Views and tests for contact disclosure

2025-05-16 09:27:19 +02:00 · 2014-11-25 16:29:40 +02:00 · 2014-11-25 16:29:40 +02:00 · c03818968f
commit c03818968f
parent ea2b64bc69
9 changed files with 130 additions and 78 deletions
--- a/app/helpers/epp/contacts_helper.rb
+++ b/app/helpers/epp/contacts_helper.rb
@ -38,6 +38,8 @@ module Epp::ContactsHelper
  def info_contact
    handle_errors(@contact) and return unless @contact
    handle_errors(@contact) and return unless rights?
+    @disclosure = @contact.disclosure
+    @owner = owner?(false)
    render 'epp/contacts/info'
  end

@ -54,14 +56,10 @@ module Epp::ContactsHelper
  def validate_contact_create_request
    @ph = params_hash['epp']['command']['create']['create']
    return false unless validate_params
-    # xml_attrs_present?(@ph, [%w(postalInfo)])
    xml_attrs_present?(@ph, [%w(postalInfo name), %w(postalInfo addr city), %w(postalInfo addr cc),
                             %w(ident), %w(voice), %w(email)])

-    epp_errors.empty? # unless @ph['postalInfo'].is_a?(Hash) || @ph['postalInfo'].is_a?(Array)
-
-    # (epp_errors << Address.validate_postal_info_types(parsed_frame)).flatten!
-    # xml_attrs_array_present?(@ph['postalInfo'], [%w(name), %w(addr city), %w(addr cc)])
+    epp_errors.empty?
  end

  ## UPDATE
@ -118,10 +116,10 @@ module Epp::ContactsHelper
    contact
  end

-  def owner?
+  def owner?(with_errors = true)
    return false unless find_contact
-    # return true if current_epp_user.registrar == find_contact.created_by.try(:registrar)
    return true if @contact.registrar == current_epp_user.registrar
+    return false unless with_errors
    epp_errors << { code: '2201', msg: t('errors.messages.epp_authorization_error') }
    false
  end
@ -132,14 +130,14 @@ module Epp::ContactsHelper
    return true if current_epp_user.try(:registrar) == @contact.try(:registrar)
    return true if pw && @contact.auth_info_matches(pw) # @contact.try(:auth_info_matches, pw)

-    epp_errors << { code: '2201', msg: t('errors.messages.epp_authorization_error'), value: { obj: 'pw', val: pw } }
+    epp_errors << { code: '2200', msg: t('errors.messages.epp_authentication_error') }
    false
  end

  def update_rights?
    pw = @ph.try(:[], :authInfo).try(:[], :pw)
    return true if pw && @contact.auth_info_matches(pw)
-    epp_errors << { code: '2201', msg: t('errors.messages.epp_authorization_error'), value: { obj: 'pw', val: pw } }
+    epp_errors << { code: '2200', msg: t('errors.messages.epp_authentication_error') }
    false
  end

--- a/app/models/contact.rb
+++ b/app/models/contact.rb
@ -5,7 +5,7 @@ class Contact < ActiveRecord::Base
  include EppErrors

  has_one :address, dependent: :destroy
-  has_one :disclosure, class_name: 'ContactDisclosure'
+  has_one :disclosure, class_name: 'ContactDisclosure', dependent: :destroy

  has_many :domain_contacts
  has_many :domains, through: :domain_contacts
--- a/app/views/epp/contacts/_postal_info.xml.builder
+++ b/app/views/epp/contacts/_postal_info.xml.builder
@ -1,15 +1,13 @@
 address = @contact.address
 xml.tag!('contact:postalInfo', type: 'int') do
-  xml.tag!('contact:name', @contact.name)# if @contact.disclosure.try(:int_name)
-  xml.tag!('contact:org', @contact.org_name)# if @contact.disclosure.try(:int_org_name)
-  #if @contact.disclosure.try(:int_addr)
-  xml.tag!('contact:addr') do
-    xml.tag!('contact:street', address.street) if address
-    #xml.tag!('contact:street', address.street2) if address.street2
-    #xml.tag!('contact:street', address.street3) if address.street3
-    xml.tag!('contact:cc', address.try(:country).try(:iso)) unless address.try(:country).nil?
-    xml.tag!('contact:city', address.city) if address
+  xml.tag!('contact:name', @contact.name) if @disclosure.try(:name) || @owner
+  xml.tag!('contact:org', @contact.org_name) if @disclosure.try(:org_name) || @owner
+  if @disclosure.try(:addr) || @owner
+    xml.tag!('contact:addr') do
+      xml.tag!('contact:street', address.street) if address
+      xml.tag!('contact:cc', address.try(:country).try(:iso)) unless address.try(:country).nil?
+      xml.tag!('contact:city', address.city) if address
+    end
  end
-  #end
 end

--- a/app/views/epp/contacts/info.xml.builder
+++ b/app/views/epp/contacts/info.xml.builder
@ -6,22 +6,23 @@ xml.epp_head do

    xml.resData do
      xml.tag!('contact:chkData', 'xmlns:contact' => 'urn:ietf:params:xml:ns:contact-1.0') do
-        xml << render('/epp/contacts/postal_info')
        xml.tag!('contact:id', @contact.code)
-        xml.tag!('contact:voice', @contact.phone) #if @contact.disclosure.try(:phone)
-        xml.tag!('contact:fax', @contact.fax) #if @contact.disclosure.try(:fax)
-        xml.tag!('contact:email', @contact.email) #if @contact.disclosure..try(:email)
-        xml.tag!('contact:clID', @current_epp_user.username) if @current_epp_user
-        xml.tag!('contact:crID', @contact.cr_id ) if @contact.cr_id
+        xml << render('/epp/contacts/postal_info')
+        xml.tag!('contact:voice', @contact.phone) if @disclosure.try(:phone) || @owner
+        xml.tag!('contact:fax', @contact.fax) if @disclosure.try(:fax) || @owner
+        xml.tag!('contact:email', @contact.email) if @disclosure.try(:email) || @owner
+        #xml.tag!('contact:clID', @current_epp_user.username) if @current_epp_user
+        #xml.tag!('contact:crID', @contact.cr_id ) if @contact.cr_id
        xml.tag!('contact:crDate', @contact.created_at)
        xml.tag!('contact:upID', @contact.up_id) if @contact.up_id
        xml.tag!('contact:upDate', @contact.updated_at) unless @contact.updated_at == @contact.created_at
        xml.tag!('contact:trDate', '123') if false
-        xml.tag!('contact:authInfo') do
-          xml.tag!('contact:pw', @contact.auth_info) # Doc says we have to return this but is it necessary?
+        if @owner
+          xml.tag!('contact:authInfo') do
+           xml.tag!('contact:pw', @contact.auth_info) # Doc says we have to return this but is it necessary?
+          end
        end
        xml.tag!('contact:disclose', '123') if false
-
      end
    end

--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -233,6 +233,7 @@ en:
      epp_obj_does_not_exist: 'Object does not exist'
      epp_command_failed: 'Command failed'
      epp_authorization_error: 'Authorization error'
+      epp_authentication_error: 'Authentication error'
      epp_id_taken: 'Contact id already exists'
      epp_domain_not_found: 'Domain not found'
      epp_exp_dates_do_not_match: 'Given and current expire dates do not match'
--- a/db/migrate/20141124105221_remove_address_type_from_contact_disclosure.rb
+++ b/db/migrate/20141124105221_remove_address_type_from_contact_disclosure.rb
@ -0,0 +1,14 @@
+class RemoveAddressTypeFromContactDisclosure < ActiveRecord::Migration
+  def change
+    remove_column :contact_disclosures, :int_name, :boolean
+    remove_column :contact_disclosures, :int_org_name, :boolean
+    remove_column :contact_disclosures, :int_addr, :boolean
+    remove_column :contact_disclosures, :loc_name, :boolean
+    remove_column :contact_disclosures, :loc_org_name, :boolean
+    remove_column :contact_disclosures, :loc_addr, :boolean
+
+    add_column :contact_disclosures, :name, :boolean
+    add_column :contact_disclosures, :org_name, :boolean
+    add_column :contact_disclosures, :address, :boolean
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20141114130737) do
+ActiveRecord::Schema.define(version: 20141124105221) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@ -41,17 +41,14 @@ ActiveRecord::Schema.define(version: 20141114130737) do

  create_table "contact_disclosures", force: true do |t|
    t.integer  "contact_id"
-    t.boolean  "int_name",     default: false
-    t.boolean  "int_org_name", default: false
-    t.boolean  "int_addr",     default: false
-    t.boolean  "loc_name",     default: false
-    t.boolean  "loc_org_name", default: false
-    t.boolean  "loc_addr",     default: false
-    t.boolean  "phone",        default: false
-    t.boolean  "fax",          default: false
-    t.boolean  "email",        default: false
+    t.boolean  "phone",      default: false
+    t.boolean  "fax",        default: false
+    t.boolean  "email",      default: false
    t.datetime "created_at"
    t.datetime "updated_at"
+    t.boolean  "name"
+    t.boolean  "org_name"
+    t.boolean  "address"
  end

  create_table "contact_versions", force: true do |t|
--- a/spec/epp/contact_spec.rb
+++ b/spec/epp/contact_spec.rb
@ -25,7 +25,6 @@ describe 'EPP Contact', epp: true do
    end

    context 'create command' do
-
      it 'fails if request xml is missing' do
        xml = EppXml::Contact.create
        response = epp_request(xml, :xml)
@ -118,8 +117,8 @@ describe 'EPP Contact', epp: true do

        response = epp_request(update_contact_xml({ id: { value: 'sh8013' } }), :xml, :elkdata)

-        expect(response[:msg]).to eq('Authorization error')
-        expect(response[:result_code]).to eq('2201')
+        expect(response[:msg]).to eq('Authentication error')
+        expect(response[:result_code]).to eq('2200')
      end

      it 'is succesful' do
@ -165,16 +164,21 @@ describe 'EPP Contact', epp: true do
        expect(response[:results][1][:msg]).to eq('Email is invalid')
      end

-      # it 'updates disclosure items', pending: true do
-      #   pending 'Disclosure needs to be remodeled a bit'
-      #   Fabricate(:contact, code: 'sh8013', auth_info: '2fooBAR', registrar: zone, created_by_id: EppUser.first.id,
-      #             disclosure: Fabricate(:contact_disclosure, phone: true, email: true))
-      #   epp_request('contacts/update.xml')
-      #
-      #   expect(Contact.last.disclosure.phone).to eq(false)
-      #   expect(Contact.last.disclosure.email).to eq(false)
-      #   expect(Contact.count).to eq(1)
-      # end
+      it 'updates disclosure items' do
+        Fabricate(:contact, code: 'sh8013', auth_info: '2fooBAR', registrar: zone, created_by_id: EppUser.first.id,
+                  disclosure: Fabricate(:contact_disclosure, phone: true, email: true))
+        xml = {
+          id: { value: 'sh8013' },
+          authInfo: { pw: { value: '2fooBAR' } }
+        }
+        @response = epp_request(update_contact_xml(xml), :xml)
+
+        expect(@response[:results][0][:result_code]).to eq('1000')
+
+        expect(Contact.last.disclosure.phone).to eq(false)
+        expect(Contact.last.disclosure.email).to eq(false)
+        expect(Contact.count).to eq(1)
+      end
    end

    context 'delete command' do
@ -252,6 +256,58 @@ describe 'EPP Contact', epp: true do
    end

    context 'info command' do
+      it 'discloses items with wrong password when queried by owner' do
+        @contact = Fabricate(:contact, registrar: zone, code: 'info-4444', name: 'Johnny Awesome', auth_info: 'asde',
+                  address: Fabricate(:address), disclosure: Fabricate(:contact_disclosure, name: false))
+
+        xml = EppXml::Contact.info({ id: { value: @contact.code } })
+        response = epp_request(xml, :xml, :zone)
+        contact = response[:parsed].css('resData chkData')
+
+        expect(response[:result_code]).to eq('1000')
+        expect(response[:msg]).to eq('Command completed successfully')
+        expect(contact.css('name').first.text).to eq('Johnny Awesome')
+      end
+
+      it 'returns auth error for non-owner with wrong password' do
+        @contact = Fabricate(:contact, registrar: elkdata, code: 'info-4444', name: 'Johnny Awesome', auth_info: 'asde',
+                  address: Fabricate(:address), disclosure: Fabricate(:contact_disclosure, name: false))
+
+        xml = EppXml::Contact.info({ id: { value: @contact.code }, authInfo: { pw: { value: 'asdesde' } } })
+        response = epp_request(xml, :xml, :zone)
+
+        expect(response[:result_code]).to eq('2200')
+        expect(response[:msg]).to eq('Authentication error')
+      end
+
+      it 'doesn\'t disclose items to non-owner with right password' do
+        @contact = Fabricate(:contact, registrar: elkdata, code: 'info-4444',
+                  name: 'Johnny Awesome', auth_info: 'password',
+                  address: Fabricate(:address), disclosure: Fabricate(:contact_disclosure, name: false))
+
+        xml = EppXml::Contact.info({ id: { value: @contact.code }, authInfo: { pw: { value: 'password' } } })
+        response = epp_request(xml, :xml, :zone)
+        contact = response[:parsed].css('resData chkData')
+
+        expect(response[:result_code]).to eq('1000')
+        expect(response[:msg]).to eq('Command completed successfully')
+        expect(contact.css('name').first).to eq(nil)
+      end
+
+      it 'discloses items to owner' do
+        @contact = Fabricate(:contact, registrar: zone, code: 'info-4444', name: 'Johnny Awesome',
+                  auth_info: 'password',
+                  address: Fabricate(:address), disclosure: Fabricate(:contact_disclosure, name: false))
+
+        xml = EppXml::Contact.info({ id: { value: @contact.code } })
+        response = epp_request(xml, :xml, :zone)
+        contact = response[:parsed].css('resData chkData')
+
+        expect(response[:result_code]).to eq('1000')
+        expect(response[:msg]).to eq('Command completed successfully')
+        expect(contact.css('name').first.text).to eq('Johnny Awesome')
+      end
+
      it 'fails if request invalid' do
        response = epp_request(EppXml::Contact.info({ uid: { value: '123123' } }), :xml)

@ -281,11 +337,13 @@ describe 'EPP Contact', epp: true do

      end

-      it 'doesn\'t disclose private elements', pending: true do
-        pending 'Disclosure needs to have some of the details worked out'
-        Fabricate(:contact, code: 'info-4444', auth_info: '2fooBAR',
-                  disclosure: Fabricate(:contact_disclosure, email: false, phone: false))
-        response = epp_request(info_contact_xml(id: { value: 'info-4444' }), :xml)
+      it 'doesn\'t disclose private elements' do
+        Fabricate(:contact, code: 'info-4444', auth_info: '2fooBAR', registrar: elkdata,
+                  disclosure: Fabricate(:contact_disclosure, name: true, email: false, phone: false))
+
+        xml = EppXml::Contact.info({ id: { value: 'info-4444' }, authInfo: { pw: { value: '2fooBAR' } } })
+
+        response = epp_request(xml, :xml, :zone)
        contact = response[:parsed].css('resData chkData')

        expect(response[:result_code]).to eq('1000')
@ -309,22 +367,9 @@ describe 'EPP Contact', epp: true do

        xml = EppXml::Contact.info(id: { value: @contact.code }, authInfo: { pw: { value: 'qwe321' } })
        response = epp_request(xml, :xml, :elkdata)
-        expect(response[:result_code]).to eq('2201')
-        expect(response[:msg]).to eq('Authorization error')
+        expect(response[:result_code]).to eq('2200')
+        expect(response[:msg]).to eq('Authentication error')
      end
-
-      it 'doest display unassociated object with correct password' do
-        @contact = Fabricate(:contact, code: 'info-4444', registrar: zone, name: 'Johnny Awesome')
-
-        xml = EppXml::Contact.info(id: { value: @contact.code }, authInfo: { pw: { value: @contact.auth_info } })
-        response = epp_request(xml, :xml, :elkdata)
-        contact = response[:parsed].css('resData chkData')
-
-        expect(response[:result_code]).to eq('1000')
-        expect(response[:msg]).to eq('Command completed successfully')
-        expect(contact.css('name').first.text).to eq('Johnny Awesome')
-      end
-
    end

    context 'renew command' do
--- a/spec/fabricators/contact_disclosure_fabricator.rb
+++ b/spec/fabricators/contact_disclosure_fabricator.rb
@ -1,10 +1,8 @@
 Fabricator(:contact_disclosure) do
  email true
  phone true
-  loc_addr true
-  loc_name true
-  loc_org_name true
-  int_name true
-  int_org_name true
-  int_addr true
+  fax true
+  address true
+  name true
+  org_name true
 end