Allow updating password via EPP

2025-05-17 17:59:47 +02:00 · 2015-04-06 16:39:58 +03:00 · 2015-04-06 16:39:58 +03:00 · a79ef51ed9
commit a79ef51ed9
parent a42136268f
4 changed files with 53 additions and 0 deletions
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@ -19,6 +19,12 @@ class Epp::SessionsController < EppController
    end

    if @api_user.try(:active) && cert_valid
+      if parsed_frame.css('newPW').first
+        unless @api_user.update(password: parsed_frame.css('newPW').first.text)
+          handle_errors(@api_user) and return
+        end
+      end
+
      epp_session[:api_user_id] = @api_user.id
      render_epp_response('login_success')
    else
@ -42,4 +48,8 @@ class Epp::SessionsController < EppController
    ph = params_hash['epp']['command']['login']
    { username: ph[:clID], password: ph[:pw] }
  end
+
+  def parsed_frame
+    @parsed_frame ||= Nokogiri::XML(request.params[:raw_frame]).remove_namespaces!
+  end
 end
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@ -2,6 +2,15 @@ require 'open3'

 # rubocop: disable Metrics/ClassLength
 class ApiUser < User
+  include EppErrors
+  def epp_code_map # rubocop:disable Metrics/MethodLength
+    {
+      '2306' => [ # Parameter policy error
+        [:password, :blank]
+      ]
+    }
+  end
+
  # TODO: should have max request limit per day
  belongs_to :registrar
  has_many :contacts
--- a/app/views/registrar/sessions/login_mid.haml
+++ b/app/views/registrar/sessions/login_mid.haml
@ -9,6 +9,10 @@
    = f.text_field :phone, class: 'form-control', placeholder: t('phone_no'), autocomplete: 'off'
    %button.btn.btn-lg.btn-primary.btn-block.js-login{:type => 'submit'}= t('log_in')

+- if ['development', 'alpha'].include?(Rails.env)
+  %div.text-center
+    60000007 / 00000766
+
 :coffee
  $('.js-login').attr('disabled', false)

--- a/spec/epp/session_spec.rb
+++ b/spec/epp/session_spec.rb
@ -85,6 +85,36 @@ describe 'EPP Session', epp: true do

        EppSession.last[:api_user_id].should == nil
      end
+
+      it 'changes password and logs in' do
+        @api_user.update(password: 'ghyt9e4fu')
+        response = epp_plain_request(@epp_xml.session.login(
+          clID: { value: 'gitlab' },
+          pw: { value: 'ghyt9e4fu' },
+          newPW: { value: 'abcdefg' }
+        ), :xml)
+
+        response[:msg].should == 'Command completed successfully'
+        response[:result_code].should == '1000'
+
+        @api_user.reload
+        @api_user.password.should == 'abcdefg'
+      end
+
+      it 'fails if new password is not valid' do
+        @api_user.update(password: 'ghyt9e4fu')
+        response = epp_plain_request(@epp_xml.session.login(
+          clID: { value: 'gitlab' },
+          pw: { value: 'ghyt9e4fu' },
+          newPW: { value: '' }
+        ), :xml)
+
+        response[:msg].should == 'Password is missing [password]'
+        response[:result_code].should == '2306'
+
+        @api_user.reload
+        @api_user.password.should == 'ghyt9e4fu'
+      end
    end
  end
 end