Add Registrant User

2025-05-18 02:09:39 +02:00 · 2015-05-14 18:02:31 +03:00 · 2015-05-14 18:02:31 +03:00 · ca2183817a
commit ca2183817a
parent 412ececd9c
8 changed files with 57 additions and 51 deletions
--- a/app/controllers/registrant/sessions_controller.rb
+++ b/app/controllers/registrant/sessions_controller.rb
@ -45,6 +45,13 @@ class Registrant::SessionsController < ::SessionsController
  # rubocop:enable Metrics/CyclomaticComplexity
  # rubocop:enable Metrics/PerceivedComplexity

+  def id
+    logger.error request.env['SSL_CLIENT_CERT']
+    # @user = RegistrantUser.where(identity_code: 'EE-123').first_or_create
+    # sign_in(@user, event: :authentication)
+    redirect_to registrant_root_url
+  end
+
  def login_mid
    @user = User.new
  end
@ -55,7 +62,7 @@ class Registrant::SessionsController < ::SessionsController

    if Rails.env.test? && phone == "123"
      @user = ApiUser.find_by(identity_code: "14212128025")
-      sign_in(@user, event: :authentication) 
+      sign_in(@user, event: :authentication)
      return redirect_to registrant_root_url
    end

--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -13,7 +13,9 @@ class Ability
    when 'ApiUser'
      epp
      registrar
-      registrant # refactor 
+      registrant # refactor
+    when 'RegistrantUser'
+      registrant
    end

    can :show, :dashboard
@ -66,6 +68,7 @@ class Ability

  def registrant
    can :manage, Registrant::Whois
+    can :manage, Depp::Domain
  end

  def user
--- a/app/models/registrant_user.rb
+++ b/app/models/registrant_user.rb
@ -1,46 +1,8 @@
-require 'open3'
-
-# rubocop: disable Metrics/ClassLength
-class ApiUser < User
-  include EppErrors
-  def epp_code_map # rubocop:disable Metrics/MethodLength
-    {
-      '2306' => [ # Parameter policy error
-        [:password, :blank]
-      ]
-    }
-  end
-
-  # TODO: should have max request limit per day
-  belongs_to :registrar
-  has_many :certificates
-
-  validates :username, :password, :registrar, presence: true
-  validates :username, uniqueness: true
-
+class RegistrantUser < User
  attr_accessor :registrar_typeahead

  def ability
    @ability ||= Ability.new(self)
  end
  delegate :can?, :cannot?, to: :ability
-
-  after_initialize :set_defaults
-  def set_defaults
-    return unless new_record?
-    self.active = true unless active_changed?
-  end
-
-  def registrar_typeahead
-    @registrar_typeahead || registrar || nil
-  end
-
-  def to_s
-    username
-  end
-
-  def queued_messages
-    registrar.messages.queued
-  end
 end
-# rubocop: enable Metrics/ClassLength
--- a/app/views/registrant/sessions/login.haml
+++ b/app/views/registrant/sessions/login.haml
@ -2,15 +2,8 @@
  .form-signin.col-md-6.center-block.text-center
    %h2.form-signin-heading.text-center= t(:log_in)
    %hr
-    = form_for @depp_user, url: registrant_sessions_path, html: {class: 'form-signin'} do |f|
-      = render 'registrar/shared/errors', object: f.object
-
-      - error_class = f.object.errors.any? ? 'has-error' : ''
-      %div{class: error_class}
-        = f.text_field :tag, class: 'form-control', placeholder: t(:username), required: true
-        = f.password_field :password, class: 'form-control', placeholder: t(:password), required: true
-
-      %button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t(:log_in)
+    = link_to '/registrant/id', method: :post do
+      = image_tag 'id_card.gif'

    %hr
    -# = link_to '/regisrant/login/mid' do
--- a/config/routes.rb
+++ b/config/routes.rb
@ -111,6 +111,7 @@ Rails.application.routes.draw do

      post 'sessions' => 'sessions#create'
      post 'mid' => 'sessions#mid'
+      post 'id' => 'sessions#id'
      get 'logout' => '/devise/sessions#destroy'
    end

--- a/db/migrate/20150514132606_add_registrant_ident_to_users.rb
+++ b/db/migrate/20150514132606_add_registrant_ident_to_users.rb
@ -0,0 +1,5 @@
+class AddRegistrantIdentToUsers < ActiveRecord::Migration
+  def change
+    add_column :users, :registrant_ident, :string
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20150513080013) do
+ActiveRecord::Schema.define(version: 20150514132606) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@ -908,6 +908,7 @@ ActiveRecord::Schema.define(version: 20150513080013) do
    t.text     "csr"
    t.text     "crt"
    t.string   "type"
+    t.string   "registrant_ident"
  end

  add_index "users", ["identity_code"], name: "index_users_on_identity_code", using: :btree
--- a/doc/certificates.md
+++ b/doc/certificates.md
@ -187,6 +187,40 @@ Download CRT file and create p12 file.

 Add api_user.p12 to your browser.

+ID card login
+---------------
+
+Download SK certificates:
+
+    wget https://sk.ee/upload/files/Juur-SK.pem.crt
+    wget https://sk.ee/upload/files/EE_Certification_Centre_Root_CA.pem.crt
+    wget https://sk.ee/upload/files/ESTEID-SK_2007.pem.crt
+    wget https://sk.ee/upload/files/ESTEID-SK_2011.pem.crt
+
+Merge them into the existing ca file:
+
+    cat EE_Certification_Centre_Root_CA.pem.crt ESTEID-SK_2007.pem.crt ESTEID-SK_2011.pem.crt Juur-SK.pem.crt > id.crt
+
+Download CLR-s:
+
+    wget https://sk.ee/crls/esteid/esteid2007.crl
+    wget https://sk.ee/crls/juur/crl.crl
+    wget https://sk.ee/crls/eeccrca/eeccrca.crl
+    wget https://sk.ee/repository/crls/esteid2011.crl
+
+Convert to PEM:
+
+    openssl crl -in esteid2007.crl -out esteid2007.crl -inform DER
+    openssl crl -in crl.crl -out crl.crl -inform DER
+    openssl crl -in eeccrca.crl -out eeccrca.crl -inform DER
+    openssl crl -in esteid2011.crl -out esteid2011.crl -inform DER
+
+Make symlinks:
+
+    ln -s crl.crl `openssl crl -hash -noout -in crl.crl`.r0
+    ln -s esteid2007.crl `openssl crl -hash -noout -in esteid2007.crl`.r0
+    ln -s eeccrca.crl `openssl crl -hash -noout -in eeccrca.crl`.r0
+    ln -s esteid2011.crl `openssl crl -hash -noout -in esteid2011.crl`.r0

 Development env
 ---------------