From 9f6c628453561674d7df215f145b7f568414c043 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sergei=20Ts=C3=B5ganov?= <sergeit6@gmail.com>
Date: Mon, 13 Jun 2022 16:26:42 +0300
Subject: [PATCH] Added client cert control to every REPP APi request

---
 app/controllers/repp/v1/base_controller.rb           | 10 ++++++++++
 app/controllers/repp/v1/registrar/auth_controller.rb | 11 +----------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/app/controllers/repp/v1/base_controller.rb b/app/controllers/repp/v1/base_controller.rb
index 8e0414352..da906383c 100644
--- a/app/controllers/repp/v1/base_controller.rb
+++ b/app/controllers/repp/v1/base_controller.rb
@@ -7,6 +7,7 @@ module Repp
       before_action :authenticate_user
       before_action :validate_webclient_ca
       before_action :check_ip_restriction
+      before_action :validate_client_certs
       before_action :set_paper_trail_whodunnit
 
       private
@@ -144,6 +145,15 @@ module Repp
         render(json: @response, status: :unauthorized)
       end
 
+      def validate_client_certs
+        return if Rails.env.development? || Rails.env.test?
+        return if @current_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
+                                        request.env['HTTP_SSL_CLIENT_S_DN_CN'], api: false)
+
+        @response = { code: 2202, message: 'Invalid certificate' }
+        render(json: @response, status: :unauthorized)
+      end
+
       def logger
         Rails.logger
       end
diff --git a/app/controllers/repp/v1/registrar/auth_controller.rb b/app/controllers/repp/v1/registrar/auth_controller.rb
index 06dc9092f..a93d75c36 100644
--- a/app/controllers/repp/v1/registrar/auth_controller.rb
+++ b/app/controllers/repp/v1/registrar/auth_controller.rb
@@ -4,16 +4,12 @@ module Repp
       class AuthController < BaseController
         skip_before_action :authenticate_user, only: :tara_callback
         skip_before_action :check_ip_restriction, only: :tara_callback
+        skip_before_action :validate_client_certs, only: :tara_callback
 
         api :GET, 'repp/v1/registrar/auth'
         desc 'check user auth info and return data'
         def index
           registrar = current_user.registrar
-          unless client_certs_ok
-            handle_non_epp_errors(current_user, 'Invalid certificate')
-            return
-          end
-
           render_success(data: auth_values_to_data(registrar: registrar))
         end
 
@@ -48,11 +44,6 @@ module Repp
         def auth_params
           params.require(:auth).permit(:uid, :new_user_id)
         end
-
-        def client_certs_ok
-          current_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
-                               request.env['HTTP_SSL_CLIENT_S_DN_CN'], api: false)
-        end
       end
     end
   end