Modified registrar ip restriction

app/controllers/repp/v1/base_controller.rb

@@ -9,7 +9,7 @@ module Repp
       before_action :set_locale
       before_action :validate_webclient_ca
       before_action :validate_api_user_cert
-      before_action :check_ip_restriction
+      before_action :check_api_ip_restriction
       before_action :set_paper_trail_whodunnit
 
       private
@@ -87,24 +87,22 @@ module Repp
         render(json: @response, status: :unauthorized)
       end
 
-      def check_ip_restriction
+      def check_api_ip_restriction
-        ip = webclient_request? ? request.headers['Request-IP'] : request.ip
+        return if webclient_request?
-        return if registrar_ip_white?(ip) && webclient_request?
+        return if @current_user.registrar.api_ip_white?(request.ip)
-        return if api_ip_white?(ip) && !webclient_request?
+
+        render_unauthorized_ip_response(request.ip)
+      end
+
+      def check_registrar_ip_restriction
+        return unless webclient_request?
+
+        ip = request.headers['Request-IP']
+        return if @current_user.registrar.registrar_ip_white?(ip)
 
         render_unauthorized_ip_response(ip)
       end
 
-      def registrar_ip_white?(ip)
-        return true unless ip
-
-        @current_user.registrar.registrar_ip_white?(ip)
-      end
-
-      def api_ip_white?(ip)
-        @current_user.registrar.api_ip_white?(ip)
-      end
-
       def render_unauthorized_ip_response(ip)
         @response = { code: 2202, message: I18n.t('registrar.authorization.ip_not_allowed', ip: ip) }
         render json: @response, status: :unauthorized
@@ -162,7 +160,8 @@ module Repp
       end
 
       def skip_webclient_user_cert_validation?
-        !webclient_request? || request.headers['Requester'] == 'tara'
+        !webclient_request? || request.headers['Requester'] == 'tara' ||
+          Rails.env.development? || Rails.env.test?
       end
 
       def auth_values_to_data(registrar:)

app/controllers/repp/v1/registrar/auth_controller.rb

@@ -2,9 +2,10 @@ module Repp
   module V1
     module Registrar
       class AuthController < BaseController
+        before_action :check_registrar_ip_restriction, only: :index
         before_action :validate_webclient_user_cert, only: :index
         skip_before_action :authenticate_user, only: :tara_callback
-        skip_before_action :check_ip_restriction, only: :tara_callback
+        skip_before_action :check_api_ip_restriction, only: :tara_callback
         skip_before_action :validate_api_user_cert, only: :tara_callback
 
         THROTTLED_ACTIONS = %i[index tara_callback].freeze

config/application.yml.sample

@@ -187,6 +187,13 @@ default_response_timeout: '1'
 
 epp_sessions_per_registrar: '4'
 
+shunter_default_adapter: "Shunter::Adapters::Redis"
+shunter_enabled: "false"
+shunter_redis_host: "redis"
+shunter_redis_port: "6379"
+shunter_default_timespan: '60'
+shunter_default_threshold: '100'
+
 # Since the keys for staging are absent from the repo, we need to supply them separate for testing.
 test:
   payments_seb_bank_certificate: 'test/fixtures/files/seb_bank_cert.pem'