zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-12 15:44:45 +02:00
Code Issues Projects Releases Packages Wiki Activity

Handle anonymous user in EPP poll request

Browse source 
Unlike mod_epp, new EPP proxy (https://github.com/internetee/epp_proxy
passes through all valid requests even if a user is not logged in,
therefore we now need to handle such cases on registry app side.

#730
This commit is contained in:
Artur Beljajev 2019-09-03 13:22:52 +03:00 committed by Alex Sherman
parent fde323dd0e
commit 58b8c194bc
2 changed files with 16 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/epp/polls_controller.rb
View file

@ -1,8 +1,7 @@
module Epp module Epp
class PollsController < BaseController class PollsController < BaseController
skip_authorization_check # TODO: move authorization under ability
def poll def poll
authorize! :manage, :poll
req_poll if params[:parsed_frame].css('poll').first['op'] == 'req' req_poll if params[:parsed_frame].css('poll').first['op'] == 'req'
ack_poll if params[:parsed_frame].css('poll').first['op'] == 'ack' ack_poll if params[:parsed_frame].css('poll').first['op'] == 'ack'
end end

15
test/integration/epp/poll_test.rb
View file

@ -124,4 +124,19 @@ class EppPollTest < EppTestCase
assert_epp_response :object_does_not_exist assert_epp_response :object_does_not_exist
end end
def test_anonymous_user_cannot_access
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<poll op="req"/>
</command>
</epp>
XML
post '/epp/command/poll', { frame: request_xml }, 'HTTP_COOKIE' => 'session=non-existent'
assert_epp_response :authorization_error
end
end end