Check API whitelist IP-s when loggin into registrar with pw #2713

2025-07-20 17:55:55 +02:00 · 2015-08-14 17:34:05 +03:00 · 2015-08-14 17:34:05 +03:00 · d26dd3da98
commit d26dd3da98
parent 8bffdbf783
5 changed files with 38 additions and 17 deletions
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@ -24,6 +24,9 @@ class ApiUser < User

  attr_accessor :registrar_typeahead

+  SUPER = 'super'
+  EPP = 'epp'
+
  ROLES = %w(super epp billing) # should not match to admin roles

  def ability
@ -41,6 +44,10 @@ class ApiUser < User
    @registrar_typeahead || registrar || nil
  end

+  def can_make_api_calls?
+    ([SUPER, EPP] & roles).any?
+  end
+
  def to_s
    username
  end
--- a/app/models/registrar.rb
+++ b/app/models/registrar.rb
@ -45,8 +45,8 @@ class Registrar < ActiveRecord::Base
    end
  end

-  validates :email, :billing_email, 
-    email_format: { message: :invalid }, 
+  validates :email, :billing_email,
+    email_format: { message: :invalid },
    allow_blank: true, if: proc { |c| c.email_changed? }

  WHOIS_TRIGGERS = %w(name email phone street city state zip)
@ -165,15 +165,11 @@ class Registrar < ActiveRecord::Base

  def api_ip_white?(ip)
    return true unless Setting.api_ip_whitelist_enabled
-    white_ips.api.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
+    white_ips.api.pluck(:ipv4, :ipv6).flatten.include?(ip)
  end

  def registrar_ip_white?(ip)
    return true unless Setting.registrar_ip_whitelist_enabled
-    white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
-  end
-
-  def global_ip_white?(ip)
-    white_ips.global.pluck(:ipv4, :ipv6).flatten.include?(ip)
+    white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip)
  end
 end
--- a/app/models/white_ip.rb
+++ b/app/models/white_ip.rb
@ -15,12 +15,10 @@ class WhiteIp < ActiveRecord::Base

  API = 'api'
  REGISTRAR = 'registrar'
-  GLOBAL = 'global'
-  INTERFACES = [GLOBAL, API, REGISTRAR]
+  INTERFACES = [API, REGISTRAR]

  scope :api, -> { where(interface: API) }
  scope :registrar, -> { where(interface: REGISTRAR) }
-  scope :global, -> { where(interface: GLOBAL) }

  class << self
    def registrar_ip_white?(ip)
@ -28,9 +26,7 @@ class WhiteIp < ActiveRecord::Base

      at = WhiteIp.arel_table
      WhiteIp.where(
-        at[:interface].eq(REGISTRAR).or(
-          at[:interface].eq(GLOBAL)
-        ).and(
+        at[:interface].eq(REGISTRAR).and(
          at[:ipv4].eq(ip)
        )
      ).any?