diff --git a/app/controllers/epp/domains_controller.rb b/app/controllers/epp/domains_controller.rb
index d017fbcce..0e5f56e42 100644
--- a/app/controllers/epp/domains_controller.rb
+++ b/app/controllers/epp/domains_controller.rb
@@ -162,9 +162,52 @@ module Epp
@prefix = 'update > update >'
requires 'name'
+ dnskey_update_enabled
+ dnkey_update_prohibited
status_editing_disabled
end
+ def parsed_response_for_dnskey(value)
+ doc = Nokogiri::Slop params[:parsed_frame].css(value).to_html
+
+ return true if doc.document.children.empty?
+
+ store = []
+ doc.document.add.children.each_with_index do |x, i|
+ store << doc.document.add.children[i].name
+ end
+
+ return true if store.size == 1 and store[0] == "keyData"
+
+ store.empty?
+ end
+
+ def dnskey_update_enabled
+ find_domain
+
+ if @domain.dnskey_update_enabled? && !params[:parsed_frame].css('update').empty?
+
+ return if parsed_response_for_dnskey('add')
+ return if parsed_response_for_dnskey('rem')
+
+ return epp_errors.add(:epp_errors,
+ code: '2304',
+ msg: "#{I18n.t(:object_status_prohibits_operation)}
+ :serverDnskeyUpdateEnabled")
+ end
+ end
+
+ def dnkey_update_prohibited
+ find_domain
+
+ if @domain.extension_update_prohibited? && !params[:parsed_frame].css('keyData').empty?
+ return epp_errors.add(:epp_errors,
+ code: '2304',
+ msg: "#{I18n.t(:object_status_prohibits_operation)}
+ :serverExtensionUpdateProhibited")
+ end
+ end
+
def validate_delete
@prefix = 'delete > delete >'
requires 'name'
diff --git a/app/models/domain.rb b/app/models/domain.rb
index 4686e270f..ab4fdfadc 100644
--- a/app/models/domain.rb
+++ b/app/models/domain.rb
@@ -220,6 +220,14 @@ class Domain < ApplicationRecord
nameservers.select { |x| !x.hostname.end_with?(name) }
end
+ def extension_update_prohibited?
+ statuses.include? DomainStatus::SERVER_EXTENSION_UPDATE_PROHIBITED
+ end
+
+ def dnskey_update_enabled?
+ statuses.include? DomainStatus::SERVER_DNSKEY_UPDATE_ENABLED
+ end
+
def admin_change_prohibited?
statuses.include? DomainStatus::SERVER_ADMIN_CHANGE_PROHIBITED
end
diff --git a/app/models/domain_status.rb b/app/models/domain_status.rb
index 6210da2fa..ec157a60c 100644
--- a/app/models/domain_status.rb
+++ b/app/models/domain_status.rb
@@ -9,6 +9,8 @@ class DomainStatus < ApplicationRecord
# Requests to delete the object MUST be rejected.
CLIENT_DELETE_PROHIBITED = 'clientDeleteProhibited'
SERVER_DELETE_PROHIBITED = 'serverDeleteProhibited'
+ SERVER_EXTENSION_UPDATE_PROHIBITED = 'serverExtensionUpdateProhibited'
+ SERVER_DNSKEY_UPDATE_ENABLED = 'serverDnskeyUpdateEnabled'
# DNS delegation information MUST NOT be published for the object.
CLIENT_HOLD = 'clientHold'
@@ -80,10 +82,12 @@ class DomainStatus < ApplicationRecord
CLIENT_DELETE_PROHIBITED, SERVER_DELETE_PROHIBITED, CLIENT_HOLD, SERVER_HOLD,
CLIENT_RENEW_PROHIBITED, SERVER_RENEW_PROHIBITED, CLIENT_TRANSFER_PROHIBITED,
SERVER_TRANSFER_PROHIBITED, CLIENT_UPDATE_PROHIBITED, SERVER_UPDATE_PROHIBITED,
- INACTIVE, OK, PENDING_CREATE, PENDING_DELETE, PENDING_DELETE_CONFIRMATION, PENDING_RENEW, PENDING_TRANSFER,
- PENDING_UPDATE, SERVER_MANUAL_INZONE, SERVER_REGISTRANT_CHANGE_PROHIBITED,
- SERVER_ADMIN_CHANGE_PROHIBITED, SERVER_TECH_CHANGE_PROHIBITED, FORCE_DELETE,
- DELETE_CANDIDATE, EXPIRED, DISPUTED, SERVER_RELEASE_PROHIBITED
+ INACTIVE, OK, PENDING_CREATE, PENDING_DELETE, PENDING_DELETE_CONFIRMATION,
+ PENDING_RENEW, PENDING_TRANSFER, PENDING_UPDATE, SERVER_MANUAL_INZONE,
+ SERVER_REGISTRANT_CHANGE_PROHIBITED, SERVER_ADMIN_CHANGE_PROHIBITED,
+ SERVER_TECH_CHANGE_PROHIBITED, FORCE_DELETE, DELETE_CANDIDATE, EXPIRED, DISPUTED,
+ SERVER_RELEASE_PROHIBITED, SERVER_EXTENSION_UPDATE_PROHIBITED,
+ SERVER_DNSKEY_UPDATE_ENABLED
].freeze
CLIENT_STATUSES = [
@@ -94,7 +98,8 @@ class DomainStatus < ApplicationRecord
SERVER_STATUSES = [
SERVER_DELETE_PROHIBITED, SERVER_HOLD, SERVER_RENEW_PROHIBITED, SERVER_TRANSFER_PROHIBITED,
SERVER_UPDATE_PROHIBITED, SERVER_MANUAL_INZONE, SERVER_REGISTRANT_CHANGE_PROHIBITED,
- SERVER_ADMIN_CHANGE_PROHIBITED, SERVER_TECH_CHANGE_PROHIBITED, SERVER_RELEASE_PROHIBITED
+ SERVER_ADMIN_CHANGE_PROHIBITED, SERVER_TECH_CHANGE_PROHIBITED, SERVER_RELEASE_PROHIBITED,
+ SERVER_EXTENSION_UPDATE_PROHIBITED, SERVER_DNSKEY_UPDATE_ENABLED
].freeze
UPDATE_PROHIBIT_STATES = [
@@ -161,6 +166,8 @@ class DomainStatus < ApplicationRecord
['UpdateProhibited', SERVER_UPDATE_PROHIBITED],
['DeleteProhibited', SERVER_DELETE_PROHIBITED],
['ReleaseProhibited', SERVER_RELEASE_PROHIBITED],
+ ['serverExtensionUpdateProhibited', SERVER_EXTENSION_UPDATE_PROHIBITED],
+ ['serverDnskeyUpdateEnabled', SERVER_DNSKEY_UPDATE_ENABLED],
]
end
diff --git a/app/models/epp/domain.rb b/app/models/epp/domain.rb
index 0b3f1ad7f..51871cce5 100644
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@@ -16,6 +16,7 @@ class Epp::Domain < Domain
return unless update_prohibited?
stat = (statuses & (DomainStatus::UPDATE_PROHIBIT_STATES + DomainStatus::DELETE_PROHIBIT_STATES)).first
+
add_epp_error('2304', 'status', stat, I18n.t(:object_status_prohibits_operation))
throw(:abort)
end
diff --git a/test/integration/epp/domain/update/base_test.rb b/test/integration/epp/domain/update/base_test.rb
index bff325307..032754f6e 100644
--- a/test/integration/epp/domain/update/base_test.rb
+++ b/test/integration/epp/domain/update/base_test.rb
@@ -48,6 +48,180 @@ class EppDomainUpdateBaseTest < EppTestCase
assert_epp_response :parameter_value_syntax_error
end
+ def test_update_domain_data_out_of_extension_block_with_serverDnskeyUpdateEnabled
+ @domain = domains(:shop)
+ @domain.statuses << DomainStatus::SERVER_DNSKEY_UPDATE_ENABLED
+ @domain.save
+ @dnskey = dnskeys(:one)
+ @dnskey.update(domain: @domain)
+
+ request_xml = <<-XML
+
+
+
+
+
+ shop.test
+
+
+
+ #{nameservers(:shop_ns1).hostname}
+
+
+ #{nameservers(:shop_ns2).hostname}
+
+
+
+ #{@dnskey.flags}
+ #{@dnskey.protocol}
+ #{@dnskey.alg}
+ #{@dnskey.public_key}
+
+
+
+
+
+
+ XML
+
+ post epp_update_path, params: { frame: request_xml },
+ headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+ response_xml = Nokogiri::XML(response.body)
+ assert_correct_against_schema response_xml
+ @domain.reload
+
+ assert_epp_response :completed_successfully
+ end
+
+ def test_update_domain_dns_with_serverDnskeyUpdateEnabled
+ @domain = domains(:shop)
+ @domain.statuses << DomainStatus::SERVER_DNSKEY_UPDATE_ENABLED
+ @domain.save
+ @dnskey = dnskeys(:one)
+ @dnskey.update(domain: @domain)
+
+ request_xml = <<-XML
+
+
+
+
+
+ shop.test
+
+
+ f0ff7d17b0
+
+
+
+
+
+
+
+
+ #{@dnskey.flags}
+ #{@dnskey.protocol}
+ #{@dnskey.alg}
+ #{@dnskey.public_key}
+
+
+
+
+
+
+ XML
+
+ post epp_update_path, params: { frame: request_xml },
+ headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+ response_xml = Nokogiri::XML(response.body)
+ assert_correct_against_schema response_xml
+ @domain.reload
+
+ assert_epp_response :completed_successfully
+ end
+
+ def test_update_domain_data_out_of_extension_block_with_extension_update_prohibited
+ @domain = domains(:shop)
+ @domain.statuses << DomainStatus::SERVER_EXTENSION_UPDATE_PROHIBITED
+ @domain.save
+
+ request_xml = <<-XML
+
+
+
+
+
+ shop.test
+
+
+
+ #{nameservers(:shop_ns1).hostname}
+
+
+ #{nameservers(:shop_ns2).hostname}
+
+
+
+
+
+
+
+ XML
+
+ post epp_update_path, params: { frame: request_xml },
+ headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+ response_xml = Nokogiri::XML(response.body)
+ assert_correct_against_schema response_xml
+ @domain.reload
+
+ assert_epp_response :completed_successfully
+ end
+
+ def test_update_domain_dns_with_extension_update_prohibited
+ @domain = domains(:shop)
+ @domain.statuses << DomainStatus::SERVER_EXTENSION_UPDATE_PROHIBITED
+ @domain.save
+ @dnskey = dnskeys(:one)
+ @dnskey.update(domain: @domain)
+
+ request_xml = <<-XML
+
+
+
+
+
+ shop.test
+
+
+ f0ff7d17b0
+
+
+
+
+
+
+
+
+ #{@dnskey.flags}
+ #{@dnskey.protocol}
+ #{@dnskey.alg}
+ #{@dnskey.public_key}
+
+
+
+
+
+
+ XML
+
+ post epp_update_path, params: { frame: request_xml },
+ headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+ response_xml = Nokogiri::XML(response.body)
+ assert_correct_against_schema response_xml
+ @domain.reload
+
+ assert_epp_response :object_status_prohibits_operation
+ end
+
def test_update_domain
request_xml = <<-XML