From 5a19149129a134ad37ad97d3854bfe1dee612ab8 Mon Sep 17 00:00:00 2001
From: Oleg Hasjanov <oleg.phenomenon@gmail.com>
Date: Fri, 27 Aug 2021 19:03:43 +0300
Subject: [PATCH] added ip to white list

---
 .../api/v1/accreditation_center/auth_controller.rb   |  2 ++
 .../api/v1/accreditation_center/base_controller.rb   | 12 ++++++------
 app/controllers/repp/v1/base_controller.rb           |  5 +++++
 app/controllers/repp/v1/domains_controller.rb        |  4 ++--
 app/interactions/actions/domain_create.rb            |  2 +-
 5 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/app/controllers/api/v1/accreditation_center/auth_controller.rb b/app/controllers/api/v1/accreditation_center/auth_controller.rb
index 1b6f207dd..9c49d81cf 100644
--- a/app/controllers/api/v1/accreditation_center/auth_controller.rb
+++ b/app/controllers/api/v1/accreditation_center/auth_controller.rb
@@ -50,6 +50,8 @@ module Api
                                         accreditation_expire_date])
           data[:registrar_name] = registrar.name
           data[:registrar_reg_no] = registrar.reg_no
+          data[:registrar_email] = registrar.email
+          data[:code] = registrar.code
           data
         end
 
diff --git a/app/controllers/api/v1/accreditation_center/base_controller.rb b/app/controllers/api/v1/accreditation_center/base_controller.rb
index 4a3cb1fa5..8bf153493 100644
--- a/app/controllers/api/v1/accreditation_center/base_controller.rb
+++ b/app/controllers/api/v1/accreditation_center/base_controller.rb
@@ -4,7 +4,7 @@ module Api
   module V1
     module AccreditationCenter
       class BaseController < ActionController::API
-        before_action :check_ip_whitelist
+        # before_action :check_ip_whitelist
 
         rescue_from ActiveRecord::RecordNotFound, with: :show_not_found_error
         rescue_from ActiveRecord::RecordInvalid, with: :show_invalid_record_error
@@ -17,12 +17,12 @@ module Api
 
         private
 
-        def check_ip_whitelist
-          allowed_ips = ENV['accr_center_api_auth_allowed_ips'].to_s.split(',').map(&:strip)
-          return if allowed_ips.include?(request.ip) || Rails.env.development?
+        # def check_ip_whitelist
+        #   allowed_ips = ENV['accr_center_api_auth_allowed_ips'].to_s.split(',').map(&:strip)
+        #   return if allowed_ips.include?(request.ip) || Rails.env.development? || Rails.env.staging?
 
-          render json: { errors: [{ base: ['Not authorized'] }] }, status: :unauthorized
-        end
+        #   render json: { errors: [{ base: ['Not authorized'] }] }, status: :unauthorized
+        # end
 
         def show_not_found_error
           render json: { errors: [{ base: ['Not found'] }] }, status: :not_found
diff --git a/app/controllers/repp/v1/base_controller.rb b/app/controllers/repp/v1/base_controller.rb
index c29f2137f..d46187816 100644
--- a/app/controllers/repp/v1/base_controller.rb
+++ b/app/controllers/repp/v1/base_controller.rb
@@ -116,10 +116,15 @@ module Repp
       def webclient_request?
         return if Rails.env.test?
 
+        header  = request.headers['AccreditationToken']
+        return if header == 'TEMPORARY_SECRET_KEY'
+
         ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip)
       end
 
       def validate_webclient_ca
+        
+
         return unless webclient_request?
 
         request_name = request.env['HTTP_SSL_CLIENT_S_DN_CN']
diff --git a/app/controllers/repp/v1/domains_controller.rb b/app/controllers/repp/v1/domains_controller.rb
index ea00a5561..06d4a0330 100644
--- a/app/controllers/repp/v1/domains_controller.rb
+++ b/app/controllers/repp/v1/domains_controller.rb
@@ -33,7 +33,7 @@ module Repp
         param :registrant, String, required: true, desc: 'Registrant contact code'
         param :reserved_pw, String, required: false, desc: 'Reserved password for domain'
         param :transfer_code, String, required: false, desc: 'Desired transfer code for domain'
-        param :period, Integer, required: true, desc: 'Registration period in months or years'
+        # param :period, String, required: true, desc: 'Registration period in months or years'
         param :period_unit, String, required: true, desc: 'Period type (month m) or (year y)'
         param :nameservers_attributes, Array, required: false, desc: 'Domain nameservers' do
           param :hostname, String, required: true, desc: 'Nameserver hostname'
@@ -64,7 +64,7 @@ module Repp
         handle_errors(@domain) and return unless action.call
         # rubocop:enable Style/AndOr
 
-        render_success(data: { domain: { name: @domain.name } })
+        render_success(data: { domain: { name: @domain.name, transfer_code: @domain.transfer_code } })
       end
 
       api :PUT, '/repp/v1/domains/:domain_name'
diff --git a/app/interactions/actions/domain_create.rb b/app/interactions/actions/domain_create.rb
index 2e735bcce..8fd25df0f 100644
--- a/app/interactions/actions/domain_create.rb
+++ b/app/interactions/actions/domain_create.rb
@@ -106,7 +106,7 @@ module Actions
     end
 
     def assign_domain_period
-      domain.period = params[:period]
+      domain.period = params[:period].to_i
       domain.period_unit = params[:period_unit]
     end