From ca2183817a5fd9d8533d702261506c2ce0dd01a8 Mon Sep 17 00:00:00 2001
From: Martin Lensment <mlensment@gmail.com>
Date: Thu, 14 May 2015 18:02:31 +0300
Subject: [PATCH] Add Registrant User

---
 .../registrant/sessions_controller.rb         |  9 ++++-
 app/models/ability.rb                         |  5 ++-
 app/models/registrant_user.rb                 | 40 +------------------
 app/views/registrant/sessions/login.haml      | 11 +----
 config/routes.rb                              |  1 +
 ...514132606_add_registrant_ident_to_users.rb |  5 +++
 db/schema.rb                                  |  3 +-
 doc/certificates.md                           | 34 ++++++++++++++++
 8 files changed, 57 insertions(+), 51 deletions(-)
 create mode 100644 db/migrate/20150514132606_add_registrant_ident_to_users.rb

diff --git a/app/controllers/registrant/sessions_controller.rb b/app/controllers/registrant/sessions_controller.rb
index 859028bb3..e13d5aaed 100644
--- a/app/controllers/registrant/sessions_controller.rb
+++ b/app/controllers/registrant/sessions_controller.rb
@@ -45,6 +45,13 @@ class Registrant::SessionsController < ::SessionsController
   # rubocop:enable Metrics/CyclomaticComplexity
   # rubocop:enable Metrics/PerceivedComplexity
 
+  def id
+    logger.error request.env['SSL_CLIENT_CERT']
+    # @user = RegistrantUser.where(identity_code: 'EE-123').first_or_create
+    # sign_in(@user, event: :authentication)
+    redirect_to registrant_root_url
+  end
+
   def login_mid
     @user = User.new
   end
@@ -55,7 +62,7 @@ class Registrant::SessionsController < ::SessionsController
 
     if Rails.env.test? && phone == "123"
       @user = ApiUser.find_by(identity_code: "14212128025")
-      sign_in(@user, event: :authentication) 
+      sign_in(@user, event: :authentication)
       return redirect_to registrant_root_url
     end
 
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 38ddd5893..097f09020 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -13,7 +13,9 @@ class Ability
     when 'ApiUser'
       epp
       registrar
-      registrant # refactor 
+      registrant # refactor
+    when 'RegistrantUser'
+      registrant
     end
 
     can :show, :dashboard
@@ -66,6 +68,7 @@ class Ability
 
   def registrant
     can :manage, Registrant::Whois
+    can :manage, Depp::Domain
   end
 
   def user
diff --git a/app/models/registrant_user.rb b/app/models/registrant_user.rb
index ca3f9a07a..dfb66705c 100644
--- a/app/models/registrant_user.rb
+++ b/app/models/registrant_user.rb
@@ -1,46 +1,8 @@
-require 'open3'
-
-# rubocop: disable Metrics/ClassLength
-class ApiUser < User
-  include EppErrors
-  def epp_code_map # rubocop:disable Metrics/MethodLength
-    {
-      '2306' => [ # Parameter policy error
-        [:password, :blank]
-      ]
-    }
-  end
-
-  # TODO: should have max request limit per day
-  belongs_to :registrar
-  has_many :certificates
-
-  validates :username, :password, :registrar, presence: true
-  validates :username, uniqueness: true
-
+class RegistrantUser < User
   attr_accessor :registrar_typeahead
 
   def ability
     @ability ||= Ability.new(self)
   end
   delegate :can?, :cannot?, to: :ability
-
-  after_initialize :set_defaults
-  def set_defaults
-    return unless new_record?
-    self.active = true unless active_changed?
-  end
-
-  def registrar_typeahead
-    @registrar_typeahead || registrar || nil
-  end
-
-  def to_s
-    username
-  end
-
-  def queued_messages
-    registrar.messages.queued
-  end
 end
-# rubocop: enable Metrics/ClassLength
diff --git a/app/views/registrant/sessions/login.haml b/app/views/registrant/sessions/login.haml
index 404781d56..47b05eb5e 100644
--- a/app/views/registrant/sessions/login.haml
+++ b/app/views/registrant/sessions/login.haml
@@ -2,15 +2,8 @@
   .form-signin.col-md-6.center-block.text-center
     %h2.form-signin-heading.text-center= t(:log_in)
     %hr
-    = form_for @depp_user, url: registrant_sessions_path, html: {class: 'form-signin'} do |f|
-      = render 'registrar/shared/errors', object: f.object
-
-      - error_class = f.object.errors.any? ? 'has-error' : ''
-      %div{class: error_class}
-        = f.text_field :tag, class: 'form-control', placeholder: t(:username), required: true
-        = f.password_field :password, class: 'form-control', placeholder: t(:password), required: true
-
-      %button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t(:log_in)
+    = link_to '/registrant/id', method: :post do
+      = image_tag 'id_card.gif'
 
     %hr
     -# = link_to '/regisrant/login/mid' do
diff --git a/config/routes.rb b/config/routes.rb
index f88f7aabb..04c63fd9c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -111,6 +111,7 @@ Rails.application.routes.draw do
 
       post 'sessions' => 'sessions#create'
       post 'mid' => 'sessions#mid'
+      post 'id' => 'sessions#id'
       get 'logout' => '/devise/sessions#destroy'
     end
 
diff --git a/db/migrate/20150514132606_add_registrant_ident_to_users.rb b/db/migrate/20150514132606_add_registrant_ident_to_users.rb
new file mode 100644
index 000000000..3f9b1389f
--- /dev/null
+++ b/db/migrate/20150514132606_add_registrant_ident_to_users.rb
@@ -0,0 +1,5 @@
+class AddRegistrantIdentToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :registrant_ident, :string
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index d158abd78..834737375 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150513080013) do
+ActiveRecord::Schema.define(version: 20150514132606) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -908,6 +908,7 @@ ActiveRecord::Schema.define(version: 20150513080013) do
     t.text     "csr"
     t.text     "crt"
     t.string   "type"
+    t.string   "registrant_ident"
   end
 
   add_index "users", ["identity_code"], name: "index_users_on_identity_code", using: :btree
diff --git a/doc/certificates.md b/doc/certificates.md
index 13e2fcfb9..144ab4b2b 100644
--- a/doc/certificates.md
+++ b/doc/certificates.md
@@ -187,6 +187,40 @@ Download CRT file and create p12 file.
 
 Add api_user.p12 to your browser.
 
+ID card login
+---------------
+
+Download SK certificates:
+
+    wget https://sk.ee/upload/files/Juur-SK.pem.crt
+    wget https://sk.ee/upload/files/EE_Certification_Centre_Root_CA.pem.crt
+    wget https://sk.ee/upload/files/ESTEID-SK_2007.pem.crt
+    wget https://sk.ee/upload/files/ESTEID-SK_2011.pem.crt
+
+Merge them into the existing ca file:
+
+    cat EE_Certification_Centre_Root_CA.pem.crt ESTEID-SK_2007.pem.crt ESTEID-SK_2011.pem.crt Juur-SK.pem.crt > id.crt
+
+Download CLR-s:
+
+    wget https://sk.ee/crls/esteid/esteid2007.crl
+    wget https://sk.ee/crls/juur/crl.crl
+    wget https://sk.ee/crls/eeccrca/eeccrca.crl
+    wget https://sk.ee/repository/crls/esteid2011.crl
+
+Convert to PEM:
+
+    openssl crl -in esteid2007.crl -out esteid2007.crl -inform DER
+    openssl crl -in crl.crl -out crl.crl -inform DER
+    openssl crl -in eeccrca.crl -out eeccrca.crl -inform DER
+    openssl crl -in esteid2011.crl -out esteid2011.crl -inform DER
+
+Make symlinks:
+
+    ln -s crl.crl `openssl crl -hash -noout -in crl.crl`.r0
+    ln -s esteid2007.crl `openssl crl -hash -noout -in esteid2007.crl`.r0
+    ln -s eeccrca.crl `openssl crl -hash -noout -in eeccrca.crl`.r0
+    ln -s esteid2011.crl `openssl crl -hash -noout -in esteid2011.crl`.r0
 
 Development env
 ---------------