diff --git a/app/helpers/epp/contacts_helper.rb b/app/helpers/epp/contacts_helper.rb index 8945e6b65..044dc13a8 100644 --- a/app/helpers/epp/contacts_helper.rb +++ b/app/helpers/epp/contacts_helper.rb @@ -38,6 +38,8 @@ module Epp::ContactsHelper def info_contact handle_errors(@contact) and return unless @contact handle_errors(@contact) and return unless rights? + @disclosure = @contact.disclosure + @owner = owner?(false) render 'epp/contacts/info' end @@ -54,14 +56,10 @@ module Epp::ContactsHelper def validate_contact_create_request @ph = params_hash['epp']['command']['create']['create'] return false unless validate_params - # xml_attrs_present?(@ph, [%w(postalInfo)]) xml_attrs_present?(@ph, [%w(postalInfo name), %w(postalInfo addr city), %w(postalInfo addr cc), %w(ident), %w(voice), %w(email)]) - epp_errors.empty? # unless @ph['postalInfo'].is_a?(Hash) || @ph['postalInfo'].is_a?(Array) - - # (epp_errors << Address.validate_postal_info_types(parsed_frame)).flatten! - # xml_attrs_array_present?(@ph['postalInfo'], [%w(name), %w(addr city), %w(addr cc)]) + epp_errors.empty? end ## UPDATE @@ -118,10 +116,10 @@ module Epp::ContactsHelper contact end - def owner? + def owner?(with_errors = true) return false unless find_contact - # return true if current_epp_user.registrar == find_contact.created_by.try(:registrar) return true if @contact.registrar == current_epp_user.registrar + return false unless with_errors epp_errors << { code: '2201', msg: t('errors.messages.epp_authorization_error') } false end @@ -132,14 +130,14 @@ module Epp::ContactsHelper return true if current_epp_user.try(:registrar) == @contact.try(:registrar) return true if pw && @contact.auth_info_matches(pw) # @contact.try(:auth_info_matches, pw) - epp_errors << { code: '2201', msg: t('errors.messages.epp_authorization_error'), value: { obj: 'pw', val: pw } } + epp_errors << { code: '2200', msg: t('errors.messages.epp_authentication_error') } false end def update_rights? pw = @ph.try(:[], :authInfo).try(:[], :pw) return true if pw && @contact.auth_info_matches(pw) - epp_errors << { code: '2201', msg: t('errors.messages.epp_authorization_error'), value: { obj: 'pw', val: pw } } + epp_errors << { code: '2200', msg: t('errors.messages.epp_authentication_error') } false end diff --git a/app/models/contact.rb b/app/models/contact.rb index c6025156f..82fe0940e 100644 --- a/app/models/contact.rb +++ b/app/models/contact.rb @@ -5,7 +5,7 @@ class Contact < ActiveRecord::Base include EppErrors has_one :address, dependent: :destroy - has_one :disclosure, class_name: 'ContactDisclosure' + has_one :disclosure, class_name: 'ContactDisclosure', dependent: :destroy has_many :domain_contacts has_many :domains, through: :domain_contacts diff --git a/app/views/epp/contacts/_postal_info.xml.builder b/app/views/epp/contacts/_postal_info.xml.builder index 4310c2f37..2eb511db6 100644 --- a/app/views/epp/contacts/_postal_info.xml.builder +++ b/app/views/epp/contacts/_postal_info.xml.builder @@ -1,15 +1,13 @@ address = @contact.address xml.tag!('contact:postalInfo', type: 'int') do - xml.tag!('contact:name', @contact.name)# if @contact.disclosure.try(:int_name) - xml.tag!('contact:org', @contact.org_name)# if @contact.disclosure.try(:int_org_name) - #if @contact.disclosure.try(:int_addr) - xml.tag!('contact:addr') do - xml.tag!('contact:street', address.street) if address - #xml.tag!('contact:street', address.street2) if address.street2 - #xml.tag!('contact:street', address.street3) if address.street3 - xml.tag!('contact:cc', address.try(:country).try(:iso)) unless address.try(:country).nil? - xml.tag!('contact:city', address.city) if address + xml.tag!('contact:name', @contact.name) if @disclosure.try(:name) || @owner + xml.tag!('contact:org', @contact.org_name) if @disclosure.try(:org_name) || @owner + if @disclosure.try(:addr) || @owner + xml.tag!('contact:addr') do + xml.tag!('contact:street', address.street) if address + xml.tag!('contact:cc', address.try(:country).try(:iso)) unless address.try(:country).nil? + xml.tag!('contact:city', address.city) if address + end end - #end end diff --git a/app/views/epp/contacts/info.xml.builder b/app/views/epp/contacts/info.xml.builder index 8e92a1cc6..202bfd583 100644 --- a/app/views/epp/contacts/info.xml.builder +++ b/app/views/epp/contacts/info.xml.builder @@ -6,22 +6,23 @@ xml.epp_head do xml.resData do xml.tag!('contact:chkData', 'xmlns:contact' => 'urn:ietf:params:xml:ns:contact-1.0') do - xml << render('/epp/contacts/postal_info') xml.tag!('contact:id', @contact.code) - xml.tag!('contact:voice', @contact.phone) #if @contact.disclosure.try(:phone) - xml.tag!('contact:fax', @contact.fax) #if @contact.disclosure.try(:fax) - xml.tag!('contact:email', @contact.email) #if @contact.disclosure..try(:email) - xml.tag!('contact:clID', @current_epp_user.username) if @current_epp_user - xml.tag!('contact:crID', @contact.cr_id ) if @contact.cr_id + xml << render('/epp/contacts/postal_info') + xml.tag!('contact:voice', @contact.phone) if @disclosure.try(:phone) || @owner + xml.tag!('contact:fax', @contact.fax) if @disclosure.try(:fax) || @owner + xml.tag!('contact:email', @contact.email) if @disclosure.try(:email) || @owner + #xml.tag!('contact:clID', @current_epp_user.username) if @current_epp_user + #xml.tag!('contact:crID', @contact.cr_id ) if @contact.cr_id xml.tag!('contact:crDate', @contact.created_at) xml.tag!('contact:upID', @contact.up_id) if @contact.up_id xml.tag!('contact:upDate', @contact.updated_at) unless @contact.updated_at == @contact.created_at xml.tag!('contact:trDate', '123') if false - xml.tag!('contact:authInfo') do - xml.tag!('contact:pw', @contact.auth_info) # Doc says we have to return this but is it necessary? + if @owner + xml.tag!('contact:authInfo') do + xml.tag!('contact:pw', @contact.auth_info) # Doc says we have to return this but is it necessary? + end end xml.tag!('contact:disclose', '123') if false - end end diff --git a/config/locales/en.yml b/config/locales/en.yml index 4649972c0..28ba5d564 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -233,6 +233,7 @@ en: epp_obj_does_not_exist: 'Object does not exist' epp_command_failed: 'Command failed' epp_authorization_error: 'Authorization error' + epp_authentication_error: 'Authentication error' epp_id_taken: 'Contact id already exists' epp_domain_not_found: 'Domain not found' epp_exp_dates_do_not_match: 'Given and current expire dates do not match' diff --git a/db/migrate/20141124105221_remove_address_type_from_contact_disclosure.rb b/db/migrate/20141124105221_remove_address_type_from_contact_disclosure.rb new file mode 100644 index 000000000..a4e177fe5 --- /dev/null +++ b/db/migrate/20141124105221_remove_address_type_from_contact_disclosure.rb @@ -0,0 +1,14 @@ +class RemoveAddressTypeFromContactDisclosure < ActiveRecord::Migration + def change + remove_column :contact_disclosures, :int_name, :boolean + remove_column :contact_disclosures, :int_org_name, :boolean + remove_column :contact_disclosures, :int_addr, :boolean + remove_column :contact_disclosures, :loc_name, :boolean + remove_column :contact_disclosures, :loc_org_name, :boolean + remove_column :contact_disclosures, :loc_addr, :boolean + + add_column :contact_disclosures, :name, :boolean + add_column :contact_disclosures, :org_name, :boolean + add_column :contact_disclosures, :address, :boolean + end +end diff --git a/db/schema.rb b/db/schema.rb index 295d7b948..ea64b8ffc 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20141114130737) do +ActiveRecord::Schema.define(version: 20141124105221) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -41,17 +41,14 @@ ActiveRecord::Schema.define(version: 20141114130737) do create_table "contact_disclosures", force: true do |t| t.integer "contact_id" - t.boolean "int_name", default: false - t.boolean "int_org_name", default: false - t.boolean "int_addr", default: false - t.boolean "loc_name", default: false - t.boolean "loc_org_name", default: false - t.boolean "loc_addr", default: false - t.boolean "phone", default: false - t.boolean "fax", default: false - t.boolean "email", default: false + t.boolean "phone", default: false + t.boolean "fax", default: false + t.boolean "email", default: false t.datetime "created_at" t.datetime "updated_at" + t.boolean "name" + t.boolean "org_name" + t.boolean "address" end create_table "contact_versions", force: true do |t| diff --git a/spec/epp/contact_spec.rb b/spec/epp/contact_spec.rb index 45dc968ab..d35138526 100644 --- a/spec/epp/contact_spec.rb +++ b/spec/epp/contact_spec.rb @@ -25,7 +25,6 @@ describe 'EPP Contact', epp: true do end context 'create command' do - it 'fails if request xml is missing' do xml = EppXml::Contact.create response = epp_request(xml, :xml) @@ -118,8 +117,8 @@ describe 'EPP Contact', epp: true do response = epp_request(update_contact_xml({ id: { value: 'sh8013' } }), :xml, :elkdata) - expect(response[:msg]).to eq('Authorization error') - expect(response[:result_code]).to eq('2201') + expect(response[:msg]).to eq('Authentication error') + expect(response[:result_code]).to eq('2200') end it 'is succesful' do @@ -165,16 +164,21 @@ describe 'EPP Contact', epp: true do expect(response[:results][1][:msg]).to eq('Email is invalid') end - # it 'updates disclosure items', pending: true do - # pending 'Disclosure needs to be remodeled a bit' - # Fabricate(:contact, code: 'sh8013', auth_info: '2fooBAR', registrar: zone, created_by_id: EppUser.first.id, - # disclosure: Fabricate(:contact_disclosure, phone: true, email: true)) - # epp_request('contacts/update.xml') - # - # expect(Contact.last.disclosure.phone).to eq(false) - # expect(Contact.last.disclosure.email).to eq(false) - # expect(Contact.count).to eq(1) - # end + it 'updates disclosure items' do + Fabricate(:contact, code: 'sh8013', auth_info: '2fooBAR', registrar: zone, created_by_id: EppUser.first.id, + disclosure: Fabricate(:contact_disclosure, phone: true, email: true)) + xml = { + id: { value: 'sh8013' }, + authInfo: { pw: { value: '2fooBAR' } } + } + @response = epp_request(update_contact_xml(xml), :xml) + + expect(@response[:results][0][:result_code]).to eq('1000') + + expect(Contact.last.disclosure.phone).to eq(false) + expect(Contact.last.disclosure.email).to eq(false) + expect(Contact.count).to eq(1) + end end context 'delete command' do @@ -252,6 +256,58 @@ describe 'EPP Contact', epp: true do end context 'info command' do + it 'discloses items with wrong password when queried by owner' do + @contact = Fabricate(:contact, registrar: zone, code: 'info-4444', name: 'Johnny Awesome', auth_info: 'asde', + address: Fabricate(:address), disclosure: Fabricate(:contact_disclosure, name: false)) + + xml = EppXml::Contact.info({ id: { value: @contact.code } }) + response = epp_request(xml, :xml, :zone) + contact = response[:parsed].css('resData chkData') + + expect(response[:result_code]).to eq('1000') + expect(response[:msg]).to eq('Command completed successfully') + expect(contact.css('name').first.text).to eq('Johnny Awesome') + end + + it 'returns auth error for non-owner with wrong password' do + @contact = Fabricate(:contact, registrar: elkdata, code: 'info-4444', name: 'Johnny Awesome', auth_info: 'asde', + address: Fabricate(:address), disclosure: Fabricate(:contact_disclosure, name: false)) + + xml = EppXml::Contact.info({ id: { value: @contact.code }, authInfo: { pw: { value: 'asdesde' } } }) + response = epp_request(xml, :xml, :zone) + + expect(response[:result_code]).to eq('2200') + expect(response[:msg]).to eq('Authentication error') + end + + it 'doesn\'t disclose items to non-owner with right password' do + @contact = Fabricate(:contact, registrar: elkdata, code: 'info-4444', + name: 'Johnny Awesome', auth_info: 'password', + address: Fabricate(:address), disclosure: Fabricate(:contact_disclosure, name: false)) + + xml = EppXml::Contact.info({ id: { value: @contact.code }, authInfo: { pw: { value: 'password' } } }) + response = epp_request(xml, :xml, :zone) + contact = response[:parsed].css('resData chkData') + + expect(response[:result_code]).to eq('1000') + expect(response[:msg]).to eq('Command completed successfully') + expect(contact.css('name').first).to eq(nil) + end + + it 'discloses items to owner' do + @contact = Fabricate(:contact, registrar: zone, code: 'info-4444', name: 'Johnny Awesome', + auth_info: 'password', + address: Fabricate(:address), disclosure: Fabricate(:contact_disclosure, name: false)) + + xml = EppXml::Contact.info({ id: { value: @contact.code } }) + response = epp_request(xml, :xml, :zone) + contact = response[:parsed].css('resData chkData') + + expect(response[:result_code]).to eq('1000') + expect(response[:msg]).to eq('Command completed successfully') + expect(contact.css('name').first.text).to eq('Johnny Awesome') + end + it 'fails if request invalid' do response = epp_request(EppXml::Contact.info({ uid: { value: '123123' } }), :xml) @@ -281,11 +337,13 @@ describe 'EPP Contact', epp: true do end - it 'doesn\'t disclose private elements', pending: true do - pending 'Disclosure needs to have some of the details worked out' - Fabricate(:contact, code: 'info-4444', auth_info: '2fooBAR', - disclosure: Fabricate(:contact_disclosure, email: false, phone: false)) - response = epp_request(info_contact_xml(id: { value: 'info-4444' }), :xml) + it 'doesn\'t disclose private elements' do + Fabricate(:contact, code: 'info-4444', auth_info: '2fooBAR', registrar: elkdata, + disclosure: Fabricate(:contact_disclosure, name: true, email: false, phone: false)) + + xml = EppXml::Contact.info({ id: { value: 'info-4444' }, authInfo: { pw: { value: '2fooBAR' } } }) + + response = epp_request(xml, :xml, :zone) contact = response[:parsed].css('resData chkData') expect(response[:result_code]).to eq('1000') @@ -309,22 +367,9 @@ describe 'EPP Contact', epp: true do xml = EppXml::Contact.info(id: { value: @contact.code }, authInfo: { pw: { value: 'qwe321' } }) response = epp_request(xml, :xml, :elkdata) - expect(response[:result_code]).to eq('2201') - expect(response[:msg]).to eq('Authorization error') + expect(response[:result_code]).to eq('2200') + expect(response[:msg]).to eq('Authentication error') end - - it 'doest display unassociated object with correct password' do - @contact = Fabricate(:contact, code: 'info-4444', registrar: zone, name: 'Johnny Awesome') - - xml = EppXml::Contact.info(id: { value: @contact.code }, authInfo: { pw: { value: @contact.auth_info } }) - response = epp_request(xml, :xml, :elkdata) - contact = response[:parsed].css('resData chkData') - - expect(response[:result_code]).to eq('1000') - expect(response[:msg]).to eq('Command completed successfully') - expect(contact.css('name').first.text).to eq('Johnny Awesome') - end - end context 'renew command' do diff --git a/spec/fabricators/contact_disclosure_fabricator.rb b/spec/fabricators/contact_disclosure_fabricator.rb index 784bd5bf8..6daf05186 100644 --- a/spec/fabricators/contact_disclosure_fabricator.rb +++ b/spec/fabricators/contact_disclosure_fabricator.rb @@ -1,10 +1,8 @@ Fabricator(:contact_disclosure) do email true phone true - loc_addr true - loc_name true - loc_org_name true - int_name true - int_org_name true - int_addr true + fax true + address true + name true + org_name true end