Merge pull request #2105 from internetee/implement-api-endpoint-for-login-info

added api endpoint for registrar login
This commit is contained in:
Timo Võhmar 2021-11-10 13:36:43 +02:00 committed by GitHub
commit c5719a35f1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 511 additions and 7 deletions

View file

@ -0,0 +1,67 @@
require 'serializers/repp/domain'
module Api
module V1
module AccreditationCenter
class AuthController < ::Api::V1::AccreditationCenter::BaseController
before_action :authenticate_user
def index
login = @current_user
registrar = @current_user.registrar
# rubocop:disable Style/AndOr
render_success(data: nil) and return unless login
# rubocop:enable Style/AndOr
data = set_values_to_data(login: login, registrar: registrar)
render_success(data: data)
end
private
def authenticate_user
username, password = Base64.urlsafe_decode64(basic_token).split(':')
@current_user ||= ApiUser.find_by(username: username, plain_text_password: password)
return if @current_user
raise(ArgumentError)
rescue NoMethodError, ArgumentError
@response = { code: 2202, message: 'Invalid authorization information' }
render(json: @response, status: :unauthorized)
end
def basic_token
pattern = /^Basic /
header = request.headers['Authorization']
header = header.gsub(pattern, '') if header&.match(pattern)
header.strip
end
def set_values_to_data(login:, registrar:)
data = login.as_json(only: %i[id
username
name
uuid
roles
accreditation_date
accreditation_expire_date])
data[:registrar_name] = registrar.name
data[:registrar_reg_no] = registrar.reg_no
data[:registrar_email] = registrar.email
data[:code] = registrar.code
data
end
def render_success(code: nil, message: nil, data: nil)
@response = { code: code || 1000, message: message || 'Command completed successfully',
data: data || {} }
render(json: @response, status: :ok)
end
end
end
end
end

View file

@ -0,0 +1,28 @@
require 'auth_token/auth_token_decryptor'
module Api
module V1
module AccreditationCenter
class BaseController < ActionController::API
rescue_from ActiveRecord::RecordNotFound, with: :show_not_found_error
rescue_from ActiveRecord::RecordInvalid, with: :show_invalid_record_error
rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
error = {}
error[parameter_missing_exception.param] = ['parameter is required']
response = { errors: [error] }
render json: response, status: :unprocessable_entity
end
private
def show_not_found_error
render json: { errors: [{ base: ['Not found'] }] }, status: :not_found
end
def show_invalid_record_error(exception)
render json: { errors: exception.record.errors }, status: :bad_request
end
end
end
end
end

View file

@ -0,0 +1,21 @@
require 'serializers/repp/contact'
module Api
module V1
module AccreditationCenter
class ContactsController < ::Api::V1::AccreditationCenter::BaseController
def show
@contact = Contact.find_by(code: params[:id])
if @contact
render json: { code: 1000, contact: Serializers::Repp::Contact.new(@contact,
show_address: false).to_json },
status: :found
else
render json: { errors: 'Contact not found' }, status: :not_found
end
end
end
end
end
end

View file

@ -0,0 +1,21 @@
require 'serializers/repp/domain'
module Api
module V1
module AccreditationCenter
class DomainsController < ::Api::V1::AccreditationCenter::BaseController
def show
@domain = Domain.find_by(name: params[:name])
if @domain
render json: { code: 1000, domain: Serializers::Repp::Domain.new(@domain,
sponsored: true).to_json },
status: :found
else
render json: { errors: 'Domain not found' }, status: :not_found
end
end
end
end
end
end

View file

@ -0,0 +1,32 @@
module Api
module V1
module AccreditationCenter
class InvoiceStatusController < ::Api::V1::AccreditationCenter::BaseController
def index
username, password = Base64.urlsafe_decode64(basic_token).split(':')
@current_user ||= ApiUser.find_by(username: username, plain_text_password: password)
return render json: { errors: 'No user found' }, status: :not_found if @current_user.nil?
@invoices = @current_user.registrar.invoices.select { |i| i.cancelled_at != nil }
if @invoices
render json: { code: 1000, invoices: @invoices },
status: :found
else
render json: { errors: 'No invoices' }, status: :not_found
end
end
private
def basic_token
pattern = /^Basic /
header = request.headers['Authorization']
header = header.gsub(pattern, '') if header&.match(pattern)
header.strip
end
end
end
end
end

View file

@ -116,6 +116,9 @@ module Repp
def webclient_request?
return if Rails.env.test?
header = request.headers['AccreditationToken']
return if header == ENV['accreditation_secret']
ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip)
end
@ -131,6 +134,10 @@ module Repp
render(json: @response, status: :unauthorized)
end
def logger
Rails.logger
end
end
end
end

View file

@ -33,7 +33,7 @@ module Repp
param :registrant, String, required: true, desc: 'Registrant contact code'
param :reserved_pw, String, required: false, desc: 'Reserved password for domain'
param :transfer_code, String, required: false, desc: 'Desired transfer code for domain'
param :period, Integer, required: true, desc: 'Registration period in months or years'
# param :period, String, required: true, desc: 'Registration period in months or years'
param :period_unit, String, required: true, desc: 'Period type (month m) or (year y)'
param :nameservers_attributes, Array, required: false, desc: 'Domain nameservers' do
param :hostname, String, required: true, desc: 'Nameserver hostname'
@ -64,7 +64,7 @@ module Repp
handle_errors(@domain) and return unless action.call
# rubocop:enable Style/AndOr
render_success(data: { domain: { name: @domain.name } })
render_success(data: { domain: { name: @domain.name, transfer_code: @domain.transfer_code } })
end
api :PUT, '/repp/v1/domains/:domain_name'

View file

@ -0,0 +1,38 @@
module Repp
module V1
module Registrar
class AccreditationInfoController < BaseController
api :GET, 'repp/v1/registrar/accreditation/get_info'
desc 'check login user and return data'
def index
login = current_user
registrar = current_user.registrar
# rubocop:disable Style/AndOr
render_success(data: nil) and return unless login
# rubocop:enable Style/AndOr
data = set_values_to_data(login: login, registrar: registrar)
render_success(data: data)
end
private
def set_values_to_data(login:, registrar:)
data = login.as_json(only: %i[id
username
name
uuid
roles
accreditation_date
accreditation_expire_date])
data[:registrar_name] = registrar.name
data[:registrar_reg_no] = registrar.reg_no
data
end
end
end
end
end

View file

@ -0,0 +1,61 @@
module Repp
module V1
module Registrar
class AccreditationResultsController < ActionController::API
before_action :authenticate_shared_key
TEMPORARY_SECRET_KEY = ENV['accreditation_secret'].freeze
api :POST, 'repp/v1/registrar/accreditation/push_results'
desc 'added datetime results'
def create
username = params[:accreditation_result][:username]
result = params[:accreditation_result][:result]
record_accreditation_result(username, result) if result
rescue ActiveRecord::RecordNotFound
record_not_found(username)
end
private
def record_accreditation_result(username, result)
user = ApiUser.find_by(username: username)
raise ActiveRecord::RecordNotFound if user.nil?
user.accreditation_date = DateTime.current
return unless user.save
render_success(data: { user: user,
result: result,
message: 'Accreditation info successfully added' })
end
def authenticate_shared_key
api_key = "Basic #{TEMPORARY_SECRET_KEY}"
render_failed unless api_key == request.authorization
end
def record_not_found(username)
@response = { code: 2303, message: "Object '#{username}' does not exist" }
render(json: @response)
end
def render_failed
@response = { code: 2202, message: 'Invalid authorization information' }
render(json: @response, status: :unauthorized)
end
def render_success(code: nil, message: nil, data: nil)
@response = { code: code || 1000, message: message || 'Command completed successfully',
data: data || {} }
render(json: @response, status: :ok)
end
end
end
end
end

View file

@ -106,7 +106,7 @@ module Actions
end
def assign_domain_period
domain.period = params[:period]
domain.period = params[:period].to_i
domain.period_unit = params[:period_unit]
end