Added user certificate REPP endpoint and mailer

app/controllers/repp/v1/certificates_controller.rb

@@ -0,0 +1,51 @@
+module Repp
+  module V1
+    class CertificatesController < BaseController
+      THROTTLED_ACTIONS = %i[create].freeze
+      include Shunter::Integration::Throttle
+
+      api :POST, '/repp/v1/certificates'
+      desc 'Submit a new api user certificate signing request'
+      def create
+        authorize! :create, Certificate
+        @api_user = current_user.registrar.api_users.find(cert_params[:api_user_id])
+
+        csr = decode_cert_params(cert_params[:csr])
+
+        @certificate = @api_user.certificates.build(csr: csr)
+        unless @certificate.save
+          handle_non_epp_errors(@certificate)
+          return
+        end
+
+        notify_admins
+        render_success(data: { api_user: { id: @api_user.id } })
+      end
+
+      private
+
+      def cert_params
+        params.require(:certificate).permit(:api_user_id, csr: %i[body type])
+      end
+
+      def decode_cert_params(csr_params)
+        return if csr_params.blank?
+
+        Base64.decode64(csr_params[:body])
+      end
+
+      def notify_admins
+        admin_users_emails = User.all.select { |u| u.roles.include? 'admin' }.pluck(:email)
+
+        return if admin_users_emails.empty?
+
+        admin_users_emails.each do |email|
+          CertificateMailer.new_certificate_signing_request(email: email,
+                                                            api_user: @api_user,
+                                                            csr: @certificate)
+                           .deliver_now
+        end
+      end
+    end
+  end
+end

app/mailers/certificate_mailer.rb

@@ -0,0 +1,8 @@
+class CertificateMailer < ApplicationMailer
+  def new_certificate_signing_request(email:, api_user:, csr:)
+    @certificate = csr
+    @api_user = api_user
+    subject = 'New Certificate Signing Request Received'
+    mail(to: email, subject: subject)
+  end
+end

app/models/ability.rb

@@ -30,6 +30,7 @@ class Ability
     billing
     can :manage, ApiUser
     can :manage, WhiteIp
+    can :create, Certificate
   end
 
   def epp # Registrar/api_user dynamic role

app/models/certificate.rb

@@ -36,6 +36,8 @@ class Certificate < ApplicationRecord
   validate :assign_metadata, on: :create
 
   def assign_metadata
+    return if errors.any?
+
     origin = crt ? parsed_crt : parsed_csr
     parse_metadata(origin)
   rescue NoMethodError

app/views/mailers/certificate_mailer/new_certificate_signing_request.html.erb

@@ -0,0 +1,11 @@
+<p>New certificate signing request (CSR) has been received. Please review the details below:</p>
+
+  <h3>CSR Details:</h3>
+  <ul>
+    <li>Subject: <%= link_to(@certificate.parsed_csr.try(:subject),
+                      admin_api_user_certificate_url(@api_user, @certificate))  %></li>
+    <li>Requested By: <%= @certificate.creator_str %></li>
+    <li>Requested Date: <%= l(@certificate.created_at) %></li>
+  </ul>
+
+  <p>Please take the necessary steps to process the certificate signing request.</p>

app/views/mailers/certificate_mailer/new_certificate_signing_request.text.erb

@@ -0,0 +1,10 @@
+New certificate signing request (CSR) has been received. Please review the details below:
+
+CSR Details:
+
+Subject: <%= link_to(@certificate.parsed_csr.try(:subject),
+             admin_api_user_certificate_url(@api_user, @certificate))  %>
+Requested By: <%= @certificate.creator_str %>
+Requested Date: <%= l(@certificate.created_at) %>
+
+Please take the necessary steps to process the certificate signing request.

config/routes.rb

@@ -110,6 +110,7 @@ Rails.application.routes.draw do
       end
       resources :api_users, only: %i[index show update create destroy]
       resources :white_ips, only: %i[index show update create destroy]
+      resources :certificates, only: %i[create]
       namespace :registrar do
         resources :notifications, only: %i[index show update] do
           collection do