From 934033cfbcffadff2bcc0d54e166e311c7b9a008 Mon Sep 17 00:00:00 2001
From: Alex Sherman <yul.golem@gmail.com>
Date: Tue, 4 Feb 2020 18:34:50 +0500
Subject: [PATCH] Add test & validation to not to register blocked IDN domains
 via EPP

Fixes https://github.com/internetee/registry/issues/1142#issuecomment-581889350
---
 app/validators/domain_name_validator.rb       |  4 ++-
 .../epp/domain/create/base_test.rb            | 30 +++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/app/validators/domain_name_validator.rb b/app/validators/domain_name_validator.rb
index 0d5638b37..2652c44d6 100644
--- a/app/validators/domain_name_validator.rb
+++ b/app/validators/domain_name_validator.rb
@@ -33,7 +33,9 @@ class DomainNameValidator < ActiveModel::EachValidator
 
     def validate_blocked(value)
       return true unless value
-      return false if BlockedDomain.where(name: value).count.positive?
+      return false if BlockedDomain.where(name: value).any?
+      return false if BlockedDomain.where(name: SimpleIDN.to_unicode(value)).any?
+
       DNS::Zone.where(origin: value).count.zero?
     end
   end
diff --git a/test/integration/epp/domain/create/base_test.rb b/test/integration/epp/domain/create/base_test.rb
index ff8da3696..ffd56ffc5 100644
--- a/test/integration/epp/domain/create/base_test.rb
+++ b/test/integration/epp/domain/create/base_test.rb
@@ -144,6 +144,36 @@ class EppDomainCreateBaseTest < EppTestCase
     assert_epp_response :data_management_policy_violation
   end
 
+  def test_blocked_punicode_domain_cannot_be_registered
+    blocked_domain = 'blockedäöüõ.test'
+    assert BlockedDomain.find_by(name: blocked_domain)
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <create>
+            <domain:create xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+              <domain:name>#{SimpleIDN.to_ascii('blockedäöüõ.test')}</domain:name>
+              <domain:registrant>#{contacts(:john).code}</domain:registrant>
+            </domain:create>
+          </create>
+          <extension>
+            <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
+            </eis:extdata>
+          </extension>
+        </command>
+      </epp>
+    XML
+
+    assert_no_difference 'Domain.count' do
+      post epp_create_path, params: { frame: request_xml },
+           headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+    end
+    assert_epp_response :data_management_policy_violation
+  end
+
   def test_reserved_domain_cannot_be_registered_with_wrong_registration_code
     request_xml = <<-XML
       <?xml version="1.0" encoding="UTF-8" standalone="no"?>