Merge branch '269-dispute-list' of https://github.com/internetee/registry into 269-dispute-list

2025-07-23 19:20:37 +02:00 · 2020-05-15 17:58:19 +03:00 · 2020-05-15 17:58:19 +03:00 · cb18d1dbb1
commit cb18d1dbb1
parent abc1920d45 906fc9938f
17 changed files with 136 additions and 44 deletions
--- a/app/api/repp/api.rb
+++ b/app/api/repp/api.rb
@ -30,7 +30,8 @@ module Repp
        webclient_cert_name = ENV['webclient_cert_common_name'] || 'webclient'
        error! "Webclient #{message} #{webclient_cert_name}", 401 if webclient_cert_name != request_name
      else
-        unless @current_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
+        unless @current_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
+                                     request.env['HTTP_SSL_CLIENT_S_DN_CN'])
          error! "#{message} #{@current_user.username}", 401
        end
      end
--- a/app/controllers/api/v1/auctions_controller.rb
+++ b/app/controllers/api/v1/auctions_controller.rb
@ -30,6 +30,8 @@ module Api
          raise "Invalid status #{params[:status]}"
        end

+        auction.mark_deadline(params[:registration_deadline]) if params[:registration_deadline]
+
        if auction.payment_not_received? || auction.domain_not_registered?
          update_whois_from_auction(Auction.pending(auction.domain))
        else
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@ -26,7 +26,8 @@ module Epp
      end

      if !Rails.env.development? && (!webclient_request && @api_user)
-        unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
+        unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
+                                 request.env['HTTP_SSL_CLIENT_S_DN_CN'])
          epp_errors << {
            msg: 'Authentication error; server closing connection (certificate is not valid)',
            code: '2501'
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -31,7 +31,8 @@ class Registrar
      end

      if @depp_user.pki
-        unless @api_user.registrar_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
+        unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
+                                 request.env['HTTP_SSL_CLIENT_S_DN_CN'], api: false)
          @depp_user.errors.add(:base, :invalid_cert)
        end
      end
@ -205,4 +206,4 @@ class Registrar
      redirect_to new_registrar_user_session_url, alert: @depp_user.errors.full_messages.first
    end
  end
-end
+end
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@ -64,24 +64,14 @@ class ApiUser < User
    registrar.notifications.unread
  end

-  def registrar_pki_ok?(crt, cn)
-    return false if crt.blank? || cn.blank?
-    crt = crt.split(' ').join("\n")
-    crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
-    crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
-    cert = OpenSSL::X509::Certificate.new(crt)
-    md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
-    certificates.registrar.exists?(md5: md5, common_name: cn)
-  end
+  def pki_ok?(crt, com, api: true)
+    return false if crt.blank? || com.blank?

-  def api_pki_ok?(crt, cn)
-    return false if crt.blank? || cn.blank?
-    crt = crt.split(' ').join("\n")
-    crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
-    crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
-    cert = OpenSSL::X509::Certificate.new(crt)
+    origin = api ? certificates.api : certificates.registrar
+    cert = machine_readable_certificate(crt)
    md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
-    certificates.api.exists?(md5: md5, common_name: cn)
+
+    origin.exists?(md5: md5, common_name: com, revoked: false)
  end

  def linked_users
@ -93,4 +83,14 @@ class ApiUser < User
  def linked_with?(another_api_user)
    another_api_user.identity_code == self.identity_code
  end
+
+  private
+
+  def machine_readable_certificate(cert)
+    cert = cert.split(' ').join("\n")
+    cert.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
+    cert.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
+
+    OpenSSL::X509::Certificate.new(cert)
+  end
 end
--- a/app/models/auction.rb
+++ b/app/models/auction.rb
@ -23,10 +23,19 @@ class Auction < ApplicationRecord
    save!
  end

+  def whois_deadline
+    registration_deadline.to_s
+  end
+
  def mark_as_no_bids
    no_bids!
  end

+  def mark_deadline(registration_deadline)
+    self.registration_deadline = registration_deadline
+    save!
+  end
+
  def mark_as_payment_received
    self.status = self.class.statuses[:payment_received]
    generate_registration_code
@ -69,4 +78,4 @@ class Auction < ApplicationRecord
  def registration_code_matches?(code)
    registration_code == code
  end
-end
+end
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@ -32,20 +32,21 @@ class Certificate < ApplicationRecord
      errors.add(:base, I18n.t(:invalid_csr_or_crt))
  end

-  before_create :parse_metadata
-  def parse_metadata
-    if crt
-      pc = parsed_crt.try(:subject).try(:to_s) || ''
-      cn = pc.scan(/\/CN=(.+)/).flatten.first
-      self.common_name = cn.split('/').first
-      self.md5 = OpenSSL::Digest::MD5.new(parsed_crt.to_der).to_s
-      self.interface = API
-    elsif csr
-      pc = parsed_csr.try(:subject).try(:to_s) || ''
-      cn = pc.scan(/\/CN=(.+)/).flatten.first
-      self.common_name = cn.split('/').first
-      self.interface = REGISTRAR
-    end
+  validate :assign_metadata, on: :create
+
+  def assign_metadata
+    origin = crt ? parsed_crt : parsed_csr
+    parse_metadata(origin)
+  rescue NoMethodError
+    errors.add(:base, I18n.t(:invalid_csr_or_crt))
+  end
+
+  def parse_metadata(origin)
+    pc = origin.subject.to_s
+    cn = pc.scan(%r{\/CN=(.+)}).flatten.first
+    self.common_name = cn.split('/').first
+    self.md5 = OpenSSL::Digest::MD5.new(origin.to_der).to_s if crt
+    self.interface = crt ? API : REGISTRAR
  end

  def parsed_crt
@ -116,6 +117,7 @@ class Certificate < ApplicationRecord
      -revoke #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")

    if err.match(/Data Base Updated/) || err.match(/ERROR:Already revoked/)
+      self.revoked = true
      save!
      @cached_status = REVOKED
    else
--- a/app/models/concerns/versions.rb
+++ b/app/models/concerns/versions.rb
@ -70,7 +70,8 @@ module Versions
            valid_columns = ver.item_type.constantize&.column_names
            o = new(ver.object&.slice(*valid_columns))
            o.version_loader = ver
-            ver.object_changes.to_h.each { |k, v| o.public_send("#{k}=", v[-1]) }
+            changes = ver.object_changes.to_h&.slice(*valid_columns)
+            changes.each { |k, v| o.public_send("#{k}=", v[-1]) }
            o
          end
      not_in_history = where(id: (ids.to_a - from_history.map(&:id)))
--- a/app/models/whois/record.rb
+++ b/app/models/whois/record.rb
@ -16,7 +16,8 @@ module Whois
      elsif auction.awaiting_payment? || auction.payment_received?
        update!(json: { name: auction.domain,
                        status: ['PendingRegistration'],
-                        disclaimer: self.class.disclaimer })
+                        disclaimer: self.class.disclaimer,
+                        registration_deadline: auction.whois_deadline })
      end
    end
  end