Merge branch 'master' of github.com:domify/registry

app/controllers/epp/sessions_controller.rb

@@ -56,6 +56,15 @@ class Epp::SessionsController < EppController
       success = false
     end
 
+    if success && @api_user.cannot?(:create, :epp_login)
+      epp_errors << {
+        msg: 'Authentication error; server closing connection (API user does not have epp role)',
+        code: '2501'
+      }
+
+      success = false
+    end
+
     if success && !ip_white?
       epp_errors << {
         msg: 'Authentication error; server closing connection (IP is not whitelisted)',
@@ -105,7 +114,7 @@ class Epp::SessionsController < EppController
   end
 
   def connection_limit_ok?
-    return true if Rails.env.test?
+    return true if Rails.env.test? || Rails.env.development?
     c = EppSession.where(
       'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes
     ).count

app/controllers/registrar/sessions_controller.rb

@@ -71,7 +71,7 @@ class Registrar::SessionsController < Devise::SessionsController
         redirect_to :back and return
       end
 
-      if @api_user.can_make_api_calls?
+      if @api_user.can?(:create, :epp_login)
         unless @api_user.registrar.api_ip_white?(request.ip)
           flash[:alert] = I18n.t(:ip_is_not_whitelisted)
           redirect_to :back and return

app/controllers/registrar_controller.rb

@@ -18,14 +18,14 @@ class RegistrarController < ApplicationController
       return
     end
     return if Rails.env.development?
-    riw = current_user.registrar.registrar_ip_white?(request.ip)
+    registrar_ip_whitelisted = current_user.registrar.registrar_ip_white?(request.ip)
 
-    aiw = true
-    if current_user.can_make_api_calls?
-      aiw = current_user.registrar.api_ip_white?(request.ip)
+    api_ip_whitelisted = true
+    if current_user.can?(:create, :epp_request)
+      api_ip_whitelisted = current_user.registrar.api_ip_white?(request.ip)
     end
 
-    return if riw && aiw
+    return if registrar_ip_whitelisted && api_ip_whitelisted
     flash[:alert] = t('ip_is_not_whitelisted')
     sign_out(current_user)
     redirect_to registrar_login_path and return

app/mailers/domain_mailer.rb

@@ -73,8 +73,8 @@ class DomainMailer < ApplicationMailer
     @domain = domain
     # no delivery off control, driggered by que, no epp request
 
-    @new_registrant_email = @domain.pending_json[:new_registrant_email] 
-    @new_registrant_name  = @domain.pending_json[:new_registrant_name] 
+    @new_registrant_email = @domain.pending_json['new_registrant_email'] 
+    @new_registrant_name  = @domain.pending_json['new_registrant_name'] 
 
     return if whitelist_blocked?(@new_registrant_email)
     mail(to: @new_registrant_email,
@@ -86,8 +86,8 @@ class DomainMailer < ApplicationMailer
     @domain = domain
     # no delivery off control, driggered by cron, no epp request
 
-    @new_registrant_email = @domain.pending_json[:new_registrant_email] 
-    @new_registrant_name  = @domain.pending_json[:new_registrant_name] 
+    @new_registrant_email = @domain.pending_json['new_registrant_email'] 
+    @new_registrant_name  = @domain.pending_json['new_registrant_name'] 
 
     return if whitelist_blocked?(@new_registrant_email)
     if @new_registrant_email.blank?

app/models/ability.rb

@@ -24,7 +24,26 @@ class Ability
     can :create, :registrant_domain_update_confirm
   end
 
-  def static_epp
+  #
+  # User roles
+  #
+
+  def super # Registrar/api_user dynamic role
+    static_registrar
+    epp
+    billing
+  end
+
+  def epp # Registrar/api_user dynamic role
+    static_registrar
+
+    # REPP
+    can(:manage, :repp)
+
+    # EPP
+    can(:create, :epp_login) # billing can establis epp connection in order to login
+    can(:create, :epp_request)
+
     # Epp::Domain
     can(:info,     Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw }
     can(:check,    Epp::Domain)
@@ -44,66 +63,24 @@ class Ability
     can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
     can(:renew,  Epp::Contact)
     can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
-
-    # REPP
-    can(:manage, :repp)
   end
 
-  def static_registrar
-    can :manage, Nameserver
-    can :view, :registrar_dashboard
-    can :delete, :registrar_poll
-    can :manage, :registrar_xml_console
-    can :manage, Depp::Contact
-    can :manage, Depp::Domain
-    can :renew,  Depp::Domain
-    can :transfer, Depp::Domain
-    can :manage, Depp::Keyrelay
-    can :confirm, :keyrelay
-    can :confirm, :transfer
-  end
-
-  def static_registrant
-    can :manage, :registrant_domains
-    can :manage, :registrant_whois
-    can :manage, Depp::Domain
-  end
-
-  def user
-    can :show, :dashboard
-  end
-
-  # Registrar/api_user dynamic role
-  def super
-    static_registrar
-    billing
-    epp
-  end
-
-  # Registrar/api_user dynamic role
-  def epp
-    static_registrar
-    static_epp
-  end
-
-  # Registrar/api_user dynamic role
-  def billing
+  def billing # Registrar/api_user dynamic role
     can :view, :registrar_dashboard
     can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id }
     can :manage, :deposit
     can :read, AccountActivity
+    can(:create, :epp_login) # billing can establis epp connection in order to login
   end
 
-  # Admin/admin_user dynamic role
-  def customer_service
+  def customer_service # Admin/admin_user dynamic role
     user
     can :manage, Domain
     can :manage, Contact
     can :manage, Registrar
   end
 
-  # Admin/admin_user dynamic role
-  def admin
+  def admin # Admin/admin_user dynamic role
     customer_service
     can :manage, Setting
     can :manage, BlockedDomain
@@ -128,6 +105,34 @@ class Ability
     can :create, :zonefile
     can :access, :settings_menu
   end
+
+  #
+  # Static roles, linked from dynamic roles
+  #
+  def static_registrar
+    can :manage, Nameserver
+    can :view, :registrar_dashboard
+    can :delete, :registrar_poll
+    can :manage, :registrar_xml_console
+    can :manage, Depp::Contact
+    can :manage, Depp::Domain
+    can :renew,  Depp::Domain
+    can :transfer, Depp::Domain
+    can :manage, Depp::Keyrelay
+    can :confirm, :keyrelay
+    can :confirm, :transfer
+  end
+
+  def static_registrant
+    can :manage, :registrant_domains
+    can :manage, :registrant_whois
+    can :manage, Depp::Domain
+  end
+
+  def user
+    can :show, :dashboard
+  end
+
   # rubocop: enable Metrics/LineLength
   # rubocop: enable Metrics/CyclomaticComplexity
   # rubocop: enable Metrics/PerceivedComplexity

app/models/api_user.rb

@@ -40,12 +40,22 @@ class ApiUser < User
     self.active = true unless active_changed?
   end
 
-  def registrar_typeahead
-    @registrar_typeahead || registrar || nil
+  class << self
+    def find_by_idc_data(idc_data)
+      return false if idc_data.blank?
+      identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first
+
+      find_by(identity_code: identity_code)
+    end
+
+    def all_by_identity_code(identity_code)
+      ApiUser.where(identity_code: identity_code)
+        .where("identity_code is NOT NULL and identity_code != ''").includes(:registrar)
+    end
   end
 
-  def can_make_api_calls?
-    ([SUPER, EPP] & roles).any?
+  def registrar_typeahead
+    @registrar_typeahead || registrar || nil
   end
 
   def to_s
@@ -75,13 +85,4 @@ class ApiUser < User
     md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
     certificates.api.exists?(md5: md5, common_name: cn)
   end
-
-  class << self
-    def find_by_idc_data(idc_data)
-      return false if idc_data.blank?
-      identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first
-
-      find_by(identity_code: identity_code)
-    end
-  end
 end

app/models/domain.rb

@@ -394,10 +394,10 @@ class Domain < ActiveRecord::Base
     self.registrant_verification_token = token
     self.registrant_verification_asked_at = asked_at
     set_pending_update
-    pending_json[:domain] = changes_cache
-    pending_json[:new_registrant_id]    = new_registrant_id
-    pending_json[:new_registrant_email] = new_registrant_email
-    pending_json[:new_registrant_name]  = new_registrant_name
+    pending_json['domain'] = changes_cache
+    pending_json['new_registrant_id']    = new_registrant_id
+    pending_json['new_registrant_email'] = new_registrant_email
+    pending_json['new_registrant_name']  = new_registrant_name
 
     # This pending_update! method is triggered by before_update
     # Note, all before_save callbacks are excecuted before before_update,

app/views/admin/admin_users/_form.haml

@@ -1,3 +1,10 @@
+- if @admin_user.new_record?
+  - overwrite_required = ''
+  - field_required = 'required'
+- else
+  - overwrite_required = 'not-required' # otherwise automatic one adds required
+  - field_required = ''
+
 = form_for([:admin, @admin_user], html: { class: 'form-horizontal', autocomplete: 'off' }) do |f|
   = render 'shared/full_errors', object: @admin_user
 
@@ -11,22 +18,22 @@
       - if @admin_user.new_record? || can?(:update, AdminUser)
         .form-group
           .col-md-4.control-label
-            - not_required = @admin_user.new_record? ? '' : 'not-required'
-            = f.label :password, class: not_required
+            
+            = f.label :password, class: overwrite_required
           .col-md-8
-            = f.text_field(:password, class: 'form-control')
+            = f.text_field(:password, class: "form-control #{field_required}")
         .form-group
           .col-md-4.control-label
-            = f.label :password_confirmation, class: not_required
+            = f.label :password_confirmation, class: overwrite_required
           .col-md-8
-            = f.text_field(:password_confirmation, class: 'form-control')
+            = f.text_field(:password_confirmation, class: "form-control #{field_required}")
 
       %hr
       .form-group
         .col-md-4.control-label
           = f.label :identity_code
         .col-md-8
-          = f.text_field(:identity_code, class: 'form-control')
+          = f.text_field(:identity_code, class: 'form-control required')
       .form-group
         .col-md-4.control-label
           = f.label :email
@@ -37,13 +44,15 @@
           = f.label :country_code, t(:country)
         .col-md-8
           = f.select(:country_code,
-            SortedCountry.all_options(f.object.country_code), {}, class: 'form-control')
+            SortedCountry.all_options(f.object.country_code), {}, class: 'form-control required')
       %hr
       .form-group
         .col-md-4.control-label
-          = f.label :role
+          = f.label :role, class: 'required'
         .col-md-8
-          = select_tag 'admin_user[roles][]', options_for_select(AdminUser::ROLES.map {|x| [t(x), x] }, @admin_user.roles.try(:first)), class: 'form-control selectize'
+          = select_tag 'admin_user[roles][]', 
+            options_for_select(AdminUser::ROLES.map {|x| [t(x), x] }, 
+            @admin_user.roles.try(:first)), class: 'form-control selectize'
 
   %hr
   .row

app/views/admin/api_users/_form.haml

@@ -1,3 +1,11 @@
+- if @api_user.new_record?
+  - overwrite_required = ''
+  - field_required = 'required'
+- else
+  - overwrite_required = 'not-required' # otherwise automatic one adds required
+  - field_required = ''
+
+
 = form_for([:admin, @api_user], multipart: true, 
   html: {class: 'form-horizontal', autocomplete: 'off'}) do |f|
   = render 'shared/full_errors', object: @api_user
@@ -11,16 +19,16 @@
           = f.text_field(:username, class: 'form-control')
       .form-group
         .col-md-4.control-label
-          - not_required = @api_user.new_record? ? '' : 'not-required'
-          = f.label :password, class: not_required
+          = f.label :password, class: overwrite_required
         .col-md-7
-          = f.text_field :password, class: 'form-control', autocomplete: 'off'
+          = f.text_field :password, class: "form-control #{field_required}", autocomplete: 'off'
 
       .form-group
         .col-md-4.control-label
           = f.label :identity_code
         .col-md-7
           = f.text_field(:identity_code, class: 'form-control')
+
       .form-group
         .form-group.has-feedback.js-typeahead-container
           .col-md-4.control-label
@@ -32,9 +40,10 @@
             %span.glyphicon.glyphicon-ok.form-control-feedback.js-typeahead-ok.hidden
             %span.glyphicon.glyphicon-remove.form-control-feedback.js-typeahead-remove
             = f.hidden_field(:registrar_id, class: 'js-registrar-id')
+
       .form-group
         .col-md-4.control-label
-          = f.label :role
+          = f.label :role, class: 'required'
         .col-md-7
           = select_tag 'api_user[roles][]', 
             options_for_select(ApiUser::ROLES.map {|x| [t(x), x] }, @api_user.roles.try(:first)),

app/views/layouts/registrar/application.haml

@@ -54,7 +54,7 @@
                   = "#{current_user} (#{current_user.roles.first}) - #{current_user.registrar}"
                   %span.caret
                 %ul.dropdown-menu{role: "menu"}
-                  - ApiUser.where(identity_code: current_user.identity_code).includes(:registrar).each do |x|
+                  - ApiUser.all_by_identity_code(current_user.identity_code).each do |x|
                     %li= link_to "#{x} (#{x.roles.first}) - #{x.registrar}", "/registrar/switch_user/#{x.id}"
                   - if user_signed_in?
                     %li= link_to t(:log_out_), '/registrar/logout'

app/views/registrar/invoices/index.haml

@@ -4,7 +4,7 @@
 = render 'shared/title', name: t(:your_account)
 
 = t(:your_current_account_balance_is,
-  balance: current_user.registrar.cash_account.balance,
+  balance: currency(current_user.registrar.cash_account.balance),
   currency: current_user.registrar.cash_account.currency)
 
 %h1= t(:invoices)
@@ -68,7 +68,7 @@
                 %td{class: 'text-danger'}= t(:unpaid)
 
               %td= l(x.due_date, format: :date_long)
-              %td= x.sum
+              %td= currency(x.sum)
 .row
   .col-md-12
     = paginate @invoices