From 64d35a864f840ea4db72f5e9af047c1b4a4b3fbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karl=20Erik=20=C3=95unapuu?= Date: Thu, 12 Nov 2020 11:19:16 +0200 Subject: [PATCH] Add delete action to confirmations API endpoint --- .../api/v1/registrant/confirms_controller.rb | 49 +++++++++++++------ app/mailers/domain_delete_mailer.rb | 2 +- app/mailers/registrant_change_mailer.rb | 7 ++- config/routes.rb | 4 +- 4 files changed, 44 insertions(+), 18 deletions(-) diff --git a/app/controllers/api/v1/registrant/confirms_controller.rb b/app/controllers/api/v1/registrant/confirms_controller.rb index 712df6bc1..b04a72449 100644 --- a/app/controllers/api/v1/registrant/confirms_controller.rb +++ b/app/controllers/api/v1/registrant/confirms_controller.rb @@ -6,7 +6,7 @@ module Api class ConfirmsController < ::Api::V1::Registrant::BaseController skip_before_action :authenticate, :set_paper_trail_whodunnit before_action :set_domain, only: %i[index update] - before_action :verify_updateable, only: %i[index update] + before_action :verify_action, only: %i[index update] before_action :verify_decision, only: %i[update] def index @@ -21,7 +21,10 @@ module Api verification = RegistrantVerification.new(domain_id: @domain.id, verification_token: verify_params[:token]) - head(:bad_request) and return unless update_action(verification) + unless delete_action? ? delete_action(verification) : change_action(verification) + head :bad_request + return + end render json: { domain_name: @domain.name, @@ -32,21 +35,28 @@ module Api private - def current_registrant - changes_registrant? ? @domain.registrant : @domain.pending_registrant + def initiator + "email link, #{I18n.t(:user_not_authenticated)}" end - def changes_registrant? + def current_registrant + approved? ? @domain.registrant : @domain.pending_registrant + end + + def approved? params[:decision] == 'confirmed' end - def update_action(verification) - initiator = "email link, #{I18n.t(:user_not_authenticated)}" - if changes_registrant? - verification.domain_registrant_change_confirm!(initiator) - else - verification.domain_registrant_change_reject!(initiator) - end + def change_action(verification) + return verification.domain_registrant_change_confirm!(initiator) if approved? + + verification.domain_registrant_change_reject!(initiator) + end + + def delete_action(verification) + return verification.domain_registrant_delete_confirm!(initiator) if approved? + + verification.domain_registrant_delete_reject!(initiator) end def serialized_registrant(registrant) @@ -59,11 +69,18 @@ module Api def verify_params params do |p| + p.require(:template) p.require(:name) p.require(:token) end end + def delete_action? + return true if params[:template] == 'delete' + + false + end + def verify_decision return if %w[confirmed rejected].include?(params[:decision]) @@ -78,8 +95,12 @@ module Api render json: { error: 'Domain not found' }, status: :not_found end - def verify_updateable - return if @domain.registrant_update_confirmable?(verify_params[:token]) + def verify_action + if params[:template] == 'change' + return true if @domain.registrant_update_confirmable?(verify_params[:token]) + elsif params[:template] == 'delete' + return true if @domain.registrant_delete_confirmable?(verify_params[:token]) + end render json: { error: 'Application expired or not found' }, status: :unauthorized end diff --git a/app/mailers/domain_delete_mailer.rb b/app/mailers/domain_delete_mailer.rb index c4190fe14..8e2b1a341 100644 --- a/app/mailers/domain_delete_mailer.rb +++ b/app/mailers/domain_delete_mailer.rb @@ -57,7 +57,7 @@ class DomainDeleteMailer < ApplicationMailer if base_url.blank? registrant_domain_delete_confirm_url(domain, token: domain.registrant_verification_token) else - "#{base_url}/confirmation/#{domain.name_puny}/#{domain.registrant_verification_token}" + "#{base_url}/confirmation/#{domain.name_puny}/delete/#{domain.registrant_verification_token}" end end diff --git a/app/mailers/registrant_change_mailer.rb b/app/mailers/registrant_change_mailer.rb index ff3cfa18e..3e97f4b86 100644 --- a/app/mailers/registrant_change_mailer.rb +++ b/app/mailers/registrant_change_mailer.rb @@ -50,7 +50,12 @@ class RegistrantChangeMailer < ApplicationMailer private def confirmation_url(domain) - registrant_domain_update_confirm_url(domain, token: domain.registrant_verification_token) + base_url = ENV['registrant_portal_verifications_base_url'] + if base_url.blank? + registrant_domain_update_confirm_url(domain, token: domain.registrant_verification_token) + else + "#{base_url}/confirmation/#{domain.name_puny}/change/#{domain.registrant_verification_token}" + end end def address_processing diff --git a/config/routes.rb b/config/routes.rb index 7061f125f..440c9c05e 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -56,8 +56,8 @@ Rails.application.routes.draw do namespace :v1 do namespace :registrant do post 'auth/eid', to: 'auth#eid' - get 'confirms/:name/:token', to: 'confirms#index', constraints: { name: /[^\/]+/ } - post 'confirms/:name/:token/:decision', to: 'confirms#update', constraints: { name: /[^\/]+/ } + get 'confirms/:name/:template/:token', to: 'confirms#index', constraints: { name: /[^\/]+/ } + post 'confirms/:name/:template/:token/:decision', to: 'confirms#update', constraints: { name: /[^\/]+/ } resources :domains, only: %i[index show], param: :uuid do resource :registry_lock, only: %i[create destroy]