From a73cd53bff04f28c87030cbf064dfe3f937c77fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karl=20Erik=20=C3=95unapuu?= <karlerik@kreative.ee>
Date: Fri, 9 Oct 2020 11:12:25 +0300
Subject: [PATCH] REPP: Verify contact ident type

---
 app/controllers/repp/v1/base_controller.rb     |  3 +--
 app/controllers/repp/v1/contacts_controller.rb | 12 ++++++++----
 app/models/actions/contact_create.rb           | 11 ++++++++---
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/app/controllers/repp/v1/base_controller.rb b/app/controllers/repp/v1/base_controller.rb
index 30e37b9f7..f1000849f 100644
--- a/app/controllers/repp/v1/base_controller.rb
+++ b/app/controllers/repp/v1/base_controller.rb
@@ -46,7 +46,7 @@ module Repp
       end
 
       def ip_whitelisted?
-        return false unless @api_user.registrar.api_ip_white?(request.ip)
+        return false unless current_user.registrar.api_ip_white?(request.ip)
       end
 
       def basic_token
@@ -70,7 +70,6 @@ module Repp
 
         return if allowed
 
-        flash[:alert] = t('registrar.authorization.ip_not_allowed', ip: request.ip)
         render(json: { errors: [{ base: [I18n.t('registrar.authorization.ip_not_allowed', ip: request.ip)] }] }, status: :unauthorized)
       end
 
diff --git a/app/controllers/repp/v1/contacts_controller.rb b/app/controllers/repp/v1/contacts_controller.rb
index 1d2dbd441..51a03f8d4 100644
--- a/app/controllers/repp/v1/contacts_controller.rb
+++ b/app/controllers/repp/v1/contacts_controller.rb
@@ -41,10 +41,9 @@ module Repp
       ## POST /repp/v1/contacts
       def create
         @legal_doc = params[:legal_documents]
-        @contact_params = contact_create_params
+        @contact_params = contact_params_with_address
         @ident = contact_ident_params
         address_present = contact_addr_params.keys.any?
-        %w[city street zip country_code].each { |k| @contact_params[k] = contact_addr_params[k] }
 
         @contact = Epp::Contact.new(@contact_params, current_user.registrar, epp: false)
 
@@ -70,8 +69,7 @@ module Repp
 
       ## PUT /repp/v1/contacts/1
       def update
-        @update = contact_create_params
-        %w[city street zip country_code].each { |k| @new_params[k] = contact_addr_params[k] }
+        @update = contact_params_with_address
 
         @legal_doc = params[:legal_document]
         @ident = contact_ident_params || {}
@@ -101,6 +99,12 @@ module Repp
         @contact = Epp::Contact.find_by!(code: code)
       end
 
+      def contact_params_with_address
+        addr = {}
+        contact_addr_params[:addr].each_key { |k| addr[k] = contact_addr_params[:addr][k] }
+        contact_create_params.merge(addr)
+      end
+
       def contact_create_params
         params.require(:contact).require(%i[name email phone])
         params.require(:contact).permit(:name, :email, :phone)
diff --git a/app/models/actions/contact_create.rb b/app/models/actions/contact_create.rb
index 4cb6607ae..095c3f61f 100644
--- a/app/models/actions/contact_create.rb
+++ b/app/models/actions/contact_create.rb
@@ -26,9 +26,14 @@ module Actions
     end
 
     def validate_ident
-      if ident.present? && ident[:ident_type].blank?
-        contact.add_epp_error('2003', nil, 'ident_type', I18n.t('errors.messages.required_ident_attribute_missing'))
-        @error = true
+      if ident.present?
+        if ident[:ident_type].blank?
+          contact.add_epp_error('2003', nil, 'ident_type', I18n.t('errors.messages.required_ident_attribute_missing'))
+          @error = true
+        elsif !%w[priv org birthday].include?(ident[:ident_type])
+          contact.add_epp_error('2003', nil, 'ident_type', 'Invalid ident type')
+          @error = true
+        end
       end
 
       if ident.present? && ident[:ident_type] != 'birthday' && ident[:ident_country_code].blank?