Merge pull request #638 from internetee/registry-609-master

Registry 609 to master
2025-05-16 17:37:17 +02:00 · 2017-11-15 12:13:19 +02:00 · 2017-11-15 12:13:19 +02:00 · acfe0552fc
commit acfe0552fc
parent 263052d0a0 f1739f2202
2 changed files with 33 additions and 3 deletions
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -53,7 +53,7 @@ class Registrar
    end

    def id
-      @user = ApiUser.find_by_idc_data(request.env['SSL_CLIENT_S_DN'])
+      @user = ApiUser.find_by_idc_data_and_allowed(request.env['SSL_CLIENT_S_DN'], request.ip)

      if @user
        sign_in(@user, event: :authentication)
@ -87,7 +87,11 @@ class Registrar
        return
      end

-      @user = find_user_by_idc(response.user_id_code)
+      if Setting.registrar_ip_whitelist_enabled
+        @user = find_user_by_idc_and_allowed(response.user_id_code)
+      else
+        @user = find_user_by_idc(response.user_id_code)
+      end  

      if @user.persisted?
        session[:user_id_code] = response.user_id_code
@ -112,7 +116,7 @@ class Registrar
        when 'OUTSTANDING_TRANSACTION'
          render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok
        when 'USER_AUTHENTICATED'
-          @user = find_user_by_idc(session[:user_id_code])
+          @user = find_user_by_idc_and_allowed(session[:user_id_code])
          sign_in @user
          flash[:notice] = t(:welcome)
          flash.keep(:notice)
@ -149,6 +153,18 @@ class Registrar
      ApiUser.find_by(identity_code: idc) || User.new
    end

+    def find_user_by_idc_and_allowed(idc)
+      return User.new unless idc
+      possible_users = ApiUser.where(identity_code: idc) || User.new
+      possible_users.each do |selected_user|
+        if selected_user.registrar.white_ips.registrar_area.include_ip?(request.ip)
+          return selected_user
+        end
+      end
+    end
+
+
+
    def check_ip_restriction
      ip_restriction = Authorization::RestrictedIP.new(request.ip)
      allowed = ip_restriction.can_access_registrar_area_sign_in_page?
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@ -51,6 +51,20 @@ class ApiUser < User

      find_by(identity_code: identity_code)
    end
+
+    def find_by_idc_data_and_allowed(idc_data, ip)
+      return false if idc_data.blank?
+      identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first
+
+      return false if ip.blank?
+      possible_users = where(identity_code: identity_code)
+      possible_users.each do |selected_user|
+        if selected_user.registrar.white_ips.registrar_area.include_ip?(ip)
+          return selected_user
+        end
+      end
+    end
+
  end

  def registrar_typeahead