zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-08 21:54:48 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1276 from internetee/handle-anonymous-user

Browse source 
Handle anonymous user in EPP poll request
This commit is contained in:
Timo Võhmar 2020-09-03 12:55:58 +03:00 committed by GitHub
commit c1b3a3f81d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/epp/polls_controller.rb
View file

@ -1,8 +1,7 @@
module Epp
class PollsController < BaseController
skip_authorization_check # TODO: move authorization under ability
def poll
authorize! :manage, :poll
req_poll if params[:parsed_frame].css('poll').first['op'] == 'req'
ack_poll if params[:parsed_frame].css('poll').first['op'] == 'ack'
end

16
test/integration/epp/poll_test.rb
View file

@ -124,4 +124,20 @@ class EppPollTest < EppTestCase
assert_epp_response :object_does_not_exist
end
def test_anonymous_user_cannot_access
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<poll op="req"/>
</command>
</epp>
XML
post '/epp/command/poll', params: { frame: request_xml },
headers: { 'HTTP_COOKIE' => 'session=non-existent' }
assert_epp_response :authorization_error
end
end