diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb index c68e60e09..951a55584 100644 --- a/app/controllers/epp/sessions_controller.rb +++ b/app/controllers/epp/sessions_controller.rb @@ -18,7 +18,7 @@ class Epp::SessionsController < EppController @api_user = ApiUser.find_by(login_params) end - if @api_user.try(:active) && cert_valid && ip_white? + if @api_user.try(:active) && cert_valid && ip_white? && connection_limit_ok? if parsed_frame.css('newPW').first unless @api_user.update(password: parsed_frame.css('newPW').first.text) response.headers['X-EPP-Returncode'] = '2200' @@ -27,6 +27,7 @@ class Epp::SessionsController < EppController end epp_session[:api_user_id] = @api_user.id + epp_session.update_column(:registrar_id, @api_user.registrar_id) render_epp_response('login_success') else response.headers['X-EPP-Returncode'] = '2200' @@ -45,12 +46,24 @@ class Epp::SessionsController < EppController true end + def connection_limit_ok? + c = EppSession.where( + 'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes + ).count + + if c >= 4 + @msg = t('connection_limit_reached') + return false + end + true + end + # rubocop: enable Metrics/PerceivedComplexity # rubocop: enable Metrics/CyclomaticComplexity def logout @api_user = current_user # cache current_user for logging - epp_session[:api_user_id] = nil + epp_session.destroy response.headers['X-EPP-Returncode'] = '1500' render_epp_response('logout') end diff --git a/app/models/epp_session.rb b/app/models/epp_session.rb index 816155f21..f051b50ed 100644 --- a/app/models/epp_session.rb +++ b/app/models/epp_session.rb @@ -1,8 +1,9 @@ class EppSession < ActiveRecord::Base before_save :marshal_data! + belongs_to :registrar # rubocop: disable Rails/ReadWriteAttribute - # Turned back to read_attribute, thus in Rails 4 + # Turned back to read_attribute, thus in Rails 4 # there is differences between self[:data] and read_attribute. def data @data ||= self.class.unmarshal(read_attribute(:data)) || {} diff --git a/config/locales/en.yml b/config/locales/en.yml index 33bf0d01b..dda56025d 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -797,3 +797,4 @@ en: registrant_domain_verification_rejected_failed: 'Something went wrong' ip_is_not_whitelisted: 'IP is not whitelisted' access_denied: 'Access denied' + connection_limit_reached: 'Connection limit reached' diff --git a/db/migrate/20150520164507_add_registrar_id_to_epp_session.rb b/db/migrate/20150520164507_add_registrar_id_to_epp_session.rb new file mode 100644 index 000000000..2eaf1434c --- /dev/null +++ b/db/migrate/20150520164507_add_registrar_id_to_epp_session.rb @@ -0,0 +1,5 @@ +class AddRegistrarIdToEppSession < ActiveRecord::Migration + def change + add_column :epp_sessions, :registrar_id, :integer + end +end diff --git a/db/schema.rb b/db/schema.rb index f35a9555d..d4a2806b3 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150519144118) do +ActiveRecord::Schema.define(version: 20150520164507) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -317,6 +317,7 @@ ActiveRecord::Schema.define(version: 20150519144118) do t.text "data" t.datetime "created_at" t.datetime "updated_at" + t.integer "registrar_id" end add_index "epp_sessions", ["session_id"], name: "index_epp_sessions_on_session_id", unique: true, using: :btree