From 647413b9be34e3dbd2a70da4791206bb48dea757 Mon Sep 17 00:00:00 2001
From: Alex Sherman <yul.golem@gmail.com>
Date: Fri, 16 Apr 2021 17:47:06 +0500
Subject: [PATCH] Fix epp auth if registrant changed on disputed domain

---
 app/interactions/actions/domain_update.rb     |  4 +-
 .../epp/domain/update/base_test.rb            | 46 ++++++++++++++++++-
 2 files changed, 46 insertions(+), 4 deletions(-)

diff --git a/app/interactions/actions/domain_update.rb b/app/interactions/actions/domain_update.rb
index 7da22e539..5165a68c8 100644
--- a/app/interactions/actions/domain_update.rb
+++ b/app/interactions/actions/domain_update.rb
@@ -209,9 +209,9 @@ module Actions
     end
 
     def verify_registrant_change?
-      return if !@changes_registrant || params[:registrant][:verified] == true
-      return true unless domain.disputed?
       return validate_dispute_case if params[:reserved_pw]
+      return false if !@changes_registrant || params[:registrant][:verified] == true
+      return true unless domain.disputed?
 
       domain.add_epp_error('2304', nil, nil, 'Required parameter missing; reservedpw element ' \
                            'required for dispute domains')
diff --git a/test/integration/epp/domain/update/base_test.rb b/test/integration/epp/domain/update/base_test.rb
index cf3ee7fe9..1a43667ae 100644
--- a/test/integration/epp/domain/update/base_test.rb
+++ b/test/integration/epp/domain/update/base_test.rb
@@ -301,7 +301,7 @@ class EppDomainUpdateBaseTest < EppTestCase
     current = @domain.registrant
     new_registrant = contacts(:william)
     new_registrant.update(
-                          ident: current.ident, 
+                          ident: current.ident,
                           ident_type: current.ident_type,
                           ident_country_code: current.ident_country_code
                           )
@@ -331,7 +331,7 @@ class EppDomainUpdateBaseTest < EppTestCase
     headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
     @domain.reload
 
-    # NOTE: completed_successfully_action_pending 
+    # NOTE: completed_successfully_action_pending
     assert_epp_response :completed_successfully
     refute_includes @domain.statuses, DomainStatus::PENDING_UPDATE
 
@@ -414,6 +414,48 @@ class EppDomainUpdateBaseTest < EppTestCase
     assert_no_emails
   end
 
+  def test_dispute_password_mandatory_when_registrant_changed
+    Setting.request_confirmation_on_registrant_change_enabled = true
+    dispute = disputes(:expired)
+    dispute.update!(starts_at: Time.zone.now, expires_at: Time.zone.now + 5.days, closed: nil)
+    new_registrant = contacts(:william)
+
+    assert @domain.disputed?
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <update>
+            <domain:update xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+              <domain:name>#{@domain.name}</domain:name>
+                <domain:chg>
+                  <domain:registrant verified="yes">#{new_registrant.code}</domain:registrant>
+                </domain:chg>
+            </domain:update>
+          </update>
+          <extension>
+            <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
+              <eis:reserved>
+                <eis:pw>'123456'</eis:pw>
+              </eis:reserved>
+            </eis:extdata>
+          </extension>
+        </command>
+      </epp>
+    XML
+
+    post epp_update_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+    @domain.reload
+
+    assert_epp_response :invalid_authorization_information
+    assert_not_equal new_registrant, @domain.registrant
+    assert @domain.disputed?
+    assert_no_emails
+  end
+
   def test_skips_verification_when_disabled
     Setting.request_confirmation_on_registrant_change_enabled = false
     new_registrant = contacts(:william).becomes(Registrant)