zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-14 00:24:44 +02:00
Code Issues Projects Releases Packages Wiki Activity

Prevent verification email from being sent when registrantChange w/ disputed pw

Browse source
This commit is contained in:
Karl Erik Õunapuu 2020-05-25 15:59:58 +03:00
parent adbc6265ec
commit e06596551c
3 changed files with 49 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/models/epp/domain.rb
View file

@ -475,13 +475,13 @@ class Epp::Domain < Domain
self.up_date = Time.zone.now
end
same_registrant_as_current = true
registrant_verification_needed = false
# registrant block may not be present, so we need this to rule out false positives
if frame.css('registrant').text.present?
same_registrant_as_current = (registrant.code == frame.css('registrant').text)
registrant_verification_needed = (registrant.code != frame.css('registrant').text)
end
if !same_registrant_as_current && disputed?
if registrant_verification_needed && disputed?
disputed_pw = frame.css('reserved > pw').text
if disputed_pw.blank?
add_epp_error('2304', nil, nil, 'Required parameter missing; reserved' \
@ -490,6 +490,7 @@ class Epp::Domain < Domain
dispute = Dispute.active.find_by(domain_name: name, password: disputed_pw)
if dispute
Dispute.close_by_domain(name)
registrant_verification_needed = false # Prevent asking current registrant confirmation
else
add_epp_error('2202', nil, nil, 'Invalid authorization information; '\
'invalid reserved>pw value')
@ -500,7 +501,7 @@ class Epp::Domain < Domain
unverified_registrant_params = frame.css('registrant').present? &&
frame.css('registrant').attr('verified').to_s.downcase != 'yes'
if !same_registrant_as_current && errors.empty? && verify &&
if registrant_verification_needed && errors.empty? && verify &&
Setting.request_confrimation_on_registrant_change_enabled &&
unverified_registrant_params
registrant_verification_asked!(frame.to_s, current_user.id) unless disputed?

2
test/fixtures/disputes.yml vendored
View file

@ -9,7 +9,7 @@ future:
starts_at: <%= Date.parse '2010-10-05' %>
expires_at: <%= Date.parse '2013-10-05' %>
expired:
domain_name: expired-dispute.test
domain_name: shop.test
password: active-001
starts_at: <%= Date.parse '2010-07-05' %>
expires_at: <%= Date.parse '2013-07-05' %>

43
test/integration/epp/domain/update/base_test.rb
View file

@ -194,6 +194,49 @@ class EppDomainUpdateBaseTest < EppTestCase
assert_no_emails
end
def test_skips_verification_when_registrant_changed_with_dispute_password
Setting.request_confrimation_on_registrant_change_enabled = true
dispute = disputes(:expired)
dispute.update!(starts_at: Time.zone.now, expires_at: Time.zone.now + 5.days, closed: nil)
new_registrant = contacts(:william)
assert @domain.disputed?
request_xml = <<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command>
<update>
<domain:update xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
<domain:name>#{@domain.name}</domain:name>
<domain:chg>
<domain:registrant>#{new_registrant.code}</domain:registrant>
</domain:chg>
</domain:update>
</update>
<extension>
<eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
<eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
<eis:reserved>
<eis:pw>#{dispute.password}</eis:pw>
</eis:reserved>
</eis:extdata>
</extension>
</command>
</epp>
XML
post epp_update_path, params: { frame: request_xml },
headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
@domain.reload
assert_epp_response :completed_successfully
assert new_registrant, @domain.registrant
assert_not @domain.registrant_verification_asked?
assert_not @domain.disputed?
assert_no_emails
end
def test_skips_verification_when_disabled
Setting.request_confrimation_on_registrant_change_enabled = false
new_registrant = contacts(:william).becomes(Registrant)