Merge branch 'alpha' into staging

2025-07-03 09:43:36 +02:00 · 2015-10-04 01:03:53 +03:00 · 2015-10-04 01:03:53 +03:00 · 453f8d6f46
commit 453f8d6f46
parent 1c760a5c6f c5b149d1ce
65 changed files with 879 additions and 322 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,9 @@
 21.09.2015
 * eis-1.0.xsd schema file updated without a new version, please publish a new updated schema file to public.
 17.09.2015
 * deploy-example.rb has been updated with `@cron_group`.
 11.08.2015
 * Possible to add whitelist_emails_for_staging list at application.yml
--- a/1
+++ b/1
@ -25,6 +25,7 @@ gem 'validates_email_format_of', '1.6.3' # validates email against RFC 2822 and
 gem 'paper_trail',
  github: 'airblade/paper_trail',
  ref: 'a453811226ec4ea59753ba6b827e390ced2fc140'
 # NB! if this gets upgraded, ensure Setting.reload_settings! still works correctly
 gem 'rails-settings-cached',     '0.4.1' # for settings
 # html-xml
--- a/app/controllers/admin/account_activities_controller.rb
+++ b/app/controllers/admin/account_activities_controller.rb
@ -0,0 +1,27 @@
 class Admin::AccountActivitiesController < AdminController
  load_and_authorize_resource
  def index # rubocop: disable Metrics/AbcSize
    params[:q] ||= {}
    ca_cache = params[:q][:created_at_lteq]
    begin
      end_time = params[:q][:created_at_lteq].try(:to_date)
      params[:q][:created_at_lteq] = end_time.try(:end_of_day)
    rescue
      logger.warn('Invalid date')
    end
    @q = AccountActivity.includes(:invoice, account: :registrar).search(params[:q])
    @q.sorts = 'id desc' if @q.sorts.empty?
    respond_to do |format|
      format.html { @account_activities = @q.result.page(params[:page]) }
      format.csv do
        send_data @q.result.to_csv, filename: "account_activities_#{Time.zone.now.to_formatted_s(:number)}.csv"
      end
    end
    params[:q][:created_at_lteq] = ca_cache
  end
 end
--- a/app/controllers/admin/reserved_domains_controller.rb
+++ b/app/controllers/admin/reserved_domains_controller.rb
@ -11,6 +11,7 @@ class Admin::ReservedDomainsController < AdminController
    begin
      names = YAML.load(params[:reserved_domains])
      fail if names == false
    rescue
      flash.now[:alert] = I18n.t('invalid_yaml')
      logger.warn 'Invalid YAML'
--- a/app/controllers/admin/white_ips_controller.rb
+++ b/app/controllers/admin/white_ips_controller.rb
@ -51,6 +51,6 @@ class Admin::WhiteIpsController < AdminController
  end
  def white_ip_params
-    params.require(:white_ip).permit(:ipv4, :ipv6, :interface, :registrar_id)
+    params.require(:white_ip).permit(:ipv4, :ipv6, :registrar_id, { interfaces: [] })
  end
 end
--- a/app/controllers/epp/contacts_controller.rb
+++ b/app/controllers/epp/contacts_controller.rb
@ -126,9 +126,6 @@ class Epp::ContactsController < EppController
    contact_org_disabled
    fax_disabled
    status_editing_disabled
    if params[:parsed_frame].css('ident').present?
      epp_errors << { code: '2306', msg: "#{I18n.t(:ident_update_error)} [ident]" }
    end
    requires 'id'
    @prefix = nil
  end
--- a/app/controllers/epp/domains_controller.rb
+++ b/app/controllers/epp/domains_controller.rb
@ -63,7 +63,6 @@ class Epp::DomainsController < EppController
  def delete
    authorize! :delete, @domain, @password
    # all includes for bullet
    @domain = Epp::Domain.where(id: @domain.id).includes(nameservers: :versions).first
--- a/app/controllers/registrar/dashboard_controller.rb
+++ b/app/controllers/registrar/dashboard_controller.rb
@ -0,0 +1,11 @@
 class Registrar::DashboardController < RegistrarController
  authorize_resource class: false
  def show
    if can?(:show, :poll)
      redirect_to registrar_poll_url and return
    elsif can?(:show, Invoice)
      redirect_to registrar_invoices_url and return
    end
  end
 end
--- a/app/controllers/registrar/domains_controller.rb
+++ b/app/controllers/registrar/domains_controller.rb
@ -46,7 +46,7 @@ class Registrar::DomainsController < Registrar::DeppController # EPP controller
  # rubocop: enable Metrics/AbcSize
  def info
-    authorize! :view, Depp::Domain
+    authorize! :info, Depp::Domain
    @data = @domain.info(params[:domain_name]) if params[:domain_name]
    if response_ok?
      render 'info'
@ -57,7 +57,7 @@ class Registrar::DomainsController < Registrar::DeppController # EPP controller
  end
  def check
-    authorize! :view, Depp::Domain
+    authorize! :check, Depp::Domain
    if params[:domain_name]
      @data = @domain.check(params[:domain_name])
      render 'check_index' and return unless response_ok?
--- a/app/controllers/registrar/polls_controller.rb
+++ b/app/controllers/registrar/polls_controller.rb
@ -1,13 +1,12 @@
 class Registrar::PollsController < Registrar::DeppController # EPP controller
  authorize_resource class: false
  before_action :init_epp_xml
  def show
    authorize! :view, :registrar_dashboard
    @data = depp_current_user.request(@ex.poll)
  end
  def destroy
    authorize! :delete, :registrar_poll
    @data = depp_current_user.request(@ex.poll(poll: {
      value: '', attrs: { op: 'ack', msgID: params[:id] }
    }))
@ -18,22 +17,22 @@ class Registrar::PollsController < Registrar::DeppController # EPP controller
    render 'show'
  end
-  def confirm_keyrelay
+  # TODO: Keyrelay is disabled for now
-    authorize! :confirm, :keyrelay
+  # def confirm_keyrelay
-    domain_params = params[:domain]
+  #   authorize! :confirm, :keyrelay
-    @data = @domain.confirm_keyrelay(domain_params)
+  #   domain_params = params[:domain]
  #   @data = @domain.confirm_keyrelay(domain_params)
-    if response_ok?
+  #   if response_ok?
-      redirect_to info_registrar_domains_url(domain_name: domain_params[:name])
+  #     redirect_to info_registrar_domains_url(domain_name: domain_params[:name])
-    else
+  #   else
-      @results = @data.css('result')
+  #     @results = @data.css('result')
-      @data = depp_current_user.request(@ex.poll)
+  #     @data = depp_current_user.request(@ex.poll)
-      render 'show'
+  #     render 'show'
-    end
+  #   end
-  end
+  # end
  def confirm_transfer
    authorize! :confirm, :transfer
    domain_params = params[:domain]
    @data = @domain.confirm_transfer(domain_params)
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -47,10 +47,10 @@ class Registrar::SessionsController < Devise::SessionsController
      end
    end
-    if @depp_user.errors.none? && @depp_user.valid?
+    if @depp_user.errors.none?
      if @api_user.active?
        sign_in @api_user
-        redirect_to role_base_root_url(@api_user)
+        redirect_to registrar_root_url
      else
        @depp_user.errors.add(:base, :not_active)
        render 'login'
@ -70,18 +70,11 @@ class Registrar::SessionsController < Devise::SessionsController
        flash[:alert] = I18n.t(:ip_is_not_whitelisted)
        redirect_to :back and return
      end
      if @api_user.can?(:create, :epp_login)
        unless @api_user.registrar.api_ip_white?(request.ip)
          flash[:alert] = I18n.t(:ip_is_not_whitelisted)
          redirect_to :back and return
        end
      end
    end
    sign_in @api_user if @api_user.identity_code == current_user.identity_code
-    redirect_to :back
+    redirect_to registrar_root_url
  end
  # rubocop:enable Metrics/CyclomaticComplexity
  # rubocop:enable Metrics/PerceivedComplexity
@ -91,7 +84,7 @@ class Registrar::SessionsController < Devise::SessionsController
    if @user
      sign_in(@user, event: :authentication)
-      redirect_to role_base_root_url(@user)
+      redirect_to registrar_root_url
    else
      flash[:alert] = t('no_such_user')
      redirect_to registrar_login_url
@ -111,7 +104,7 @@ class Registrar::SessionsController < Devise::SessionsController
    if Rails.env.test? && phone == "123"
      @user = ApiUser.find_by(identity_code: "14212128025")
      sign_in(@user, event: :authentication)
-      return redirect_to role_base_root_url(@user)
+      return redirect_to registrar_root_url
    end
    # country_codes = {'+372' => 'EST'}
@ -159,7 +152,7 @@ class Registrar::SessionsController < Devise::SessionsController
      sign_in @user
      flash[:notice] = t(:welcome)
      flash.keep(:notice)
-      render js: "window.location = '#{role_base_root_url(@user)}'"
+      render js: "window.location = '#{registrar_root_url}'"
    when 'NOT_VALID'
      render json: { message: t(:user_signature_is_invalid) }, status: :bad_request
    when 'EXPIRED_TRANSACTION'
@ -196,12 +189,4 @@ class Registrar::SessionsController < Devise::SessionsController
    return if WhiteIp.registrar_ip_white?(request.ip)
    render text: t('access_denied') and return
  end
  def role_base_root_url(user)
    if user.try(:roles) == ['billing']
      registrar_invoices_url
    else
      registrar_root_url
    end
  end
 end
--- a/app/controllers/registrar/xml_consoles_controller.rb
+++ b/app/controllers/registrar/xml_consoles_controller.rb
@ -1,10 +1,10 @@
 class Registrar::XmlConsolesController < Registrar::DeppController # EPP controller
  authorize_resource class: false
  def show
    authorize! :view, :registrar_xml_console
  end
  def create
    authorize! :create, :registrar_xml_console
    begin
      @result = depp_current_user.server.request(params[:payload])
    rescue
@ -14,7 +14,6 @@ class Registrar::XmlConsolesController < Registrar::DeppController # EPP control
  end
  def load_xml
    authorize! :create, :registrar_xml_console
    cl_trid = "#{depp_current_user.tag}-#{Time.zone.now.to_i}"
    xml_dir_path = Rails.root + 'app/views/registrar/xml_consoles/epp_requests'
    xml = File.read("#{xml_dir_path}/#{params[:obj]}/#{params[:epp_action]}.xml")
--- a/app/controllers/registrar_controller.rb
+++ b/app/controllers/registrar_controller.rb
@ -9,8 +9,6 @@ class RegistrarController < ApplicationController
    false
  end
  # rubocop:disable Metrics/PerceivedComplexity
  # rubocop:disable Metrics/CyclomaticComplexity
  def check_ip
    return unless current_user
    unless current_user.is_a? ApiUser
@ -20,21 +18,20 @@ class RegistrarController < ApplicationController
    return if Rails.env.development?
    registrar_ip_whitelisted = current_user.registrar.registrar_ip_white?(request.ip)
-    api_ip_whitelisted = true
+    return if registrar_ip_whitelisted
    if current_user.can?(:create, :epp_request)
      api_ip_whitelisted = current_user.registrar.api_ip_white?(request.ip)
    end
    return if registrar_ip_whitelisted && api_ip_whitelisted
    flash[:alert] = t('ip_is_not_whitelisted')
    sign_out(current_user)
    redirect_to registrar_login_path and return
  end
  # rubocop:enable Metrics/PerceivedComplexity
  # rubocop:enable Metrics/CyclomaticComplexity
  helper_method :head_title_sufix
  def head_title_sufix
    t(:registrar_head_title_sufix)
  end
  private
  def current_ability
    @current_ability ||= Ability.new(current_user, request.remote_ip)
  end
 end
--- a/app/mailers/domain_mailer.rb
+++ b/app/mailers/domain_mailer.rb
@ -162,4 +162,15 @@ class DomainMailer < ApplicationMailer
         subject: "#{I18n.t(:delete_confirmation_subject,
         name: @domain.name)} [#{@domain.name}]")
  end
  def force_delete(domain)
    @domain = domain
    emails = ([@domain.registrant.email] + @domain.admin_contacts.map { |x| format(x.email) }).uniq
    return if whitelist_blocked?(emails)
    formatted_emails = emails.map { |x| format(x) }
    mail(to: formatted_emails,
         subject: "#{I18n.t(:force_delete_subject)}"
        )
  end
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -4,7 +4,8 @@ class Ability
  # rubocop: disable Metrics/PerceivedComplexity
  # rubocop: disable Metrics/LineLength
  # rubocop: disable Metrics/AbcSize
-  def initialize(user)
+  def initialize(user, ip = nil)
    @ip = ip
    alias_action :show, to: :view
    alias_action :show, :create, :update, :destroy, to: :crud
@ -29,20 +30,28 @@ class Ability
  #
  def super # Registrar/api_user dynamic role
    static_registrar
    epp
    billing
  end
  def epp # Registrar/api_user dynamic role
-    static_registrar
+    can :view, :registrar_dashboard
    if @user.registrar.api_ip_white?(@ip)
      can :manage, :poll
      can :manage, Depp::Contact
      # can :manage, Depp::Keyrelay # TODO: Keyrelay is disabled for now
      # can :confirm, :keyrelay # TODO: Keyrelay is disabled for now
      can :manage, :xml_console
      can :manage,   Depp::Domain
    end
    # REPP
    can(:manage, :repp)
    # EPP
-    can(:create, :epp_login) # billing can establis epp connection in order to login
+    can(:create, :epp_login) # billing can establish epp connection in order to login
-    can(:create, :epp_request)
+    # can(:create, :epp_request)
    # Epp::Domain
    can(:info,     Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw }
@ -70,7 +79,6 @@ class Ability
    can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id }
    can :manage, :deposit
    can :read, AccountActivity
    can(:create, :epp_login) # billing can establis epp connection in order to login
  end
  def customer_service # Admin/admin_user dynamic role
@ -99,6 +107,7 @@ class Ability
    can :manage, MailTemplate
    can :manage, Invoice
    can :manage, WhiteIp
    can :manage, AccountActivity
    can :read, ApiLog::EppLog
    can :read, ApiLog::ReppLog
    can :update, :pending
@ -107,23 +116,6 @@ class Ability
    can :access, :settings_menu
  end
  #
  # Static roles, linked from dynamic roles
  #
  def static_registrar
    can :manage, Nameserver
    can :view, :registrar_dashboard
    can :delete, :registrar_poll
    can :manage, :registrar_xml_console
    can :manage, Depp::Contact
    can :manage, Depp::Domain
    can :renew,  Depp::Domain
    can :transfer, Depp::Domain
    can :manage, Depp::Keyrelay
    can :confirm, :keyrelay
    can :confirm, :transfer
  end
  def static_registrant
    can :manage, :registrant_domains
    can :manage, :registrant_whois
--- a/app/models/contact.rb
+++ b/app/models/contact.rb
@ -23,7 +23,7 @@ class Contact < ActiveRecord::Base
  validates :ident,
    format: { with: /\d{4}-\d{2}-\d{2}/, message: :invalid_birthday_format },
    if: proc { |c| c.ident_type == 'birthday' }
-  validates :ident_country_code, presence: true, if: proc { |c| %w(bic priv).include? c.ident_type }
+  validates :ident_country_code, presence: true, if: proc { |c| %w(org priv).include? c.ident_type }
  validates :code,
    uniqueness: { message: :epp_id_taken },
    format: { with: /\A[\w\-\:]*\Z/i, message: :invalid },
@ -34,6 +34,7 @@ class Contact < ActiveRecord::Base
  after_initialize do
    self.statuses = [] if statuses.nil?
    self.status_notes = {} if status_notes.nil?
    self.ident_updated_at = Time.zone.now if new_record? && ident_updated_at.blank?
  end
  before_validation :set_ident_country_code
@ -64,13 +65,13 @@ class Contact < ActiveRecord::Base
  scope :current_registrars, ->(id) { where(registrar_id: id) }
-  BIC = 'bic'
+  ORG = 'org'
  PRIV = 'priv'
  BIRTHDAY = 'birthday'
  PASSPORT = 'passport'
  IDENT_TYPES = [
-    BIC,     # Company registry code (or similar)
+    ORG,     # Company registry code (or similar)
    PRIV,    # National idendtification number
    BIRTHDAY # Birthday date
  ]
@ -173,7 +174,7 @@ class Contact < ActiveRecord::Base
      unless Rails.env.test?
        orphans.each do |m|
-          STDOUT << "#{Time.zone.now.utc} Contact.destroy_orphans: ##{m.id}\n"
+          STDOUT << "#{Time.zone.now.utc} Contact.destroy_orphans: ##{m.id} (#{m.name})\n"
        end
      end
@ -226,12 +227,13 @@ class Contact < ActiveRecord::Base
    false
  end
-  def bic?
+  def org?
-    ident_type == BIC
+    ident_type == ORG
  end
  # it might mean priv or birthday type
  def priv?
-    ident_type != BIC
+    !org?
  end
  def generate_auth_info
--- a/app/models/depp/contact.rb
+++ b/app/models/depp/contact.rb
@ -10,9 +10,9 @@ module Depp
    DISABLED = 'Disabled'
    DISCLOSURE_TYPES = [DISABLED, '1', '0']
-    TYPES = %w( bic priv birthday )
+    TYPES = %w( org priv birthday )
    SELECTION_TYPES = [
-      ['Business code', 'bic'],
+      ['Business code', 'org'],
      ['Personal identification code', 'priv'],
      ['Birthday', 'birthday']
    ]
@ -163,7 +163,7 @@ module Depp
      }
      hash[:id] = nil if code.blank?
-      create_xml = Depp::Contact.epp_xml.create(hash, extension_xml)
+      create_xml = Depp::Contact.epp_xml.create(hash, extension_xml(:create))
      data = Depp::Contact.user.request(create_xml)
      self.id = data.css('id').text
@ -210,7 +210,7 @@ module Depp
            }
          }
        },
-        extension_xml
+        extension_xml(:update)
      )
      data = Depp::Contact.user.request(update_xml)
      handle_errors(data)
@ -224,20 +224,36 @@ module Depp
          id: { value: id },
          authInfo: { pw: { value: password } }
        },
-        extension_xml
+        extension_xml(:delete)
      )
      data = Depp::Contact.user.request(delete_xml)
      handle_errors(data)
    end
-    def extension_xml
+    # rubocop:disable Metrics/CyclomaticComplexity
    # rubocop:disable Style/NegatedIf
    # rubocop:disable Style/RedundantSelf
    def extension_xml(action)
      xml = { _anonymus: [] }
-      ident = ident_xml[:_anonymus].try(:first) unless persisted?
+
      case action
      when :create
        ident = ident_xml[:_anonymus].try(:first) 
      when :update
        # detect if any ident has changed, nb! ident and self.ident is not always same
        if !(ident == self.ident && ident == self.ident_type && ident_country_code == self.ident_country_code)
          ident = ident_xml[:_anonymus].try(:first) 
        end
      end
      legal = legal_document_xml[:_anonymus].try(:first)
      xml[:_anonymus] << ident if ident.present?
      xml[:_anonymus] << legal if legal.present?
      xml
    end
    # rubocop:enable Metrics/CyclomaticComplexity
    # rubocop:enable Style/NegatedIf
    # rubocop:enable Style/RedundantSelf
    def ident_xml
      {
@ -267,8 +283,8 @@ module Depp
      Country.new(country_code)
    end
-    def bic?
+    def org?
-      ident_type == 'bic'
+      ident_type == 'org'
    end
    def priv?
--- a/app/models/domain.rb
+++ b/app/models/domain.rb
@ -9,6 +9,7 @@ class Domain < ActiveRecord::Base
  belongs_to :registrar
  belongs_to :registrant
  # TODO: should we user validates_associated :registrant here?
  has_many :admin_domain_contacts
  accepts_nested_attributes_for :admin_domain_contacts, allow_destroy: true
@ -215,7 +216,9 @@ class Domain < ActiveRecord::Base
          DomainMailer.pending_delete_expired_notification(domain).deliver_now
        end
        domain.clean_pendings!
-        STDOUT << "#{Time.zone.now.utc} Domain.clean_expired_pendings: ##{domain.id}\n" unless Rails.env.test?
+        unless Rails.env.test?
          STDOUT << "#{Time.zone.now.utc} Domain.clean_expired_pendings: ##{domain.id} (#{domain.name})\n"
        end
      end
      STDOUT << "#{Time.zone.now.utc} - Successfully cancelled #{count} domain pendings\n" unless Rails.env.test?
      count
@ -232,7 +235,7 @@ class Domain < ActiveRecord::Base
      domains.each do |domain|
        next unless domain.expirable?
        domain.set_graceful_expired
-        STDOUT << "#{Time.zone.now.utc} Domain.start_expire_period: ##{domain.id} #{domain.changes}\n" unless Rails.env.test?
+        STDOUT << "#{Time.zone.now.utc} Domain.start_expire_period: ##{domain.id} (#{domain.name}) #{domain.changes}\n" unless Rails.env.test?
        domain.save(validate: false)
      end
@ -246,7 +249,7 @@ class Domain < ActiveRecord::Base
      d.each do |domain|
        next unless domain.server_holdable?
        domain.statuses << DomainStatus::SERVER_HOLD
-        STDOUT << "#{Time.zone.now.utc} Domain.start_redemption_grace_period: ##{domain.id} #{domain.changes}\n" unless Rails.env.test?
+        STDOUT << "#{Time.zone.now.utc} Domain.start_redemption_grace_period: ##{domain.id} (#{domain.name}) #{domain.changes}\n" unless Rails.env.test?
        domain.save
      end
@ -260,7 +263,7 @@ class Domain < ActiveRecord::Base
      d.each do |domain|
        next unless domain.delete_candidateable?
        domain.statuses << DomainStatus::DELETE_CANDIDATE
-        STDOUT << "#{Time.zone.now.utc} Domain.start_delete_period: ##{domain.id} #{domain.changes}\n" unless Rails.env.test?
+        STDOUT << "#{Time.zone.now.utc} Domain.start_delete_period: ##{domain.id} (#{domain.name}) #{domain.changes}\n" unless Rails.env.test?
        domain.save
      end
@ -269,24 +272,26 @@ class Domain < ActiveRecord::Base
    end
    # rubocop:disable Rails/FindEach
    # rubocop:disable Metrics/AbcSize
    def destroy_delete_candidates
      STDOUT << "#{Time.zone.now.utc} - Destroying domains\n" unless Rails.env.test?
      c = 0
      Domain.where("statuses @> '{deleteCandidate}'::varchar[]").each do |x|
        x.destroy
-        STDOUT << "#{Time.zone.now.utc} Domain.destroy_delete_candidates: by deleteCandidate ##{x.id}\n" unless Rails.env.test?
+        STDOUT << "#{Time.zone.now.utc} Domain.destroy_delete_candidates: by deleteCandidate ##{x.id} (#{x.name})\n" unless Rails.env.test?
        c += 1
      end
      Domain.where('force_delete_at <= ?', Time.zone.now).each do |x|
        x.destroy
-        STDOUT << "#{Time.zone.now.utc} Domain.destroy_delete_candidates: by force delete time ##{x.id}\n" unless Rails.env.test?
+        STDOUT << "#{Time.zone.now.utc} Domain.destroy_delete_candidates: by force delete time ##{x.id} (#{x.name})\n" unless Rails.env.test?
        c += 1
      end
      STDOUT << "#{Time.zone.now.utc} - Successfully destroyed #{c} domains\n" unless Rails.env.test?
    end
    # rubocop: enable Metrics/AbcSize
    # rubocop:enable Rails/FindEach
    # rubocop: enable Metrics/LineLength
  end
@ -330,7 +335,6 @@ class Domain < ActiveRecord::Base
  end
  def server_holdable?
    return false if outzone_at > Time.zone.now
    return false if statuses.include?(DomainStatus::SERVER_HOLD)
    return false if statuses.include?(DomainStatus::SERVER_MANUAL_INZONE)
    true
@ -587,6 +591,7 @@ class Domain < ActiveRecord::Base
      registrar.messages.create!(
        body: I18n.t('force_delete_set_on_domain', domain: name)
      )
      DomainMailer.force_delete(self).deliver_now
      return true
    end
    false
@ -613,7 +618,6 @@ class Domain < ActiveRecord::Base
    statuses << DomainStatus::EXPIRED
  end
  # TODO: This looks odd - outzone_at and delete_at will be the same value?
  def set_expired
    # TODO: currently valid_to attribute update logic is open
    # self.valid_to = valid_from + self.class.convert_period_to_time(period, period_unit)
@ -642,7 +646,7 @@ class Domain < ActiveRecord::Base
  end
  def pending_update_prohibited?
-    (statuses & [
+    (statuses_was & [
      DomainStatus::CLIENT_UPDATE_PROHIBITED,
      DomainStatus::SERVER_UPDATE_PROHIBITED,
      DomainStatus::PENDING_CREATE,
@ -666,17 +670,24 @@ class Domain < ActiveRecord::Base
  end
  def pending_delete_prohibited?
-    (statuses & [
+    (statuses_was & [
      DomainStatus::CLIENT_DELETE_PROHIBITED,
      DomainStatus::SERVER_DELETE_PROHIBITED,
      DomainStatus::CLIENT_UPDATE_PROHIBITED,
      DomainStatus::SERVER_UPDATE_PROHIBITED,
      DomainStatus::PENDING_CREATE,
      DomainStatus::PENDING_UPDATE,
      DomainStatus::PENDING_DELETE,
      DomainStatus::PENDING_RENEW,
-      DomainStatus::PENDING_TRANSFER
+      DomainStatus::PENDING_TRANSFER,
      DomainStatus::PENDING_UPDATE,
      DomainStatus::PENDING_DELETE
    ]).present?
  end
  # let's use positive method names
  def pending_deletable?
    !pending_delete_prohibited?
  end
  def set_pending_delete
    if pending_delete_prohibited?
      logger.info "DOMAIN STATUS UPDATE ISSUE ##{id}: PENDING_DELETE not allowed to set. [#{statuses}]"
@ -685,13 +696,25 @@ class Domain < ActiveRecord::Base
    statuses << DomainStatus::PENDING_DELETE
  end
  def set_server_hold
    statuses << DomainStatus::SERVER_HOLD
  end
  # rubocop: disable Metrics/CyclomaticComplexity
  # rubocop: disable Metrics/PerceivedComplexity
  def manage_automatic_statuses
    if statuses.empty? && valid?
      statuses << DomainStatus::OK
    elsif statuses.length > 1 || !valid?
      statuses.delete(DomainStatus::OK)
    end
    p_d = statuses.include?(DomainStatus::PENDING_DELETE)
    s_h = (statuses & [DomainStatus::SERVER_MANUAL_INZONE, DomainStatus::SERVER_HOLD]).empty?
    statuses << DomainStatus::SERVER_HOLD if p_d && s_h
  end
  # rubocop: enable Metrics/CyclomaticComplexity
  # rubocop: enable Metrics/PerceivedComplexity
  def children_log
    log = HashWithIndifferentAccess.new
--- a/app/models/domain_status.rb
+++ b/app/models/domain_status.rb
@ -142,7 +142,7 @@ class DomainStatus < ActiveRecord::Base
        # ['ManualInzone', SERVER_MANUAL_INZONE],
        # [''],
        # ['RenewProhibited', SERVER_RENEW_PROHIBITED],
-        # ['TransferProhibited', SERVER_TRANSFER_PROHIBITED],
+        ['TransferProhibited', SERVER_TRANSFER_PROHIBITED],
        # ['RegistrantChangeProhibited', SERVER_REGISTRANT_CHANGE_PROHIBITED],
        # ['AdminChangeProhibited', SERVER_ADMIN_CHANGE_PROHIBITED],
        # ['TechChangeProhibited', SERVER_TECH_CHANGE_PROHIBITED],
--- a/app/models/epp/contact.rb
+++ b/app/models/epp/contact.rb
@ -118,6 +118,7 @@ class Epp::Contact < Contact
        [:ident, :invalid_EE_identity_format],
        [:ident, :invalid_birthday_format],
        [:ident, :invalid_country_code],
        [:ident_type, :missing],
        [:code, :invalid],
        [:code, :too_long_contact_code]
      ],
@ -132,6 +133,7 @@ class Epp::Contact < Contact
    }
  end
  # rubocop:disable Metrics/AbcSize
  def update_attributes(frame)
    return super if frame.blank?
    at = {}.with_indifferent_access
@ -144,8 +146,23 @@ class Epp::Contact < Contact
    legal_frame = frame.css('legalDocument').first
    at[:legal_documents_attributes] = self.class.legal_document_attrs(legal_frame)
    self.deliver_emails = true # turn on email delivery for epp
    # allow to update ident code for legacy contacts
    if frame.css('ident').first.present?
      if ident_updated_at.present?
        throw :epp_error, {
          code: '2306',
          msg: I18n.t(:ident_update_error)
        }
      else
        at.merge!(self.class.ident_attrs(frame.css('ident').first)) 
        self.ident_updated_at = Time.zone.now
      end
    end
    super(at)
  end
  # rubocop:enable Metrics/AbcSize
  def statuses_attrs(frame, action)
    status_list = status_list_from(frame)
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@ -9,11 +9,24 @@ class Epp::Domain < Domain
    false
  end
-  before_validation :validate_contacts
+  after_validation :validate_contacts
  def validate_contacts
-    return if contacts.map(&:valid?).all?
+    ok = true
-    add_epp_error('2304', nil, nil, I18n.t(:object_status_prohibits_operation))
+    active_admins = admin_domain_contacts.select { |x| !x.marked_for_destruction? }
-    false
+    active_techs = tech_domain_contacts.select { |x| !x.marked_for_destruction? }
    # bullet workaround
    ac = active_admins.map { |x| Contact.find(x.contact_id) }
    tc = active_techs.map { |x| Contact.find(x.contact_id) }
    # validate registrant here as well
    ([registrant] + ac + tc).each do |x|
      unless x.valid?
        add_epp_error('2304', nil, nil, I18n.t(:contact_is_not_valid, value: x.code))
        ok = false
      end
    end
    ok
  end
  before_save :link_contacts
@ -124,7 +137,7 @@ class Epp::Domain < Domain
    return if registrant.blank?
    regt = Registrant.find(registrant.id) # temp for bullet
    tech_contacts << regt if tech_domain_contacts.blank?
-    admin_contacts << regt if admin_domain_contacts.blank? && regt.priv?
+    admin_contacts << regt if admin_domain_contacts.blank? && !regt.org?
  end
  # rubocop: disable Metrics/PerceivedComplexity
@ -270,7 +283,7 @@ class Epp::Domain < Domain
      end
      if action != 'rem'
-        if x['type'] == 'admin' && c.bic?
+        if x['type'] == 'admin' && c.org?
          add_epp_error('2306', 'contact', x.text, [:domain_contacts, :admin_contact_can_be_only_private_person])
          next
        end
@ -485,10 +498,22 @@ class Epp::Domain < Domain
      manage_automatic_statuses
      true # aka 1001 pending_delete
    else
-      set_expired!
+      set_pending_delete!
    end
  end
  def set_pending_delete!
    throw :epp_error, {
      code: '2304',
      msg: I18n.t(:object_status_prohibits_operation)
    } unless pending_deletable?
    self.delete_at = Time.zone.now + Setting.redemption_grace_period.days
    set_pending_delete
    set_server_hold if server_holdable?
    save(validate: false)
  end
  ### RENEW ###
  def renew(cur_exp_date, period, unit = 'y')
@ -512,7 +537,6 @@ class Epp::Domain < Domain
  ### TRANSFER ###
  # rubocop: disable Metrics/PerceivedComplexity
  # rubocop: disable Metrics/CyclomaticComplexity
  def transfer(frame, action, current_user)
    case action
@ -540,29 +564,15 @@ class Epp::Domain < Domain
    oc = c.deep_clone
    oc.code = nil
    oc.registrar_id = registrar_id
    oc.copy_from_id = c.id
    oc.prefix_code
    oc.save!(validate: false)
    oc
  end
  def transfer_contact(contact_id, registrar_id)
    oc = Contact.find(contact_id) # n+1 workaround
    oc.registrar_id = registrar_id
    oc.generate_new_code!
    oc.save!(validate: false)
    oc
  end
  def transfer_registrant(registrar_id)
    return if registrant.registrar_id == registrar_id
-
+    self.registrant_id = copy_and_transfer_contact(registrant_id, registrar_id).id
    is_other_domains_contact = DomainContact.where('contact_id = ? AND domain_id != ?', registrant_id, id).count > 0
    if registrant.registrant_domains.count > 1 || is_other_domains_contact
      oc = copy_and_transfer_contact(registrant_id, registrar_id)
      self.registrant_id = oc.id
    else
      transfer_contact(registrant_id, registrar_id)
    end
  end
  def transfer_domain_contacts(registrar_id)
@ -570,12 +580,7 @@ class Epp::Domain < Domain
    contacts.each do |c|
      next if copied_ids.include?(c.id) || c.registrar_id == registrar_id
-      is_other_domains_contact = DomainContact.where('contact_id = ? AND domain_id != ?', c.id, id).count > 0
+      if registrant_id_was == c.id # registrant was copied previously, do not copy it again
      # if contact used to be owner contact but was copied, then contact must be transferred
      # (registrant_id_was != c.id)
      if c.domains.count > 1 || is_other_domains_contact
        # copy contact
        if registrant_id_was == c.id # owner contact was copied previously, do not copy it again
        oc = OpenStruct.new(id: registrant_id)
      else
        oc = copy_and_transfer_contact(c.id, registrar_id)
@ -583,9 +588,6 @@ class Epp::Domain < Domain
      domain_contacts.where(contact_id: c.id).update_all({ contact_id: oc.id }) # n+1 workaround
      copied_ids << c.id
      else
        transfer_contact(c.id, registrar_id)
      end
    end
  end
@ -766,7 +768,9 @@ class Epp::Domain < Domain
      DomainStatus::PENDING_DELETE,
      DomainStatus::PENDING_RENEW,
      DomainStatus::PENDING_TRANSFER,
-      DomainStatus::FORCE_DELETE
+      DomainStatus::FORCE_DELETE,
      DomainStatus::SERVER_TRANSFER_PROHIBITED,
      DomainStatus::CLIENT_TRANSFER_PROHIBITED
    ]).empty?
  end
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@ -1,3 +1,9 @@
 class Setting < RailsSettings::CachedSettings
  include Versions # version/setting_version.rb
  def self.reload_settings!
    STDOUT << "#{Time.zone.now.utc} - Clearing settings cache\n"
    Rails.cache.delete_matched('settings:.*')
    STDOUT << "#{Time.zone.now.utc} - Settings cache cleared\n"
  end
 end
--- a/app/models/white_ip.rb
+++ b/app/models/white_ip.rb
@ -17,19 +17,17 @@ class WhiteIp < ActiveRecord::Base
  REGISTRAR = 'registrar'
  INTERFACES = [API, REGISTRAR]
-  scope :api, -> { where(interface: API) }
+  scope :api, -> { where("interfaces @> ?::varchar[]", "{#{API}}") }
-  scope :registrar, -> { where(interface: REGISTRAR) }
+  scope :registrar, -> { where("interfaces @> ?::varchar[]", "{#{REGISTRAR}}") }
  def interfaces=(interfaces)
    super(interfaces.reject(&:blank?))
  end
  class << self
    def registrar_ip_white?(ip)
      return true unless Setting.registrar_ip_whitelist_enabled
-
+      WhiteIp.where(ipv4: ip).registrar.any?
      at = WhiteIp.arel_table
      WhiteIp.where(
        at[:interface].eq(REGISTRAR).and(
          at[:ipv4].eq(ip)
        )
      ).any?
    end
  end
 end
--- a/app/views/admin/account_activities/index.haml
+++ b/app/views/admin/account_activities/index.haml
@ -0,0 +1,74 @@
 - content_for :actions do
  = link_to(t(:export_csv), url_for(params.merge(format: 'csv')), class: 'btn btn-default')
 = render 'shared/title', name: t(:account_activities)
 .row
  .col-md-12
    = search_form_for @q, url: [:admin, :account_activities], html: { style: 'margin-bottom: 0;' } do |f|
      .row
        .col-md-12
          .form-group
            = f.label t(:registrar)
            = f.select :account_registrar_id_in, Registrar.all.map { |x| [x, x.id] }, {}, class: 'form-control js-combobox', placeholder: t(:choose), multiple: true
      .row
        .col-md-6
          .form-group
            = f.label t(:activity_type)
            = f.select :activity_type_in, AccountActivity.types_for_select, {}, class: 'form-control js-combobox', placeholder: t(:choose), multiple: true
        .col-md-6
          .form-group
            = f.label t(:description)
            = f.search_field :description_cont, class: 'form-control', placeholder: t(:description), autocomplete: 'off'
      .row
        .col-md-3
          .form-group
            = f.label t(:receipt_date_from)
            = f.search_field :created_at_gteq, value: params[:q][:created_at_gteq], class: 'form-control datepicker', placeholder: t(:receipt_date_from), autocomplete: 'off'
        .col-md-3
          .form-group
            = f.label t(:receipt_date_until)
            = f.search_field :created_at_lteq, value: params[:q][:created_at_lteq], class: 'form-control datepicker', placeholder: t(:receipt_date_until), autocomplete: 'off'
        .col-md-6{style: 'padding-top: 25px;'}
          %button.btn.btn-default.search
            &nbsp;
            %span.glyphicon.glyphicon-search
            &nbsp;
          %button.btn.btn-default.js-reset-form
            = t(:clear_fields)
 %hr
 .row
  .col-md-12
    .table-responsive
      %table.table.table-hover.table-condensed
        %thead
          %tr
            %th{class: 'col-xs-2'}
              = sort_link(@q, 'registrar')
            %th{class: 'col-xs-3'}
              = sort_link(@q, 'description')
            %th{class: 'col-xs-2'}
              = sort_link(@q, 'activity_type')
            %th{class: 'col-xs-3'}
              = sort_link(@q, 'created_at', t(:receipt_date))
            %th{class: 'col-xs-2'}
              = sort_link(@q, 'sum')
        %tbody
          - @account_activities.each do |x|
            %tr
              %td= link_to(x.account.registrar.try(:code), admin_registrar_path(x.account.registrar))
              %td= x.description.present? ? x.description : '-'
              %td= x.activity_type ? t(x.activity_type) : ''
              %td= l(x.created_at)
              - c = x.sum > 0.0 ? 'text-success' : 'text-danger'
              - s = x.sum > 0.0 ? "+#{x.sum} #{x.currency}" : "#{x.sum} #{x.currency}"
              %td{class: c}= s
 .row
  .col-md-12
    = paginate @account_activities
 :coffee
  $(".js-reset-form").on "click", (e) ->
    e.preventDefault();
    window.location = "#{admin_account_activities_path}"
--- a/app/views/admin/domains/partials/_general.haml
+++ b/app/views/admin/domains/partials/_general.haml
@ -21,3 +21,12 @@
      %dt= t(:valid_to)
      %dd= l(@domain.valid_to)
      %dt= t(:outzone_at)
      %dd= l(@domain.outzone_at)
      %dt= t(:delete_at)
      %dd= l(@domain.delete_at)
      %dt= t(:force_delete_at)
      %dd= l(@domain.force_delete_at)
--- a/app/views/admin/registrars/show.haml
+++ b/app/views/admin/registrars/show.haml
@ -92,10 +92,10 @@
            %tr
              %th{class: 'col-xs-4'}= t(:ipv4)
              %th{class: 'col-xs-6'}= t(:ipv6)
-              %th{class: 'col-xs-2'}= t(:interface)
+              %th{class: 'col-xs-2'}= t(:interfaces)
          %tbody
-            - @registrar.white_ips.order(:interface).each do |x|
+            - @registrar.white_ips.each do |x|
              %tr
                %td= link_to(x.ipv4, [:admin, @registrar, x])
                %td= link_to(x.ipv6, [:admin, @registrar, x])
-                %td= x.interface.upcase
+                %td= x.interfaces.join(', ').upcase
--- a/app/views/admin/white_ips/_form.haml
+++ b/app/views/admin/white_ips/_form.haml
@ -19,11 +19,13 @@
          = f.label :ipv6
        .col-md-7
          = f.text_field(:ipv6, class: 'form-control', ipv6: true, autocomplete: 'off')
      - WhiteIp::INTERFACES.each do |x|
        .form-group
          .col-md-4.control-label
-          = f.label :interface
+            = f.label x
          .col-md-7
-          = f.select :interface, WhiteIp::INTERFACES.map {|x| [x.upcase, x]}, {}, class: 'form-control selectize'
+            = f.check_box :interfaces, { multiple: true }, x, nil
      = hidden_field_tag "white_ip[interfaces][]", nil
  %hr
  .row
    .col-md-8.text-right
--- a/app/views/admin/white_ips/show.haml
+++ b/app/views/admin/white_ips/show.haml
@ -20,5 +20,5 @@
          %dt= t(:ipv6)
          %dd= @white_ip.ipv6
-          %dt= t(:interface)
+          %dt= t(:interfaces)
-          %dd= @white_ip.interface.upcase
+          %dd= @white_ip.interfaces.join(', ').upcase
--- a/app/views/layouts/admin/application.haml
+++ b/app/views/layouts/admin/application.haml
@ -55,6 +55,7 @@
                    %li= link_to t(:pricelists), admin_pricelists_path
                  %li= link_to t(:bank_statements), admin_bank_statements_path
                  %li= link_to t(:invoices), admin_invoices_path
                  %li= link_to t(:account_activities), admin_account_activities_path
                  %li.divider
                  %li.dropdown-header= t(:system)
                  %li= link_to t(:settings), admin_settings_path
--- a/app/views/layouts/registrar/application.haml
+++ b/app/views/layouts/registrar/application.haml
@ -44,7 +44,7 @@
                - active_class = ['registrar/invoices'].include?(params[:controller]) ? 'active' :nil
                %li{class: active_class}= link_to t(:billing), registrar_invoices_path
-              - if !Rails.env.production? && can?(:view, :registrar_xml_console)
+              - if !Rails.env.production? && can?(:manage, :xml_console)
                - active_class = ['registrar/xml_consoles'].include?(params[:controller]) ? 'active' :nil
                %li{class: active_class}= link_to t(:xml_console), registrar_xml_console_path
--- a/app/views/mailers/domain_mailer/force_delete.html.erb
+++ b/app/views/mailers/domain_mailer/force_delete.html.erb
@ -0,0 +1,76 @@
 <table width="600" cellspacing="0" cellpadding="0" border="0" align="center"><tbody>
  <tr><td>
    <p>Eesti Interneti Sihtasutus</p>
  </td></tr>
  <tr><td>
    <table cellspacing="0" cellpadding="0" border="0" align="center" style="text-align: justify; line-height: 16px; font-size: 12px;"><tbody>
      <tr><td>
        <br />
 <strong>Lugupeetud domeeni <%= @domain.name %> kontaktisik</strong>
 <p>Eesti Interneti SA (EIS) domeeniregistrisse on domeeni <b><%= @domain.name %></b> kohta kantud j&auml;rgmised andmed:</p>
 <p>Registreerija nimi: <b><%= @domain.registrant %></b><br />
 Registrikood: <b><%= @domain.registrant.try(:ident) %></b></p>
 <p>EIS-le on saanud teatavaks, et juriidiline isik registrikoodiga <b><%= @domain.registrant.try(:ident) %></b> on &auml;riregistrist kustutatud.</p>
 <p>Kuiv&otilde;rd &auml;riregistrist kustutatud juriidiline isik ei saa olla domeeni registreerijaks, siis algatas EIS <b><%= l(Time.zone.now, format: :date) %></b> vastavalt Domeenireeglite (<a href="http://www.internet.ee/et/domeenid/" target="_blank">http://www.internet.ee/et/domeenid/</a>) punktile 6.4 domeeni <b><%= @domain.name %></b> suhtes 30 p&auml;eva pikkuse kustutusmenetluse. Kustutamise k&auml;igus j&auml;&auml;b domeen internetis k&auml;ttesaadavaks.</p>
 <p>Domeenireeglite punktist 6.4 tulenevalt on domeeni suhtes &otilde;igust omaval registreerijal v&otilde;imalus esitada domeeni <b><%= @domain.name %></b> registripidajale <b><%= @domain.registrar %></b> domeeni &uuml;leandmise taotlus Domeenireeglite p 5.3.6.2 kohaselt. Taotlusele tuleb lisada domeeni omandamist t&otilde;endavad dokumendid, mis asendavad Domeenireeglite punktis 5.3.6.3 s&auml;testatud &uuml;leandva registreerija n&otilde;usolekut. Vastav dokumentatsioon tuleks esitada Registripidajale esimesel v&otilde;imalusel.</p>
 <p>Kui &uuml;leandmine ei ole 30 p&auml;eva jooksul toimunud, kustub domeen <b><%= @domain.name %></b> 24 tunni jooksul <b><%= l(@domain.force_delete_at, format: :short) %></b> m&ouml;&ouml;dumisest juhuslikult valitud ajahetkel. Soovi korral on v&otilde;imalik domeen p&auml;rast selle kustumist registrist “kes ees, see mees” p&otilde;him&otilde;ttel uuesti registreerida.</p>
 <p>Lisak&uuml;simuste korral v&otilde;tke palun &uuml;hendust oma registripidajaga <%= @domain.registrar %>, kelle kontaktandmed leiate lingilt <a href="http://www.internet.ee/registripidajad" target="_blank">http://www.internet.ee/registripidajad</a></p><br /><br />
 <strong>Dear contact of <%= @domain.name %> domain</strong>
 <p>The following details for domain name <b><%= @domain.name %></b> have been entered into the Estonian Internet Foundation's (EIF) domain registry:</p>
 <p>Registrant's name: <b><%= @domain.registrant %></b><br />
 Registry code: <b><%= @domain.registrant.try(:ident) %></b></p>
 <p>EIF has learned that the legal person with registry code <b><%= @domain.registrant.try(:ident) %></b> has been deleted from the Business Registry.</p>
 <p>As a terminated legal person cannot be the registrant of a domain, the EIF started the deletion process of <b><%= @domain.name %></b> domain on <b><%= l(Time.zone.now, format: :date) %></b> according to the Domain Regulation (<a href="http://www.internet.ee/en/domains/" target="_blank">http://www.internet.ee/en/domains/</a>), using the 30-day delete procedure. The domain will remain available on the Internet during the delete procedure.</p>
 <p>According to paragraph 6.4 of the Domain Regulation, the registrant holding a right to the domain name <b><%= @domain.name %></b> can submit a domain name transfer application to the registrar <b><%= @domain.registrar %></b> in accordance with paragraph 5.3.6.2 of the Domain Regulation. The application must be submitted together with documents certifying the acquisition of the domain that will replace the consent of the surrendering registrant as laid down in paragraph 5.3.6.3 of the Domain Regulation. The relevant documents should be submitted to the registrar as soon as possible.</p>
 <p>If the transfer has not been made in 30 days, the domain <b><%= @domain.name %></b> will be deleted at a randomly chosen moment within 24 hours after <b><%= l(@domain.force_delete_at, format: :short) %></b>. After deletion it is possible to reregister the domain on a "first come, first served" basis.</p>
 <p>Should you have additional questions, please contact your registrar <%= @domain.registrar %>, whose contact information can be found at <a href="http://www.internet.ee/en/registrars/" target="_blank">http://www.internet.ee/en/registrars/</a></p><br /><br />
 <strong>Уважаемое контактное лицо домена <%= @domain.name %></strong>
 <p>В регистр доменов Целевого учреждения Eesti Internet (EIS) внесены следующие данные относительно домена <b><%= @domain.name %></b>:</p>
 <p>Имя регистранта: <b><%= @domain.registrant %></b><br />
 Регистрационный код: <b><%= @domain.registrant.try(:ident) %></b></p>
 <p>EIS стало известно, что юридическое лицо с регистрационным кодом <%= @domain.registrant.try(:ident) %> удалено из коммерческого реестра.</p>
 <p>Поскольку прекратившее деятельность юридическое лицо не может являться регистрантом домена, то согласно пункту 6.4 Правил домена (<a href="http://www.internet.ee/ru/11364/11400/" target="_blank">http://www.internet.ee/ru/11364/11400/</a>) EIS <b><%= l(Time.zone.now, format: :date) %></b> инициировало удаление домена <b><%= @domain.name %></b> с применением 30-дневной процедуры удаления. На протяжении процесса удаления домен остается доступным в Интернете.</p>
 <p>Согласно пункту 6.4 Правил домена регистрант, имеющий право на домен, может подать регистратору <b><%= @domain.registrar %></b> домена <b><%= @domain.name %></b> ходатайство о передаче домена в соответствии с п. 5.3.6.2 Правил домена. К ходатайству следует приложить подтверждающие приобретение домена документы, заменяющие в соответствии с пунктом 5.3.6.3 Правил домена согласие передающего доменное имя регистранта. EIS предлагает представить соответствующую документацию  Регистратору при первой возможности, начиная с инициирования процедуры удаления.</p>
 <p>Если в течение 30 дней передача не произошла, домен <b><%= @domain.name %></b> удаляется по истечении 24 часов <b><%= l(@domain.force_delete_at, format: :short) %></b> в случайный момент времени. По желанию после удаления из регистра домен можно снова зарегистрировать по принципу "кто успел, тот и съел".</p>
 <p>Просим обратиться к своему регистратору <%= @domain.registrar %>. Контактные данные регистраторов можно найти по адресу <a href="http://www.internet.ee/ru/p/" target="_blank">http://www.internet.ee/ru/p/</a></p><br /><br />
      <table width="100%" cellspacing="0" cellpadding="0" border="0" align="center" style="text-align: justify; line-height: 16px; font-size: 12px;"><tbody>
        <tr><td align="left" valign="top">
          <p><strong>Lugupidamisega,<br />
          Yours Sincerely,<br />
          С уважением,</strong></p>
          <p><i>Eesti Interneti SA<br />
          Estonian Internet Foundation</i></p>
        </td><td></td></tr>
      </tbody>
    </table>
  </td></tr>
 </tbody></table>
--- a/app/views/mailers/domain_mailer/force_delete.text.erb
+++ b/app/views/mailers/domain_mailer/force_delete.text.erb
@ -0,0 +1,63 @@
 Lugupeetud domeeni <%= @domain.name %> kontaktisik
 Eesti Interneti SA (EIS) domeeniregistrisse on domeeni <%= @domain.name %> kohta kantud järgmised andmed:
 Registreerija nimi: <%= @domain.registrant %>
 Registrikood: <%= @domain.registrant.try(:ident) %>
 EIS-le on saanud teatavaks, et juriidiline isik registrikoodiga <%= @domain.registrant.try(:ident) %> on äriregistrist kustutatud.
 Kuivõrd äriregistrist kustutatud juriidiline isik ei saa olla domeeni registreerijaks, siis algatas EIS <%= l(Time.zone.now, format: :date) %> vastavalt Domeenireeglite (http://www.internet.ee/et/domeenid/) punktile 6.4 domeeni <%= @domain.name %> suhtes 30 päeva pikkuse kustutusmenetluse. Kustutamise käigus jääb domeen internetis kättesaadavaks.
 Domeenireeglite punktist 6.4 tulenevalt on domeeni suhtes õigust omaval registreerijal võimalus esitada domeeni <%= @domain.name %> registripidajale <%= @domain.registrar %> domeeni üleandmise taotlus Domeenireeglite p 5.3.6.2 kohaselt. Taotlusele tuleb lisada domeeni omandamist tõendavad dokumendid, mis asendavad Domeenireeglite punktis 5.3.6.3 sätestatud üleandva registreerija nõusolekut. Vastav dokumentatsioon tuleks esitada Registripidajale esimesel võimalusel.
 Kui üleandmine ei ole 30 päeva jooksul toimunud, kustub domeen <%= @domain.name %> 24 tunni jooksul <%= l(@domain.force_delete_at, format: :short) %> möödumisest juhuslikult valitud ajahetkel. Soovi korral on võimalik domeen pärast selle kustumist registrist "kes ees, see mees" põhimõttel uuesti registreerida.
 Lisaküsimuste korral võtke palun ühendust oma registripidajaga <%= @domain.registrar %>, kelle kontaktandmed leiate lingilt http://www.internet.ee/et/registripidajad/
 Dear contact of <%= @domain.name %> domain
 The following details for domain name <%= @domain.name %> have been entered into the Estonian Internet Foundation's (EIF) domain registry:
 Registrant's name: <%= @domain.registrant %>
 Registry code: <%= @domain.registrant.try(:ident) %>
 EIF has learned that the legal person with registry code <%= @domain.registrant.try(:ident) %> has been deleted from the Business Registry.
 As a terminated legal person cannot be the registrant of a domain, the EIF started the deletion process of <%= @domain.name %> domain on <%= l(Time.zone.now, format: :date) %> according to the Domain Regulation (http://www.internet.ee/en/domains/), using the 30-day delete procedure. The domain will remain available on the Internet during the delete procedure.
 According to paragraph 6.4 of the Domain Regulation, the registrant holding a right to the domain name <%= @domain.name %> can submit a domain name transfer application to the registrar <%= @domain.registrar %> in accordance with paragraph 5.3.6.2 of the Domain Regulation. The application must be submitted together with documents certifying the acquisition of the domain that will replace the consent of the surrendering registrant as laid down in paragraph 5.3.6.3 of the Domain Regulation. The relevant documents should be submitted to the registrar as soon as possible.
 If the transfer has not been made in 30 days, the domain <%= @domain.name %> will be deleted at a randomly chosen moment within 24 hours after <%= l(@domain.force_delete_at, format: :short) %>. After deletion it is possible to reregister the domain on a "first come, first served" basis.
 Should you have additional questions, please contact your registrar <%= @domain.registrar %>, whose contact information can be found at http://www.internet.ee/en/registrars/
 Уважаемое контактное лицо домена <%= @domain.name %>
 В регистр доменов Целевого учреждения Eesti Internet (EIS) внесены следующие данные относительно домена <%= @domain.name %>:
 Имя регистранта: <%= @domain.registrant %>
 Регистрационный код: <%= @domain.registrant.try(:ident) %>
 EIS стало известно, что юридическое лицо с регистрационным кодом <%= @domain.registrant.try(:ident) %> удалено из коммерческого реестра.
 Поскольку прекратившее деятельность юридическое лицо не может являться регистрантом домена, то согласно пункту 6.4 Правил домена (http://www.internet.ee/ru/11364/11400/) EIS <%= l(Time.zone.now, format: :date) %> инициировало удаление домена <%= @domain.name %> с применением 30-дневной процедуры удаления. На протяжении процесса удаления домен остается доступным в Интернете.
 Согласно пункту 6.4 Правил домена регистрант, имеющий право на домен, может подать регистратору <%= @domain.registrar %> домена <%= @domain.name %> ходатайство о передаче домена в соответствии с п. 5.3.6.2 Правил домена. К ходатайству следует приложить подтверждающие приобретение домена документы, заменяющие в соответствии с пунктом 5.3.6.3 Правил домена согласие передающего доменное имя регистранта. EIS предлагает представить соответствующую документацию  Регистратору при первой возможности, начиная с инициирования процедуры удаления.
 Если в течение 30 дней передача не произошла, домен <%= @domain.name %> удаляется по истечении 24 часов <%= l(@domain.force_delete_at, format: :short) %> в случайный момент времени. По желанию после удаления из регистра домен можно снова зарегистрировать по принципу "кто успел, тот и съел".
 Просим обратиться к своему регистратору <%= @domain.registrar %>. Контактные данные регистраторов можно найти по адресу http://www.internet.ee/ru/p/
 Lugupidamisega,
 Yours Sincerely,
 С уважением,
 ---
 Eesti Interneti SA
 Estonian Internet Foundation
--- a/app/views/registrar/contacts/form_partials/_general.haml
+++ b/app/views/registrar/contacts/form_partials/_general.haml
@ -1,3 +1,11 @@
 - ident_complete = f.object.ident_country_code.present? && f.object.ident_type.present? && f.object.ident.present?
 - if @contact.persisted?
  - country_selected = f.object.ident_country_code || (params[:depp_contact].try(:[], :ident_country_code))
  - type_selected = f.object.ident_type || (params[:depp_contact].try(:[], :ident_type))
 - else
  - country_selected = (params[:depp_contact].try(:[], :ident_country_code) || 'EE')
  - type_selected = (params[:depp_contact].try(:[], :ident_type) || 'org')
 .panel.panel-default
  .panel-heading.clearfix
    .pull-left= t(:ident)
@ -6,12 +14,11 @@
      .col-md-3.control-label
        = f.label :ident_country_code, t(:country) + '*'
      .col-md-7
-        - if @contact.persisted? && f.object.ident_country_code.present?
+        - if ident_complete && @contact.persisted? && f.object.ident_country_code.present?
          .disabled-value
            = Country.new(f.object.ident_country_code).try(:to_s)
            = " [#{f.object.ident_country_code}]"
        - else
          - country_selected = @contact.persisted? ? '' : (params[:depp_contact].try(:[], :ident_country_code) || 'EE')
          = f.select(:ident_country_code, SortedCountry.all_options(country_selected), {},
            class: 'js-ident-country-code', required: true)
@ -19,25 +26,23 @@
      .col-md-3.control-label
        = f.label :ident_type, t(:type) + '*'
      .col-md-7
-        - if @contact.persisted? && f.object.ident_type.present?
+        - if ident_complete && @contact.persisted? && f.object.ident_type.present?
          .disabled-value
            = Depp::Contact.type_string(f.object.ident_type)
            = " [#{f.object.ident_type}]"
        - else
-          - type_selected = @contact.persisted? ? '' : (params[:depp_contact].try(:[], :ident_type) || 'bic')
+          = f.select(:ident_type, Depp::Contact::SELECTION_TYPES, { selected: type_selected },
          = f.select(:ident_type, Depp::Contact::SELECTION_TYPES,
            { selected: type_selected },
            class: 'js-ident-type', required: true)
    .form-group
      .col-md-3.control-label
        = f.label :ident, t(:ident) + '*'
      .col-md-7
-        - if @contact.persisted? && f.object.ident.present?
+        - if ident_complete && @contact.persisted? && f.object.ident.present?
          .disabled-value
            = f.object.ident
        - else
-          = f.text_field :ident, class: 'form-control', required: true, disabled: @contact.persisted?
+          = f.text_field :ident, class: 'form-control', required: true
          - tip_visibility = f.object.ident_type == 'birthday' ? '' : 'display: none'
          .js-ident-tip{ style: tip_visibility }
            = t(:birthday_format)
--- a/app/views/registrar/contacts/partials/_general.haml
+++ b/app/views/registrar/contacts/partials/_general.haml
@ -10,7 +10,6 @@
      %dd
        = text_field_tag :password, @contact.password, readonly: true, class: 'partially-hidden'
      %br
      %dt= t(:ident)
--- a/app/views/registrar/contacts/partials/_statuses.haml
+++ b/app/views/registrar/contacts/partials/_statuses.haml
@ -12,5 +12,3 @@
          %tr
            %td= s.first
            %td= s.second
--- a/app/views/registrar/dashboard/show.haml
+++ b/app/views/registrar/dashboard/show.haml
@ -0,0 +1,3 @@
 .panel.panel-default
  .panel-body
    = t('welcome_to_eis_registrar_portal')
--- a/config/application-example.yml
+++ b/config/application-example.yml
@ -62,7 +62,8 @@ contact_org_enabled: 'false'
 # Enable iptables counter updater
 # iptables_counter_enabled: 'true'
-# Custom legal document types
+# Custom legal document types. Changing this requires updating EPP extension schema for allowed legalDocEnumType values.
 # System default for legal document types is: pdf,bdoc,ddoc,zip,rar,gz,tar,7z,odt,doc,docx
 # legal_document_types: "pdf,bdoc,ddoc,zip,rar,gz,tar,7z,odt,doc,docx"
--- a/config/database-example-development.yml
+++ b/config/database-example-development.yml
@ -21,3 +21,21 @@ api_log_development:
 registrant_write_development:
  <<: *default
  database: registry_development
 test:
  <<: *default
  database: registry_test
 whois_test:
  <<: *default
  database: registry_whois_test
 api_log_test:
  <<: *default
  database: registry_api_log_test
 registrant_write_test:
  <<: *default
  database: registry_test
--- a/config/deploy-example.rb
+++ b/config/deploy-example.rb
@ -1,7 +1,6 @@
 require 'mina/bundler'
 require 'mina/rails'
 require 'mina/git'
 require 'mina/whenever'
 require 'mina/rbenv'  # for rbenv support. (http://rbenv.org)
 # Basic settings:
@ -17,6 +16,7 @@ set :repository, 'https://github.com/domify/registry' # dev repo
 set :branch, 'master'
 set :rails_env, 'alpha'
 set :que_restart, true
 set :cron_group, 'registry'
 # alpha branch, only use for heavy debugging
 task :epp do
@ -36,6 +36,7 @@ task :registrar do
  set :branch, 'master'
  set :rails_env, 'alpha'
  set :que_restart, false
  set :cron_group, 'registrar'
 end
 # alpha branch, only use for heavy debugging
@ -46,6 +47,7 @@ task :registrant do
  set :branch, 'master'
  set :rails_env, 'alpha'
  set :que_restart, false
  set :cron_group, 'registrant'
 end
 # staging
@ -66,6 +68,7 @@ task :eppst do
  set :branch, 'staging'
  set :rails_env, 'staging'
  set :que_restart, false
  set :cron_group, 'epp'
 end
 # staging
@ -76,6 +79,7 @@ task :registrarst do
  set :branch, 'staging'
  set :rails_env, 'staging'
  set :que_restart, false
  set :cron_group, 'registrar'
 end
 # staging
@ -86,6 +90,7 @@ task :registrantst do
  set :branch, 'staging'
  set :rails_env, 'staging'
  set :que_restart, false
  set :cron_group, 'registrant'
 end
 # production
@ -106,6 +111,7 @@ task :epppr do
  set :branch, 'master'
  set :rails_env, 'production'
  set :que_restart, false
  set :cron_group, 'epp'
 end
 # production
@ -116,6 +122,7 @@ task :registrarpr do
  set :branch, 'master'
  set :rails_env, 'production'
  set :que_restart, false
  set :cron_group, 'registrar'
 end
 # production
@ -126,6 +133,7 @@ task :registrantpr do
  set :branch, 'master'
  set :rails_env, 'production'
  set :que_restart, false
  set :cron_group, 'registrant'
 end
 # Manually create these paths in shared/ (eg: shared/config/database.yml) in your server.
@ -251,6 +259,32 @@ namespace :cron do
  end
 end
 namespace :whenever do
  name = -> { "#{domain}_#{rails_env}" }
  desc "Clear crontab"
  task clear: :environment  do
    queue %(
      echo "-----> Clear crontab for #{name.call}"
      #{echo_cmd %(cd #{deploy_to!}/#{current_path!} ; #{bundle_bin} exec whenever --clear-crontab #{name.call} --set 'environment=#{rails_env}&path=#{deploy_to!}/#{current_path!}&cron_group=#{cron_group}')}
    )
  end
  desc "Update crontab"
  task update: :environment do
    queue %(
      echo "-----> Update crontab for #{name.call}"
      #{echo_cmd %(cd #{deploy_to!}/#{current_path!} ; #{bundle_bin} exec whenever --update-crontab #{name.call} --set 'environment=#{rails_env}&path=#{deploy_to!}/#{current_path!}&cron_group=#{cron_group}')}
    )
  end
  desc "Write crontab"
  task write: :environment do
    queue %(
      echo "-----> Update crontab for #{name.call}"
      #{echo_cmd %(cd #{deploy_to!}/#{current_path!} ; #{bundle_bin} exec whenever --write-crontab #{name.call} --set 'environment=#{rails_env}&path=#{deploy_to!}/#{current_path!}&cron_group=#{cron_group}')}
    )
  end
 end
 # For help in making your deploy script, see the Mina documentation:
 #
 #  - http://nadarei.co/mina
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -148,7 +148,6 @@ en:
            value:
              taken: 'Status already exists on this domain'
        user:
          attributes:
            username:
@ -277,7 +276,7 @@ en:
  name: 'Name'
  transfer_can_be_approved_only_by_current_registrar: 'Transfer can be approved only by current domain registrar'
  registrar: 'Registrar'
-  owner: 'Owner'
+  owner: 'Registrant'
  domain_details: 'Domain details'
  registered_at: 'Registered at'
  password: 'Password'
@ -515,7 +514,7 @@ en:
  crt_revoked: 'CRT (revoked)'
  contact_org_error: 'Parameter value policy error. Org must be blank'
  contact_fax_error: 'Parameter value policy error. Fax must be blank'
-  ident_update_error: 'Parameter value policy error. Update of ident data not allowed'
+  ident_update_error: 'Parameter value policy error. Update of ident data not allowed [ident]'
  invoices: 'Invoices'
  no_such_user: 'No such user'
  log_in: 'Log in'
@ -730,6 +729,7 @@ en:
    <b>The domain name server</b>
    is a computer that saves and forwards via a general-access data communications network such data that is connected with the domain name and corresponding IP addresses. Your IT helpdesk or Internet service provider will have the necessary information about the domain name servers.
  account_activity: 'Account activity'
  account_activities: 'Account activities'
  receipt_date: 'Receipt date'
  manual_binding: 'Manual binding'
  transaction_is_already_binded: 'Transaction is already binded'
@ -803,20 +803,20 @@ en:
  edit_white_ip: 'Edit white IP'
  confirm_domain_delete: 'Confirm domain delete'
  reject_domain_delete: 'Reject domain delete'
-  confirm_domain_registrant_update: 'Confirm domain ownership change'
+  confirm_domain_registrant_update: 'Confirm domain registrant change'
-  reject_domain_registrant_update: 'Reject domain ownership change'
+  reject_domain_registrant_update: 'Reject domain registrant change'
-  domain_registrant_change_title: 'Please confirm or reject domain ownership change'
+  domain_registrant_change_title: 'Please confirm or reject domain registrant change'
-  domain_registrant_change_body: 'There is a request to change domain ownership. Before doing it we need your confirmation.'
+  domain_registrant_change_body: 'There is a request to change domain registrant. Before doing it we need your confirmation.'
  new_pending_registrant: 'New registrant'
  current_registrant: 'Current registrant'
  registrant_domain_verification_failed: 'Domain verification not available'
-  domain_registrant_change_confirmed_title: 'Domain owner change has been received'
+  domain_registrant_change_confirmed_title: 'Domain registrant change has been received'
-  domain_registrant_change_confirmed_body: 'You have successfully submitted domain owner change confirmation. You will receive email confirmation.'
+  domain_registrant_change_confirmed_body: 'You have successfully submitted domain registrant change confirmation. You will receive email confirmation.'
-  registrant_domain_verification_confirmed: 'Domain owner change has successfully received.'
+  registrant_domain_verification_confirmed: 'Domain registrant change has successfully received.'
  registrant_domain_verification_confirmed_failed: 'Something went wrong.'
-  domain_registrant_change_rejected_title: 'Domain owner change has been rejected'
+  domain_registrant_change_rejected_title: 'Domain registrant change has been rejected'
-  domain_registrant_change_rejected_body: 'You have rejected domain owner change.'
+  domain_registrant_change_rejected_body: 'You have rejected domain registrant change.'
-  registrant_domain_verification_rejected: 'Domain owner change has been rejected successfully.'
+  registrant_domain_verification_rejected: 'Domain registrant change has been rejected successfully.'
  registrant_domain_verification_rejected_failed: 'Something went wrong.'
  domain_delete_title: 'Please confirm or reject domain deletation'
  domain_delete_body: 'There is a request to delete a domain. Before doing it we need your confirmation.'
@ -917,3 +917,7 @@ en:
  mail_templates: Mail Templates
  new_mail_template: New mail template
  failure: "It was not saved"
  contact_is_not_valid: 'Contact %{value} is not valid, please fix the invalid contact'
  force_delete_subject: 'Kustutusmenetluse teade'
  welcome_to_eis_registrar_portal: 'Welcome to EIS Registrar portal'
  interfaces: 'Interfaces'
--- a/config/routes.rb
+++ b/config/routes.rb
@ -19,7 +19,8 @@ Rails.application.routes.draw do
  # REGISTRAR ROUTES
  namespace :registrar do
-    root 'polls#show'
+    resource :dashboard
    root 'dashboard#show'
    resources :invoices do
      member do
@ -161,6 +162,7 @@ Rails.application.routes.draw do
    resources :keyrelays
    resources :pricelists
    resources :mail_templates
    resources :account_activities
    resources :bank_statements do
      resources :bank_transactions
--- a/config/schedule.rb
+++ b/config/schedule.rb
@ -12,43 +12,49 @@ job_type :runner, "cd #{path} && bin/rails r -e :environment \":task\" :output"
 # cron output
 set :output, 'log/cron.log'
-every 10.minutes do
+if @cron_group == 'registry'
  every 10.minutes do
    runner 'ZonefileSetting.generate_zonefiles'
-end
+  end
-every 6.months, at: '12:01am' do
+  every 6.months, at: '12:01am' do
    runner 'Contact.destroy_orphans'
-end
+  end
-every :day, at: '12:10am' do
+  every :day, at: '12:10am' do
    runner 'Invoice.cancel_overdue_invoices'
-end
+  end
-# TODO
+  # TODO
-# every :day, at: '12:15am' do
+  # every :day, at: '12:15am' do
    # runner 'Domain.expire_domains'
-# end
+  # end
-every :day, at: '12:20am' do
+  every :day, at: '12:20am' do
    runner 'Domain.clean_expired_pendings'
-end
+  end
-every 3.hours do
+  every 3.hours do
    runner 'Certificate.update_crl'
-end
+  end
-every 42.minutes do
+  every 42.minutes do
    runner 'Domain.destroy_delete_candidates'
-end
+  end
-every 45.minutes do
+  every 45.minutes do
    runner 'Domain.start_expire_period'
-end
+  end
-every 50.minutes do
+  every 50.minutes do
    runner 'Domain.start_delete_period'
  end
  every 52.minutes do
    runner 'Domain.start_redemption_grace_period'
  end
 end
-every 52.minutes do
+every 10.minutes do
-  runner 'Domain.start_redemption_grace_period'
+  runner 'Setting.reload_settings!'
 end
--- a/db/migrate/20150903105659_add_updated_token.rb
+++ b/db/migrate/20150903105659_add_updated_token.rb
@ -0,0 +1,5 @@
 class AddUpdatedToken < ActiveRecord::Migration
  def change
    add_column :contacts, :legacy_ident_updated_at, :datetime
  end
 end
--- a/db/migrate/20150910113839_add_copy_from_id.rb
+++ b/db/migrate/20150910113839_add_copy_from_id.rb
@ -0,0 +1,5 @@
 class AddCopyFromId < ActiveRecord::Migration
  def change
    add_column :contacts, :copy_from_id, :integer
  end
 end
--- a/db/migrate/20150915094707_add_multiple_interfaces_for_white_ip.rb
+++ b/db/migrate/20150915094707_add_multiple_interfaces_for_white_ip.rb
@ -0,0 +1,6 @@
 class AddMultipleInterfacesForWhiteIp < ActiveRecord::Migration
  def change
    change_column :white_ips, :interface, "varchar[] USING (string_to_array(interface, ','))"
    rename_column :white_ips, :interface, :interfaces
  end
 end
--- a/db/migrate/20150921110152_update_contacts_logs.rb
+++ b/db/migrate/20150921110152_update_contacts_logs.rb
@ -0,0 +1,5 @@
 class UpdateContactsLogs < ActiveRecord::Migration
  def change
    add_column :log_contacts, :legacy_ident_updated_at, :datetime
  end
 end
--- a/db/migrate/20150921111842_rename_contact_ident_updator.rb
+++ b/db/migrate/20150921111842_rename_contact_ident_updator.rb
@ -0,0 +1,6 @@
 class RenameContactIdentUpdator < ActiveRecord::Migration
  def change
    rename_column :contacts,     :legacy_ident_updated_at, :ident_updated_at
    rename_column :log_contacts, :legacy_ident_updated_at, :ident_updated_at
  end
 end
--- a/db/schema-read-only.rb
+++ b/db/schema-read-only.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20150825125118) do
+ActiveRecord::Schema.define(version: 20150921111842) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@ -201,6 +201,9 @@ ActiveRecord::Schema.define(version: 20150825125118) do
    t.integer  "legacy_id"
    t.string   "statuses",           array: true
    t.hstore   "status_notes"
    t.integer  "legacy_history_id"
    t.integer  "copy_from_id"
    t.datetime "ident_updated_at"
  end
  add_index "contacts", ["code"], name: "index_contacts_on_code", using: :btree
@ -592,6 +595,7 @@ ActiveRecord::Schema.define(version: 20150825125118) do
    t.datetime "created_at"
    t.string   "session"
    t.json     "children"
    t.datetime "ident_updated_at"
  end
  add_index "log_contacts", ["item_type", "item_id"], name: "index_log_contacts_on_item_type_and_item_id", using: :btree
@ -886,8 +890,8 @@ ActiveRecord::Schema.define(version: 20150825125118) do
    t.string   "cc"
    t.text     "body",       null: false
    t.text     "text_body",  null: false
-    t.datetime "created_at", null: false
+    t.datetime "created_at"
-    t.datetime "updated_at", null: false
+    t.datetime "updated_at"
  end
  create_table "messages", force: :cascade do |t|
@ -1062,7 +1066,7 @@ ActiveRecord::Schema.define(version: 20150825125118) do
    t.integer  "registrar_id"
    t.string   "ipv4"
    t.string   "ipv6"
-    t.string   "interface"
+    t.string   "interfaces",   array: true
    t.datetime "created_at"
    t.datetime "updated_at"
    t.string   "creator_str"
--- a/db/structure.sql
+++ b/db/structure.sql
@ -596,7 +596,10 @@ CREATE TABLE contacts (
    state character varying,
    legacy_id integer,
    statuses character varying[],
-    status_notes hstore
+    status_notes hstore,
    legacy_history_id integer,
    copy_from_id integer,
    ident_updated_at timestamp without time zone
 );
@ -1500,7 +1503,8 @@ CREATE TABLE log_contacts (
    object_changes json,
    created_at timestamp without time zone,
    session character varying,
-    children json
+    children json,
    ident_updated_at timestamp without time zone
 );
@ -2241,8 +2245,8 @@ CREATE TABLE mail_templates (
    cc character varying,
    body text NOT NULL,
    text_body text NOT NULL,
-    created_at timestamp without time zone NOT NULL,
+    created_at timestamp without time zone,
-    updated_at timestamp without time zone NOT NULL
+    updated_at timestamp without time zone
 );
@ -2715,7 +2719,7 @@ CREATE TABLE white_ips (
    registrar_id integer,
    ipv4 character varying,
    ipv6 character varying,
-    interface character varying,
+    interfaces character varying[],
    created_at timestamp without time zone,
    updated_at timestamp without time zone,
    creator_str character varying,
@ -4926,5 +4930,19 @@ INSERT INTO schema_migrations (version) VALUES ('20150803080914');
 INSERT INTO schema_migrations (version) VALUES ('20150810114746');
 INSERT INTO schema_migrations (version) VALUES ('20150810114747');
 INSERT INTO schema_migrations (version) VALUES ('20150825125118');
 INSERT INTO schema_migrations (version) VALUES ('20150827151906');
 INSERT INTO schema_migrations (version) VALUES ('20150903105659');
 INSERT INTO schema_migrations (version) VALUES ('20150910113839');
 INSERT INTO schema_migrations (version) VALUES ('20150915094707');
 INSERT INTO schema_migrations (version) VALUES ('20150921110152');
 INSERT INTO schema_migrations (version) VALUES ('20150921111842');
--- a/doc/application_build_doc.md
+++ b/doc/application_build_doc.md
@ -117,7 +117,7 @@ General rake and mina tips:
 ### CRON
-Crontab can be setup after deploy. Jobs can be viewed [here](/config/schedule.rb).
+Crontab can be setup after deploy. Jobs can be viewed [here](/config/schedule.rb). Some jobs are dependent on `cron_group` variable set in [deploy-example.rb](/config/deploy-example.rb) file.
    mina pr cron:setup # to update the crontab.
    mina pr cron:clear # to clear crontab.
--- a/doc/schemas/eis-1.0.xsd
+++ b/doc/schemas/eis-1.0.xsd
@ -90,7 +90,7 @@
  <simpleType name="identEnumType">
    <restriction base="token">
-      <enumeration value="bic"/>
+      <enumeration value="org"/>
      <enumeration value="priv"/>
      <enumeration value="birthday"/>
    </restriction>
--- a/lib/schemas/eis-1.0.xsd
+++ b/lib/schemas/eis-1.0.xsd
@ -90,7 +90,7 @@
  <simpleType name="identEnumType">
    <restriction base="token">
-      <enumeration value="bic"/>
+      <enumeration value="org"/>
      <enumeration value="priv"/>
      <enumeration value="birthday"/>
    </restriction>
--- a/lib/sorted_country.rb
+++ b/lib/sorted_country.rb
@ -6,7 +6,7 @@ class SortedCountry
    include ActionView::Helpers
    def all_options(selected = nil)
-      quick_options = options_for_select([['', '']] + quick_list, { selected: selected })  
+      quick_options = options_for_select(quick_list, { selected: selected })  
      # no double select
      selected = quick_list.map(&:second).include?(selected) ? '' : selected 
--- a/lib/tasks/import.rake
+++ b/lib/tasks/import.rake
@ -138,7 +138,7 @@ namespace :import do
    ident_type_map = {
      2 => Contact::PRIV,
      3 => Contact::PASSPORT,
-      4 => Contact::BIC,
+      4 => Contact::ORG,
      6 => Contact::BIRTHDAY
    }
--- a/spec/epp/domain_spec.rb
+++ b/spec/epp/domain_spec.rb
@ -23,7 +23,7 @@ describe 'EPP Domain', epp: true do
    Fabricate(:contact, code: 'FIXED:CITIZEN_1234')
    Fabricate(:contact, code: 'FIXED:SH8013')
    Fabricate(:contact, code: 'FIXED:SH801333')
-    Fabricate(:contact, code: 'FIXED:JURIDICAL_1234', ident_type: 'bic')
+    Fabricate(:contact, code: 'FIXED:JURIDICAL_1234', ident_type: 'org')
    Fabricate(:reserved_domain)
    Fabricate(:blocked_domain)
    @pricelist_reg_1_year = Fabricate(:pricelist, valid_to: nil)
@ -1181,9 +1181,10 @@ describe 'EPP Domain', epp: true do
      end
      # all domain contacts should be under registrar2 now
      domain.reload
      domain.registrant.reload
      domain.registrant.registrar_id.should == @registrar2.id
-      domain.registrant.id.should == original_oc_id
+      domain.registrant.id.should_not == original_oc_id
      # must generate new code
      domain.registrant.code.should_not == original_oc_code
@ -1263,24 +1264,24 @@ describe 'EPP Domain', epp: true do
    end
    it 'transfers domain when domain contacts are some other domain contacts' do
-      old_contact = Fabricate(:contact, registrar: @registrar1)
+      old_contact = Fabricate(:contact, registrar: @registrar1, name: 'old name')
      domain.tech_contacts << old_contact
      domain.admin_contacts << old_contact
      d = Fabricate(:domain)
      d.tech_contacts << old_contact
      d.admin_contacts << old_contact
      original_oc_id = domain.registrant.id
      original_contact_count = Contact.count
      original_domain_contact_count = DomainContact.count
      login_as :registrar2 do
        pw = domain.auth_info
        xml = domain_transfer_xml({
          name: { value: domain.name },
          authInfo: { pw: { value: pw } }
        })
      login_as :registrar2 do
        response = epp_plain_request(xml)
        response[:msg].should == 'Command completed successfully'
        response[:result_code].should == '1000'
@ -1289,8 +1290,7 @@ describe 'EPP Domain', epp: true do
      # all domain contacts should be under registrar2 now
      domain.reload
      domain.registrant.registrar_id.should == @registrar2.id
-      # registrant should not be a new record
+      domain.registrant.id.should_not == original_oc_id
      domain.registrant.id.should == original_oc_id
      # old contact must not change
      old_contact.registrar_id.should == @registrar1.id
@ -1299,14 +1299,14 @@ describe 'EPP Domain', epp: true do
        x.registrar_id.should == @registrar2.id
      end
-      new_contact = Contact.last
+      new_contact = Contact.last(4).detect { |c| c.name == 'old name' } # database order
-      new_contact.name.should == old_contact.name
+      new_contact.name.should == 'old name'
      # there should be 2 references to the new contact
      domain.domain_contacts.where(contact_id: new_contact.id).count.should == 2
-      # there should be only one new contact object
+      # there should be four new contact object
-      (original_contact_count + 1).should == Contact.count
+      (original_contact_count + 4).should == Contact.count
      # and no new references
      original_domain_contact_count.should == DomainContact.count
@ -1344,7 +1344,7 @@ describe 'EPP Domain', epp: true do
      domain.reload
      domain.registrant.registrar_id.should == @registrar2.id
      # registrant should not be a new record
-      domain.registrant.id.should == original_oc_id
+      domain.registrant.id.should_not == original_oc_id
      # old contact must not change
      old_contact.registrar_id.should == @registrar1.id
@ -1353,13 +1353,11 @@ describe 'EPP Domain', epp: true do
        x.registrar_id.should == @registrar2.id
      end
-      new_contact, new_contact_2 = Contact.last(2)
+      new_contact = Contact.last(5).detect { |c| c.name == 'first' }
      new_contact_2 = Contact.last(5).detect { |c| c.name == 'second' }
-      # database does not follow always same order, thus we swap object when different order
+      new_contact.name.should == 'first'
-      new_contact, new_contact_2 = new_contact_2, new_contact if new_contact.name != 'first'
+      new_contact_2.name.should == 'second'
      new_contact.name.should == old_contact.name
      new_contact_2.name.should == old_contact_2.name
      # there should be 2 references to the new contact (admin + tech)
      domain.domain_contacts.where(contact_id: new_contact.id).count.should == 2
@ -1367,8 +1365,8 @@ describe 'EPP Domain', epp: true do
      # there should be 1 reference to the new contact 2 (tech)
      domain.domain_contacts.where(contact_id: new_contact_2.id).count.should == 1
-      # there should be only two new contact objects
+      # there should be four new contact objects
-      (original_contact_count + 2).should == Contact.count
+      (original_contact_count + 5).should == Contact.count
      # and no new references
      original_domain_contact_count.should == DomainContact.count
@ -1435,6 +1433,43 @@ describe 'EPP Domain', epp: true do
      original_contacts_codes.sort.should == domain.contacts.pluck(:code).sort
    end
    it 'transfers domain contact should populate copy_from_id' do
      d = Fabricate(:domain)
      d.tech_contacts << domain.registrant
      original_oc_id = domain.registrant.id
      original_oc_code = domain.registrant.code
      domain.registrant.copy_from_id.should == nil
      original_contact_codes = domain.contacts.pluck(:code)
      pw = domain.auth_info
      xml = domain_transfer_xml({
        name: { value: domain.name },
        authInfo: { pw: { value: pw } }
      })
      login_as :registrar2 do
        response = epp_plain_request(xml)
        response[:msg].should == 'Command completed successfully'
        response[:result_code].should == '1000'
      end
      # all domain contacts should be under registrar2 now
      domain.reload
      domain.registrant.registrar_id.should == @registrar2.id
      # registrant should be a new record
      domain.registrant.id.should_not == original_oc_id
      domain.registrant.copy_from_id.should == original_oc_id
      # must generate new code
      domain.registrant.code.should_not == original_oc_code
      domain.contacts.each do |c|
        c.registrar_id.should == @registrar2.id
        original_contact_codes.include?(c.code).should_not == true
      end
    end
    it 'should not creates transfer without password' do
      xml = domain_transfer_xml({
        name: { value: domain.name }
@ -1767,6 +1802,23 @@ describe 'EPP Domain', epp: true do
      end
    end
    it 'should not transfer when in prohibited status' do
      domain.statuses = [DomainStatus::SERVER_TRANSFER_PROHIBITED]
      domain.save
      pw = domain.auth_info
      xml = domain_transfer_xml({
        name: { value: domain.name },
        authInfo: { pw: { value: pw } }
      })
      login_as :registrar2 do
        response = epp_plain_request(xml)
        response[:msg].should == 'Object status prohibits operation'
        response[:result_code].should == '2304'
      end
    end
    ### UPDATE ###
    it 'should update right away without update pending status' do
      existing_pw = domain.auth_info
@ -1997,7 +2049,7 @@ describe 'EPP Domain', epp: true do
          _anonymus: [
            { contact: { value: 'FIXED:MAK21', attrs: { type: 'tech' } } },
            { status: { value: 'Payment overdue.', attrs: { s: 'clientHold', lang: 'en' } } },
-            { status: { value: '', attrs: { s: 'clientUpdateProhibited' } } }
+            { status: { value: '', attrs: { s: 'clientRenewProhibited' } } }
          ]
        ]
      }, {
@ -2027,6 +2079,7 @@ describe 'EPP Domain', epp: true do
      Fabricate(:contact, code: 'FIXED:MAK21')
      response = epp_plain_request(xml)
      response[:results][0][:result_code].should == '1000'
      d = Domain.last
@ -2039,7 +2092,7 @@ describe 'EPP Domain', epp: true do
      d.statuses.count.should == 2
      d.statuses.include?('clientHold').should == true
-      d.statuses.include?('clientUpdateProhibited').should == true
+      d.statuses.include?('clientRenewProhibited').should == true
      d.dnskeys.count.should == 2
@ -2221,7 +2274,7 @@ describe 'EPP Domain', epp: true do
          _anonymus: [
            { contact: { value: 'FIXED:CITIZEN_1234', attrs: { type: 'tech' } } },
            { status: { value: 'Payment overdue.', attrs: { s: 'clientHold', lang: 'en' } } },
-            { status: { value: '', attrs: { s: 'clientUpdateProhibited' } } }
+            { status: { value: '', attrs: { s: 'clientRenewProhibited' } } }
          ]
        ]
      }, {
@ -2288,7 +2341,7 @@ describe 'EPP Domain', epp: true do
      d.dnskeys.count.should == 1
      d.statuses.count.should == 1
-      d.statuses.first.should == 'clientUpdateProhibited'
+      d.statuses.first.should == 'clientRenewProhibited'
      rem_ns = d.nameservers.find_by(hostname: 'ns1.example.com')
      rem_ns.should be_falsey
--- a/spec/fabricators/registrar_fabricator.rb
+++ b/spec/fabricators/registrar_fabricator.rb
@ -9,7 +9,7 @@ Fabricator(:registrar) do
  country_code 'EE'
  code { sequence(:code) { |i| "REGISTRAR#{i}" } }
  reference_no { sequence(:reference_no) { |i| "RF#{i}" } }
-  white_ips { [Fabricate(:white_ip), Fabricate(:white_ip, interface: WhiteIp::REGISTRAR)] }
+  white_ips { [Fabricate(:white_ip), Fabricate(:white_ip, interfaces: [WhiteIp::REGISTRAR])] }
 end
 Fabricator(:registrar_with_no_account_activities, from: :registrar) do
--- a/spec/fabricators/white_ip_fabricator.rb
+++ b/spec/fabricators/white_ip_fabricator.rb
@ -1,8 +1,8 @@
 Fabricator(:white_ip) do
  ipv4 '127.0.0.1'
-  interface WhiteIp::API
+  interfaces [WhiteIp::API]
 end
 Fabricator(:white_ip_registrar, from: :white_ip) do
-  interface WhiteIp::REGISTRAR
+  interfaces [WhiteIp::REGISTRAR]
 end
--- a/spec/features/admin/account_activity_spec.rb
+++ b/spec/features/admin/account_activity_spec.rb
@ -0,0 +1,45 @@
 require 'rails_helper'
 feature 'Account activity', type: :feature do
  before :all do
    @user = Fabricate(:admin_user)
    r = Fabricate(:registrar)
    Fabricate.times(5, :account_activity, account: r.cash_account)
    Fabricate(:account_activity, account: r.cash_account, description: 'acc activity test', sum: -12)
  end
  context 'as unknown user' do
    it 'should redirect to sign in page' do
      visit '/admin/account_activities'
      current_path.should == '/admin/login'
      page.should have_text('You need to sign in or sign up')
    end
  end
  context 'as signed in user' do
    before do
      sign_in @user
    end
    it 'should navigate to account activities page' do
      visit admin_account_activities_path
      page.should have_text('+110.0 EUR', count: 5)
      page.should have_text('-12.0 EUR')
    end
    it 'should search activities by description' do
      visit admin_account_activities_path
      fill_in 'Description', with: 'test'
      find('.btn.btn-default.search').click
      page.should have_text('-12.0 EUR')
      page.should_not have_text('+110.0 EUR')
    end
    it 'should download csv' do
      visit admin_account_activities_path
      click_link 'Export CSV'
      response_headers['Content-Type'].should == 'text/csv'
      response_headers['Content-Disposition'].should match(/attachment; filename="account_activities_\d+\.csv"/)
    end
  end
 end
--- a/spec/features/admin/white_ip_spec.rb
+++ b/spec/features/admin/white_ip_spec.rb
@ -26,7 +26,7 @@ feature 'Api users', type: :feature do
      fill_in 'IPv4', with: '192.168.1.1'
      fill_in 'IPv6', with: 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329'
-      select 'API', from: 'Interface'
+      find('#white_ip_interfaces_api').set(true)
      click_button 'Save'
      page.should have_text('Record created')
--- a/spec/features/registrar/account_activity_spec.rb
+++ b/spec/features/registrar/account_activity_spec.rb
@ -20,7 +20,7 @@ feature 'Account activity', type: :feature do
    end
    it 'should navigate to account activities page' do
-      current_path.should == '/registrar'
+      current_path.should == '/registrar/poll'
      click_link 'Billing'
      click_link 'Account activity'
--- a/spec/features/registrar/contact_spec.rb
+++ b/spec/features/registrar/contact_spec.rb
@ -62,7 +62,7 @@ feature 'Contact', type: :feature do
        visit '/registrar/contacts/new'
        current_path.should == '/registrar/contacts/new'
-        fill_in 'depp_contact_ident',  with: 'bic-ident'
+        fill_in 'depp_contact_ident',  with: 'org-ident'
        fill_in 'depp_contact_name',   with: 'Business Name Ltd'
        fill_in 'depp_contact_email',  with: 'example@example.com'
        fill_in 'depp_contact_street', with: 'Example street 12'
@ -72,7 +72,7 @@ feature 'Contact', type: :feature do
        click_button 'Create'
        page.should have_text('Business Name Ltd')
-        page.should have_text('bic-ident [EE bic]')
+        page.should have_text('org-ident [EE org]')
      end
      it 'should create new contact with success' do
--- a/spec/features/registrar/domain_spec.rb
+++ b/spec/features/registrar/domain_spec.rb
@ -54,6 +54,8 @@ feature 'Domains', type: :feature do
      click_link "#{user2} (#{user2.roles.first}) - #{user2.registrar}"
      visit '/registrar/domains'
      page.should_not have_text(d1.name)
      page.should have_text(d2.name)
    end
--- a/spec/features/registrar/invoices_spec.rb
+++ b/spec/features/registrar/invoices_spec.rb
@ -20,7 +20,7 @@ feature 'Invoices', type: :feature do
    end
    it 'should navigate to the domains index page' do
-      current_path.should == '/registrar'
+      current_path.should == '/registrar/poll'
      click_link 'Billing'
      current_path.should == '/registrar/invoices'
@ -58,6 +58,7 @@ feature 'Invoices', type: :feature do
      page.should have_text(@invoice.to_s)
      page.should have_text('Buyer')
      click_link "#{user2} (#{user2.roles.first}) - #{user2.registrar}"
      visit "/registrar/invoices/#{@invoice.id}"
      page.should have_text('You are not authorized to access this page.')
      visit "/registrar/invoices/#{@invoice.id}/forward"
--- a/spec/models/contact_spec.rb
+++ b/spec/models/contact_spec.rb
@ -53,8 +53,8 @@ describe Contact do
      @contact.errors[:phone].should == ["Phone nr is invalid"]
    end
-    it 'should require country code when bic' do
+    it 'should require country code when org' do
-      @contact.ident_type = 'bic'
+      @contact.ident_type = 'org'
      @contact.valid?
      @contact.errors[:ident_country_code].should == ['is missing']
    end
@ -66,7 +66,7 @@ describe Contact do
    end
    it 'should validate correct country code' do
-      @contact.ident_type = 'bic'
+      @contact.ident_type = 'org'
      @contact.ident_country_code = 'EE'
      @contact.valid?
@ -75,7 +75,7 @@ describe Contact do
    it 'should require valid country code' do
      @contact.ident = '123'
-      @contact.ident_type = 'bic'
+      @contact.ident_type = 'org'
      @contact.ident_country_code = 'INVALID'
      @contact.valid?
@ -84,7 +84,7 @@ describe Contact do
    end
    it 'should convert to alpha2 country code' do
-      @contact.ident_type = 'bic'
+      @contact.ident_type = 'org'
      @contact.ident_country_code = 'ee'
      @contact.valid?
@ -116,6 +116,10 @@ describe Contact do
      @contact.valid?
      @contact.errors[:email].should == ['Email is invalid']
    end
    it 'should have ident updated because the logic itself is dedicated for legacy contacts ' do
      @contact.ident_updated_at.should_not == nil
    end
  end
  context 'with valid attributes' do
@ -148,8 +152,8 @@ describe Contact do
      @contact.domains_present?.should == false
    end
-    it 'bic should be valid' do
+    it 'org should be valid' do
-      @contact.ident_type = 'bic'
+      @contact.ident_type = 'org'
      @contact.ident = '1234'
      @contact.valid?
      @contact.errors.full_messages.should match_array([])
@ -234,6 +238,18 @@ describe Contact do
      contact.status_notes['someotherstatus'].should == nil
    end
    it 'should have ident already updated because the logic itself is only for legacy contacts' do
      @contact.ident_updated_at.should_not == nil
    end
    it 'should have not update ident updated at when initializing old contact' do
      # creating a legacy contact
      contact = Fabricate(:contact)
      contact.update_column(:ident_updated_at, nil)
      Contact.find(contact.id).ident_updated_at.should == nil
    end
    context 'as birthday' do
      before do
        @domain = Fabricate(:domain)
--- a/spec/models/domain_spec.rb
+++ b/spec/models/domain_spec.rb
@ -454,8 +454,12 @@ describe Domain do
      @domain.set_pending_delete
      @domain.save
-      @domain.statuses.should == ['pendingDelete']
+      @domain.statuses.should == ['pendingDelete', 'serverHold']
      @domain.pending_delete?.should == true
      @domain.statuses = ['serverManualInzone']
      @domain.save
      @domain.set_pending_delete
      @domain.statuses.sort.should == ['pendingDelete', 'serverManualInzone'].sort
      @domain.statuses = DomainStatus::OK # restore
    end
@ -463,6 +467,7 @@ describe Domain do
      @domain.statuses = DomainStatus::OK # restore
      @domain.pending_delete?.should == false
      @domain.statuses << DomainStatus::CLIENT_DELETE_PROHIBITED
      @domain.save
      @domain.set_pending_delete.should == nil