zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-07 05:05:45 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into registry-790

Browse source
This commit is contained in:
Artur Beljajev 2018-08-27 15:24:05 +03:00
commit 3d51a93f95
104 changed files with 728 additions and 557 deletions
Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/admin/api_users_controller.rb
View file

@ -32,7 +32,10 @@ module Admin
end
def update
params[:api_user].delete(:password) if params[:api_user][:password].blank?
if params[:api_user][:plain_text_password].blank?
params[:api_user].delete(:plain_text_password)
end
if @api_user.update(api_user_params)
flash[:notice] = I18n.t('record_updated')
redirect_to [:admin, @api_user]
@ -59,7 +62,7 @@ module Admin
end
def api_user_params
params.require(:api_user).permit(:username, :password, :active,
params.require(:api_user).permit(:username, :plain_text_password, :active,
:registrar_id, :registrar_typeahead,
:identity_code, { roles: [] })
end

14
app/controllers/admin/base_controller.rb
View file

@ -1,10 +1,20 @@
module Admin
class BaseController < ApplicationController
before_action :authenticate_user!
before_action :authenticate_admin_user!
helper_method :head_title_sufix
def head_title_sufix
t(:admin_head_title_sufix)
end
private
def current_ability
@current_ability ||= Ability.new(current_admin_user)
end
def user_for_paper_trail
current_admin_user ? current_admin_user.id_role_username : 'anonymous'
end
end
end
end

7
app/controllers/admin/dashboard_controller.rb Normal file
View file

@ -0,0 +1,7 @@
module Admin
class DashboardController < BaseController
authorize_resource class: false
def show; end
end
end

9
app/controllers/admin/dashboards_controller.rb
View file

@ -1,9 +0,0 @@
module Admin
class DashboardsController < BaseController
authorize_resource class: false
def show
redirect_to [:admin, :domains] if can? :show, Domain
end
end
end

4
app/controllers/admin/pending_deletes_controller.rb
View file

@ -6,7 +6,7 @@ module Admin
def update
authorize! :update, :pending
if registrant_verification.domain_registrant_delete_confirm!("admin #{current_user.username}")
if registrant_verification.domain_registrant_delete_confirm!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)
@ -16,7 +16,7 @@ module Admin
def destroy
authorize! :destroy, :pending
if registrant_verification.domain_registrant_delete_reject!("admin #{current_user.username}")
if registrant_verification.domain_registrant_delete_reject!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)

4
app/controllers/admin/pending_updates_controller.rb
View file

@ -6,7 +6,7 @@ module Admin
def update
authorize! :update, :pending
if registrant_verification.domain_registrant_change_confirm!("admin #{current_user.username}")
if registrant_verification.domain_registrant_change_confirm!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied)
else
redirect_to edit_admin_domain_path(@domain.id), alert: t(:failure)
@ -15,7 +15,7 @@ module Admin
def destroy
authorize! :destroy, :pending
if registrant_verification.domain_registrant_change_reject!("admin #{current_user.username}")
if registrant_verification.domain_registrant_change_reject!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)

29
app/controllers/admin/sessions_controller.rb
View file

@ -1,28 +1,17 @@
module Admin
class SessionsController < Devise::SessionsController
skip_authorization_check only: :create
private
def login
@admin_user = AdminUser.new
def after_sign_in_path_for(_resource_or_scope)
admin_domains_path
end
def create
if params[:admin_user].blank?
@admin_user = AdminUser.new
flash[:alert] = 'Something went wrong'
return render 'login'
end
def after_sign_out_path_for(_resource_or_scope)
new_admin_user_session_path
end
@admin_user = AdminUser.find_by(username: params[:admin_user][:username])
@admin_user ||= AdminUser.new(username: params[:admin_user][:username])
if @admin_user.valid_password?(params[:admin_user][:password])
sign_in @admin_user, event: :authentication
redirect_to admin_root_url, notice: I18n.t(:welcome)
else
flash[:alert] = 'Authorization error'
render 'login'
end
def user_for_paper_trail
current_admin_user ? current_admin_user.id_role_username : 'anonymous'
end
end
end
end

2
app/controllers/api/v1/registrant/contacts_controller.rb
View file

@ -35,7 +35,7 @@ module Api
private
def set_contacts_pool
country_code, ident = current_user.registrant_ident.to_s.split '-'
country_code, ident = current_registrant_user.registrant_ident.to_s.split '-'
associated_domain_ids = begin
BusinessRegistryCache.fetch_by_ident_and_cc(ident, country_code).associated_domain_ids
end

4
app/controllers/api/v1/registrant/domains_controller.rb
View file

@ -16,12 +16,12 @@ module Api
status: :bad_request) && return
end
@domains = associated_domains(current_user).limit(limit).offset(offset)
@domains = associated_domains(current_registrant_user).limit(limit).offset(offset)
render json: @domains
end
def show
domain_pool = associated_domains(current_user)
domain_pool = associated_domains(current_registrant_user)
@domain = domain_pool.find_by(uuid: params[:uuid])
if @domain

52
app/controllers/application_controller.rb
View file

@ -12,63 +12,15 @@ class ApplicationController < ActionController::Base
end
rescue_from CanCan::AccessDenied do |exception|
redirect_to current_root_url, alert: exception.message
redirect_to root_url, alert: exception.message
end
helper_method :registrant_request?, :registrar_request?, :admin_request?, :current_root_url
helper_method :available_languages
def registrant_request?
request.path.match(/^\/registrant/)
end
def registrar_request?
request.path.match(/^\/registrar/)
end
def admin_request?
request.path.match(/^\/admin/)
end
def current_root_url
if registrar_request?
registrar_root_url
elsif registrant_request?
registrant_login_url
elsif admin_request?
admin_root_url
end
end
def after_sign_in_path_for(_resource)
rt = session[:user_return_to].to_s.presence
login_paths = [admin_login_path, registrar_login_path, '/login']
return rt if rt && !login_paths.include?(rt)
current_root_url
end
def after_sign_out_path_for(_resource)
if registrar_request?
registrar_login_url
elsif registrant_request?
registrant_login_url
elsif admin_request?
admin_login_url
end
end
def info_for_paper_trail
{ uuid: request.uuid }
end
def user_for_paper_trail
user_log_str(current_user)
end
def user_log_str(user)
user.nil? ? 'public' : user.id_role_username
end
def comma_support_for(parent_key, key)
return if params[parent_key].blank?
return if params[parent_key][key].blank?
@ -80,4 +32,4 @@ class ApplicationController < ActionController::Base
def available_languages
{ en: 'English', et: 'Estonian' }.invert
end
end
end

4
app/controllers/epp/sessions_controller.rb
View file

@ -81,7 +81,7 @@ class Epp::SessionsController < EppController
if success
if params[:parsed_frame].css('newPW').first
unless @api_user.update(password: params[:parsed_frame].css('newPW').first.text)
unless @api_user.update(plain_text_password: params[:parsed_frame].css('newPW').first.text)
response.headers['X-EPP-Returncode'] = '2500'
handle_errors(@api_user) and return
end
@ -128,7 +128,7 @@ class Epp::SessionsController < EppController
def login_params
user = params[:parsed_frame].css('clID').first.text
pw = params[:parsed_frame].css('pw').first.text
{ username: user, password: pw }
{ username: user, plain_text_password: pw }
end
private

3
app/controllers/registrant/contacts_controller.rb
View file

@ -3,7 +3,6 @@ class Registrant::ContactsController < RegistrantController
def show
@contact = Contact.where(id: contacts).find_by(id: params[:id])
@current_user = current_user
authorize! :read, @contact
end
@ -22,7 +21,7 @@ class Registrant::ContactsController < RegistrantController
def domain_ids
@domain_ids ||= begin
ident_cc, ident = @current_user.registrant_ident.to_s.split '-'
ident_cc, ident = current_registrant_user.registrant_ident.to_s.split '-'
BusinessRegistryCache.fetch_by_ident_and_cc(ident, ident_cc).associated_domain_ids
end
end

3
app/controllers/registrant/domain_delete_confirms_controller.rb
View file

@ -19,7 +19,8 @@ class Registrant::DomainDeleteConfirmsController < RegistrantController
domain_name: @domain.name,
verification_token: params[:token])
initiator = current_user ? current_user.username : t(:user_not_authenticated)
initiator = current_registrant_user ? current_registrant_user.username :
t(:user_not_authenticated)
if params[:rejected]
if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}")

3
app/controllers/registrant/domain_update_confirms_controller.rb
View file

@ -19,7 +19,8 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
domain_name: @domain.name,
verification_token: params[:token])
initiator = current_user ? current_user.username : t(:user_not_authenticated)
initiator = current_registrant_user ? current_registrant_user.username :
t(:user_not_authenticated)
if params[:rejected]
if @registrant_verification.domain_registrant_change_reject!("email link, #{initiator}")

4
app/controllers/registrant/domains_controller.rb
View file

@ -54,13 +54,13 @@ class Registrant::DomainsController < RegistrantController
end
def domains
ident_cc, ident = @current_user.registrant_ident.split '-'
ident_cc, ident = current_registrant_user.registrant_ident.split '-'
begin
BusinessRegistryCache.fetch_associated_domains ident, ident_cc
rescue Soap::Arireg::NotAvailableError => error
flash[:notice] = I18n.t(error.json[:message])
Rails.logger.fatal("[EXCEPTION] #{error.to_s}")
current_user.domains
current_registrant_user.domains
end
end

26
app/controllers/registrant/sessions_controller.rb
View file

@ -1,8 +1,7 @@
class Registrant::SessionsController < Devise::SessionsController
layout 'registrant/application'
def login
end
def new; end
def id
id_code, id_issuer = request.env['SSL_CLIENT_S_DN'], request.env['SSL_CLIENT_I_DN_O']
@ -10,11 +9,10 @@ class Registrant::SessionsController < Devise::SessionsController
@user = RegistrantUser.find_or_create_by_idc_data(id_code, id_issuer)
if @user
sign_in(@user, event: :authentication)
redirect_to registrant_root_url
sign_in_and_redirect(:registrant_user, @user, event: :authentication)
else
flash[:alert] = t('login_failed_check_id_card')
redirect_to registrant_login_url
redirect_to new_registrant_user_session_url
end
end
@ -68,7 +66,7 @@ class Registrant::SessionsController < Devise::SessionsController
when 'USER_AUTHENTICATED'
@user = RegistrantUser.find_by(registrant_ident: "#{session[:user_country]}-#{session[:user_id_code]}")
sign_in @user
sign_in(:registrant_user, @user)
flash[:notice] = t(:welcome)
flash.keep(:notice)
render js: "window.location = '#{registrant_root_path}'"
@ -97,4 +95,18 @@ class Registrant::SessionsController < Devise::SessionsController
return User.new unless idc
ApiUser.find_by(identity_code: idc) || User.new
end
end
private
def after_sign_in_path_for(_resource_or_scope)
registrant_root_path
end
def after_sign_out_path_for(_resource_or_scope)
new_registrant_user_session_path
end
def user_for_paper_trail
current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous'
end
end

15
app/controllers/registrant_controller.rb
View file

@ -1,11 +1,22 @@
class RegistrantController < ApplicationController
before_action :authenticate_user!
before_action :authenticate_registrant_user!
layout 'registrant/application'
include Registrant::ApplicationHelper
helper_method :head_title_sufix
def head_title_sufix
t(:registrant_head_title_sufix)
end
end
private
def current_ability
@current_ability ||= Ability.new(current_registrant_user, request.remote_ip)
end
def user_for_paper_trail
current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous'
end
end

2
app/controllers/registrar/account_activities_controller.rb
View file

@ -4,7 +4,7 @@ class Registrar
def index
params[:q] ||= {}
account = current_user.registrar.cash_account
account = current_registrar_user.registrar.cash_account
ca_cache = params[:q][:created_at_lteq]
begin

14
app/controllers/registrar/base_controller.rb
View file

@ -2,7 +2,7 @@ class Registrar
class BaseController < ApplicationController
include Registrar::ApplicationHelper
before_action :authenticate_user!
before_action :authenticate_registrar_user!
before_action :check_ip_restriction
helper_method :depp_controller?
helper_method :head_title_sufix
@ -10,21 +10,21 @@ class Registrar
protected
def current_ability
@current_ability ||= Ability.new(current_user, request.remote_ip)
@current_ability ||= Ability.new(current_registrar_user, request.remote_ip)
end
private
def check_ip_restriction
ip_restriction = Authorization::RestrictedIP.new(request.ip)
allowed = ip_restriction.can_access_registrar_area?(current_user.registrar)
allowed = ip_restriction.can_access_registrar_area?(current_registrar_user.registrar)
return if allowed
sign_out current_user
sign_out current_registrar_user
flash[:alert] = t('registrar.authorization.ip_not_allowed', ip: request.ip)
redirect_to registrar_login_url
redirect_to new_registrar_user_session_url
end
def depp_controller?
@ -34,5 +34,9 @@ class Registrar
def head_title_sufix
t(:registrar_head_title_sufix)
end
def user_for_paper_trail
current_registrar_user ? current_registrar_user.id_role_username : 'anonymous'
end
end
end

2
app/controllers/registrar/bulk_change_controller.rb
View file

@ -10,7 +10,7 @@ class Registrar
private
def available_contacts
current_user.registrar.contacts.order(:name).pluck(:name, :code)
current_registrar_user.registrar.contacts.order(:name).pluck(:name, :code)
end
def default_tab

6
app/controllers/registrar/contacts_controller.rb
View file

@ -21,11 +21,11 @@ class Registrar
end
if params[:statuses_contains]
contacts = current_user.registrar.contacts.includes(:registrar).where(
contacts = current_registrar_user.registrar.contacts.includes(:registrar).where(
"contacts.statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
)
else
contacts = current_user.registrar.contacts.includes(:registrar)
contacts = current_registrar_user.registrar.contacts.includes(:registrar)
end
normalize_search_parameters do
@ -45,7 +45,7 @@ class Registrar
@contacts = Contact.find_by(name: params[:q][:name_matches])
end
contacts = current_user.registrar.contacts.includes(:registrar)
contacts = current_registrar_user.registrar.contacts.includes(:registrar)
contacts = contacts.filter_by_states(params[:statuses_contains]) if params[:statuses_contains]
normalize_search_parameters do

4
app/controllers/registrar/current_user_controller.rb
View file

@ -3,9 +3,9 @@ class Registrar
skip_authorization_check
def switch
raise 'Cannot switch to unlinked user' unless current_user.linked_with?(new_user)
raise 'Cannot switch to unlinked user' unless current_registrar_user.linked_with?(new_user)
sign_in(new_user)
sign_in(:registrar_user, new_user)
redirect_to :back, notice: t('.switched', new_user: new_user)
end

13
app/controllers/registrar/dashboard_controller.rb
View file

@ -1,13 +0,0 @@
class Registrar
class DashboardController < BaseController
authorize_resource class: false
def show
if can?(:show, :poll)
redirect_to registrar_poll_url and return
elsif can?(:show, Invoice)
redirect_to registrar_invoices_url and return
end
end
end
end

2
app/controllers/registrar/deposits_controller.rb
View file

@ -7,7 +7,7 @@ class Registrar
end
def create
@deposit = Deposit.new(deposit_params.merge(registrar: current_user.registrar))
@deposit = Deposit.new(deposit_params.merge(registrar: current_registrar_user.registrar))
@invoice = @deposit.issue_prepayment_invoice
if @invoice

10
app/controllers/registrar/depp_controller.rb
View file

@ -5,13 +5,13 @@ class Registrar
rescue_from(Errno::ECONNRESET, Errno::ECONNREFUSED) do |exception|
logger.error 'COULD NOT CONNECT TO REGISTRY'
logger.error exception.backtrace.join("\n")
redirect_to registrar_login_url, alert: t(:no_connection_to_registry)
redirect_to new_registrar_user_session_url, alert: t(:no_connection_to_registry)
end
before_action :authenticate_user
def authenticate_user
redirect_to registrar_login_url and return unless depp_current_user
redirect_to new_registrar_user_session_url and return unless depp_current_user
end
def depp_controller?
@ -19,10 +19,10 @@ class Registrar
end
def depp_current_user
return nil unless current_user
return nil unless current_registrar_user
@depp_current_user ||= Depp::User.new(
tag: current_user.username,
password: current_user.password
tag: current_registrar_user.username,
password: current_registrar_user.plain_text_password
)
end

3
app/controllers/registrar/domain_transfers_controller.rb
View file

@ -21,7 +21,8 @@ class Registrar
uri = URI.parse("#{ENV['repp_url']}domain_transfers")
request = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
request.body = { data: { domainTransfers: domain_transfers } }.to_json
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username,
current_registrar_user.plain_text_password)
if Rails.env.test?

8
app/controllers/registrar/domains_controller.rb
View file

@ -16,11 +16,11 @@ class Registrar
end
if params[:statuses_contains]
domains = current_user.registrar.domains.includes(:registrar, :registrant).where(
domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant).where(
"statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
)
else
domains = current_user.registrar.domains.includes(:registrar, :registrant)
domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant)
end
normalize_search_parameters do
@ -142,7 +142,7 @@ class Registrar
def search_contacts
authorize! :create, Depp::Domain
scope = current_user.registrar.contacts.limit(10)
scope = current_registrar_user.registrar.contacts.limit(10)
if params[:query].present?
escaped_str = ActiveRecord::Base.connection.quote_string params[:query]
scope = scope.where("name ilike '%#{escaped_str}%' OR code ilike '%#{escaped_str}%' ")
@ -159,7 +159,7 @@ class Registrar
def contacts
current_user.registrar.contacts
current_registrar_user.registrar.contacts
end
def normalize_search_parameters

3
app/controllers/registrar/invoices_controller.rb
View file

@ -6,7 +6,8 @@ class Registrar
def index
params[:q] ||= {}
invoices = current_user.registrar.invoices.includes(:invoice_items, :account_activity)
invoices = current_registrar_user.registrar.invoices
.includes(:invoice_items, :account_activity)
normalize_search_parameters do
@q = invoices.search(params[:q])

3
app/controllers/registrar/nameservers_controller.rb
View file

@ -12,7 +12,8 @@ class Registrar
attributes: { hostname: params[:new_hostname],
ipv4: ipv4,
ipv6: ipv6 } } }.to_json
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username,
current_registrar_user.plain_text_password)
if Rails.env.test?
response = Net::HTTP.start(uri.hostname, uri.port,

4
app/controllers/registrar/profile_controller.rb
View file

@ -5,13 +5,13 @@ class Registrar
helper_method :linked_users
def show
@user = current_user
@user = current_registrar_user
end
private
def linked_users
current_user.linked_users
current_registrar_user.linked_users
end
end
end

60
app/controllers/registrar/sessions_controller.rb
View file

@ -3,12 +3,8 @@ class Registrar
before_action :check_ip_restriction
helper_method :depp_controller?
def login
@depp_user = Depp::User.new
end
def create
@depp_user = Depp::User.new(params[:depp_user].merge(pki: !(Rails.env.development? || Rails.env.test?)))
@depp_user = Depp::User.new(depp_user_params)
if @depp_user.pki && request.env['HTTP_SSL_CLIENT_S_DN_CN'].blank?
@depp_user.errors.add(:base, :webserver_missing_user_name_directive)
@ -26,11 +22,12 @@ class Registrar
@depp_user.errors.add(:base, :webserver_client_cert_directive_should_be_required)
end
@api_user = ApiUser.find_by(username: params[:depp_user][:tag], password: params[:depp_user][:password])
@api_user = ApiUser.find_by(username: sign_in_params[:username],
plain_text_password: sign_in_params[:password])
unless @api_user
@depp_user.errors.add(:base, t(:no_such_user))
render 'login' and return
show_error and return
end
if @depp_user.pki
@ -41,14 +38,13 @@ class Registrar
if @depp_user.errors.none?
if @api_user.active?
sign_in @api_user
redirect_to registrar_root_url
sign_in_and_redirect(:registrar_user, @api_user)
else
@depp_user.errors.add(:base, :not_active)
render 'login'
show_error and return
end
else
render 'login'
show_error and return
end
end
@ -56,11 +52,10 @@ class Registrar
@user = ApiUser.find_by_idc_data_and_allowed(request.env['SSL_CLIENT_S_DN'], request.ip)
if @user
sign_in(@user, event: :authentication)
redirect_to registrar_root_url
sign_in_and_redirect(:registrar_user, @user, event: :authentication)
else
flash[:alert] = t('no_such_user')
redirect_to registrar_login_url
redirect_to new_registrar_user_session_url
end
end
@ -117,7 +112,7 @@ class Registrar
render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok
when 'USER_AUTHENTICATED'
@user = find_user_by_idc_and_allowed(session[:user_id_code])
sign_in @user
sign_in(:registrar_user, @user)
flash[:notice] = t(:welcome)
flash.keep(:notice)
render js: "window.location = '#{registrar_root_url}'"
@ -163,8 +158,6 @@ class Registrar
end
end
def check_ip_restriction
ip_restriction = Authorization::RestrictedIP.new(request.ip)
allowed = ip_restriction.can_access_registrar_area_sign_in_page?
@ -173,5 +166,36 @@ class Registrar
render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
end
def current_ability
@current_ability ||= Ability.new(current_registrar_user, request.remote_ip)
end
def after_sign_in_path_for(_resource_or_scope)
if can?(:show, :poll)
registrar_root_path
else
registrar_profile_path
end
end
def after_sign_out_path_for(_resource_or_scope)
new_registrar_user_session_path
end
def user_for_paper_trail
current_registrar_user ? current_registrar_user.id_role_username : 'anonymous'
end
def depp_user_params
params = sign_in_params
params[:tag] = params.delete(:username)
params.merge!(pki: !(Rails.env.development? || Rails.env.test?))
params
end
def show_error
redirect_to new_registrar_user_session_url, alert: @depp_user.errors.full_messages.first
end
end
end
end

3
app/controllers/registrar/tech_contacts_controller.rb
View file

@ -8,7 +8,8 @@ class Registrar
request = Net::HTTP::Patch.new(uri)
request.set_form_data(current_contact_id: params[:current_contact_id],
new_contact_id: params[:new_contact_id])
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username,
current_registrar_user.plain_text_password)
if Rails.env.test?
response = Net::HTTP.start(uri.hostname, uri.port,