zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-06-08 05:34:46 +02:00
Code Issues Projects Releases Packages Wiki Activity

Require authentication on EPP logout

Browse source 
#700
This commit is contained in:
Artur Beljajev 2018-02-14 01:17:51 +02:00
parent 2ce4fa9ce0
commit ec43586ef4
3 changed files with 44 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/epp/sessions_controller.rb
View file

@ -124,6 +124,15 @@ class Epp::SessionsController < EppController
end end
def logout def logout
unless signed_in?
epp_errors << {
code: 2201,
msg: 'Authorization error'
}
handle_errors
return
end
@api_user = current_user # cache current_user for logging @api_user = current_user # cache current_user for logging
epp_session.destroy epp_session.destroy
response.headers['X-EPP-Returncode'] = '1500' response.headers['X-EPP-Returncode'] = '1500'

10
app/controllers/epp_controller.rb
View file

@ -397,4 +397,14 @@ class EppController < ApplicationController
name = self.class.to_s.sub("Epp::","").sub("Controller","").underscore.singularize name = self.class.to_s.sub("Epp::","").sub("Controller","").underscore.singularize
instance_variable_get("@#{name}") instance_variable_get("@#{name}")
end end
private
def signed_in?
epp_session
end
def epp_session_id
cookies[:session]
end
end end

42
test/integration/epp/session/logout_test.rb
View file

@ -1,8 +1,31 @@
require 'test_helper' require 'test_helper'
class EppLogoutTest < ActionDispatch::IntegrationTest class EppLogoutTest < ActionDispatch::IntegrationTest
def setup def test_success_response
@request_xml = <<-XML post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
assert Nokogiri::XML(response.body).at_css('result[code="1500"]')
assert_equal 1, Nokogiri::XML(response.body).css('result').size
end
def test_ends_current_session
post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
assert_nil EppSession.find_by(session_id: 'api_bestnames')
end
def test_keeps_other_sessions_intact
post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
assert EppSession.find_by(session_id: 'api_goodnames')
end
def test_anonymous_user
post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=non-existent' }
assert Nokogiri::XML(response.body).at_css('result[code="2201"]')
end
private
def request_xml
<<-XML
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd"> <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
<command> <command>
@ -10,20 +33,5 @@ class EppLogoutTest < ActionDispatch::IntegrationTest
</command> </command>
</epp> </epp>
XML XML
post '/epp/session/logout', { frame: @request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
end
def test_success_response
assert Nokogiri::XML(response.body).at_css('result[code="1500"]')
assert_equal 1, Nokogiri::XML(response.body).css('result').size
end
def test_ends_current_session
assert_nil EppSession.find_by(session_id: 'api_bestnames')
end
def test_keeps_other_sessions_intact
assert EppSession.find_by(session_id: 'api_goodnames')
end end
end end