diff --git a/.codeclimate.yml b/.codeclimate.yml index c16179c86..b5935bdc4 100644 --- a/.codeclimate.yml +++ b/.codeclimate.yml @@ -7,6 +7,9 @@ prepare: plugins: brakeman: enabled: true + checks: + mass_assign_permit!: + enabled: false bundler-audit: enabled: true duplication: diff --git a/CHANGELOG.md b/CHANGELOG.md index 90abb0d34..4fe9d8a45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,13 @@ +01.02.2021 +* Improved tests for admin interface [#1805](https://github.com/internetee/registry/pull/1805) + 28.01.2021 * Fixed transfer with shared admin and tech contacts [#1808](https://github.com/internetee/registry/issues/1808) +* Improved error handling with double admin/tech contacts [#1758](https://github.com/internetee/registry/issues/1758) +* Added CSV export option to admin [#1775](https://github.com/internetee/registry/issues/1775) * Improved DNSSEC key validation for illegal characters [#1790](https://github.com/internetee/registry/issues/1790) * Fix for whois record creation issue on releasing domain to auction [#1139](https://github.com/internetee/registry/issues/1139) +* Fix for handling malformed request frames [#1825](https://github.com/internetee/registry/issues/1825) * Improved registrar account activity tests [#1824](https://github.com/internetee/registry/pull/1824) 27.01.2021 diff --git a/app/assets/javascripts/admin/application.coffee b/app/assets/javascripts/admin/application.coffee index 4c7e6acb2..a149d89cf 100644 --- a/app/assets/javascripts/admin/application.coffee +++ b/app/assets/javascripts/admin/application.coffee @@ -8,6 +8,8 @@ $(window).load -> $('[data-toggle="popover"]').popover() + $('[data-toggle="tooltip"]').tooltip() + # doublescroll $('[data-doublescroll]').doubleScroll({ onlyIfScroll: false, diff --git a/app/controllers/admin/domains_controller.rb b/app/controllers/admin/domains_controller.rb index 4a8e5961e..3e2d78671 100644 --- a/app/controllers/admin/domains_controller.rb +++ b/app/controllers/admin/domains_controller.rb @@ -27,8 +27,17 @@ module Admin params[:q][:name_matches] = n_cache # we don't want to show wildcards in search form end end - @domains = @domains.per(params[:results_per_page]) if params[:results_per_page].to_i.positive? + + respond_to do |format| + format.html do + @domains + end + format.csv do + raw_csv = @domains.to_csv + send_data raw_csv, filename: 'domains.csv', type: "#{Mime[:csv]}; charset=utf-8" + end + end end def show diff --git a/app/controllers/repp/v1/registrar/notifications_controller.rb b/app/controllers/repp/v1/registrar/notifications_controller.rb index 2c5ced56b..4e00a9321 100644 --- a/app/controllers/repp/v1/registrar/notifications_controller.rb +++ b/app/controllers/repp/v1/registrar/notifications_controller.rb @@ -22,7 +22,7 @@ module Repp desc 'Get a specific poll message' def show @notification = current_user.registrar.notifications.find(params[:id]) - data = @notification.as_json(only: %i[id text attached_obj_id attached_obj_type]) + data = @notification.as_json(only: %i[id text attached_obj_id attached_obj_type read]) render_success(data: data) end diff --git a/app/models/actions/domain_create.rb b/app/models/actions/domain_create.rb index 883f8d33d..4e148ab3e 100644 --- a/app/models/actions/domain_create.rb +++ b/app/models/actions/domain_create.rb @@ -22,6 +22,22 @@ module Actions commit end + def check_contact_duplications + if check_for_same_contacts(@admin_contacts, 'admin') && + check_for_same_contacts(@tech_contacts, 'tech') + true + else + false + end + end + + def check_for_same_contacts(contacts, contact_type) + return true unless contacts.uniq.count != contacts.count + + domain.add_epp_error('2306', contact_type, nil, %i[domain_contacts invalid]) + false + end + # Check if domain is eligible for new registration def validate_domain_integrity return unless Domain.release_to_auction @@ -118,6 +134,7 @@ module Actions domain.admin_domain_contacts_attributes = @admin_contacts domain.tech_domain_contacts_attributes = @tech_contacts + check_contact_duplications end def assign_expiry_time @@ -174,7 +191,7 @@ module Actions end def commit - return false if validation_process_errored? + return false if domain.errors[:epp_errors].any? || validation_process_errored? debit_registrar return false if domain.errors.any? diff --git a/app/models/actions/domain_update.rb b/app/models/actions/domain_update.rb index d54bb99da..0e2349832 100644 --- a/app/models/actions/domain_update.rb +++ b/app/models/actions/domain_update.rb @@ -28,6 +28,12 @@ module Actions assign_tech_contact_changes end + def check_for_same_contacts(contacts, contact_type) + return unless contacts.uniq.count != contacts.count + + domain.add_epp_error('2306', contact_type, nil, %i[domain_contacts invalid]) + end + def validate_domain_integrity domain.auth_info = params[:auth_info] if params[:auth_info] @@ -97,13 +103,11 @@ module Actions def validate_dnskey_integrity(key) if key[:public_key] && !Setting.key_data_allowed domain.add_epp_error('2306', nil, nil, %i[dnskeys key_data_not_allowed]) - elsif key[:ds_digest] && !Setting.ds_data_allowed - domain.add_epp_error('2306', nil, nil, %i[dnskeys ds_data_not_allowed]) + elsif Dnskey.pub_key_base64?(key[:public_key]) + @dnskeys << key.except(:action) + else + domain.add_epp_error(2005, nil, nil, %i[dnskeys invalid]) end - - verify_public_key_integrity(key[:public_key]) - - @dnskeys << key.except(:action) end def assign_removable_dnskey(key) @@ -121,6 +125,7 @@ module Actions I18n.t(:object_status_prohibits_operation)) elsif props.present? domain.admin_domain_contacts_attributes = props + check_for_same_contacts(props, 'admin') end end @@ -133,6 +138,7 @@ module Actions I18n.t(:object_status_prohibits_operation)) elsif props.present? domain.tech_domain_contacts_attributes = props + check_for_same_contacts(props, 'tech') end end @@ -241,11 +247,5 @@ module Actions false end - - def verify_public_key_integrity(pub) - return if Dnskey.pub_key_base64?(pub) - - domain.add_epp_error(2005, nil, nil, %i[dnskeys invalid]) - end end end diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb index a40225fd2..6c6df6e44 100644 --- a/app/models/dnskey.rb +++ b/app/models/dnskey.rb @@ -8,6 +8,7 @@ class Dnskey < ApplicationRecord validate :validate_algorithm validate :validate_protocol validate :validate_flags + validate :validate_public_key before_save lambda { generate_digest if will_save_change_to_public_key? && !will_save_change_to_ds_digest? @@ -115,6 +116,12 @@ class Dnskey < ApplicationRecord self.ds_key_tag = ((c & 0xFFFF) + (c >> 16)) & 0xFFFF end + def validate_public_key + return if Dnskey.pub_key_base64?(public_key) + + errors.add(:public_key, :invalid) + end + class << self def int_to_hex(s) s = s.to_s(16) diff --git a/app/views/admin/domains/_search_form.html.erb b/app/views/admin/domains/_search_form.html.erb index bc317ea0b..1b1f50491 100644 --- a/app/views/admin/domains/_search_form.html.erb +++ b/app/views/admin/domains/_search_form.html.erb @@ -6,7 +6,7 @@ <%= f.search_field :name_matches, value: params[:q][:name_matches], class: 'form-control', placeholder: t(:name) %> -
+
<%= f.label :registrant_ident, for: nil %> <%= f.search_field :registrant_ident_eq, class: 'form-control', placeholder: t(:registrant_ident) %> @@ -18,7 +18,7 @@ <%= f.search_field :contacts_ident_eq, class: 'form-control', placeholder: t(:contact_ident) %>
-
+
<%= f.label :nameserver_hostname, for: nil %> <%= f.search_field :nameservers_hostname_eq, class: 'form-control', placeholder: t(:nameserver_hostname) %> @@ -26,7 +26,7 @@
-
+
<%= f.label :registrar_name, for: nil %> <%= f.select :registrar_id_eq, Registrar.all.map { |x| [x, x.id] }, { include_blank: true }, class: 'form-control selectize' %> @@ -38,7 +38,7 @@ <%= f.search_field :valid_to_gteq, value: params[:q][:valid_to_gteq], class: 'form-control js-datepicker', placeholder: t(:valid_to_from) %>
-
+
<%= f.label :valid_to_until, for: nil %> <%= f.search_field :valid_to_lteq, value: params[:q][:valid_to_lteq], class: 'form-control js-datepicker', placeholder: t(:valid_to_until) %> @@ -46,7 +46,7 @@
-
+
<%= label_tag :status, nil, for: nil %> <%= select_tag :statuses_contains, options_for_select(DomainStatus::STATUSES, params[:statuses_contains]), { multiple: true, class: 'form-control js-combobox' } %> @@ -58,13 +58,17 @@ <%= text_field_tag :results_per_page, params[:results_per_page], class: 'form-control', placeholder: t(:results_per_page) %>
-
+
+ <%= link_to t('.download_csv_btn'), admin_domains_path(format: :csv, params: params.permit!), + "data-toggle" => "tooltip", "data-placement" => "bottom", "title" => t('.download_csv_btn'), + class: 'btn btn-default' %> <%= link_to t('.reset_btn'), admin_domains_path, class: 'btn btn-default' %> +
<% end %> diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index f2acc88e6..4f4e68288 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,9 +1,9 @@ Rails.application.configure do config.filter_parameters += [:password, /^frame$/, /^nokogiri_frame$/, /^parsed_frame$/] config.filter_parameters << lambda do |key, value| - if key == 'raw_frame' - value.to_s.gsub!(/pw>.+<\//, 'pw>[FILTERED]]+)>([^<])+<\/eis:legalDocument>/, + if key == 'raw_frame' && value.respond_to?(:gsub!) + value.gsub!(/pw>.+<\//, 'pw>[FILTERED]]+)>([^<])+<\/eis:legalDocument>/, "[FILTERED]") end end diff --git a/config/locales/admin/domains.en.yml b/config/locales/admin/domains.en.yml index c6e96bb15..ce59294dd 100644 --- a/config/locales/admin/domains.en.yml +++ b/config/locales/admin/domains.en.yml @@ -11,6 +11,7 @@ en: search_form: reset_btn: Reset + download_csv_btn: CSV form: pending_delete: &pending_delete diff --git a/test/application_system_test_case.rb b/test/application_system_test_case.rb index b31489691..726767390 100644 --- a/test/application_system_test_case.rb +++ b/test/application_system_test_case.rb @@ -35,7 +35,6 @@ class JavaScriptApplicationSystemTestCase < ApplicationSystemTestCase def setup DatabaseCleaner.start - super Capybara.current_driver = :chrome diff --git a/test/integration/admin_area/account_activities_test.rb b/test/integration/admin_area/account_activities_test.rb new file mode 100644 index 000000000..306935269 --- /dev/null +++ b/test/integration/admin_area/account_activities_test.rb @@ -0,0 +1,39 @@ +require 'test_helper' +require 'application_system_test_case' + +class AdminAreaAccountActivitiesIntegrationTest < ApplicationSystemTestCase + # /admin/account_activities + setup do + sign_in users(:admin) + @original_default_language = Setting.default_language + end + + def test_show_account_activities_page + account_activities(:one).update(sum: "123.00") + visit admin_account_activities_path + assert_text 'Account activities' + end + + def test_default_url_params + account_activities(:one).update(sum: "123.00") + visit admin_root_path + click_link_or_button 'Settings', match: :first + find(:xpath, "//ul/li/a[text()='Account activities']").click + + assert has_current_path?(admin_account_activities_path(created_after: 'today')) + end + + def test_download_account_activity + now = Time.zone.parse('2010-07-05 08:00') + travel_to now + account_activities(:one).update(sum: "123.00") + + get admin_account_activities_path(format: :csv) + + assert_response :ok + assert_equal "text/csv", response.headers['Content-Type'] + assert_equal %(attachment; filename="account_activities_#{Time.zone.now.to_formatted_s(:number)}.csv"; filename*=UTF-8''account_activities_#{Time.zone.now.to_formatted_s(:number)}.csv), + response.headers['Content-Disposition'] + assert_not_empty response.body + end +end diff --git a/test/integration/admin_area/admin_users_test.rb b/test/integration/admin_area/admin_users_test.rb new file mode 100644 index 000000000..89b9edef9 --- /dev/null +++ b/test/integration/admin_area/admin_users_test.rb @@ -0,0 +1,101 @@ +require 'test_helper' +require 'application_system_test_case' + +class AdminAreaAdminUsersIntegrationTest < JavaScriptApplicationSystemTestCase + include Devise::Test::IntegrationHelpers + include ActionView::Helpers::NumberHelper + + setup do + WebMock.allow_net_connect! + @original_default_language = Setting.default_language + sign_in users(:admin) + end + + def test_create_new_admin_user + createNewAdminUser(true) + end + + def test_create_with_invalid_data_new_admin_user + createNewAdminUser(false) + end + + def test_edit_successfully_exist_record + createNewAdminUser(true) + + visit admin_admin_users_path + click_on 'test_user_name' + + assert_text 'General' + click_on 'Edit' + + fill_in 'Password', with: 'test_password' + fill_in 'Password confirmation', with: 'test_password' + + click_on 'Save' + assert_text 'Record updated' + end + + def test_edit_exist_record_with_invalid_data + createNewAdminUser(true) + + visit admin_admin_users_path + click_on 'test_user_name' + + assert_text 'General' + click_on 'Edit' + + fill_in 'Password', with: 'test_password' + fill_in 'Password confirmation', with: 'test_password2' + + click_on 'Save' + assert_text 'Failed to update record' + end + + def test_delete_exist_record + createNewAdminUser(true) + + visit admin_admin_users_path + click_on 'test_user_name' + assert_text 'General' + click_on 'Delete' + + page.driver.browser.switch_to.alert.accept + + assert_text 'Record deleted' + end + + private + + def createNewAdminUser(valid) + visit admin_admin_users_path + click_on 'New admin user' + + fill_in 'Username', with: 'test_user_name' + # If valid=true creating valid user, if else, then with invalid data + if valid + fill_in 'Password', with: 'test_password' + fill_in 'Password confirmation', with: 'test_password' + else + fill_in 'Password', with: 'test_password' + fill_in 'Password confirmation', with: 'test_password2' + end + fill_in 'Identity code', with: '38903110313' + fill_in 'Email', with: 'oleg@tester.ee' + + select 'Estonia', from: 'admin_user_country_code', match: :first + + select_element = find(:xpath, "/html/body/div[2]/form/div[2]/div/div[7]/div[2]/div/div[1]") + select_element.click + + option_element = find(:xpath, "/html/body/div[2]/form/div[2]/div/div[7]/div[2]/div/div[2]/div/div[1]") + option_element.click + + click_on 'Save' + + if valid + assert_text 'Record created' + else + assert_text 'Failed to create record' + end + end +end diff --git a/test/integration/admin_area/blocked_domains_test.rb b/test/integration/admin_area/blocked_domains_test.rb new file mode 100644 index 000000000..7df9d30e7 --- /dev/null +++ b/test/integration/admin_area/blocked_domains_test.rb @@ -0,0 +1,68 @@ +require 'test_helper' +require 'application_system_test_case' + + +# /admin/blocked_domains +class AdminAreaBlockedDomainsIntegrationTest < JavaScriptApplicationSystemTestCase + setup do + WebMock.allow_net_connect! + sign_in users(:admin) + @domain = domains(:shop) + @blocked_domain = blocked_domains(:one) + end + + def test_page_successfully_loaded + visit_admin_blocked_domains_path + end + + def test_add_into_blocked_list + visit_admin_blocked_domains_path + add_domain_into_blocked_list(true) + end + + def test_add_into_blocked_list_same_domain + visit_admin_blocked_domains_path + add_domain_into_blocked_list(true) + add_domain_into_blocked_list(false) + end + + def test_delete_domain_from_blocked_list + visit_admin_blocked_domains_path + add_domain_into_blocked_list(true) + + click_link_or_button 'Delete', match: :first + + # Accept to delete in modal window + page.driver.browser.switch_to.alert.accept + + assert_text 'Domain deleted!' + end + + def test_find_blocked_domain_from_blocked_list + visit_admin_blocked_domains_path + add_domain_into_blocked_list(true) + + fill_in 'Name', with: @domain.name + find(:xpath, "//span[@class='glyphicon glyphicon-search']").click + + assert_text @domain.name + end + + private + + def visit_admin_blocked_domains_path + visit admin_blocked_domains_path + assert_text 'Blocked domains' + end + + def add_domain_into_blocked_list(value) + click_on 'New blocked domain' + assert_text 'Add domain to blocked list' + + fill_in 'Name', with: @domain.name + click_on 'Save' + + return assert_text 'Domain added!' if value + return assert_text 'Failed to add domain!' + end +end diff --git a/test/integration/admin_area/certificates_test.rb b/test/integration/admin_area/certificates_test.rb new file mode 100644 index 000000000..d2eec0bc4 --- /dev/null +++ b/test/integration/admin_area/certificates_test.rb @@ -0,0 +1,71 @@ +require 'test_helper' +require 'application_system_test_case' + +class AdminAreaCertificatesIntegrationTest < JavaScriptApplicationSystemTestCase + + setup do + WebMock.allow_net_connect! + sign_in users(:admin) + + @apiuser = users(:api_bestnames) + @certificate = certificates(:api) + @certificate.update!(csr: "-----BEGIN CERTIFICATE REQUEST-----\nMIICszCCAZsCAQAwbjELMAkGA1UEBhMCRUUxFDASBgNVBAMMC2ZyZXNoYm94LmVl\nMRAwDgYDVQQHDAdUYWxsaW5uMREwDwYDVQQKDAhGcmVzaGJveDERMA8GA1UECAwI\nSGFyanVtYWExETAPBgNVBAsMCEZyZXNoYm94MIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEA1VVESynZoZhIbe8s9zHkELZ/ZDCGiM2Q8IIGb1IOieT5U2mx\nIsVXz85USYsSQY9+4YdEXnupq9fShArT8pstS/VN6BnxdfAiYXc3UWWAuaYAdNGJ\nDr5Jf6uMt1wVnCgoDL7eJq9tWMwARC/viT81o92fgqHFHW0wEolfCmnpik9o0ACD\nFiWZ9IBIevmFqXtq25v9CY2cT9+eZW127WtJmOY/PKJhzh0QaEYHqXTHWOLZWpnp\nHH4elyJ2CrFulOZbHPkPNB9Nf4XQjzk1ffoH6e5IVys2VV5xwcTkF0jY5XTROVxX\nlR2FWqic8Q2pIhSks48+J6o1GtXGnTxv94lSDwIDAQABoAAwDQYJKoZIhvcNAQEL\nBQADggEBAEFcYmQvcAC8773eRTWBJJNoA4kRgoXDMYiiEHih5iJPVSxfidRwYDTF\nsP+ttNTUg3JocFHY75kuM9T2USh+gu/trRF0o4WWa+AbK3JbbdjdT1xOMn7XtfUU\nZ/f1XCS9YdHQFCA6nk4Z+TLWwYsgk7n490AQOiB213fa1UIe83qIfw/3GRqRUZ7U\nwIWEGsHED5WT69GyxjyKHcqGoV7uFnqFN0sQVKVTy/NFRVQvtBUspCbsOirdDRie\nAB2KbGHL+t1QrRF10szwCJDyk5aYlVhxvdI8zn010nrxHkiyQpDFFldDMLJl10BW\n2w9PGO061z+tntdRcKQGuEpnIr9U5Vs=\n-----END CERTIFICATE REQUEST-----\n") + end + + def test_show_certificate_info + show_certificate_info + end + + def test_destroy_certificate + show_certificate_info + find(:xpath, "//a[text()='Delete']").click + + page.driver.browser.switch_to.alert.accept + + assert_text 'Record deleted' + end + + def test_download_csr + get download_csr_admin_api_user_certificate_path(api_user_id: @apiuser.id, id: @certificate.id) + + assert_response :ok + assert_equal 'application/octet-stream', response.headers['Content-Type'] + assert_equal "attachment; filename=\"test_bestnames.csr.pem\"; filename*=UTF-8''test_bestnames.csr.pem", response.headers['Content-Disposition'] + assert_not_empty response.body + end + + def test_download_crt + get download_crt_admin_api_user_certificate_path(api_user_id: @apiuser.id, id: @certificate.id) + + assert_response :ok + assert_equal 'application/octet-stream', response.headers['Content-Type'] + assert_equal "attachment; filename=\"test_bestnames.crt.pem\"; filename*=UTF-8''test_bestnames.crt.pem", response.headers['Content-Disposition'] + assert_not_empty response.body + end + + def test_failed_to_revoke_certificate + show_certificate_info + + find(:xpath, "//a[text()='Revoke this certificate']").click + assert_text 'Failed to update record' + end + + def test_new_api_user + visit new_admin_registrar_api_user_path(registrar_id: registrars(:bestnames).id) + + fill_in 'Username', with: 'testapiuser' + fill_in 'Password', with: 'secretpassword' + fill_in 'Identity code', with: '60305062718' + + click_on 'Create API user' + + assert_text 'API user has been successfully created' + end + + private + + def show_certificate_info + visit admin_api_user_certificate_path(api_user_id: @apiuser.id, id: @certificate.id) + assert_text 'Certificates' + end +end diff --git a/test/integration/admin_area/epp_logs_test.rb b/test/integration/admin_area/epp_logs_test.rb new file mode 100644 index 000000000..5ad514cb8 --- /dev/null +++ b/test/integration/admin_area/epp_logs_test.rb @@ -0,0 +1,52 @@ +# admin_epp_logs_path +require 'test_helper' +require 'application_system_test_case' + +class AdminEppLogsIntegrationTest < ApplicationSystemTestCase + setup do + sign_in users(:admin) + end + + def test_visit_epp_logs_page + visit admin_epp_logs_path + assert_text 'EPP log' + end + + def test_show_epp_log_page + visit admin_epp_logs_path + send_epp_request_hello + visit admin_epp_logs_path + + find(:xpath, "//tbody/tr/td/a", match: :first).click + assert_text 'Details' + end + + def test_dates_sort + Capybara.exact = true + visit admin_epp_logs_path + send_epp_request_hello + visit admin_epp_logs_path + + find(:xpath, "//a[contains(text(), 'Created at')]", match: :first).click + find(:xpath, "//a[contains(text(), 'Created at')]", match: :first).click + + epp_log_date = find(:xpath, "//table/tbody/tr/td[6]", match: :first).text(:all) + date_now = Date.today.to_s(:db) + + assert_match /#{date_now}/, epp_log_date + end + + private + + def send_epp_request_hello + request_xml = <<-XML + + + + + XML + + get epp_hello_path, params: { frame: request_xml }, + headers: { 'HTTP_COOKIE' => 'session=non-existent' } + end +end diff --git a/test/integration/admin_area/invoices_test.rb b/test/integration/admin_area/invoices_test.rb index 887f57212..2aa17201d 100644 --- a/test/integration/admin_area/invoices_test.rb +++ b/test/integration/admin_area/invoices_test.rb @@ -6,6 +6,27 @@ class AdminAreaInvoicesIntegrationTest < ApplicationIntegrationTest sign_in users(:admin) end + def test_create_new_invoice + visit new_admin_invoice_path + + assert_text 'Create new invoice' + select 'Best Names', from: 'deposit_registrar_id', match: :first + fill_in 'Amount', with: '1000' + click_on 'Save' + + assert_equal page.status_code, 200 + end + + def test_visit_list_of_invoices_pages + visit admin_invoices_path + assert_text 'Invoices' + end + + def test_visit_invoice_page + visit admin_invoices_path(id: @invoice.id) + assert_text "Invoice no. #{@invoice.number}" + end + def test_downloads_invoice assert_equal 1, @invoice.number diff --git a/test/integration/admin_area/pending_delete_test.rb b/test/integration/admin_area/pending_delete_test.rb new file mode 100644 index 000000000..737d12480 --- /dev/null +++ b/test/integration/admin_area/pending_delete_test.rb @@ -0,0 +1,60 @@ +require 'test_helper' +require 'application_system_test_case' + +class AdminAreaPendingDeleteIntegrationTest < JavaScriptApplicationSystemTestCase + setup do + WebMock.allow_net_connect! + sign_in users(:admin) + + @domain = domains(:shop) + @token = '123456' + + @domain.update!(statuses: [DomainStatus::PENDING_DELETE_CONFIRMATION], + registrant_verification_asked_at: Time.zone.now - 1.day, + registrant_verification_token: @token) + end + + def test_accept_pending_delete + visit edit_admin_domain_path(id: @domain.id) + + click_on 'Accept' + page.driver.browser.switch_to.alert.accept + + assert_text 'Pending was successfully applied.' + end + + def test_accept_pending_delete_no_success + @domain.update!(statuses: [DomainStatus::PENDING_DELETE_CONFIRMATION], + registrant_verification_asked_at: Time.zone.now - 1.day, + registrant_verification_token: nil) + + visit edit_admin_domain_path(id: @domain.id) + + click_on 'Accept' + page.driver.browser.switch_to.alert.accept + + assert_text 'Not success' + end + + def test_reject_panding_delete + visit edit_admin_domain_path(id: @domain.id) + + click_on 'Reject' + page.driver.browser.switch_to.alert.accept + + assert_text 'Pending was successfully removed.' + end + + def test_accept_pending_delete_no_success + @domain.update!(statuses: [DomainStatus::PENDING_DELETE_CONFIRMATION], + registrant_verification_asked_at: Time.zone.now - 1.day, + registrant_verification_token: nil) + + visit edit_admin_domain_path(id: @domain.id) + + click_on 'Reject' + page.driver.browser.switch_to.alert.accept + + assert_text 'Not success' + end +end diff --git a/test/integration/admin_area/pending_update_test.rb b/test/integration/admin_area/pending_update_test.rb new file mode 100644 index 000000000..5d08e104b --- /dev/null +++ b/test/integration/admin_area/pending_update_test.rb @@ -0,0 +1,96 @@ +require 'test_helper' +require 'application_system_test_case' + +class AdminAreaPendingUpdateIntegrationTest < JavaScriptApplicationSystemTestCase + + setup do + WebMock.allow_net_connect! + sign_in users(:admin) + + @domain = domains(:hospital) + + @new_registrant = contacts(:jack) + @user = users(:api_bestnames) + @token = '123456' + + @domain.update!(statuses: [DomainStatus::PENDING_UPDATE], + registrant_verification_asked_at: Time.zone.now - 1.day, + registrant_verification_token: @token) + end + + def test_accept_pending_update + pending_json = { new_registrant_id: @new_registrant.id, + new_registrant_name: @new_registrant.name, + new_registrant_email: @new_registrant.email, + current_user_id: @user.id } + + @domain.update(pending_json: pending_json) + @domain.reload + + visit edit_admin_domain_path(id: @domain.id) + + click_on 'Accept' + page.driver.browser.switch_to.alert.accept + + assert_text 'Pending was successfully applied.' + end + + def test_accept_pending_update_no_success + @domain.update!(statuses: [DomainStatus::PENDING_UPDATE], + registrant_verification_asked_at: Time.zone.now - 1.day, + registrant_verification_token: nil) + + pending_json = { new_registrant_id: @new_registrant.id, + new_registrant_name: @new_registrant.name, + new_registrant_email: @new_registrant.email, + current_user_id: @user.id, + } + + @domain.update(pending_json: pending_json) + @domain.reload + + visit edit_admin_domain_path(id: @domain.id) + + click_on 'Accept' + page.driver.browser.switch_to.alert.accept + assert_text 'Not success' + end + + def test_reject_panding_update + pending_json = { new_registrant_id: @new_registrant.id, + new_registrant_name: @new_registrant.name, + new_registrant_email: @new_registrant.email, + current_user_id: @user.id, + } + + @domain.update(pending_json: pending_json) + @domain.reload + + visit edit_admin_domain_path(id: @domain.id) + + click_on 'Reject' + page.driver.browser.switch_to.alert.accept + assert_text 'Pending was successfully removed.' + end + + def test_accept_pending_update_no_success + @domain.update!(statuses: [DomainStatus::PENDING_UPDATE], + registrant_verification_asked_at: Time.zone.now - 1.day, + registrant_verification_token: nil) + + pending_json = { new_registrant_id: @new_registrant.id, + new_registrant_name: @new_registrant.name, + new_registrant_email: @new_registrant.email, + current_user_id: @user.id, + } + + @domain.update(pending_json: pending_json) + @domain.reload + + visit edit_admin_domain_path(id: @domain.id) + + click_on 'Reject' + page.driver.browser.switch_to.alert.accept + assert_text 'Not success' + end +end diff --git a/test/integration/admin_area/registrars_test.rb b/test/integration/admin_area/registrars_test.rb index d73496899..552650791 100644 --- a/test/integration/admin_area/registrars_test.rb +++ b/test/integration/admin_area/registrars_test.rb @@ -17,4 +17,4 @@ class AdminAreaRegistrarsIntegrationTest < ActionDispatch::IntegrationTest assert_equal new_iban, @registrar.iban end -end \ No newline at end of file +end diff --git a/test/integration/admin_area/repp_logs_test.rb b/test/integration/admin_area/repp_logs_test.rb new file mode 100644 index 000000000..6630a6d57 --- /dev/null +++ b/test/integration/admin_area/repp_logs_test.rb @@ -0,0 +1,23 @@ +require 'test_helper' +require 'application_system_test_case' + +class AdminAreaReppLogsIntegrationTest < ApplicationSystemTestCase + setup do + sign_in users(:admin) + end + + def test_repp_logs_page + visit admin_repp_logs_path + assert_text 'REPP log' + end + + def test_show_repp_log_page + visit admin_repp_logs_path + get repp_v1_contacts_path + visit admin_repp_logs_path + + find(:xpath, "//tbody/tr/td/a", match: :first).click + + assert_text 'REPP log' + end +end diff --git a/test/integration/admin_area/reserved_domains_test.rb b/test/integration/admin_area/reserved_domains_test.rb new file mode 100644 index 000000000..c09c3723b --- /dev/null +++ b/test/integration/admin_area/reserved_domains_test.rb @@ -0,0 +1,39 @@ +require 'test_helper' +require 'application_system_test_case' + +class AdminAreaReservedDomainsIntegrationTest < JavaScriptApplicationSystemTestCase + + setup do + WebMock.allow_net_connect! + @original_default_language = Setting.default_language + sign_in users(:admin) + + @reserved_domain = reserved_domains(:one) + end + + def test_remove_reserved_domain + visit admin_reserved_domains_path + click_link_or_button 'Delete', match: :first + page.driver.browser.switch_to.alert.accept + + assert_text 'Domain deleted!' + end + + def test_add_invalid_domain + visit admin_reserved_domains_path + click_on 'New reserved domain' + fill_in "Name", with: "@##@$" + click_on 'Save' + + assert_text 'Failed to add domain!' + end + + def test_update_reserved_domain + visit admin_reserved_domains_path + click_link_or_button 'Edit Pw', match: :first + fill_in 'Password', with: '12345678' + click_on 'Save' + + assert_text 'Domain updated!' + end +end diff --git a/test/integration/admin_area/white_ips_test.rb b/test/integration/admin_area/white_ips_test.rb new file mode 100644 index 000000000..499c86f57 --- /dev/null +++ b/test/integration/admin_area/white_ips_test.rb @@ -0,0 +1,94 @@ +require 'test_helper' +require 'application_system_test_case' + +class AdminAreaWhiteIpsIntegrationTest < JavaScriptApplicationSystemTestCase + + setup do + WebMock.allow_net_connect! + sign_in users(:admin) + + @registrar = registrars(:bestnames) + @white_ip = white_ips(:one) + end + + def test_visit_new_whitelisted_ip_page + visit_new_whitelisted_ip_page + end + + def test_create_new_whitelisted_ip + visit_new_whitelisted_ip_page + fill_in 'IPv4', with: "127.0.0.1" + fill_in 'IPv6', with: "::ffff:192.0.2.1" + + find(:css, "#white_ip_interfaces_api").set(true) + find(:css, "#white_ip_interfaces_registrar").set(true) + + click_on 'Save' + + assert_text 'Record created' + end + + def test_failed_to_create_new_whitelisted_ip + visit_new_whitelisted_ip_page + fill_in 'IPv4', with: "asdadadad.asd" + + click_on 'Save' + + assert_text 'Failed to create record' + end + + def test_visit_edit_whitelisted_ip_page + visit_edit_whitelisted_ip_page + end + + def test_update_whitelisted_ip + visit_info_whitelisted_ip_page + click_on 'Edit' + + fill_in 'IPv4', with: "127.0.0.2" + find(:css, "#white_ip_interfaces_api").set(false) + click_on 'Save' + + assert_text 'Record updated' + end + + def test_failed_to_update_whitelisted_ip + visit_info_whitelisted_ip_page + click_on 'Edit' + fill_in 'IPv4', with: "asdadad#" + + click_on 'Save' + + assert_text 'Failed to update record' + end + + def test_visit_info_whitelisted_ip_page + visit_info_whitelisted_ip_page + end + + def test_delete_whitelisted_ip + visit_info_whitelisted_ip_page + click_on 'Delete' + + page.driver.browser.switch_to.alert.accept + + assert_text 'Record deleted' + end + + private + + def visit_new_whitelisted_ip_page + visit new_admin_registrar_white_ip_path(registrar_id: @registrar.id) + assert_text 'New whitelisted IP' + end + + def visit_edit_whitelisted_ip_page + visit edit_admin_registrar_white_ip_path(registrar_id: @registrar.id, id: @white_ip.id) + assert_text 'Edit white IP' + end + + def visit_info_whitelisted_ip_page + visit admin_registrar_white_ip_path(registrar_id: @registrar.id, id: @white_ip.id) + assert_text 'White IP' + end +end diff --git a/test/integration/api/v1/registrant/contacts/list_test.rb b/test/integration/api/v1/registrant/contacts/list_test.rb index 2389019f1..33e8b67eb 100644 --- a/test/integration/api/v1/registrant/contacts/list_test.rb +++ b/test/integration/api/v1/registrant/contacts/list_test.rb @@ -1,5 +1,6 @@ require 'test_helper' require 'auth_token/auth_token_creator' +require 'json' CompanyRegisterClientStub = Struct.new(:any_method) do def representation_rights(citizen_personal_code:, citizen_country_code:) @@ -55,6 +56,42 @@ class RegistrantApiV1ContactListTest < ActionDispatch::IntegrationTest assert_equal '1234', response_json.first[:ident][:code] end + def test_out_of_range_limit + get api_v1_registrant_contacts_path + "?limit=300", as: :json, headers: { 'HTTP_AUTHORIZATION' => auth_token } + response_json = JSON.parse(response.body, symbolize_names: true) + + text_response = JSON.pretty_generate(response_json[:errors][0][:limit][0]) + + assert_equal text_response, '"parameter is out of range"' + end + + def test_negative_offset + get api_v1_registrant_contacts_path + "?offset=-300", as: :json, headers: { 'HTTP_AUTHORIZATION' => auth_token } + response_json = JSON.parse(response.body, symbolize_names: true) + + text_response = JSON.pretty_generate(response_json[:errors][0][:offset][0]) + + assert_equal text_response, '"parameter is out of range"' + end + + def test_show_valid_contact + get api_v1_registrant_contacts_path + "/eb2f2766-b44c-4e14-9f16-32ab1a7cb957", as: :json, headers: { 'HTTP_AUTHORIZATION' => auth_token } + response_json = JSON.parse(response.body, symbolize_names: true) + + text_response = response_json[:name] + + assert_equal @contact[:name], text_response + end + + def test_show_invalid_contact + get api_v1_registrant_contacts_path + "/435", as: :json, headers: { 'HTTP_AUTHORIZATION' => auth_token } + response_json = JSON.parse(response.body, symbolize_names: true) + + text_response = response_json[:errors][0][:base][0] + + assert_equal text_response, 'Contact not found' + end + private def delete_direct_contact diff --git a/test/integration/api/v1/registrant/contacts/update_test.rb b/test/integration/api/v1/registrant/contacts/update_test.rb index 4ddf8b0ff..c1eaa005c 100644 --- a/test/integration/api/v1/registrant/contacts/update_test.rb +++ b/test/integration/api/v1/registrant/contacts/update_test.rb @@ -4,11 +4,12 @@ require 'auth_token/auth_token_creator' class RegistrantApiV1ContactUpdateTest < ActionDispatch::IntegrationTest setup do @contact = contacts(:john) + @contact_org = contacts(:acme_ltd) @original_address_processing = Setting.address_processing @original_fax_enabled_setting = ENV['fax_enabled'] - @user = users(:registrant) + end teardown do @@ -90,6 +91,32 @@ class RegistrantApiV1ContactUpdateTest < ActionDispatch::IntegrationTest @contact.address end + def test_update_address_when_enabled_without_address_params + Setting.address_processing = true + + patch api_v1_registrant_contact_path(@contact.uuid), params: { address: { } }, + as: :json, + headers: { 'HTTP_AUTHORIZATION' => auth_token } + + assert_response :bad_request + @contact.reload + assert_equal Contact::Address.new(nil, nil, nil, nil, nil), + @contact.address + end + + def test_update_address_when_enabled_without_address_params + Setting.address_processing = true + + patch api_v1_registrant_contact_path(@contact.uuid), params: { }, + as: :json, + headers: { 'HTTP_AUTHORIZATION' => auth_token } + + assert_response :bad_request + @contact.reload + assert_equal Contact::Address.new(nil, nil, nil, nil, nil), + @contact.address + end + def test_address_is_optional_when_enabled Setting.address_processing = true @contact.update!(street: 'any', zip: 'any', city: 'any', state: 'any', country_code: 'US') @@ -211,6 +238,21 @@ class RegistrantApiV1ContactUpdateTest < ActionDispatch::IntegrationTest symbolize_names: true) end + def test_org_disclosed_attributes + patch api_v1_registrant_contact_path(@contact_org.uuid), params: { disclosed_attributes: ["some_attr"] }, + as: :json, + headers: { 'HTTP_AUTHORIZATION' => auth_token } + + assert_response :bad_request + + err_msg = "Legal person's data is visible by default and cannot be concealed. Please remove this parameter." + + response_json = JSON.parse(response.body, symbolize_names: true) + response_msg = response_json[:errors][0][:disclosed_attributes][0] + + assert_equal err_msg, response_msg + end + def test_unmanaged_contact_cannot_be_updated assert_equal 'US-1234', @user.registrant_ident @contact.update!(ident: '12345') diff --git a/test/integration/epp/domain/create/base_test.rb b/test/integration/epp/domain/create/base_test.rb index e3b7a39ee..35ef38179 100644 --- a/test/integration/epp/domain/create/base_test.rb +++ b/test/integration/epp/domain/create/base_test.rb @@ -13,30 +13,30 @@ class EppDomainCreateBaseTest < EppTestCase vrjxNMH6HtxW\rEA4RJ9Ao6LCWheg8" request_xml = <<-XML - - - - - - #{name} - #{registrant.code} - - - - - - 257 - 3 - 8 - #{pub_key} - - - - #{'test' * 2000} - - - - + + + + + + #{name} + #{registrant.code} + + + + + + 257 + 3 + 8 + #{pub_key} + + + + #{'test' * 2000} + + + + XML assert_no_difference 'Domain.count' do post epp_create_path, params: { frame: request_xml }, @@ -76,6 +76,230 @@ class EppDomainCreateBaseTest < EppTestCase assert_epp_response :required_parameter_missing end + def test_create_domain_with_unique_contact + now = Time.zone.parse('2010-07-05') + travel_to now + name = "new.#{dns_zones(:one).origin}" + contact = contacts(:john) + registrant = contact.becomes(Registrant) + + request_xml = <<-XML + + + + + + #{name} + #{registrant.code} + #{contacts(:jane).code} + #{contacts(:william).code} + + + + + #{'test' * 2000} + + + + + XML + + assert_difference 'Domain.count' do + post epp_create_path, params: { frame: request_xml }, + headers: { 'HTTP_COOKIE' => 'session=api_bestnames' } + end + assert_epp_response :completed_successfully + end + + + def test_create_domain_with_array_of_not_unique_admins_and_techs + now = Time.zone.parse('2010-07-05') + travel_to now + name = "new.#{dns_zones(:one).origin}" + contact = contacts(:john) + registrant = contact.becomes(Registrant) + + request_xml = <<-XML + + + + + + #{name} + #{registrant.code} + #{contact.code} + #{contact.code} + #{contact.code} + #{contact.code} + + + + + #{'test' * 2000} + + + + + XML + + assert_no_difference 'Domain.count' do + post epp_create_path, params: { frame: request_xml }, + headers: { 'HTTP_COOKIE' => 'session=api_bestnames' } + end + + assert_epp_response :parameter_value_policy_error + end + + def test_create_domain_with_array_of_not_unique_admins + now = Time.zone.parse('2010-07-05') + travel_to now + name = "new.#{dns_zones(:one).origin}" + contact = contacts(:john) + registrant = contact.becomes(Registrant) + + request_xml = <<-XML + + + + + + #{name} + #{registrant.code} + #{contact.code} + #{contact.code} + #{contact.code} + + + + + #{'test' * 2000} + + + + + XML + + assert_no_difference 'Domain.count' do + post epp_create_path, params: { frame: request_xml }, + headers: { 'HTTP_COOKIE' => 'session=api_bestnames' } + end + + assert_epp_response :parameter_value_policy_error + end + + def test_create_domain_with_array_of_not_unique_techs + now = Time.zone.parse('2010-07-05') + travel_to now + name = "new.#{dns_zones(:one).origin}" + contact = contacts(:john) + registrant = contact.becomes(Registrant) + + request_xml = <<-XML + + + + + + #{name} + #{registrant.code} + #{contact.code} + #{contact.code} + #{contact.code} + + + + + #{'test' * 2000} + + + + + XML + + assert_no_difference 'Domain.count' do + post epp_create_path, params: { frame: request_xml }, + headers: { 'HTTP_COOKIE' => 'session=api_bestnames' } + end + + assert_epp_response :parameter_value_policy_error + end + + def test_create_domain_with_array_of_not_unique_admin_but_tech_another_one + now = Time.zone.parse('2010-07-05') + travel_to now + name = "new.#{dns_zones(:one).origin}" + contact = contacts(:john) + registrant = contact.becomes(Registrant) + contact_two = contacts(:william) + + request_xml = <<-XML + + + + + + #{name} + #{registrant.code} + #{contact.code} + #{contact.code} + #{contact_two.code} + + + + + #{'test' * 2000} + + + + + XML + + assert_no_difference 'Domain.count' do + post epp_create_path, params: { frame: request_xml }, + headers: { 'HTTP_COOKIE' => 'session=api_bestnames' } + end + + assert_epp_response :parameter_value_policy_error + end + + def test_create_domain_with_array_of_not_unique_techs_but_admin_another_one + now = Time.zone.parse('2010-07-05') + travel_to now + name = "new.#{dns_zones(:one).origin}" + contact = contacts(:john) + registrant = contact.becomes(Registrant) + contact_two = contacts(:william) + + request_xml = <<-XML + + + + + + #{name} + #{registrant.code} + #{contact_two.code} + #{contact.code} + #{contact.code} + + + + + #{'test' * 2000} + + + + + XML + + assert_no_difference 'Domain.count' do + post epp_create_path, params: { frame: request_xml }, + headers: { 'HTTP_COOKIE' => 'session=api_bestnames' } + end + + assert_epp_response :parameter_value_policy_error + end + def test_registers_new_domain_with_required_attributes now = Time.zone.parse('2010-07-05') travel_to now diff --git a/test/models/domain_test.rb b/test/models/domain_test.rb index ae12f4a1e..15ab8b0c2 100644 --- a/test/models/domain_test.rb +++ b/test/models/domain_test.rb @@ -69,6 +69,12 @@ class DomainTest < ActiveSupport::TestCase domain.name = 'xn--mnchen-3ya.test' assert domain.valid? + + domain.name = '####' + assert domain.invalid? + + domain.name = 'https://example.test' + assert domain.invalid? end def test_invalid_when_name_is_already_taken diff --git a/test/system/admin_area/bank_statement_test.rb b/test/system/admin_area/bank_statement_test.rb index 6de21b1c3..8630049dc 100644 --- a/test/system/admin_area/bank_statement_test.rb +++ b/test/system/admin_area/bank_statement_test.rb @@ -4,6 +4,35 @@ class AdminAreaBankStatementTest < ApplicationSystemTestCase setup do sign_in users(:admin) travel_to Time.zone.parse('2010-07-05 00:30:00') + + @invoice = invoices(:one) + end + + def test_update_bank_statement + visit admin_bank_statement_path(id: @invoice.id) + + click_link_or_button 'Add' + + fill_in 'Description', with: 'Invoice with id 123' + fill_in 'Reference number', with: '1232' + fill_in 'Sum', with: '500' + fill_in 'Paid at', with: Time.zone.today.to_s + + click_link_or_button 'Save' + assert_text 'Bank transaction' + + click_link_or_button 'Edit' + fill_in 'Description', with: 'Invoice with id 123' + click_link_or_button 'Save' + + assert_text 'Record updated' + end + + def test_bind_bank + visit admin_bank_statement_path(id: @invoice.id) + click_link_or_button 'Bind invoices' + + assert_text 'No invoices were binded' end def test_can_create_statement_manually diff --git a/test/system/admin_area/contacts_test.rb b/test/system/admin_area/contacts_test.rb index d98882dff..19b15c8a5 100644 --- a/test/system/admin_area/contacts_test.rb +++ b/test/system/admin_area/contacts_test.rb @@ -8,6 +8,17 @@ class AdminContactsTest < ApplicationSystemTestCase sign_in users(:admin) end + def test_update_contact + visit admin_contact_path(id: @contact.id) + assert_text "#{@contact.name}" + + click_on 'Edit statuses' + assert_text "Edit: #{@contact.name}" + + click_on 'Save' + assert_text 'Contact updated' + end + def test_display_list visit admin_contacts_path diff --git a/test/system/admin_area/domains/csv_test.rb b/test/system/admin_area/domains/csv_test.rb new file mode 100644 index 000000000..7d4b44124 --- /dev/null +++ b/test/system/admin_area/domains/csv_test.rb @@ -0,0 +1,18 @@ +require 'application_system_test_case' + +class AdminAreaCsvTest < ApplicationSystemTestCase + setup do + sign_in users(:admin) + end + + def test_downloads_domain_list_as_csv + search_params = {"valid_to_lteq"=>nil} + expected_csv = Domain.includes(:registrar, :registrant).search(search_params).result.to_csv + + travel_to Time.zone.parse('2010-07-05 10:30') + visit admin_domains_url + click_link('CSV') + assert_equal "attachment; filename=\"domains.csv\"; filename*=UTF-8''domains.csv", response_headers['Content-Disposition'] + assert_equal expected_csv, page.body + end +end diff --git a/test/system/admin_area/domains/legal_doc_test.rb b/test/system/admin_area/domains/legal_doc_test.rb index 00cc7cc3a..48eedcf4f 100644 --- a/test/system/admin_area/domains/legal_doc_test.rb +++ b/test/system/admin_area/domains/legal_doc_test.rb @@ -15,7 +15,7 @@ class AdminAreaDomainsLegalDocTest < ApplicationSystemTestCase def test_absent_doc_downloading_without_errors visit admin_domain_url(@domain) assert_nothing_raised do - click_on "#{@document.created_at}" + click_on "#{@document.created_at}", match: :first end end end diff --git a/test/system/admin_area/invoices_test.rb b/test/system/admin_area/invoices_test.rb index 814f95d4a..40a50e1c7 100644 --- a/test/system/admin_area/invoices_test.rb +++ b/test/system/admin_area/invoices_test.rb @@ -40,4 +40,4 @@ class AdminAreaInvoicesTest < ApplicationSystemTestCase assert_current_path admin_invoice_path(@invoice) assert_text 'Invoice has been sent' end -end \ No newline at end of file +end diff --git a/test/system/admin_area/protected_area_test.rb b/test/system/admin_area/protected_area_test.rb index f3375776a..fa413291b 100644 --- a/test/system/admin_area/protected_area_test.rb +++ b/test/system/admin_area/protected_area_test.rb @@ -19,4 +19,4 @@ class AdminAreaProtectedAreaTest < ApplicationSystemTestCase assert_text 'You are already signed in' assert_current_path admin_domains_path end -end \ No newline at end of file +end