From e11607cdc40aff93ba91c0daf8b9c911b384d799 Mon Sep 17 00:00:00 2001
From: Priit Tark <priit@gitlab.eu>
Date: Tue, 10 Mar 2015 17:36:44 +0200
Subject: [PATCH] contact info should always return something

---
 app/models/ability.rb                   |  7 +++++--
 app/views/epp/contacts/info.xml.builder | 26 ++++++++++++++-----------
 spec/epp/contact_spec.rb                | 16 ++++++++++++---
 3 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/app/models/ability.rb b/app/models/ability.rb
index d8915dc40..3e7105692 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -16,15 +16,17 @@ class Ability
     can :show, :dashboard
   end
 
+  # rubocop: disable Metrics/CyclomaticComplexity
   def epp
     # Epp::Contact
-    can(:info,   Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
+    can(:info, Epp::Contact)
+    can(:view_full_info, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
     can(:check,  Epp::Contact)
     can(:create, Epp::Contact)
     can(:update, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id && c.auth_info == pw }
     can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id && c.auth_info == pw }
     can(:renew,  Epp::Contact)
-    can(:view_password, Epp::Contact) { |c| c.registrar_id == @user.registrar_id }
+    can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
 
     # Epp::Domain
     can(:info,     Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw }
@@ -34,6 +36,7 @@ class Ability
     can(:update,   Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.auth_info == pw }
     can(:transfer, Epp::Domain) { |d, pw| d.auth_info == pw }
   end
+  # rubocop: enabled Metrics/CyclomaticComplexity
 
   def user
     can :show, :dashboard
diff --git a/app/views/epp/contacts/info.xml.builder b/app/views/epp/contacts/info.xml.builder
index 2cd7114c5..8d86c51b8 100644
--- a/app/views/epp/contacts/info.xml.builder
+++ b/app/views/epp/contacts/info.xml.builder
@@ -7,19 +7,23 @@ xml.epp_head do
     xml.resData do
       xml.tag!('contact:infData', 'xmlns:contact' => 'urn:ietf:params:xml:ns:contact-1.0') do
         xml.tag!('contact:id', @contact.code)
-        xml.tag!('contact:voice', @contact.phone)
-        xml.tag!('contact:email', @contact.email)
-        xml.tag!('contact:fax', @contact.fax) if @contact.fax.present?
+        if can? :view_full_info, @contact, @password
+          xml.tag!('contact:voice', @contact.phone)
+          xml.tag!('contact:email', @contact.email)
+          xml.tag!('contact:fax', @contact.fax) if @contact.fax.present?
+        end
 
         xml.tag!('contact:postalInfo', type: 'int') do
           xml.tag!('contact:name', @contact.name)
-          xml.tag!('contact:org', @contact.org_name) if @contact.org_name.present?
-          xml.tag!('contact:addr') do
-            xml.tag!('contact:street', @contact.street)
-            xml.tag!('contact:city', @contact.city)
-            xml.tag!('contact:pc', @contact.zip)
-            xml.tag!('contact:sp', @contact.state)
-            xml.tag!('contact:cc', @contact.country_code)
+          if can? :view_full_info, @contact, @password
+            xml.tag!('contact:org', @contact.org_name) if @contact.org_name.present?
+            xml.tag!('contact:addr') do
+              xml.tag!('contact:street', @contact.street)
+              xml.tag!('contact:city', @contact.city)
+              xml.tag!('contact:pc', @contact.zip)
+              xml.tag!('contact:sp', @contact.state)
+              xml.tag!('contact:cc', @contact.country_code)
+            end
           end
         end
 
@@ -32,7 +36,7 @@ xml.epp_head do
         end
         xml.tag!('contact:ident', @contact.ident, type: @contact.ident_type, cc: @contact.ident_country_code)
         # xml.tag!('contact:trDate', '123') if false
-        if can? :view_password, @contact
+        if can? :view_password, @contact, @password
           xml.tag!('contact:authInfo') do
            xml.tag!('contact:pw', @contact.auth_info)
           end
diff --git a/spec/epp/contact_spec.rb b/spec/epp/contact_spec.rb
index 8042e5d60..1e6ab1be5 100644
--- a/spec/epp/contact_spec.rb
+++ b/spec/epp/contact_spec.rb
@@ -444,15 +444,25 @@ describe 'EPP Contact', epp: true do
           response[:msg].should == 'Command completed successfully'
           response[:result_code].should == '1000'
           response[:results].count.should == 1
+
+          contact = response[:parsed].css('resData infData')
+          contact.css('postalInfo addr city').first.try(:text).present?.should == true
+          contact.css('email').first.try(:text).present?.should == true
+          contact.css('voice').first.try(:text).should == '+372.12345678'
         end
       end
 
-      it 'returns authorization error for wrong user and wrong pw' do
+      it 'returns no authorization error for wrong user and wrong pw' do
         login_as :registrar2 do
           response = info_request({ authInfo: { pw: { value: 'wrong-pw' } } })
-          response[:msg].should == 'Authorization error'
-          response[:result_code].should == '2201'
+          response[:msg].should == 'Command completed successfully'
+          response[:result_code].should == '1000'
           response[:results].count.should == 1
+
+          contact = response[:parsed].css('resData infData')
+          contact.css('postalInfo addr city').first.try(:text).should == nil
+          contact.css('email').first.try(:text).should == nil
+          contact.css('voice').first.try(:text).should == nil
         end
       end
     end