From c9ebdbeb40e1f4377e30ee5ca0cdf733ead11554 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karl=20Erik=20=C3=95unapuu?= Date: Tue, 17 Nov 2020 14:40:18 +0200 Subject: [PATCH 1/3] EPP: Hide name from contactInfo if no auth provided --- app/views/epp/contacts/info.xml.builder | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/views/epp/contacts/info.xml.builder b/app/views/epp/contacts/info.xml.builder index 1945e7def..4874080e8 100644 --- a/app/views/epp/contacts/info.xml.builder +++ b/app/views/epp/contacts/info.xml.builder @@ -14,7 +14,11 @@ xml.epp_head do end xml.tag!('contact:postalInfo', type: 'int') do - xml.tag!('contact:name', @contact.name) + if can? :view_full_info, @contact, @password + xml.tag!('contact:name', @contact.name) + else + xml.tag!('contact:name', 'No access') + end if can? :view_full_info, @contact, @password xml.tag!('contact:org', @contact.org_name) if @contact.org_name.present? From a747464f3d8d076aaebce2246111c4d47e370c3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karl=20Erik=20=C3=95unapuu?= Date: Tue, 17 Nov 2020 16:16:27 +0200 Subject: [PATCH 2/3] Don't show contact name if not viewed by sponsoring registrar --- app/views/registrar/domains/partials/_contacts.haml | 2 +- app/views/registrar/domains/partials/_general.html.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/registrar/domains/partials/_contacts.haml b/app/views/registrar/domains/partials/_contacts.haml index 48d1ac21f..e6ef9aa8f 100644 --- a/app/views/registrar/domains/partials/_contacts.haml +++ b/app/views/registrar/domains/partials/_contacts.haml @@ -13,5 +13,5 @@ - registrant = Contact.find_by_code(x.text) %tr %td= x['type'] - %td= registrant.name + %td= registrant.registrar == current_registrar_user.registrar ? registrant.name : 'N/A' %td= x.text diff --git a/app/views/registrar/domains/partials/_general.html.erb b/app/views/registrar/domains/partials/_general.html.erb index 3fb3a5df8..ff064857c 100644 --- a/app/views/registrar/domains/partials/_general.html.erb +++ b/app/views/registrar/domains/partials/_general.html.erb @@ -23,7 +23,7 @@ <% registrant = Contact.find_by_code(@data.css('registrant').text) %>
<%= t('.registrant') %>
-
<%= "#{registrant.name} (#{@data.css('registrant').text})" %>
+
<%= registrant.registrar == current_registrar_user.registrar ? "#{registrant.name} (#{@data.css('registrant').text})" : @data.css('registrant').text %>
<%= t('.registered') %>
<%= @data.css('crDate').text %>
From c7d64dce37c3dc5498c142a07e6963bbcab9b829 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karl=20Erik=20=C3=95unapuu?= Date: Wed, 18 Nov 2020 13:08:28 +0200 Subject: [PATCH 3/3] EPP contactInfo: add test for name masking --- test/integration/epp/contact/info/base_test.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/integration/epp/contact/info/base_test.rb b/test/integration/epp/contact/info/base_test.rb index 80dad97e8..4e4a9190e 100644 --- a/test/integration/epp/contact/info/base_test.rb +++ b/test/integration/epp/contact/info/base_test.rb @@ -44,7 +44,7 @@ class EppContactInfoBaseTest < EppTestCase contact: xml_schema).text end - def test_hides_password_when_current_registrar_is_not_sponsoring + def test_hides_password_and_name_when_current_registrar_is_not_sponsoring non_sponsoring_registrar = registrars(:goodnames) @contact.update!(registrar: non_sponsoring_registrar) @@ -70,6 +70,7 @@ class EppContactInfoBaseTest < EppTestCase assert_epp_response :completed_successfully response_xml = Nokogiri::XML(response.body) assert_nil response_xml.at_xpath('//contact:authInfo', contact: xml_schema) + assert_equal 'No access', response_xml.at_xpath('//contact:name', contact: xml_schema).text end private