diff --git a/app/models/actions/domain_update.rb b/app/models/actions/domain_update.rb index 86454e727..26fae80b0 100644 --- a/app/models/actions/domain_update.rb +++ b/app/models/actions/domain_update.rb @@ -65,6 +65,8 @@ module Actions end def assign_dnssec_modifications + return unless params[:dns_keys] + dnskeys = [] params[:dns_keys].select { |dk| dk[:action] == 'rem' }.each do |key| dnkey = domain.dnskeys.find_by(key.except(:action)) @@ -73,6 +75,13 @@ module Actions end params[:dns_keys].select { |dk| dk[:action] == 'add' }.each do |key| + if key[:pubKey] && !Setting.key_data_allowed + domain.add_epp_error('2306', nil, nil, %i[dnskeys key_data_not_allowed]) + end + if key[:digest] && !Setting.ds_data_allowed + domain.add_epp_error('2306', nil, nil, %i[dnskeys ds_data_not_allowed]) + end + dnskeys << key.except(:action) end @@ -216,10 +225,10 @@ module Actions return false if domain.errors[:epp_errors].any? return false unless domain.valid? - if verify_registrant_change? && Setting.request_confirmation_on_registrant_change_enabled - return if bypass_verify + if verify_registrant_change? && !bypass_verify && + Setting.request_confirmation_on_registrant_change_enabled && !bypass_verify - domain.registrant_verification_asked!(params.to_s, params[:registrar_id]) + domain.registrant_verification_asked!(params, params[:registrar_id]) end return false if domain.errors[:epp_errors].any? diff --git a/app/models/epp/domain.rb b/app/models/epp/domain.rb index 5a30f9778..8675d8ba3 100644 --- a/app/models/epp/domain.rb +++ b/app/models/epp/domain.rb @@ -114,53 +114,6 @@ class Epp::Domain < Domain admin_contacts << registrant if admin_domain_contacts.blank? && !registrant.org? end - def attrs_from(frame, current_user, action = nil) - at = {}.with_indifferent_access - - # KORRAS - registrant_frame = frame.css('registrant').first - code = registrant_frame.try(:text) - if code.present? - if action == 'chg' && registrant_change_prohibited? - add_epp_error('2304', "status", DomainStatus::SERVER_REGISTRANT_CHANGE_PROHIBITED, I18n.t(:object_status_prohibits_operation)) - end - regt = Registrant.find_by(code: code) - if regt - at[:registrant_id] = regt.id - else - add_epp_error('2303', 'registrant', code, [:registrant, :not_found]) - end - else - add_epp_error('2306', nil, nil, [:registrant, :cannot_be_missing]) - end if registrant_frame - # KORRAS - - at[:name] = frame.css('name').text if new_record? # Done - at[:registrar_id] = current_user.registrar.try(:id) # Done - period = frame.css('period').text # Done - at[:period] = (period.to_i == 0) ? 1 : period.to_i # Done - at[:period_unit] = Epp::Domain.parse_period_unit_from_frame(frame) || 'y' # Done - at[:reserved_pw] = frame.css('reserved > pw').text # Done - pw = frame.css('authInfo > pw').text # Done - at[:transfer_code] = pw if pw.present? # Done - # at[:statuses] = domain_statuses_attrs(frame, action) - - at[:nameservers_attributes] = nameservers_attrs(frame, action) - at[:admin_domain_contacts_attributes] = admin_domain_contacts_attrs(frame, action) - at[:tech_domain_contacts_attributes] = tech_domain_contacts_attrs(frame, action) - - if new_record? - dnskey_frame = frame.css('extension create') - else - dnskey_frame = frame - end - - at[:dnskeys_attributes] = dnskeys_attrs(dnskey_frame, action) - - at - end - - # Adding legal doc to domain and # if something goes wrong - raise Rollback error def add_legal_file_to_new frame @@ -176,243 +129,6 @@ class Epp::Domain < Domain self.legal_document_id = doc.id end - def nameservers_attrs(frame, action) - ns_list = ::Deserializers::Xml::Nameservers.new(frame).call - - if action == 'rem' - to_destroy = [] - ns_list.each do |ns_attrs| - nameserver = nameservers.find_by_hash_params(ns_attrs).first - if nameserver.blank? - add_epp_error('2303', 'hostAttr', ns_attrs[:hostname], [:nameservers, :not_found]) - else - to_destroy << { - id: nameserver.id, - _destroy: 1 - } - end - end - - return to_destroy - else - return ns_list - end - end - - def admin_domain_contacts_attrs(frame, action) - admin_attrs = domain_contact_attrs_from(frame, action, 'admin') - - if admin_attrs.present? && admin_change_prohibited? - add_epp_error('2304', 'admin', DomainStatus::SERVER_ADMIN_CHANGE_PROHIBITED, I18n.t(:object_status_prohibits_operation)) - return [] - end - - case action - when 'rem' - return destroy_attrs(admin_attrs, admin_domain_contacts) - else - return admin_attrs - end - end - - def tech_domain_contacts_attrs(frame, action) - tech_attrs = domain_contact_attrs_from(frame, action, 'tech') - - if tech_attrs.present? && tech_change_prohibited? - add_epp_error('2304', 'tech', DomainStatus::SERVER_TECH_CHANGE_PROHIBITED, I18n.t(:object_status_prohibits_operation)) - return [] - end - - case action - when 'rem' - return destroy_attrs(tech_attrs, tech_domain_contacts) - else - return tech_attrs - end - end - - def destroy_attrs(attrs, dcontacts) - destroy_attrs = [] - attrs.each do |at| - domain_contact_id = dcontacts.find_by(contact_id: at[:contact_id]).try(:id) - - unless domain_contact_id - add_epp_error('2303', 'contact', at[:contact_code_cache], [:domain_contacts, :not_found]) - next - end - - destroy_attrs << { - id: domain_contact_id, - _destroy: 1 - } - end - - destroy_attrs - end - - def domain_contact_attrs_from(frame, action, type) - attrs = [] - frame.css('contact').each do |x| - next if x['type'] != type - - c = Epp::Contact.find_by_epp_code(x.text) - unless c - add_epp_error('2303', 'contact', x.text, [:domain_contacts, :not_found]) - next - end - - if action != 'rem' - if x['type'] == 'admin' && c.org? - add_epp_error('2306', 'contact', x.text, [:domain_contacts, :admin_contact_can_be_only_private_person]) - next - end - end - - attrs << { - contact_id: c.id, - contact_code_cache: c.code - } - end - - attrs - end - - def dnskeys_attrs(frame, action) - keys = [] - return keys if frame.blank? - inf_data = DnsSecKeys.new(frame) - - if action == 'rem' && - frame.css('rem > all').first.try(:text) == 'true' - keys = inf_data.mark_destroy_all dnskeys - else - if Setting.key_data_allowed - errors.add(:base, :ds_data_not_allowed) if inf_data.ds_data.present? - keys = inf_data.key_data - end - if Setting.ds_data_allowed - errors.add(:base, :key_data_not_allowed) if inf_data.key_data.present? - keys = inf_data.ds_data - end - if action == 'rem' - keys = inf_data.mark_destroy(dnskeys) - add_epp_error('2303', nil, nil, [:dnskeys, :not_found]) if keys.include? nil - end - end - - errors.any? ? [] : keys - end - - class DnsSecKeys - def initialize(frame) - @key_data = [] - @ds_data = [] - # schema validation prevents both in the same parent node - if frame.css('dsData').present? - ds_data_from frame - else - frame.css('keyData').each do |key| - @key_data.append key_data_from(key) - end - end - end - - attr_reader :key_data - attr_reader :ds_data - - def mark_destroy_all(dns_keys) - # if transition support required mark_destroy dns_keys when has ds/key values otherwise ... - dns_keys.map { |inf_data| mark inf_data } - end - - def mark_destroy(dns_keys) - (ds_data.present? ? ds_filter(dns_keys) : kd_filter(dns_keys)).map do |inf_data| - inf_data.blank? ? nil : mark(inf_data) - end - end - - private - - KEY_INTERFACE = {flags: 'flags', protocol: 'protocol', alg: 'alg', public_key: 'pubKey' } - DS_INTERFACE = - { ds_key_tag: 'keyTag', - ds_alg: 'alg', - ds_digest_type: 'digestType', - ds_digest: 'digest' - } - - def xm_copy(frame, map) - result = {} - map.each do |key, elem| - result[key] = frame.css(elem).first.try(:text) - end - result - end - - def key_data_from(frame) - xm_copy frame, KEY_INTERFACE - end - - def ds_data_from(frame) - frame.css('dsData').each do |ds_data| - key = ds_data.css('keyData') - ds = xm_copy ds_data, DS_INTERFACE - ds.merge(key_data_from key) if key.present? - @ds_data << ds - end - end - - def ds_filter(dns_keys) - @ds_data.map do |ds| - dns_keys.find_by(ds.slice(*DS_INTERFACE.keys)) - end - end - - def kd_filter(dns_keys) - @key_data.map do |key| - dns_keys.find_by(key) - end - end - - def mark(inf_data) - { id: inf_data.id, _destroy: 1 } - end - end - - def domain_statuses_attrs(frame, action) - status_list = domain_status_list_from(frame) - if action == 'rem' - to_destroy = [] - status_list.each do |x| - if statuses.include?(x) - to_destroy << x - else - add_epp_error('2303', 'status', x, [:domain_statuses, :not_found]) - end - end - - return to_destroy - else - return status_list - end - end - - def domain_status_list_from(frame) - status_list = [] - - frame.css('status').each do |x| - unless DomainStatus::CLIENT_STATUSES.include?(x['s']) - add_epp_error('2303', 'status', x['s'], [:domain_statuses, :not_found]) - next - end - - status_list << x['s'] - end - - status_list - end - - def update(frame, current_user, verify = true) return super if frame.blank? @@ -481,13 +197,14 @@ statuses - domain_statuses_attrs(frame.css('rem'), 'rem') + domain_statuses_attr def apply_pending_update! preclean_pendings user = ApiUser.find(pending_json['current_user_id']) - frame = Nokogiri::XML(pending_json['frame']) + frame = pending_json['frame'].with_indifferent_access self.statuses.delete(DomainStatus::PENDING_UPDATE) self.upid = user.registrar.id if user.registrar self.up_date = Time.zone.now - return unless update(frame, user, false) + return unless Actions::DomainUpdate.new(self, frame, true).call + clean_pendings! save!