diff --git a/app/helpers/epp/contacts_helper.rb b/app/helpers/epp/contacts_helper.rb index 034814092..89a255dbb 100644 --- a/app/helpers/epp/contacts_helper.rb +++ b/app/helpers/epp/contacts_helper.rb @@ -1,18 +1,15 @@ module Epp::ContactsHelper def create_contact @contact = Contact.new( contact_and_address_attributes ) - stamp @contact - if @contact.save - render '/epp/contacts/create' - else - handle_errors(@contact) - end + render '/epp/contacts/create' and return if stamp(@contact) && @contact.save + + handle_errors(@contact) end def update_contact code = params_hash['epp']['command']['update']['update'][:id] @contact = Contact.where(code: code).first - if stamp(@contact) && @contact.update_attributes(contact_and_address_attributes(:update)) + if has_rights? && stamp(@contact) && @contact.update_attributes(contact_and_address_attributes(:update)) render 'epp/contacts/update' else epp_errors << { code: '2303', msg: t('errors.messages.epp_obj_does_not_exist'), value: { obj: 'id', val: code } } if @contact == [] @@ -22,6 +19,7 @@ module Epp::ContactsHelper def delete_contact #no deleting, implement PaperTrail or something similar. + #TODO check for relation before 'destroying' @contact = find_contact handle_errors(@contact) and return unless @contact @contact.destroy @@ -47,12 +45,10 @@ module Epp::ContactsHelper def validate_contact_create_request @ph = params_hash['epp']['command']['create']['create'] xml_attrs_present?(@ph, [['id'], - ['postalInfo'], + ['authInfo', 'pw'], ['postalInfo', 'name'], - ['postalInfo', 'addr'], ['postalInfo', 'addr', 'city'], - ['postalInfo', 'addr', 'cc'], - ['authInfo']]) + ['postalInfo', 'addr', 'cc']]) end ## UPDATE @@ -89,6 +85,14 @@ module Epp::ContactsHelper contact end + def has_rights? + authInfo = @ph.try(:[], :authInfo).try(:[], :pw) || @ph.try(:[], :chg).try(:[], :authInfo).try(:[], :pw) || [] + id = @ph[:id] + return true if (id && authInfo && find_contact.auth_info == authInfo) + + epp_errors << { code: '2201', msg: t('errors.messages.epp_authorization_error'), value: { obj: 'pw', val: authInfo } } + return false + end def contact_and_address_attributes( type=:create ) case type @@ -105,13 +109,6 @@ module Epp::ContactsHelper contact_hash end - def has_rights - if @contact.created_by.registrar == current_epp_user.registrar - return true - end - return false - end - def ident_type result = params[:frame].slice(/(?<=\ 123456798 faulty + + 2fooBAR + diff --git a/spec/fabricators/contact_fabricator.rb b/spec/fabricators/contact_fabricator.rb index 775d7e510..989bd2620 100644 --- a/spec/fabricators/contact_fabricator.rb +++ b/spec/fabricators/contact_fabricator.rb @@ -5,5 +5,6 @@ Fabricator(:contact) do ident '37605030299' code { "sh#{Faker::Number.number(4)}" } ident_type 'op' + auth_info 'ccds4324pok' address end diff --git a/spec/support/epp_contact_xml_builder.rb b/spec/support/epp_contact_xml_builder.rb index a97f154ad..a5895e1cf 100644 --- a/spec/support/epp_contact_xml_builder.rb +++ b/spec/support/epp_contact_xml_builder.rb @@ -94,6 +94,8 @@ module EppContactXmlBuilder xml_params[:chg][:postalInfo] = postalInfo xml_params[:chg][:postalInfo][:addr] = addr + xml_params[:chg][:authInfo] = xml_params[:chg][:authInfo] || { pw: 'ccds4324pok' } + xml.instruct!(:xml, standalone: 'no') xml.epp('xmlns' => 'urn:ietf:params:xml:ns:epp-1.0') do @@ -122,6 +124,11 @@ module EppContactXmlBuilder end end end + unless xml_params[:chg][:authInfo] == [false] + xml.tag!('contact:authInfo') do + xml.tag!('contact:pw', xml_params[:chg][:authInfo][:pw] ) unless xml_params[:chg][:authInfo][:pw] == false + end + end end end end