Merge remote-tracking branch 'origin/master' into repp-domains

app/controllers/api/v1/registrant/contacts_controller.rb

@@ -24,7 +24,7 @@ module Api
         end
 
         def show
-          contact = current_user_contacts.find_by(uuid: params[:uuid])
+          contact = representable_contact(params[:uuid])
           links = params[:links] == 'true'
 
           if contact
@@ -91,6 +91,22 @@ module Api
 
         private
 
+        def representable_contact(uuid)
+          country = current_registrant_user.country.alpha2
+          contact = Contact.find_by(uuid: uuid, ident: current_registrant_user.ident,
+                                    ident_type: 'priv', ident_country_code: country)
+          return contact if contact
+
+          Contact.find_by(uuid: uuid, ident_type: 'org', ident: company_codes,
+                          ident_country_code: country)
+        rescue CompanyRegister::NotAvailableError
+          nil
+        end
+
+        def company_codes
+          current_registrant_user.companies.collect(&:registration_number)
+        end
+
         def current_user_contacts
           current_registrant_user.contacts(representable: false)
         rescue CompanyRegister::NotAvailableError

app/controllers/repp/v1/base_controller.rb

@@ -1,7 +1,7 @@
 module Repp
   module V1
     class BaseController < ActionController::API # rubocop:disable Metrics/ClassLength
-      rescue_from ActiveRecord::RecordNotFound, with: :not_found_error
+      around_action :log_request
       before_action :authenticate_user
       before_action :validate_webclient_ca
       before_action :check_ip_restriction
@@ -9,22 +9,31 @@ module Repp
 
       before_action :set_paper_trail_whodunnit
 
-      rescue_from ActionController::ParameterMissing, Apipie::ParamInvalid,
-                  Apipie::ParamMissing do |exception|
-        render json: { code: 2003, message: exception }, status: :bad_request
+      private
+
+      def log_request
+        yield
+      rescue ActiveRecord::RecordNotFound
+        @response = { code: 2303, message: 'Object does not exist' }
+        render(json: @response, status: :not_found)
+      rescue ActionController::ParameterMissing, Apipie::ParamInvalid, Apipie::ParamMissing => e
+        @response = { code: 2003, message: e }
+        render(json: @response, status: :bad_request)
+      ensure
+        create_repp_log
       end
 
-      after_action do
+      # rubocop:disable Metrics/AbcSize
+      def create_repp_log
         ApiLog::ReppLog.create(
           request_path: request.path, request_method: request.request_method,
           request_params: request.params.except('route_info').to_json, uuid: request.try(:uuid),
-          response: @response.to_json, response_code: status, ip: request.ip,
+          response: @response.to_json, response_code: response.status, ip: request.ip,
           api_user_name: current_user.try(:username),
           api_user_registrar: current_user.try(:registrar).try(:to_s)
         )
       end
-
-      private
+      # rubocop:enable Metrics/AbcSize
 
       def set_domain
         registrar = current_user.registrar
@@ -131,11 +140,6 @@ module Repp
 
         render(json: @response, status: :unauthorized)
       end
-
-      def not_found_error
-        @response = { code: 2303, message: 'Object does not exist' }
-        render(json: @response, status: :not_found)
-      end
     end
   end
 end

app/controllers/repp/v1/domains_controller.rb

@@ -3,6 +3,7 @@ module Repp
   module V1
     class DomainsController < BaseController # rubocop:disable Metrics/ClassLength
       before_action :set_authorized_domain, only: %i[transfer_info destroy]
+      before_action :validate_registrar_authorization, only: %i[transfer_info destroy]
       before_action :forward_registrar_id, only: %i[create destroy]
       before_action :set_domain, only: %i[show update]
 
@@ -182,11 +183,7 @@ module Repp
 
       def set_authorized_domain
         @epp_errors ||= []
-        h = {}
-        h[transfer_info_params[:id].match?(/\A[0-9]+\z/) ? :id : :name] = transfer_info_params[:id]
-        @domain = Epp::Domain.find_by!(h)
-
-        validate_registrar_authorization
+        @domain = domain_from_url_hash
       end
 
       def validate_registrar_authorization
@@ -197,6 +194,13 @@ module Repp
         handle_errors
       end
 
+      def domain_from_url_hash
+        entry = transfer_info_params[:id]
+        return Domain.find(entry) if entry.match?(/\A[0-9]+\z/)
+
+        Domain.find_by!('name = ? OR name_puny = ?', entry, entry)
+      end
+
       def limit
         index_params[:limit] || 200
       end

app/lib/to_stdout.rb

@@ -0,0 +1,6 @@
+class ToStdout
+  def self.msg(message)
+    time = Time.zone.now.utc
+    STDOUT << "#{time} - #{message}\n" unless Rails.env.test?
+  end
+end

app/models/actions/domain_create.rb

@@ -68,7 +68,25 @@ module Actions
       domain.registrar = current_registrar
       assign_domain_period
       assign_domain_auth_codes
-      domain.dnskeys_attributes = params[:dnskeys_attributes] if params[:dnskeys_attributes]
+      assign_dnskeys
+    end
+
+    def assign_dnskeys
+      return unless params[:dnskeys_attributes]&.any?
+
+      params[:dnskeys_attributes].each { |dk| verify_public_key_integrity(dk) }
+      params.dnskeys_attributes = params[:dnskeys_attributes]
+    end
+
+    def verify_public_key_integrity(dnssec)
+      return if dnssec[:public_key].blank?
+
+      value = dnssec[:public_key]
+      if !value.is_a?(String) || Base64.strict_encode64(Base64.strict_decode64(value)) != value
+        domain.add_epp_error(2005, nil, nil, %i[dnskeys invalid])
+      end
+    rescue ArgumentError
+      domain.add_epp_error(2005, nil, nil, %i[dnskeys invalid])
     end
 
     def assign_domain_auth_codes

app/models/actions/domain_update.rb

@@ -92,18 +92,20 @@ module Actions
     end
 
     def validate_dnskey_integrity(key)
-      if key[:pubKey] && !Setting.key_data_allowed
+      if key[:public_key] && !Setting.key_data_allowed
         domain.add_epp_error('2306', nil, nil, %i[dnskeys key_data_not_allowed])
-      elsif key[:digest] && !Setting.ds_data_allowed
+      elsif key[:ds_digest] && !Setting.ds_data_allowed
         domain.add_epp_error('2306', nil, nil, %i[dnskeys ds_data_not_allowed])
       end
 
+      verify_public_key_integrity(key)
+
       @dnskeys << key.except(:action)
     end
 
     def assign_removable_dnskey(key)
       dnkey = domain.dnskeys.find_by(key.except(:action))
-      domain.add_epp_error('2303', nil, nil, %i[dnskeys not_found]) unless dnkey
+      domain.add_epp_error(2303, nil, nil, %i[dnskeys not_found]) unless dnkey
 
       @dnskeys << { id: dnkey.id, _destroy: 1 } if dnkey
     end
@@ -240,5 +242,16 @@ module Actions
 
       false
     end
+
+    def verify_public_key_integrity(dnssec)
+      return if dnssec[:public_key].blank?
+
+      value = dnssec[:public_key]
+      if !value.is_a?(String) || Base64.strict_encode64(Base64.strict_decode64(value)) != value
+        domain.add_epp_error('2005', nil, nil, %i[dnskeys invalid])
+      end
+    rescue ArgumentError
+      domain.add_epp_error('2005', nil, nil, %i[dnskeys invalid])
+    end
   end
 end

app/models/concerns/domain/releasable.rb

@@ -39,13 +39,15 @@ module Concerns
 
       def release
         if release_to_auction
-          transaction do
-            domain_name.sell_at_auction if domain_name.auctionable?
-            destroy!
-            registrar.notifications.create!(text: "#{I18n.t(:domain_deleted)}: #{name}",
-                                            attached_obj_id: id,
-                                            attached_obj_type: self.class)
-          end
+          ToStdout.msg 'Destroying domain'
+          destroy!
+          ToStdout.msg "Checking if domain_name is auctionable: #{domain_name.auctionable?}"
+          domain_name.sell_at_auction if domain_name.auctionable?
+
+          ToStdout.msg 'Sending registrar notification'
+          registrar.notifications.create!(text: "#{I18n.t(:domain_deleted)}: #{name}",
+                                          attached_obj_id: id,
+                                          attached_obj_type: self.class)
         else
           discard
         end

app/models/concerns/domain/transferable.rb

@@ -59,7 +59,7 @@ module Concerns::Domain::Transferable
     copied_ids = []
     domain_contacts.each do |dc|
       contact = Contact.find(dc.contact_id)
-      next if copied_ids.include?(contact.id) || contact.registrar == new_registrar
+      next if copied_ids.include?(uniq_contact_hash(dc)) || contact.registrar == new_registrar
 
       if registrant_id_was == contact.id # registrant was copied previously, do not copy it again
         oc = OpenStruct.new(id: registrant_id)
@@ -72,7 +72,11 @@ module Concerns::Domain::Transferable
       else
         dc.update(contact_id: oc.id)
       end
-      copied_ids << contact.id
+      copied_ids << uniq_contact_hash(dc)
     end
   end
+
+  def uniq_contact_hash(contact)
+    Digest::SHA1.hexdigest(contact.contact_id.to_s + contact.type)
+  end
 end

app/models/contact.rb

@@ -360,9 +360,11 @@ class Contact < ApplicationRecord
     @desc
   end
 
+  # Limits returned objects to 11
   def related_domains
-    a = related_domain_descriptions
-    a.keys.map { |d| { name: d, id: a[d][:id], roles: a[d][:roles] } }
+    ids = DomainContact.select(:domain_id).where(contact_id: id).limit(11).map(&:domain_id).uniq
+    res = Domain.where(id: ids).or(Domain.where(registrant_id: id)).select(:name, :uuid).limit(11)
+    res.pluck(:name, :uuid).map { |name, id| { name: name, id: id } }
   end
 
   def status_notes_array=(notes)

app/models/dns/domain_name.rb

@@ -36,6 +36,7 @@ module DNS
       auction = Auction.new
       auction.domain = name
       auction.start
+      ToStdout.msg "Created the auction: #{auction.inspect}"
       update_whois_from_auction(auction)
     end
 
@@ -100,7 +101,8 @@ module DNS
       whois_record = Whois::Record.find_or_create_by!(name: name) do |record|
         record.json = {}
       end
-
+      ToStdout.msg "Starting to update WHOIS record #{whois_record.inspect}\n\n"\
+                   "from auction #{auction.inspect}"
       whois_record.update_from_auction(auction)
     end
   end

app/models/domain.rb

@@ -78,7 +78,7 @@ class Domain < ApplicationRecord
     true
   end
 
-  after_commit :update_whois_record, unless: -> { domain_name.at_auction? }
+  after_commit :update_whois_record
 
   after_create :update_reserved_domains
   def update_reserved_domains

app/models/epp/domain.rb

@@ -128,6 +128,7 @@ class Epp::Domain < Domain
 
   def attach_legal_document(legal_document_data)
     return unless legal_document_data
+    return unless legal_document_data[:body]
     return if legal_document_data[:body].starts_with?(ENV['legal_documents_dir'])
 
     legal_documents.create(

app/models/whois/record.rb

@@ -2,23 +2,34 @@ module Whois
   class Record < Whois::Server
     self.table_name = 'whois_records'
 
+    def self.without_auctions
+      ids = Whois::Record.all.select { |record| Auction.where(domain: record.name).blank? }
+                         .pluck(:id)
+      Whois::Record.where(id: ids)
+    end
+
     def self.disclaimer
       Setting.registry_whois_disclaimer
     end
 
+    # rubocop:disable Metrics/AbcSize
     def update_from_auction(auction)
       if auction.started?
         update!(json: { name: auction.domain,
                         status: ['AtAuction'],
                         disclaimer: self.class.disclaimer })
+        ToStdout.msg "Updated from auction WHOIS record #{inspect}"
       elsif auction.no_bids?
+        ToStdout.msg "Destroying WHOIS record #{inspect}"
         destroy!
       elsif auction.awaiting_payment? || auction.payment_received?
         update!(json: { name: auction.domain,
                         status: ['PendingRegistration'],
                         disclaimer: self.class.disclaimer,
                         registration_deadline: auction.whois_deadline })
+        ToStdout.msg "Updated from auction WHOIS record #{inspect}"
       end
     end
+    # rubocop:enable Metrics/AbcSize
   end
 end

app/models/whois_record.rb

@@ -97,7 +97,7 @@ class WhoisRecord < ApplicationRecord
   end
 
   def destroy_whois_record
-    Whois::Record.where(name: name).delete_all
+    Whois::Record.without_auctions.where(name: name).delete_all
   end
 
   private