From c79fee5a499885032b859c0005a3d6d0c2b4770c Mon Sep 17 00:00:00 2001
From: Martin Lensment <mlensment@gmail.com>
Date: Wed, 22 Jul 2015 18:34:19 +0300
Subject: [PATCH] Validate request against schemas #2799

---
 app/controllers/epp_controller.rb | 30 +++++++++++++++++-------------
 lib/epp_constraint.rb             |  1 +
 2 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/app/controllers/epp_controller.rb b/app/controllers/epp_controller.rb
index 6da50eab3..16e788500 100644
--- a/app/controllers/epp_controller.rb
+++ b/app/controllers/epp_controller.rb
@@ -6,22 +6,26 @@ class EppController < ApplicationController
 
   before_action :generate_svtrid
   before_action :latin_only
-  # before_action :validate_against_schema
+  before_action :validate_against_schema
 
-  # def validate_against_schema
-  #   if params[:epp_object_type] == :domain
+  def validate_against_schema
+    # filename =
+    # if params[:epp_object_type] == :domain
 
-  #     xsd = Nokogiri::XML::Schema(File.read('doc/schemas/domain-eis-1.0.xsd'))
-  #     xsd.validate(Nokogiri::XML(params[:raw_frame])).each do |error|
-  #       epp_errors << {
-  #         code: 2002,
-  #         msg: error
-  #       }
-  #     end
-  #   end
+    return if params[:action] == 'hello'
+    params[:schema] = 'epp-1.0.xsd' unless params[:schema]
 
-  #   handle_errors and return if epp_errors.any?
-  # end
+    xsd = Nokogiri::XML::Schema(File.read("doc/schemas/#{params[:schema]}"))
+    xsd.validate(Nokogiri::XML(params[:raw_frame])).each do |error|
+      epp_errors << {
+        code: 2001,
+        msg: error
+      }
+    end
+
+      # end
+    handle_errors and return if epp_errors.any?
+  end
 
   before_action :validate_request
   before_action :update_epp_session
diff --git a/lib/epp_constraint.rb b/lib/epp_constraint.rb
index 02bf285d9..c4c5e712e 100644
--- a/lib/epp_constraint.rb
+++ b/lib/epp_constraint.rb
@@ -15,6 +15,7 @@ class EppConstraint
     unless [:keyrelay, :poll].include?(@type)
       element = "//#{@type}:#{request.params[:action]}"
       return false if parsed_frame.xpath("#{element}", OBJECT_TYPES[@type]).none?
+      request.params[:schema] = OBJECT_TYPES[@type][@type].split('/').last
     end
 
     request.params[:parsed_frame] = parsed_frame.remove_namespaces!