Bypass validation on EPP domain:delete

#707
This commit is contained in:
Artur Beljajev 2018-02-15 17:46:09 +02:00
parent 4c30418f5e
commit 6c1342c957
6 changed files with 48 additions and 2 deletions

View file

@ -556,8 +556,6 @@ class Epp::Domain < Domain
end end
def epp_destroy(frame, user_id) def epp_destroy(frame, user_id)
return false unless valid?
check_discarded check_discarded
if doc = attach_legal_document(Epp::Domain.parse_legal_document_from_frame(frame)) if doc = attach_legal_document(Epp::Domain.parse_legal_document_from_frame(frame))

View file

@ -34,5 +34,6 @@ acme_ltd:
invalid: invalid:
name: any name: any
code: any code: any
email: invalid@invalid.test
auth_info: any auth_info: any
registrar: bestnames registrar: bestnames

View file

@ -12,3 +12,13 @@ library_john:
domain: library domain: library
contact: john contact: john
type: AdminDomainContact type: AdminDomainContact
invalid_invalid_admin:
domain: invalid
contact: invalid
type: AdminDomainContact
invalid_invalid_tech:
domain: invalid
contact: invalid
type: TechDomainContact

View file

@ -27,3 +27,9 @@ library:
valid_to: 2010-07-05 valid_to: 2010-07-05
period: 1 period: 1
period_unit: m period_unit: m
invalid:
name: invalid.test
transfer_code: any
registrar: bestnames
registrant: invalid

View file

@ -0,0 +1,27 @@
require 'test_helper'
class EppDomainDeleteTest < ActionDispatch::IntegrationTest
def test_bypasses_domain_and_registrant_and_contacts_validation
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<delete>
<domain:delete xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
<domain:name>invalid.test</domain:name>
</domain:delete>
</delete>
<extension>
<eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
<eis:legalDocument type="pdf">dGVzdCBmYWlsCg==</eis:legalDocument>
</eis:extdata>
</extension>
</command>
</epp>
XML
post '/epp/command/delete', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
assert_equal '1001', Nokogiri::XML(response.body).at_css('result')[:code]
assert_equal 1, Nokogiri::XML(response.body).css('result').size
end
end

View file

@ -8,4 +8,8 @@ class DomainTest < ActiveSupport::TestCase
def test_valid_fixture def test_valid_fixture
assert @domain.valid? assert @domain.valid?
end end
def test_invalid_fixture
assert domains(:invalid).invalid?
end
end end