Merge branch 'master' of github.com:domify/registry

2025-07-03 01:33:36 +02:00 · 2015-08-19 13:20:10 +03:00 · 2015-08-19 13:20:10 +03:00 · e8a4706e73
commit e8a4706e73
parent 3600a9487e 4764c4ce77
16 changed files with 147 additions and 98 deletions
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@ -56,6 +56,15 @@ class Epp::SessionsController < EppController
      success = false
    end

+    if success && @api_user.cannot?(:create, :epp_login)
+      epp_errors << {
+        msg: 'Authentication error; server closing connection (API user does not have epp role)',
+        code: '2501'
+      }
+
+      success = false
+    end
+
    if success && !ip_white?
      epp_errors << {
        msg: 'Authentication error; server closing connection (IP is not whitelisted)',
@ -105,7 +114,7 @@ class Epp::SessionsController < EppController
  end

  def connection_limit_ok?
-    return true if Rails.env.test?
+    return true if Rails.env.test? || Rails.env.development?
    c = EppSession.where(
      'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes
    ).count
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -71,7 +71,7 @@ class Registrar::SessionsController < Devise::SessionsController
        redirect_to :back and return
      end

-      if @api_user.can_make_api_calls?
+      if @api_user.can?(:create, :epp_login)
        unless @api_user.registrar.api_ip_white?(request.ip)
          flash[:alert] = I18n.t(:ip_is_not_whitelisted)
          redirect_to :back and return
--- a/app/controllers/registrar_controller.rb
+++ b/app/controllers/registrar_controller.rb
@ -18,14 +18,14 @@ class RegistrarController < ApplicationController
      return
    end
    return if Rails.env.development?
-    riw = current_user.registrar.registrar_ip_white?(request.ip)
+    registrar_ip_whitelisted = current_user.registrar.registrar_ip_white?(request.ip)

-    aiw = true
-    if current_user.can_make_api_calls?
-      aiw = current_user.registrar.api_ip_white?(request.ip)
+    api_ip_whitelisted = true
+    if current_user.can?(:create, :epp_request)
+      api_ip_whitelisted = current_user.registrar.api_ip_white?(request.ip)
    end

-    return if riw && aiw
+    return if registrar_ip_whitelisted && api_ip_whitelisted
    flash[:alert] = t('ip_is_not_whitelisted')
    sign_out(current_user)
    redirect_to registrar_login_path and return