zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-17 01:47:18 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'master' of github.com:domify/registry

Browse source
This commit is contained in:
Priit Tark 2015-06-29 12:46:43 +03:00
commit adf29f1276
10 changed files with 66 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

39
app/controllers/epp/sessions_controller.rb
View file

@ -7,18 +7,40 @@ class Epp::SessionsController < EppController
# rubocop: disable Metrics/PerceivedComplexity # rubocop: disable Metrics/PerceivedComplexity
# rubocop: disable Metrics/CyclomaticComplexity # rubocop: disable Metrics/CyclomaticComplexity
# rubocop: disable Metrics/MethodLength
# rubocop: disable Metrics/AbcSize # rubocop: disable Metrics/AbcSize
def login def login
cert_valid = true success = true
@api_user = ApiUser.find_by(login_params) @api_user = ApiUser.find_by(login_params)
if request.ip != ENV['webclient_ip'] && @api_user if request.ip != ENV['webclient_ip'] && @api_user
unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN']) unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
cert_valid = false @msg = 'Authentication error; server closing connection (certificate is not valid)'
success = false
end end
end end
if @api_user.try(:active) && cert_valid && ip_white? && connection_limit_ok? if success && !@api_user
@msg = 'Authentication error; server closing connection (API user not found)'
success = false
end
if success && !@api_user.try(:active)
@msg = 'Authentication error; server closing connection (API user is not active)'
success = false
end
if success && !ip_white?
@msg = 'Authentication error; server closing connection (IP is not whitelisted)'
success = false
end
if success && !connection_limit_ok?
@msg = 'Authentication error; server closing connection (connection limit reached)'
success = false
end
if success
if parsed_frame.css('newPW').first if parsed_frame.css('newPW').first
unless @api_user.update(password: parsed_frame.css('newPW').first.text) unless @api_user.update(password: parsed_frame.css('newPW').first.text)
response.headers['X-EPP-Returncode'] = '2200' response.headers['X-EPP-Returncode'] = '2200'
@ -34,6 +56,7 @@ class Epp::SessionsController < EppController
render_epp_response('login_fail') render_epp_response('login_fail')
end end
end end
# rubocop: enable Metrics/MethodLength
# rubocop: enable Metrics/AbcSize # rubocop: enable Metrics/AbcSize
# rubocop: enable Metrics/PerceivedComplexity # rubocop: enable Metrics/PerceivedComplexity
# rubocop: enable Metrics/CyclomaticComplexity # rubocop: enable Metrics/CyclomaticComplexity
@ -41,10 +64,7 @@ class Epp::SessionsController < EppController
def ip_white? def ip_white?
return true if request.ip == ENV['webclient_ip'] return true if request.ip == ENV['webclient_ip']
if @api_user if @api_user
unless @api_user.registrar.api_ip_white?(request.ip) return false unless @api_user.registrar.api_ip_white?(request.ip)
@msg = t('ip_is_not_whitelisted')
return false
end
end end
true true
end end
@ -55,10 +75,7 @@ class Epp::SessionsController < EppController
'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes 'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes
).count ).count
if c >= 4 return false if c >= 4
@msg = t('connection_limit_reached')
return false
end
true true
end end

1
app/controllers/registrar_controller.rb
View file

@ -1,6 +1,5 @@
class RegistrarController < ApplicationController class RegistrarController < ApplicationController
before_action :authenticate_user!, :check_ip before_action :authenticate_user!, :check_ip
# before_action :check_ip
layout 'registrar/application' layout 'registrar/application'
include Registrar::ApplicationHelper include Registrar::ApplicationHelper

4
app/models/registrar.rb
View file

@ -75,7 +75,7 @@ class Registrar < ActiveRecord::Base
# rubocop:disable Metrics/AbcSize # rubocop:disable Metrics/AbcSize
# rubocop:disable Metrics/MethodLength # rubocop:disable Metrics/MethodLength
def issue_prepayment_invoice(amount, description = nil) def issue_prepayment_invoice(amount, description = nil)
# Currently only EIS can issue invoices # Currently only EIS can issue invoices
eis = self.class.eis eis = self.class.eis
@ -157,10 +157,12 @@ class Registrar < ActiveRecord::Base
end end
def api_ip_white?(ip) def api_ip_white?(ip)
return true unless Setting.api_ip_whitelist_enabled
white_ips.api.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip) white_ips.api.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
end end
def registrar_ip_white?(ip) def registrar_ip_white?(ip)
return true unless Setting.registrar_ip_whitelist_enabled
white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip) white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
end end

2
app/models/white_ip.rb
View file

@ -24,6 +24,8 @@ class WhiteIp < ActiveRecord::Base
class << self class << self
def registrar_ip_white?(ip) def registrar_ip_white?(ip)
return true unless Setting.registrar_ip_whitelist_enabled
at = WhiteIp.arel_table at = WhiteIp.arel_table
WhiteIp.where( WhiteIp.where(
at[:interface].eq(REGISTRAR).or( at[:interface].eq(REGISTRAR).or(

2
app/views/admin/domains/partials/_general.haml
View file

@ -10,7 +10,7 @@
%dd= l(@domain.registered_at) %dd= l(@domain.registered_at)
%dt= t(:registrar) %dt= t(:registrar)
%dd= link_to(@domain.registrar, root_path) %dd= link_to(@domain.registrar, admin_registrar_path(@domain.registrar))
%dt= t(:password) %dt= t(:password)
%dd %dd

2
app/views/admin/settings/index.haml
View file

@ -67,6 +67,8 @@
= render 'setting_row', var: :transfer_wait_time = render 'setting_row', var: :transfer_wait_time
= render 'setting_row', var: :ds_algorithm = render 'setting_row', var: :ds_algorithm
= render 'setting_row', var: :client_side_status_editing_enabled = render 'setting_row', var: :client_side_status_editing_enabled
= render 'setting_row', var: :api_ip_whitelist_enabled
= render 'setting_row', var: :registrar_ip_whitelist_enabled
.row .row
.col-md-12.text-right .col-md-12.text-right
%button.btn.btn-primary=t(:save) %button.btn.btn-primary=t(:save)

3
config/initializers/initial_settings.rb
View file

@ -34,6 +34,9 @@ if con.present? && con.table_exists?('settings')
Setting.save_default(:days_to_renew_domain_before_expire, 90) Setting.save_default(:days_to_renew_domain_before_expire, 90)
Setting.save_default(:expire_warning_period, 15) Setting.save_default(:expire_warning_period, 15)
Setting.save_default(:redemption_grace_period, 30) Setting.save_default(:redemption_grace_period, 30)
Setting.save_default(:registrar_ip_whitelist_enabled, true)
Setting.save_default(:api_ip_whitelist_enabled, true)
end end
# dev only setting # dev only setting

3
config/locales/en.yml
View file

@ -807,10 +807,8 @@ en:
domain_delete_confirmed_body: 'You have successfully submitted delete confirmation. You will receive registry final confirmation to email.' domain_delete_confirmed_body: 'You have successfully submitted delete confirmation. You will receive registry final confirmation to email.'
domain_delete_rejected_title: 'Domain deletion has been rejected successfully' domain_delete_rejected_title: 'Domain deletion has been rejected successfully'
domain_delete_rejected_body: 'You have rejected domain deletion.' domain_delete_rejected_body: 'You have rejected domain deletion.'
ip_is_not_whitelisted: 'IP is not whitelisted'
no_permission: 'No permission' no_permission: 'No permission'
access_denied: 'Access denied' access_denied: 'Access denied'
connection_limit_reached: 'Connection limit reached'
common_name: 'Common name' common_name: 'Common name'
md5: 'Md5' md5: 'Md5'
interface: 'Interface' interface: 'Interface'
@ -834,3 +832,4 @@ en:
create_bank_statement: 'Create bank statement' create_bank_statement: 'Create bank statement'
create_bank_transaction: 'Create bank transaction' create_bank_transaction: 'Create bank transaction'
create_new_invoice: 'Create new invoice' create_new_invoice: 'Create new invoice'
ip_is_not_whitelisted: 'IP is not whitelisted'

4
spec/epp/session_spec.rb
View file

@ -25,7 +25,7 @@ describe 'EPP Session', epp: true do
it 'does not log in with invalid user' do it 'does not log in with invalid user' do
wrong_user = @epp_xml.session.login(clID: { value: 'wrong-user' }, pw: { value: 'ghyt9e4fu' }) wrong_user = @epp_xml.session.login(clID: { value: 'wrong-user' }, pw: { value: 'ghyt9e4fu' })
response = epp_plain_request(wrong_user) response = epp_plain_request(wrong_user)
response[:msg].should == 'Authentication error; server closing connection' response[:msg].should == 'Authentication error; server closing connection (API user not found)'
response[:result_code].should == '2501' response[:result_code].should == '2501'
response[:clTRID].should == 'ABC-12345' response[:clTRID].should == 'ABC-12345'
end end
@ -36,7 +36,7 @@ describe 'EPP Session', epp: true do
inactive = @epp_xml.session.login(clID: { value: 'inactive-user' }, pw: { value: 'ghyt9e4fu' }) inactive = @epp_xml.session.login(clID: { value: 'inactive-user' }, pw: { value: 'ghyt9e4fu' })
response = epp_plain_request(inactive) response = epp_plain_request(inactive)
response[:msg].should == 'Authentication error; server closing connection' response[:msg].should == 'Authentication error; server closing connection (API user is not active)'
response[:result_code].should == '2501' response[:result_code].should == '2501'
end end

26
spec/features/registrar/sessions_spec.rb
View file

@ -8,6 +8,14 @@ feature 'Sessions', type: :feature do
page.should have_text('Access denied') page.should have_text('Access denied')
end end
it 'should see login page when whitelist disabled' do
Setting.registrar_ip_whitelist_enabled = false
WhiteIp.destroy_all
visit registrar_login_path
page.should_not have_text('Access denied')
Setting.registrar_ip_whitelist_enabled = true
end
it 'should see log in' do it 'should see log in' do
@fixed_registrar.white_ips = [Fabricate(:white_ip_registrar)] @fixed_registrar.white_ips = [Fabricate(:white_ip_registrar)]
visit registrar_login_path visit registrar_login_path
@ -26,6 +34,20 @@ feature 'Sessions', type: :feature do
page.should have_text('Access denied') page.should have_text('Access denied')
end end
it 'should get in with invalid when whitelist disabled' do
Setting.registrar_ip_whitelist_enabled = false
Fabricate(:registrar, white_ips: [Fabricate(:white_ip), Fabricate(:white_ip_registrar)])
@api_user_invalid_ip = Fabricate(
:api_user, identity_code: '37810013294', registrar: Fabricate(:registrar, white_ips: [])
)
visit registrar_login_path
fill_in 'depp_user_tag', with: @api_user_invalid_ip.username
fill_in 'depp_user_password', with: @api_user_invalid_ip.password
click_button 'Log in'
page.should have_text('Log out')
Setting.registrar_ip_whitelist_enabled = true
end
it 'should not get in with invalid user' do it 'should not get in with invalid user' do
visit registrar_login_path visit registrar_login_path
fill_in 'depp_user_tag', with: 'bla' fill_in 'depp_user_tag', with: 'bla'
@ -114,7 +136,7 @@ feature 'Sessions', type: :feature do
fill_in 'user_phone', with: '00007' fill_in 'user_phone', with: '00007'
click_button 'Log in' click_button 'Log in'
page.should have_text('Check your phone for confirmation code') page.should have_text('Confirmation sms was sent to your phone. Verification code is')
page.should have_text('SIM application error') page.should have_text('SIM application error')
end end
@ -143,7 +165,7 @@ feature 'Sessions', type: :feature do
fill_in 'user_phone', with: '00007' fill_in 'user_phone', with: '00007'
click_button 'Log in' click_button 'Log in'
page.should have_text('Check your phone for confirmation code') page.should have_text('Confirmation sms was sent to your phone. Verification code is')
page.should have_text('Welcome!') page.should have_text('Welcome!')
end end