diff --git a/.codeclimate.yml b/.codeclimate.yml
index 21ab3742c..e33254023 100644
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@@ -1,5 +1,4 @@
----
-engines:
+plugins:
brakeman:
enabled: true
bundler-audit:
@@ -14,8 +13,6 @@ engines:
languages:
- ruby
- javascript
- - python
- - php
eslint:
enabled: true
fixme:
@@ -33,24 +30,9 @@ engines:
checks:
IrresponsibleModule:
enabled: false
-ratings:
- paths:
- - Gemfile.lock
- - "**.erb"
- - "**.haml"
- - "**.rb"
- - "**.rhtml"
- - "**.slim"
- - "**.css"
- - "**.coffee"
- - "**.inc"
- - "**.js"
- - "**.jsx"
- - "**.module"
- - "**.php"
- - "**.py"
-exclude_paths:
-- config/
-- db/
-- spec/
-- vendor/
+exclude_patterns:
+- "config/"
+- "db/"
+- "vendor/"
+- "spec/"
+- "test/"
diff --git a/.reek b/.reek
index 3bdfebb81..d9ea95353 100644
--- a/.reek
+++ b/.reek
@@ -34,7 +34,6 @@ UncommunicativeVariableName:
- Admin::SettingsController#create
- Epp::DomainsController#renew
- Epp::DomainsController#update
- - Epp::SessionsController#connection_limit_ok?
- Epp::SessionsController#login
- EppController
- EppController#create_full_selectors
@@ -172,7 +171,6 @@ DuplicateMethodCall:
- Epp::PollsController#ack_poll
- Epp::PollsController#poll
- Epp::PollsController#req_poll
- - Epp::SessionsController#connection_limit_ok?
- Epp::SessionsController#ip_white?
- Epp::SessionsController#login
- Epp::SessionsController#login_params
@@ -538,7 +536,6 @@ IrresponsibleModule:
- DomainStatus
- DomainTransfer
- Epp::Contact
- - EppSession
- Invoice
- InvoiceItem
- Keyrelay
@@ -960,7 +957,6 @@ FeatureEnvy:
- ActionDispatch::Flash#call
- Ransack::Adapters::ActiveRecord::Context#evaluate
- EppConstraint#matches?
- - Requests::SessionHelpers#sign_in_to_epp_area
TooManyMethods:
exclude:
- Epp::ContactsController
@@ -1027,7 +1023,6 @@ PrimaDonnaMethod:
- Contact
- Domain
- Epp::Domain
- - EppSession
- RegistrantVerification
- Registrar
BooleanParameter:
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index a9c491df9..7acf2bd1b 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -655,11 +655,6 @@ Performance/StringReplacement:
- 'app/models/directo.rb'
- 'app/models/dnskey.rb'
-# Offense count: 1
-Security/MarshalLoad:
- Exclude:
- - 'app/models/epp_session.rb'
-
# Offense count: 4
# Cop supports --auto-correct.
# Configuration parameters: EnforcedStyle, SupportedStyles.
diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb
index 1396a5b35..d5844500e 100644
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@@ -74,7 +74,7 @@ class Epp::SessionsController < EppController
success = false
end
- if success && !connection_limit_ok?
+ if success && EppSession.limit_reached?(@api_user.registrar)
epp_errors << {
msg: 'Authentication error; server closing connection (connection limit reached)',
code: '2501'
@@ -91,8 +91,10 @@ class Epp::SessionsController < EppController
end
end
- epp_session[:api_user_id] = @api_user.id
- epp_session.update_column(:registrar_id, @api_user.registrar_id)
+ epp_session = EppSession.new
+ epp_session.session_id = epp_session_id
+ epp_session.user = @api_user
+ epp_session.save!
render_epp_response('login_success')
else
response.headers['X-EPP-Returncode'] = '2500'
@@ -113,17 +115,16 @@ class Epp::SessionsController < EppController
true
end
- def connection_limit_ok?
- return true if Rails.env.test? || Rails.env.development?
- c = EppSession.where(
- 'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 1.second
- ).count
-
- return false if c >= 4
- true
- end
-
def logout
+ unless signed_in?
+ epp_errors << {
+ code: 2201,
+ msg: 'Authorization error'
+ }
+ handle_errors
+ return
+ end
+
@api_user = current_user # cache current_user for logging
epp_session.destroy
response.headers['X-EPP-Returncode'] = '1500'
diff --git a/app/controllers/epp_controller.rb b/app/controllers/epp_controller.rb
index 58f450147..eee6cef7a 100644
--- a/app/controllers/epp_controller.rb
+++ b/app/controllers/epp_controller.rb
@@ -4,11 +4,12 @@ class EppController < ApplicationController
protect_from_forgery with: :null_session
skip_before_action :verify_authenticity_token
+ before_action :ensure_session_id_passed
before_action :generate_svtrid
before_action :latin_only
before_action :validate_against_schema
before_action :validate_request
- before_action :update_epp_session
+ before_action :update_epp_session, if: 'signed_in?'
around_action :catch_epp_errors
@@ -86,41 +87,13 @@ class EppController < ApplicationController
@params_hash ||= Hash.from_xml(params[:frame]).with_indifferent_access
end
- # SESSION MANAGEMENT
def epp_session
- cookies # Probably does some initialization
- cookie = env['rack.request.cookie_hash'] || {}
- EppSession.find_or_initialize_by(session_id: cookie['session'])
- end
-
- def update_epp_session
- iptables_counter_update
- e_s = epp_session
- return if e_s.new_record?
-
- if !Rails.env.development? && (e_s.updated_at < Time.zone.now - 5.minutes)
- @api_user = current_user # cache current_user for logging
- e_s.destroy
- response.headers['X-EPP-Returncode'] = '1500'
-
- epp_errors << {
- msg: t('session_timeout'),
- code: '2201'
- }
-
- handle_errors and return
- else
- e_s.update_column(:updated_at, Time.zone.now)
- end
+ EppSession.find_by(session_id: epp_session_id)
end
def current_user
- @current_user ||= ApiUser.find_by_id(epp_session[:api_user_id])
- # by default PaperTrail uses before filter and at that
- # time current_user is not yet present
- ::PaperTrail.whodunnit = user_log_str(@current_user)
- ::PaperSession.session = epp_session.session_id if epp_session.session_id.present?
- @current_user
+ return unless signed_in?
+ epp_session.user
end
# ERROR + RESPONSE HANDLING
@@ -397,4 +370,42 @@ class EppController < ApplicationController
name = self.class.to_s.sub("Epp::","").sub("Controller","").underscore.singularize
instance_variable_get("@#{name}")
end
+
+ private
+
+ def signed_in?
+ epp_session
+ end
+
+ def epp_session_id
+ cookies[:session] # Passed by mod_epp https://github.com/mod-epp/mod-epp#requestscript-interface
+ end
+
+ def ensure_session_id_passed
+ raise 'EPP session id is empty' unless epp_session_id.present?
+ end
+
+ def update_epp_session
+ iptables_counter_update
+
+ if session_timeout_reached?
+ @api_user = current_user # cache current_user for logging
+ epp_session.destroy
+ response.headers['X-EPP-Returncode'] = '1500'
+
+ epp_errors << {
+ msg: t('session_timeout'),
+ code: '2201'
+ }
+
+ handle_errors and return
+ else
+ epp_session.update_column(:updated_at, Time.zone.now)
+ end
+ end
+
+ def session_timeout_reached?
+ timeout = 5.minutes
+ epp_session.updated_at < (Time.zone.now - timeout)
+ end
end
diff --git a/app/models/epp_session.rb b/app/models/epp_session.rb
index f051b50ed..dfd603fc4 100644
--- a/app/models/epp_session.rb
+++ b/app/models/epp_session.rb
@@ -1,36 +1,14 @@
class EppSession < ActiveRecord::Base
- before_save :marshal_data!
+ belongs_to :user, required: true
- belongs_to :registrar
- # rubocop: disable Rails/ReadWriteAttribute
- # Turned back to read_attribute, thus in Rails 4
- # there is differences between self[:data] and read_attribute.
- def data
- @data ||= self.class.unmarshal(read_attribute(:data)) || {}
- end
- # rubocop: enable Rails/ReadWriteAttribute
+ validates :session_id, uniqueness: true, presence: true
- def [](key)
- data[key.to_sym]
+ def self.limit_per_registrar
+ 4
end
- def []=(key, value)
- data[key.to_sym] = value
- save!
- end
-
- def marshal_data!
- self.data = self.class.marshal(data)
- end
-
- class << self
- def marshal(data)
- ::Base64.encode64(Marshal.dump(data)) if data
- end
-
- def unmarshal(data)
- return data unless data.is_a? String
- Marshal.load(::Base64.decode64(data)) if data
- end
+ def self.limit_reached?(registrar)
+ count = where(user_id: registrar.api_users.ids).where('updated_at >= ?', Time.zone.now - 1.second).count
+ count >= limit_per_registrar
end
end
diff --git a/app/views/epp/sessions/login_fail.xml.builder b/app/views/epp/sessions/login_fail.xml.builder
deleted file mode 100644
index 5e2e99162..000000000
--- a/app/views/epp/sessions/login_fail.xml.builder
+++ /dev/null
@@ -1,9 +0,0 @@
-xml.epp_head do
- xml.response do
- xml.result('code' => '2501') do
- xml.msg(@msg || 'Authentication error; server closing connection')
- end
-
- render('epp/shared/trID', builder: xml)
- end
-end
diff --git a/db/migrate/20180206213435_change_epp_sessions_session_id_to_not_null.rb b/db/migrate/20180206213435_change_epp_sessions_session_id_to_not_null.rb
new file mode 100644
index 000000000..887ef3cb4
--- /dev/null
+++ b/db/migrate/20180206213435_change_epp_sessions_session_id_to_not_null.rb
@@ -0,0 +1,5 @@
+class ChangeEppSessionsSessionIdToNotNull < ActiveRecord::Migration
+ def change
+ change_column_null :epp_sessions, :session_id, false
+ end
+end
diff --git a/db/migrate/20180206234620_add_epp_sessions_user_id.rb b/db/migrate/20180206234620_add_epp_sessions_user_id.rb
new file mode 100644
index 000000000..0e04a7f53
--- /dev/null
+++ b/db/migrate/20180206234620_add_epp_sessions_user_id.rb
@@ -0,0 +1,5 @@
+class AddEppSessionsUserId < ActiveRecord::Migration
+ def change
+ add_reference :epp_sessions, :user, foreign_key: true
+ end
+end
diff --git a/db/migrate/20180207071528_extract_user_id_from_epp_sessions_data.rb b/db/migrate/20180207071528_extract_user_id_from_epp_sessions_data.rb
new file mode 100644
index 000000000..24a5f25a6
--- /dev/null
+++ b/db/migrate/20180207071528_extract_user_id_from_epp_sessions_data.rb
@@ -0,0 +1,10 @@
+class ExtractUserIdFromEppSessionsData < ActiveRecord::Migration
+ def change
+ EppSession.all.each do |epp_session|
+ user_id = Marshal.load(::Base64.decode64(epp_session.data_before_type_cast))[:api_user_id]
+ user = ApiUser.find(user_id)
+ epp_session.user = user
+ epp_session.save!
+ end
+ end
+end
diff --git a/db/migrate/20180207072139_remove_epp_sessions_data.rb b/db/migrate/20180207072139_remove_epp_sessions_data.rb
new file mode 100644
index 000000000..90ec58740
--- /dev/null
+++ b/db/migrate/20180207072139_remove_epp_sessions_data.rb
@@ -0,0 +1,5 @@
+class RemoveEppSessionsData < ActiveRecord::Migration
+ def change
+ remove_column :epp_sessions, :data, :string
+ end
+end
diff --git a/db/migrate/20180212123810_remove_epp_sessions_registrar_id.rb b/db/migrate/20180212123810_remove_epp_sessions_registrar_id.rb
new file mode 100644
index 000000000..80e2a7056
--- /dev/null
+++ b/db/migrate/20180212123810_remove_epp_sessions_registrar_id.rb
@@ -0,0 +1,5 @@
+class RemoveEppSessionsRegistrarId < ActiveRecord::Migration
+ def change
+ remove_column :epp_sessions, :registrar_id, :integer
+ end
+end
diff --git a/db/migrate/20180212152810_add_epp_sessions_session_id_unique_constraint.rb b/db/migrate/20180212152810_add_epp_sessions_session_id_unique_constraint.rb
new file mode 100644
index 000000000..7eac99e63
--- /dev/null
+++ b/db/migrate/20180212152810_add_epp_sessions_session_id_unique_constraint.rb
@@ -0,0 +1,13 @@
+class AddEppSessionsSessionIdUniqueConstraint < ActiveRecord::Migration
+ def up
+ execute <<-SQL
+ ALTER TABLE epp_sessions ADD CONSTRAINT unique_session_id UNIQUE (session_id)
+ SQL
+ end
+
+ def down
+ execute <<-SQL
+ ALTER TABLE epp_sessions DROP CONSTRAINT unique_session_id
+ SQL
+ end
+end
diff --git a/db/migrate/20180212154731_remove_epp_sessions_session_id_unique_index.rb b/db/migrate/20180212154731_remove_epp_sessions_session_id_unique_index.rb
new file mode 100644
index 000000000..47fb20157
--- /dev/null
+++ b/db/migrate/20180212154731_remove_epp_sessions_session_id_unique_index.rb
@@ -0,0 +1,5 @@
+class RemoveEppSessionsSessionIdUniqueIndex < ActiveRecord::Migration
+ def change
+ remove_index :epp_sessions, name: :index_epp_sessions_on_session_id
+ end
+end
diff --git a/db/migrate/20180213183818_change_epp_sessions_user_id_to_not_null.rb b/db/migrate/20180213183818_change_epp_sessions_user_id_to_not_null.rb
new file mode 100644
index 000000000..fbe685b33
--- /dev/null
+++ b/db/migrate/20180213183818_change_epp_sessions_user_id_to_not_null.rb
@@ -0,0 +1,5 @@
+class ChangeEppSessionsUserIdToNotNull < ActiveRecord::Migration
+ def change
+ change_column_null :epp_sessions, :user_id, false
+ end
+end
diff --git a/db/structure.sql b/db/structure.sql
index c5ea5f5e7..881b1de36 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -1050,11 +1050,10 @@ ALTER SEQUENCE domains_id_seq OWNED BY domains.id;
CREATE TABLE epp_sessions (
id integer NOT NULL,
- session_id character varying,
- data text,
+ session_id character varying NOT NULL,
created_at timestamp without time zone,
updated_at timestamp without time zone,
- registrar_id integer
+ user_id integer NOT NULL
);
@@ -3635,6 +3634,14 @@ ALTER TABLE ONLY contacts
ADD CONSTRAINT unique_contact_code UNIQUE (code);
+--
+-- Name: unique_session_id; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace:
+--
+
+ALTER TABLE ONLY epp_sessions
+ ADD CONSTRAINT unique_session_id UNIQUE (session_id);
+
+
--
-- Name: unique_zone_origin; Type: CONSTRAINT; Schema: public; Owner: -; Tablespace:
--
@@ -3886,13 +3893,6 @@ CREATE INDEX index_domains_on_registrar_id ON domains USING btree (registrar_id)
CREATE INDEX index_domains_on_statuses ON domains USING gin (statuses);
---
--- Name: index_epp_sessions_on_session_id; Type: INDEX; Schema: public; Owner: -; Tablespace:
---
-
-CREATE UNIQUE INDEX index_epp_sessions_on_session_id ON epp_sessions USING btree (session_id);
-
-
--
-- Name: index_epp_sessions_on_updated_at; Type: INDEX; Schema: public; Owner: -; Tablespace:
--
@@ -4484,6 +4484,14 @@ ALTER TABLE ONLY domain_transfers
ADD CONSTRAINT fk_rails_87b8e40c63 FOREIGN KEY (domain_id) REFERENCES domains(id);
+--
+-- Name: fk_rails_adff2dc8e3; Type: FK CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY epp_sessions
+ ADD CONSTRAINT fk_rails_adff2dc8e3 FOREIGN KEY (user_id) REFERENCES users(id);
+
+
--
-- Name: fk_rails_b80dbb973d; Type: FK CONSTRAINT; Schema: public; Owner: -
--
@@ -5070,6 +5078,22 @@ INSERT INTO schema_migrations (version) VALUES ('20180126104536');
INSERT INTO schema_migrations (version) VALUES ('20180126104903');
+INSERT INTO schema_migrations (version) VALUES ('20180206213435');
+
+INSERT INTO schema_migrations (version) VALUES ('20180206234620');
+
+INSERT INTO schema_migrations (version) VALUES ('20180207071528');
+
+INSERT INTO schema_migrations (version) VALUES ('20180207072139');
+
+INSERT INTO schema_migrations (version) VALUES ('20180212123810');
+
+INSERT INTO schema_migrations (version) VALUES ('20180212152810');
+
+INSERT INTO schema_migrations (version) VALUES ('20180212154731');
+
+INSERT INTO schema_migrations (version) VALUES ('20180213183818');
+
INSERT INTO schema_migrations (version) VALUES ('20180214200224');
INSERT INTO schema_migrations (version) VALUES ('20180214213743');
diff --git a/doc/controllers_complete.svg b/doc/controllers_complete.svg
index 61ca0ec5f..68d02cf4a 100644
--- a/doc/controllers_complete.svg
+++ b/doc/controllers_complete.svg
@@ -71,7 +71,6 @@
Epp::SessionsController
-connection_limit_ok?
hello
ip_white?
login
@@ -681,7 +680,6 @@
render_epp_response
requires
requires_attribute
-update_epp_session
validate_request
write_to_epp_log
xml_attrs_present?
diff --git a/lib/tasks/dev.rake b/lib/tasks/dev.rake
index c624b3c95..f4b133ed1 100644
--- a/lib/tasks/dev.rake
+++ b/lib/tasks/dev.rake
@@ -49,9 +49,9 @@ namespace :dev do
account = create(:account, registrar: registrar, balance: 1_000_000)
api_user = create(:api_user, username: 'test', password: 'testtest', registrar: registrar)
- epp_session = build(:epp_session, registrar: registrar)
- epp_session[:api_user_id] = api_user.id
- epp_session.registrar_id = registrar.id
+ epp_session = EppSession.new
+ epp_session.session_id = 'test'
+ epp_session.user = api_user
epp_session.save!
domain_counter = 1.step
diff --git a/spec/factories/epp_session.rb b/spec/factories/epp_session.rb
index 96dd78da3..296368a92 100644
--- a/spec/factories/epp_session.rb
+++ b/spec/factories/epp_session.rb
@@ -1,5 +1,6 @@
FactoryBot.define do
factory :epp_session do
-
+ sequence(:session_id) { |n| "test#{n}" }
+ association :user, factory: :api_user
end
end
diff --git a/spec/models/epp_session.rb b/spec/models/epp_session.rb
deleted file mode 100644
index 484cd1345..000000000
--- a/spec/models/epp_session.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-require 'rails_helper'
-
-describe EppSession do
- let(:epp_session) { create(:epp_session) }
-
- it 'has marshalled data' do
- expect(epp_session.read_attribute(:data)).to_not be_blank
- expect(epp_session.read_attribute(:data).class).to eq(String)
- expect(epp_session.data.class).to eq(Hash)
- end
-
- it 'stores data' do
- expect(epp_session[:api_user_id]).to eq(1)
-
- epp_session[:api_user_id] = 3
- expect(epp_session[:api_user_id]).to eq(3)
-
- epp_session = EppSession.find_by(session_id: 'test')
- expect(epp_session[:api_user_id]).to eq(3)
- end
-end
diff --git a/spec/requests/epp/contact/create/ident_spec.rb b/spec/requests/epp/contact/create/ident_spec.rb
index e112e2618..5a9535187 100644
--- a/spec/requests/epp/contact/create/ident_spec.rb
+++ b/spec/requests/epp/contact/create/ident_spec.rb
@@ -1,11 +1,14 @@
require 'rails_helper'
RSpec.describe 'EPP contact:create' do
- let(:request) { post '/epp/command/create', frame: request_xml }
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
before do
Setting.address_processing = false
- sign_in_to_epp_area
+ login_as user
end
context 'when all ident params are valid' do
diff --git a/spec/requests/epp/contact/create/phone_spec.rb b/spec/requests/epp/contact/create/phone_spec.rb
index dd205de87..1b55f6407 100644
--- a/spec/requests/epp/contact/create/phone_spec.rb
+++ b/spec/requests/epp/contact/create/phone_spec.rb
@@ -2,7 +2,10 @@ require 'rails_helper'
require_relative '../shared/phone'
RSpec.describe 'EPP contact:create' do
- let(:request) { post '/epp/command/create', frame: request_xml }
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let(:request_xml) { <<-XML
@@ -27,7 +30,7 @@ RSpec.describe 'EPP contact:create' do
}
before do
- sign_in_to_epp_area
+ login_as user
allow(Contact).to receive(:address_processing?).and_return(false)
end
diff --git a/spec/requests/epp/contact/create_spec.rb b/spec/requests/epp/contact/create_spec.rb
index 0f03fd6ac..3d72e3eda 100644
--- a/spec/requests/epp/contact/create_spec.rb
+++ b/spec/requests/epp/contact/create_spec.rb
@@ -1,6 +1,9 @@
require 'rails_helper'
RSpec.describe 'EPP contact:create' do
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
let(:request_xml_with_address) { '
@@ -36,7 +39,7 @@ RSpec.describe 'EPP contact:create' do
subject(:address_saved) { Contact.last.attributes.slice(*Contact.address_attribute_names).compact.any? }
before do
- sign_in_to_epp_area
+ login_as user
end
context 'when address processing is enabled' do
@@ -46,17 +49,17 @@ RSpec.describe 'EPP contact:create' do
context 'with address' do
it 'returns epp code of 1000' do
- post '/epp/command/create', frame: request_xml_with_address
+ post '/epp/command/create', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1000')
end
it 'returns epp description' do
- post '/epp/command/create', frame: request_xml_with_address
+ post '/epp/command/create', { frame: request_xml_with_address}, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_description).to eq('Command completed successfully')
end
it 'saves address' do
- post '/epp/command/create', frame: request_xml_with_address
+ post '/epp/command/create', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(address_saved).to be_truthy
end
end
@@ -69,17 +72,17 @@ RSpec.describe 'EPP contact:create' do
context 'with address' do
it 'returns epp code of 1100' do
- post '/epp/command/create', frame: request_xml_with_address
+ post '/epp/command/create', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1100')
end
it 'returns epp description' do
- post '/epp/command/create', frame: request_xml_with_address
+ post '/epp/command/create', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_description).to eq('Command completed successfully; Postal address data discarded')
end
it 'does not save address' do
- post '/epp/command/create', frame: request_xml_with_address
+ post '/epp/command/create', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(address_saved).to be_falsey
end
end
@@ -110,12 +113,12 @@ RSpec.describe 'EPP contact:create' do
}
it 'returns epp code of 1000' do
- post '/epp/command/create', frame: request_xml_without_address
+ post '/epp/command/create', { frame: request_xml_without_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1000')
end
it 'returns epp description' do
- post '/epp/command/create', frame: request_xml_without_address
+ post '/epp/command/create', { frame: request_xml_without_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_description).to eq('Command completed successfully')
end
end
diff --git a/spec/requests/epp/contact/delete/used_spec.rb b/spec/requests/epp/contact/delete/used_spec.rb
index f6db6b65b..663065ca5 100644
--- a/spec/requests/epp/contact/delete/used_spec.rb
+++ b/spec/requests/epp/contact/delete/used_spec.rb
@@ -1,10 +1,11 @@
require 'rails_helper'
RSpec.describe 'EPP contact:delete' do
+ let(:session_id) { create(:epp_session, user: user).session_id }
let(:user) { create(:api_user, registrar: registrar) }
let(:registrar) { create(:registrar) }
let!(:registrant) { create(:registrant, registrar: registrar, code: 'TEST') }
- let(:request) { post '/epp/command/delete', frame: request_xml }
+ let(:request) { post '/epp/command/delete', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let(:request_xml) { <<-XML
@@ -20,7 +21,7 @@ RSpec.describe 'EPP contact:delete' do
}
before do
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when contact is used' do
diff --git a/spec/requests/epp/contact/info_spec.rb b/spec/requests/epp/contact/info_spec.rb
index d97a0373e..0468e097a 100644
--- a/spec/requests/epp/contact/info_spec.rb
+++ b/spec/requests/epp/contact/info_spec.rb
@@ -1,6 +1,9 @@
require 'rails_helper'
RSpec.describe 'EPP contact:update' do
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
let(:request_xml) { '
@@ -19,7 +22,7 @@ RSpec.describe 'EPP contact:update' do
.count }
before do
- sign_in_to_epp_area
+ login_as user
create(:contact, code: 'TEST')
end
@@ -29,12 +32,12 @@ RSpec.describe 'EPP contact:update' do
end
it 'returns epp code of 1000' do
- post '/epp/command/info', frame: request_xml
+ post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1000')
end
it 'returns address' do
- post '/epp/command/info', frame: request_xml
+ post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(address_count).to_not be_zero
end
end
@@ -45,12 +48,12 @@ RSpec.describe 'EPP contact:update' do
end
it 'returns epp code of 1000' do
- post '/epp/command/info', frame: request_xml
+ post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1000')
end
it 'does not return address' do
- post '/epp/command/info', frame: request_xml
+ post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(address_count).to be_zero
end
end
diff --git a/spec/requests/epp/contact/update/ident_spec.rb b/spec/requests/epp/contact/update/ident_spec.rb
index c93ba6390..ed42d129f 100644
--- a/spec/requests/epp/contact/update/ident_spec.rb
+++ b/spec/requests/epp/contact/update/ident_spec.rb
@@ -3,8 +3,11 @@ require 'rails_helper'
# https://github.com/internetee/registry/issues/576
RSpec.describe 'EPP contact:update' do
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
let(:ident) { contact.identifier }
- let(:request) { post '/epp/command/update', frame: request_xml }
+ let(:request) { post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let(:request_xml) { <<-XML
@@ -30,7 +33,7 @@ RSpec.describe 'EPP contact:update' do
}
before do
- sign_in_to_epp_area
+ login_as user
end
context 'when contact ident is valid' do
diff --git a/spec/requests/epp/contact/update/phone_spec.rb b/spec/requests/epp/contact/update/phone_spec.rb
index 452b80c5c..57109367d 100644
--- a/spec/requests/epp/contact/update/phone_spec.rb
+++ b/spec/requests/epp/contact/update/phone_spec.rb
@@ -2,8 +2,11 @@ require 'rails_helper'
require_relative '../shared/phone'
RSpec.describe 'EPP contact:update' do
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
let!(:contact) { create(:contact, code: 'TEST') }
- let(:request) { post '/epp/command/update', frame: request_xml }
+ let(:request) { post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let(:request_xml) { <<-XML
@@ -22,7 +25,7 @@ RSpec.describe 'EPP contact:update' do
}
before do
- sign_in_to_epp_area
+ login_as user
allow(Contact).to receive(:address_processing?).and_return(false)
end
diff --git a/spec/requests/epp/contact/update_spec.rb b/spec/requests/epp/contact/update_spec.rb
index a8be4c85d..c5344bae2 100644
--- a/spec/requests/epp/contact/update_spec.rb
+++ b/spec/requests/epp/contact/update_spec.rb
@@ -1,6 +1,9 @@
require 'rails_helper'
RSpec.describe 'EPP contact:update' do
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
let(:request_xml_with_address) { '
@@ -33,7 +36,7 @@ RSpec.describe 'EPP contact:update' do
subject(:response_description) { response_xml.css('result msg').text }
before do
- sign_in_to_epp_area
+ login_as user
create(:contact, code: 'TEST')
end
@@ -44,12 +47,12 @@ RSpec.describe 'EPP contact:update' do
context 'with address' do
it 'returns epp code of 1000' do
- post '/epp/command/update', frame: request_xml_with_address
+ post '/epp/command/update', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1000')
end
it 'returns epp description' do
- post '/epp/command/update', frame: request_xml_with_address
+ post '/epp/command/update', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_description).to eq('Command completed successfully')
end
end
@@ -62,12 +65,12 @@ RSpec.describe 'EPP contact:update' do
context 'with address' do
it 'returns epp code of 1100' do
- post '/epp/command/update', frame: request_xml_with_address
+ post '/epp/command/update', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1100')
end
it 'returns epp description' do
- post '/epp/command/update', frame: request_xml_with_address
+ post '/epp/command/update', { frame: request_xml_with_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_description).to eq('Command completed successfully; Postal address data discarded')
end
end
@@ -92,12 +95,12 @@ RSpec.describe 'EPP contact:update' do
}
it 'returns epp code of 1000' do
- post '/epp/command/update', frame: request_xml_without_address
+ post '/epp/command/update', { frame: request_xml_without_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1000')
end
it 'returns epp description' do
- post '/epp/command/update', frame: request_xml_without_address
+ post '/epp/command/update', { frame: request_xml_without_address }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_description).to eq('Command completed successfully')
end
end
diff --git a/spec/requests/epp/domain/create/account_balance_spec.rb b/spec/requests/epp/domain/create/account_balance_spec.rb
index 9c3905801..e27477b3a 100644
--- a/spec/requests/epp/domain/create/account_balance_spec.rb
+++ b/spec/requests/epp/domain/create/account_balance_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:create', settings: false do
- let(:request) { post '/epp/command/create', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:contact) { create(:contact, code: 'test') }
let!(:zone) { create(:zone, origin: 'test') }
@@ -36,7 +37,7 @@ RSpec.describe 'EPP domain:create', settings: false do
before :example do
travel_to Time.zone.parse('05.07.2010')
Setting.days_to_renew_domain_before_expire = 0
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when account balance is sufficient' do
diff --git a/spec/requests/epp/domain/create/default_period_spec.rb b/spec/requests/epp/domain/create/default_period_spec.rb
index 05a1ab73a..c4708f5cb 100644
--- a/spec/requests/epp/domain/create/default_period_spec.rb
+++ b/spec/requests/epp/domain/create/default_period_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:create', settings: false do
- let(:request) { post '/epp/command/create', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:contact) { create(:contact, code: 'test') }
let!(:zone) { create(:zone, origin: 'test') }
@@ -37,7 +38,7 @@ RSpec.describe 'EPP domain:create', settings: false do
before :example do
travel_to Time.zone.parse('05.07.2010 10:30')
Setting.days_to_renew_domain_before_expire = 0
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when period is absent' do
diff --git a/spec/requests/epp/domain/create/optional_nameserver_spec.rb b/spec/requests/epp/domain/create/optional_nameserver_spec.rb
index bf1550268..409307373 100644
--- a/spec/requests/epp/domain/create/optional_nameserver_spec.rb
+++ b/spec/requests/epp/domain/create/optional_nameserver_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:create', settings: false do
- let(:request) { post '/epp/command/create', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:registrar) { create(:registrar_with_unlimited_balance) }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:contact) { create(:contact, code: 'test') }
@@ -17,7 +18,7 @@ RSpec.describe 'EPP domain:create', settings: false do
before :example do
travel_to Time.zone.parse('05.07.2010')
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when nameserver is optional' do
diff --git a/spec/requests/epp/domain/create/period_spec.rb b/spec/requests/epp/domain/create/period_spec.rb
index 355ef7557..15f49d41f 100644
--- a/spec/requests/epp/domain/create/period_spec.rb
+++ b/spec/requests/epp/domain/create/period_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:create', settings: false do
- let(:request) { post '/epp/command/create', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:contact) { create(:contact, code: 'test') }
let!(:zone) { create(:zone, origin: 'test') }
@@ -10,7 +11,7 @@ RSpec.describe 'EPP domain:create', settings: false do
before :example do
travel_to Time.zone.parse('05.07.2010 10:30')
Setting.days_to_renew_domain_before_expire = 0
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when period is 3 months' do
diff --git a/spec/requests/epp/domain/create/price_spec.rb b/spec/requests/epp/domain/create/price_spec.rb
index 69439bb41..e065ba3bb 100644
--- a/spec/requests/epp/domain/create/price_spec.rb
+++ b/spec/requests/epp/domain/create/price_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:create', settings: false do
- let(:request) { post '/epp/command/create', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:contact) { create(:contact, code: 'test') }
let!(:zone) { create(:zone, origin: 'test') }
@@ -30,7 +31,7 @@ RSpec.describe 'EPP domain:create', settings: false do
before :example do
travel_to Time.zone.parse('05.07.2010')
Setting.days_to_renew_domain_before_expire = 0
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when price is present' do
diff --git a/spec/requests/epp/domain/create/required_nameserver_spec.rb b/spec/requests/epp/domain/create/required_nameserver_spec.rb
index 11b49aede..7657075b7 100644
--- a/spec/requests/epp/domain/create/required_nameserver_spec.rb
+++ b/spec/requests/epp/domain/create/required_nameserver_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:create', settings: false do
- let(:request) { post '/epp/command/create', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/create', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:registrar) { create(:registrar_with_unlimited_balance) }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:contact) { create(:contact, code: 'test') }
@@ -17,7 +18,7 @@ RSpec.describe 'EPP domain:create', settings: false do
before :example do
travel_to Time.zone.parse('05.07.2010')
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when nameserver is required' do
diff --git a/spec/requests/epp/domain/delete/discarded_spec.rb b/spec/requests/epp/domain/delete/discarded_spec.rb
index 99ec59267..55e74d965 100644
--- a/spec/requests/epp/domain/delete/discarded_spec.rb
+++ b/spec/requests/epp/domain/delete/discarded_spec.rb
@@ -1,6 +1,9 @@
require 'rails_helper'
RSpec.describe 'EPP domain:delete' do
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
let(:request_xml) { <<-XML
@@ -21,14 +24,14 @@ RSpec.describe 'EPP domain:delete' do
}
before :example do
- sign_in_to_epp_area
+ login_as user
end
context 'when domain is not discarded' do
let!(:domain) { create(:domain, name: 'test.com') }
it 'returns epp code of 1001' do
- post '/epp/command/delete', frame: request_xml
+ post '/epp/command/delete', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response).to have_code_of(1001)
end
end
@@ -37,7 +40,7 @@ RSpec.describe 'EPP domain:delete' do
let!(:domain) { create(:domain_discarded, name: 'test.com') }
it 'returns epp code of 2105' do
- post '/epp/command/delete', frame: request_xml
+ post '/epp/command/delete', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response).to have_code_of(2105)
end
end
diff --git a/spec/requests/epp/domain/renew/account_balance_spec.rb b/spec/requests/epp/domain/renew/account_balance_spec.rb
index 39f9eac02..98d088075 100644
--- a/spec/requests/epp/domain/renew/account_balance_spec.rb
+++ b/spec/requests/epp/domain/renew/account_balance_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:renew' do
- let(:request) { post '/epp/command/renew', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:zone) { create(:zone, origin: 'test') }
let!(:price) { create(:price,
@@ -16,7 +17,7 @@ RSpec.describe 'EPP domain:renew' do
before :example do
Setting.days_to_renew_domain_before_expire = 0
travel_to Time.zone.parse('05.07.2010')
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when account balance is sufficient' do
diff --git a/spec/requests/epp/domain/renew/default_period_spec.rb b/spec/requests/epp/domain/renew/default_period_spec.rb
index 70ab2d58d..fb4961e9d 100644
--- a/spec/requests/epp/domain/renew/default_period_spec.rb
+++ b/spec/requests/epp/domain/renew/default_period_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:renew', settings: false do
- let(:request) { post '/epp/command/renew', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:zone) { create(:zone, origin: 'test') }
let!(:registrar) { create(:registrar_with_unlimited_balance) }
@@ -37,7 +38,7 @@ RSpec.describe 'EPP domain:renew', settings: false do
before :example do
travel_to Time.zone.parse('05.07.2010')
Setting.days_to_renew_domain_before_expire = 0
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when period is absent' do
diff --git a/spec/requests/epp/domain/renew/expire_time_spec.rb b/spec/requests/epp/domain/renew/expire_time_spec.rb
index e656249ab..d2b6dce5f 100644
--- a/spec/requests/epp/domain/renew/expire_time_spec.rb
+++ b/spec/requests/epp/domain/renew/expire_time_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:renew' do
- let(:request) { post '/epp/command/renew', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:registrar) { create(:registrar_with_unlimited_balance) }
let!(:zone) { create(:zone, origin: 'test') }
@@ -17,7 +18,7 @@ RSpec.describe 'EPP domain:renew' do
before :example do
Setting.days_to_renew_domain_before_expire = 0
travel_to Time.zone.parse('05.07.2010')
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when given expire time and current match' do
diff --git a/spec/requests/epp/domain/renew/max_expire_time_spec.rb b/spec/requests/epp/domain/renew/max_expire_time_spec.rb
index 2a9a0c52c..5983fb02c 100644
--- a/spec/requests/epp/domain/renew/max_expire_time_spec.rb
+++ b/spec/requests/epp/domain/renew/max_expire_time_spec.rb
@@ -1,6 +1,7 @@
require 'rails_helper'
RSpec.describe 'EPP domain:renew' do
+ let(:session_id) { create(:epp_session, user: user).session_id }
let(:user) { create(:api_user_epp, registrar: registrar) }
let(:registrar) { create(:registrar_with_unlimited_balance) }
let!(:zone) { create(:zone, origin: 'test') }
@@ -19,7 +20,7 @@ RSpec.describe 'EPP domain:renew' do
before :example do
travel_to Time.zone.parse('05.07.2010')
Setting.days_to_renew_domain_before_expire = 0
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when domain can be renewed' do
@@ -45,12 +46,12 @@ RSpec.describe 'EPP domain:renew' do
}
it 'returns epp code of 1000' do
- post '/epp/command/renew', frame: request_xml
+ post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1000')
end
it 'returns epp description' do
- post '/epp/command/renew', frame: request_xml
+ post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_description).to eq('Command completed successfully')
end
end
@@ -78,12 +79,12 @@ RSpec.describe 'EPP domain:renew' do
}
it 'returns epp code of 2105' do
- post '/epp/command/renew', frame: request_xml
+ post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('2105')
end
it 'returns epp description' do
- post '/epp/command/renew', frame: request_xml
+ post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_description).to eq('Object is not eligible for renewal; ' \
'Expiration date must be before 2021-07-05')
end
diff --git a/spec/requests/epp/domain/renew/period_spec.rb b/spec/requests/epp/domain/renew/period_spec.rb
index 3523927eb..3704519ca 100644
--- a/spec/requests/epp/domain/renew/period_spec.rb
+++ b/spec/requests/epp/domain/renew/period_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:renew', settings: false do
- let(:request) { post '/epp/command/renew', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:zone) { create(:zone, origin: 'test') }
let!(:registrar) { create(:registrar_with_unlimited_balance) }
@@ -14,7 +15,7 @@ RSpec.describe 'EPP domain:renew', settings: false do
before :example do
travel_to Time.zone.parse('05.07.2010')
Setting.days_to_renew_domain_before_expire = 0
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when period is 3 months' do
diff --git a/spec/requests/epp/domain/renew/price_spec.rb b/spec/requests/epp/domain/renew/price_spec.rb
index 3b5139103..02603ca60 100644
--- a/spec/requests/epp/domain/renew/price_spec.rb
+++ b/spec/requests/epp/domain/renew/price_spec.rb
@@ -1,7 +1,8 @@
require 'rails_helper'
RSpec.describe 'EPP domain:renew', settings: false do
- let(:request) { post '/epp/command/renew', frame: request_xml }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/renew', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:user) { create(:api_user_epp, registrar: registrar) }
let!(:zone) { create(:zone, origin: 'test') }
let!(:registrar) { create(:registrar_with_unlimited_balance) }
@@ -29,7 +30,7 @@ RSpec.describe 'EPP domain:renew', settings: false do
before :example do
travel_to Time.zone.parse('05.07.2010')
Setting.days_to_renew_domain_before_expire = 0
- sign_in_to_epp_area(user: user)
+ login_as user
end
context 'when price is present' do
diff --git a/spec/requests/epp/domain/transfer/discarded_spec.rb b/spec/requests/epp/domain/transfer/discarded_spec.rb
index 51f65c641..26596d993 100644
--- a/spec/requests/epp/domain/transfer/discarded_spec.rb
+++ b/spec/requests/epp/domain/transfer/discarded_spec.rb
@@ -1,6 +1,9 @@
require 'rails_helper'
RSpec.describe 'EPP domain:transfer' do
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
let(:request_xml) { <<-XML
@@ -19,14 +22,14 @@ RSpec.describe 'EPP domain:transfer' do
}
before :example do
- sign_in_to_epp_area
+ login_as user
end
context 'when domain is not discarded' do
let!(:domain) { create(:domain, name: 'test.com') }
it 'returns epp code of 1000' do
- post '/epp/command/transfer', frame: request_xml
+ post '/epp/command/transfer', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response).to have_code_of(1000)
end
end
@@ -35,7 +38,7 @@ RSpec.describe 'EPP domain:transfer' do
let!(:domain) { create(:domain_discarded, name: 'test.com') }
it 'returns epp code of 2105' do
- post '/epp/command/transfer', frame: request_xml
+ post '/epp/command/transfer', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response).to have_code_of(2105)
end
end
diff --git a/spec/requests/epp/domain/update/discarded_spec.rb b/spec/requests/epp/domain/update/discarded_spec.rb
index 14ff1c743..4a31b7d10 100644
--- a/spec/requests/epp/domain/update/discarded_spec.rb
+++ b/spec/requests/epp/domain/update/discarded_spec.rb
@@ -1,6 +1,9 @@
require 'rails_helper'
RSpec.describe 'EPP domain:update' do
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
let(:request_xml) { <<-XML
@@ -16,14 +19,14 @@ RSpec.describe 'EPP domain:update' do
}
before :example do
- sign_in_to_epp_area
+ login_as user
end
context 'when domain is not discarded' do
let!(:domain) { create(:domain, name: 'test.com') }
it 'returns epp code of 1000' do
- post '/epp/command/update', frame: request_xml
+ post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response).to have_code_of(1000)
end
end
@@ -32,7 +35,7 @@ RSpec.describe 'EPP domain:update' do
let!(:domain) { create(:domain_discarded, name: 'test.com') }
it 'returns epp code of 2105' do
- post '/epp/command/update', frame: request_xml
+ post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response).to have_code_of(2105)
end
end
diff --git a/spec/requests/epp/domain/update/nameserver_add_spec.rb b/spec/requests/epp/domain/update/nameserver_add_spec.rb
index d6f886932..2acc462f6 100644
--- a/spec/requests/epp/domain/update/nameserver_add_spec.rb
+++ b/spec/requests/epp/domain/update/nameserver_add_spec.rb
@@ -1,13 +1,16 @@
require 'rails_helper'
RSpec.describe 'EPP domain:update' do
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
let!(:domain) { create(:domain, name: 'test.com') }
subject(:response_xml) { Nokogiri::XML(response.body) }
subject(:response_code) { response_xml.xpath('//xmlns:result').first['code'] }
subject(:response_description) { response_xml.css('result msg').text }
before :example do
- sign_in_to_epp_area
+ login_as user
allow(Domain).to receive(:nameserver_required?).and_return(false)
Setting.ns_min_count = 2
@@ -37,12 +40,12 @@ RSpec.describe 'EPP domain:update' do
}
it 'returns epp code of 2308' do
- post '/epp/command/update', frame: request_xml
+ post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('2308'), "Expected EPP code of 2308, got #{response_code} (#{response_description})"
end
it 'returns epp description' do
- post '/epp/command/update', frame: request_xml
+ post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
description = 'Data management policy violation;' \
" Nameserver count must be between #{Setting.ns_min_count}-#{Setting.ns_max_count}" \
@@ -78,12 +81,12 @@ RSpec.describe 'EPP domain:update' do
}
it 'returns epp code of 1000' do
- post '/epp/command/update', frame: request_xml
+ post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1000'), "Expected EPP code of 1000, got #{response_code} (#{response_description})"
end
it 'removes inactive status' do
- post '/epp/command/update', frame: request_xml
+ post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
domain = Domain.find_by(name: 'test.com')
expect(domain.statuses).to_not include(DomainStatus::INACTIVE)
diff --git a/spec/requests/epp/domain/update/nameserver_remove_spec.rb b/spec/requests/epp/domain/update/nameserver_remove_spec.rb
index 5ecc2f29a..129d1ce55 100644
--- a/spec/requests/epp/domain/update/nameserver_remove_spec.rb
+++ b/spec/requests/epp/domain/update/nameserver_remove_spec.rb
@@ -1,13 +1,15 @@
require 'rails_helper'
RSpec.describe 'EPP domain:update' do
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
subject(:response_xml) { Nokogiri::XML(response.body) }
subject(:response_code) { response_xml.xpath('//xmlns:result').first['code'] }
subject(:response_description) { response_xml.css('result msg').text }
before :example do
- sign_in_to_epp_area
-
+ login_as user
allow(Domain).to receive(:nameserver_required?).and_return(false)
end
@@ -43,12 +45,12 @@ RSpec.describe 'EPP domain:update' do
end
it 'returns epp code of 2308' do
- post '/epp/command/update', frame: request_xml
+ post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('2308'), "Expected EPP code of 2308, got #{response_code} (#{response_description})"
end
it 'returns epp description' do
- post '/epp/command/update', frame: request_xml
+ post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
description = 'Data management policy violation;' \
" Nameserver count must be between #{Setting.ns_min_count}-#{Setting.ns_max_count}" \
@@ -91,13 +93,13 @@ RSpec.describe 'EPP domain:update' do
end
it 'returns epp code of 1000' do
- post '/epp/command/update', frame: request_xml
+ post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
expect(response_code).to eq('1000'), "Expected EPP code of 1000, got #{response_code} (#{response_description})"
end
describe 'domain' do
it 'has status of inactive' do
- post '/epp/command/update', frame: request_xml
+ post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}"
domain = Domain.find_by(name: 'test.com')
expect(domain.statuses).to include(DomainStatus::INACTIVE)
end
diff --git a/spec/requests/epp/domain/update/registrant_change/same_as_current_spec.rb b/spec/requests/epp/domain/update/registrant_change/same_as_current_spec.rb
index d929423aa..0a5f3b245 100644
--- a/spec/requests/epp/domain/update/registrant_change/same_as_current_spec.rb
+++ b/spec/requests/epp/domain/update/registrant_change/same_as_current_spec.rb
@@ -1,11 +1,14 @@
require 'rails_helper'
RSpec.describe 'EPP domain:update' do
- let(:request) { post '/epp/command/update', frame: request_xml }
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:domain) { create(:domain, name: 'test.com', registrant: registrant) }
before :example do
- sign_in_to_epp_area
+ login_as user
end
context 'when registrant change confirmation is enabled' do
diff --git a/spec/requests/epp/domain/update/registrant_change/verified_spec.rb b/spec/requests/epp/domain/update/registrant_change/verified_spec.rb
index 996fffccf..c81d46f66 100644
--- a/spec/requests/epp/domain/update/registrant_change/verified_spec.rb
+++ b/spec/requests/epp/domain/update/registrant_change/verified_spec.rb
@@ -1,13 +1,16 @@
require 'rails_helper'
RSpec.describe 'EPP domain:update' do
- let(:request) { post '/epp/command/update', frame: request_xml }
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let!(:registrant) { create(:registrant, code: 'old-code') }
let!(:domain) { create(:domain, name: 'test.com', registrant: registrant) }
let!(:new_registrant) { create(:registrant, code: 'new-code') }
before :example do
- sign_in_to_epp_area
+ login_as user
end
context 'when registrant change confirmation is enabled' do
diff --git a/spec/requests/epp/domain/update/status_spec.rb b/spec/requests/epp/domain/update/status_spec.rb
index 1ef8d7900..f5cb638ad 100644
--- a/spec/requests/epp/domain/update/status_spec.rb
+++ b/spec/requests/epp/domain/update/status_spec.rb
@@ -1,7 +1,10 @@
require 'rails_helper'
RSpec.describe 'EPP domain:update' do
- let(:request) { post '/epp/command/update', frame: request_xml }
+ let(:registrar) { create(:registrar) }
+ let(:user) { create(:api_user_epp, registrar: registrar) }
+ let(:session_id) { create(:epp_session, user: user).session_id }
+ let(:request) { post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => "session=#{session_id}" }
let(:request_xml) { <<-XML
@@ -17,7 +20,7 @@ RSpec.describe 'EPP domain:update' do
}
before :example do
- sign_in_to_epp_area
+ login_as user
end
context 'when domain has both SERVER_DELETE_PROHIBITED and PENDING_UPDATE statuses' do
diff --git a/spec/support/requests/session_helpers.rb b/spec/support/requests/session_helpers.rb
index 0345959e2..84cb9c701 100644
--- a/spec/support/requests/session_helpers.rb
+++ b/spec/support/requests/session_helpers.rb
@@ -1,34 +1,5 @@
module Requests
module SessionHelpers
- def sign_in_to_epp_area(user: create(:api_user_epp))
- login_xml = "
-
-
-
- #{user.username}
- #{user.password}
-
- 1.0
- en
-
-
- https://epp.tld.ee/schema/domain-eis-1.0.xsd
- https://epp.tld.ee/schema/contact-ee-1.1.xsd
- urn:ietf:params:xml:ns:host-1.0
- urn:ietf:params:xml:ns:keyrelay-1.0
-
- urn:ietf:params:xml:ns:secDNS-1.1
- https://epp.tld.ee/schema/eis-1.0.xsd
-
-
-
- ABC-12345
-
- "
-
- post '/epp/session/login', frame: login_xml
- end
-
def sign_in_to_admin_area(user: create(:admin_user))
post admin_sessions_path, admin_user: { username: user.username, password: user.password }
end
diff --git a/test/fixtures/epp_sessions.yml b/test/fixtures/epp_sessions.yml
index 8cdaedb8c..6f1173ca9 100644
--- a/test/fixtures/epp_sessions.yml
+++ b/test/fixtures/epp_sessions.yml
@@ -1,9 +1,7 @@
api_bestnames:
- session_id: 1
- registrar: bestnames
- data: <%= Base64.encode64(Marshal.dump({api_user_id: ActiveRecord::Fixtures.identify(:api_bestnames)})) %>
+ session_id: api_bestnames
+ user: api_bestnames
api_goodnames:
- session_id: 2
- registrar: goodnames
- data: <%= Base64.encode64(Marshal.dump({api_user_id: ActiveRecord::Fixtures.identify(:api_goodnames)})) %>
+ session_id: api_goodnames
+ user: api_goodnames
diff --git a/test/integration/epp/login/credentials_test.rb b/test/integration/epp/login/credentials_test.rb
new file mode 100644
index 000000000..6a27c7393
--- /dev/null
+++ b/test/integration/epp/login/credentials_test.rb
@@ -0,0 +1,64 @@
+require 'test_helper'
+
+class EppLoginCredentialsTest < ActionDispatch::IntegrationTest
+ def test_correct_credentials
+ request_xml = <<-XML
+
+
+
+
+ test_bestnames
+ testtest
+
+ 1.0
+ en
+
+
+ https://epp.tld.ee/schema/domain-eis-1.0.xsd
+ https://epp.tld.ee/schema/contact-ee-1.1.xsd
+ urn:ietf:params:xml:ns:host-1.0
+ urn:ietf:params:xml:ns:keyrelay-1.0
+
+
+
+
+ XML
+
+ post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
+ assert EppSession.find_by(session_id: 'new_session_id')
+ assert_equal users(:api_bestnames), EppSession.find_by(session_id: 'new_session_id').user
+ assert Nokogiri::XML(response.body).at_css('result[code="1000"]')
+ assert_equal 1, Nokogiri::XML(response.body).css('result').size
+ end
+
+ def test_already_logged_in
+ assert true # Handled by mod_epp
+ end
+
+ def test_wrong_credentials
+ request_xml = <<-XML
+
+
+
+
+ non-existent
+ valid-but-wrong
+
+ 1.0
+ en
+
+
+ https://epp.tld.ee/schema/domain-eis-1.0.xsd
+ https://epp.tld.ee/schema/contact-ee-1.1.xsd
+ urn:ietf:params:xml:ns:host-1.0
+ urn:ietf:params:xml:ns:keyrelay-1.0
+
+
+
+
+ XML
+
+ post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=any_random_string' }
+ assert Nokogiri::XML(response.body).at_css('result[code="2501"]')
+ end
+end
diff --git a/test/integration/epp/login/session_limit_test.rb b/test/integration/epp/login/session_limit_test.rb
new file mode 100644
index 000000000..513699415
--- /dev/null
+++ b/test/integration/epp/login/session_limit_test.rb
@@ -0,0 +1,63 @@
+require 'test_helper'
+
+class EppLoginSessionLimitTest < ActionDispatch::IntegrationTest
+ def setup
+ travel_to Time.zone.parse('2010-07-05')
+ EppSession.delete_all
+ end
+
+ def test_not_reached
+ (EppSession.limit_per_registrar - 1).times do
+ EppSession.create!(session_id: SecureRandom.hex,
+ user: users(:api_bestnames),
+ updated_at: Time.zone.parse('2010-07-05'))
+ end
+
+ assert_difference 'EppSession.count' do
+ post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
+ end
+
+ assert Nokogiri::XML(response.body).at_css('result[code="1000"]')
+ assert_equal 1, Nokogiri::XML(response.body).css('result').size
+ end
+
+ def test_reached
+ EppSession.limit_per_registrar.times do
+ EppSession.create!(session_id: SecureRandom.hex,
+ user: users(:api_bestnames),
+ updated_at: Time.zone.parse('2010-07-05'))
+ end
+
+ assert_no_difference 'EppSession.count' do
+ post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
+ end
+
+ assert Nokogiri::XML(response.body).at_css('result[code="2501"]')
+ end
+
+ private
+
+ def request_xml
+ <<-XML
+
+
+
+
+ test_bestnames
+ testtest
+
+ 1.0
+ en
+
+
+ https://epp.tld.ee/schema/domain-eis-1.0.xsd
+ https://epp.tld.ee/schema/contact-ee-1.1.xsd
+ urn:ietf:params:xml:ns:host-1.0
+ urn:ietf:params:xml:ns:keyrelay-1.0
+
+
+
+
+ XML
+ end
+end
diff --git a/test/integration/epp/logout_test.rb b/test/integration/epp/logout_test.rb
new file mode 100644
index 000000000..75b26f2f3
--- /dev/null
+++ b/test/integration/epp/logout_test.rb
@@ -0,0 +1,37 @@
+require 'test_helper'
+
+class EppLogoutTest < ActionDispatch::IntegrationTest
+ def test_success_response
+ post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
+ assert Nokogiri::XML(response.body).at_css('result[code="1500"]')
+ assert_equal 1, Nokogiri::XML(response.body).css('result').size
+ end
+
+ def test_ends_current_session
+ post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
+ assert_nil EppSession.find_by(session_id: 'api_bestnames')
+ end
+
+ def test_keeps_other_sessions_intact
+ post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
+ assert EppSession.find_by(session_id: 'api_goodnames')
+ end
+
+ def test_anonymous_user
+ post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=non-existent' }
+ assert Nokogiri::XML(response.body).at_css('result[code="2201"]')
+ end
+
+ private
+
+ def request_xml
+ <<-XML
+
+
+
+
+
+
+ XML
+ end
+end
diff --git a/test/models/epp_session_test.rb b/test/models/epp_session_test.rb
new file mode 100644
index 000000000..fd795b23c
--- /dev/null
+++ b/test/models/epp_session_test.rb
@@ -0,0 +1,63 @@
+require 'test_helper'
+
+class EppSessionTest < ActiveSupport::TestCase
+ def setup
+ @epp_session = epp_sessions(:api_bestnames)
+ end
+
+ def test_valid
+ assert @epp_session.valid?
+ end
+
+ def test_invalid_without_session_id
+ @epp_session.session_id = nil
+ @epp_session.validate
+ assert @epp_session.invalid?
+ end
+
+ def test_invalid_without_user
+ @epp_session.user = nil
+ @epp_session.validate
+ assert @epp_session.invalid?
+ end
+
+ def test_invalid_if_persisted_record_with_the_same_session_id_exists
+ epp_session = EppSession.new(session_id: @epp_session.session_id, user: @epp_session.user)
+ epp_session.validate
+ assert epp_session.invalid?
+ end
+
+ # Having session_id constraints at the database level is crucial
+
+ def test_database_session_id_unique_constraint
+ epp_session = EppSession.new(session_id: @epp_session.session_id, user: @epp_session.user)
+
+ assert_raises ActiveRecord::RecordNotUnique do
+ epp_session.save(validate: false)
+ end
+ end
+
+ def test_database_session_id_not_null_constraint
+ @epp_session.session_id = nil
+ assert_raises ActiveRecord::StatementInvalid do
+ @epp_session.save(validate: false)
+ end
+ end
+
+ def test_limit_per_registrar
+ assert_equal 4, EppSession.limit_per_registrar
+ end
+
+ def test_limit_is_per_registrar
+ travel_to Time.zone.parse('2010-07-05')
+ EppSession.delete_all
+
+ EppSession.limit_per_registrar.times do
+ EppSession.create!(session_id: SecureRandom.hex,
+ user: users(:api_goodnames),
+ updated_at: Time.zone.parse('2010-07-05'))
+ end
+
+ refute EppSession.limit_reached?(registrars(:bestnames))
+ end
+end