diff --git a/app/controllers/epp_controller.rb b/app/controllers/epp_controller.rb index d5f88b8d0..8817e150e 100644 --- a/app/controllers/epp_controller.rb +++ b/app/controllers/epp_controller.rb @@ -5,6 +5,7 @@ class EppController < ApplicationController skip_before_action :verify_authenticity_token before_action :generate_svtrid + before_action :latin_only before_action :validate_request before_action :update_epp_session helper_method :current_user @@ -106,6 +107,14 @@ class EppController < ApplicationController write_to_epp_log end + # VALIDATION + def latin_only + return true if params['frame'].blank? + return true if params['frame'].match(/\A[\p{Latin}\p{Z}\p{P}\p{S}\p{Cc}\p{Cf}\w_\'\+\-\.\(\)\/]*\Z/i) + render_epp_response '/epp/latin_error' + false + end + # VALIDATION def validate_request validation_method = "validate_#{params[:action]}" diff --git a/app/views/epp/latin_error.xml.builder b/app/views/epp/latin_error.xml.builder new file mode 100644 index 000000000..6ff19efbf --- /dev/null +++ b/app/views/epp/latin_error.xml.builder @@ -0,0 +1,8 @@ +xml.epp_head do + xml.response do + xml.result('code' => '2306') do + xml.msg('Parameter value policy error. Allowed only Latin characters.', 'lang' => 'en') + end + render('epp/shared/trID', builder: xml) + end +end diff --git a/spec/epp/session_spec.rb b/spec/epp/session_spec.rb index 5ddb565f8..b1ad5d136 100644 --- a/spec/epp/session_spec.rb +++ b/spec/epp/session_spec.rb @@ -55,6 +55,14 @@ describe 'EPP Session', epp: true do response[:clTRID].should be_nil end + it 'should return latin only error' do + wrong_user = @epp_xml.session.login(clID: { value: '你好你好' }, pw: { value: 'ghyt9e4fu' }) + response = epp_plain_request(wrong_user) + response[:msg].should == 'Parameter value policy error. Allowed only Latin characters.' + response[:result_code].should == '2306' + response[:clTRID].should == 'ABC-12345' + end + context 'with valid user' do it 'logs in epp user' do response = epp_plain_request(@login_xml_cache)