Merge pull request #1929 from internetee/1927-disputes-closing-fix

Validating info epp response on disputed domain against schema

app/controllers/admin/disputes_controller.rb

@@ -38,7 +38,7 @@ module Admin
 
     # PATCH/PUT /admin/disputes/1
     def update
-      if @dispute.update(dispute_params.except(:domain_name))
+      if @dispute.update(dispute_params.except(:domain_name, :starts_at))
         redirect_to admin_disputes_url, notice: 'Dispute was successfully updated.'
       else
         render :edit
@@ -68,7 +68,9 @@ module Admin
 
     # Only allow a trusted parameter "white list" through.
     def dispute_params
-      params.require(:dispute).permit(:domain_name, :password, :starts_at, :comment)
+      params.require(:dispute)
+            .permit(:domain_name, :password, :starts_at, :comment)
+            .with_defaults(starts_at: Time.zone.today)
     end
   end
 end

app/interactions/actions/domain_update.rb

@@ -209,9 +209,9 @@ module Actions
     end
 
     def verify_registrant_change?
-      return if !@changes_registrant || params[:registrant][:verified] == true
-      return true unless domain.disputed?
       return validate_dispute_case if params[:reserved_pw]
+      return false if !@changes_registrant || params[:registrant][:verified] == true
+      return true unless domain.disputed?
 
       domain.add_epp_error('2304', nil, nil, 'Required parameter missing; reservedpw element ' \
                            'required for dispute domains')

app/models/dispute.rb

@@ -43,10 +43,10 @@ class Dispute < ApplicationRecord
   end
 
   def generate_data
-    return if starts_at > Time.zone.today || expires_at < Time.zone.today
+    return false if starts_at > Time.zone.today || expires_at < Time.zone.today
 
     domain&.mark_as_disputed
-    return if domain
+    return true if domain
 
     wr = Whois::Record.find_or_initialize_by(name: domain_name)
     wr.json = @json = generate_json(wr, domain_status: 'disputed')

app/models/domain.rb

@@ -33,6 +33,8 @@ class Domain < ApplicationRecord
   has_many :tech_domain_contacts
   accepts_nested_attributes_for :tech_domain_contacts, allow_destroy: true, reject_if: :tech_change_prohibited?
 
+  ID_CHAR_LIMIT = 8
+
   def registrant_change_prohibited?
     statuses.include? DomainStatus::SERVER_REGISTRANT_CHANGE_PROHIBITED
   end
@@ -331,7 +333,12 @@ class Domain < ApplicationRecord
   end
 
   def roid
-    "EIS-#{id}"
+    id_size = id.to_s.size
+    if id_size <= ID_CHAR_LIMIT
+      "EIS-#{id}"
+    else
+      roid_with_prefix(id_size)
+    end
   end
 
   def puny_label
@@ -734,4 +741,13 @@ class Domain < ApplicationRecord
   def self.uses_zone?(zone)
     exists?(["name ILIKE ?", "%.#{zone.origin}"])
   end
+
+  private
+
+  def roid_with_prefix(id_size)
+    id_delta = id_size - ID_CHAR_LIMIT
+    id_prefix = id.to_s.split(//).first(id_delta).join('').to_s
+    id_postfix = id.to_s.split(//).last(id_size - id_delta).join('').to_s
+    "EIS#{id_prefix}-#{id_postfix}"
+  end
 end

app/views/admin/disputes/_form.html.erb

@@ -11,7 +11,7 @@
                 </div>
                 <div class="panel-body">
                     <div>
-                        <p>As per domain law, expiry time is <%= Setting.dispute_period_in_months / 12 %> years ahead from start date.</p>
+                        <p>As per domain law, expiry time is <%= Setting.dispute_period_in_months / 12 %> years ahead from creation date (today).</p>
                     </div>
                     <div class="form-group">
                         <div class="col-md-4 control-label">
@@ -30,15 +30,6 @@
                             <span class="help-block"><%= t '.password_hint' %></span>
                         </div>
                     </div>
-                    <div class="form-group">
-                        <div class="col-md-4 control-label">
-                            <%= f.label :starts_at %>
-                        </div>
-                        <div class="col-md-7">
-                            <%= f.text_field(:starts_at, class: 'form-control js-datepicker') %>
-                            <span class="help-block"><%= t '.past_or_today' %></span>
-                        </div>
-                    </div>
                     <div class="form-group">
                         <div class="col-md-4 control-label">
                             <%= f.label :comment %>
@@ -47,6 +38,14 @@
                             <%= f.text_field(:comment, placeholder: t(:optional), class: 'form-control') %>
                         </div>
                     </div>
+                    <div class="form-group">
+                        <div class="col-md-4 control-label">
+                            <%= f.label :starts_at %>
+                        </div>
+                        <div class="col-md-7">
+                            <span class="help-block"><%= t '.today' %></span>
+                        </div>
+                    </div>
                 </div>
             </div>
         </div>

config/locales/admin/disputes.en.yml

@@ -16,4 +16,4 @@ en:
       form:
         password_hint: Generated automatically if left blank
         optional: Not required by default
-        past_or_today: Can not be greater than today's date
+        today: Will be explicitely set as today on creation, cannot be changed

lib/schemas/domain-eis-1.0.xsd

@@ -414,6 +414,7 @@ than English.
     <enumeration value="serverAdminChangeProhibited"/>
     <enumeration value="serverTechChangeProhibited"/>
     <enumeration value="deleteCandidate"/>
+    <enumeration value="disputed"/>
   </restriction>
 </simpleType>
 

test/integration/admin_area/disputes_test.rb

@@ -22,7 +22,6 @@ class AdminDisputesSystemTest < ApplicationSystemTestCase
 
     fill_in 'Domain name', with: 'hospital.test'
     fill_in 'Password', with: '1234'
-    fill_in 'Starts at', with: (Time.zone.today - 2.years).to_s
     fill_in 'Comment', with: 'Sample comment'
     click_on 'Save'
 
@@ -38,7 +37,6 @@ class AdminDisputesSystemTest < ApplicationSystemTestCase
 
     fill_in 'Domain name', with: 'nonexistant.test'
     fill_in 'Password', with: '1234'
-    fill_in 'Starts at', with: Time.zone.today.to_s
     fill_in 'Comment', with: 'Sample comment'
     click_on 'Save'
 
@@ -46,30 +44,14 @@ class AdminDisputesSystemTest < ApplicationSystemTestCase
     assert_text 'nonexistant.test'
   end
 
-  def test_throws_error_if_starts_at_is_in_future
-    assert_nil Dispute.active.find_by(domain_name: 'disputed.test')
-
-    visit admin_disputes_path
-    click_on 'New disputed domain'
-
-    fill_in 'Domain name', with: 'disputed.test'
-    fill_in 'Password', with: '1234'
-    fill_in 'Starts at', with: (Time.zone.today + 2.day).to_s
-    fill_in 'Comment', with: 'Sample comment'
-    click_on 'Save'
-
-    assert_text "Can not be greater than today's date"
-  end
-
   def test_updates_dispute
     assert_not_equal Time.zone.today, @dispute.starts_at
 
     visit edit_admin_dispute_path(@dispute)
-    fill_in 'Starts at', with: Time.zone.today.to_s
+    fill_in 'Comment', with: 'Sample comment with new text'
     click_link_or_button 'Save'
 
     assert_text 'Dispute was successfully updated'
-    assert_text Time.zone.today
   end
 
   def test_deletes_dispute
@@ -79,11 +61,11 @@ class AdminDisputesSystemTest < ApplicationSystemTestCase
   end
 
   def test_can_not_create_overlapping_dispute
+    travel_to @dispute.starts_at + 1.day
     visit admin_disputes_path
     click_on 'New disputed domain'
 
     fill_in 'Domain name', with: 'active-dispute.test'
-    fill_in 'Starts at', with: @dispute.starts_at + 1.day
     click_on 'Save'
 
     assert_text 'Dispute already exists for this domain at given timeframe'

test/integration/epp/domain/info/base_test.rb

@@ -34,6 +34,43 @@ class EppDomainInfoBaseTest < EppTestCase
     assert_equal '2010-07-07T00:00:00+03:00', response_xml.at_xpath('//domain:exDate', 'domain' => 'https://epp.tld.ee/schema/domain-eis-1.0.xsd').text
   end
 
+  def test_returns_valid_response_if_disputed
+    dispute = disputes(:expired)
+    dispute.update!(starts_at: Time.zone.now, expires_at: Time.zone.now + 5.days, closed: nil)
+
+    domain = domains(:shop)
+    domain.update_columns(statuses: [DomainStatus::DISPUTED],
+                          created_at: Time.zone.parse('2010-07-05'),
+                          updated_at: Time.zone.parse('2010-07-06'),
+                          creator_str: 'test',
+                          valid_to: Time.zone.parse('2010-07-07'))
+
+    domain.versions.destroy_all
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <info>
+            <domain:info xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+              <domain:name>shop.test</domain:name>
+            </domain:info>
+          </info>
+        </command>
+      </epp>
+    XML
+
+    post epp_info_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+
+    response_xml = Nokogiri::XML(response.body)
+    assert_epp_response :completed_successfully
+    schema = EPP_ALL_SCHEMA
+
+    schema_validation_errors = schema.validate(response_xml)
+    assert_equal 0, schema_validation_errors.size
+  end
+
   def test_reveals_transfer_code_when_domain_is_owned_by_current_user
     assert_equal '65078d5', domains(:shop).transfer_code
 
@@ -109,4 +146,4 @@ class EppDomainInfoBaseTest < EppTestCase
     assert_nil response_xml.at_xpath('//domain:authInfo/domain:pw',
                                      'domain' => 'https://epp.tld.ee/schema/domain-eis-1.0.xsd')
   end
-end
+end

test/integration/epp/domain/update/base_test.rb

@@ -301,7 +301,7 @@ class EppDomainUpdateBaseTest < EppTestCase
     current = @domain.registrant
     new_registrant = contacts(:william)
     new_registrant.update(
-                          ident: current.ident, 
+                          ident: current.ident,
                           ident_type: current.ident_type,
                           ident_country_code: current.ident_country_code
                           )
@@ -331,7 +331,7 @@ class EppDomainUpdateBaseTest < EppTestCase
     headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
     @domain.reload
 
-    # NOTE: completed_successfully_action_pending 
+    # NOTE: completed_successfully_action_pending
     assert_epp_response :completed_successfully
     refute_includes @domain.statuses, DomainStatus::PENDING_UPDATE
 
@@ -414,6 +414,48 @@ class EppDomainUpdateBaseTest < EppTestCase
     assert_no_emails
   end
 
+  def test_dispute_password_mandatory_when_registrant_changed
+    Setting.request_confirmation_on_registrant_change_enabled = true
+    dispute = disputes(:expired)
+    dispute.update!(starts_at: Time.zone.now, expires_at: Time.zone.now + 5.days, closed: nil)
+    new_registrant = contacts(:william)
+
+    assert @domain.disputed?
+
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <update>
+            <domain:update xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+              <domain:name>#{@domain.name}</domain:name>
+                <domain:chg>
+                  <domain:registrant verified="yes">#{new_registrant.code}</domain:registrant>
+                </domain:chg>
+            </domain:update>
+          </update>
+          <extension>
+            <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
+              <eis:reserved>
+                <eis:pw>'123456'</eis:pw>
+              </eis:reserved>
+            </eis:extdata>
+          </extension>
+        </command>
+      </epp>
+    XML
+
+    post epp_update_path, params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+    @domain.reload
+
+    assert_epp_response :invalid_authorization_information
+    assert_not_equal new_registrant, @domain.registrant
+    assert @domain.disputed?
+    assert_no_emails
+  end
+
   def test_skips_verification_when_disabled
     Setting.request_confirmation_on_registrant_change_enabled = false
     new_registrant = contacts(:william).becomes(Registrant)