Modified registrar ip restriction

2025-07-28 13:36:15 +02:00 · 2023-08-04 11:59:40 +03:00 · 2023-08-04 11:59:40 +03:00 · d150c1bc3d
commit d150c1bc3d
parent 597766dba0
3 changed files with 24 additions and 17 deletions
--- a/app/controllers/repp/v1/base_controller.rb
+++ b/app/controllers/repp/v1/base_controller.rb
@ -9,7 +9,7 @@ module Repp
      before_action :set_locale
      before_action :validate_webclient_ca
      before_action :validate_api_user_cert
-      before_action :check_ip_restriction
+      before_action :check_api_ip_restriction
      before_action :set_paper_trail_whodunnit

      private
@ -87,24 +87,22 @@ module Repp
        render(json: @response, status: :unauthorized)
      end

-      def check_ip_restriction
-        ip = webclient_request? ? request.headers['Request-IP'] : request.ip
-        return if registrar_ip_white?(ip) && webclient_request?
-        return if api_ip_white?(ip) && !webclient_request?
+      def check_api_ip_restriction
+        return if webclient_request?
+        return if @current_user.registrar.api_ip_white?(request.ip)
+
+        render_unauthorized_ip_response(request.ip)
+      end
+
+      def check_registrar_ip_restriction
+        return unless webclient_request?
+
+        ip = request.headers['Request-IP']
+        return if @current_user.registrar.registrar_ip_white?(ip)

        render_unauthorized_ip_response(ip)
      end

-      def registrar_ip_white?(ip)
-        return true unless ip
-
-        @current_user.registrar.registrar_ip_white?(ip)
-      end
-
-      def api_ip_white?(ip)
-        @current_user.registrar.api_ip_white?(ip)
-      end
-
      def render_unauthorized_ip_response(ip)
        @response = { code: 2202, message: I18n.t('registrar.authorization.ip_not_allowed', ip: ip) }
        render json: @response, status: :unauthorized
@ -162,7 +160,8 @@ module Repp
      end

      def skip_webclient_user_cert_validation?
-        !webclient_request? || request.headers['Requester'] == 'tara'
+        !webclient_request? || request.headers['Requester'] == 'tara' ||
+          Rails.env.development? || Rails.env.test?
      end

      def auth_values_to_data(registrar:)