From 940355a417e2c21bea92ec1c434aea630f6d90ac Mon Sep 17 00:00:00 2001
From: Martin Lensment <mlensment@gmail.com>
Date: Wed, 20 May 2015 15:43:25 +0300
Subject: [PATCH] Check IP in registrar

---
 app/controllers/registrar/sessions_controller.rb |  9 +++++++++
 app/controllers/registrar_controller.rb          | 11 ++++++++++-
 app/models/depp/user.rb                          |  2 +-
 app/models/white_ip.rb                           | 13 +++++++++++++
 4 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb
index bbd06cbd4..59803233b 100644
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@@ -5,6 +5,8 @@ class Registrar::SessionsController < ::SessionsController
     false
   end
 
+  before_action :check_ip
+
   def login
     @depp_user = Depp::User.new
   end
@@ -139,4 +141,11 @@ class Registrar::SessionsController < ::SessionsController
     return User.new unless idc
     ApiUser.find_by(identity_code: idc) || User.new
   end
+
+  private
+
+  def check_ip
+    return if WhiteIp.registrar_ip_white?(request.ip)
+    render text: t('ip_is_not_whitelisted') and return
+  end
 end
diff --git a/app/controllers/registrar_controller.rb b/app/controllers/registrar_controller.rb
index e236814ad..8da12c3c1 100644
--- a/app/controllers/registrar_controller.rb
+++ b/app/controllers/registrar_controller.rb
@@ -1,5 +1,6 @@
 class RegistrarController < ApplicationController
-  before_action :authenticate_user!
+  before_action :authenticate_user!, :check_ip
+  # before_action :check_ip
   layout 'registrar/application'
 
   include Registrar::ApplicationHelper
@@ -9,6 +10,14 @@ class RegistrarController < ApplicationController
     false
   end
 
+  def check_ip
+    return unless current_user
+    return if current_user.registrar.registrar_ip_white?(request.ip)
+    flash[:alert] = t('ip_is_not_whitelisted')
+    sign_out(current_user)
+    redirect_to registrar_login_path and return
+  end
+
   helper_method :head_title_sufix
   def head_title_sufix
     t(:registrar_head_title_sufix)
diff --git a/app/models/depp/user.rb b/app/models/depp/user.rb
index 36cd08115..fcce49c10 100644
--- a/app/models/depp/user.rb
+++ b/app/models/depp/user.rb
@@ -84,7 +84,7 @@ module Depp
       res = server.send_request(xml)
 
       if Nokogiri::XML(res).css('result').first['code'] != '1000'
-        errors.add(:base, :authorization_error)
+        errors.add(:base, Nokogiri::XML(res).css('result').text)
       end
 
       server.close_connection
diff --git a/app/models/white_ip.rb b/app/models/white_ip.rb
index 499fba031..b3f6e9922 100644
--- a/app/models/white_ip.rb
+++ b/app/models/white_ip.rb
@@ -24,4 +24,17 @@ class WhiteIp < ActiveRecord::Base
   scope :repp, -> { where(interface: REPP) }
   scope :registrar, -> { where(interface: REGISTRAR) }
   scope :global, -> { where(interface: GLOBAL) }
+
+  class << self
+    def registrar_ip_white?(ip)
+      at = WhiteIp.arel_table
+      WhiteIp.where(
+        at[:interface].eq(REGISTRAR).or(
+          at[:interface].eq(GLOBAL)
+        ).and(
+          at[:ipv4].eq(ip)
+        )
+      )
+    end
+  end
 end