mirror of
https://github.com/internetee/registry.git
synced 2025-05-17 09:57:23 +02:00
Merge branch 'master' of github.com:domify/registry
This commit is contained in:
commit
adf29f1276
10 changed files with 66 additions and 20 deletions
|
@ -7,18 +7,40 @@ class Epp::SessionsController < EppController
|
||||||
|
|
||||||
# rubocop: disable Metrics/PerceivedComplexity
|
# rubocop: disable Metrics/PerceivedComplexity
|
||||||
# rubocop: disable Metrics/CyclomaticComplexity
|
# rubocop: disable Metrics/CyclomaticComplexity
|
||||||
|
# rubocop: disable Metrics/MethodLength
|
||||||
# rubocop: disable Metrics/AbcSize
|
# rubocop: disable Metrics/AbcSize
|
||||||
def login
|
def login
|
||||||
cert_valid = true
|
success = true
|
||||||
@api_user = ApiUser.find_by(login_params)
|
@api_user = ApiUser.find_by(login_params)
|
||||||
|
|
||||||
if request.ip != ENV['webclient_ip'] && @api_user
|
if request.ip != ENV['webclient_ip'] && @api_user
|
||||||
unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
|
unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
|
||||||
cert_valid = false
|
@msg = 'Authentication error; server closing connection (certificate is not valid)'
|
||||||
|
success = false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
if @api_user.try(:active) && cert_valid && ip_white? && connection_limit_ok?
|
if success && !@api_user
|
||||||
|
@msg = 'Authentication error; server closing connection (API user not found)'
|
||||||
|
success = false
|
||||||
|
end
|
||||||
|
|
||||||
|
if success && !@api_user.try(:active)
|
||||||
|
@msg = 'Authentication error; server closing connection (API user is not active)'
|
||||||
|
success = false
|
||||||
|
end
|
||||||
|
|
||||||
|
if success && !ip_white?
|
||||||
|
@msg = 'Authentication error; server closing connection (IP is not whitelisted)'
|
||||||
|
success = false
|
||||||
|
end
|
||||||
|
|
||||||
|
if success && !connection_limit_ok?
|
||||||
|
@msg = 'Authentication error; server closing connection (connection limit reached)'
|
||||||
|
success = false
|
||||||
|
end
|
||||||
|
|
||||||
|
if success
|
||||||
if parsed_frame.css('newPW').first
|
if parsed_frame.css('newPW').first
|
||||||
unless @api_user.update(password: parsed_frame.css('newPW').first.text)
|
unless @api_user.update(password: parsed_frame.css('newPW').first.text)
|
||||||
response.headers['X-EPP-Returncode'] = '2200'
|
response.headers['X-EPP-Returncode'] = '2200'
|
||||||
|
@ -34,6 +56,7 @@ class Epp::SessionsController < EppController
|
||||||
render_epp_response('login_fail')
|
render_epp_response('login_fail')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
# rubocop: enable Metrics/MethodLength
|
||||||
# rubocop: enable Metrics/AbcSize
|
# rubocop: enable Metrics/AbcSize
|
||||||
# rubocop: enable Metrics/PerceivedComplexity
|
# rubocop: enable Metrics/PerceivedComplexity
|
||||||
# rubocop: enable Metrics/CyclomaticComplexity
|
# rubocop: enable Metrics/CyclomaticComplexity
|
||||||
|
@ -41,10 +64,7 @@ class Epp::SessionsController < EppController
|
||||||
def ip_white?
|
def ip_white?
|
||||||
return true if request.ip == ENV['webclient_ip']
|
return true if request.ip == ENV['webclient_ip']
|
||||||
if @api_user
|
if @api_user
|
||||||
unless @api_user.registrar.api_ip_white?(request.ip)
|
return false unless @api_user.registrar.api_ip_white?(request.ip)
|
||||||
@msg = t('ip_is_not_whitelisted')
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
true
|
true
|
||||||
end
|
end
|
||||||
|
@ -55,10 +75,7 @@ class Epp::SessionsController < EppController
|
||||||
'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes
|
'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes
|
||||||
).count
|
).count
|
||||||
|
|
||||||
if c >= 4
|
return false if c >= 4
|
||||||
@msg = t('connection_limit_reached')
|
|
||||||
return false
|
|
||||||
end
|
|
||||||
true
|
true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
class RegistrarController < ApplicationController
|
class RegistrarController < ApplicationController
|
||||||
before_action :authenticate_user!, :check_ip
|
before_action :authenticate_user!, :check_ip
|
||||||
# before_action :check_ip
|
|
||||||
layout 'registrar/application'
|
layout 'registrar/application'
|
||||||
|
|
||||||
include Registrar::ApplicationHelper
|
include Registrar::ApplicationHelper
|
||||||
|
|
|
@ -75,7 +75,7 @@ class Registrar < ActiveRecord::Base
|
||||||
|
|
||||||
# rubocop:disable Metrics/AbcSize
|
# rubocop:disable Metrics/AbcSize
|
||||||
# rubocop:disable Metrics/MethodLength
|
# rubocop:disable Metrics/MethodLength
|
||||||
def issue_prepayment_invoice(amount, description = nil)
|
def issue_prepayment_invoice(amount, description = nil)
|
||||||
# Currently only EIS can issue invoices
|
# Currently only EIS can issue invoices
|
||||||
eis = self.class.eis
|
eis = self.class.eis
|
||||||
|
|
||||||
|
@ -157,10 +157,12 @@ class Registrar < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def api_ip_white?(ip)
|
def api_ip_white?(ip)
|
||||||
|
return true unless Setting.api_ip_whitelist_enabled
|
||||||
white_ips.api.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
|
white_ips.api.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
|
||||||
end
|
end
|
||||||
|
|
||||||
def registrar_ip_white?(ip)
|
def registrar_ip_white?(ip)
|
||||||
|
return true unless Setting.registrar_ip_whitelist_enabled
|
||||||
white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
|
white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -24,6 +24,8 @@ class WhiteIp < ActiveRecord::Base
|
||||||
|
|
||||||
class << self
|
class << self
|
||||||
def registrar_ip_white?(ip)
|
def registrar_ip_white?(ip)
|
||||||
|
return true unless Setting.registrar_ip_whitelist_enabled
|
||||||
|
|
||||||
at = WhiteIp.arel_table
|
at = WhiteIp.arel_table
|
||||||
WhiteIp.where(
|
WhiteIp.where(
|
||||||
at[:interface].eq(REGISTRAR).or(
|
at[:interface].eq(REGISTRAR).or(
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
%dd= l(@domain.registered_at)
|
%dd= l(@domain.registered_at)
|
||||||
|
|
||||||
%dt= t(:registrar)
|
%dt= t(:registrar)
|
||||||
%dd= link_to(@domain.registrar, root_path)
|
%dd= link_to(@domain.registrar, admin_registrar_path(@domain.registrar))
|
||||||
|
|
||||||
%dt= t(:password)
|
%dt= t(:password)
|
||||||
%dd
|
%dd
|
||||||
|
|
|
@ -67,6 +67,8 @@
|
||||||
= render 'setting_row', var: :transfer_wait_time
|
= render 'setting_row', var: :transfer_wait_time
|
||||||
= render 'setting_row', var: :ds_algorithm
|
= render 'setting_row', var: :ds_algorithm
|
||||||
= render 'setting_row', var: :client_side_status_editing_enabled
|
= render 'setting_row', var: :client_side_status_editing_enabled
|
||||||
|
= render 'setting_row', var: :api_ip_whitelist_enabled
|
||||||
|
= render 'setting_row', var: :registrar_ip_whitelist_enabled
|
||||||
.row
|
.row
|
||||||
.col-md-12.text-right
|
.col-md-12.text-right
|
||||||
%button.btn.btn-primary=t(:save)
|
%button.btn.btn-primary=t(:save)
|
||||||
|
|
|
@ -34,6 +34,9 @@ if con.present? && con.table_exists?('settings')
|
||||||
Setting.save_default(:days_to_renew_domain_before_expire, 90)
|
Setting.save_default(:days_to_renew_domain_before_expire, 90)
|
||||||
Setting.save_default(:expire_warning_period, 15)
|
Setting.save_default(:expire_warning_period, 15)
|
||||||
Setting.save_default(:redemption_grace_period, 30)
|
Setting.save_default(:redemption_grace_period, 30)
|
||||||
|
|
||||||
|
Setting.save_default(:registrar_ip_whitelist_enabled, true)
|
||||||
|
Setting.save_default(:api_ip_whitelist_enabled, true)
|
||||||
end
|
end
|
||||||
|
|
||||||
# dev only setting
|
# dev only setting
|
||||||
|
|
|
@ -807,10 +807,8 @@ en:
|
||||||
domain_delete_confirmed_body: 'You have successfully submitted delete confirmation. You will receive registry final confirmation to email.'
|
domain_delete_confirmed_body: 'You have successfully submitted delete confirmation. You will receive registry final confirmation to email.'
|
||||||
domain_delete_rejected_title: 'Domain deletion has been rejected successfully'
|
domain_delete_rejected_title: 'Domain deletion has been rejected successfully'
|
||||||
domain_delete_rejected_body: 'You have rejected domain deletion.'
|
domain_delete_rejected_body: 'You have rejected domain deletion.'
|
||||||
ip_is_not_whitelisted: 'IP is not whitelisted'
|
|
||||||
no_permission: 'No permission'
|
no_permission: 'No permission'
|
||||||
access_denied: 'Access denied'
|
access_denied: 'Access denied'
|
||||||
connection_limit_reached: 'Connection limit reached'
|
|
||||||
common_name: 'Common name'
|
common_name: 'Common name'
|
||||||
md5: 'Md5'
|
md5: 'Md5'
|
||||||
interface: 'Interface'
|
interface: 'Interface'
|
||||||
|
@ -834,3 +832,4 @@ en:
|
||||||
create_bank_statement: 'Create bank statement'
|
create_bank_statement: 'Create bank statement'
|
||||||
create_bank_transaction: 'Create bank transaction'
|
create_bank_transaction: 'Create bank transaction'
|
||||||
create_new_invoice: 'Create new invoice'
|
create_new_invoice: 'Create new invoice'
|
||||||
|
ip_is_not_whitelisted: 'IP is not whitelisted'
|
||||||
|
|
|
@ -25,7 +25,7 @@ describe 'EPP Session', epp: true do
|
||||||
it 'does not log in with invalid user' do
|
it 'does not log in with invalid user' do
|
||||||
wrong_user = @epp_xml.session.login(clID: { value: 'wrong-user' }, pw: { value: 'ghyt9e4fu' })
|
wrong_user = @epp_xml.session.login(clID: { value: 'wrong-user' }, pw: { value: 'ghyt9e4fu' })
|
||||||
response = epp_plain_request(wrong_user)
|
response = epp_plain_request(wrong_user)
|
||||||
response[:msg].should == 'Authentication error; server closing connection'
|
response[:msg].should == 'Authentication error; server closing connection (API user not found)'
|
||||||
response[:result_code].should == '2501'
|
response[:result_code].should == '2501'
|
||||||
response[:clTRID].should == 'ABC-12345'
|
response[:clTRID].should == 'ABC-12345'
|
||||||
end
|
end
|
||||||
|
@ -36,7 +36,7 @@ describe 'EPP Session', epp: true do
|
||||||
|
|
||||||
inactive = @epp_xml.session.login(clID: { value: 'inactive-user' }, pw: { value: 'ghyt9e4fu' })
|
inactive = @epp_xml.session.login(clID: { value: 'inactive-user' }, pw: { value: 'ghyt9e4fu' })
|
||||||
response = epp_plain_request(inactive)
|
response = epp_plain_request(inactive)
|
||||||
response[:msg].should == 'Authentication error; server closing connection'
|
response[:msg].should == 'Authentication error; server closing connection (API user is not active)'
|
||||||
response[:result_code].should == '2501'
|
response[:result_code].should == '2501'
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,14 @@ feature 'Sessions', type: :feature do
|
||||||
page.should have_text('Access denied')
|
page.should have_text('Access denied')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'should see login page when whitelist disabled' do
|
||||||
|
Setting.registrar_ip_whitelist_enabled = false
|
||||||
|
WhiteIp.destroy_all
|
||||||
|
visit registrar_login_path
|
||||||
|
page.should_not have_text('Access denied')
|
||||||
|
Setting.registrar_ip_whitelist_enabled = true
|
||||||
|
end
|
||||||
|
|
||||||
it 'should see log in' do
|
it 'should see log in' do
|
||||||
@fixed_registrar.white_ips = [Fabricate(:white_ip_registrar)]
|
@fixed_registrar.white_ips = [Fabricate(:white_ip_registrar)]
|
||||||
visit registrar_login_path
|
visit registrar_login_path
|
||||||
|
@ -26,6 +34,20 @@ feature 'Sessions', type: :feature do
|
||||||
page.should have_text('Access denied')
|
page.should have_text('Access denied')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'should get in with invalid when whitelist disabled' do
|
||||||
|
Setting.registrar_ip_whitelist_enabled = false
|
||||||
|
Fabricate(:registrar, white_ips: [Fabricate(:white_ip), Fabricate(:white_ip_registrar)])
|
||||||
|
@api_user_invalid_ip = Fabricate(
|
||||||
|
:api_user, identity_code: '37810013294', registrar: Fabricate(:registrar, white_ips: [])
|
||||||
|
)
|
||||||
|
visit registrar_login_path
|
||||||
|
fill_in 'depp_user_tag', with: @api_user_invalid_ip.username
|
||||||
|
fill_in 'depp_user_password', with: @api_user_invalid_ip.password
|
||||||
|
click_button 'Log in'
|
||||||
|
page.should have_text('Log out')
|
||||||
|
Setting.registrar_ip_whitelist_enabled = true
|
||||||
|
end
|
||||||
|
|
||||||
it 'should not get in with invalid user' do
|
it 'should not get in with invalid user' do
|
||||||
visit registrar_login_path
|
visit registrar_login_path
|
||||||
fill_in 'depp_user_tag', with: 'bla'
|
fill_in 'depp_user_tag', with: 'bla'
|
||||||
|
@ -114,7 +136,7 @@ feature 'Sessions', type: :feature do
|
||||||
fill_in 'user_phone', with: '00007'
|
fill_in 'user_phone', with: '00007'
|
||||||
click_button 'Log in'
|
click_button 'Log in'
|
||||||
|
|
||||||
page.should have_text('Check your phone for confirmation code')
|
page.should have_text('Confirmation sms was sent to your phone. Verification code is')
|
||||||
page.should have_text('SIM application error')
|
page.should have_text('SIM application error')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -143,7 +165,7 @@ feature 'Sessions', type: :feature do
|
||||||
fill_in 'user_phone', with: '00007'
|
fill_in 'user_phone', with: '00007'
|
||||||
click_button 'Log in'
|
click_button 'Log in'
|
||||||
|
|
||||||
page.should have_text('Check your phone for confirmation code')
|
page.should have_text('Confirmation sms was sent to your phone. Verification code is')
|
||||||
page.should have_text('Welcome!')
|
page.should have_text('Welcome!')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue