Disallow EPP domain:update/transfer/delete if a domain has "deleteCandidate" status

#355
2025-05-28 16:39:55 +02:00 · 2017-01-24 19:16:15 +02:00 · 2017-01-24 19:16:15 +02:00 · edf1e33260
commit edf1e33260
parent d4ddb5dc25
10 changed files with 193 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,6 @@
+24.01.2017
+* Disallow EPP domain:update/transfer/delete if a domain has "deleteCandidate" status
+
 22.12.2016
 * Return business registry code and country for 'org' type registrants in WHOIS and Rest-WHOIS

--- a/app/models/concerns/domain/deletable.rb
+++ b/app/models/concerns/domain/deletable.rb
@ -0,0 +1,11 @@
+module Concerns::Domain::Deletable
+  extend ActiveSupport::Concern
+
+  included do
+    alias_attribute :delete_time, :delete_at
+  end
+
+  def discarded?
+    statuses.include?(DomainStatus::DELETE_CANDIDATE)
+  end
+end
--- a/app/models/domain.rb
+++ b/app/models/domain.rb
@ -5,6 +5,7 @@ class Domain < ActiveRecord::Base
  include Concerns::Domain::Expirable
  include Concerns::Domain::Activatable
  include Concerns::Domain::ForceDelete
+  include Concerns::Domain::Deletable

  has_paper_trail class_name: "DomainVersion", meta: { children: :children_log }

@ -14,7 +15,6 @@ class Domain < ActiveRecord::Base

  alias_attribute :on_hold_time, :outzone_at
  alias_attribute :outzone_time, :outzone_at
-  alias_attribute :delete_time, :delete_at

  # TODO: whois requests ip whitelist for full info for own domains and partial info for other domains
  # TODO: most inputs should be trimmed before validatation, probably some global logic?
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@ -472,6 +472,9 @@ class Epp::Domain < Domain
  # rubocop: disable Metrics/CyclomaticComplexity
  def update(frame, current_user, verify = true)
    return super if frame.blank?
+
+    check_discarded
+
    at = {}.with_indifferent_access
    at.deep_merge!(attrs_from(frame.css('chg'), current_user, 'chg'))
    at.deep_merge!(attrs_from(frame.css('rem'), current_user, 'rem'))
@ -563,6 +566,8 @@ class Epp::Domain < Domain
  def epp_destroy(frame, user_id)
    return false unless valid?

+    check_discarded
+
    if doc = attach_legal_document(Epp::Domain.parse_legal_document_from_frame(frame))
      frame.css("legalDocument").first.content = doc.path if doc && doc.persisted?
    end
@ -629,6 +634,8 @@ class Epp::Domain < Domain

  # rubocop: disable Metrics/CyclomaticComplexity
  def transfer(frame, action, current_user)
+    check_discarded
+
    @is_transfer = true

    case action
@ -925,5 +932,16 @@ class Epp::Domain < Domain
      res
    end
  end
+
+  private
+
+  def check_discarded
+    if discarded?
+      throw :epp_error, {
+        code: '2105',
+        msg: I18n.t(:object_is_not_eligible_for_renewal),
+      }
+    end
+  end
 end
 # rubocop: enable Metrics/ClassLength
--- a/spec/factories/domain.rb
+++ b/spec/factories/domain.rb
@ -15,5 +15,9 @@ FactoryGirl.define do
      force_delete_time nil
      statuses []
    end
+
+    factory :domain_discarded do
+      statuses [DomainStatus::DELETE_CANDIDATE]
+    end
  end
 end
--- a/spec/models/concerns/domain/deletable_spec.rb
+++ b/spec/models/concerns/domain/deletable_spec.rb
@ -0,0 +1,19 @@
+require 'rails_helper'
+
+RSpec.describe Domain, db: false do
+  it { is_expected.to alias_attribute(:delete_time, :delete_at) }
+
+  describe '#discarded?' do
+    context 'when :deleteCandidate status is present' do
+      let(:domain) { described_class.new(statuses: [DomainStatus::DELETE_CANDIDATE]) }
+
+      specify { expect(domain).to be_discarded }
+    end
+
+    context 'when :deleteCandidate status is absent' do
+      let(:domain) { described_class.new(statuses: []) }
+
+      specify { expect(domain).to_not be_discarded }
+    end
+  end
+end
--- a/spec/models/domain_spec.rb
+++ b/spec/models/domain_spec.rb
@ -607,7 +607,6 @@ end

 RSpec.describe Domain, db: false do
  it { is_expected.to alias_attribute(:on_hold_time, :outzone_at) }
-  it { is_expected.to alias_attribute(:delete_time, :delete_at) }
  it { is_expected.to alias_attribute(:outzone_time, :outzone_at) }

  describe 'nameserver validation', db: true do
--- a/spec/requests/epp/domain/delete/discarded_spec.rb
+++ b/spec/requests/epp/domain/delete/discarded_spec.rb
@ -0,0 +1,48 @@
+require 'rails_helper'
+
+RSpec.describe 'EPP domain:delete' do
+  let(:request_xml) { <<-XML
+    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+      <command>
+        <delete>
+          <domain:delete xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+            <domain:name>test.com</domain:name>
+          </domain:delete>
+        </delete>
+        <extension>
+          <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
+            <eis:legalDocument type="pdf">dGVzdCBmYWlsCg==</eis:legalDocument>
+          </eis:extdata>
+        </extension>
+      </command>
+    </epp>
+  XML
+  }
+
+  subject(:response_xml) { Nokogiri::XML(response.body) }
+  subject(:response_code) { response_xml.xpath('//xmlns:result').first['code'] }
+  subject(:response_description) { response_xml.css('result msg').text }
+
+  before :example do
+    sign_in_to_epp_area
+  end
+
+  context 'when domain is not discarded' do
+    let!(:domain) { create(:domain, name: 'test.com') }
+
+    it 'returns epp code of 1001' do
+      post '/epp/command/delete', frame: request_xml
+      expect(response_code).to eq('1001'), "Expected EPP code of 1001, got #{response_code} (#{response_description})"
+    end
+  end
+
+  context 'when domain is discarded' do
+    let!(:domain) { create(:domain_discarded, name: 'test.com') }
+
+    it 'returns epp code of 2105' do
+      post '/epp/command/delete', frame: request_xml
+      expect(response_code).to eq('2105'), "Expected EPP code of 2105, got #{response_code} (#{response_description})"
+    end
+  end
+end
--- a/spec/requests/epp/domain/transfer/discarded_spec.rb
+++ b/spec/requests/epp/domain/transfer/discarded_spec.rb
@ -0,0 +1,46 @@
+require 'rails_helper'
+
+RSpec.describe 'EPP domain:transfer' do
+  let(:request_xml) { <<-XML
+    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+      <command>
+        <transfer op="request">
+          <domain:transfer xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+            <domain:name>test.com</domain:name>
+            <domain:authInfo>
+              <domain:pw>98oiewslkfkd</domain:pw>
+            </domain:authInfo>
+          </domain:transfer>
+        </transfer>
+      </command>
+    </epp>
+  XML
+  }
+
+  subject(:response_xml) { Nokogiri::XML(response.body) }
+  subject(:response_code) { response_xml.xpath('//xmlns:result').first['code'] }
+  subject(:response_description) { response_xml.css('result msg').text }
+
+  before :example do
+    sign_in_to_epp_area
+  end
+
+  context 'when domain is not discarded' do
+    let!(:domain) { create(:domain, name: 'test.com') }
+
+    it 'returns epp code of 1000' do
+      post '/epp/command/transfer', frame: request_xml
+      expect(response_code).to eq('1000'), "Expected EPP code of 1000, got #{response_code} (#{response_description})"
+    end
+  end
+
+  context 'when domain is discarded' do
+    let!(:domain) { create(:domain_discarded, name: 'test.com') }
+
+    it 'returns epp code of 2105' do
+      post '/epp/command/transfer', frame: request_xml
+      expect(response_code).to eq('2105'), "Expected EPP code of 2105, got #{response_code} (#{response_description})"
+    end
+  end
+end
--- a/spec/requests/epp/domain/update/discarded_spec.rb
+++ b/spec/requests/epp/domain/update/discarded_spec.rb
@ -0,0 +1,43 @@
+require 'rails_helper'
+
+RSpec.describe 'EPP domain:update' do
+  let(:request_xml) { <<-XML
+    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+      <command>
+        <update>
+          <domain:update xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+            <domain:name>test.com</domain:name>
+          </domain:update>
+        </update>
+      </command>
+    </epp>
+  XML
+  }
+
+  subject(:response_xml) { Nokogiri::XML(response.body) }
+  subject(:response_code) { response_xml.xpath('//xmlns:result').first['code'] }
+  subject(:response_description) { response_xml.css('result msg').text }
+
+  before :example do
+    sign_in_to_epp_area
+  end
+
+  context 'when domain is not discarded' do
+    let!(:domain) { create(:domain, name: 'test.com') }
+
+    it 'returns epp code of 1000' do
+      post '/epp/command/update', frame: request_xml
+      expect(response_code).to eq('1000'), "Expected EPP code of 1000, got #{response_code} (#{response_description})"
+    end
+  end
+
+  context 'when domain is discarded' do
+    let!(:domain) { create(:domain_discarded, name: 'test.com') }
+
+    it 'returns epp code of 2105' do
+      post '/epp/command/update', frame: request_xml
+      expect(response_code).to eq('2105'), "Expected EPP code of 2105, got #{response_code} (#{response_description})"
+    end
+  end
+end