diff --git a/app/helpers/epp/contacts_helper.rb b/app/helpers/epp/contacts_helper.rb index fca91dce3..253b4b1d0 100644 --- a/app/helpers/epp/contacts_helper.rb +++ b/app/helpers/epp/contacts_helper.rb @@ -36,9 +36,8 @@ module Epp::ContactsHelper end def info_contact - # handle_errors and return unless rights? - @contact = find_contact handle_errors(@contact) and return unless @contact + handle_errors(@contact) and return unless rights? render 'epp/contacts/info' end @@ -88,16 +87,20 @@ module Epp::ContactsHelper xml_attrs_present?(@ph, [['id']]) end - ## CHECK + ## check def validate_contact_check_request @ph = params_hash['epp']['command']['check']['check'] xml_attrs_present?(@ph, [['id']]) end - ## INFO - def validate_contact_info_request + ## info + def validate_contact_info_request # and process @ph = params_hash['epp']['command']['info']['info'] xml_attrs_present?(@ph, [['id']]) + @contact = find_contact + return false unless @contact + return true if current_epp_user.registrar == @contact.registrar || xml_attrs_present?(@ph, [%w(authInfo pw)]) + false end ## SHARED @@ -123,7 +126,8 @@ module Epp::ContactsHelper def rights? pw = @ph.try(:[], :authInfo).try(:[], :pw) - return true if !find_contact.nil? && find_contact.auth_info_matches(pw) + return true if current_epp_user.try(:registrar) == @contact.try(:registrar) + return true if @contact.auth_info_matches(pw) epp_errors << { code: '2201', msg: t('errors.messages.epp_authorization_error'), value: { obj: 'pw', val: pw } } false diff --git a/spec/epp/contact_spec.rb b/spec/epp/contact_spec.rb index 4d82607d4..c8003fa4a 100644 --- a/spec/epp/contact_spec.rb +++ b/spec/epp/contact_spec.rb @@ -249,10 +249,11 @@ describe 'EPP Contact', epp: true do end it 'returns info about contact' do - Fabricate(:contact, created_by_id: '1', code: 'info-4444', auth_info: '2fooBAR', name: 'Johnny Awesome', + @contact = Fabricate(:contact, registrar: zone, code: 'info-4444', name: 'Johnny Awesome', address: Fabricate(:address)) - response = epp_request('contacts/info.xml') + xml = EppXml::Contact.info(id: { value: @contact.code }) + response = epp_request(xml, :xml, :zone) contact = response[:parsed].css('resData chkData') expect(response[:result_code]).to eq('1000') @@ -275,14 +276,36 @@ describe 'EPP Contact', epp: true do expect(contact.css('name').present?).to be(true) end - it 'doesn\'t display unassociated object', pending: true do - pending 'Have to rework contact info request to have optional password requirement' - Fabricate(:contact, code: 'info-4444') + it 'doesn\'t display unassociated object without password' do + @contact = Fabricate(:contact, code: 'info-4444', registrar: zone) - response = epp_request('contacts/info.xml') + xml = EppXml::Contact.info(id: { value: @contact.code }) + response = epp_request(xml, :xml, :elkdata) + expect(response[:result_code]).to eq('2003') + expect(response[:msg]).to eq('Required parameter missing: pw') + end + + it 'doesn\'t display unassociated object with wrong password' do + @contact = Fabricate(:contact, code: 'info-4444', registrar: zone) + + xml = EppXml::Contact.info(id: { value: @contact.code }, authInfo: { pw: { value: 'qwe321' } }) + response = epp_request(xml, :xml, :elkdata) expect(response[:result_code]).to eq('2201') expect(response[:msg]).to eq('Authorization error') end + + it 'doest display unassociated object with correct password' do + @contact = Fabricate(:contact, code: 'info-4444', registrar: zone, name: 'Johnny Awesome') + + xml = EppXml::Contact.info(id: { value: @contact.code }, authInfo: { pw: { value: @contact.auth_info } }) + response = epp_request(xml, :xml, :elkdata) + contact = response[:parsed].css('resData chkData') + + expect(response[:result_code]).to eq('1000') + expect(response[:msg]).to eq('Command completed successfully') + expect(contact.css('name').first.text).to eq('Johnny Awesome') + end + end context 'renew command' do