zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-03 09:43:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

Implement status policy

Browse source
This commit is contained in:
Martin Lensment 2015-03-30 18:37:57 +03:00
parent 09c73d6109
commit bb93f8b609
7 changed files with 109 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

31
app/controllers/epp/contacts_controller.rb
View file

@ -20,7 +20,7 @@ class Epp::ContactsController < EppController
@contact = Epp::Contact.new(params[:parsed_frame], current_user.registrar) @contact = Epp::Contact.new(params[:parsed_frame], current_user.registrar)
if @contact.save if @contact.save
render_epp_response '/epp/contacts/create' render_epp_response '/epp/contacts/create'
else else
handle_errors(@contact) handle_errors(@contact)
end end
@ -63,10 +63,10 @@ class Epp::ContactsController < EppController
@contact = Epp::Contact.find_by(code: code) @contact = Epp::Contact.find_by(code: code)
if @contact.blank? if @contact.blank?
epp_errors << { epp_errors << {
code: '2303', code: '2303',
msg: t('errors.messages.epp_obj_does_not_exist'), msg: t('errors.messages.epp_obj_does_not_exist'),
value: { obj: 'id', val: code } value: { obj: 'id', val: code }
} }
fail CanCan::AccessDenied fail CanCan::AccessDenied
end end
@ -94,13 +94,14 @@ class Epp::ContactsController < EppController
) )
ident = params[:parsed_frame].css('ident') ident = params[:parsed_frame].css('ident')
if ident.present? && ident.text != 'birthday' && ident.attr('cc').blank? if ident.present? && ident.text != 'birthday' && ident.attr('cc').blank?
epp_errors << { epp_errors << {
code: '2003', code: '2003',
msg: I18n.t('errors.messages.required_attribute_missing', key: 'ident country code missing') msg: I18n.t('errors.messages.required_attribute_missing', key: 'ident country code missing')
} }
end end
contact_org_disabled contact_org_disabled
fax_disabled fax_disabled
status_editing_disabled
@prefix = nil @prefix = nil
requires 'extension > extdata > ident' requires 'extension > extdata > ident'
end end
@ -108,13 +109,14 @@ class Epp::ContactsController < EppController
def validate_update def validate_update
@prefix = 'update > update >' @prefix = 'update > update >'
if element_count('chg') == 0 && element_count('rem') == 0 && element_count('add') == 0 if element_count('chg') == 0 && element_count('rem') == 0 && element_count('add') == 0
epp_errors << { epp_errors << {
code: '2003', code: '2003',
msg: I18n.t('errors.messages.required_parameter_missing', key: 'add, rem or chg') msg: I18n.t('errors.messages.required_parameter_missing', key: 'add, rem or chg')
} }
end end
contact_org_disabled contact_org_disabled
fax_disabled fax_disabled
status_editing_disabled
requires 'id', 'authInfo > pw' requires 'id', 'authInfo > pw'
@prefix = nil @prefix = nil
end end
@ -142,4 +144,13 @@ class Epp::ContactsController < EppController
msg: "#{I18n.t(:contact_fax_error)}: fax [fax]" msg: "#{I18n.t(:contact_fax_error)}: fax [fax]"
} }
end end
def status_editing_disabled
return true if Setting.client_status_editing_enabled
return true if params[:parsed_frame].css('status').empty?
epp_errors << {
code: '2306',
msg: "#{I18n.t(:client_side_status_editing_error)}: status [status]"
}
end
end end

13
app/controllers/epp/domains_controller.rb
View file

@ -116,6 +116,8 @@ class Epp::DomainsController < EppController
@prefix = nil @prefix = nil
requires 'extension > extdata > legalDocument' requires 'extension > extdata > legalDocument'
status_editing_disabled
end end
def validate_renew def validate_renew
@ -130,6 +132,8 @@ class Epp::DomainsController < EppController
@prefix = 'update > update >' @prefix = 'update > update >'
requires 'name' requires 'name'
status_editing_disabled
end end
## TRANSFER ## TRANSFER
@ -170,4 +174,13 @@ class Epp::DomainsController < EppController
def find_password def find_password
@password = params[:parsed_frame].css('authInfo pw').text @password = params[:parsed_frame].css('authInfo pw').text
end end
def status_editing_disabled
return true if Setting.client_status_editing_enabled
return true if params[:parsed_frame].css('status').empty?
epp_errors << {
code: '2306',
msg: "#{I18n.t(:client_side_status_editing_error)}: status [status]"
}
end
end end

2
config/initializers/initial_settings.rb
View file

@ -29,6 +29,8 @@ if con.present? && con.table_exists?('settings')
Setting.save_default(:ns_max_count, 11) Setting.save_default(:ns_max_count, 11)
Setting.save_default(:transfer_wait_time, 0) Setting.save_default(:transfer_wait_time, 0)
Setting.save_default(:client_side_status_editing_enabled, false)
end end
# dev only setting # dev only setting

1
config/locales/en.yml
View file

@ -506,3 +506,4 @@ en:
sending_error: 'Could not send sms to user' sending_error: 'Could not send sms to user'
sim_error: 'SIM application error' sim_error: 'SIM application error'
internal_error: 'Internal error' internal_error: 'Internal error'
client_side_status_editing_error: 'Parameter value policy error. Client-side object status management not supported'

77
spec/epp/contact_spec.rb
View file

@ -7,7 +7,7 @@ describe 'EPP Contact', epp: true do
@registrar1 = Fabricate(:registrar1) @registrar1 = Fabricate(:registrar1)
@registrar2 = Fabricate(:registrar2) @registrar2 = Fabricate(:registrar2)
@epp_xml = EppXml::Contact.new(cl_trid: 'ABC-12345') @epp_xml = EppXml::Contact.new(cl_trid: 'ABC-12345')
Fabricate(:api_user, username: 'registrar1', registrar: @registrar1) Fabricate(:api_user, username: 'registrar1', registrar: @registrar1)
Fabricate(:api_user, username: 'registrar2', registrar: @registrar2) Fabricate(:api_user, username: 'registrar2', registrar: @registrar2)
@ -50,17 +50,17 @@ describe 'EPP Contact', epp: true do
it 'fails if request xml is missing' do it 'fails if request xml is missing' do
response = epp_plain_request(@epp_xml.create, :xml) response = epp_plain_request(@epp_xml.create, :xml)
response[:results][0][:msg].should == response[:results][0][:msg].should ==
'Required parameter missing: create > create > postalInfo > name [name]' 'Required parameter missing: create > create > postalInfo > name [name]'
response[:results][1][:msg].should == response[:results][1][:msg].should ==
'Required parameter missing: create > create > postalInfo > addr > city [city]' 'Required parameter missing: create > create > postalInfo > addr > city [city]'
response[:results][2][:msg].should == response[:results][2][:msg].should ==
'Required parameter missing: create > create > postalInfo > addr > cc [cc]' 'Required parameter missing: create > create > postalInfo > addr > cc [cc]'
response[:results][3][:msg].should == response[:results][3][:msg].should ==
'Required parameter missing: create > create > voice [voice]' 'Required parameter missing: create > create > voice [voice]'
response[:results][4][:msg].should == response[:results][4][:msg].should ==
'Required parameter missing: create > create > email [email]' 'Required parameter missing: create > create > email [email]'
response[:results][5][:msg].should == response[:results][5][:msg].should ==
'Required parameter missing: extension > extdata > ident [ident]' 'Required parameter missing: extension > extdata > ident [ident]'
response[:results][0][:result_code].should == '2003' response[:results][0][:result_code].should == '2003'
@ -101,9 +101,9 @@ describe 'EPP Contact', epp: true do
value: 'JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==', value: 'JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==',
attrs: { type: 'pdf' } attrs: { type: 'pdf' }
}, },
ident: { ident: {
value: '1990-22-12', value: '1990-22-12',
attrs: { type: 'birthday', cc: 'US' } attrs: { type: 'birthday', cc: 'US' }
} }
} }
response = create_request({}, extension) response = create_request({}, extension)
@ -165,7 +165,7 @@ describe 'EPP Contact', epp: true do
it 'should return parameter value policy error for org' do it 'should return parameter value policy error for org' do
response = create_request({ postalInfo: { org: { value: 'should not save' } } }) response = create_request({ postalInfo: { org: { value: 'should not save' } } })
response[:msg].should == response[:msg].should ==
'Parameter value policy error. Org should be blank: postalInfo > org [org]' 'Parameter value policy error. Org should be blank: postalInfo > org [org]'
response[:result_code].should == '2306' response[:result_code].should == '2306'
@ -174,7 +174,7 @@ describe 'EPP Contact', epp: true do
it 'should return parameter value policy error for fax' do it 'should return parameter value policy error for fax' do
response = create_request({ fax: { value: 'should not save' } }) response = create_request({ fax: { value: 'should not save' } })
response[:msg].should == response[:msg].should ==
'Parameter value policy error. Fax should be blank: fax [fax]' 'Parameter value policy error. Fax should be blank: fax [fax]'
response[:result_code].should == '2306' response[:result_code].should == '2306'
@ -220,13 +220,13 @@ describe 'EPP Contact', epp: true do
it 'fails if request is invalid' do it 'fails if request is invalid' do
response = epp_plain_request(@epp_xml.update, :xml) response = epp_plain_request(@epp_xml.update, :xml)
response[:results][0][:msg].should == response[:results][0][:msg].should ==
'Required parameter missing: add, rem or chg' 'Required parameter missing: add, rem or chg'
response[:results][0][:result_code].should == '2003' response[:results][0][:result_code].should == '2003'
response[:results][1][:msg].should == response[:results][1][:msg].should ==
'Required parameter missing: update > update > id [id]' 'Required parameter missing: update > update > id [id]'
response[:results][1][:result_code].should == '2003' response[:results][1][:result_code].should == '2003'
response[:results][2][:msg].should == response[:results][2][:msg].should ==
'Required parameter missing: update > update > authInfo > pw [pw]' 'Required parameter missing: update > update > authInfo > pw [pw]'
response[:results][2][:result_code].should == '2003' response[:results][2][:result_code].should == '2003'
response[:results].count.should == 3 response[:results].count.should == 3
@ -291,9 +291,9 @@ describe 'EPP Contact', epp: true do
value: 'JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==', value: 'JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==',
attrs: { type: 'pdf' } attrs: { type: 'pdf' }
}, },
ident: { ident: {
value: '1990-22-12', value: '1990-22-12',
attrs: { type: 'birthday', cc: 'US' } attrs: { type: 'birthday', cc: 'US' }
} }
} }
response = update_request({ id: { value: 'sh8013' } }, extension) response = update_request({ id: { value: 'sh8013' } }, extension)
@ -304,13 +304,13 @@ describe 'EPP Contact', epp: true do
end end
it 'should return parameter value policy errror for org update' do it 'should return parameter value policy errror for org update' do
response = update_request({ response = update_request({
id: { value: 'sh8013' }, id: { value: 'sh8013' },
chg: { chg: {
postalInfo: { org: { value: 'should not save' } } postalInfo: { org: { value: 'should not save' } }
} }
}) })
response[:msg].should == response[:msg].should ==
'Parameter value policy error. Org should be blank: postalInfo > org [org]' 'Parameter value policy error. Org should be blank: postalInfo > org [org]'
response[:result_code].should == '2306' response[:result_code].should == '2306'
@ -318,18 +318,39 @@ describe 'EPP Contact', epp: true do
end end
it 'should return parameter value policy errror for fax update' do it 'should return parameter value policy errror for fax update' do
response = update_request({ response = update_request({
id: { value: 'sh8013' }, id: { value: 'sh8013' },
chg: { chg: {
fax: { value: 'should not save' } fax: { value: 'should not save' }
} }
}) })
response[:msg].should == response[:msg].should ==
'Parameter value policy error. Fax should be blank: fax [fax]' 'Parameter value policy error. Fax should be blank: fax [fax]'
response[:result_code].should == '2306' response[:result_code].should == '2306'
Contact.find_by(code: 'sh8013').fax.should == nil Contact.find_by(code: 'sh8013').fax.should == nil
end end
it 'does not allow to edit statuses if policy forbids it' do
Setting.client_status_editing_enabled = false
xml = @epp_xml.update({
id: { value: 'sh8013' },
add: [{
_anonymus: [
{ status: { value: 'Payment overdue.', attrs: { s: 'clientHold', lang: 'en' } } },
{ status: { value: '', attrs: { s: 'clientUpdateProhibited' } } }
]
}]
})
response = epp_plain_request(xml, :xml)
response[:results][0][:result_code].should == '2306'
response[:results][0][:msg].should == "Parameter value policy error. Client-side object status "\
"management not supported: status [status]"
Setting.client_status_editing_enabled = true
end
end end
context 'delete command' do context 'delete command' do
@ -349,10 +370,10 @@ describe 'EPP Contact', epp: true do
it 'fails if request is invalid' do it 'fails if request is invalid' do
response = epp_plain_request(@epp_xml.delete, :xml) response = epp_plain_request(@epp_xml.delete, :xml)
response[:results][0][:msg].should == response[:results][0][:msg].should ==
'Required parameter missing: delete > delete > id [id]' 'Required parameter missing: delete > delete > id [id]'
response[:results][0][:result_code].should == '2003' response[:results][0][:result_code].should == '2003'
response[:results][1][:msg].should == response[:results][1][:msg].should ==
'Required parameter missing: delete > delete > authInfo > pw [pw]' 'Required parameter missing: delete > delete > authInfo > pw [pw]'
response[:results][1][:result_code].should == '2003' response[:results][1][:result_code].should == '2003'
response[:results].count.should == 2 response[:results].count.should == 2
@ -378,7 +399,7 @@ describe 'EPP Contact', epp: true do
@domain = Fabricate(:domain, registrar: @registrar1, owner_contact: @contact) @domain = Fabricate(:domain, registrar: @registrar1, owner_contact: @contact)
@domain.owner_contact.address.present?.should == true @domain.owner_contact.address.present?.should == true
response = delete_request response = delete_request
response[:msg].should == 'Object association prohibits operation [domains]' response[:msg].should == 'Object association prohibits operation [domains]'
response[:result_code].should == '2305' response[:result_code].should == '2305'
response[:results].count.should == 1 response[:results].count.should == 1
@ -443,7 +464,7 @@ describe 'EPP Contact', epp: true do
it 'fails if request invalid' do it 'fails if request invalid' do
response = epp_plain_request(@epp_xml.info, :xml) response = epp_plain_request(@epp_xml.info, :xml)
response[:results][0][:msg].should == response[:results][0][:msg].should ==
'Required parameter missing: info > info > id [id]' 'Required parameter missing: info > info > id [id]'
response[:results][0][:result_code].should == '2003' response[:results][0][:result_code].should == '2003'
response[:results].count.should == 1 response[:results].count.should == 1

21
spec/epp/domain_spec.rb
View file

@ -1460,6 +1460,27 @@ describe 'EPP Domain', epp: true do
d.domain_statuses.count.should == 2 d.domain_statuses.count.should == 2
end end
it 'does not allow to edit statuses if policy forbids it' do
Setting.client_status_editing_enabled = false
xml = domain_update_xml({
name: { value: domain.name },
add: [{
_anonymus: [
{ status: { value: 'Payment overdue.', attrs: { s: 'clientHold', lang: 'en' } } },
{ status: { value: '', attrs: { s: 'clientUpdateProhibited' } } }
]
}]
})
response = epp_plain_request(xml, :xml)
response[:results][0][:result_code].should == '2306'
response[:results][0][:msg].should == "Parameter value policy error. Client-side object status "\
"management not supported: status [status]"
Setting.client_status_editing_enabled = true
end
it 'updates a domain and removes objects' do it 'updates a domain and removes objects' do
xml = domain_update_xml({ xml = domain_update_xml({
name: { value: domain.name }, name: { value: domain.name },

2
spec/support/general.rb
View file

@ -16,6 +16,8 @@ module General
Setting.admin_contacts_max_count = 10 Setting.admin_contacts_max_count = 10
Setting.tech_contacts_min_count = 0 Setting.tech_contacts_min_count = 0
Setting.tech_contacts_max_count = 10 Setting.tech_contacts_max_count = 10
Setting.client_side_status_editing_enabled = true
end end
def create_disclosure_settings def create_disclosure_settings