mirror of
https://github.com/internetee/registry.git
synced 2025-08-06 09:45:11 +02:00
Artur Beljajev
parent
0a1405ae52
commit
77678681a6
18 changed files with 263 additions and 272 deletions
|
|
@ -1,7 +1,10 @@
|
|||
module Epp
|
||||
class BaseController < ApplicationController
|
||||
layout false
|
||||
class BaseController < ActionController::Base
|
||||
class AuthorizationError < StandardError; end
|
||||
|
||||
check_authorization
|
||||
skip_before_action :verify_authenticity_token
|
||||
layout false
|
||||
|
||||
before_action :ensure_session_id_passed
|
||||
before_action :generate_svtrid
|
||||
|
|
@ -10,13 +13,50 @@ module Epp
|
|||
before_action :validate_request
|
||||
before_action :update_epp_session, if: 'signed_in?'
|
||||
|
||||
around_action :catch_epp_errors
|
||||
around_action :wrap_exceptions
|
||||
|
||||
helper_method :current_user
|
||||
helper_method :resource
|
||||
|
||||
rescue_from StandardError, with: :respond_with_command_failed_error
|
||||
rescue_from AuthorizationError, with: :respond_with_authorization_error
|
||||
rescue_from ActiveRecord::RecordNotFound, with: :respond_with_object_does_not_exist_error
|
||||
|
||||
protected
|
||||
|
||||
def respond_with_command_failed_error(exception)
|
||||
epp_errors << {
|
||||
code: '2400',
|
||||
msg: 'Command failed',
|
||||
}
|
||||
handle_errors
|
||||
log_exception(exception)
|
||||
end
|
||||
|
||||
def respond_with_object_does_not_exist_error
|
||||
epp_errors << {
|
||||
code: '2303',
|
||||
msg: 'Object does not exist',
|
||||
}
|
||||
handle_errors
|
||||
end
|
||||
|
||||
def respond_with_authorization_error
|
||||
epp_errors << {
|
||||
code: '2201',
|
||||
msg: 'Authorization error',
|
||||
}
|
||||
handle_errors
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def wrap_exceptions
|
||||
yield
|
||||
rescue CanCan::AccessDenied
|
||||
raise AuthorizationError
|
||||
end
|
||||
|
||||
def validate_against_schema
|
||||
return if ['hello', 'error', 'keyrelay'].include?(params[:action])
|
||||
schema.validate(params[:nokogiri_frame]).each do |error|
|
||||
|
|
@ -28,47 +68,6 @@ module Epp
|
|||
handle_errors and return if epp_errors.any?
|
||||
end
|
||||
|
||||
def catch_epp_errors
|
||||
err = catch(:epp_error) do
|
||||
yield
|
||||
nil
|
||||
end
|
||||
return unless err
|
||||
@errors = [err]
|
||||
handle_errors
|
||||
end
|
||||
|
||||
rescue_from StandardError do |e|
|
||||
@errors ||= []
|
||||
|
||||
if e.class == CanCan::AccessDenied
|
||||
if @errors.blank?
|
||||
@errors = [{
|
||||
msg: t('errors.messages.epp_authorization_error'),
|
||||
code: '2201'
|
||||
}]
|
||||
end
|
||||
else
|
||||
if @errors.blank?
|
||||
@errors = [{
|
||||
msg: 'Internal error.',
|
||||
code: '2400'
|
||||
}]
|
||||
end
|
||||
|
||||
if Rails.env.test? || Rails.env.development?
|
||||
puts e.backtrace.reverse.join("\n")
|
||||
puts "\n BACKTRACE REVERSED!\n"
|
||||
puts "\n FROM-EPP-RESCUE: #{e.message}\n\n\n"
|
||||
else
|
||||
logger.error "FROM-EPP-RESCUE: #{e.message}"
|
||||
logger.error e.backtrace.join("\n")
|
||||
end
|
||||
end
|
||||
|
||||
render_epp_response '/epp/error'
|
||||
end
|
||||
|
||||
def schema
|
||||
EPP_ALL_SCHEMA
|
||||
end
|
||||
|
|
@ -114,25 +113,13 @@ module Epp
|
|||
end
|
||||
end
|
||||
|
||||
# for debugging
|
||||
if @errors.blank?
|
||||
@errors << {
|
||||
code: '1',
|
||||
msg: 'handle_errors was executed when there were actually no errors'
|
||||
}
|
||||
end
|
||||
|
||||
@errors.uniq!
|
||||
|
||||
logger.error "\nFOLLOWING ERRORS OCCURRED ON EPP QUERY:"
|
||||
logger.error @errors.inspect
|
||||
logger.error "\n"
|
||||
|
||||
render_epp_response '/epp/error'
|
||||
end
|
||||
|
||||
def render_epp_response(*args)
|
||||
@response = render_to_string(*args)
|
||||
@response = render_to_string(*args, formats: 'xml')
|
||||
render xml: @response
|
||||
write_to_epp_log
|
||||
end
|
||||
|
|
@ -406,5 +393,9 @@ module Epp
|
|||
logger.error "IPTABLES COUNTER UPDATE: cannot write #{ip} to #{counter_proc}: #{e}"
|
||||
end
|
||||
end
|
||||
|
||||
def log_exception(exception)
|
||||
notify_airbrake(exception)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -84,18 +84,7 @@ module Epp
|
|||
|
||||
def find_contact
|
||||
code = params[:parsed_frame].css('id').text.strip.upcase
|
||||
|
||||
@contact = Epp::Contact.find_by_epp_code(code)
|
||||
|
||||
if @contact.blank?
|
||||
epp_errors << {
|
||||
code: '2303',
|
||||
msg: t('errors.messages.epp_obj_does_not_exist'),
|
||||
value: { obj: 'id', val: code }
|
||||
}
|
||||
fail CanCan::AccessDenied
|
||||
end
|
||||
@contact
|
||||
@contact = Epp::Contact.find_by!(code: code)
|
||||
end
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -4,10 +4,14 @@ module Epp
|
|||
before_action :find_password, only: %i[info update transfer delete]
|
||||
|
||||
def info
|
||||
authorize! :info, @domain, @password
|
||||
authorize! :info, @domain
|
||||
|
||||
@hosts = params[:parsed_frame].css('name').first['hosts'] || 'all'
|
||||
|
||||
sponsoring_registrar = (@domain.registrar == current_user.registrar)
|
||||
correct_transfer_code_provided = (@domain.transfer_code == @password)
|
||||
@reveal_full_details = (sponsoring_registrar || correct_transfer_code_provided)
|
||||
|
||||
case @hosts
|
||||
when 'del'
|
||||
@nameservers = @domain.delegated_nameservers.sort
|
||||
|
|
@ -28,26 +32,38 @@ module Epp
|
|||
domain_name = DNS::DomainName.new(SimpleIDN.to_unicode(request_domain_name))
|
||||
|
||||
if domain_name.at_auction?
|
||||
throw :epp_error,
|
||||
code: '2306',
|
||||
msg: 'Parameter value policy error: domain is at auction'
|
||||
epp_errors << {
|
||||
code: '2306',
|
||||
msg: 'Parameter value policy error: domain is at auction',
|
||||
}
|
||||
handle_errors
|
||||
return
|
||||
elsif domain_name.awaiting_payment?
|
||||
throw :epp_error,
|
||||
code: '2003',
|
||||
msg: 'Required parameter missing; reserved>pw element required for reserved domains'
|
||||
epp_errors << {
|
||||
code: '2003',
|
||||
msg: 'Required parameter missing; reserved>pw element required for reserved domains',
|
||||
}
|
||||
handle_errors
|
||||
return
|
||||
elsif domain_name.pending_registration?
|
||||
registration_code = params[:parsed_frame].css('reserved > pw').text
|
||||
|
||||
if registration_code.empty?
|
||||
throw :epp_error,
|
||||
code: '2003',
|
||||
msg: 'Required parameter missing; reserved>pw element is required'
|
||||
epp_errors << {
|
||||
code: '2003',
|
||||
msg: 'Required parameter missing; reserved>pw element is required',
|
||||
}
|
||||
handle_errors
|
||||
return
|
||||
end
|
||||
|
||||
unless domain_name.available_with_code?(registration_code)
|
||||
throw :epp_error,
|
||||
code: '2202',
|
||||
msg: 'Invalid authorization information; invalid reserved>pw value'
|
||||
epp_errors << {
|
||||
code: '2202',
|
||||
msg: 'Invalid authorization information; invalid reserved>pw value',
|
||||
}
|
||||
handle_errors
|
||||
return
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -85,22 +101,15 @@ module Epp
|
|||
|
||||
def update
|
||||
authorize! :update, @domain, @password
|
||||
begin
|
||||
if @domain.update(params[:parsed_frame], current_user)
|
||||
if @domain.epp_pending_update.present?
|
||||
render_epp_response '/epp/domains/success_pending'
|
||||
else
|
||||
render_epp_response '/epp/domains/success'
|
||||
end
|
||||
|
||||
if @domain.update(params[:parsed_frame], current_user)
|
||||
if @domain.epp_pending_update.present?
|
||||
render_epp_response '/epp/domains/success_pending'
|
||||
else
|
||||
handle_errors(@domain)
|
||||
end
|
||||
rescue => e
|
||||
if @domain.errors.any?
|
||||
handle_errors(@domain)
|
||||
else
|
||||
throw e
|
||||
render_epp_response '/epp/domains/success'
|
||||
end
|
||||
else
|
||||
handle_errors(@domain)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -177,14 +186,21 @@ module Epp
|
|||
action = params[:parsed_frame].css('transfer').first[:op]
|
||||
|
||||
if @domain.non_transferable?
|
||||
throw :epp_error, {
|
||||
epp_errors << {
|
||||
code: '2304',
|
||||
msg: I18n.t(:object_status_prohibits_operation)
|
||||
msg: I18n.t(:object_status_prohibits_operation),
|
||||
}
|
||||
handle_errors
|
||||
return
|
||||
end
|
||||
|
||||
@domain_transfer = @domain.transfer(params[:parsed_frame], action, current_user)
|
||||
|
||||
if @domain.errors[:epp_errors].any?
|
||||
handle_errors(@domain)
|
||||
return
|
||||
end
|
||||
|
||||
if @domain_transfer
|
||||
render_epp_response '/epp/domains/transfer'
|
||||
else
|
||||
|
|
@ -272,18 +288,11 @@ module Epp
|
|||
|
||||
def find_domain
|
||||
domain_name = params[:parsed_frame].css('name').text.strip.downcase
|
||||
@domain = Epp::Domain.find_by_idn domain_name
|
||||
|
||||
unless @domain
|
||||
epp_errors << {
|
||||
code: '2303',
|
||||
msg: I18n.t('errors.messages.epp_domain_not_found'),
|
||||
value: { obj: 'name', val: domain_name }
|
||||
}
|
||||
fail CanCan::AccessDenied
|
||||
end
|
||||
domain = Epp::Domain.find_by_idn(domain_name)
|
||||
raise ActiveRecord::RecordNotFound unless domain
|
||||
|
||||
@domain
|
||||
@domain = domain
|
||||
end
|
||||
|
||||
def find_password
|
||||
|
|
|
|||
|
|
@ -48,13 +48,12 @@ class Ability
|
|||
# can(:create, :epp_request)
|
||||
|
||||
# Epp::Domain
|
||||
can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.transfer_code == pw }
|
||||
can(:info, Epp::Domain)
|
||||
can(:check, Epp::Domain)
|
||||
can(:create, Epp::Domain)
|
||||
can(:renew, Epp::Domain) { |d| d.registrar_id == @user.registrar_id }
|
||||
can(:update, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
|
||||
can(:transfer, Epp::Domain) { |d, pw| d.transfer_code == pw }
|
||||
can(:view_password, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
|
||||
can(:transfer, Epp::Domain)
|
||||
can(:delete, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
|
||||
|
||||
# Epp::Contact
|
||||
|
|
|
|||
|
|
@ -154,10 +154,17 @@ class Epp::Contact < Contact
|
|||
type: ident_frame.attr('type'),
|
||||
country_code: ident_frame.attr('cc'))
|
||||
|
||||
report_valid_ident_error if submitted_ident != identifier
|
||||
if submitted_ident != identifier
|
||||
add_epp_error('2308', nil, nil, I18n.t('epp.contacts.errors.valid_ident'))
|
||||
return
|
||||
end
|
||||
else
|
||||
ident_update_attempt = ident_frame.text.present? && (ident_frame.text != ident)
|
||||
report_ident_update_error if ident_update_attempt
|
||||
|
||||
if ident_update_attempt
|
||||
add_epp_error('2308', nil, nil, I18n.t('epp.contacts.errors.ident_update'))
|
||||
return
|
||||
end
|
||||
|
||||
identifier = Ident.new(code: ident,
|
||||
type: ident_frame.attr('type'),
|
||||
|
|
@ -243,14 +250,4 @@ class Epp::Contact < Contact
|
|||
frame.css("legalDocument").first.content = doc.path if doc&.persisted?
|
||||
self.legal_document_id = doc.id
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def report_valid_ident_error
|
||||
throw :epp_error, { code: '2308', msg: I18n.t('epp.contacts.errors.valid_ident') }
|
||||
end
|
||||
|
||||
def report_ident_update_error
|
||||
throw :epp_error, { code: '2308', msg: I18n.t('epp.contacts.errors.ident_update') }
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -451,10 +451,8 @@ class Epp::Domain < Domain
|
|||
return super if frame.blank?
|
||||
|
||||
if discarded?
|
||||
throw :epp_error, {
|
||||
code: '2304',
|
||||
msg: 'Object status prohibits operation',
|
||||
}
|
||||
add_epp_error('2304', nil, nil, 'Object status prohibits operation')
|
||||
return
|
||||
end
|
||||
|
||||
at = {}.with_indifferent_access
|
||||
|
|
@ -531,10 +529,8 @@ class Epp::Domain < Domain
|
|||
|
||||
def epp_destroy(frame, user_id)
|
||||
if discarded?
|
||||
throw :epp_error, {
|
||||
code: '2304',
|
||||
msg: 'Object status prohibits operation',
|
||||
}
|
||||
add_epp_error('2304', nil, nil, 'Object status prohibits operation')
|
||||
return
|
||||
end
|
||||
|
||||
if doc = attach_legal_document(Epp::Domain.parse_legal_document_from_frame(frame))
|
||||
|
|
@ -554,10 +550,10 @@ class Epp::Domain < Domain
|
|||
end
|
||||
|
||||
def set_pending_delete!
|
||||
throw :epp_error, {
|
||||
code: '2304',
|
||||
msg: I18n.t(:object_status_prohibits_operation)
|
||||
} unless pending_deletable?
|
||||
unless pending_deletable?
|
||||
add_epp_error('2304', nil, nil, I18n.t(:object_status_prohibits_operation))
|
||||
return
|
||||
end
|
||||
|
||||
self.delete_date = Time.zone.today + Setting.redemption_grace_period.days + 1.day
|
||||
set_pending_delete
|
||||
|
|
@ -601,10 +597,8 @@ class Epp::Domain < Domain
|
|||
|
||||
def transfer(frame, action, current_user)
|
||||
if discarded?
|
||||
throw :epp_error, {
|
||||
code: '2106',
|
||||
msg: 'Object is not eligible for transfer',
|
||||
}
|
||||
add_epp_error('2106', nil, nil, 'Object is not eligible for transfer')
|
||||
return
|
||||
end
|
||||
|
||||
@is_transfer = true
|
||||
|
|
@ -624,10 +618,8 @@ class Epp::Domain < Domain
|
|||
|
||||
def query_transfer(frame, current_user)
|
||||
if current_user.registrar == registrar
|
||||
throw :epp_error, {
|
||||
code: '2002',
|
||||
msg: I18n.t(:domain_already_belongs_to_the_querying_registrar)
|
||||
}
|
||||
add_epp_error('2002', nil, nil, I18n.t(:domain_already_belongs_to_the_querying_registrar))
|
||||
return
|
||||
end
|
||||
|
||||
transaction do
|
||||
|
|
@ -661,11 +653,10 @@ class Epp::Domain < Domain
|
|||
|
||||
def approve_transfer(frame, current_user)
|
||||
pt = pending_transfer
|
||||
|
||||
if current_user.registrar != pt.old_registrar
|
||||
throw :epp_error, {
|
||||
msg: I18n.t('transfer_can_be_approved_only_by_current_registrar'),
|
||||
code: '2304'
|
||||
}
|
||||
add_epp_error('2304', nil, nil, I18n.t('transfer_can_be_approved_only_by_current_registrar'))
|
||||
return
|
||||
end
|
||||
|
||||
transaction do
|
||||
|
|
@ -687,11 +678,10 @@ class Epp::Domain < Domain
|
|||
|
||||
def reject_transfer(frame, current_user)
|
||||
pt = pending_transfer
|
||||
|
||||
if current_user.registrar != pt.old_registrar
|
||||
throw :epp_error, {
|
||||
msg: I18n.t('transfer_can_be_rejected_only_by_current_registrar'),
|
||||
code: '2304'
|
||||
}
|
||||
add_epp_error('2304', nil, nil, I18n.t('transfer_can_be_rejected_only_by_current_registrar'))
|
||||
return
|
||||
end
|
||||
|
||||
transaction do
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ module Epp
|
|||
object_association_prohibits_operation: 2305,
|
||||
parameter_value_policy_error: 2306,
|
||||
data_management_policy_violation: 2308,
|
||||
command_failed: 2400,
|
||||
authentication_error_server_closing_connection: 2501,
|
||||
}.freeze
|
||||
private_constant :KEY_TO_VALUE
|
||||
|
|
@ -52,6 +53,7 @@ module Epp
|
|||
2305 => 'Object association prohibits operation',
|
||||
2306 => 'Parameter value policy error',
|
||||
2308 => 'Data management policy violation',
|
||||
2400 => 'Command failed',
|
||||
2501 => 'Authentication error; server closing connection',
|
||||
}.freeze
|
||||
private_constant :DEFAULT_DESCRIPTIONS
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ xml.epp_head do
|
|||
|
||||
xml.tag!('domain:exDate', @domain.valid_to.iso8601)
|
||||
|
||||
if can? :view_password, @domain, @password
|
||||
if @reveal_full_details
|
||||
xml.tag!('domain:authInfo') do
|
||||
xml.tag!('domain:pw', @domain.transfer_code)
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue