Merge branch 'master' into refactor-contact-archivation

test/fixtures/legal_documents.yml

@@ -0,0 +1,4 @@
+one:
+  documentable: shop (Domain)
+  document_type: pdf
+  path: some

test/integration/epp/base_test.rb

@@ -7,6 +7,14 @@ class DummyEppController < Epp::BaseController
 end
 
 class EppBaseTest < EppTestCase
+  setup do
+    @original_session_timeout = EppSession.timeout
+  end
+
+  teardown do
+    EppSession.timeout = @original_session_timeout
+  end
+
   def test_internal_error
     Rails.application.routes.draw do
       post 'epp/command/internal_error', to: 'dummy_epp#internal_error',
@@ -81,6 +89,63 @@ class EppBaseTest < EppTestCase
     assert_epp_response :authorization_error
   end
 
+  def test_deletes_session_when_timed_out
+    now = Time.zone.parse('2010-07-05')
+    travel_to now
+    timeout = 0.second
+    EppSession.timeout = timeout
+    session = epp_sessions(:api_bestnames)
+    session.update!(updated_at: now - timeout - 1.second)
+
+    authentication_enabled_epp_request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <info>
+            <domain:info xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+              <domain:name>#{domains(:shop).name}</domain:name>
+            </domain:info>
+          </info>
+        </command>
+      </epp>
+    XML
+    post '/epp/command/info', params: { frame: authentication_enabled_epp_request_xml },
+         headers: { 'HTTP_COOKIE' => "session=#{session.session_id}" }
+
+    assert_epp_response :authorization_error
+    assert_nil EppSession.find_by(session_id: session.session_id)
+  end
+
+  def test_session_last_access_is_updated_when_not_timed_out
+    now = Time.zone.parse('2010-07-05')
+    travel_to now
+    timeout = 1.seconds
+    EppSession.timeout = timeout
+    session = epp_sessions(:api_bestnames)
+    session.last_access = now - timeout
+
+    authentication_enabled_epp_request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <info>
+            <domain:info xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+              <domain:name>#{domains(:shop).name}</domain:name>
+            </domain:info>
+          </info>
+        </command>
+      </epp>
+    XML
+
+    post '/epp/command/info', params: { frame: authentication_enabled_epp_request_xml },
+         headers: { 'HTTP_COOKIE' => "session=#{session.session_id}" }
+
+    session.reload
+
+    assert_epp_response :completed_successfully
+    assert_equal now, session.last_access
+  end
+
   private
 
   def valid_command_path

test/integration/epp/domain/delete/base_test.rb

@@ -27,7 +27,7 @@ class EppDomainDeleteBaseTest < EppTestCase
           </delete>
           <extension>
             <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
-              <eis:legalDocument type="pdf">dGVzdCBmYWlsCg==</eis:legalDocument>
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
             </eis:extdata>
           </extension>
         </command>
@@ -35,6 +35,7 @@ class EppDomainDeleteBaseTest < EppTestCase
     XML
 
     post epp_delete_path, params: { frame: request_xml }, headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+    # binding.pry
     assert_includes Domain.find_by(name: 'invalid.test').statuses, DomainStatus::PENDING_DELETE_CONFIRMATION
     assert_epp_response :completed_successfully_action_pending
   end
@@ -54,7 +55,7 @@ class EppDomainDeleteBaseTest < EppTestCase
           </delete>
           <extension>
             <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
-              <eis:legalDocument type="pdf">dGVzdCBmYWlsCg==</eis:legalDocument>
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
             </eis:extdata>
           </extension>
         </command>
@@ -82,7 +83,7 @@ class EppDomainDeleteBaseTest < EppTestCase
           </delete>
           <extension>
             <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
-              <eis:legalDocument type="pdf">dGVzdCBmYWlsCg==</eis:legalDocument>
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
             </eis:extdata>
           </extension>
         </command>
@@ -113,7 +114,7 @@ class EppDomainDeleteBaseTest < EppTestCase
           </delete>
           <extension>
             <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
-              <eis:legalDocument type="pdf">dGVzdCBmYWlsCg==</eis:legalDocument>
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
             </eis:extdata>
           </extension>
         </command>
@@ -144,7 +145,7 @@ class EppDomainDeleteBaseTest < EppTestCase
           </delete>
           <extension>
             <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
-              <eis:legalDocument type="pdf">dGVzdCBmYWlsCg==</eis:legalDocument>
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
             </eis:extdata>
           </extension>
         </command>

test/integration/epp/domain/transfer/request_test.rb

@@ -150,7 +150,7 @@ class EppDomainTransferRequestTest < EppTestCase
           </transfer>
           <extension>
             <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
-              <eis:legalDocument type="pdf">test</eis:legalDocument>
+              <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
             </eis:extdata>
           </extension>
         </command>

test/integration/epp/poll_test.rb

@@ -124,4 +124,20 @@ class EppPollTest < EppTestCase
 
     assert_epp_response :object_does_not_exist
   end
+
+  def test_anonymous_user_cannot_access
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <poll op="req"/>
+        </command>
+      </epp>
+    XML
+
+    post '/epp/command/poll', params: { frame: request_xml },
+         headers: { 'HTTP_COOKIE' => 'session=non-existent' }
+
+    assert_epp_response :authorization_error
+  end
 end

test/jobs/domain_update_confirm_job_test.rb

@@ -7,7 +7,7 @@ class DomainUpdateConfirmJobTest < ActiveSupport::TestCase
     @domain = domains(:shop)
     @new_registrant = contacts(:william)
     @user = users(:api_bestnames)
-    @legal_doc_path = 'test/fixtures/files/legaldoc.pdf'
+    @legal_doc_path = "#{'test' * 2000}"
 
     @domain.update!(pending_json: { new_registrant_id: @new_registrant.id,
                                     new_registrant_name: @new_registrant.name,

test/models/epp_session_test.rb

@@ -3,6 +3,11 @@ require 'test_helper'
 class EppSessionTest < ActiveSupport::TestCase
   setup do
     @epp_session = epp_sessions(:api_bestnames)
+    @original_session_timeout = EppSession.timeout
+  end
+
+  teardown do
+    EppSession.timeout = @original_session_timeout
   end
 
   def test_valid
@@ -60,4 +65,39 @@ class EppSessionTest < ActiveSupport::TestCase
 
     refute EppSession.limit_reached?(registrars(:bestnames))
   end
+
+  def test_expired_scope
+    now = Time.zone.parse('2010-07-05')
+    travel_to now
+    session = epp_sessions(:api_bestnames)
+    timeout = 0.seconds
+    EppSession.timeout = timeout
+
+    session.update!(last_access: now - timeout - 1.second)
+    assert_includes EppSession.expired, session, 'Expired session should be returned'
+
+    session.update!(last_access: now - timeout)
+
+    assert_not_includes EppSession.expired, session, 'Unexpired session should not be returned'
+  end
+
+  def test_expired_when_timed_out
+    now = Time.zone.parse('2010-07-05')
+    travel_to now
+    timeout = 0.seconds
+    EppSession.timeout = timeout
+    @epp_session.last_access = now - timeout - 1.second
+
+    assert @epp_session.expired?
+  end
+
+  def test_not_expired_when_not_timed_out
+    now = Time.zone.parse('2010-07-05')
+    travel_to now
+    timeout = 0.seconds
+    EppSession.timeout = timeout
+    @epp_session.last_access = now - timeout
+
+    assert_not @epp_session.expired?
+  end
 end

test/models/legal_document_test.rb

@@ -0,0 +1,14 @@
+require 'test_helper'
+
+class LegalDocumentTest < ActiveSupport::TestCase
+  def test_valid_legal_document_fixture_is_valid
+    assert valid_legal_document.valid?, proc { valid_legal_document.errors.full_messages }
+  end
+
+  private
+
+  def valid_legal_document
+    legal_documents(:one)
+  end
+end
+

test/tasks/epp/clear_expired_sessions_test.rb

@@ -0,0 +1,29 @@
+require 'test_helper'
+
+class EppClearExpiredSessionsTaskTest < ActiveSupport::TestCase
+  setup do
+    @original_session_timeout = EppSession.timeout
+  end
+
+  teardown do
+    EppSession.timeout = @original_session_timeout
+  end
+
+  def test_clears_expired_epp_sessions
+    timeout = EppSession.timeout
+    session = epp_sessions(:api_bestnames)
+    next_session = epp_sessions(:api_goodnames)
+    session.update!(updated_at: Time.zone.now - timeout - 1.second)
+
+    run_task
+
+    assert_nil EppSession.find_by(session_id: session.session_id)
+    assert EppSession.find_by(session_id: next_session.session_id)
+  end
+
+  private
+
+  def run_task
+    Rake::Task['epp:clear_expired_sessions'].execute
+  end
+end