diff --git a/app/controllers/epp/contacts_controller.rb b/app/controllers/epp/contacts_controller.rb index 983490e8c..138311e29 100644 --- a/app/controllers/epp/contacts_controller.rb +++ b/app/controllers/epp/contacts_controller.rb @@ -20,7 +20,7 @@ class Epp::ContactsController < EppController @contact = Epp::Contact.new(params[:parsed_frame], current_user.registrar) if @contact.save - render_epp_response '/epp/contacts/create' + render_epp_response '/epp/contacts/create' else handle_errors(@contact) end @@ -63,10 +63,10 @@ class Epp::ContactsController < EppController @contact = Epp::Contact.find_by(code: code) if @contact.blank? - epp_errors << { + epp_errors << { code: '2303', msg: t('errors.messages.epp_obj_does_not_exist'), - value: { obj: 'id', val: code } + value: { obj: 'id', val: code } } fail CanCan::AccessDenied end @@ -94,13 +94,14 @@ class Epp::ContactsController < EppController ) ident = params[:parsed_frame].css('ident') if ident.present? && ident.text != 'birthday' && ident.attr('cc').blank? - epp_errors << { - code: '2003', - msg: I18n.t('errors.messages.required_attribute_missing', key: 'ident country code missing') + epp_errors << { + code: '2003', + msg: I18n.t('errors.messages.required_attribute_missing', key: 'ident country code missing') } end - contact_org_disabled + contact_org_disabled fax_disabled + status_editing_disabled @prefix = nil requires 'extension > extdata > ident' end @@ -108,13 +109,14 @@ class Epp::ContactsController < EppController def validate_update @prefix = 'update > update >' if element_count('chg') == 0 && element_count('rem') == 0 && element_count('add') == 0 - epp_errors << { - code: '2003', - msg: I18n.t('errors.messages.required_parameter_missing', key: 'add, rem or chg') + epp_errors << { + code: '2003', + msg: I18n.t('errors.messages.required_parameter_missing', key: 'add, rem or chg') } end contact_org_disabled fax_disabled + status_editing_disabled requires 'id', 'authInfo > pw' @prefix = nil end @@ -142,4 +144,13 @@ class Epp::ContactsController < EppController msg: "#{I18n.t(:contact_fax_error)}: fax [fax]" } end + + def status_editing_disabled + return true if Setting.client_status_editing_enabled + return true if params[:parsed_frame].css('status').empty? + epp_errors << { + code: '2306', + msg: "#{I18n.t(:client_side_status_editing_error)}: status [status]" + } + end end diff --git a/app/controllers/epp/domains_controller.rb b/app/controllers/epp/domains_controller.rb index 755501017..87766254d 100644 --- a/app/controllers/epp/domains_controller.rb +++ b/app/controllers/epp/domains_controller.rb @@ -116,6 +116,8 @@ class Epp::DomainsController < EppController @prefix = nil requires 'extension > extdata > legalDocument' + + status_editing_disabled end def validate_renew @@ -130,6 +132,8 @@ class Epp::DomainsController < EppController @prefix = 'update > update >' requires 'name' + + status_editing_disabled end ## TRANSFER @@ -170,4 +174,13 @@ class Epp::DomainsController < EppController def find_password @password = params[:parsed_frame].css('authInfo pw').text end + + def status_editing_disabled + return true if Setting.client_status_editing_enabled + return true if params[:parsed_frame].css('status').empty? + epp_errors << { + code: '2306', + msg: "#{I18n.t(:client_side_status_editing_error)}: status [status]" + } + end end diff --git a/config/initializers/initial_settings.rb b/config/initializers/initial_settings.rb index 4050d8122..23e171339 100644 --- a/config/initializers/initial_settings.rb +++ b/config/initializers/initial_settings.rb @@ -29,6 +29,8 @@ if con.present? && con.table_exists?('settings') Setting.save_default(:ns_max_count, 11) Setting.save_default(:transfer_wait_time, 0) + + Setting.save_default(:client_side_status_editing_enabled, false) end # dev only setting diff --git a/config/locales/en.yml b/config/locales/en.yml index 366e59c66..54cd90f05 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -506,3 +506,4 @@ en: sending_error: 'Could not send sms to user' sim_error: 'SIM application error' internal_error: 'Internal error' + client_side_status_editing_error: 'Parameter value policy error. Client-side object status management not supported' diff --git a/spec/epp/contact_spec.rb b/spec/epp/contact_spec.rb index 5ecdaeefb..4e29ec853 100644 --- a/spec/epp/contact_spec.rb +++ b/spec/epp/contact_spec.rb @@ -7,7 +7,7 @@ describe 'EPP Contact', epp: true do @registrar1 = Fabricate(:registrar1) @registrar2 = Fabricate(:registrar2) @epp_xml = EppXml::Contact.new(cl_trid: 'ABC-12345') - + Fabricate(:api_user, username: 'registrar1', registrar: @registrar1) Fabricate(:api_user, username: 'registrar2', registrar: @registrar2) @@ -50,17 +50,17 @@ describe 'EPP Contact', epp: true do it 'fails if request xml is missing' do response = epp_plain_request(@epp_xml.create, :xml) - response[:results][0][:msg].should == + response[:results][0][:msg].should == 'Required parameter missing: create > create > postalInfo > name [name]' - response[:results][1][:msg].should == + response[:results][1][:msg].should == 'Required parameter missing: create > create > postalInfo > addr > city [city]' - response[:results][2][:msg].should == + response[:results][2][:msg].should == 'Required parameter missing: create > create > postalInfo > addr > cc [cc]' - response[:results][3][:msg].should == + response[:results][3][:msg].should == 'Required parameter missing: create > create > voice [voice]' - response[:results][4][:msg].should == + response[:results][4][:msg].should == 'Required parameter missing: create > create > email [email]' - response[:results][5][:msg].should == + response[:results][5][:msg].should == 'Required parameter missing: extension > extdata > ident [ident]' response[:results][0][:result_code].should == '2003' @@ -101,9 +101,9 @@ describe 'EPP Contact', epp: true do value: 'JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==', attrs: { type: 'pdf' } }, - ident: { + ident: { value: '1990-22-12', - attrs: { type: 'birthday', cc: 'US' } + attrs: { type: 'birthday', cc: 'US' } } } response = create_request({}, extension) @@ -165,7 +165,7 @@ describe 'EPP Contact', epp: true do it 'should return parameter value policy error for org' do response = create_request({ postalInfo: { org: { value: 'should not save' } } }) - response[:msg].should == + response[:msg].should == 'Parameter value policy error. Org should be blank: postalInfo > org [org]' response[:result_code].should == '2306' @@ -174,7 +174,7 @@ describe 'EPP Contact', epp: true do it 'should return parameter value policy error for fax' do response = create_request({ fax: { value: 'should not save' } }) - response[:msg].should == + response[:msg].should == 'Parameter value policy error. Fax should be blank: fax [fax]' response[:result_code].should == '2306' @@ -220,13 +220,13 @@ describe 'EPP Contact', epp: true do it 'fails if request is invalid' do response = epp_plain_request(@epp_xml.update, :xml) - response[:results][0][:msg].should == + response[:results][0][:msg].should == 'Required parameter missing: add, rem or chg' response[:results][0][:result_code].should == '2003' - response[:results][1][:msg].should == + response[:results][1][:msg].should == 'Required parameter missing: update > update > id [id]' response[:results][1][:result_code].should == '2003' - response[:results][2][:msg].should == + response[:results][2][:msg].should == 'Required parameter missing: update > update > authInfo > pw [pw]' response[:results][2][:result_code].should == '2003' response[:results].count.should == 3 @@ -291,9 +291,9 @@ describe 'EPP Contact', epp: true do value: 'JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==', attrs: { type: 'pdf' } }, - ident: { + ident: { value: '1990-22-12', - attrs: { type: 'birthday', cc: 'US' } + attrs: { type: 'birthday', cc: 'US' } } } response = update_request({ id: { value: 'sh8013' } }, extension) @@ -304,13 +304,13 @@ describe 'EPP Contact', epp: true do end it 'should return parameter value policy errror for org update' do - response = update_request({ - id: { value: 'sh8013' }, + response = update_request({ + id: { value: 'sh8013' }, chg: { - postalInfo: { org: { value: 'should not save' } } + postalInfo: { org: { value: 'should not save' } } } }) - response[:msg].should == + response[:msg].should == 'Parameter value policy error. Org should be blank: postalInfo > org [org]' response[:result_code].should == '2306' @@ -318,18 +318,39 @@ describe 'EPP Contact', epp: true do end it 'should return parameter value policy errror for fax update' do - response = update_request({ - id: { value: 'sh8013' }, + response = update_request({ + id: { value: 'sh8013' }, chg: { - fax: { value: 'should not save' } + fax: { value: 'should not save' } } }) - response[:msg].should == + response[:msg].should == 'Parameter value policy error. Fax should be blank: fax [fax]' response[:result_code].should == '2306' Contact.find_by(code: 'sh8013').fax.should == nil end + + it 'does not allow to edit statuses if policy forbids it' do + Setting.client_status_editing_enabled = false + + xml = @epp_xml.update({ + id: { value: 'sh8013' }, + add: [{ + _anonymus: [ + { status: { value: 'Payment overdue.', attrs: { s: 'clientHold', lang: 'en' } } }, + { status: { value: '', attrs: { s: 'clientUpdateProhibited' } } } + ] + }] + }) + + response = epp_plain_request(xml, :xml) + response[:results][0][:result_code].should == '2306' + response[:results][0][:msg].should == "Parameter value policy error. Client-side object status "\ + "management not supported: status [status]" + + Setting.client_status_editing_enabled = true + end end context 'delete command' do @@ -349,10 +370,10 @@ describe 'EPP Contact', epp: true do it 'fails if request is invalid' do response = epp_plain_request(@epp_xml.delete, :xml) - response[:results][0][:msg].should == + response[:results][0][:msg].should == 'Required parameter missing: delete > delete > id [id]' response[:results][0][:result_code].should == '2003' - response[:results][1][:msg].should == + response[:results][1][:msg].should == 'Required parameter missing: delete > delete > authInfo > pw [pw]' response[:results][1][:result_code].should == '2003' response[:results].count.should == 2 @@ -378,7 +399,7 @@ describe 'EPP Contact', epp: true do @domain = Fabricate(:domain, registrar: @registrar1, owner_contact: @contact) @domain.owner_contact.address.present?.should == true - response = delete_request + response = delete_request response[:msg].should == 'Object association prohibits operation [domains]' response[:result_code].should == '2305' response[:results].count.should == 1 @@ -443,7 +464,7 @@ describe 'EPP Contact', epp: true do it 'fails if request invalid' do response = epp_plain_request(@epp_xml.info, :xml) - response[:results][0][:msg].should == + response[:results][0][:msg].should == 'Required parameter missing: info > info > id [id]' response[:results][0][:result_code].should == '2003' response[:results].count.should == 1 diff --git a/spec/epp/domain_spec.rb b/spec/epp/domain_spec.rb index 1deb1b4a0..44e377b4a 100644 --- a/spec/epp/domain_spec.rb +++ b/spec/epp/domain_spec.rb @@ -1460,6 +1460,27 @@ describe 'EPP Domain', epp: true do d.domain_statuses.count.should == 2 end + it 'does not allow to edit statuses if policy forbids it' do + Setting.client_status_editing_enabled = false + + xml = domain_update_xml({ + name: { value: domain.name }, + add: [{ + _anonymus: [ + { status: { value: 'Payment overdue.', attrs: { s: 'clientHold', lang: 'en' } } }, + { status: { value: '', attrs: { s: 'clientUpdateProhibited' } } } + ] + }] + }) + + response = epp_plain_request(xml, :xml) + response[:results][0][:result_code].should == '2306' + response[:results][0][:msg].should == "Parameter value policy error. Client-side object status "\ + "management not supported: status [status]" + + Setting.client_status_editing_enabled = true + end + it 'updates a domain and removes objects' do xml = domain_update_xml({ name: { value: domain.name }, diff --git a/spec/support/general.rb b/spec/support/general.rb index 646389000..53aa0755b 100644 --- a/spec/support/general.rb +++ b/spec/support/general.rb @@ -16,6 +16,8 @@ module General Setting.admin_contacts_max_count = 10 Setting.tech_contacts_min_count = 0 Setting.tech_contacts_max_count = 10 + + Setting.client_side_status_editing_enabled = true end def create_disclosure_settings