Merge remote-tracking branch 'origin/master' into repp-domains

app/models/actions/domain_create.rb

@@ -68,7 +68,25 @@ module Actions
       domain.registrar = current_registrar
       assign_domain_period
       assign_domain_auth_codes
-      domain.dnskeys_attributes = params[:dnskeys_attributes] if params[:dnskeys_attributes]
+      assign_dnskeys
+    end
+
+    def assign_dnskeys
+      return unless params[:dnskeys_attributes]&.any?
+
+      params[:dnskeys_attributes].each { |dk| verify_public_key_integrity(dk) }
+      params.dnskeys_attributes = params[:dnskeys_attributes]
+    end
+
+    def verify_public_key_integrity(dnssec)
+      return if dnssec[:public_key].blank?
+
+      value = dnssec[:public_key]
+      if !value.is_a?(String) || Base64.strict_encode64(Base64.strict_decode64(value)) != value
+        domain.add_epp_error(2005, nil, nil, %i[dnskeys invalid])
+      end
+    rescue ArgumentError
+      domain.add_epp_error(2005, nil, nil, %i[dnskeys invalid])
     end
 
     def assign_domain_auth_codes

app/models/actions/domain_update.rb

@@ -92,18 +92,20 @@ module Actions
     end
 
     def validate_dnskey_integrity(key)
-      if key[:pubKey] && !Setting.key_data_allowed
+      if key[:public_key] && !Setting.key_data_allowed
         domain.add_epp_error('2306', nil, nil, %i[dnskeys key_data_not_allowed])
-      elsif key[:digest] && !Setting.ds_data_allowed
+      elsif key[:ds_digest] && !Setting.ds_data_allowed
         domain.add_epp_error('2306', nil, nil, %i[dnskeys ds_data_not_allowed])
       end
 
+      verify_public_key_integrity(key)
+
       @dnskeys << key.except(:action)
     end
 
     def assign_removable_dnskey(key)
       dnkey = domain.dnskeys.find_by(key.except(:action))
-      domain.add_epp_error('2303', nil, nil, %i[dnskeys not_found]) unless dnkey
+      domain.add_epp_error(2303, nil, nil, %i[dnskeys not_found]) unless dnkey
 
       @dnskeys << { id: dnkey.id, _destroy: 1 } if dnkey
     end
@@ -240,5 +242,16 @@ module Actions
 
       false
     end
+
+    def verify_public_key_integrity(dnssec)
+      return if dnssec[:public_key].blank?
+
+      value = dnssec[:public_key]
+      if !value.is_a?(String) || Base64.strict_encode64(Base64.strict_decode64(value)) != value
+        domain.add_epp_error('2005', nil, nil, %i[dnskeys invalid])
+      end
+    rescue ArgumentError
+      domain.add_epp_error('2005', nil, nil, %i[dnskeys invalid])
+    end
   end
 end

app/models/concerns/domain/releasable.rb

@@ -39,13 +39,15 @@ module Concerns
 
       def release
         if release_to_auction
-          transaction do
-            domain_name.sell_at_auction if domain_name.auctionable?
-            destroy!
-            registrar.notifications.create!(text: "#{I18n.t(:domain_deleted)}: #{name}",
-                                            attached_obj_id: id,
-                                            attached_obj_type: self.class)
-          end
+          ToStdout.msg 'Destroying domain'
+          destroy!
+          ToStdout.msg "Checking if domain_name is auctionable: #{domain_name.auctionable?}"
+          domain_name.sell_at_auction if domain_name.auctionable?
+
+          ToStdout.msg 'Sending registrar notification'
+          registrar.notifications.create!(text: "#{I18n.t(:domain_deleted)}: #{name}",
+                                          attached_obj_id: id,
+                                          attached_obj_type: self.class)
         else
           discard
         end

app/models/concerns/domain/transferable.rb

@@ -59,7 +59,7 @@ module Concerns::Domain::Transferable
     copied_ids = []
     domain_contacts.each do |dc|
       contact = Contact.find(dc.contact_id)
-      next if copied_ids.include?(contact.id) || contact.registrar == new_registrar
+      next if copied_ids.include?(uniq_contact_hash(dc)) || contact.registrar == new_registrar
 
       if registrant_id_was == contact.id # registrant was copied previously, do not copy it again
         oc = OpenStruct.new(id: registrant_id)
@@ -72,7 +72,11 @@ module Concerns::Domain::Transferable
       else
         dc.update(contact_id: oc.id)
       end
-      copied_ids << contact.id
+      copied_ids << uniq_contact_hash(dc)
     end
   end
+
+  def uniq_contact_hash(contact)
+    Digest::SHA1.hexdigest(contact.contact_id.to_s + contact.type)
+  end
 end

app/models/contact.rb

@@ -360,9 +360,11 @@ class Contact < ApplicationRecord
     @desc
   end
 
+  # Limits returned objects to 11
   def related_domains
-    a = related_domain_descriptions
-    a.keys.map { |d| { name: d, id: a[d][:id], roles: a[d][:roles] } }
+    ids = DomainContact.select(:domain_id).where(contact_id: id).limit(11).map(&:domain_id).uniq
+    res = Domain.where(id: ids).or(Domain.where(registrant_id: id)).select(:name, :uuid).limit(11)
+    res.pluck(:name, :uuid).map { |name, id| { name: name, id: id } }
   end
 
   def status_notes_array=(notes)

app/models/dns/domain_name.rb

@@ -36,6 +36,7 @@ module DNS
       auction = Auction.new
       auction.domain = name
       auction.start
+      ToStdout.msg "Created the auction: #{auction.inspect}"
       update_whois_from_auction(auction)
     end
 
@@ -100,7 +101,8 @@ module DNS
       whois_record = Whois::Record.find_or_create_by!(name: name) do |record|
         record.json = {}
       end
-
+      ToStdout.msg "Starting to update WHOIS record #{whois_record.inspect}\n\n"\
+                   "from auction #{auction.inspect}"
       whois_record.update_from_auction(auction)
     end
   end

app/models/domain.rb

@@ -78,7 +78,7 @@ class Domain < ApplicationRecord
     true
   end
 
-  after_commit :update_whois_record, unless: -> { domain_name.at_auction? }
+  after_commit :update_whois_record
 
   after_create :update_reserved_domains
   def update_reserved_domains

app/models/epp/domain.rb

@@ -128,6 +128,7 @@ class Epp::Domain < Domain
 
   def attach_legal_document(legal_document_data)
     return unless legal_document_data
+    return unless legal_document_data[:body]
     return if legal_document_data[:body].starts_with?(ENV['legal_documents_dir'])
 
     legal_documents.create(

app/models/whois/record.rb

@@ -2,23 +2,34 @@ module Whois
   class Record < Whois::Server
     self.table_name = 'whois_records'
 
+    def self.without_auctions
+      ids = Whois::Record.all.select { |record| Auction.where(domain: record.name).blank? }
+                         .pluck(:id)
+      Whois::Record.where(id: ids)
+    end
+
     def self.disclaimer
       Setting.registry_whois_disclaimer
     end
 
+    # rubocop:disable Metrics/AbcSize
     def update_from_auction(auction)
       if auction.started?
         update!(json: { name: auction.domain,
                         status: ['AtAuction'],
                         disclaimer: self.class.disclaimer })
+        ToStdout.msg "Updated from auction WHOIS record #{inspect}"
       elsif auction.no_bids?
+        ToStdout.msg "Destroying WHOIS record #{inspect}"
         destroy!
       elsif auction.awaiting_payment? || auction.payment_received?
         update!(json: { name: auction.domain,
                         status: ['PendingRegistration'],
                         disclaimer: self.class.disclaimer,
                         registration_deadline: auction.whois_deadline })
+        ToStdout.msg "Updated from auction WHOIS record #{inspect}"
       end
     end
+    # rubocop:enable Metrics/AbcSize
   end
 end

app/models/whois_record.rb

@@ -97,7 +97,7 @@ class WhoisRecord < ApplicationRecord
   end
 
   def destroy_whois_record
-    Whois::Record.where(name: name).delete_all
+    Whois::Record.without_auctions.where(name: name).delete_all
   end
 
   private