From 546330b178f485e8bbdaef70e6f94617e1eae403 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karl=20Erik=20=C3=95unapuu?= <karlerik@kreative.ee>
Date: Tue, 23 Mar 2021 13:14:31 +0200
Subject: [PATCH] REPP: Add renew exp_date sanity check

---
 app/controllers/epp/domains_controller.rb            | 7 +------
 app/controllers/repp/v1/domains/renews_controller.rb | 3 ++-
 app/controllers/repp/v1/domains_controller.rb        | 4 ++--
 app/interactions/actions/domain_renew.rb             | 3 +++
 lib/deserializers/xml/domain.rb                      | 1 +
 lib/serializers/repp/domain.rb                       | 2 ++
 test/integration/repp/v1/domains/renews_test.rb      | 8 ++++----
 7 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/app/controllers/epp/domains_controller.rb b/app/controllers/epp/domains_controller.rb
index 80b7d8843..47a40857a 100644
--- a/app/controllers/epp/domains_controller.rb
+++ b/app/controllers/epp/domains_controller.rb
@@ -72,11 +72,11 @@ module Epp
 
     def renew
       authorize! :renew, @domain
-      return handle_errors(@domain) if invalid_expiry_date?
 
       registrar_id = current_user.registrar.id
       renew_params = ::Deserializers::Xml::Domain.new(params[:parsed_frame],
                                                       registrar_id).call
+
       action = Actions::DomainRenew.new(@domain, renew_params, current_user.registrar)
       if action.call
         render_epp_response '/epp/domains/renew'
@@ -228,11 +228,6 @@ module Epp
       statuses == [::DomainStatus::CLIENT_HOLD]
     end
 
-    def invalid_expiry_date?
-      @domain.validate_exp_dates(params[:parsed_frame].css('curExpDate').text)
-      @domain.errors[:epp_errors].any?
-    end
-
     def balance_ok?(operation, period = nil, unit = nil)
       @domain_pricelist = @domain.pricelist(operation, period.try(:to_i), unit)
       if @domain_pricelist.try(:price) # checking if price list is not found
diff --git a/app/controllers/repp/v1/domains/renews_controller.rb b/app/controllers/repp/v1/domains/renews_controller.rb
index eabd9ea16..c356d799a 100644
--- a/app/controllers/repp/v1/domains/renews_controller.rb
+++ b/app/controllers/repp/v1/domains/renews_controller.rb
@@ -11,6 +11,7 @@ module Repp
         param :renew, Hash, required: true, desc: 'Renew parameters' do
           param :period, Integer, required: true, desc: 'Renew period. Month (m) or year (y)'
           param :period_unit, String, required: true, desc: 'For how many months or years to renew'
+          param :exp_date, String, required: true, desc: 'Current expiry date for domain'
         end
         def create
           authorize!(:renew, @domain)
@@ -36,7 +37,7 @@ module Repp
         private
 
         def renew_params
-          params.permit(:domain_id, renew: %i[period period_unit])
+          params.permit(:domain_id, renew: %i[period period_unit exp_date])
         end
 
         def validate_renew_period
diff --git a/app/controllers/repp/v1/domains_controller.rb b/app/controllers/repp/v1/domains_controller.rb
index e83dfde4c..b058f4505 100644
--- a/app/controllers/repp/v1/domains_controller.rb
+++ b/app/controllers/repp/v1/domains_controller.rb
@@ -21,9 +21,9 @@ module Repp
       desc 'Get a specific domain'
       def show
         @domain = Epp::Domain.find_by!(name: params[:id])
-        sponsored = @domain.registrar == current_user.registrar
+        sponsor = @domain.registrar == current_user.registrar
         render_success(data: { domain: Serializers::Repp::Domain.new(@domain,
-                                                                     sponsored: sponsored).to_json })
+                                                                     sponsored: sponsor).to_json })
       end
 
       api :POST, '/repp/v1/domains'
diff --git a/app/interactions/actions/domain_renew.rb b/app/interactions/actions/domain_renew.rb
index 58e0662ae..66e29c940 100644
--- a/app/interactions/actions/domain_renew.rb
+++ b/app/interactions/actions/domain_renew.rb
@@ -16,11 +16,14 @@ module Actions
         domain.add_renew_epp_errors
         false
       else
+        domain.validate_exp_dates(params[:exp_date])
         renew
       end
     end
 
     def renew
+      return false if domain.errors[:epp_errors].any?
+
       task = Domains::BulkRenew::SingleDomainRenew.run(domain: domain,
                                                        period: params[:period],
                                                        unit: params[:period_unit],
diff --git a/lib/deserializers/xml/domain.rb b/lib/deserializers/xml/domain.rb
index e406a8de7..f06ec587a 100644
--- a/lib/deserializers/xml/domain.rb
+++ b/lib/deserializers/xml/domain.rb
@@ -29,6 +29,7 @@ module Deserializers
         {
           period: period.text.present? ? Integer(period.text) : 1,
           period_unit: period.first ? period.first[:unit] : 'y',
+          exp_date: if_present('curExpDate'),
         }
       end
 
diff --git a/lib/serializers/repp/domain.rb b/lib/serializers/repp/domain.rb
index 519a40456..60863373c 100644
--- a/lib/serializers/repp/domain.rb
+++ b/lib/serializers/repp/domain.rb
@@ -8,6 +8,7 @@ module Serializers
         @sponsored = sponsored
       end
 
+      # rubocop:disable Metrics/AbcSize
       def to_json(obj = domain)
         json = {
           name: obj.name, registrant: obj.registrant.code, created_at: obj.created_at,
@@ -19,6 +20,7 @@ module Serializers
         json[:transfer_code] = obj.auth_info if @sponsored
         json
       end
+      # rubocop:enable Metrics/AbcSize
 
       def contacts
         domain.domain_contacts.map { |c| { code: c.contact_code_cache, type: c.type } }
diff --git a/test/integration/repp/v1/domains/renews_test.rb b/test/integration/repp/v1/domains/renews_test.rb
index fdebc62bd..c3e73669a 100644
--- a/test/integration/repp/v1/domains/renews_test.rb
+++ b/test/integration/repp/v1/domains/renews_test.rb
@@ -15,7 +15,7 @@ class ReppV1DomainsRenewsTest < ActionDispatch::IntegrationTest
     travel_to Time.zone.parse('2010-07-05')
 
     @auth_headers['Content-Type'] = 'application/json'
-    payload = { renew: { period: 1, period_unit: 'y' } }
+    payload = { renew: { period: 1, period_unit: 'y', exp_date: original_valid_to } }
     post "/repp/v1/domains/#{@domain.name}/renew", headers: @auth_headers, params: payload.to_json
     json = JSON.parse(response.body, symbolize_names: true)
 
@@ -31,7 +31,7 @@ class ReppV1DomainsRenewsTest < ActionDispatch::IntegrationTest
     travel_to Time.zone.parse('2010-07-05')
 
     @auth_headers['Content-Type'] = 'application/json'
-    payload = { renew: { period: 100, period_unit: 'y' } }
+    payload = { renew: { period: 100, period_unit: 'y', exp_date: original_valid_to } }
     post "/repp/v1/domains/#{@domain.name}/renew", headers: @auth_headers, params: payload.to_json
     json = JSON.parse(response.body, symbolize_names: true)
 
@@ -48,14 +48,14 @@ class ReppV1DomainsRenewsTest < ActionDispatch::IntegrationTest
     days_to_renew_domain_before_expire.reload
 
     original_valid_to = @domain.valid_to
-    travel_to @domain.valid_to - 3.days 
+    travel_to @domain.valid_to - 3.days
 
     one_year = billing_prices(:renew_one_year)
     one_year.update(valid_from: @domain.valid_to - 5.days)
     one_year.reload
 
     @auth_headers['Content-Type'] = 'application/json'
-    payload = { renew: { period: 1, period_unit: 'y' } }
+    payload = { renew: { period: 1, period_unit: 'y', exp_date: original_valid_to } }
     post "/repp/v1/domains/#{@domain.name}/renew", headers: @auth_headers, params: payload.to_json
     json = JSON.parse(response.body, symbolize_names: true)