Merge pull request #1447 from internetee/fix-epp-response

Hide contact password unless the current registrar is sponsoring
2025-07-22 10:45:58 +02:00 · 2020-01-14 13:31:30 +02:00 · 2020-01-14 13:31:30 +02:00 · 844e613ee1
commit 844e613ee1
parent 05d082e4f6 75eb9faed7
3 changed files with 30 additions and 8 deletions
--- a/app/views/epp/contacts/info.xml.builder
+++ b/app/views/epp/contacts/info.xml.builder
@ -65,14 +65,9 @@ xml.epp_head do
          xml.tag!('contact:upID', upID) if upID.present? # optional upID
          xml.tag!('contact:upDate', @contact.updated_at.try(:iso8601))
        end
-        # xml.tag!('contact:trDate', '123') if false
        if can? :view_password, @contact, @password
          xml.tag!('contact:authInfo') do
-           xml.tag!('contact:pw', @contact.auth_info)
-          end
-        else
-          xml.tag!('contact:authInfo') do
-          xml.tag!('contact:pw', 'No access')
+            xml.tag!('contact:pw', @contact.auth_info)
          end
        end
      end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -195,7 +195,6 @@ en:
  domain_details: 'Domain details'
  registered_at: 'Registered at'
  password: 'Password'
-  authinfo_pw: 'AuthInfo pw'
  valid_from: 'Valid from'
  general: 'General'
  contacts: 'Contacts'
--- a/test/integration/epp/contact/info/base_test.rb
+++ b/test/integration/epp/contact/info/base_test.rb
@ -44,9 +44,37 @@ class EppContactInfoBaseTest < EppTestCase
                                                                    contact: xml_schema).text
  end

+  def test_hides_password_when_current_registrar_is_not_sponsoring
+    non_sponsoring_registrar = registrars(:goodnames)
+    @contact.update!(registrar: non_sponsoring_registrar)
+
+    # https://github.com/internetee/registry/issues/415
+    @contact.update_columns(code: @contact.code.upcase)
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <info>
+            <contact:info xmlns:contact="https://epp.tld.ee/schema/contact-ee-1.1.xsd">
+              <contact:id>#{@contact.code}</contact:id>
+            </contact:info>
+          </info>
+        </command>
+      </epp>
+    XML
+
+    post epp_info_path, params: { frame: request_xml }, headers: { 'HTTP_COOKIE' =>
+                                                                       'session=api_bestnames' }
+
+    assert_epp_response :completed_successfully
+    response_xml = Nokogiri::XML(response.body)
+    assert_nil response_xml.at_xpath('//contact:authInfo', contact: xml_schema)
+  end
+
  private

  def xml_schema
    'https://epp.tld.ee/schema/contact-ee-1.1.xsd'
  end
-end
+end