to new_registrar_user_session_url and return unless depp_current_user
end
def depp_controller?
@ -19,10 +19,10 @@ class Registrar
end
def depp_current_user
return nil unless current_user
return nil unless current_registrar_user
@depp_current_user ||= Depp::User.new(
tag: current_user.username,
password: current_user.password
tag: current_registrar_user.username,
password: current_registrar_user.plain_text_password
)
end

3
app/controllers/registrar/domain_transfers_controller.rb
View file

@ -21,7 +21,8 @@ class Registrar
uri = URI.parse("#{ENV['repp_url']}domain_transfers")
request = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
request.body = { data: { domainTransfers: domain_transfers } }.to_json
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username,
current_registrar_user.plain_text_password)
if Rails.env.test?

8
app/controllers/registrar/domains_controller.rb
View file

@ -16,11 +16,11 @@ class Registrar
end
if params[:statuses_contains]
domains = current_user.registrar.domains.includes(:registrar, :registrant).where(
domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant).where(
"statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
)
else
domains = current_user.registrar.domains.includes(:registrar, :registrant)
domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant)
end
normalize_search_parameters do
@ -142,7 +142,7 @@ class Registrar
def search_contacts
authorize! :create, Depp::Domain
scope = current_user.registrar.contacts.limit(10)
scope = current_registrar_user.registrar.contacts.limit(10)
if params[:query].present?
escaped_str = ActiveRecord::Base.connection.quote_string params[:query]
scope = scope.where("name ilike '%#{escaped_str}%' OR code ilike '%#{escaped_str}%' ")
@ -159,7 +159,7 @@ class Registrar
def contacts
current_user.registrar.contacts
current_registrar_user.registrar.contacts
end
def normalize_search_parameters

3
app/controllers/registrar/invoices_controller.rb
View file

@ -6,7 +6,8 @@ class Registrar
def index
params[:q] ||= {}
invoices = current_user.registrar.invoices.includes(:invoice_items, :account_activity)
invoices = current_registrar_user.registrar.invoices
.includes(:invoice_items, :account_activity)
normalize_search_parameters do
@q = invoices.search(params[:q])

3
app/controllers/registrar/nameservers_controller.rb
View file

@ -12,7 +12,8 @@ class Registrar
attributes: { hostname: params[:new_hostname],
ipv4: ipv4,
ipv6: ipv6 } } }.to_json
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username,
current_registrar_user.plain_text_password)
if Rails.env.test?
response = Net::HTTP.start(uri.hostname, uri.port,

4
app/controllers/registrar/profile_controller.rb
View file

@ -5,13 +5,13 @@ class Registrar
helper_method :linked_users
def show
@user = current_user
@user = current_registrar_user
end
private
def linked_users
current_user.linked_users
current_registrar_user.linked_users
end
end
end

60
app/controllers/registrar/sessions_controller.rb
View file

@ -3,12 +3,8 @@ class Registrar
before_action :check_ip_restriction
helper_method :depp_controller?
def login
@depp_user = Depp::User.new
end
def create
@depp_user = Depp::User.new(params[:depp_user].merge(pki: !(Rails.env.development? || Rails.env.test?)))
@depp_user = Depp::User.new(depp_user_params)
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'].blank?
@depp_user.errors.add(:base, :webserver_missing_user_name_directive)
@ -26,11 +22,12 @@ class Registrar
@depp_user.errors.add(:base, :webserver_client_cert_directive_should_be_required)
end
@api_user = ApiUser.find_by(username: params[:depp_user][:tag], password: params[:depp_user][:password])
@api_user = ApiUser.find_by(username: sign_in_params[:username],
plain_text_password: sign_in_params[:password])
unless @api_user
@depp_user.errors.add(:base, t(:no_such_user))
render 'login' and return
show_error and return
end
if @depp_user.pki
@ -41,14 +38,13 @@ class Registrar
if @depp_user.errors.none?
if @api_user.active?
sign_in @api_user
redirect_to registrar_root_url
sign_in_and_redirect(:registrar_user, @api_user)
else
@depp_user.errors.add(:base, :not_active)
render 'login'
show_error and return
end
else
render 'login'
show_error and return
end
end
@ -56,11 +52,10 @@ class Registrar
@user = ApiUser.find_by_idc_data_and_allowed(request.env['SSL_CLIENT_S_DN'], request.ip)
if @user
sign_in(@user, event: :authentication)
redirect_to registrar_root_url
sign_in_and_redirect(:registrar_user, @user, event: :authentication)
else
flash[:alert] = t('no_such_user')
redirect_to registrar_login_url
redirect_to new_registrar_user_session_url
end
end
@ -117,7 +112,7 @@ class Registrar
render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok
when 'USER_AUTHENTICATED'
@user = find_user_by_idc_and_allowed(session[:user_id_code])
sign_in @user
sign_in(:registrar_user, @user)
flash[:notice] = t(:welcome)
flash.keep(:notice)
render js: "window.location = '#{registrar_root_url}'"
@ -163,8 +158,6 @@ class Registrar
end
end
def check_ip_restriction
ip_restriction = Authorization::RestrictedIP.new(request.ip)
allowed = ip_restriction.can_access_registrar_area_sign_in_page?
@ -173,5 +166,36 @@ class Registrar
render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
end
def current_ability
@current_ability ||= Ability.new(current_registrar_user, request.remote_ip)
end
def after_sign_in_path_for(_resource_or_scope)
if can?(:show, :poll)
registrar_root_path
else
registrar_profile_path
end
end
def after_sign_out_path_for(_resource_or_scope)
new_registrar_user_session_path
end
def user_for_paper_trail
current_registrar_user ? current_registrar_user.id_role_username : 'anonymous'
end
def depp_user_params
params = sign_in_params
params[:tag] = params.delete(:username)
params.merge!(pki: !(Rails.env.development? || Rails.env.test?))
params
end
def show_error
redirect_to new_registrar_user_session_url, alert: @depp_user.errors.full_messages.first
end
end
end
end

3
app/controllers/registrar/tech_contacts_controller.rb
View file

@ -8,7 +8,8 @@ class Registrar
request = Net::HTTP::Patch.new(uri)
request.set_form_data(current_contact_id: params[:current_contact_id],
new_contact_id: params[:new_contact_id])
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username,
current_registrar_user.plain_text_password)
if Rails.env.test?
response = Net::HTTP.start(uri.hostname, uri.port,

6
app/helpers/application_helper.rb
View file

@ -89,4 +89,8 @@ module ApplicationHelper
types.delete('ddoc')
".#{types.join(',.')}"
end
end
def body_css_class
[controller_path.split('/').map!(&:dasherize), action_name.dasherize, 'page'].join('-')
end
end

3
app/models/ability.rb
View file

@ -31,8 +31,6 @@ class Ability
end
def epp # Registrar/api_user dynamic role
can :view, :registrar_dashboard
if @user.registrar.api_ip_white?(@ip)
can :manage, :poll
can :manage, Depp::Contact
@ -71,7 +69,6 @@ class Ability
end
def billing # Registrar/api_user dynamic role
can :view, :registrar_dashboard
can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id }
can :manage, :deposit
can :read, AccountActivity

3
app/models/admin_user.rb
View file

@ -9,7 +9,8 @@ class AdminUser < User
ROLES = %w(user customer_service admin) # should not match to api_users roles
devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable
devise :database_authenticatable, :trackable, :validatable, :timeoutable,
authentication_keys: [:username]
def self.min_password_length
Devise.password_length.min

8
app/models/api_user.rb
View file

@ -2,11 +2,12 @@ require 'open3'
class ApiUser < User
include EppErrors
devise :database_authenticatable, :trackable, :timeoutable, authentication_keys: [:username]
def epp_code_map
{
'2306' => [ # Parameter policy error
[:password, :blank]
%i[plain_text_password blank]
]
}
end
@ -19,8 +20,8 @@ class ApiUser < User
belongs_to :registrar
has_many :certificates
validates :username, :password, :registrar, :roles, presence: true
validates :password, length: { minimum: min_password_length }
validates :username, :plain_text_password, :registrar, :roles, presence: true
validates :plain_text_password, length: { minimum: min_password_length }
validates :username, uniqueness: true
delegate :code, :name, to: :registrar, prefix: true
@ -30,6 +31,7 @@ class ApiUser < User
SUPER = 'super'
EPP = 'epp'
BILLING = 'billing'
ROLES = %w(super epp billing) # should not match to admin roles

2
app/models/registrant_user.rb
View file

@ -2,6 +2,8 @@ class RegistrantUser < User
ACCEPTED_ISSUER = 'AS Sertifitseerimiskeskus'
attr_accessor :idc_data
devise :database_authenticatable, :trackable, :timeoutable
def ability
@ability ||= Ability.new(self)
end

1
app/models/user.rb
View file

@ -1,6 +1,5 @@
class User < ActiveRecord::Base
include Versions # version/user_version.rb
devise :trackable, :timeoutable
attr_accessor :phone

4
app/views/admin/api_users/_form.haml
View file

@ -11,9 +11,9 @@
= f.text_field :username, required: true, autofocus: true, class: 'form-control'
.form-group
.col-md-4.control-label
= f.label :password, nil, class: 'required'
= f.label :plain_text_password, nil, class: 'required'
.col-md-7
= f.text_field :password, required: true, class: 'form-control'
= f.text_field :plain_text_password, required: true, class: 'form-control'
.form-group
.col-md-4.control-label

2
app/views/admin/api_users/show.haml
View file

@ -21,7 +21,7 @@
%dd= @api_user.username
%dt= t(:password)
%dd= @api_user.password
%dd= @api_user.plain_text_password
%dt= t(:registrar_name)
%dd= link_to(@api_user.registrar, admin_registrar_path(@api_user.registrar))

6
app/views/admin/base/_menu.haml
View file

@ -39,6 +39,6 @@
%li= link_to t('.repp_log'), admin_repp_logs_path(created_after: 'today')
%li= link_to t('.que'), '/admin/que'
- if signed_in?
%ul.nav.navbar-nav.navbar-right
%li= link_to t(:log_out, user: current_user), '/admin/logout'
%ul.nav.navbar-nav.navbar-right
%li= link_to t('.sign_out'), destroy_admin_user_session_path, method: :delete,
class: 'navbar-link'

0
app/views/admin/dashboards/show.haml → app/views/admin/dashboard/show.html.erb
View file

29
app/views/admin/sessions/_links.html.erb Normal file
View file

@ -0,0 +1,29 @@
<%- if controller_name != 'sessions' %>
<%= link_to "Log in", new_session_path(resource_name) %><br/>
<% end -%>
<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
<%= link_to "Sign up", new_registration_path(resource_name) %><br/>
<% end -%>
<%- if devise_mapping.recoverable? && controller_name != 'passwords' &&
controller_name != 'registrations' %>
<%= link_to "Forgot your password?", new_password_path(resource_name) %><br/>
<% end -%>
<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
<%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %>
<br/>
<% end -%>
<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) &&
controller_name != 'unlocks' %>
<%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %><br/>
<% end -%>
<%- if devise_mapping.omniauthable? %>
<%- resource_class.omniauth_providers.each do |provider| %>
<%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}",
omniauth_authorize_path(resource_name, provider) %><br/>
<% end -%>
<% end -%>

15
app/views/admin/sessions/login.haml
View file

@ -1,15 +0,0 @@
.row
.form-signin.col-md-6.center-block.text-center
%h2.form-signin-heading.text-center Eesti Interneti SA
%hr
.form-signin
= form_for(@admin_user, url: admin_sessions_path, method: :create, html: {class: 'form-signin'}) do |f|
= render 'admin/shared/errors', object: f.object
- error_class = f.object.errors.any? ? 'has-error' : ''
%div{class: error_class}
= f.text_field :username, class: 'form-control', placeholder: t(:username), required: true
= f.password_field :password, class: 'form-control',
autocomplete: 'off', placeholder: t(:password), required: true
%button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t(:log_in)

29
app/views/admin/sessions/new.html.erb Normal file
View file

@ -0,0 +1,29 @@
<div class="row">
<%= form_for resource, as: resource_name, url: session_path(resource_name),
html: { class: 'col-md-6 form-signin center-block text-center' } do |f| %>
<h1 class="form-signin-heading text-center"><%= t '.header_html' %></h1>
<hr>
<%= f.label :username, class: 'sr-only' %>
<%= f.text_field :username, placeholder: AdminUser.human_attribute_name(:username),
required: true,
autofocus: true,
class: 'form-control' %>
<%= f.label :password, class: 'sr-only' %>
<%= f.password_field :password, placeholder: AdminUser.human_attribute_name(:password),
required: true,
class: 'form-control' %>
<% if devise_mapping.rememberable? -%>
<div class="checkbox">
<label><%= f.check_box :remember_me %> <%= t '.remember_checkbox' %> %></label>
</div>
<% end -%>
<%= f.submit t('.sign_in_btn'), class: 'btn btn-lg btn-primary btn-block' %>
<% end %>
</div>
<%= render 'links' %>

5
app/views/admin/shared/_errors.haml
View file

@ -1,5 +0,0 @@
- if object.errors.any?
%p.text-danger
- object.errors.each do |attr, err|
= err
%br

4
app/views/layouts/admin/base.haml
View file

@ -10,7 +10,7 @@
= csrf_meta_tags
= stylesheet_link_tag 'admin-manifest', media: 'all'
= favicon_link_tag 'favicon.ico'
%body{:style => env_style}
%body{:style => env_style, class: body_css_class}
.navbar.navbar-inverse.navbar-static-top{role: "navigation"}
.container
.navbar-header
@ -19,7 +19,7 @@
%span.icon-bar
%span.icon-bar
%span.icon-bar
= link_to admin_dashboard_path, class: 'navbar-brand' do
= link_to admin_root_path, class: 'navbar-brand' do
= ENV['app_name']
- if unstable_env.present?
.text-center

4
app/views/layouts/devise.haml
View file

@ -9,7 +9,7 @@
= csrf_meta_tags
= stylesheet_link_tag 'admin-manifest', media: 'all'
= favicon_link_tag 'favicon.ico'
%body{:style => env_style}
%body{:style => env_style, class: body_css_class}
.navbar.navbar-inverse.navbar-static-top{role: "navigation"}
.container
.navbar-header
@ -18,7 +18,7 @@
%span.icon-bar
%span.icon-bar
%span.icon-bar
= link_to admin_dashboard_path, class: 'navbar-brand' do
= link_to new_admin_user_session_path, class: 'navbar-brand' do
= ENV['app_name']
- if unstable_env.present?
.text-center

8
app/views/layouts/registrant/application.html.erb
View file

@ -14,7 +14,7 @@
<%= stylesheet_link_tag 'registrant-manifest', media: 'all' %>
<%= favicon_link_tag 'favicon.ico' %>
</head>
<body>
<body class="<%= body_css_class %>">
<!-- Fixed navbar
-->
<nav class="navbar navbar-default navbar-fixed-top">
@ -37,7 +37,7 @@
<% end %>
<% end %>
</div>
<% if current_user %>
<% if current_registrant_user %>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav public-nav">
<% if can? :view, Depp::Domain %>
@ -54,9 +54,9 @@
<% end %>
</ul>
<ul class="nav navbar-nav navbar-right">
<% if user_signed_in? %>
<% if registrant_user_signed_in? %>
<li>
<%= link_to t(:log_out, user: current_user), '/registrant/logout' %>
<%= link_to t(:log_out, user: current_registrant_user), destroy_registrant_user_session_path, method: :delete %>
</li>
<% end %>
</ul>

5
app/views/layouts/registrar/base.html.erb
View file

@ -14,7 +14,7 @@
<%= stylesheet_link_tag 'registrar-manifest', media: 'all' %>
<%= favicon_link_tag 'favicon.ico' %>
</head>
<body>
<body class="<%= body_css_class %>">
<nav class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
@ -24,7 +24,8 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<%= link_to registrar_root_path, class: 'navbar-brand' do %>
<%= link_to can?(:show, :poll) ? registrar_root_path : registrar_profile_path,
class: 'navbar-brand' do %>
<%= t(:registrar_head_title) %>
<% if unstable_env.present? %>
<div class="text-center">

5
app/views/layouts/registrar/sessions.html.erb
View file

@ -13,12 +13,11 @@
<%= stylesheet_link_tag 'registrar-manifest', media: 'all' %>
<%= javascript_include_tag 'registrar-manifest' %>
</head>
<body>
<body class="<%= body_css_class %>">
<nav class="navbar navbar-default navbar-fixed-top">
<div class="container">
<div class="navbar-header">
<%= link_to registrar_root_path, class: 'navbar-brand',
id: 'registrar-home-btn' do %>
<%= link_to new_registrar_user_session_path, class: 'navbar-brand' do %>
<%= t(:registrar_head_title) %>
<% if unstable_env.present? %>
<div class="text-center">

11
app/views/registrant/sessions/login.haml
View file

@ -1,11 +0,0 @@
.row
.form-signin.col-md-6.center-block.text-center
%h2.form-signin-heading.text-center= t(:log_in)
%hr
.row
=t "only_estonian_residets_can_signin"
%br
= link_to '/registrant/login/mid' do
= image_tag 'mid.gif'
= link_to '/registrant/id', method: :post do
= image_tag 'id_card.gif'

4
app/views/registrant/sessions/login_mid.haml
View file

@ -1,12 +1,12 @@
.row
.form-signin.col-md-4.center-block.text-center
%h2.form-signin-heading.text-center= t(:log_in_with_mid)
%h2.form-signin-heading.text-center= t '.header'
%hr
= form_for @user, url: registrant_mid_path, auto_html5_validation: false,
html: {class: 'form-signin'} do |f|
= f.text_field :phone, class: 'form-control',
placeholder: t(:phone_no), autocomplete: 'off', required: true
%button.btn.btn-lg.btn-primary.btn-block.js-login{:type => 'submit'}= t(:log_in)
%button.btn.btn-lg.btn-primary.btn-block.js-login{:type => 'submit'}= t '.submit_btn'
- if ['development', 'alpha'].include?(Rails.env)
%div.text-center

18
app/views/registrant/sessions/new.html.erb Normal file
View file

@ -0,0 +1,18 @@
<div class="row">
<div class="form-signin col-md-6 center-block text-center">
<h2 class="form-signin-heading text-center">
<%= t '.header' %>
</h2>
<hr/>
<div class="row">
<%= t '.hint' %>
</div>
<br/>
<%= link_to '/registrant/login/mid' do %>
<%= image_tag 'mid.gif' %>
<% end %>
<%= link_to '/registrant/id', method: :post do %>
<%= image_tag 'id_card.gif' %>
<% end %>
</div>
</div>

4
app/views/registrar/base/_current_user.html.erb
View file

@ -1,5 +1,5 @@
<% current_user_presenter = UserPresenter.new(user: current_user, view: self) %>
<% current_user_presenter = UserPresenter.new(user: current_registrar_user, view: self) %>
<%= link_to current_user_presenter.login_with_role, registrar_profile_path, id: 'registrar-profile-btn',
class: 'navbar-link' %>
<span class="text-muted">|</span>
<%= link_to t('.sign_out'), registrar_destroy_user_session_path, method: :delete, class: 'navbar-link' %>
<%= link_to t('.sign_out'), destroy_registrar_user_session_path, method: :delete, class: 'navbar-link' %>

3
app/views/registrar/dashboard/show.haml
View file

@ -1,3 +0,0 @@
.panel.panel-default
.panel-body
= t('welcome_to_eis_registrar_portal')

4
app/views/registrar/invoices/index.haml
View file

@ -4,8 +4,8 @@
= render 'shared/title', name: t(:your_account)
= t(:your_current_account_balance_is,
balance: currency(current_user.registrar.cash_account.balance),
currency: current_user.registrar.cash_account.currency)
balance: currency(current_registrar_user.registrar.cash_account.balance),
currency: current_registrar_user.registrar.cash_account.currency)
%h1= t(:invoices)
.row

22
app/views/registrar/sessions/login.haml
View file

@ -1,22 +0,0 @@
.row
.form-signin.col-md-6.center-block.text-center
%h2.form-signin-heading.text-center= t(:log_in)
%hr
= form_for @depp_user, url: registrar_sessions_path, html: {class: 'form-signin'} do |f|
= render 'registrar/shared/errors', object: f.object
- error_class = f.object.errors.any? ? 'has-error' : ''
%div{class: error_class}
= f.text_field :tag, class: 'form-control', placeholder: t(:username), required: true
= f.password_field :password, class: 'form-control',
autocomplete: 'off', placeholder: t(:password), required: true
%button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t('.login_btn')
%hr
= link_to '/registrar/login/mid', id: 'login-with-mobile-id-btn' do
= image_tag 'mid.gif'
= link_to '/registrar/id', method: :post do
= image_tag 'id_card.gif'

4
app/views/registrar/sessions/login_mid.haml
View file

@ -1,12 +1,12 @@
.row
.form-signin.col-md-4.center-block.text-center
%h2.form-signin-heading.text-center= t(:log_in_with_mid)
%h2.form-signin-heading.text-center= t '.header'
%hr
= form_for @user, url: registrar_mid_path, auto_html5_validation: false,
html: {class: 'form-signin'} do |f|
= f.text_field :phone, class: 'form-control',
placeholder: t(:phone_no), autocomplete: 'off', required: true
%button.btn.btn-lg.btn-primary.btn-block.js-login{:type => 'submit'}= t('.login_btn')
%button.btn.btn-lg.btn-primary.btn-block.js-login{:type => 'submit'}= t '.submit_btn'
- if ['development', 'alpha'].include?(Rails.env)
%div.text-center

30
app/views/registrar/sessions/new.html.erb Normal file
View file

@ -0,0 +1,30 @@
<div class="row">
<div class="form-signin col-md-6 center-block text-center">
<h1 class="form-signin-heading text-center"><%= t '.header_html' %></h1>
<hr>
<%= form_for resource, as: resource_name, url: session_path(resource_name) do |f| %>
<%= f.text_field :username, placeholder: ApiUser.human_attribute_name(:username),
autofocus: true,
required: true,
class: 'form-control' %>
<%= f.password_field :password,
placeholder: ApiUser.human_attribute_name(:password),
required: true,
class: 'form-control' %>
<%= f.submit t('.submit_btn'), class: 'btn btn-lg btn-primary btn-block' %>
<% end %>
<hr>
<%= link_to '/registrar/login/mid', id: 'login-with-mobile-id-btn' do %>
<%= image_tag 'mid.gif' %>
<% end %>
<%= link_to '/registrar/id', method: :post do %>
<%= image_tag 'id_card.gif' %>
<% end %>
</div>
</div>

5
app/views/registrar/shared/_errors.haml
View file

@ -1,5 +0,0 @@
- if object.errors.any?
%p.text-danger
- object.errors.each do |attr, err|
= err
%br