zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-05 20:27:30 +02:00
Code Issues Projects Releases Packages Wiki Activity

Improve EPP error handling

Browse source 
Fixes #539
This commit is contained in:
Artur Beljajev 2019-09-11 18:42:13 +03:00
parent 0a1405ae52
commit 77678681a6
18 changed files with 263 additions and 272 deletions
Download patch file Download diff file Expand all files Collapse all files

105
app/controllers/epp/base_controller.rb
View file

@ -1,7 +1,10 @@
module Epp
class BaseController < ApplicationController
layout false
class BaseController < ActionController::Base
class AuthorizationError < StandardError; end
check_authorization
skip_before_action :verify_authenticity_token
layout false
before_action :ensure_session_id_passed
before_action :generate_svtrid
@ -10,13 +13,50 @@ module Epp
before_action :validate_request
before_action :update_epp_session, if: 'signed_in?'
around_action :catch_epp_errors
around_action :wrap_exceptions
helper_method :current_user
helper_method :resource
rescue_from StandardError, with: :respond_with_command_failed_error
rescue_from AuthorizationError, with: :respond_with_authorization_error
rescue_from ActiveRecord::RecordNotFound, with: :respond_with_object_does_not_exist_error
protected
def respond_with_command_failed_error(exception)
epp_errors << {
code: '2400',
msg: 'Command failed',
}
handle_errors
log_exception(exception)
end
def respond_with_object_does_not_exist_error
epp_errors << {
code: '2303',
msg: 'Object does not exist',
}
handle_errors
end
def respond_with_authorization_error
epp_errors << {
code: '2201',
msg: 'Authorization error',
}
handle_errors
end
private
def wrap_exceptions
yield
rescue CanCan::AccessDenied
raise AuthorizationError
end
def validate_against_schema
return if ['hello', 'error', 'keyrelay'].include?(params[:action])
schema.validate(params[:nokogiri_frame]).each do |error|
@ -28,47 +68,6 @@ module Epp
handle_errors and return if epp_errors.any?
end
def catch_epp_errors
err = catch(:epp_error) do
yield
nil
end
return unless err
@errors = [err]
handle_errors
end
rescue_from StandardError do |e|
@errors ||= []
if e.class == CanCan::AccessDenied
if @errors.blank?
@errors = [{
msg: t('errors.messages.epp_authorization_error'),
code: '2201'
}]
end
else
if @errors.blank?
@errors = [{
msg: 'Internal error.',
code: '2400'
}]
end
if Rails.env.test? || Rails.env.development?
puts e.backtrace.reverse.join("\n")
puts "\n BACKTRACE REVERSED!\n"
puts "\n FROM-EPP-RESCUE: #{e.message}\n\n\n"
else
logger.error "FROM-EPP-RESCUE: #{e.message}"
logger.error e.backtrace.join("\n")
end
end
render_epp_response '/epp/error'
end
def schema
EPP_ALL_SCHEMA
end
@ -114,25 +113,13 @@ module Epp
end
end
# for debugging
if @errors.blank?
@errors << {
code: '1',
msg: 'handle_errors was executed when there were actually no errors'
}
end
@errors.uniq!
logger.error "\nFOLLOWING ERRORS OCCURRED ON EPP QUERY:"
logger.error @errors.inspect
logger.error "\n"
render_epp_response '/epp/error'
end
def render_epp_response(*args)
@response = render_to_string(*args)
@response = render_to_string(*args, formats: 'xml')
render xml: @response
write_to_epp_log
end
@ -406,5 +393,9 @@ module Epp
logger.error "IPTABLES COUNTER UPDATE: cannot write #{ip} to #{counter_proc}: #{e}"
end
end
def log_exception(exception)
notify_airbrake(exception)
end
end
end

13
app/controllers/epp/contacts_controller.rb
View file

@ -84,18 +84,7 @@ module Epp
def find_contact
code = params[:parsed_frame].css('id').text.strip.upcase
@contact = Epp::Contact.find_by_epp_code(code)
if @contact.blank?
epp_errors << {
code: '2303',
msg: t('errors.messages.epp_obj_does_not_exist'),
value: { obj: 'id', val: code }
}
fail CanCan::AccessDenied
end
@contact
@contact = Epp::Contact.find_by!(code: code)
end
#

87
app/controllers/epp/domains_controller.rb
View file

@ -4,10 +4,14 @@ module Epp
before_action :find_password, only: %i[info update transfer delete]
def info
authorize! :info, @domain, @password
authorize! :info, @domain
@hosts = params[:parsed_frame].css('name').first['hosts'] || 'all'
sponsoring_registrar = (@domain.registrar == current_user.registrar)
correct_transfer_code_provided = (@domain.transfer_code == @password)
@reveal_full_details = (sponsoring_registrar || correct_transfer_code_provided)
case @hosts
when 'del'
@nameservers = @domain.delegated_nameservers.sort
@ -28,26 +32,38 @@ module Epp
domain_name = DNS::DomainName.new(SimpleIDN.to_unicode(request_domain_name))
if domain_name.at_auction?
throw :epp_error,
code: '2306',
msg: 'Parameter value policy error: domain is at auction'
epp_errors << {
code: '2306',
msg: 'Parameter value policy error: domain is at auction',
}
handle_errors
return
elsif domain_name.awaiting_payment?
throw :epp_error,
code: '2003',
msg: 'Required parameter missing; reserved>pw element required for reserved domains'
epp_errors << {
code: '2003',
msg: 'Required parameter missing; reserved>pw element required for reserved domains',
}
handle_errors
return
elsif domain_name.pending_registration?
registration_code = params[:parsed_frame].css('reserved > pw').text
if registration_code.empty?
throw :epp_error,
code: '2003',
msg: 'Required parameter missing; reserved>pw element is required'
epp_errors << {
code: '2003',
msg: 'Required parameter missing; reserved>pw element is required',
}
handle_errors
return
end
unless domain_name.available_with_code?(registration_code)
throw :epp_error,
code: '2202',
msg: 'Invalid authorization information; invalid reserved>pw value'
epp_errors << {
code: '2202',
msg: 'Invalid authorization information; invalid reserved>pw value',
}
handle_errors
return
end
end
end
@ -85,22 +101,15 @@ module Epp
def update
authorize! :update, @domain, @password
begin
if @domain.update(params[:parsed_frame], current_user)
if @domain.epp_pending_update.present?
render_epp_response '/epp/domains/success_pending'
else
render_epp_response '/epp/domains/success'
end
if @domain.update(params[:parsed_frame], current_user)
if @domain.epp_pending_update.present?
render_epp_response '/epp/domains/success_pending'
else
handle_errors(@domain)
end
rescue => e
if @domain.errors.any?
handle_errors(@domain)
else
throw e
render_epp_response '/epp/domains/success'
end
else
handle_errors(@domain)
end
end
@ -177,14 +186,21 @@ module Epp
action = params[:parsed_frame].css('transfer').first[:op]
if @domain.non_transferable?
throw :epp_error, {
epp_errors << {
code: '2304',
msg: I18n.t(:object_status_prohibits_operation)
msg: I18n.t(:object_status_prohibits_operation),
}
handle_errors
return
end
@domain_transfer = @domain.transfer(params[:parsed_frame], action, current_user)
if @domain.errors[:epp_errors].any?
handle_errors(@domain)
return
end
if @domain_transfer
render_epp_response '/epp/domains/transfer'
else
@ -272,18 +288,11 @@ module Epp
def find_domain
domain_name = params[:parsed_frame].css('name').text.strip.downcase
@domain = Epp::Domain.find_by_idn domain_name
unless @domain
epp_errors << {
code: '2303',
msg: I18n.t('errors.messages.epp_domain_not_found'),
value: { obj: 'name', val: domain_name }
}
fail CanCan::AccessDenied
end
domain = Epp::Domain.find_by_idn(domain_name)
raise ActiveRecord::RecordNotFound unless domain
@domain
@domain = domain
end
def find_password

5
app/models/ability.rb
View file

@ -48,13 +48,12 @@ class Ability
# can(:create, :epp_request)
# Epp::Domain
can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.transfer_code == pw }
can(:info, Epp::Domain)
can(:check, Epp::Domain)
can(:create, Epp::Domain)
can(:renew, Epp::Domain) { |d| d.registrar_id == @user.registrar_id }
can(:update, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
can(:transfer, Epp::Domain) { |d, pw| d.transfer_code == pw }
can(:view_password, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
can(:transfer, Epp::Domain)
can(:delete, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
# Epp::Contact

21
app/models/epp/contact.rb
View file

@ -154,10 +154,17 @@ class Epp::Contact < Contact
type: ident_frame.attr('type'),
country_code: ident_frame.attr('cc'))
report_valid_ident_error if submitted_ident != identifier
if submitted_ident != identifier
add_epp_error('2308', nil, nil, I18n.t('epp.contacts.errors.valid_ident'))
return
end
else
ident_update_attempt = ident_frame.text.present? && (ident_frame.text != ident)
report_ident_update_error if ident_update_attempt
if ident_update_attempt
add_epp_error('2308', nil, nil, I18n.t('epp.contacts.errors.ident_update'))
return
end
identifier = Ident.new(code: ident,
type: ident_frame.attr('type'),
@ -243,14 +250,4 @@ class Epp::Contact < Contact
frame.css("legalDocument").first.content = doc.path if doc&.persisted?
self.legal_document_id = doc.id
end
private
def report_valid_ident_error
throw :epp_error, { code: '2308', msg: I18n.t('epp.contacts.errors.valid_ident') }
end
def report_ident_update_error
throw :epp_error, { code: '2308', msg: I18n.t('epp.contacts.errors.ident_update') }
end
end

46
app/models/epp/domain.rb
View file

@ -451,10 +451,8 @@ class Epp::Domain < Domain
return super if frame.blank?
if discarded?
throw :epp_error, {
code: '2304',
msg: 'Object status prohibits operation',
}
add_epp_error('2304', nil, nil, 'Object status prohibits operation')
return
end
at = {}.with_indifferent_access
@ -531,10 +529,8 @@ class Epp::Domain < Domain
def epp_destroy(frame, user_id)
if discarded?
throw :epp_error, {
code: '2304',
msg: 'Object status prohibits operation',
}
add_epp_error('2304', nil, nil, 'Object status prohibits operation')
return
end
if doc = attach_legal_document(Epp::Domain.parse_legal_document_from_frame(frame))
@ -554,10 +550,10 @@ class Epp::Domain < Domain
end
def set_pending_delete!
throw :epp_error, {
code: '2304',
msg: I18n.t(:object_status_prohibits_operation)
} unless pending_deletable?
unless pending_deletable?
add_epp_error('2304', nil, nil, I18n.t(:object_status_prohibits_operation))
return
end
self.delete_date = Time.zone.today + Setting.redemption_grace_period.days + 1.day
set_pending_delete
@ -601,10 +597,8 @@ class Epp::Domain < Domain
def transfer(frame, action, current_user)
if discarded?
throw :epp_error, {
code: '2106',
msg: 'Object is not eligible for transfer',
}
add_epp_error('2106', nil, nil, 'Object is not eligible for transfer')
return
end
@is_transfer = true
@ -624,10 +618,8 @@ class Epp::Domain < Domain
def query_transfer(frame, current_user)
if current_user.registrar == registrar
throw :epp_error, {
code: '2002',
msg: I18n.t(:domain_already_belongs_to_the_querying_registrar)
}
add_epp_error('2002', nil, nil, I18n.t(:domain_already_belongs_to_the_querying_registrar))
return
end
transaction do
@ -661,11 +653,10 @@ class Epp::Domain < Domain
def approve_transfer(frame, current_user)
pt = pending_transfer
if current_user.registrar != pt.old_registrar
throw :epp_error, {
msg: I18n.t('transfer_can_be_approved_only_by_current_registrar'),
code: '2304'
}
add_epp_error('2304', nil, nil, I18n.t('transfer_can_be_approved_only_by_current_registrar'))
return
end
transaction do
@ -687,11 +678,10 @@ class Epp::Domain < Domain
def reject_transfer(frame, current_user)
pt = pending_transfer
if current_user.registrar != pt.old_registrar
throw :epp_error, {
msg: I18n.t('transfer_can_be_rejected_only_by_current_registrar'),
code: '2304'
}
add_epp_error('2304', nil, nil, I18n.t('transfer_can_be_rejected_only_by_current_registrar'))
return
end
transaction do

2
app/models/epp/response/result/code.rb
View file

@ -26,6 +26,7 @@ module Epp
object_association_prohibits_operation: 2305,
parameter_value_policy_error: 2306,
data_management_policy_violation: 2308,
command_failed: 2400,
authentication_error_server_closing_connection: 2501,
}.freeze
private_constant :KEY_TO_VALUE
@ -52,6 +53,7 @@ module Epp
2305 => 'Object association prohibits operation',
2306 => 'Parameter value policy error',
2308 => 'Data management policy violation',
2400 => 'Command failed',
2501 => 'Authentication error; server closing connection',
}.freeze
private_constant :DEFAULT_DESCRIPTIONS

2
app/views/epp/domains/info.xml.builder
View file

@ -53,7 +53,7 @@ xml.epp_head do
xml.tag!('domain:exDate', @domain.valid_to.iso8601)
if can? :view_password, @domain, @password
if @reveal_full_details
xml.tag!('domain:authInfo') do
xml.tag!('domain:pw', @domain.transfer_code)
end

1
config/locales/en.yml
View file

@ -202,7 +202,6 @@ en:
epp_domain_zone_with_same_origin: Zone with the same origin exists
epp_domain_at_auction: Domain is at auction
epp_domain_awaiting_payment: Awaiting payment
epp_obj_does_not_exist: 'Object does not exist'
epp_authorization_error: 'Authorization error'
epp_id_taken: 'Contact id already exists'
epp_domain_not_found: 'Domain not found'

90
test/integration/epp/base_test.rb Normal file
View file

@ -0,0 +1,90 @@
require 'test_helper'
class DummyEppController < Epp::BaseController
def internal_error
raise StandardError
end
end
class EppBaseTest < EppTestCase
def test_internal_error
Rails.application.routes.draw do
post 'epp/command/internal_error', to: 'dummy_epp#internal_error',
constraints: EppConstraint.new(:poll)
end
any_valid_epp_request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<hello/>
</epp>
XML
begin
assert_difference 'ApiLog::EppLog.count' do
post '/epp/command/internal_error', { frame: any_valid_epp_request_xml },
'HTTP_COOKIE' => 'session=api_bestnames'
end
assert_epp_response :command_failed
rescue
raise
ensure
Rails.application.reload_routes!
end
end
def test_invalid_request
invalid_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
</epp>
XML
post '/epp/command/internal_error', { frame: invalid_xml },
'HTTP_COOKIE' => 'session=api_bestnames'
assert_epp_response :syntax_error
end
def test_anonymous_user
xml_of_epp_command_that_requires_authentication = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<info>
<domain:info xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
<domain:name>#{domains(:shop).name}</domain:name>
</domain:info>
</info>
</command>
</epp>
XML
post '/epp/command/info', { frame: xml_of_epp_command_that_requires_authentication },
'HTTP_COOKIE' => 'session=non-existent'
assert_epp_response :authorization_error
end
def test_non_authorized_user
session = epp_sessions(:api_bestnames)
user = session.user
user.update!(roles: [ApiUser::BILLING])
assert user.cannot?(:info, Domain)
xml_of_epp_command_that_requires_authorization = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<info>
<domain:info xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
<domain:name>#{domains(:shop).name}</domain:name>
</domain:info>
</info>
</command>
</epp>
XML
post '/epp/command/info', { frame: xml_of_epp_command_that_requires_authorization },
'HTTP_COOKIE' => "session=#{session.session_id}"
assert_epp_response :authorization_error
end
end

21
test/integration/epp/contact/base_test.rb Normal file
View file

@ -0,0 +1,21 @@
require 'test_helper'
class EppContactBaseTest < EppTestCase
def test_non_existent_contact
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<info>
<contact:info xmlns:contact="https://epp.tld.ee/schema/contact-ee-1.1.xsd">
<contact:id>non-existent</contact:id>
</contact:info>
</info>
</command>
</epp>
XML
post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => 'session=api_bestnames'
assert_epp_response :object_does_not_exist
end
end

21
test/integration/epp/contact/info/base_test.rb
View file

@ -43,27 +43,6 @@ class EppContactInfoBaseTest < EppTestCase
contact: xml_schema).text
end
def test_contact_not_found
assert_nil Contact.find_by(code: 'non-existing')
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<info>
<contact:info xmlns:contact="https://epp.tld.ee/schema/contact-ee-1.1.xsd">
<contact:id>non-existing</contact:id>
</contact:info>
</info>
</command>
</epp>
XML
post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => 'session=api_bestnames'
assert_epp_response :object_does_not_exist
end
private
def xml_schema

26
test/integration/epp/contact/update/base_test.rb
View file

@ -133,32 +133,6 @@ class EppContactUpdateBaseTest < EppTestCase
assert_no_emails
end
def test_non_existing_contact
assert_nil Contact.find_by(code: 'non-existing')
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<update>
<contact:update xmlns:contact="https://epp.tld.ee/schema/contact-ee-1.1.xsd">
<contact:id>non-existing</contact:id>
<contact:chg>
<contact:postalInfo>
<contact:name>any</contact:name>
</contact:postalInfo>
</contact:chg>
</contact:update>
</update>
</command>
</epp>
XML
post '/epp/command/update', { frame: request_xml }, 'HTTP_COOKIE' => 'session=api_bestnames'
assert_epp_response :object_does_not_exist
end
private
def make_contact_free_of_domains_where_it_acts_as_a_registrant(contact)

21
test/integration/epp/domain/base_test.rb Normal file
View file

@ -0,0 +1,21 @@
require 'test_helper'
class EppDomainBaseTest < EppTestCase
def test_non_existent_domain
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<info>
<domain:info xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
<domain:name>non-existent.test</domain:name>
</domain:info>
</info>
</command>
</epp>
XML
post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => 'session=api_bestnames'
assert_epp_response :object_does_not_exist
end
end

26
test/integration/epp/domain/delete/base_test.rb
View file

@ -207,30 +207,4 @@ class EppDomainDeleteBaseTest < EppTestCase
assert_epp_response :object_status_prohibits_operation
end
def test_domain_not_found
assert_nil Domain.find_by(name: 'non-existing.test')
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<delete>
<domain:delete xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
<domain:name>non-existing.test</domain:name>
</domain:delete>
</delete>
<extension>
<eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
<eis:legalDocument type="pdf">dGVzdCBmYWlsCg==</eis:legalDocument>
</eis:extdata>
</extension>
</command>
</epp>
XML
post '/epp/command/delete', { frame: request_xml }, 'HTTP_COOKIE' => 'session=api_bestnames'
assert_epp_response :object_does_not_exist
end
end

21
test/integration/epp/domain/info/base_test.rb
View file

@ -105,25 +105,4 @@ class EppDomainInfoBaseTest < EppTestCase
assert_nil response_xml.at_xpath('//domain:authInfo/domain:pw',
'domain' => 'https://epp.tld.ee/schema/domain-eis-1.0.xsd')
end
def test_returns_not_found_error_when_domain_is_not_registered
assert DNS::DomainName.new('not-registered.test').not_registered?
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<info>
<domain:info xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
<domain:name>not-registered.test</domain:name>
</domain:info>
</info>
</command>
</epp>
XML
post '/epp/command/info', { frame: request_xml }, 'HTTP_COOKIE' => 'session=api_bestnames'
assert_epp_response :object_does_not_exist
end
end

25
test/integration/epp/domain/transfer/base_test.rb
View file

@ -1,25 +0,0 @@
require 'test_helper'
class EppDomainTransferBaseTest < EppTestCase
def test_non_existent_domain
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<transfer op="request">
<domain:transfer xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
<domain:name>non-existent.test</domain:name>
<domain:authInfo>
<domain:pw>any</domain:pw>
</domain:authInfo>
</domain:transfer>
</transfer>
</command>
</epp>
XML
post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
assert_epp_response :object_does_not_exist
end
end

2
test/models/epp/response/result/code_test.rb
View file

@ -47,6 +47,7 @@ class EppResponseResultCodeTest < ActiveSupport::TestCase
object_association_prohibits_operation: 2305,
parameter_value_policy_error: 2306,
data_management_policy_violation: 2308,
command_failed: 2400,
authentication_error_server_closing_connection: 2501,
}
assert_equal codes, Epp::Response::Result::Code.codes
@ -75,6 +76,7 @@ class EppResponseResultCodeTest < ActiveSupport::TestCase
2305 => 'Object association prohibits operation',
2306 => 'Parameter value policy error',
2308 => 'Data management policy violation',
2400 => 'Command failed',
2501 => 'Authentication error; server closing connection',
}
assert_equal descriptions, Epp::Response::Result::Code.default_descriptions