diff --git a/app/models/domain_status.rb b/app/models/domain_status.rb
index bf0ae2a51..30161c076 100644
--- a/app/models/domain_status.rb
+++ b/app/models/domain_status.rb
@@ -109,14 +109,12 @@ class DomainStatus < ApplicationRecord
DELETE_PROHIBIT_STATES = [
DomainStatus::CLIENT_DELETE_PROHIBITED,
DomainStatus::SERVER_DELETE_PROHIBITED,
- DomainStatus::CLIENT_UPDATE_PROHIBITED,
- DomainStatus::SERVER_UPDATE_PROHIBITED,
DomainStatus::PENDING_CREATE,
DomainStatus::PENDING_RENEW,
DomainStatus::PENDING_TRANSFER,
DomainStatus::PENDING_UPDATE,
DomainStatus::PENDING_DELETE
- ]
+ ].freeze
def epp_code_map
{
diff --git a/app/models/epp/domain.rb b/app/models/epp/domain.rb
index 31716de7d..f3da8d533 100644
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@@ -465,7 +465,7 @@ class Epp::Domain < Domain
def update(frame, current_user, verify = true)
return super if frame.blank?
- if discarded?
+ if discarded? || statuses_blocks_update?
add_epp_error('2304', nil, nil, 'Object status prohibits operation')
return
end
diff --git a/test/integration/epp/domain/delete/base_test.rb b/test/integration/epp/domain/delete/base_test.rb
index 56a3cc31e..d32a89f63 100644
--- a/test/integration/epp/domain/delete/base_test.rb
+++ b/test/integration/epp/domain/delete/base_test.rb
@@ -133,6 +133,40 @@ class EppDomainDeleteBaseTest < EppTestCase
assert_epp_response :completed_successfully
end
+ def test_deletes_on_update_prohibited
+ assert_equal 'shop.test', @domain.name
+ @domain.update(statuses: [DomainStatus::SERVER_UPDATE_PROHIBITED])
+ Setting.request_confirmation_on_domain_deletion_enabled = false
+
+ request_xml = <<-XML
+
+
+
+
+
+ shop.test
+
+
+
+
+ #{'test' * 2000}
+
+
+
+
+ XML
+
+ perform_enqueued_jobs do
+ post epp_delete_path, params: { frame: request_xml }, headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+ end
+ @domain.reload
+
+ assert_not @domain.registrant_verification_asked?
+ assert_not @domain.pending_delete_confirmation?
+ assert_no_emails
+ assert_epp_response :completed_successfully
+ end
+
def test_skips_registrant_confirmation_when_required_but_already_verified_by_registrar
assert_equal 'shop.test', @domain.name
Setting.request_confirmation_on_domain_deletion_enabled = true
diff --git a/test/integration/epp/domain/update/base_test.rb b/test/integration/epp/domain/update/base_test.rb
index 9a5e79639..53531e8b5 100644
--- a/test/integration/epp/domain/update/base_test.rb
+++ b/test/integration/epp/domain/update/base_test.rb
@@ -62,6 +62,27 @@ class EppDomainUpdateBaseTest < EppTestCase
assert_epp_response :object_status_prohibits_operation
end
+ def test_prohibited_domain_cannot_be_updated
+ @domain.update!(statuses: [DomainStatus::SERVER_UPDATE_PROHIBITED])
+
+ request_xml = <<-XML
+
+
+
+
+
+ shop.test
+
+
+
+
+ XML
+
+ post epp_update_path, params: { frame: request_xml },
+ headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+ assert_epp_response :object_status_prohibits_operation
+ end
+
def test_does_not_return_server_delete_prohibited_status_when_pending_update_status_is_set
@domain.update!(statuses: [DomainStatus::SERVER_DELETE_PROHIBITED,
DomainStatus::PENDING_UPDATE])