zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-07 05:05:45 +02:00
Code Issues Projects Releases Packages Wiki Activity

Refactor Devise integration

Browse source 
- Use scoped users
- Use the named route helpers instead of hardcoded paths
This commit is contained in:
Artur Beljajev 2018-06-20 12:21:22 +03:00
parent c31f507c25
commit 9684c8e59f
52 changed files with 313 additions and 280 deletions
Download patch file Download diff file Expand all files Collapse all files

12
app/controllers/admin/base_controller.rb
View file

@ -1,10 +1,20 @@
module Admin
class BaseController < ApplicationController
before_action :authenticate_user!
before_action :authenticate_admin_user!
helper_method :head_title_sufix
def head_title_sufix
t(:admin_head_title_sufix)
end
private
def current_ability
@current_ability ||= Ability.new(current_admin_user)
end
def user_for_paper_trail
current_admin_user.present? ? current_admin_user.id_role_username : 'public'
end
end
end

4
app/controllers/admin/pending_deletes_controller.rb
View file

@ -6,7 +6,7 @@ module Admin
def update
authorize! :update, :pending
if registrant_verification.domain_registrant_delete_confirm!("admin #{current_user.username}")
if registrant_verification.domain_registrant_delete_confirm!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)
@ -16,7 +16,7 @@ module Admin
def destroy
authorize! :destroy, :pending
if registrant_verification.domain_registrant_delete_reject!("admin #{current_user.username}")
if registrant_verification.domain_registrant_delete_reject!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)

4
app/controllers/admin/pending_updates_controller.rb
View file

@ -6,7 +6,7 @@ module Admin
def update
authorize! :update, :pending
if registrant_verification.domain_registrant_change_confirm!("admin #{current_user.username}")
if registrant_verification.domain_registrant_change_confirm!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied)
else
redirect_to edit_admin_domain_path(@domain.id), alert: t(:failure)
@ -15,7 +15,7 @@ module Admin
def destroy
authorize! :destroy, :pending
if registrant_verification.domain_registrant_change_reject!("admin #{current_user.username}")
if registrant_verification.domain_registrant_change_reject!("admin #{current_admin_user.username}")
redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed)
else
redirect_to admin_domain_path(@domain.id), alert: t(:failure)

23
app/controllers/admin/sessions_controller.rb
View file

@ -1,8 +1,6 @@
module Admin
class SessionsController < Devise::SessionsController
skip_authorization_check only: :create
def login
def new
@admin_user = AdminUser.new
end
@ -10,19 +8,28 @@ module Admin
if params[:admin_user].blank?
@admin_user = AdminUser.new
flash[:alert] = 'Something went wrong'
return render 'login'
return render :new
end
@admin_user = AdminUser.find_by(username: params[:admin_user][:username])
@admin_user ||= AdminUser.new(username: params[:admin_user][:username])
if @admin_user.valid_password?(params[:admin_user][:password])
sign_in @admin_user, event: :authentication
redirect_to admin_root_url, notice: I18n.t(:welcome)
sign_in_and_redirect(:admin_user, @admin_user, event: :authentication)
else
flash[:alert] = 'Authorization error'
render 'login'
end
render :new
end
end
private
def after_sign_in_path_for(resource_or_scope)
admin_root_path
end
def after_sign_out_path_for(resource_or_scope)
new_admin_user_session_path
end
end
end

54
app/controllers/application_controller.rb
View file

@ -12,63 +12,15 @@ class ApplicationController < ActionController::Base
end
rescue_from CanCan::AccessDenied do |exception|
redirect_to current_root_url, alert: exception.message
redirect_to root_url, alert: exception.message
end
helper_method :registrant_request?, :registrar_request?, :admin_request?, :current_root_url
helper_method :available_languages
def registrant_request?
request.path.match(/^\/registrant/)
end
def registrar_request?
request.path.match(/^\/registrar/)
end
def admin_request?
request.path.match(/^\/admin/)
end
def current_root_url
if registrar_request?
registrar_root_url
elsif registrant_request?
registrant_login_url
elsif admin_request?
admin_root_url
end
end
def after_sign_in_path_for(_resource)
rt = session[:user_return_to].to_s.presence
login_paths = [admin_login_path, registrar_login_path, '/login']
return rt if rt && !login_paths.include?(rt)
current_root_url
end
def after_sign_out_path_for(_resource)
if registrar_request?
registrar_login_url
elsif registrant_request?
registrant_login_url
elsif admin_request?
admin_login_url
end
end
def info_for_paper_trail
{ uuid: request.uuid }
end
def user_for_paper_trail
user_log_str(current_user)
end
def user_log_str(user)
user.nil? ? 'public' : user.id_role_username
end
def comma_support_for(parent_key, key)
return if params[parent_key].blank?
return if params[parent_key][key].blank?
@ -80,4 +32,8 @@ class ApplicationController < ActionController::Base
def available_languages
{ en: 'English', et: 'Estonian' }.invert
end
def user_for_paper_trail
current_user.present? ? current_user.id_role_username : 'public'
end
end

3
app/controllers/registrant/contacts_controller.rb
View file

@ -2,7 +2,6 @@ class Registrant::ContactsController < RegistrantController
helper_method :domain_ids
def show
@contact = Contact.where(id: contacts).find_by(id: params[:id])
@current_user = current_user
authorize! :read, @contact
end
@ -19,7 +18,7 @@ class Registrant::ContactsController < RegistrantController
def domain_ids
@domain_ids ||= begin
ident_cc, ident = @current_user.registrant_ident.to_s.split '-'
ident_cc, ident = current_registrant_user.registrant_ident.to_s.split '-'
BusinessRegistryCache.fetch_by_ident_and_cc(ident, ident_cc).associated_domain_ids
end
end

2
app/controllers/registrant/domain_delete_confirms_controller.rb
View file

@ -19,7 +19,7 @@ class Registrant::DomainDeleteConfirmsController < RegistrantController
domain_name: @domain.name,
verification_token: params[:token])
initiator = current_user ? current_user.username : t(:user_not_authenticated)
initiator = current_registrant_user ? current_registrant_user.username : t(:user_not_authenticated)
if params[:rejected]
if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}")

2
app/controllers/registrant/domain_update_confirms_controller.rb
View file

@ -19,7 +19,7 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
domain_name: @domain.name,
verification_token: params[:token])
initiator = current_user ? current_user.username : t(:user_not_authenticated)
initiator = current_registrant_user ? current_registrant_user.username : t(:user_not_authenticated)
if params[:rejected]
if @registrant_verification.domain_registrant_change_reject!("email link, #{initiator}")

4
app/controllers/registrant/domains_controller.rb
View file

@ -54,13 +54,13 @@ class Registrant::DomainsController < RegistrantController
end
def domains
ident_cc, ident = @current_user.registrant_ident.split '-'
ident_cc, ident = current_registrant_user.registrant_ident.split '-'
begin
BusinessRegistryCache.fetch_associated_domains ident, ident_cc
rescue Soap::Arireg::NotAvailableError => error
flash[:notice] = I18n.t(error.json[:message])
Rails.logger.fatal("[EXCEPTION] #{error.to_s}")
current_user.domains
current_registrant_user.domains
end
end

19
app/controllers/registrant/sessions_controller.rb
View file

@ -1,7 +1,7 @@
class Registrant::SessionsController < Devise::SessionsController
layout 'registrant/application'
def login
def new
end
def id
@ -10,11 +10,10 @@ class Registrant::SessionsController < Devise::SessionsController
@user = RegistrantUser.find_or_create_by_idc_data(id_code, id_issuer)
if @user
sign_in(@user, event: :authentication)
redirect_to registrant_root_url
sign_in_and_redirect(:registrant_user, @user, event: :authentication)
else
flash[:alert] = t('login_failed_check_id_card')
redirect_to registrant_login_url
redirect_to new_registrant_user_session_url
end
end
@ -68,7 +67,7 @@ class Registrant::SessionsController < Devise::SessionsController
when 'USER_AUTHENTICATED'
@user = RegistrantUser.find_by(registrant_ident: "#{session[:user_country]}-#{session[:user_id_code]}")
sign_in @user
sign_in(:registrant_user, @user)
flash[:notice] = t(:welcome)
flash.keep(:notice)
render js: "window.location = '#{registrant_root_path}'"
@ -97,4 +96,14 @@ class Registrant::SessionsController < Devise::SessionsController
return User.new unless idc
ApiUser.find_by(identity_code: idc) || User.new
end
private
def after_sign_in_path_for(resource_or_scope)
registrant_root_path
end
def after_sign_out_path_for(resource_or_scope)
new_registrant_user_session_path
end
end

13
app/controllers/registrant_controller.rb
View file

@ -1,11 +1,22 @@
class RegistrantController < ApplicationController
before_action :authenticate_user!
before_action :authenticate_registrant_user!
layout 'registrant/application'
include Registrant::ApplicationHelper
helper_method :head_title_sufix
def head_title_sufix
t(:registrant_head_title_sufix)
end
private
def current_ability
@current_ability ||= Ability.new(current_registrant_user, request.remote_ip)
end
def user_for_paper_trail
current_registrant_user.present? ? current_registrant_user.id_role_username : 'public'
end
end

2
app/controllers/registrar/account_activities_controller.rb
View file

@ -4,7 +4,7 @@ class Registrar
def index
params[:q] ||= {}
account = current_user.registrar.cash_account
account = current_registrar_user.registrar.cash_account
ca_cache = params[:q][:created_at_lteq]
begin

14
app/controllers/registrar/base_controller.rb
View file

@ -2,7 +2,7 @@ class Registrar
class BaseController < ApplicationController
include Registrar::ApplicationHelper
before_action :authenticate_user!
before_action :authenticate_registrar_user!
before_action :check_ip_restriction
helper_method :depp_controller?
helper_method :head_title_sufix
@ -10,21 +10,21 @@ class Registrar
protected
def current_ability
@current_ability ||= Ability.new(current_user, request.remote_ip)
@current_ability ||= Ability.new(current_registrar_user, request.remote_ip)
end
private
def check_ip_restriction
ip_restriction = Authorization::RestrictedIP.new(request.ip)
allowed = ip_restriction.can_access_registrar_area?(current_user.registrar)
allowed = ip_restriction.can_access_registrar_area?(current_registrar_user.registrar)
return if allowed
sign_out current_user
sign_out current_registrar_user
flash[:alert] = t('registrar.authorization.ip_not_allowed', ip: request.ip)
redirect_to registrar_login_url
redirect_to new_registrar_user_session_url
end
def depp_controller?
@ -34,5 +34,9 @@ class Registrar
def head_title_sufix
t(:registrar_head_title_sufix)
end
def user_for_paper_trail
current_registrar_user.present? ? current_registrar_user.id_role_username : 'public'
end
end
end

2
app/controllers/registrar/bulk_change_controller.rb
View file

@ -10,7 +10,7 @@ class Registrar
private
def available_contacts
current_user.registrar.contacts.order(:name).pluck(:name, :code)
current_registrar_user.registrar.contacts.order(:name).pluck(:name, :code)
end
def default_tab

6
app/controllers/registrar/contacts_controller.rb
View file

@ -21,11 +21,11 @@ class Registrar
end
if params[:statuses_contains]
contacts = current_user.registrar.contacts.includes(:registrar).where(
contacts = current_registrar_user.registrar.contacts.includes(:registrar).where(
"contacts.statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
)
else
contacts = current_user.registrar.contacts.includes(:registrar)
contacts = current_registrar_user.registrar.contacts.includes(:registrar)
end
normalize_search_parameters do
@ -45,7 +45,7 @@ class Registrar
@contacts = Contact.find_by(name: params[:q][:name_matches])
end
contacts = current_user.registrar.contacts.includes(:registrar)
contacts = current_registrar_user.registrar.contacts.includes(:registrar)
contacts = contacts.filter_by_states(params[:statuses_contains]) if params[:statuses_contains]
normalize_search_parameters do

4
app/controllers/registrar/current_user_controller.rb
View file

@ -3,9 +3,9 @@ class Registrar
skip_authorization_check
def switch
raise 'Cannot switch to unlinked user' unless current_user.linked_with?(new_user)
raise 'Cannot switch to unlinked user' unless current_registrar_user.linked_with?(new_user)
sign_in(new_user)
sign_in(:registrar_user, new_user)
redirect_to :back, notice: t('.switched', new_user: new_user)
end

2
app/controllers/registrar/deposits_controller.rb
View file

@ -7,7 +7,7 @@ class Registrar
end
def create
@deposit = Deposit.new(deposit_params.merge(registrar: current_user.registrar))
@deposit = Deposit.new(deposit_params.merge(registrar: current_registrar_user.registrar))
@invoice = @deposit.issue_prepayment_invoice
if @invoice&.persisted?

10
app/controllers/registrar/depp_controller.rb
View file

@ -5,13 +5,13 @@ class Registrar
rescue_from(Errno::ECONNRESET, Errno::ECONNREFUSED) do |exception|
logger.error 'COULD NOT CONNECT TO REGISTRY'
logger.error exception.backtrace.join("\n")
redirect_to registrar_login_url, alert: t(:no_connection_to_registry)
redirect_to new_registrar_user_session_url, alert: t(:no_connection_to_registry)
end
before_action :authenticate_user
def authenticate_user
redirect_to registrar_login_url and return unless depp_current_user
redirect_to new_registrar_user_session_url and return unless depp_current_user
end
def depp_controller?
@ -19,10 +19,10 @@ class Registrar
end
def depp_current_user
return nil unless current_user
return nil unless current_registrar_user
@depp_current_user ||= Depp::User.new(
tag: current_user.username,
password: current_user.password
tag: current_registrar_user.username,
password: current_registrar_user.password
)
end

2
app/controllers/registrar/domain_transfers_controller.rb
View file

@ -21,7 +21,7 @@ class Registrar
uri = URI.parse("#{ENV['repp_url']}domain_transfers")
request = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
request.body = { data: { domainTransfers: domain_transfers } }.to_json
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username, current_registrar_user.password)
if Rails.env.test?

8
app/controllers/registrar/domains_controller.rb
View file

@ -16,11 +16,11 @@ class Registrar
end
if params[:statuses_contains]
domains = current_user.registrar.domains.includes(:registrar, :registrant).where(
domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant).where(
"statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
)
else
domains = current_user.registrar.domains.includes(:registrar, :registrant)
domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant)
end
normalize_search_parameters do
@ -142,7 +142,7 @@ class Registrar
def search_contacts
authorize! :create, Depp::Domain
scope = current_user.registrar.contacts.limit(10)
scope = current_registrar_user.registrar.contacts.limit(10)
if params[:query].present?
escaped_str = ActiveRecord::Base.connection.quote_string params[:query]
scope = scope.where("name ilike '%#{escaped_str}%' OR code ilike '%#{escaped_str}%' ")
@ -159,7 +159,7 @@ class Registrar
def contacts
current_user.registrar.contacts
current_registrar_user.registrar.contacts
end
def normalize_search_parameters

2
app/controllers/registrar/invoices_controller.rb
View file

@ -6,7 +6,7 @@ class Registrar
def index
params[:q] ||= {}
invoices = current_user.registrar.invoices.includes(:invoice_items, :account_activity)
invoices = current_registrar_user.registrar.invoices.includes(:invoice_items, :account_activity)
normalize_search_parameters do
@q = invoices.search(params[:q])

2
app/controllers/registrar/nameservers_controller.rb
View file

@ -12,7 +12,7 @@ class Registrar
attributes: { hostname: params[:new_hostname],
ipv4: ipv4,
ipv6: ipv6 } } }.to_json
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username, current_registrar_user.password)
if Rails.env.test?
response = Net::HTTP.start(uri.hostname, uri.port,

4
app/controllers/registrar/profile_controller.rb
View file

@ -5,13 +5,13 @@ class Registrar
helper_method :linked_users
def show
@user = current_user
@user = current_registrar_user
end
private
def linked_users
current_user.linked_users
current_registrar_user.linked_users
end
end
end

28
app/controllers/registrar/sessions_controller.rb
View file

@ -3,7 +3,7 @@ class Registrar
before_action :check_ip_restriction
helper_method :depp_controller?
def login
def new
@depp_user = Depp::User.new
end
@ -30,7 +30,7 @@ class Registrar
unless @api_user
@depp_user.errors.add(:base, t(:no_such_user))
render 'login' and return
render :new and return
end
if @depp_user.pki
@ -41,14 +41,13 @@ class Registrar
if @depp_user.errors.none?
if @api_user.active?
sign_in @api_user
redirect_to registrar_root_url
sign_in_and_redirect(:registrar_user, @api_user)
else
@depp_user.errors.add(:base, :not_active)
render 'login'
render :new
end
else
render 'login'
render :new
end
end
@ -56,11 +55,10 @@ class Registrar
@user = ApiUser.find_by_idc_data_and_allowed(request.env['SSL_CLIENT_S_DN'], request.ip)
if @user
sign_in(@user, event: :authentication)
redirect_to registrar_root_url
sign_in_and_redirect(:registrar_user, @user, event: :authentication)
else
flash[:alert] = t('no_such_user')
redirect_to registrar_login_url
redirect_to new_registrar_user_session_url
end
end
@ -117,7 +115,7 @@ class Registrar
render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok
when 'USER_AUTHENTICATED'
@user = find_user_by_idc_and_allowed(session[:user_id_code])
sign_in @user
sign_in(:registrar_user, @user)
flash[:notice] = t(:welcome)
flash.keep(:notice)
render js: "window.location = '#{registrar_root_url}'"
@ -163,8 +161,6 @@ class Registrar
end
end
def check_ip_restriction
ip_restriction = Authorization::RestrictedIP.new(request.ip)
allowed = ip_restriction.can_access_registrar_area_sign_in_page?
@ -173,5 +169,13 @@ class Registrar
render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
end
def after_sign_in_path_for(resource_or_scope)
registrar_root_path
end
def after_sign_out_path_for(resource_or_scope)
new_registrar_user_session_path
end
end
end

2
app/controllers/registrar/tech_contacts_controller.rb
View file

@ -8,7 +8,7 @@ class Registrar
request = Net::HTTP::Patch.new(uri)
request.set_form_data(current_contact_id: params[:current_contact_id],
new_contact_id: params[:new_contact_id])
request.basic_auth(current_user.username, current_user.password)
request.basic_auth(current_registrar_user.username, current_registrar_user.password)
if Rails.env.test?
response = Net::HTTP.start(uri.hostname, uri.port,

2
app/views/admin/base/_menu.haml
View file

@ -41,4 +41,4 @@
- if signed_in?
%ul.nav.navbar-nav.navbar-right
%li= link_to t(:log_out, user: current_user), '/admin/logout'
%li= link_to t(:log_out, user: current_admin_user), destroy_admin_user_session_path, method: :delete, class: 'navbar-link'

2
app/views/admin/sessions/login.haml → app/views/admin/sessions/new.haml
View file

@ -3,7 +3,7 @@
%h2.form-signin-heading.text-center Eesti Interneti SA
%hr
.form-signin
= form_for(@admin_user, url: admin_sessions_path, method: :create, html: {class: 'form-signin'}) do |f|
= form_for(@admin_user, url: admin_user_session_path, html: {class: 'form-signin'}) do |f|
= render 'admin/shared/errors', object: f.object
- error_class = f.object.errors.any? ? 'has-error' : ''

2
app/views/layouts/devise.haml
View file

@ -18,7 +18,7 @@
%span.icon-bar
%span.icon-bar
%span.icon-bar
= link_to admin_login_path, class: 'navbar-brand' do
= link_to new_admin_user_session_path, class: 'navbar-brand' do
= ENV['app_name']
- if unstable_env.present?
.text-center

6
app/views/layouts/registrant/application.html.erb
View file

@ -37,7 +37,7 @@
<% end %>
<% end %>
</div>
<% if current_user %>
<% if current_registrant_user %>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav public-nav">
<% if can? :view, Depp::Domain %>
@ -54,9 +54,9 @@
<% end %>
</ul>
<ul class="nav navbar-nav navbar-right">
<% if user_signed_in? %>
<% if registrant_user_signed_in? %>
<li>
<%= link_to t(:log_out, user: current_user), '/registrant/logout' %>
<%= link_to t(:log_out, user: current_registrant_user), destroy_registrant_user_session_path, method: :delete %>
</li>
<% end %>
</ul>

0
app/views/registrant/sessions/login.haml → app/views/registrant/sessions/new.haml
View file

4
app/views/registrar/base/_current_user.html.erb
View file

@ -1,5 +1,5 @@
<% current_user_presenter = UserPresenter.new(user: current_user, view: self) %>
<% current_user_presenter = UserPresenter.new(user: current_registrar_user, view: self) %>
<%= link_to current_user_presenter.login_with_role, registrar_profile_path, id: 'registrar-profile-btn',
class: 'navbar-link' %>
<span class="text-muted">|</span>
<%= link_to t('.sign_out'), registrar_destroy_user_session_path, method: :delete, class: 'navbar-link' %>
<%= link_to t('.sign_out'), destroy_registrar_user_session_path, method: :delete, class: 'navbar-link' %>

4
app/views/registrar/invoices/index.haml
View file

@ -4,8 +4,8 @@
= render 'shared/title', name: t(:your_account)
= t(:your_current_account_balance_is,
balance: currency(current_user.registrar.cash_account.balance),
currency: current_user.registrar.cash_account.currency)
balance: currency(current_registrar_user.registrar.cash_account.balance),
currency: current_registrar_user.registrar.cash_account.currency)
%h1= t(:invoices)
.row

2
app/views/registrar/sessions/login.haml → app/views/registrar/sessions/new.haml
View file

@ -2,7 +2,7 @@
.form-signin.col-md-6.center-block.text-center
%h2.form-signin-heading.text-center= t(:log_in)
%hr
= form_for @depp_user, url: registrar_sessions_path, html: {class: 'form-signin'} do |f|
= form_for @depp_user, url: registrar_user_session_path, html: {class: 'form-signin'} do |f|
= render 'registrar/shared/errors', object: f.object
- error_class = f.object.errors.any? ? 'has-error' : ''

2
config/locales/registrar/sessions.en.yml
View file

@ -1,7 +1,7 @@
en:
registrar:
sessions:
login:
new:
login_btn: Login
login_mid:
login_btn: Login

57
config/routes.rb
View file

@ -22,6 +22,16 @@ Rails.application.routes.draw do
namespace :registrar do
root 'dashboard#show'
devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' },
class_name: 'ApiUser'
devise_scope :registrar_user do
get 'login/mid' => 'sessions#login_mid'
post 'login/mid' => 'sessions#mid'
post 'login/mid_status' => 'sessions#mid_status'
post 'id' => 'sessions#id'
post 'mid' => 'sessions#mid'
end
resources :invoices do
member do
get 'download_pdf'
@ -33,18 +43,6 @@ Rails.application.routes.draw do
resources :deposits
resources :account_activities
devise_scope :user do
get 'login' => 'sessions#login'
get 'login/mid' => 'sessions#login_mid'
post 'login/mid' => 'sessions#mid'
post 'login/mid_status' => 'sessions#mid_status'
post 'sessions' => 'sessions#create'
post 'id' => 'sessions#id'
post 'mid' => 'sessions#mid'
delete 'logout', to: '/devise/sessions#destroy', as: :destroy_user_session
end
put 'current_user/switch/:new_user_id', to: 'current_user#switch', as: :switch_current_user
resource :profile, controller: :profile, only: :show
@ -100,6 +98,16 @@ Rails.application.routes.draw do
namespace :registrant do
root 'domains#index'
devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' },
class_name: 'RegistrantUser'
devise_scope :registrant_user do
get 'login/mid' => 'sessions#login_mid'
post 'login/mid' => 'sessions#mid'
post 'login/mid_status' => 'sessions#mid_status'
post 'mid' => 'sessions#mid'
post 'id' => 'sessions#id'
end
resources :domains, only: %i[index show] do
collection do
get :download_list
@ -112,19 +120,6 @@ Rails.application.routes.draw do
resources :domain_update_confirms
resources :domain_delete_confirms
devise_scope :user do
get 'login' => 'sessions#login'
get 'login/mid' => 'sessions#login_mid'
post 'login/mid' => 'sessions#mid'
post 'login/mid_status' => 'sessions#mid_status'
post 'sessions' => 'sessions#create'
post 'mid' => 'sessions#mid'
post 'id' => 'sessions#id'
get 'logout' => '/devise/sessions#destroy'
end
resources :domains do
resources :registrant_verifications
collection do
@ -150,6 +145,8 @@ Rails.application.routes.draw do
# ADMIN ROUTES
namespace :admin do
root 'dashboard#show'
devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' },
class_name: 'AdminUser'
resources :keyrelays
resources :zonefiles
@ -251,18 +248,10 @@ Rails.application.routes.draw do
resources :epp_logs
resources :repp_logs
devise_scope :user do
get 'login' => 'sessions#login'
post 'sessions' => 'sessions#create'
get 'logout' => '/devise/sessions#destroy'
end
authenticate :user do
authenticate :admin_user do
mount Que::Web, at: 'que'
end
end
devise_for :users
root to: redirect('admin/login')
end

8
doc/controllers_complete.svg
View file

@ -433,14 +433,6 @@
<path fill="none" stroke="black" d="M-467.5,-480.5C-467.5,-480.5 -344.5,-480.5 -344.5,-480.5 -338.5,-480.5 -332.5,-486.5 -332.5,-492.5 -332.5,-492.5 -332.5,-681.5 -332.5,-681.5 -332.5,-687.5 -338.5,-693.5 -344.5,-693.5 -344.5,-693.5 -467.5,-693.5 -467.5,-693.5 -473.5,-693.5 -479.5,-687.5 -479.5,-681.5 -479.5,-681.5 -479.5,-492.5 -479.5,-492.5 -479.5,-486.5 -473.5,-480.5 -467.5,-480.5"/>
<text text-anchor="middle" x="-406" y="-678.3" font-family="Times,serif" font-size="14.00">ApplicationController</text>
<polyline fill="none" stroke="black" points="-479.5,-670.5 -332.5,-670.5 "/>
<text text-anchor="start" x="-471.5" y="-655.3" font-family="Times,serif" font-size="14.00">admin_request?</text>
<text text-anchor="start" x="-471.5" y="-640.3" font-family="Times,serif" font-size="14.00">after_sign_in_path_for</text>
<text text-anchor="start" x="-471.5" y="-625.3" font-family="Times,serif" font-size="14.00">after_sign_out_path_for</text>
<text text-anchor="start" x="-471.5" y="-610.3" font-family="Times,serif" font-size="14.00">api_user_log_str</text>
<text text-anchor="start" x="-471.5" y="-595.3" font-family="Times,serif" font-size="14.00">current_root_url</text>
<text text-anchor="start" x="-471.5" y="-565.3" font-family="Times,serif" font-size="14.00">registrant_request?</text>
<text text-anchor="start" x="-471.5" y="-550.3" font-family="Times,serif" font-size="14.00">registrar_request?</text>
<text text-anchor="start" x="-471.5" y="-535.3" font-family="Times,serif" font-size="14.00">user_for_paper_trail</text>
<polyline fill="none" stroke="black" points="-479.5,-527.5 -332.5,-527.5 "/>
<polyline fill="none" stroke="black" points="-479.5,-503.5 -332.5,-503.5 "/>
<text text-anchor="start" x="-471.5" y="-488.3" font-family="Times,serif" font-size="14.00">_layout</text>

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 67 KiB

After

Width:  |  Height:  |  Size: 66 KiB

Before After
Before After

2
spec/features/registrar/home_link_spec.rb
View file

@ -2,7 +2,7 @@ require 'rails_helper'
RSpec.feature 'Registrar area home link', db: true do
scenario 'is visible' do
visit registrar_login_url
visit new_registrar_user_session_url
expect(page).to have_link('registrar-home-btn', href: registrar_root_path)
end
end

2
spec/features/registrar/sign_in/mobile_id_spec.rb
View file

@ -9,7 +9,7 @@ RSpec.feature 'Mobile ID login', db: true do
end
scenario 'login with phone number' do
visit registrar_login_path
visit new_registrar_user_session_url
click_on 'login-with-mobile-id-btn'
fill_in 'user[phone]', with: '1234'

39
spec/features/registrar/sign_in/password_spec.rb
View file

@ -1,39 +0,0 @@
require 'rails_helper'
RSpec.feature 'Registrar area password sign-in' do
scenario 'signs in the user with valid credentials' do
create(:api_user_with_unlimited_balance,
active: true,
login: 'test',
password: 'testtest')
visit registrar_login_path
sign_in_with 'test', 'testtest'
expect(page).to have_text(t('registrar.base.current_user.sign_out'))
end
scenario 'notifies the user with invalid credentials' do
create(:api_user, login: 'test', password: 'testtest')
visit registrar_login_path
sign_in_with 'test', 'invalid'
expect(page).to have_text('No such user')
end
scenario 'notifies the user with inactive account' do
create(:api_user, active: false, login: 'test', password: 'testtest')
visit registrar_login_path
sign_in_with 'test', 'testtest'
expect(page).to have_text('User is not active')
end
def sign_in_with(username, password)
fill_in 'depp_user_tag', with: username
fill_in 'depp_user_password', with: password
click_button 'Login'
end
end

14
spec/features/registrar/sign_out_spec.rb
View file

@ -1,14 +0,0 @@
require 'rails_helper'
RSpec.feature 'Registrar area sign-out', settings: false do
background do
sign_in_to_registrar_area(user: create(:api_user_with_unlimited_balance))
end
scenario 'signs the user out' do
visit registrar_root_path
click_on t('registrar.base.current_user.sign_out')
expect(page).to have_text('Signed out successfully.')
end
end

12
spec/requests/registrar/ip_restriction_spec.rb
View file

@ -22,7 +22,7 @@ RSpec.describe 'Registrar area IP restriction', settings: false do
context 'when ip is allowed' do
let!(:white_ip) { create(:white_ip,
ipv4: '127.0.0.1',
registrar: controller.current_user.registrar,
registrar: controller.current_registrar_user.registrar,
interfaces: [WhiteIp::REGISTRAR]) }
specify do
@ -36,12 +36,12 @@ RSpec.describe 'Registrar area IP restriction', settings: false do
it 'signs the user out' do
get registrar_root_url
follow_redirect!
expect(controller.current_user).to be_nil
expect(controller.current_registrar_user).to be_nil
end
it 'redirects to login url' do
get registrar_root_url
expect(response).to redirect_to(registrar_login_url)
expect(response).to redirect_to(new_registrar_user_session_url)
end
end
end
@ -67,14 +67,14 @@ RSpec.describe 'Registrar area IP restriction', settings: false do
interfaces: [WhiteIp::REGISTRAR]) }
specify do
get registrar_login_path
get new_registrar_user_session_path
expect(response).to be_success
end
end
context 'when ip is not allowed' do
specify do
get registrar_login_path
get new_registrar_user_session_path
expect(response.body).to match "Access denied"
end
end
@ -82,7 +82,7 @@ RSpec.describe 'Registrar area IP restriction', settings: false do
context 'when IP restriction is disabled' do
specify do
get registrar_login_path
get new_registrar_user_session_path
expect(response).to be_success
end
end

9
spec/requests/registrar/linked_users_spec.rb
View file

@ -6,7 +6,7 @@ RSpec.describe 'Registrar area linked users', db: false do
let!(:current_user) { create(:api_user, id: 1, identity_code: 'code') }
before do
sign_in_to_registrar_area(user: current_user)
sign_in current_user
end
context 'when ip is allowed' do
@ -23,7 +23,7 @@ RSpec.describe 'Registrar area linked users', db: false do
it 'signs in as a new user' do
put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_url }
follow_redirect!
expect(controller.current_user.id).to eq(2)
expect(controller.current_registrar_user.id).to eq(2)
end
it 'redirects back' do
@ -46,7 +46,6 @@ RSpec.describe 'Registrar area linked users', db: false do
put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_path }
end
follow_redirect!
expect(controller.current_user.id).to eq(1)
end
end
@ -62,7 +61,7 @@ RSpec.describe 'Registrar area linked users', db: false do
specify do
put '/registrar/current_user/switch/2'
expect(response).to redirect_to(registrar_login_url)
expect(response).to redirect_to(new_registrar_user_session_url)
end
end
end
@ -70,7 +69,7 @@ RSpec.describe 'Registrar area linked users', db: false do
context 'when user is not authenticated' do
specify do
put '/registrar/current_user/switch/2'
expect(response).to redirect_to(registrar_login_url)
expect(response).to redirect_to(new_registrar_user_session_url)
end
end
end

16
spec/requests/registrar/sign_in/password_spec.rb
View file

@ -1,16 +0,0 @@
require 'rails_helper'
RSpec.describe 'Registrar area password sign-in', settings: false do
let!(:user) { create(:api_user, active: true, login: 'test', password: 'testtest') }
it 'signs the user in' do
post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' }
follow_redirect!
expect(controller.current_user).to eq(user)
end
it 'redirects to root url' do
post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' }
expect(response).to redirect_to(registrar_root_url)
end
end

18
spec/requests/registrar/sign_out_spec.rb
View file

@ -1,18 +0,0 @@
require 'rails_helper'
RSpec.describe 'Registrar area sign-out', settings: false do
before do
sign_in_to_registrar_area
end
it 'signs the user out' do
delete registrar_destroy_user_session_path
follow_redirect!
expect(controller.current_user).to be_nil
end
it 'redirects to login url' do
delete registrar_destroy_user_session_path
expect(response).to redirect_to(registrar_login_url)
end
end

4
spec/support/features/session_helpers.rb
View file

@ -1,7 +1,7 @@
module Features
module SessionHelpers
def sign_in_to_admin_area(user: create(:admin_user))
visit admin_login_url
visit new_admin_user_session_url
fill_in 'admin_user[username]', with: user.username
fill_in 'admin_user[password]', with: user.password
@ -10,7 +10,7 @@ module Features
end
def sign_in_to_registrar_area(user: create(:api_user))
visit registrar_login_url
visit new_registrar_user_session_url
fill_in 'depp_user_tag', with: user.username
fill_in 'depp_user_password', with: user.password

4
spec/support/requests/session_helpers.rb
View file

@ -1,11 +1,11 @@
module Requests
module SessionHelpers
def sign_in_to_admin_area(user: create(:admin_user))
post admin_sessions_path, admin_user: { username: user.username, password: user.password }
post admin_user_session_path, admin_user: { username: user.username, password: user.password }
end
def sign_in_to_registrar_area(user: create(:api_user))
post registrar_sessions_path, { depp_user: { tag: user.username, password: user.password } }
post registrar_user_session_path, { depp_user: { tag: user.username, password: user.password } }
end
end
end

27
test/integration/admin/login_test.rb Normal file
View file

@ -0,0 +1,27 @@
require 'test_helper'
class AdminAreaLoginTest < ActionDispatch::IntegrationTest
def setup
@user = users(:admin)
end
def test_correct_username_and_password
visit new_admin_user_session_url
fill_in 'admin_user_username', with: @user.username
fill_in 'admin_user_password', with: 'testtest'
click_button 'Log in'
assert_text 'Log out'
assert_current_path admin_root_path
end
def test_wrong_password
visit new_admin_user_session_url
fill_in 'admin_user_username', with: @user.username
fill_in 'admin_user_password', with: 'wrong'
click_button 'Log in'
assert_text 'Authorization error'
assert_current_path new_admin_user_session_path
end
end

15
test/integration/admin/logout_test.rb Normal file
View file

@ -0,0 +1,15 @@
require 'test_helper'
class AdminAreaLogoutTest < ActionDispatch::IntegrationTest
def setup
sign_in users(:admin)
end
def test_logout
visit admin_root_url
click_on 'Log out'
assert_text 'Signed out successfully'
assert_current_path new_admin_user_session_path
end
end

22
test/integration/admin/protected_area_test.rb Normal file
View file

@ -0,0 +1,22 @@
require 'test_helper'
class AdminAreaProtectedAreaTest < ActionDispatch::IntegrationTest
def test_unauthenticated_user_is_asked_to_authenticate_when_navigating_to_protected_area
visit admin_domains_url
assert_text 'You need to sign in before continuing'
assert_current_path new_admin_user_session_path
end
def test_authenticated_user_can_access_protected_area
sign_in users(:admin)
visit admin_domains_url
assert_current_path admin_domains_path
end
def test_authenticated_user_is_not_asked_to_authenticate_again
sign_in users(:admin)
visit new_admin_user_session_url
assert_text 'You are already signed in'
assert_current_path admin_root_path
end
end

39
test/integration/registrar/login_test.rb Normal file
View file

@ -0,0 +1,39 @@
require 'test_helper'
class RegistrarAreaLoginTest < ActionDispatch::IntegrationTest
def setup
@user = users(:api_bestnames)
end
def test_correct_username_and_password
visit new_registrar_user_session_url
fill_in 'depp_user_tag', with: @user.username
fill_in 'depp_user_password', with: 'testtest'
click_button 'Login'
assert_text 'Log out'
assert_current_path registrar_root_path
end
def test_wrong_password
visit new_registrar_user_session_url
fill_in 'depp_user_tag', with: @user.username
fill_in 'depp_user_password', with: 'wrong'
click_button 'Login'
assert_text 'No such user'
assert_current_path new_registrar_user_session_path
end
def test_inactive_user
@user.update!(active: false)
visit new_registrar_user_session_url
fill_in 'depp_user_tag', with: @user.username
fill_in 'depp_user_password', with: 'testtest'
click_button 'Login'
assert_text 'User is not active'
assert_current_path new_registrar_user_session_path
end
end

15
test/integration/registrar/logout_test.rb Normal file
View file

@ -0,0 +1,15 @@
require 'test_helper'
class RegistrarAreaLogoutTest < ActionDispatch::IntegrationTest
def setup
sign_in users(:api_bestnames)
end
def test_logout
visit registrar_root_url
click_on 'Log out'
assert_text 'Signed out successfully'
assert_current_path new_registrar_user_session_path
end
end

22
test/integration/registrar/protected_area_test.rb Normal file
View file

@ -0,0 +1,22 @@
require 'test_helper'
class RegistrarAreaProtectedAreaTest < ActionDispatch::IntegrationTest
def test_unauthenticated_user_is_asked_to_authenticate_when_navigating_to_protected_area
visit registrar_domains_url
assert_text 'You need to sign in before continuing'
assert_current_path new_registrar_user_session_path
end
def test_authenticated_user_can_access_protected_area
sign_in users(:api_bestnames)
visit registrar_domains_url
assert_current_path registrar_domains_path
end
def test_authenticated_user_is_not_asked_to_authenticate_again
sign_in users(:api_bestnames)
visit new_registrar_user_session_url
assert_text 'You are already signed in'
assert_current_path registrar_root_path
end
end