Merge branch 'master' of github.com:domify/registry

This commit is contained in:
Martin Lensment 2015-08-19 13:20:10 +03:00
commit e8a4706e73
16 changed files with 147 additions and 98 deletions

View file

@ -56,6 +56,15 @@ class Epp::SessionsController < EppController
success = false
end
if success && @api_user.cannot?(:create, :epp_login)
epp_errors << {
msg: 'Authentication error; server closing connection (API user does not have epp role)',
code: '2501'
}
success = false
end
if success && !ip_white?
epp_errors << {
msg: 'Authentication error; server closing connection (IP is not whitelisted)',
@ -105,7 +114,7 @@ class Epp::SessionsController < EppController
end
def connection_limit_ok?
return true if Rails.env.test?
return true if Rails.env.test? || Rails.env.development?
c = EppSession.where(
'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes
).count

View file

@ -71,7 +71,7 @@ class Registrar::SessionsController < Devise::SessionsController
redirect_to :back and return
end
if @api_user.can_make_api_calls?
if @api_user.can?(:create, :epp_login)
unless @api_user.registrar.api_ip_white?(request.ip)
flash[:alert] = I18n.t(:ip_is_not_whitelisted)
redirect_to :back and return

View file

@ -18,14 +18,14 @@ class RegistrarController < ApplicationController
return
end
return if Rails.env.development?
riw = current_user.registrar.registrar_ip_white?(request.ip)
registrar_ip_whitelisted = current_user.registrar.registrar_ip_white?(request.ip)
aiw = true
if current_user.can_make_api_calls?
aiw = current_user.registrar.api_ip_white?(request.ip)
api_ip_whitelisted = true
if current_user.can?(:create, :epp_request)
api_ip_whitelisted = current_user.registrar.api_ip_white?(request.ip)
end
return if riw && aiw
return if registrar_ip_whitelisted && api_ip_whitelisted
flash[:alert] = t('ip_is_not_whitelisted')
sign_out(current_user)
redirect_to registrar_login_path and return