mirror of
https://github.com/internetee/registry.git
synced 2025-07-22 18:56:05 +02:00
Merge branch '269-dispute-list' of https://github.com/internetee/registry into 269-dispute-list
This commit is contained in:
commit
cb18d1dbb1
17 changed files with 136 additions and 44 deletions
|
@ -30,7 +30,8 @@ module Repp
|
|||
webclient_cert_name = ENV['webclient_cert_common_name'] || 'webclient'
|
||||
error! "Webclient #{message} #{webclient_cert_name}", 401 if webclient_cert_name != request_name
|
||||
else
|
||||
unless @current_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
|
||||
unless @current_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
|
||||
request.env['HTTP_SSL_CLIENT_S_DN_CN'])
|
||||
error! "#{message} #{@current_user.username}", 401
|
||||
end
|
||||
end
|
||||
|
|
|
@ -30,6 +30,8 @@ module Api
|
|||
raise "Invalid status #{params[:status]}"
|
||||
end
|
||||
|
||||
auction.mark_deadline(params[:registration_deadline]) if params[:registration_deadline]
|
||||
|
||||
if auction.payment_not_received? || auction.domain_not_registered?
|
||||
update_whois_from_auction(Auction.pending(auction.domain))
|
||||
else
|
||||
|
|
|
@ -26,7 +26,8 @@ module Epp
|
|||
end
|
||||
|
||||
if !Rails.env.development? && (!webclient_request && @api_user)
|
||||
unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
|
||||
unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
|
||||
request.env['HTTP_SSL_CLIENT_S_DN_CN'])
|
||||
epp_errors << {
|
||||
msg: 'Authentication error; server closing connection (certificate is not valid)',
|
||||
code: '2501'
|
||||
|
|
|
@ -31,7 +31,8 @@ class Registrar
|
|||
end
|
||||
|
||||
if @depp_user.pki
|
||||
unless @api_user.registrar_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
|
||||
unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
|
||||
request.env['HTTP_SSL_CLIENT_S_DN_CN'], api: false)
|
||||
@depp_user.errors.add(:base, :invalid_cert)
|
||||
end
|
||||
end
|
||||
|
@ -205,4 +206,4 @@ class Registrar
|
|||
redirect_to new_registrar_user_session_url, alert: @depp_user.errors.full_messages.first
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -64,24 +64,14 @@ class ApiUser < User
|
|||
registrar.notifications.unread
|
||||
end
|
||||
|
||||
def registrar_pki_ok?(crt, cn)
|
||||
return false if crt.blank? || cn.blank?
|
||||
crt = crt.split(' ').join("\n")
|
||||
crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
|
||||
crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
|
||||
cert = OpenSSL::X509::Certificate.new(crt)
|
||||
md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
|
||||
certificates.registrar.exists?(md5: md5, common_name: cn)
|
||||
end
|
||||
def pki_ok?(crt, com, api: true)
|
||||
return false if crt.blank? || com.blank?
|
||||
|
||||
def api_pki_ok?(crt, cn)
|
||||
return false if crt.blank? || cn.blank?
|
||||
crt = crt.split(' ').join("\n")
|
||||
crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
|
||||
crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
|
||||
cert = OpenSSL::X509::Certificate.new(crt)
|
||||
origin = api ? certificates.api : certificates.registrar
|
||||
cert = machine_readable_certificate(crt)
|
||||
md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
|
||||
certificates.api.exists?(md5: md5, common_name: cn)
|
||||
|
||||
origin.exists?(md5: md5, common_name: com, revoked: false)
|
||||
end
|
||||
|
||||
def linked_users
|
||||
|
@ -93,4 +83,14 @@ class ApiUser < User
|
|||
def linked_with?(another_api_user)
|
||||
another_api_user.identity_code == self.identity_code
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def machine_readable_certificate(cert)
|
||||
cert = cert.split(' ').join("\n")
|
||||
cert.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
|
||||
cert.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
|
||||
|
||||
OpenSSL::X509::Certificate.new(cert)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -23,10 +23,19 @@ class Auction < ApplicationRecord
|
|||
save!
|
||||
end
|
||||
|
||||
def whois_deadline
|
||||
registration_deadline.to_s
|
||||
end
|
||||
|
||||
def mark_as_no_bids
|
||||
no_bids!
|
||||
end
|
||||
|
||||
def mark_deadline(registration_deadline)
|
||||
self.registration_deadline = registration_deadline
|
||||
save!
|
||||
end
|
||||
|
||||
def mark_as_payment_received
|
||||
self.status = self.class.statuses[:payment_received]
|
||||
generate_registration_code
|
||||
|
@ -69,4 +78,4 @@ class Auction < ApplicationRecord
|
|||
def registration_code_matches?(code)
|
||||
registration_code == code
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -32,20 +32,21 @@ class Certificate < ApplicationRecord
|
|||
errors.add(:base, I18n.t(:invalid_csr_or_crt))
|
||||
end
|
||||
|
||||
before_create :parse_metadata
|
||||
def parse_metadata
|
||||
if crt
|
||||
pc = parsed_crt.try(:subject).try(:to_s) || ''
|
||||
cn = pc.scan(/\/CN=(.+)/).flatten.first
|
||||
self.common_name = cn.split('/').first
|
||||
self.md5 = OpenSSL::Digest::MD5.new(parsed_crt.to_der).to_s
|
||||
self.interface = API
|
||||
elsif csr
|
||||
pc = parsed_csr.try(:subject).try(:to_s) || ''
|
||||
cn = pc.scan(/\/CN=(.+)/).flatten.first
|
||||
self.common_name = cn.split('/').first
|
||||
self.interface = REGISTRAR
|
||||
end
|
||||
validate :assign_metadata, on: :create
|
||||
|
||||
def assign_metadata
|
||||
origin = crt ? parsed_crt : parsed_csr
|
||||
parse_metadata(origin)
|
||||
rescue NoMethodError
|
||||
errors.add(:base, I18n.t(:invalid_csr_or_crt))
|
||||
end
|
||||
|
||||
def parse_metadata(origin)
|
||||
pc = origin.subject.to_s
|
||||
cn = pc.scan(%r{\/CN=(.+)}).flatten.first
|
||||
self.common_name = cn.split('/').first
|
||||
self.md5 = OpenSSL::Digest::MD5.new(origin.to_der).to_s if crt
|
||||
self.interface = crt ? API : REGISTRAR
|
||||
end
|
||||
|
||||
def parsed_crt
|
||||
|
@ -116,6 +117,7 @@ class Certificate < ApplicationRecord
|
|||
-revoke #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
|
||||
|
||||
if err.match(/Data Base Updated/) || err.match(/ERROR:Already revoked/)
|
||||
self.revoked = true
|
||||
save!
|
||||
@cached_status = REVOKED
|
||||
else
|
||||
|
|
|
@ -70,7 +70,8 @@ module Versions
|
|||
valid_columns = ver.item_type.constantize&.column_names
|
||||
o = new(ver.object&.slice(*valid_columns))
|
||||
o.version_loader = ver
|
||||
ver.object_changes.to_h.each { |k, v| o.public_send("#{k}=", v[-1]) }
|
||||
changes = ver.object_changes.to_h&.slice(*valid_columns)
|
||||
changes.each { |k, v| o.public_send("#{k}=", v[-1]) }
|
||||
o
|
||||
end
|
||||
not_in_history = where(id: (ids.to_a - from_history.map(&:id)))
|
||||
|
|
|
@ -16,7 +16,8 @@ module Whois
|
|||
elsif auction.awaiting_payment? || auction.payment_received?
|
||||
update!(json: { name: auction.domain,
|
||||
status: ['PendingRegistration'],
|
||||
disclaimer: self.class.disclaimer })
|
||||
disclaimer: self.class.disclaimer,
|
||||
registration_deadline: auction.whois_deadline })
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue