Add detailed error messages on EPP login #2716

2025-05-17 17:59:47 +02:00 · 2015-06-29 11:13:19 +03:00 · 2015-06-29 11:13:19 +03:00 · 533e3bc65c
commit 533e3bc65c
parent bb5870c30f
4 changed files with 33 additions and 17 deletions
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@ -7,17 +7,39 @@ class Epp::SessionsController < EppController

  # rubocop: disable Metrics/PerceivedComplexity
  # rubocop: disable Metrics/CyclomaticComplexity
+  # rubocop: disable Metrics/MethodLength
  def login
-    cert_valid = true
+    success = true
    @api_user = ApiUser.find_by(login_params)

    if request.ip != ENV['webclient_ip'] && @api_user
      unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
-        cert_valid = false
+        @msg = 'Authentication error; server closing connection (certificate is not valid)'
+        success = false
      end
    end

-    if @api_user.try(:active) && cert_valid && ip_white? && connection_limit_ok?
+    if success && !@api_user
+      @msg = 'Authentication error; server closing connection (API user not found)'
+      success = false
+    end
+
+    if success && !@api_user.try(:active)
+      @msg = 'Authentication error; server closing connection (API user is not active)'
+      success = false
+    end
+
+    if success && !ip_white?
+      @msg = 'Authentication error; server closing connection (IP is not whitelisted)'
+      success = false
+    end
+
+    if success && !connection_limit_ok?
+      @msg = 'Authentication error; server closing connection (connection limit reached)'
+      success = false
+    end
+
+    if success
      if parsed_frame.css('newPW').first
        unless @api_user.update(password: parsed_frame.css('newPW').first.text)
          response.headers['X-EPP-Returncode'] = '2200'
@ -33,14 +55,12 @@ class Epp::SessionsController < EppController
      render_epp_response('login_fail')
    end
  end
+  # rubocop: enable Metrics/MethodLength

  def ip_white?
    return true if request.ip == ENV['webclient_ip']
    if @api_user
-      unless @api_user.registrar.api_ip_white?(request.ip)
-        @msg = t('ip_is_not_whitelisted')
-        return false
-      end
+      return false unless @api_user.registrar.api_ip_white?(request.ip)
    end
    true
  end
@ -51,10 +71,7 @@ class Epp::SessionsController < EppController
      'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes
    ).count

-    if c >= 4
-      @msg = t('connection_limit_reached')
-      return false
-    end
+    return false if c >= 4
    true
  end

--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -807,10 +807,8 @@ en:
  domain_delete_confirmed_body: 'You have successfully submitted delete confirmation. You will receive registry final confirmation to email.'
  domain_delete_rejected_title: 'Domain deletion has been rejected successfully'
  domain_delete_rejected_body: 'You have rejected domain deletion.'
-  ip_is_not_whitelisted: 'IP is not whitelisted'
  no_permission: 'No permission'
  access_denied: 'Access denied'
-  connection_limit_reached: 'Connection limit reached'
  common_name: 'Common name'
  md5: 'Md5'
  interface: 'Interface'
@ -834,3 +832,4 @@ en:
  create_bank_statement: 'Create bank statement'
  create_bank_transaction: 'Create bank transaction'
  create_new_invoice: 'Create new invoice'
+  ip_is_not_whitelisted: 'IP is not whitelisted'
--- a/spec/epp/session_spec.rb
+++ b/spec/epp/session_spec.rb
@ -25,7 +25,7 @@ describe 'EPP Session', epp: true do
    it 'does not log in with invalid user' do
      wrong_user = @epp_xml.session.login(clID: { value: 'wrong-user' }, pw: { value: 'ghyt9e4fu' })
      response = epp_plain_request(wrong_user)
-      response[:msg].should == 'Authentication error; server closing connection'
+      response[:msg].should == 'Authentication error; server closing connection (API user not found)'
      response[:result_code].should == '2501'
      response[:clTRID].should == 'ABC-12345'
    end
@ -36,7 +36,7 @@ describe 'EPP Session', epp: true do

      inactive = @epp_xml.session.login(clID: { value: 'inactive-user' }, pw: { value: 'ghyt9e4fu' })
      response = epp_plain_request(inactive)
-      response[:msg].should == 'Authentication error; server closing connection'
+      response[:msg].should == 'Authentication error; server closing connection (API user is not active)'
      response[:result_code].should == '2501'
    end

--- a/spec/features/registrar/sessions_spec.rb
+++ b/spec/features/registrar/sessions_spec.rb
@ -114,7 +114,7 @@ feature 'Sessions', type: :feature do
      fill_in 'user_phone', with: '00007'
      click_button 'Log in'

-      page.should have_text('Check your phone for confirmation code')
+      page.should have_text('Confirmation sms was sent to your phone. Verification code is')
      page.should have_text('SIM application error')
    end

@ -143,7 +143,7 @@ feature 'Sessions', type: :feature do
      fill_in 'user_phone', with: '00007'
      click_button 'Log in'

-      page.should have_text('Check your phone for confirmation code')
+      page.should have_text('Confirmation sms was sent to your phone. Verification code is')
      page.should have_text('Welcome!')
    end