diff --git a/app/controllers/repp/v1/base_controller.rb b/app/controllers/repp/v1/base_controller.rb
index b12addd0f..1c6119422 100644
--- a/app/controllers/repp/v1/base_controller.rb
+++ b/app/controllers/repp/v1/base_controller.rb
@@ -130,6 +130,11 @@ module Repp
render(json: @response, status: :unauthorized)
end
+ def render_unauthorized_response
+ @response = { code: 2202, message: I18n.t('registrar.authorization.ip_not_allowed', ip: request.ip) }
+ render json: @response, status: :unauthorized
+ end
+
def webclient_request?
return false if Rails.env.test? || Rails.env.development?
@@ -144,8 +149,7 @@ module Repp
webclient_cn = ENV['webclient_cert_common_name'] || 'webclient'
return if request_name == webclient_cn
- @response = { code: 2202,
- message: I18n.t('registrar.authorization.ip_not_allowed', ip: request.ip) }
+ @response = { code: 2202, message: 'Invalid webclient certificate' }
render(json: @response, status: :unauthorized)
end
diff --git a/app/controllers/repp/v1/white_ips_controller.rb b/app/controllers/repp/v1/white_ips_controller.rb
index 93b9ef155..4cc5fec04 100644
--- a/app/controllers/repp/v1/white_ips_controller.rb
+++ b/app/controllers/repp/v1/white_ips_controller.rb
@@ -31,28 +31,34 @@ module Repp
return
end
+ notify_admins if @white_ip.interfaces.include? WhiteIp::API
render_success(data: { ip: { id: @white_ip.id } })
end
api :PUT, '/repp/v1/white_ips/:id'
desc 'Update whitelisted IP address'
def update
+ api = @white_ip.interfaces.include? WhiteIp::API
unless @white_ip.update(white_ip_params)
handle_non_epp_errors(@white_ip)
return
end
+ notify_admins if @white_ip.interfaces.include? WhiteIp::API
+ notify_admins if api && !@white_ip.interfaces.include?(WhiteIp::API)
render_success(data: { ip: { id: @white_ip.id } })
end
api :DELETE, '/repp/v1/white_ips/:id'
desc 'Delete a specific whitelisted IP address'
def destroy
+ ip = @white_ip
unless @white_ip.destroy
handle_non_epp_errors(@white_ip)
return
end
+ notify_admins(ip: ip, action: 'deleted') if ip.interfaces.include?(WhiteIp::API)
render_success
end
@@ -65,6 +71,19 @@ module Repp
def white_ip_params
params.require(:white_ip).permit(:address, interfaces: [])
end
+
+ def notify_admins(ip: @white_ip, action: 'updated')
+ admin_users_emails = User.admin.pluck(:email).reject(&:blank?)
+
+ return if admin_users_emails.empty?
+
+ admin_users_emails.each do |email|
+ WhiteIpMailer.with(email: email, api_user: current_user,
+ white_ip: ip)
+ .send("api_ip_address_#{action}")
+ .deliver_now
+ end
+ end
end
end
end
diff --git a/app/mailers/white_ip_mailer.rb b/app/mailers/white_ip_mailer.rb
new file mode 100644
index 000000000..61914fb9a
--- /dev/null
+++ b/app/mailers/white_ip_mailer.rb
@@ -0,0 +1,17 @@
+class WhiteIpMailer < ApplicationMailer
+ def api_ip_address_updated
+ email = params[:email]
+ @api_user = params[:api_user]
+ @white_ip = params[:white_ip]
+ subject = '[Important] Whitelisted IP Address Change Notification'
+ mail(to: email, subject: subject)
+ end
+
+ def api_ip_address_deleted
+ email = params[:email]
+ @api_user = params[:api_user]
+ @white_ip = params[:white_ip]
+ subject = '[Important] Whitelisted IP Address Removal Notification'
+ mail(to: email, subject: subject)
+ end
+end
diff --git a/app/models/white_ip.rb b/app/models/white_ip.rb
index 18004e8b5..02840263f 100644
--- a/app/models/white_ip.rb
+++ b/app/models/white_ip.rb
@@ -7,8 +7,6 @@ class WhiteIp < ApplicationRecord
attr_accessor :address
validate :validate_address_format
- validates :ipv4, uniqueness: { scope: :registrar_id }, if: :ipv4?
- validates :ipv6, uniqueness: { scope: :registrar_id }, if: :ipv6?
validate :validate_only_one_ip
validate :valid_ipv4?
validate :valid_ipv6?
@@ -68,7 +66,7 @@ class WhiteIp < ApplicationRecord
API = 'api'.freeze
REGISTRAR = 'registrar'.freeze
- INTERFACES = [API, REGISTRAR].freeze
+ INTERFACES = [REGISTRAR, API].freeze
scope :api, -> { where('interfaces @> ?::varchar[]', "{#{API}}") }
scope :registrar_area, -> { where('interfaces @> ?::varchar[]', "{#{REGISTRAR}}") }
diff --git a/app/views/mailers/white_ip_mailer/api_ip_address_deleted.html.erb b/app/views/mailers/white_ip_mailer/api_ip_address_deleted.html.erb
new file mode 100644
index 000000000..789d79bb5
--- /dev/null
+++ b/app/views/mailers/white_ip_mailer/api_ip_address_deleted.html.erb
@@ -0,0 +1,9 @@
+This email is to inform you that an API Whitelisted IP address was deleted by Registrar Portal API user. Please review the details below:
+
+
+ - API User: <%= @api_user.username %>
+ - IP Address: <%= @white_ip.ipv4.presence || @white_ip.ipv6 %>
+ - Interface: <%= @white_ip.interfaces.join(', ') %>
+
+
+Please take the necessary actions to ensure the security and integrity of the application's API access.
diff --git a/app/views/mailers/white_ip_mailer/api_ip_address_deleted.text.erb b/app/views/mailers/white_ip_mailer/api_ip_address_deleted.text.erb
new file mode 100644
index 000000000..d7554c703
--- /dev/null
+++ b/app/views/mailers/white_ip_mailer/api_ip_address_deleted.text.erb
@@ -0,0 +1,7 @@
+This email is to inform you about an API Whitelisted IP address change by Registrar Portal API user. Please review the details below:
+
+API User: <%= @api_user.username %>
+IP Address: <%= @white_ip.ipv4.presence || @white_ip.ipv6 %>
+Interface: <%= @white_ip.interfaces.join(', ') %>
+
+Please take the necessary actions to ensure the security and integrity of the application's API access.
diff --git a/app/views/mailers/white_ip_mailer/api_ip_address_updated.html.erb b/app/views/mailers/white_ip_mailer/api_ip_address_updated.html.erb
new file mode 100644
index 000000000..3e71d3253
--- /dev/null
+++ b/app/views/mailers/white_ip_mailer/api_ip_address_updated.html.erb
@@ -0,0 +1,9 @@
+This email is to inform you about an API Whitelisted IP address change by Registrar Portal API user. Please review the details below:
+
+
+ - API User: <%= @api_user.username %>
+ - IP Address: <%= @white_ip.ipv4.presence || @white_ip.ipv6 %>
+ - Interface: <%= @white_ip.interfaces.join(', ') %>
+
+
+Please take the necessary actions to ensure the security and integrity of the application's API access.
diff --git a/app/views/mailers/white_ip_mailer/api_ip_address_updated.text.erb b/app/views/mailers/white_ip_mailer/api_ip_address_updated.text.erb
new file mode 100644
index 000000000..d7554c703
--- /dev/null
+++ b/app/views/mailers/white_ip_mailer/api_ip_address_updated.text.erb
@@ -0,0 +1,7 @@
+This email is to inform you about an API Whitelisted IP address change by Registrar Portal API user. Please review the details below:
+
+API User: <%= @api_user.username %>
+IP Address: <%= @white_ip.ipv4.presence || @white_ip.ipv6 %>
+Interface: <%= @white_ip.interfaces.join(', ') %>
+
+Please take the necessary actions to ensure the security and integrity of the application's API access.
diff --git a/config/locales/et.yml b/config/locales/et.yml
index 428e3cafc..651f5ff83 100644
--- a/config/locales/et.yml
+++ b/config/locales/et.yml
@@ -2,6 +2,14 @@ et:
username: 'Kasutajanimi'
password: 'Parool'
+ time:
+ formats:
+ default: "%Y-%m-%d %H:%M"
+ long: "%A, %e. %B %Y, %H:%M"
+ short: "%d.%m.%y, %H:%M"
+ date: "%Y-%m-%d"
+ date_long: "%d. %B %Y"
+ filename: "%Y-%m-%d_%H.%M"
date:
month_names:
[~, Jaanuar, Veebruar, Märts, April, Mai, Juuni, Juuli, August, September, Oktoober, November, Detsember]
diff --git a/test/integration/repp/v1/white_ips/create_test.rb b/test/integration/repp/v1/white_ips/create_test.rb
index 7cda9affa..326edbdfe 100644
--- a/test/integration/repp/v1/white_ips/create_test.rb
+++ b/test/integration/repp/v1/white_ips/create_test.rb
@@ -48,22 +48,6 @@ class ReppV1WhiteIpsCreateTest < ActionDispatch::IntegrationTest
assert json[:message].include? 'IP address limit exceeded'
end
- def test_validates_ip_uniqueness_per_registrar
- white_ip = white_ips(:one)
- request_body = {
- white_ip: {
- address: white_ip.ipv4,
- interfaces: ['API'],
- },
- }
-
- post '/repp/v1/white_ips', headers: @auth_headers, params: request_body
- json = JSON.parse(response.body, symbolize_names: true)
-
- assert_response :bad_request
- assert json[:message].include? 'IPv4 has already been taken'
- end
-
def test_returns_error_response_if_throttled
ENV['shunter_default_threshold'] = '1'
ENV['shunter_enabled'] = 'true'