zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-06 20:55:44 +02:00
Code Issues Projects Releases Packages Wiki Activity

move on functionality for separate service object and updated tests

Browse source
This commit is contained in:
olegphenomenon 2021-12-31 13:03:17 +02:00
parent 9b07b5ff0f
commit ae269c6772
10 changed files with 106 additions and 94 deletions
Download patch file Download diff file Expand all files Collapse all files

94
app/interactions/actions/domain_update.rb
View file

@ -14,7 +14,7 @@ module Actions
assign_new_registrant if params[:registrant] assign_new_registrant if params[:registrant]
assign_relational_modifications assign_relational_modifications
assign_requested_statuses assign_requested_statuses
validate_dnssec unless Rails.env.test? ValidateDnssec.validate_dnssec(params: params, domain: domain)
::Actions::BaseAction.maybe_attach_legal_doc(domain, params[:legal_document]) ::Actions::BaseAction.maybe_attach_legal_doc(domain, params[:legal_document])
commit commit
@ -114,98 +114,6 @@ module Actions
end end
end end
def prepare_resolver
dns_servers = ENV['dnssec_resolver_ips'].to_s.split(',').map(&:strip)
dns = Dnsruby::Resolver.new({ nameserver: dns_servers })
dns.do_validation = true
dns.do_caching = true
dns.dnssec = true
dns
end
def validate_dnssec
return if @params[:action] == 'rem'
dns = prepare_resolver
subzone_records = get_dnskey_records_from_subzone(resolver: dns, hostname: @params[:domain])
form_extension_records = extensional_dnskeys_data
return true if form_extension_records.empty?
validate_data(subzone_records: subzone_records, form_extension_records: form_extension_records)
end
def make_magic(subzone_records:, form_data:)
subzone_records.any? do |subzone_data|
subzone_data[:basic] == form_data[:basic] &&
subzone_data[:public_key].include?(form_data[:public_key])
end
end
def validate_data(subzone_records:, form_extension_records:)
flag = false
form_extension_records.each do |form_data|
flag = make_magic(subzone_records: subzone_records, form_data: form_data)
break if flag
end
return validation_dns_key_error unless flag
flag
end
def get_dnskey_records_from_subzone(resolver:, hostname:)
ds_records_answers = resolver.query(hostname, 'DNSKEY').answer
result_container = []
ds_records_answers.each do |ds|
next unless ds.type == Dnsruby::Types.DNSKEY
result_container << {
basic: {
flags: ds.flags.to_s,
algorithm: ds.algorithm.code.to_s,
protocol: ds.protocol.to_s,
},
public_key: ds.public_key.export.gsub!(/\s+/, ''),
}
end
result_container
rescue Dnsruby::NXDomain
domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation))
end
def validation_dns_key_error
domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation))
end
def extensional_dnskeys_data
dnskeys_data = @params[:dns_keys]
return [] if dnskeys_data.nil?
result_container = []
dnskeys_data.each do |ds|
next if ds[:action] == 'rem'
result_container << {
basic: {
flags: ds[:flags].to_s,
algorithm: ds[:alg].to_s,
protocol: ds[:protocol].to_s,
},
public_key: ds[:public_key],
}
end
result_container
end
def assign_removable_dnskey(key) def assign_removable_dnskey(key)
dnkey = domain.dnskeys.find_by(key.except(:action)) dnkey = domain.dnskeys.find_by(key.except(:action))
domain.add_epp_error(2303, nil, nil, %i[dnskeys not_found]) unless dnkey domain.add_epp_error(2303, nil, nil, %i[dnskeys not_found]) unless dnkey

97
app/services/validate_dnssec.rb Normal file
View file

@ -0,0 +1,97 @@
module ValidateDnssec
include Dnsruby
extend self
def prepare_resolver
dns_servers = ENV['dnssec_resolver_ips'].to_s.split(',').map(&:strip)
dns = Dnsruby::Resolver.new({ nameserver: dns_servers })
dns.do_validation = false
dns.do_caching = false
dns.dnssec = true
dns
end
def validate_dnssec(params:, domain:)
return if params[:action] == 'rem'
dns = prepare_resolver
subzone_records = get_dnskey_records_from_subzone(resolver: dns, hostname: params[:domain], domain: domain)
form_extension_records = extensional_dnskeys_data(params)
return true if form_extension_records.empty?
validate_data(subzone_records: subzone_records, form_extension_records: form_extension_records, domain: domain)
end
def make_magic(subzone_records:, form_data:)
subzone_records.any? do |subzone_data|
subzone_data[:basic] == form_data[:basic] &&
subzone_data[:public_key].include?(form_data[:public_key])
end
end
def validate_data(subzone_records:, form_extension_records:, domain:)
flag = false
form_extension_records.each do |form_data|
flag = make_magic(subzone_records: subzone_records, form_data: form_data)
break if flag
end
return validation_dns_key_error(domain) unless flag
flag
end
def get_dnskey_records_from_subzone(resolver:, hostname:, domain:)
ds_records_answers = resolver.query(hostname, 'DNSKEY').answer
result_container = []
ds_records_answers.each do |ds|
next unless ds.type == Dnsruby::Types.DNSKEY
result_container << {
basic: {
flags: ds.flags.to_s,
algorithm: ds.algorithm.code.to_s,
protocol: ds.protocol.to_s,
},
public_key: ds.public_key.export.gsub!(/\s+/, ''),
}
end
result_container
rescue Dnsruby::NXDomain
domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation))
end
def validation_dns_key_error(domain)
domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation))
end
def extensional_dnskeys_data(params)
dnskeys_data = params[:dns_keys]
return [] if dnskeys_data.nil?
result_container = []
dnskeys_data.each do |ds|
next if ds[:action] == 'rem'
result_container << {
basic: {
flags: ds[:flags].to_s,
algorithm: ds[:alg].to_s,
protocol: ds[:protocol].to_s,
},
public_key: ds[:public_key],
}
end
result_container
end
end

2
test/integration/api/registrant/registrant_api_verifications_test.rb
View file

@ -15,7 +15,7 @@ class RegistrantApiVerificationsTest < ApplicationIntegrationTest
@domain.update!(statuses: [DomainStatus::PENDING_UPDATE], @domain.update!(statuses: [DomainStatus::PENDING_UPDATE],
registrant_verification_asked_at: Time.zone.now - 1.day, registrant_verification_asked_at: Time.zone.now - 1.day,
registrant_verification_token: @token) registrant_verification_token: @token)
Spy.on_instance_method(ValidateDnssec, :validate_dnssec).and_return(true)
end end
def test_fetches_registrant_change_request def test_fetches_registrant_change_request

1
test/integration/epp/domain/update/base_test.rb
View file

@ -10,6 +10,7 @@ class EppDomainUpdateBaseTest < EppTestCase
@original_registrant_change_verification = @original_registrant_change_verification =
Setting.request_confirmation_on_registrant_change_enabled Setting.request_confirmation_on_registrant_change_enabled
ActionMailer::Base.deliveries.clear ActionMailer::Base.deliveries.clear
Spy.on_instance_method(ValidateDnssec, :validate_dnssec).and_return(true)
end end
teardown do teardown do

1
test/integration/epp/domain/update/rem_dns_test.rb
View file

@ -12,6 +12,7 @@ class EppDomainUpdateRemDnsTest < EppTestCase
@original_registrant_change_verification = @original_registrant_change_verification =
Setting.request_confirmation_on_registrant_change_enabled Setting.request_confirmation_on_registrant_change_enabled
ActionMailer::Base.deliveries.clear ActionMailer::Base.deliveries.clear
Spy.on_instance_method(ValidateDnssec, :validate_dnssec).and_return(true)
end end
teardown do teardown do

1
test/integration/repp/v1/domains/contacts_test.rb
View file

@ -8,6 +8,7 @@ class ReppV1DomainsContactsTest < ActionDispatch::IntegrationTest
token = "Basic #{token}" token = "Basic #{token}"
@auth_headers = { 'Authorization' => token } @auth_headers = { 'Authorization' => token }
Spy.on_instance_method(ValidateDnssec, :validate_dnssec).and_return(true)
end end
def test_shows_existing_domain_contacts def test_shows_existing_domain_contacts

1
test/integration/repp/v1/domains/dnssec_test.rb
View file

@ -8,6 +8,7 @@ class ReppV1DomainsDnssecTest < ActionDispatch::IntegrationTest
token = "Basic #{token}" token = "Basic #{token}"
@auth_headers = { 'Authorization' => token } @auth_headers = { 'Authorization' => token }
Spy.on_instance_method(ValidateDnssec, :validate_dnssec).and_return(true)
end end
def test_shows_dnssec_keys_associated_with_domain def test_shows_dnssec_keys_associated_with_domain

1
test/integration/repp/v1/domains/nameservers_test.rb
View file

@ -8,6 +8,7 @@ class ReppV1DomainsNameserversTest < ActionDispatch::IntegrationTest
token = "Basic #{token}" token = "Basic #{token}"
@auth_headers = { 'Authorization' => token } @auth_headers = { 'Authorization' => token }
Spy.on_instance_method(ValidateDnssec, :validate_dnssec).and_return(true)
end end
def test_can_add_new_nameserver def test_can_add_new_nameserver

1
test/integration/repp/v1/domains/update_test.rb
View file

@ -8,6 +8,7 @@ class ReppV1DomainsUpdateTest < ActionDispatch::IntegrationTest
token = "Basic #{token}" token = "Basic #{token}"
@auth_headers = { 'Authorization' => token } @auth_headers = { 'Authorization' => token }
Spy.on_instance_method(ValidateDnssec, :validate_dnssec).and_return(true)
end end
def test_updates_transfer_code_for_domain def test_updates_transfer_code_for_domain

1
test/jobs/domain_update_confirm_job_test.rb
View file

@ -14,6 +14,7 @@ class DomainUpdateConfirmJobTest < ActiveSupport::TestCase
new_registrant_name: @new_registrant.name, new_registrant_name: @new_registrant.name,
new_registrant_email: @new_registrant.email, new_registrant_email: @new_registrant.email,
current_user_id: @user.id }) current_user_id: @user.id })
Spy.on_instance_method(ValidateDnssec, :validate_dnssec).and_return(true)
end end
def teardown def teardown