zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-19 02:39:37 +02:00
Code Issues Projects Releases Packages Wiki Activity

Allow to update own contact without password

Browse source
This commit is contained in:
Priit Tark 2015-05-04 11:47:06 +03:00
parent 8cc03774ff
commit 430f3e3e58
4 changed files with 44 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/epp/contacts_controller.rb
View file

@ -117,7 +117,7 @@ class Epp::ContactsController < EppController
contact_org_disabled contact_org_disabled
fax_disabled fax_disabled
status_editing_disabled status_editing_disabled
requires 'id', 'authInfo > pw' requires 'id'
@prefix = nil @prefix = nil
end end

2
app/models/ability.rb
View file

@ -36,7 +36,7 @@ class Ability
can(:view_full_info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } can(:view_full_info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
can(:check, Epp::Contact) can(:check, Epp::Contact)
can(:create, Epp::Contact) can(:create, Epp::Contact)
can(:update, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id && c.auth_info == pw } can(:update, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
can(:renew, Epp::Contact) can(:renew, Epp::Contact)
can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw } can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }

1
app/models/epp/contact.rb
View file

@ -23,7 +23,6 @@ class Epp::Contact < Contact
at[:street] = nil if f.css('postalInfo addr street').present? at[:street] = nil if f.css('postalInfo addr street').present?
at[:state] = nil if f.css('postalInfo addr sp').present? at[:state] = nil if f.css('postalInfo addr sp').present?
at[:country_code] = nil if f.css('postalInfo addr cc').present? at[:country_code] = nil if f.css('postalInfo addr cc').present?
at[:auth_info] = nil if f.css('authInfo pw').present?
else else
at[:name] = f.css('postalInfo name').text if f.css('postalInfo name').present? at[:name] = f.css('postalInfo name').text if f.css('postalInfo name').present?
at[:org_name] = f.css('postalInfo org').text if f.css('postalInfo org').present? at[:org_name] = f.css('postalInfo org').text if f.css('postalInfo org').present?

51
spec/epp/contact_spec.rb
View file

@ -231,10 +231,7 @@ describe 'EPP Contact', epp: true do
response[:results][1][:msg].should == response[:results][1][:msg].should ==
'Required parameter missing: update > update > id [id]' 'Required parameter missing: update > update > id [id]'
response[:results][1][:result_code].should == '2003' response[:results][1][:result_code].should == '2003'
response[:results][2][:msg].should == response[:results].count.should == 2
'Required parameter missing: update > update > authInfo > pw [pw]'
response[:results][2][:result_code].should == '2003'
response[:results].count.should == 3
end end
it 'returns error if obj doesnt exist' do it 'returns error if obj doesnt exist' do
@ -253,11 +250,47 @@ describe 'EPP Contact', epp: true do
@contact.email.should == 'edited@example.example' @contact.email.should == 'edited@example.example'
end end
it 'fails with wrong authentication info' do it 'is succesful for own contact without password' do
without_password = {
id: { value: 'sh8013' },
chg: {
postalInfo: {
name: { value: 'John Doe Edited' }
}
}
}
update_xml = @epp_xml.update(without_password)
response = epp_plain_request(update_xml, :xml)
response[:msg].should == 'Command completed successfully'
@contact.reload
@contact.name.should == 'John Doe Edited'
end
it 'should update other contact with correct password' do
login_as :registrar2 do login_as :registrar2 do
response = update_request({ id: { value: 'sh8013' } }) response = update_request({ id: { value: 'sh8013' } })
response[:msg].should == 'Command completed successfully'
response[:result_code].should == '1000'
end
end
it 'should not update other contact without password' do
login_as :registrar2 do
without_password = {
id: { value: 'sh8013' },
chg: {
postalInfo: {
name: { value: 'John Doe Edited' }
}
}
}
update_xml = @epp_xml.update(without_password)
response = epp_plain_request(update_xml, :xml)
response[:msg].should == 'Authorization error' response[:msg].should == 'Authorization error'
response[:result_code].should == '2201' @contact.reload
@contact.name.should == 'John Doe Edited'
end end
end end
@ -519,7 +552,7 @@ describe 'EPP Contact', epp: true do
contact.update_attribute(:phone, '+372.7654321') # restore default value contact.update_attribute(:phone, '+372.7654321') # restore default value
end end
it 'should return authorization error when removing auth info' do it 'should not remove password' do
xml = @epp_xml.update({ xml = @epp_xml.update({
id: { value: 'sh8013' }, id: { value: 'sh8013' },
authInfo: { pw: { value: 'password' } }, authInfo: { pw: { value: 'password' } },
@ -529,8 +562,8 @@ describe 'EPP Contact', epp: true do
}) })
response = epp_plain_request(xml, :xml) response = epp_plain_request(xml, :xml)
response[:results][0][:msg].should == 'Authorization error' response[:results][0][:msg].should == 'Command completed successfully'
response[:results][0][:result_code].should == '2201' response[:results][0][:result_code].should == '1000'
contact = Contact.find_by(code: 'sh8013') contact = Contact.find_by(code: 'sh8013')
contact.auth_info.should == 'password' contact.auth_info.should == 'password'