feat: add age validation for admin contacts

- Add AgeValidation module for consistent age checks - Validate admin contacts must be at least 18 years old - Move age validation logic from Domain to shared module - Add tests for admin contact age validation - Fix JSON format for admin_contacts_allowed_ident_type setting This change ensures that administrative contacts must be adults (18+), using the same age validation logic as for registrants. The validation works with both birthday and Estonian ID formats. Settings are now properly stored as JSON strings for consistent parsing.
2025-07-29 22:16:19 +02:00 · 2025-02-11 12:22:05 +02:00 · 2025-02-11 12:22:05 +02:00 · 7799727867
commit 7799727867
parent 66619f12fe
10 changed files with 181 additions and 51 deletions
--- a/test/integration/epp/domain/create/base_test.rb
+++ b/test/integration/epp/domain/create/base_test.rb
@ -597,7 +597,7 @@ class EppDomainCreateBaseTest < EppTestCase
  end

  def test_registers_new_domain_with_required_attributes
-    Setting.admin_contacts_allowed_ident_type = { 'org' => true, 'priv' => true, 'birthday' => true }
+    Setting.admin_contacts_allowed_ident_type = { 'org' => true, 'priv' => true, 'birthday' => true }.to_json

    now = Time.zone.parse('2010-07-05')
    travel_to now
@ -647,7 +647,7 @@ class EppDomainCreateBaseTest < EppTestCase
    default_registration_period = 1.year + 1.day
    assert_equal now + default_registration_period, domain.expire_time

-    Setting.admin_contacts_allowed_ident_type = { 'org' => false, 'priv' => true, 'birthday' => true }
+    Setting.admin_contacts_allowed_ident_type = { 'org' => false, 'priv' => true, 'birthday' => true }.to_json
  end

  def test_registers_domain_without_legaldoc_if_optout
--- a/test/integration/epp/domain/update/base_test.rb
+++ b/test/integration/epp/domain/update/base_test.rb
@ -1032,7 +1032,7 @@ class EppDomainUpdateBaseTest < EppTestCase
    @domain.save!

    # Change allowed types after domain is created
-    Setting.admin_contacts_allowed_ident_type = { 'birthday' => true, 'priv' => true, 'org' => false }
+    Setting.admin_contacts_allowed_ident_type = { 'birthday' => true, 'priv' => true, 'org' => false }.to_json

    # Try to update domain with some other changes
    request_xml = <<-XML
@ -1061,6 +1061,36 @@ class EppDomainUpdateBaseTest < EppTestCase
    assert_epp_response :completed_successfully
  end

+  def test_does_not_allow_underage_admin_contact
+    admin_contact = contacts(:william)
+    admin_contact.update!(
+      ident_type: 'priv',
+      ident: '61203150222',
+      ident_country_code: 'EE'
+    )
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="#{Xsd::Schema.filename(for_prefix: 'epp-ee', for_version: '1.0')}">
+        <command>
+          <update>
+            <domain:update xmlns:domain="#{Xsd::Schema.filename(for_prefix: 'domain-ee', for_version: '1.2')}">
+              <domain:name>#{@domain.name}</domain:name>
+              <domain:add>
+                <domain:contact type="admin">#{admin_contact.code}</domain:contact>
+              </domain:add>
+            </domain:update>
+          </update>
+        </command>
+      </epp>
+    XML
+
+    post epp_update_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    assert_epp_response :object_status_prohibits_operation
+  end
+
  private

  def assert_verification_and_notification_emails