diff --git a/app/api/repp/api.rb b/app/api/repp/api.rb index e467534f0..c2a2c7715 100644 --- a/app/api/repp/api.rb +++ b/app/api/repp/api.rb @@ -8,6 +8,10 @@ module Repp end before do + unless Rails.env.development? + error! 'IP is not whitelisted', 401 unless @current_user.registrar.repp_ip_white?(request.ip) + end + next if Rails.env.test? || Rails.env.development? message = 'Certificate mismatch! Cert common name should be:' request_name = env['HTTP_SSL_CLIENT_S_DN_CN'] @@ -18,6 +22,7 @@ module Repp else error! "#{message} #{@current_user.username}", 401 if @current_user.username != request_name end + end helpers do diff --git a/app/models/registrar.rb b/app/models/registrar.rb index 977e44eb7..7292b4bcb 100644 --- a/app/models/registrar.rb +++ b/app/models/registrar.rb @@ -146,4 +146,20 @@ class Registrar < ActiveRecord::Base def code=(code) self[:code] = code.gsub(/[ :]/, '').upcase if new_record? && code.present? end + + def repp_ip_white?(ip) + white_ips.repp.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip) + end + + def epp_ip_white?(ip) + white_ips.epp.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip) + end + + def registrar_ip_white?(ip) + white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip) + end + + def global_ip_white?(ip) + white_ips.global.pluck(:ipv4, :ipv6).flatten.include?(ip) + end end diff --git a/app/models/white_ip.rb b/app/models/white_ip.rb index f71a9aaf3..499fba031 100644 --- a/app/models/white_ip.rb +++ b/app/models/white_ip.rb @@ -13,9 +13,15 @@ class WhiteIp < ActiveRecord::Base errors.add(:base, I18n.t(:ipv4_or_ipv6_must_be_present)) end - INTERFACE_EPP = 'epp' - INTERFACE_REPP = 'repp' - INTERFACE_REGISTRAR = 'registrar' + EPP = 'epp' + REPP = 'repp' + REGISTRAR = 'registrar' + GLOBAL = 'global' - INTERFACES = [INTERFACE_EPP, INTERFACE_REPP, INTERFACE_REGISTRAR] + INTERFACES = [GLOBAL, EPP, REPP, REGISTRAR] + + scope :epp, -> { where(interface: EPP) } + scope :repp, -> { where(interface: REPP) } + scope :registrar, -> { where(interface: REGISTRAR) } + scope :global, -> { where(interface: GLOBAL) } end diff --git a/app/views/admin/white_ips/_form.haml b/app/views/admin/white_ips/_form.haml index f9bb48376..5432db9fa 100644 --- a/app/views/admin/white_ips/_form.haml +++ b/app/views/admin/white_ips/_form.haml @@ -23,7 +23,7 @@ .col-md-4.control-label = f.label :interface .col-md-7 - = f.select :interface, [[t(:choose), '']] + WhiteIp::INTERFACES.map {|x| [x.upcase, x]}, {}, class: 'form-control selectize', placeholder: t(:choose) + = f.select :interface, WhiteIp::INTERFACES.map {|x| [x.upcase, x]}, {}, class: 'form-control selectize' %hr .row .col-md-8.text-right diff --git a/spec/fabricators/registrar_fabricator.rb b/spec/fabricators/registrar_fabricator.rb index 59fed19c5..6816f0253 100644 --- a/spec/fabricators/registrar_fabricator.rb +++ b/spec/fabricators/registrar_fabricator.rb @@ -10,6 +10,7 @@ Fabricator(:registrar) do code { sequence(:code) { |i| "REGISTRAR#{i}" } } reference_no { sequence(:reference_no) { |i| "RF#{i}" } } accounts(count: 1) + white_ips { [Fabricate(:white_ip_repp, ipv4: '127.0.0.1')] } end Fabricator(:registrar_with_no_account_activities, from: :registrar) do diff --git a/spec/fabricators/white_ip_fabricator.rb b/spec/fabricators/white_ip_fabricator.rb index 2508fe4cf..e449573fb 100644 --- a/spec/fabricators/white_ip_fabricator.rb +++ b/spec/fabricators/white_ip_fabricator.rb @@ -1,4 +1,9 @@ Fabricator(:white_ip) do ipv4 '192.168.1.1' - interface WhiteIp::INTERFACE_EPP + interface WhiteIp::EPP +end + +Fabricator(:white_ip_repp, from: :white_ip) do + ipv4 '127.0.0.1' + interface WhiteIp::REPP end