zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-11 07:04:47 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' into 2143-add-an-exception-for-DNSSEC-in-the-registry-lock

Browse source
This commit is contained in:
OlegPhenomenon 2021-09-14 11:49:19 +03:00 committed by GitHub
commit 4b80ed5699
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
149 changed files with 550 additions and 593 deletions
Download patch file Download diff file Expand all files Collapse all files

17
app/controllers/epp/base_controller.rb
View file

@ -1,5 +1,5 @@
module Epp
class BaseController < ActionController::Base
class BaseController < ApplicationController
class AuthorizationError < StandardError; end
skip_before_action :verify_authenticity_token
check_authorization
@ -303,16 +303,25 @@ module Epp
if request_command == 'login' && frame.present?
frame.gsub!(/pw>.+<\//, 'pw>[FILTERED]</')
end
trimmed_request = frame.gsub(/<eis:legalDocument([^>]+)>([^<])+<\/eis:legalDocument>/, "<eis:legalDocument>[FILTERED]</eis:legalDocument>") if frame.present?
if frame.present?
trimmed_request = frame.gsub(/<eis:legalDocument([^>]+)>([^<])+<\/eis:legalDocument>/,
"<eis:legalDocument>[FILTERED]</eis:legalDocument>")
end
ApiLog::EppLog.create({
request: trimmed_request,
request_command: request_command,
request_successful: epp_errors.empty?,
request_object: resource ? "#{params[:epp_object_type]}: #{resource.class} - #{resource.id} - #{resource.name}" : params[:epp_object_type],
request_object: if resource
"#{params[:epp_object_type]}: #{resource.class} - "\
"#{resource.id} - #{resource.name}"
else
params[:epp_object_type]
end,
response: @response,
api_user_name: @api_user.try(:username) || current_user.try(:username) || 'api-public',
api_user_registrar: @api_user.try(:registrar).try(:to_s) || current_user.try(:registrar).try(:to_s),
api_user_registrar: @api_user.try(:registrar).try(:to_s) ||
current_user.try(:registrar).try(:to_s),
ip: request.ip,
uuid: request.uuid
})

4
app/controllers/epp/domains_controller.rb
View file

@ -155,8 +155,8 @@ module Epp
end
def validate_update
if element_count('update > chg > registrant') > 0
requires 'extension > extdata > legalDocument' if current_user.legaldoc_mandatory?
if element_count('update > chg > registrant').positive? && current_user.legaldoc_mandatory?
requires 'extension > extdata > legalDocument'
end
@prefix = 'update > update >'

1
app/controllers/epp/polls_controller.rb
View file

@ -51,6 +51,7 @@ module Epp
end
handle_errors(@notification) and return unless @notification.mark_as_read
render_epp_response 'epp/poll/poll_ack'
end

48
app/controllers/epp/sessions_controller.rb
View file

@ -14,38 +14,31 @@ module Epp
webclient_request = ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip)
if webclient_request && !Rails.env.test? && !Rails.env.development?
client_md5 = Certificate.parse_md_from_string(request.env['HTTP_SSL_CLIENT_CERT'])
if ENV['cert_path'].blank?
raise 'webclient cert (cert_path) missing, registrar (r)epp disabled'
end
raise 'webclient cert (cert_path) missing, registrar (r)epp disabled' if ENV['cert_path'].blank?
server_md5 = Certificate.parse_md_from_string(File.read(ENV['cert_path']))
if client_md5 != server_md5
msg = 'Authentication error; server closing connection (certificate is not valid)'
epp_errors.add(:epp_errors,
msg: msg,
code: '2501')
msg: msg, code: '2501')
success = false
end
end
if !Rails.env.development? && (!webclient_request && @api_user)
unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
request.env['HTTP_SSL_CLIENT_S_DN_CN'])
msg = 'Authentication error; server closing connection (certificate is not valid)'
epp_errors.add(:epp_errors,
msg: msg,
code: '2501')
if !Rails.env.development? && (!webclient_request && @api_user) &&
!@api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
msg = 'Authentication error; server closing connection (certificate is not valid)'
epp_errors.add(:epp_errors,
msg: msg, code: '2501')
success = false
end
success = false
end
if success && !@api_user
msg = 'Authentication error; server closing connection (API user not found)'
epp_errors.add(:epp_errors,
msg: msg,
code: '2501')
msg: msg, code: '2501')
success = false
end
@ -53,8 +46,7 @@ module Epp
if success && !@api_user.try(:active)
msg = 'Authentication error; server closing connection (API user is not active)'
epp_errors.add(:epp_errors,
msg: msg,
code: '2501')
msg: msg, code: '2501')
success = false
end
@ -62,8 +54,7 @@ module Epp
if success && @api_user.cannot?(:create, :epp_login)
msg = 'Authentication error; server closing connection (API user does not have epp role)'
epp_errors.add(:epp_errors,
msg: msg,
code: '2501')
msg: msg, code: '2501')
success = false
end
@ -71,8 +62,7 @@ module Epp
if success && !ip_white?
msg = 'Authentication error; server closing connection (IP is not whitelisted)'
epp_errors.add(:epp_errors,
msg: msg,
code: '2501')
msg: msg, code: '2501')
success = false
end
@ -80,8 +70,7 @@ module Epp
if success && EppSession.limit_reached?(@api_user.registrar)
msg = 'Session limit exceeded; server closing connection (connection limit reached)'
epp_errors.add(:epp_errors,
msg: msg,
code: '2502')
msg: msg, code: '2502')
success = false
end
@ -99,8 +88,7 @@ module Epp
if already_authenticated
epp_errors.add(:epp_errors,
msg: 'Command use error; Already authenticated',
code: 2002)
msg: 'Command use error; Already authenticated', code: 2002)
handle_errors
return
end
@ -118,17 +106,15 @@ module Epp
def ip_white?
webclient_request = ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip)
return true if webclient_request
if @api_user
return false unless @api_user.registrar.api_ip_white?(request.ip)
end
return false if @api_user && !@api_user.registrar.api_ip_white?(request.ip)
true
end
def logout
unless signed_in?
epp_errors.add(:epp_errors,
code: 2201,
msg: 'Authorization error')
code: 2201, msg: 'Authorization error')
handle_errors
return
end