Merge branch 'master' of github.com:domify/registry

CHANGELOG.md

@@ -1,3 +1,6 @@
+20.07.2015
+* New syntax for setting webclient IP-s (see config/application-example.yml)
+
 14.07.2015
 
 * Updated que init script doc example, now status and stop works faster

app/api/repp/api.rb

@@ -8,7 +8,8 @@ module Repp
     end
 
     before do
-      if request.ip != ENV['webclient_ip']
+      webclient_request = ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip)
+      unless webclient_request
         error! I18n.t('ip_is_not_whitelisted'), 401 unless @current_user.registrar.api_ip_white?(request.ip)
       end
 
@@ -20,7 +21,7 @@ module Repp
       message = 'Certificate mismatch! Cert common name should be:'
       request_name = env['HTTP_SSL_CLIENT_S_DN_CN']
 
-      if request.ip == ENV['webclient_ip']
+      if webclient_request
         webclient_cert_name = ENV['webclient_cert_common_name'] || 'webclient'
         error! "Webclient #{message} #{webclient_cert_name}", 401 if webclient_cert_name != request_name
       else

app/controllers/epp/domains_controller.rb

@@ -91,17 +91,12 @@ class Epp::DomainsController < EppController
     render_epp_response '/epp/domains/check'
   end
 
-  # rubocop: disable Metrics/MethodLength
   def renew
     authorize! :renew, @domain
 
-    period = params[:parsed_frame].css('period').text.presence || 1
-    period_unit = 'y'
-    period_element = params[:parsed_frame].css('period').first
-
-    if period_element.present? && period_element['unit'].present?
-      period_unit = period_element['unit']
-    end
+    period_element = params[:parsed_frame].css('period').text
+    period = (period_element.to_i == 0) ? 1 : period_element.to_i
+    period_unit = Epp::Domain.parse_period_unit_from_frame(params[:parsed_frame]) || 'y'
 
     ActiveRecord::Base.transaction do
       success = @domain.renew(
@@ -128,7 +123,6 @@ class Epp::DomainsController < EppController
       end
     end
   end
-  # rubocop: enable Metrics/MethodLength
 
   def transfer
     authorize! :transfer, @domain, @password
@@ -161,6 +155,8 @@ class Epp::DomainsController < EppController
     @prefix = nil
     requires 'extension > extdata > legalDocument'
 
+    optional_attribute 'period', 'unit', values: %w(d m y)
+
     status_editing_disabled
   end
 

app/controllers/epp/sessions_controller.rb

@@ -13,7 +13,8 @@ class Epp::SessionsController < EppController
     success = true
     @api_user = ApiUser.find_by(login_params)
 
-    if request.ip == ENV['webclient_ip'] && !Rails.env.test? && !Rails.env.development?
+    webclient_request = ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip)
+    if webclient_request && !Rails.env.test? && !Rails.env.development?
       client_md5 = Certificate.parse_md_from_string(request.env['HTTP_SSL_CLIENT_CERT'])
       server_md5 = Certificate.parse_md_from_string(File.read(ENV['cert_path']))
       if client_md5 != server_md5
@@ -26,7 +27,7 @@ class Epp::SessionsController < EppController
       end
     end
 
-    if request.ip != ENV['webclient_ip'] && @api_user
+    if !webclient_request && @api_user
       unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
         epp_errors << {
           msg: 'Authentication error; server closing connection (certificate is not valid)',
@@ -76,7 +77,7 @@ class Epp::SessionsController < EppController
     if success
       if parsed_frame.css('newPW').first
         unless @api_user.update(password: parsed_frame.css('newPW').first.text)
-          response.headers['X-EPP-Returncode'] = '2200'
+          response.headers['X-EPP-Returncode'] = '2500'
           handle_errors(@api_user) and return
         end
       end
@@ -85,7 +86,7 @@ class Epp::SessionsController < EppController
       epp_session.update_column(:registrar_id, @api_user.registrar_id)
       render_epp_response('login_success')
     else
-      response.headers['X-EPP-Returncode'] = '2200'
+      response.headers['X-EPP-Returncode'] = '2500'
       handle_errors
     end
   end
@@ -95,7 +96,8 @@ class Epp::SessionsController < EppController
   # rubocop: enable Metrics/CyclomaticComplexity
 
   def ip_white?
-    return true if request.ip == ENV['webclient_ip']
+    webclient_request = ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip)
+    return true if webclient_request
     if @api_user
       return false unless @api_user.registrar.api_ip_white?(request.ip)
     end

config/application-example.yml

@@ -4,7 +4,7 @@ app_name: '.EE Registry'
 zonefile_export_dir: 'export/zonefiles'
 bank_statement_import_dir: 'import/bank_statements'
 legal_documents_dir: 'import/legal_documents'
-time_zone: 'Tallinn' # more zones by rake time:zones:all  
+time_zone: 'Tallinn' # more zones by rake time:zones:all
 
 # New Relic app name, keep only current mode, remove other names.
 # Example: 'Admin, EPP, REPP' will have name 'Admin, EPP, REPP - production' at New Relic.
@@ -25,7 +25,7 @@ ca_key_path:  '/home/registry/registry/shared/ca/private/ca.key.pem'
 ca_key_password: 'your-root-key-password'
 
 # EPP server configuration
-webclient_ip: '127.0.0.1'
+webclient_ips: '127.0.0.1,0.0.0.0' #ips, separated with commas
 webclient_cert_common_name: 'webclient'
 # Contact epp will not accept org value by default
 # and returns 2306 "Parameter value policy error"
@@ -72,7 +72,7 @@ sk_digi_doc_service_name: 'EIS test'
 
 # Autotest config overwrites
 test:
-  webclient_ip: '127.0.0.1' # it should match to localhost ip address
+  webclient_ips: '127.0.0.1' # it should match to localhost ip address
   crl_dir:      '/var/lib/jenkins/workspace/registry/ca/crl'
   crl_path:     '/var/lib/jenkins/workspace/registry/ca/crl/crl.pem'
   ca_cert_path: '/var/lib/jenkins/workspace/registry/ca/certs/ca.crt.pem'

config/initializers/env_required.rb

@@ -7,7 +7,7 @@ required = %w(
   ca_cert_path
   ca_key_path
   ca_key_password
-  webclient_ip
+  webclient_ips
   legal_documents_dir
   bank_statement_import_dir
   time_zone

doc/certificates.md

@@ -100,7 +100,7 @@ Configure registry registry/shared/config/application.yml to match the CA settin
 
 Configure registry epp registry-epp/shared/config/application.yml:
 
-    webclient_ip: '54.154.91.240'
+    webclient_ips: '54.154.91.240'
 
 Configure EPP port 700 virtual host:
 

doc/epp/domain.md

@@ -18,6 +18,7 @@ Domain name mapping protocol short version:
         <domain:period>        0-1      Registration period for domain. 
                                         Must add up to 1 / 2 / 3 years.
                                         Attribute: unit="y/m/d"
+                                        Default is 1 year.
         <domain:registrant>    1        Contact reference to the registrant
                                           Attribute:
                                             "verified"  # optional, allowed values 'yes', 'no'

spec/epp/domain_spec.rb

@@ -435,6 +435,24 @@ describe 'EPP Domain', epp: true do
       a.activity_type = AccountActivity::CREATE
     end
 
+    it 'creates a domain without period' do
+      old_balance = @registrar1.balance
+      old_activities = @registrar1.cash_account.account_activities.count
+      xml = domain_create_xml(period: nil)
+
+      response = epp_plain_request(xml)
+      response[:msg].should == 'Command completed successfully'
+      response[:result_code].should == '1000'
+      Domain.last.valid_to.should be_within(60).of(1.years.since)
+      @registrar1.balance.should be < old_balance
+      @registrar1.cash_account.account_activities.count.should == old_activities + 1
+      a = @registrar1.cash_account.account_activities.last
+      a.description.should == "Create #{Domain.last.name}"
+      a.sum.should == -BigDecimal.new('10.0')
+      a.activity_type = AccountActivity::CREATE
+      a.log_pricelist_id.should == @pricelist_reg_1_year.id
+    end
+
     it 'does not create a domain with invalid period' do
       old_balance = @registrar1.balance
       old_activities = @registrar1.cash_account.account_activities.count
@@ -450,6 +468,24 @@ describe 'EPP Domain', epp: true do
       @registrar1.cash_account.account_activities.count.should == old_activities
     end
 
+    it 'does not create a domain with invalid period unit' do
+      xml = domain_create_xml({
+        period: { value: '1', attrs: { unit: '' } }
+      })
+
+      response = epp_plain_request(xml, validate_input: false)
+      response[:results][0][:msg].should == 'Attribute is invalid: unit'
+      response[:results][0][:result_code].should == '2306'
+
+      xml = domain_create_xml({
+        period: { value: '1', attrs: { unit: 'bla' } }
+      })
+
+      response = epp_plain_request(xml, validate_input: false)
+      response[:results][0][:msg].should == 'Attribute is invalid: unit'
+      response[:results][0][:result_code].should == '2306'
+    end
+
     it 'creates a domain with multiple dnskeys' do
       xml = domain_create_xml({}, {
         _anonymus: [

spec/requests/v1/account_spec.rb

@@ -2,7 +2,7 @@ require 'rails_helper'
 
 describe Repp::AccountV1 do
   it 'should fail without whitelisted IP' do
-    ENV['webclient_ip'] = '192.188.1.1'
+    ENV['webclient_ips'] = '192.188.1.1'
     @registrar1 = Fabricate(:registrar, white_ips: [Fabricate(:white_ip_registrar)])
     @api_user = Fabricate(:api_user, registrar: @registrar1)
 
@@ -11,7 +11,7 @@ describe Repp::AccountV1 do
     body = JSON.parse(response.body)
 
     body['error'].should == 'IP is not whitelisted'
-    ENV['webclient_ip'] = '127.0.0.1'
+    ENV['webclient_ips'] = '127.0.0.1'
   end
 
   context 'with valid registrar' do