Registrant change now requires EPP verify attribute

app/controllers/epp/domains_controller.rb

@@ -34,8 +34,8 @@ class Epp::DomainsController < EppController
     authorize! :update, @domain, @password
 
     if @domain.update(params[:parsed_frame], current_user)
-      if @domain.pending_update?
-        render_epp_response '/epp/domains/success_pending'
+      if @domain.epp_pending_update.present?
+        render_epp_response '/epp/shared/success_pending'
       else
         render_epp_response '/epp/domains/success'
       end

app/controllers/epp_controller.rb

@@ -9,6 +9,7 @@ class EppController < ApplicationController
 
   rescue_from CanCan::AccessDenied do |_exception|
     @errors ||= []
+
     if @errors.blank?
       @errors = [{
         msg: t('errors.messages.epp_authorization_error'),
@@ -50,6 +51,7 @@ class EppController < ApplicationController
 
   def handle_errors(obj = nil)
     @errors ||= []
+
     if obj
       obj.construct_epp_errors
       @errors += obj.errors[:epp_errors]

app/controllers/registrant/domain_update_confirms_controller.rb

@@ -4,11 +4,7 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController
 
   def show
     @domain = Domain.find(params[:id])
-    
-    # if @domain.present? && params[:token].present? && @domain.registrant_verification_token == params[:token]
-    # else 
-      # @domain = nil
-    # end
+    @domain = nil unless @domain.registrant_update_confirmable?(params[:token])
   end
 
   def create

app/mailers/domain_mailer.rb

@@ -2,10 +2,17 @@ class DomainMailer < ApplicationMailer
   def registrant_updated(domain)
     @domain = domain
     return if Rails.env.production? ? false : !TEST_EMAILS.include?(@domain.registrant_email)
+
     # turn on delivery on specific request only, thus rake tasks does not deliver anything
     return if @domain.deliver_emails != true
+
     if @domain.registrant_verification_token.blank?
-      logger.warn "EMAIL DID NOT DELIVERED: registrant_verification_token is missing for #{@domain.name}"
+      logger.warn "EMAIL NOT DELIVERED: registrant_verification_token is missing for #{@domain.name}"
+      return
+    end
+
+    if @domain.registrant_verification_asked_at.blank?
+      logger.warn "EMAIL NOT DELIVERED: registrant_verification_asked_at is missing for #{@domain.name}"
       return
     end
 

app/models/domain.rb

@@ -18,7 +18,6 @@ class Domain < ActiveRecord::Base
   has_many :contacts, through: :domain_contacts, source: :contact
   has_many :admin_contacts, through: :admin_domain_contacts, source: :contact
   has_many :tech_contacts, through: :tech_domain_contacts, source: :contact
-
   has_many :nameservers, dependent: :destroy
 
   accepts_nested_attributes_for :nameservers, allow_destroy: true,
@@ -59,10 +58,7 @@ class Domain < ActiveRecord::Base
   before_update :manage_statuses
   def manage_statuses
     return unless registrant_id_changed?
-    if registrant_verification_asked_at.present?
-      domain_statuses.build(value: DomainStatus::PENDING_UPDATE)
-      DomainMailer.registrant_updated(self).deliver_now
-    end
+    pending_update! if registrant_verification_asked?
     true
   end
 
@@ -121,7 +117,7 @@ class Domain < ActiveRecord::Base
 
   validate :validate_nameserver_ips
 
-  attr_accessor :registrant_typeahead, :update_me, :deliver_emails
+  attr_accessor :registrant_typeahead, :update_me, :deliver_emails, :epp_pending_update
 
   def subordinate_nameservers
     nameservers.select { |x| x.hostname.end_with?(name) }
@@ -177,7 +173,38 @@ class Domain < ActiveRecord::Base
       #{DomainStatus::PENDING_UPDATE}
     )).present?
   end
-  alias_method :update_pending?, :pending_update?
+
+  def pending_update!
+    return true if pending_update?
+    self.epp_pending_update = true # for handling epp errors correctly
+
+    return true unless registrant_verification_asked?
+    pending_json_cache = all_changes
+    DomainMailer.registrant_updated(self).deliver_now
+
+    reload # revert back to original
+
+    self.pending_json = pending_json_cache
+    domain_statuses.create(value: DomainStatus::PENDING_UPDATE)
+  end
+
+  def registrant_update_confirmable?(token)
+    return false unless pending_update?
+    return false if registrant_verification_token.blank?
+    return false if registrant_verification_asked_at.blank?
+    return false if token.blank?
+    return false if registrant_verification_token != token
+    true
+  end
+
+  def registrant_verification_asked?
+    registrant_verification_asked_at.present? && registrant_verification_token.present?
+  end
+
+  def registrant_verification_asked!
+    self.registrant_verification_asked_at = Time.zone.now
+    self.registrant_verification_token = SecureRandom.hex(42)
+  end
 
   ### VALIDATIONS ###
 
@@ -266,6 +293,10 @@ class Domain < ActiveRecord::Base
     log
   end
 
+  def all_changes
+    changes
+  end
+
   def update_whois_record
     whois_record.blank? ? create_whois_record : whois_record.save
   end

app/models/epp/domain.rb

@@ -2,9 +2,9 @@
 class Epp::Domain < Domain
   include EppErrors
 
-  before_update :manage_permissions
+  before_validation :manage_permissions
   def manage_permissions
-    return unless update_pending?
+    return unless pending_update?
     add_epp_error('2304', nil, nil, I18n.t(:object_status_prohibits_operation))
     false
   end
@@ -95,9 +95,7 @@ class Epp::Domain < Domain
       regt = Registrant.find_by(code: code)
       if regt
         at[:registrant_id] = regt.id
-        delivery_date = frame.css('registrant').attr('verified').to_s.downcase == 'yes' ? nil : Time.zone.now
-        at[:registrant_verification_asked_at] = delivery_date
-        at[:registrant_verification_token] = SecureRandom.hex(42)
+        registrant_verification_asked! if frame.css('registrant').attr('verified').to_s.downcase != 'yes'
       else
         add_epp_error('2303', 'registrant', code, [:registrant, :not_found])
       end

app/models/pending.rb

@@ -0,0 +1,3 @@
+class Pending < ActiveRecord::Base
+  belongs_to :domain
+end

app/models/registrant_verification.rb

@@ -0,0 +1,5 @@
+# Used in Registrant portal to collect registrant verifications
+# Registrant postgres user can access this table directly.
+class RegistrantVerification < ActiveRecord::Base
+  validates :verification_token, :domain_name, presence: true
+end

app/views/epp/shared/success_pending.xml.builder

@@ -0,0 +1,9 @@
+xml.epp_head do
+  xml.response do
+    xml.result('code' => '1001') do
+      xml.msg 'Command completed successfully; action pending'
+    end
+  end
+
+  xml << render('/epp/shared/trID')
+end

app/views/registrant/domain_update_confirms/show.haml

@@ -1,2 +1,4 @@
-- if @domain.blank?
-  %h1= t(:not_valid_domain_verification)
+- if @domain.present?
+- else
+  %h1= t(:not_valid_domain_verification_title).html_safe
+  %p=  t(:not_valid_domain_verification_body).html_safe