Merge branch '269-dispute-list' of https://github.com/internetee/registry into 269-dispute-list

This commit is contained in:
Karl Erik Õunapuu 2020-05-15 17:58:19 +03:00
commit cb18d1dbb1
17 changed files with 136 additions and 44 deletions

View file

@ -30,7 +30,8 @@ module Repp
webclient_cert_name = ENV['webclient_cert_common_name'] || 'webclient'
error! "Webclient #{message} #{webclient_cert_name}", 401 if webclient_cert_name != request_name
else
unless @current_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
unless @current_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
request.env['HTTP_SSL_CLIENT_S_DN_CN'])
error! "#{message} #{@current_user.username}", 401
end
end

View file

@ -30,6 +30,8 @@ module Api
raise "Invalid status #{params[:status]}"
end
auction.mark_deadline(params[:registration_deadline]) if params[:registration_deadline]
if auction.payment_not_received? || auction.domain_not_registered?
update_whois_from_auction(Auction.pending(auction.domain))
else

View file

@ -26,7 +26,8 @@ module Epp
end
if !Rails.env.development? && (!webclient_request && @api_user)
unless @api_user.api_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
request.env['HTTP_SSL_CLIENT_S_DN_CN'])
epp_errors << {
msg: 'Authentication error; server closing connection (certificate is not valid)',
code: '2501'

View file

@ -31,7 +31,8 @@ class Registrar
end
if @depp_user.pki
unless @api_user.registrar_pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'], request.env['HTTP_SSL_CLIENT_S_DN_CN'])
unless @api_user.pki_ok?(request.env['HTTP_SSL_CLIENT_CERT'],
request.env['HTTP_SSL_CLIENT_S_DN_CN'], api: false)
@depp_user.errors.add(:base, :invalid_cert)
end
end
@ -205,4 +206,4 @@ class Registrar
redirect_to new_registrar_user_session_url, alert: @depp_user.errors.full_messages.first
end
end
end
end

View file

@ -64,24 +64,14 @@ class ApiUser < User
registrar.notifications.unread
end
def registrar_pki_ok?(crt, cn)
return false if crt.blank? || cn.blank?
crt = crt.split(' ').join("\n")
crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
cert = OpenSSL::X509::Certificate.new(crt)
md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
certificates.registrar.exists?(md5: md5, common_name: cn)
end
def pki_ok?(crt, com, api: true)
return false if crt.blank? || com.blank?
def api_pki_ok?(crt, cn)
return false if crt.blank? || cn.blank?
crt = crt.split(' ').join("\n")
crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
cert = OpenSSL::X509::Certificate.new(crt)
origin = api ? certificates.api : certificates.registrar
cert = machine_readable_certificate(crt)
md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
certificates.api.exists?(md5: md5, common_name: cn)
origin.exists?(md5: md5, common_name: com, revoked: false)
end
def linked_users
@ -93,4 +83,14 @@ class ApiUser < User
def linked_with?(another_api_user)
another_api_user.identity_code == self.identity_code
end
private
def machine_readable_certificate(cert)
cert = cert.split(' ').join("\n")
cert.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
cert.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
OpenSSL::X509::Certificate.new(cert)
end
end

View file

@ -23,10 +23,19 @@ class Auction < ApplicationRecord
save!
end
def whois_deadline
registration_deadline.to_s
end
def mark_as_no_bids
no_bids!
end
def mark_deadline(registration_deadline)
self.registration_deadline = registration_deadline
save!
end
def mark_as_payment_received
self.status = self.class.statuses[:payment_received]
generate_registration_code
@ -69,4 +78,4 @@ class Auction < ApplicationRecord
def registration_code_matches?(code)
registration_code == code
end
end
end

View file

@ -32,20 +32,21 @@ class Certificate < ApplicationRecord
errors.add(:base, I18n.t(:invalid_csr_or_crt))
end
before_create :parse_metadata
def parse_metadata
if crt
pc = parsed_crt.try(:subject).try(:to_s) || ''
cn = pc.scan(/\/CN=(.+)/).flatten.first
self.common_name = cn.split('/').first
self.md5 = OpenSSL::Digest::MD5.new(parsed_crt.to_der).to_s
self.interface = API
elsif csr
pc = parsed_csr.try(:subject).try(:to_s) || ''
cn = pc.scan(/\/CN=(.+)/).flatten.first
self.common_name = cn.split('/').first
self.interface = REGISTRAR
end
validate :assign_metadata, on: :create
def assign_metadata
origin = crt ? parsed_crt : parsed_csr
parse_metadata(origin)
rescue NoMethodError
errors.add(:base, I18n.t(:invalid_csr_or_crt))
end
def parse_metadata(origin)
pc = origin.subject.to_s
cn = pc.scan(%r{\/CN=(.+)}).flatten.first
self.common_name = cn.split('/').first
self.md5 = OpenSSL::Digest::MD5.new(origin.to_der).to_s if crt
self.interface = crt ? API : REGISTRAR
end
def parsed_crt
@ -116,6 +117,7 @@ class Certificate < ApplicationRecord
-revoke #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
if err.match(/Data Base Updated/) || err.match(/ERROR:Already revoked/)
self.revoked = true
save!
@cached_status = REVOKED
else

View file

@ -70,7 +70,8 @@ module Versions
valid_columns = ver.item_type.constantize&.column_names
o = new(ver.object&.slice(*valid_columns))
o.version_loader = ver
ver.object_changes.to_h.each { |k, v| o.public_send("#{k}=", v[-1]) }
changes = ver.object_changes.to_h&.slice(*valid_columns)
changes.each { |k, v| o.public_send("#{k}=", v[-1]) }
o
end
not_in_history = where(id: (ids.to_a - from_history.map(&:id)))

View file

@ -16,7 +16,8 @@ module Whois
elsif auction.awaiting_payment? || auction.payment_received?
update!(json: { name: auction.domain,
status: ['PendingRegistration'],
disclaimer: self.class.disclaimer })
disclaimer: self.class.disclaimer,
registration_deadline: auction.whois_deadline })
end
end
end