Merge branch 'alpha' into staging

2025-07-22 18:56:05 +02:00 · 2015-08-26 14:36:47 +03:00 · 2015-08-26 14:36:47 +03:00 · f44068b198
commit f44068b198
parent 6a3dbf6321 39878a5813
79 changed files with 2306 additions and 1515 deletions
--- a/1
+++ b/1
@ -11,6 +11,7 @@ source 'https://rubygems.org'
 gem 'rails',        '4.2.3' # when update, all initializers eis_custom files needs check/update
 gem 'iso8601',      '~> 0.8.6' # for dates and times
 gem 'hashie-forbidden_attributes', '~> 0.1.1'
 gem 'SyslogLogger', '~> 2.0', require: 'syslog/logger'
 # load env
 gem 'figaro', '~> 1.1.1'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -36,6 +36,7 @@ GIT
 GEM
  remote: https://rubygems.org/
  specs:
    SyslogLogger (2.0)
    abstract_type (0.0.7)
    actionmailer (4.2.3)
      actionpack (= 4.2.3)
@ -539,6 +540,7 @@ PLATFORMS
  ruby
 DEPENDENCIES
  SyslogLogger (~> 2.0)
  activerecord-import (~> 0.7.0)
  autodoc
  better_errors (~> 2.1.1)
--- a/app/assets/javascripts/shared/jquery.validate.bootstrap.coffee
+++ b/app/assets/javascripts/shared/jquery.validate.bootstrap.coffee
@ -18,3 +18,6 @@ $.validator.setDefaults
      error.insertAfter element
    return
 jQuery.validator.addMethod 'lax_email', ((value, element) ->
  @optional(element) or (value.match(new RegExp("@", "g")) || []).length == 1
 ), 'Please enter a valid email address.'
--- a/app/controllers/epp/contacts_controller.rb
+++ b/app/controllers/epp/contacts_controller.rb
@ -60,7 +60,7 @@ class Epp::ContactsController < EppController
  def find_contact
    code = params[:parsed_frame].css('id').text.strip.upcase
-    
+
    @contact = Epp::Contact.find_by_epp_code(code)
    if @contact.blank?
@ -123,12 +123,6 @@ class Epp::ContactsController < EppController
  def validate_update
    @prefix = 'update > update >'
    if element_count('chg') == 0 && element_count('rem') == 0 && element_count('add') == 0
      epp_errors << {
        code: '2003',
        msg: I18n.t('errors.messages.required_parameter_missing', key: 'add, rem or chg')
      }
    end
    contact_org_disabled
    fax_disabled
    status_editing_disabled
@ -148,6 +142,7 @@ class Epp::ContactsController < EppController
  def contact_org_disabled
    return true if ENV['contact_org_enabled'] == 'true'
    return true if params[:parsed_frame].css('postalInfo org').text.blank?
    epp_errors << {
      code: '2306',
      msg: "#{I18n.t(:contact_org_error)}: postalInfo > org [org]"
--- a/app/controllers/epp/sessions_controller.rb
+++ b/app/controllers/epp/sessions_controller.rb
@ -56,6 +56,15 @@ class Epp::SessionsController < EppController
      success = false
    end
    if success && @api_user.cannot?(:create, :epp_login)
      epp_errors << {
        msg: 'Authentication error; server closing connection (API user does not have epp role)',
        code: '2501'
      }
      success = false
    end
    if success && !ip_white?
      epp_errors << {
        msg: 'Authentication error; server closing connection (IP is not whitelisted)',
@ -105,7 +114,7 @@ class Epp::SessionsController < EppController
  end
  def connection_limit_ok?
-    return true if Rails.env.test?
+    return true if Rails.env.test? || Rails.env.development?
    c = EppSession.where(
      'registrar_id = ? AND updated_at >= ?', @api_user.registrar_id, Time.zone.now - 5.minutes
    ).count
--- a/app/controllers/registrar/domains_controller.rb
+++ b/app/controllers/registrar/domains_controller.rb
@ -5,10 +5,19 @@ class Registrar::DomainsController < Registrar::DeppController # EPP controller
  # rubocop: disable Metrics/PerceivedComplexity
  # rubocop: disable Metrics/CyclomaticComplexity
  # rubocop: disable Metrics/AbcSize
  # rubocop: disable Metrics/MethodLength
  def index
    authorize! :view, Depp::Domain
    params[:q] ||= {}
    params[:q].delete_if { |_k, v| v.blank? }
    if params[:q].length == 1 && params[:q][:name_matches].present?
      @domain = Domain.find_by(name: params[:q][:name_matches])
      if @domain
        redirect_to info_registrar_domains_path(domain_name: @domain.name) and return
      end
    end
    if params[:statuses_contains]
      domains = current_user.registrar.domains.includes(:registrar, :registrant).where(
        "statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}"
@ -20,9 +29,7 @@ class Registrar::DomainsController < Registrar::DeppController # EPP controller
    normalize_search_parameters do
      @q = domains.search(params[:q])
      @domains = @q.result.page(params[:page])
-      if @domains.count == 1 && params[:q][:name_matches].present?
+      if @domains.count == 0 && params[:q][:name_matches] !~ /^%.+%$/
        redirect_to info_registrar_domains_path(domain_name: @domains.first.name) and return
      elsif @domains.count == 0 && params[:q][:name_matches] !~ /^%.+%$/
        # if we do not get any results, add wildcards to the name field and search again
        n_cache = params[:q][:name_matches]
        params[:q][:name_matches] = "%#{params[:q][:name_matches]}%"
@ -123,7 +130,7 @@ class Registrar::DomainsController < Registrar::DeppController # EPP controller
  def transfer
    authorize! :transfer, Depp::Domain
-    if params[:domain_name]
+    if request.post? && params[:domain_name]
      @data = @domain.transfer(params)
      render 'transfer_index' and return unless response_ok?
    else
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -59,16 +59,32 @@ class Registrar::SessionsController < Devise::SessionsController
      render 'login'
    end
  end
  # rubocop:enable Metrics/CyclomaticComplexity
  # rubocop:enable Metrics/PerceivedComplexity
  # rubocop:enable Metrics/MethodLength
  # rubocop:enable Metrics/AbcSize
  def switch_user
    @api_user = ApiUser.find(params[:id])
    unless Rails.env.development?
      unless @api_user.registrar.registrar_ip_white?(request.ip)
        flash[:alert] = I18n.t(:ip_is_not_whitelisted)
        redirect_to :back and return
      end
      if @api_user.can?(:create, :epp_login)
        unless @api_user.registrar.api_ip_white?(request.ip)
          flash[:alert] = I18n.t(:ip_is_not_whitelisted)
          redirect_to :back and return
        end
      end
    end
    sign_in @api_user if @api_user.identity_code == current_user.identity_code
    redirect_to :back
  end
  # rubocop:enable Metrics/CyclomaticComplexity
  # rubocop:enable Metrics/PerceivedComplexity
  def id
    @user = ApiUser.find_by_idc_data(request.env['SSL_CLIENT_S_DN'])
--- a/app/controllers/registrar_controller.rb
+++ b/app/controllers/registrar_controller.rb
@ -9,6 +9,8 @@ class RegistrarController < ApplicationController
    false
  end
  # rubocop:disable Metrics/PerceivedComplexity
  # rubocop:disable Metrics/CyclomaticComplexity
  def check_ip
    return unless current_user
    unless current_user.is_a? ApiUser
@ -16,11 +18,20 @@ class RegistrarController < ApplicationController
      return
    end
    return if Rails.env.development?
-    return if current_user.registrar.registrar_ip_white?(request.ip)
+    registrar_ip_whitelisted = current_user.registrar.registrar_ip_white?(request.ip)
-    flash[:alert] = t('access_denied')
+
    api_ip_whitelisted = true
    if current_user.can?(:create, :epp_request)
      api_ip_whitelisted = current_user.registrar.api_ip_white?(request.ip)
    end
    return if registrar_ip_whitelisted && api_ip_whitelisted
    flash[:alert] = t('ip_is_not_whitelisted')
    sign_out(current_user)
    redirect_to registrar_login_path and return
  end
  # rubocop:enable Metrics/PerceivedComplexity
  # rubocop:enable Metrics/CyclomaticComplexity
  helper_method :head_title_sufix
  def head_title_sufix
--- a/app/mailers/domain_mailer.rb
+++ b/app/mailers/domain_mailer.rb
@ -73,8 +73,8 @@ class DomainMailer < ApplicationMailer
    @domain = domain
    # no delivery off control, driggered by que, no epp request
-    @new_registrant_email = @domain.pending_json[:new_registrant_email] 
+    @new_registrant_email = @domain.pending_json['new_registrant_email'] 
-    @new_registrant_name  = @domain.pending_json[:new_registrant_name] 
+    @new_registrant_name  = @domain.pending_json['new_registrant_name'] 
    return if whitelist_blocked?(@new_registrant_email)
    mail(to: @new_registrant_email,
@ -86,8 +86,8 @@ class DomainMailer < ApplicationMailer
    @domain = domain
    # no delivery off control, driggered by cron, no epp request
-    @new_registrant_email = @domain.pending_json[:new_registrant_email] 
+    @new_registrant_email = @domain.pending_json['new_registrant_email'] 
-    @new_registrant_name  = @domain.pending_json[:new_registrant_name] 
+    @new_registrant_name  = @domain.pending_json['new_registrant_name'] 
    return if whitelist_blocked?(@new_registrant_email)
    if @new_registrant_email.blank?
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -24,7 +24,26 @@ class Ability
    can :create, :registrant_domain_update_confirm
  end
-  def static_epp
+  #
  # User roles
  #
  def super # Registrar/api_user dynamic role
    static_registrar
    epp
    billing
  end
  def epp # Registrar/api_user dynamic role
    static_registrar
    # REPP
    can(:manage, :repp)
    # EPP
    can(:create, :epp_login) # billing can establis epp connection in order to login
    can(:create, :epp_request)
    # Epp::Domain
    can(:info,     Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.auth_info == pw }
    can(:check,    Epp::Domain)
@ -44,66 +63,24 @@ class Ability
    can(:delete, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
    can(:renew,  Epp::Contact)
    can(:view_password, Epp::Contact) { |c, pw| c.registrar_id == @user.registrar_id || c.auth_info == pw }
    # REPP
    can(:manage, :repp)
  end
-  def static_registrar
+  def billing # Registrar/api_user dynamic role
    can :manage, Nameserver
    can :view, :registrar_dashboard
-    can :delete, :registrar_poll
+    can(:manage, Invoice) { |i| i.buyer_id == @user.registrar_id }
    can :manage, :registrar_xml_console
    can :manage, Depp::Contact
    can :manage, Depp::Domain
    can :renew,  Depp::Domain
    can :transfer, Depp::Domain
    can :manage, Depp::Keyrelay
    can :confirm, :keyrelay
    can :confirm, :transfer
  end
  def static_registrant
    can :manage, :registrant_domains
    can :manage, :registrant_whois
    can :manage, Depp::Domain
  end
  def user
    can :show, :dashboard
  end
  # Registrar/api_user dynamic role
  def super
    static_registrar
    billing
    epp
  end
  # Registrar/api_user dynamic role
  def epp
    static_registrar
    static_epp
  end
  # Registrar/api_user dynamic role
  def billing
    can :view, :registrar_dashboard
    can :manage, Invoice
    can :manage, :deposit
    can :read, AccountActivity
    can(:create, :epp_login) # billing can establis epp connection in order to login
  end
-  # Admin/admin_user dynamic role
+  def customer_service # Admin/admin_user dynamic role
  def customer_service
    user
    can :manage, Domain
    can :manage, Contact
    can :manage, Registrar
  end
-  # Admin/admin_user dynamic role
+  def admin # Admin/admin_user dynamic role
  def admin
    customer_service
    can :manage, Setting
    can :manage, BlockedDomain
@ -128,6 +105,34 @@ class Ability
    can :create, :zonefile
    can :access, :settings_menu
  end
  #
  # Static roles, linked from dynamic roles
  #
  def static_registrar
    can :manage, Nameserver
    can :view, :registrar_dashboard
    can :delete, :registrar_poll
    can :manage, :registrar_xml_console
    can :manage, Depp::Contact
    can :manage, Depp::Domain
    can :renew,  Depp::Domain
    can :transfer, Depp::Domain
    can :manage, Depp::Keyrelay
    can :confirm, :keyrelay
    can :confirm, :transfer
  end
  def static_registrant
    can :manage, :registrant_domains
    can :manage, :registrant_whois
    can :manage, Depp::Domain
  end
  def user
    can :show, :dashboard
  end
  # rubocop: enable Metrics/LineLength
  # rubocop: enable Metrics/CyclomaticComplexity
  # rubocop: enable Metrics/PerceivedComplexity
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@ -24,6 +24,9 @@ class ApiUser < User
  attr_accessor :registrar_typeahead
  SUPER = 'super'
  EPP = 'epp'
  ROLES = %w(super epp billing) # should not match to admin roles
  def ability
@ -37,6 +40,20 @@ class ApiUser < User
    self.active = true unless active_changed?
  end
  class << self
    def find_by_idc_data(idc_data)
      return false if idc_data.blank?
      identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first
      find_by(identity_code: identity_code)
    end
    def all_by_identity_code(identity_code)
      ApiUser.where(identity_code: identity_code)
        .where("identity_code is NOT NULL and identity_code != ''").includes(:registrar)
    end
  end
  def registrar_typeahead
    @registrar_typeahead || registrar || nil
  end
@ -68,13 +85,4 @@ class ApiUser < User
    md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
    certificates.api.exists?(md5: md5, common_name: cn)
  end
  class << self
    def find_by_idc_data(idc_data)
      return false if idc_data.blank?
      identity_code = idc_data.scan(/serialNumber=(\d+)/).flatten.first
      find_by(identity_code: identity_code)
    end
  end
 end
--- a/app/models/contact.rb
+++ b/app/models/contact.rb
@ -236,6 +236,7 @@ class Contact < ActiveRecord::Base
  def generate_auth_info
    return if @generate_auth_info_disabled
    return if auth_info.present?
    self.auth_info = SecureRandom.hex(11)
  end
@ -243,9 +244,9 @@ class Contact < ActiveRecord::Base
    @generate_auth_info_disabled = true
  end
-  def auth_info=(pw)
+  # def auth_info=(pw)
-    self[:auth_info] = pw if new_record?
+  #   self[:auth_info] = pw if new_record?
-  end
+  # end
  def code=(code)
    self[:code] = code if new_record? # cannot change code later
--- a/app/models/depp/domain.rb
+++ b/app/models/depp/domain.rb
@ -228,9 +228,9 @@ module Depp
        {
          name: { value: domain_params[:name] },
          chg: chg,
          add: add_arr,
-          rem: rem_arr
+          rem: rem_arr,
          chg: chg
        }
      end
      # rubocop: enable Metrics/PerceivedComplexity
--- a/app/models/domain.rb
+++ b/app/models/domain.rb
@ -394,10 +394,10 @@ class Domain < ActiveRecord::Base
    self.registrant_verification_token = token
    self.registrant_verification_asked_at = asked_at
    set_pending_update
-    pending_json[:domain] = changes_cache
+    pending_json['domain'] = changes_cache
-    pending_json[:new_registrant_id]    = new_registrant_id
+    pending_json['new_registrant_id']    = new_registrant_id
-    pending_json[:new_registrant_email] = new_registrant_email
+    pending_json['new_registrant_email'] = new_registrant_email
-    pending_json[:new_registrant_name]  = new_registrant_name
+    pending_json['new_registrant_name']  = new_registrant_name
    # This pending_update! method is triggered by before_update
    # Note, all before_save callbacks are excecuted before before_update,
@ -503,10 +503,6 @@ class Domain < ActiveRecord::Base
    (errors.keys - assoc_errors).empty?
  end
  def statuses_tab_valid?
    !errors.keys.any? { |x| x.match(/domain_statuses/) }
  end
  ## SHARED
  def name_in_wire_format
@ -532,8 +528,13 @@ class Domain < ActiveRecord::Base
    Registrant.find_by(id: pending_json['domain']['registrant_id'].last)
  end
  # rubocop:disable Lint/Loop
  def generate_auth_info
    return if auth_info.present?
    generate_auth_info!
  end
  # rubocop:disable Lint/Loop
  def generate_auth_info!
    begin
      self.auth_info = SecureRandom.hex
    end while self.class.exists?(auth_info: auth_info)
@ -617,7 +618,6 @@ class Domain < ActiveRecord::Base
    statuses.include?(DomainStatus::FORCE_DELETE)
  end
  # TODO: Review the list and disallow epp calls
  def pending_update_prohibited?
    (statuses & [
      DomainStatus::CLIENT_UPDATE_PROHIBITED,
@ -642,7 +642,6 @@ class Domain < ActiveRecord::Base
    statuses.include?(DomainStatus::PENDING_DELETE) && !statuses.include?(DomainStatus::FORCE_DELETE)
  end
  # TODO: Review the list and disallow epp calls
  def pending_delete_prohibited?
    (statuses & [
      DomainStatus::CLIENT_DELETE_PROHIBITED,
--- a/app/models/epp/contact.rb
+++ b/app/models/epp/contact.rb
@ -20,44 +20,29 @@ class Epp::Contact < Contact
    # rubocop: disable Metrics/PerceivedComplexity
    # rubocop: disable Metrics/CyclomaticComplexity
    # rubocop: disable Metrics/MethodLength
    # rubocop: disable Metrics/AbcSize
-    def attrs_from(frame, rem = nil)
+    def attrs_from(frame)
      f = frame
      at = {}.with_indifferent_access
-      if rem
+      at[:name]       = f.css('postalInfo name').text        if f.css('postalInfo name').present?
-        at[:name]         = nil if f.css('postalInfo name').present? 
+      at[:org_name]   = f.css('postalInfo org').text         if f.css('postalInfo org').present?
-        at[:org_name]     = nil if f.css('postalInfo org').present? 
+      at[:email]      = f.css('email').text                  if f.css('email').present?
-        at[:email]        = nil if f.css('email').present?
+      at[:fax]        = f.css('fax').text                    if f.css('fax').present?
-        at[:fax]          = nil if f.css('fax').present?
+      at[:phone]      = f.css('voice').text                  if f.css('voice').present?
-        at[:phone]        = nil if f.css('voice').present?
+      at[:city]       = f.css('postalInfo addr city').text   if f.css('postalInfo addr city').present?
-        at[:city]         = nil if f.css('postalInfo addr city').present?
+      at[:zip]        = f.css('postalInfo addr pc').text     if f.css('postalInfo addr pc').present?
-        at[:zip]          = nil if f.css('postalInfo addr pc').present?
+      at[:street]     = f.css('postalInfo addr street').text if f.css('postalInfo addr street').present?
-        at[:street]       = nil if f.css('postalInfo addr street').present?
+      at[:state]      = f.css('postalInfo addr sp').text     if f.css('postalInfo addr sp').present?
-        at[:state]        = nil if f.css('postalInfo addr sp').present?
+      at[:country_code] = f.css('postalInfo addr cc').text     if f.css('postalInfo addr cc').present?
-        at[:country_code] = nil if f.css('postalInfo addr cc').present?
+      at[:auth_info]    = f.css('authInfo pw').text            if f.css('authInfo pw').present?
      else
        at[:name]       = f.css('postalInfo name').text        if f.css('postalInfo name').present? 
        at[:org_name]   = f.css('postalInfo org').text         if f.css('postalInfo org').present? 
        at[:email]      = f.css('email').text                  if f.css('email').present?
        at[:fax]        = f.css('fax').text                    if f.css('fax').present?
        at[:phone]      = f.css('voice').text                  if f.css('voice').present?
        at[:city]       = f.css('postalInfo addr city').text   if f.css('postalInfo addr city').present?
        at[:zip]        = f.css('postalInfo addr pc').text     if f.css('postalInfo addr pc').present?
        at[:street]     = f.css('postalInfo addr street').text if f.css('postalInfo addr street').present?
        at[:state]      = f.css('postalInfo addr sp').text     if f.css('postalInfo addr sp').present?
        at[:country_code] = f.css('postalInfo addr cc').text     if f.css('postalInfo addr cc').present?
        at[:auth_info]    = f.css('authInfo pw').text            if f.css('authInfo pw').present? 
      end
      legal_frame = f.css('legalDocument').first
      if legal_frame.present?
-        at[:legal_documents_attributes] = legal_document_attrs(legal_frame) 
+        at[:legal_documents_attributes] = legal_document_attrs(legal_frame)
      end
      at.merge!(ident_attrs(f.css('ident').first))
      at
    end
    # rubocop: enable Metrics/MethodLength
    # rubocop: enable Metrics/PerceivedComplexity
    # rubocop: enable Metrics/CyclomaticComplexity
    # rubocop: enable Metrics/AbcSize
@ -150,12 +135,49 @@ class Epp::Contact < Contact
  def update_attributes(frame)
    return super if frame.blank?
    at = {}.with_indifferent_access
    at.deep_merge!(self.class.attrs_from(frame.css('rem'), 'rem'))
    at.deep_merge!(self.class.attrs_from(frame.css('add')))
    at.deep_merge!(self.class.attrs_from(frame.css('chg')))
    if Setting.client_status_editing_enabled
      at[:statuses] = statuses - statuses_attrs(frame.css('rem'), 'rem') + statuses_attrs(frame.css('add'), 'add')
    end
    legal_frame = frame.css('legalDocument').first
-    at[:legal_documents_attributes] = self.class.legal_document_attrs(legal_frame) 
+    at[:legal_documents_attributes] = self.class.legal_document_attrs(legal_frame)
    self.deliver_emails = true # turn on email delivery for epp
    super(at)
  end
  def statuses_attrs(frame, action)
    status_list = status_list_from(frame)
    if action == 'rem'
      to_destroy = []
      status_list.each do |status|
        if statuses.include?(status)
          to_destroy << status
        else
          add_epp_error('2303', 'status', status, [:contact_statuses, :not_found])
        end
      end
      return to_destroy
    else
      return status_list
    end
  end
  def status_list_from(frame)
    status_list = []
    frame.css('status').each do |status|
      unless Contact::CLIENT_STATUSES.include?(status['s'])
        add_epp_error('2303', 'status', status['s'], [:domain_statuses, :not_found])
        next
      end
      status_list << status['s']
    end
    status_list
  end
 end
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@ -152,6 +152,9 @@ class Epp::Domain < Domain
    at[:tech_domain_contacts_attributes] = tech_domain_contacts_attrs(frame, action)
    # at[:domain_statuses_attributes] = domain_statuses_attrs(frame, action)
    pw = frame.css('authInfo > pw').text
    at[:auth_info] = pw if pw.present?
    if new_record?
      dnskey_frame = frame.css('extension create')
    else
@ -419,6 +422,7 @@ class Epp::Domain < Domain
      registrant_verification_asked!(frame.to_s, current_user.id)
    end
    self.deliver_emails = true # turn on email delivery for epp
    errors.empty? && super(at)
  end
  # rubocop: enable Metrics/AbcSize
@ -616,7 +620,7 @@ class Epp::Domain < Domain
      if dt.approved?
        transfer_contacts(current_user.registrar_id)
        dt.notify_losing_registrar(old_contact_codes, old_registrant_code)
-        generate_auth_info
+        generate_auth_info!
        self.registrar = current_user.registrar
      end
--- a/app/models/invoice.rb
+++ b/app/models/invoice.rb
@ -126,14 +126,14 @@ class Invoice < ActiveRecord::Base
  end
  def sum_without_vat
-    items.map(&:item_sum_without_vat).sum
+    (items.map(&:item_sum_without_vat).sum).round(2)
  end
  def vat
-    sum_without_vat * vat_prc
+    (sum_without_vat * vat_prc).round(2)
  end
  def sum
-    sum_without_vat + vat
+    (sum_without_vat + vat).round(2)
  end
 end
--- a/app/models/invoice_item.rb
+++ b/app/models/invoice_item.rb
@ -3,6 +3,6 @@ class InvoiceItem < ActiveRecord::Base
  belongs_to :invoice
  def item_sum_without_vat
-    amount * price
+    (amount * price).round(2)
  end
 end
--- a/app/models/legacy/domain.rb
+++ b/app/models/legacy/domain.rb
@ -11,5 +11,6 @@ module Legacy
    has_many :dnskeys, foreign_key: :keysetid, primary_key: :keyset
    has_many :domain_contact_maps, foreign_key: :domainid
    has_many :nsset_contact_maps, foreign_key: :nssetid, primary_key: :nsset
    has_many :domain_histories, foreign_key: :id
  end
 end
--- a/app/models/legacy/domain_history.rb
+++ b/app/models/legacy/domain_history.rb
@ -0,0 +1,7 @@
 module Legacy
  class DomainHistory < Db
    self.table_name = :domain_history
    belongs_to :domain, foreign_key: :id
  end
 end
--- a/app/models/registrar.rb
+++ b/app/models/registrar.rb
@ -45,8 +45,8 @@ class Registrar < ActiveRecord::Base
    end
  end
-  validates :email, :billing_email, 
+  validates :email, :billing_email,
-    email_format: { message: :invalid }, 
+    email_format: { message: :invalid },
    allow_blank: true, if: proc { |c| c.email_changed? }
  WHOIS_TRIGGERS = %w(name email phone street city state zip)
@ -165,15 +165,11 @@ class Registrar < ActiveRecord::Base
  def api_ip_white?(ip)
    return true unless Setting.api_ip_whitelist_enabled
-    white_ips.api.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
+    white_ips.api.pluck(:ipv4, :ipv6).flatten.include?(ip)
  end
  def registrar_ip_white?(ip)
    return true unless Setting.registrar_ip_whitelist_enabled
-    white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
+    white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip)
  end
  def global_ip_white?(ip)
    white_ips.global.pluck(:ipv4, :ipv6).flatten.include?(ip)
  end
 end
--- a/app/models/white_ip.rb
+++ b/app/models/white_ip.rb
@ -15,12 +15,10 @@ class WhiteIp < ActiveRecord::Base
  API = 'api'
  REGISTRAR = 'registrar'
-  GLOBAL = 'global'
+  INTERFACES = [API, REGISTRAR]
  INTERFACES = [GLOBAL, API, REGISTRAR]
  scope :api, -> { where(interface: API) }
  scope :registrar, -> { where(interface: REGISTRAR) }
  scope :global, -> { where(interface: GLOBAL) }
  class << self
    def registrar_ip_white?(ip)
@ -28,9 +26,7 @@ class WhiteIp < ActiveRecord::Base
      at = WhiteIp.arel_table
      WhiteIp.where(
-        at[:interface].eq(REGISTRAR).or(
+        at[:interface].eq(REGISTRAR).and(
          at[:interface].eq(GLOBAL)
        ).and(
          at[:ipv4].eq(ip)
        )
      ).any?
--- a/app/views/admin/admin_users/_form.haml
+++ b/app/views/admin/admin_users/_form.haml
@ -1,3 +1,10 @@
 - if @admin_user.new_record?
  - overwrite_required = ''
  - field_required = 'required'
 - else
  - overwrite_required = 'not-required' # otherwise automatic one adds required
  - field_required = ''
 = form_for([:admin, @admin_user], html: { class: 'form-horizontal', autocomplete: 'off' }) do |f|
  = render 'shared/full_errors', object: @admin_user
@ -11,39 +18,41 @@
      - if @admin_user.new_record? || can?(:update, AdminUser)
        .form-group
          .col-md-4.control-label
-            - not_required = @admin_user.new_record? ? '' : 'not-required'
+            
-            = f.label :password, class: not_required
+            = f.label :password, class: overwrite_required
          .col-md-8
-            = f.text_field(:password, class: 'form-control')
+            = f.text_field(:password, class: "form-control #{field_required}")
        .form-group
          .col-md-4.control-label
-            = f.label :password_confirmation, class: not_required
+            = f.label :password_confirmation, class: overwrite_required
          .col-md-8
-            = f.text_field(:password_confirmation, class: 'form-control')
+            = f.text_field(:password_confirmation, class: "form-control #{field_required}")
      %hr
      .form-group
        .col-md-4.control-label
          = f.label :identity_code
        .col-md-8
-          = f.text_field(:identity_code, class: 'form-control')
+          = f.text_field(:identity_code, class: 'form-control required')
      .form-group
        .col-md-4.control-label
          = f.label :email
        .col-md-8
-          = f.text_field(:email, class: 'form-control', email: true)
+          = f.text_field(:email, class: 'form-control', lax_email: true)
      .form-group
        .col-md-4.control-label
          = f.label :country_code, t(:country)
        .col-md-8
          = f.select(:country_code,
-            SortedCountry.all_options(f.object.country_code), {}, class: 'form-control')
+            SortedCountry.all_options(f.object.country_code), {}, class: 'form-control required')
      %hr
      .form-group
        .col-md-4.control-label
-          = f.label :role
+          = f.label :role, class: 'required'
        .col-md-8
-          = select_tag 'admin_user[roles][]', options_for_select(AdminUser::ROLES.map {|x| [t(x), x] }, @admin_user.roles.try(:first)), class: 'form-control selectize'
+          = select_tag 'admin_user[roles][]', 
            options_for_select(AdminUser::ROLES.map {|x| [t(x), x] }, 
            @admin_user.roles.try(:first)), class: 'form-control selectize'
  %hr
  .row
--- a/app/views/admin/api_users/_form.haml
+++ b/app/views/admin/api_users/_form.haml
@ -1,3 +1,11 @@
 - if @api_user.new_record?
  - overwrite_required = ''
  - field_required = 'required'
 - else
  - overwrite_required = 'not-required' # otherwise automatic one adds required
  - field_required = ''
 = form_for([:admin, @api_user], multipart: true, 
  html: {class: 'form-horizontal', autocomplete: 'off'}) do |f|
  = render 'shared/full_errors', object: @api_user
@ -11,16 +19,16 @@
          = f.text_field(:username, class: 'form-control')
      .form-group
        .col-md-4.control-label
-          - not_required = @api_user.new_record? ? '' : 'not-required'
+          = f.label :password, class: overwrite_required
          = f.label :password, class: not_required
        .col-md-7
-          = f.text_field :password, class: 'form-control', autocomplete: 'off'
+          = f.text_field :password, class: "form-control #{field_required}", autocomplete: 'off'
      .form-group
        .col-md-4.control-label
          = f.label :identity_code
        .col-md-7
          = f.text_field(:identity_code, class: 'form-control')
      .form-group
        .form-group.has-feedback.js-typeahead-container
          .col-md-4.control-label
@ -32,9 +40,10 @@
            %span.glyphicon.glyphicon-ok.form-control-feedback.js-typeahead-ok.hidden
            %span.glyphicon.glyphicon-remove.form-control-feedback.js-typeahead-remove
            = f.hidden_field(:registrar_id, class: 'js-registrar-id')
      .form-group
        .col-md-4.control-label
-          = f.label :role
+          = f.label :role, class: 'required'
        .col-md-7
          = select_tag 'api_user[roles][]', 
            options_for_select(ApiUser::ROLES.map {|x| [t(x), x] }, @api_user.roles.try(:first)),
--- a/app/views/admin/contacts/index.haml
+++ b/app/views/admin/contacts/index.haml
@ -22,7 +22,7 @@
            %th{class: 'col-xs-2'}
              = sort_link(@q, 'name', t(:name))
            %th{class: 'col-xs-2'}
-              = sort_link(@q, 'code', t(:code))
+              = sort_link(@q, 'code', t(:id))
            %th{class: 'col-xs-2'}
              = sort_link(@q, 'ident', t(:ident))
            %th{class: 'col-xs-2'}
--- a/app/views/admin/contacts/partials/_general.haml
+++ b/app/views/admin/contacts/partials/_general.haml
@ -3,7 +3,7 @@
    %h3.panel-title= t(:general)
  .panel-body
    %dl.dl-horizontal
-      %dt= t(:code)
+      %dt= t(:id)
      %dd= @contact.code
      %dt= t(:password)
--- a/app/views/admin/domains/partials/_admin_contacts.haml
+++ b/app/views/admin/domains/partials/_admin_contacts.haml
@ -7,7 +7,7 @@
      %thead
        %tr
          %th{class: 'col-xs-4'}= t(:name)
-          %th{class: 'col-xs-4'}= t(:code)
+          %th{class: 'col-xs-4'}= t(:id)
          %th{class: 'col-xs-4'}= t(:email)
      %tbody
        - @domain.admin_contacts.each do |ac|
--- a/app/views/admin/domains/partials/_owner.haml
+++ b/app/views/admin/domains/partials/_owner.haml
@ -6,7 +6,7 @@
      %dt= t(:name)
      %dd= link_to(@domain.registrant, [:admin, @domain.registrant])
-      %dt= t(:code)
+      %dt= t(:id)
      %dd= @domain.registrant_code
      %dt= t(:identity_code)
--- a/app/views/admin/domains/partials/_tech_contacts.haml
+++ b/app/views/admin/domains/partials/_tech_contacts.haml
@ -7,7 +7,7 @@
      %thead
        %tr
          %th{class: 'col-xs-4'}= t(:name)
-          %th{class: 'col-xs-4'}= t(:code)
+          %th{class: 'col-xs-4'}= t(:id)
          %th{class: 'col-xs-4'}= t(:email)
      %tbody
        - @domain.tech_contacts.each do |tc|
--- a/app/views/admin/registrars/_form.haml
+++ b/app/views/admin/registrars/_form.haml
@ -31,12 +31,12 @@
            .col-md-4.control-label
              = f.label :email
            .col-md-7
-              = f.text_field(:email, class: 'form-control', email: true)
+              = f.text_field(:email, class: 'form-control', lax_email: true)
          .form-group
            .col-md-4.control-label
              = f.label :billing_email
            .col-md-7
-              = f.text_field(:billing_email, class: 'form-control', email: true)
+              = f.text_field(:billing_email, class: 'form-control', lax_email: true)
  .row
    .col-md-8
@ -68,7 +68,7 @@
            .col-md-4.control-label
              = f.label :country_code, t(:country)
            .col-md-7
-              = f.select(:country_code, 
+              = f.select(:country_code,
                SortedCountry.all_options(f.object.country_code), {}, class: 'form-control')
  .row
--- a/app/views/admin/registrars/show.haml
+++ b/app/views/admin/registrars/show.haml
@ -29,7 +29,7 @@
          %dt= t(:reference_no)
          %dd= @registrar.reference_no
-          %dt= t(:code)
+          %dt= t(:id)
          %dd= @registrar.code
  .col-md-6
--- a/app/views/layouts/registrar/application.haml
+++ b/app/views/layouts/registrar/application.haml
@ -54,7 +54,7 @@
                  = "#{current_user} (#{current_user.roles.first}) - #{current_user.registrar}"
                  %span.caret
                %ul.dropdown-menu{role: "menu"}
-                  - ApiUser.where(identity_code: current_user.identity_code).includes(:registrar).each do |x|
+                  - ApiUser.all_by_identity_code(current_user.identity_code).each do |x|
                    %li= link_to "#{x} (#{x.roles.first}) - #{x.registrar}", "/registrar/switch_user/#{x.id}"
                  - if user_signed_in?
                    %li= link_to t(:log_out_), '/registrar/logout'
--- a/app/views/registrar/contacts/form_partials/_code.haml
+++ b/app/views/registrar/contacts/form_partials/_code.haml
@ -1,9 +1,9 @@
 .panel.panel-default
  .panel-heading.clearfix
-    .pull-left= t(:code)
+    .pull-left= t(:id)
  .panel-body
    .form-group
      .col-md-2.control-label
-        = f.label :code
+        = f.label :code, t(:id)
      .col-md-10
        = f.text_field :code, class: 'form-control'
--- a/app/views/registrar/contacts/form_partials/_general.haml
+++ b/app/views/registrar/contacts/form_partials/_general.haml
@ -12,7 +12,7 @@
            = " [#{f.object.ident_country_code}]"
        - else
          - country_selected = @contact.persisted? ? '' : (params[:depp_contact].try(:[], :ident_country_code) || 'EE')
-          = f.select(:ident_country_code, SortedCountry.all_options(country_selected), {}, 
+          = f.select(:ident_country_code, SortedCountry.all_options(country_selected), {},
            class: 'js-ident-country-code', required: true)
    .form-group
@ -25,7 +25,7 @@
            = " [#{f.object.ident_type}]"
        - else
          - type_selected = @contact.persisted? ? '' : (params[:depp_contact].try(:[], :ident_type) || 'bic')
-          = f.select(:ident_type, Depp::Contact::SELECTION_TYPES, 
+          = f.select(:ident_type, Depp::Contact::SELECTION_TYPES,
            { selected: type_selected },
            class: 'js-ident-type', required: true)
@ -56,13 +56,11 @@
      .col-md-3.control-label
        = f.label :email, t(:email) + '*'
      .col-md-7
-        = f.text_field :email, class: 'form-control', required: true, email: true
+        = f.text_field :email, class: 'form-control', required: true, lax_email: true
    .form-group
      .col-md-3.control-label
        = f.label :phone, t(:phone) + '*'
      .col-md-7
-        = f.text_field :phone, class: 'form-control', 
+        = f.text_field :phone, class: 'form-control',
          placeholder: '+372.12323344', required: true
--- a/app/views/registrar/contacts/index.haml
+++ b/app/views/registrar/contacts/index.haml
@ -8,7 +8,7 @@
      %thead
        %tr
          %th{class: 'col-xs-3'}= t(:name)
-          %th{class: 'col-xs-3'}= t(:code)
+          %th{class: 'col-xs-3'}= t(:id)
          %th{class: 'col-xs-3'}= t(:ident)
          %th{class: 'col-xs-3'}= t(:actions)
      %tbody
--- a/app/views/registrar/contacts/partials/_general.haml
+++ b/app/views/registrar/contacts/partials/_general.haml
@ -3,7 +3,7 @@
    %h3.panel-title= t(:general)
  .panel-body
    %dl.dl-horizontal
-      %dt= t(:contact_code)
+      %dt= t(:id)
      %dd= @contact.id
      %dt= t(:password)
--- a/app/views/registrar/domains/form_partials/_contacts.haml
+++ b/app/views/registrar/domains/form_partials/_contacts.haml
@ -16,7 +16,7 @@
          .form-group
            .col-md-3.control-label
-              = label_tag "domain_contacts_attributes_#{k}_code", t(:contact_code), class: 'required'
+              = label_tag "domain_contacts_attributes_#{k}_code", t(:id), class: 'required'
            .col-md-7.has-feedback
              = select_tag "domain[contacts_attributes][#{k}][code]", 
                options_for_select(@contacts_autocomplete_map, selected: v['code']),
--- a/app/views/registrar/domains/info.haml
+++ b/app/views/registrar/domains/info.haml
@ -6,6 +6,9 @@
      class: 'btn btn-default')
    = link_to(t(:delete), delete_registrar_domains_path(domain_name: params[:domain_name]),
      class: 'btn btn-default')
  - else
    = link_to(t(:transfer), transfer_registrar_domains_path(domain_name: params[:domain_name]),
      class: 'btn btn-default')
 = render 'shared/title', name: truncate(@data.css('name').text)
 .row
--- a/app/views/registrar/domains/partials/_contacts.haml
+++ b/app/views/registrar/domains/partials/_contacts.haml
@ -6,7 +6,7 @@
      %thead
        %tr
          %th{class: 'col-xs-4'}= t(:type)
-          %th{class: 'col-xs-8'}= t(:code)
+          %th{class: 'col-xs-8'}= t(:id)
      %tbody
        - @data.css('contact').each do |x|
          %tr
--- a/app/views/registrar/domains/partials/_general.haml
+++ b/app/views/registrar/domains/partials/_general.haml
@ -4,7 +4,11 @@
  .panel-body
    %dl.dl-horizontal
      %dt= t(:password)
-      %dd= @data.css('pw').text
+      %dd= @data.css('pw').text.present? ? @data.css('pw').text : t('hidden')
      - if @data.css('pw').text.blank?
        %dt= t(:registrar)
        %dd= @data.css('clID').text
      %dt= t(:registrant)
      %dd= @data.css('registrant').text
--- a/app/views/registrar/domains/transfer_index.haml
+++ b/app/views/registrar/domains/transfer_index.haml
@ -2,7 +2,7 @@
 .row
  .col-md-8
-    = form_tag transfer_registrar_domains_path, class: 'form-horizontal', method: :post, multipart: true do
+    = form_tag transfer_registrar_domains_path, class: 'form-horizontal', method: :post, multipart: true, autocomplete: 'off' do
      .form-group
        .col-md-3.control-label
          = label_tag :domain_name, t(:name), class: 'required'
--- a/app/views/registrar/invoices/index.haml
+++ b/app/views/registrar/invoices/index.haml
@ -4,7 +4,7 @@
 = render 'shared/title', name: t(:your_account)
 = t(:your_current_account_balance_is,
-  balance: current_user.registrar.cash_account.balance,
+  balance: currency(current_user.registrar.cash_account.balance),
  currency: current_user.registrar.cash_account.currency)
 %h1= t(:invoices)
@ -68,7 +68,7 @@
                %td{class: 'text-danger'}= t(:unpaid)
              %td= l(x.due_date, format: :date_long)
-              %td= x.sum
+              %td= currency(x.sum)
 .row
  .col-md-12
    = paginate @invoices
--- a/app/views/registrar/xml_consoles/epp_requests/contact/create.xml
+++ b/app/views/registrar/xml_consoles/epp_requests/contact/create.xml
@ -23,7 +23,7 @@
      <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
        <eis:ident type="bic" cc="EE">123</eis:ident>
        <eis:legalDocument type="pdf">
-          JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==
+          dGVzdCBmYWlsCg==
        </eis:legalDocument>
      </eis:extdata>
    </extension>
--- a/app/views/registrar/xml_consoles/epp_requests/contact/delete.xml
+++ b/app/views/registrar/xml_consoles/epp_requests/contact/delete.xml
@ -13,7 +13,7 @@
    <extension>
      <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
        <eis:legalDocument type="pdf">
-          JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==
+          dGVzdCBmYWlsCg==
        </eis:legalDocument>
      </eis:extdata>
    </extension>
--- a/app/views/registrar/xml_consoles/epp_requests/contact/update_chg.xml
+++ b/app/views/registrar/xml_consoles/epp_requests/contact/update_chg.xml
@ -18,16 +18,16 @@
          </contact:postalInfo>
          <contact:voice>+123.7035555555</contact:voice>
          <contact:email>jdoe@example.com</contact:email>
          <contact:authInfo>
            <contact:pw>2fooBAR</contact:pw>
          </contact:authInfo>
        </contact:chg>
        <contact:authInfo>
          <contact:pw>2fooBAR</contact:pw>
        </contact:authInfo>
      </contact:update>
    </update>
    <extension>
      <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
        <eis:legalDocument type="pdf">
-          JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==
+          dGVzdCBmYWlsCg==
        </eis:legalDocument>
      </eis:extdata>
    </extension>
--- a/app/views/registrar/xml_consoles/epp_requests/domain/create.xml
+++ b/app/views/registrar/xml_consoles/epp_requests/domain/create.xml
@ -31,11 +31,9 @@
          <secDNS:pubKey>AwEAAddt2AkLfYGKgiEZB5SmIF8EvrjxNMH6HtxWEA4RJ9Ao6LCWheg8</secDNS:pubKey>
        </secDNS:keyData>
      </secDNS:create>
    </extension>
    <extension>
      <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
        <eis:legalDocument type="pdf">
-          JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==
+          dGVzdCBmYWlsCg==
        </eis:legalDocument>
      </eis:extdata>
    </extension>
--- a/app/views/registrar/xml_consoles/epp_requests/domain/delete.xml
+++ b/app/views/registrar/xml_consoles/epp_requests/domain/delete.xml
@ -10,7 +10,7 @@
    <extension>
      <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
        <eis:legalDocument type="pdf">
-          JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==
+          dGVzdCBmYWlsCg==
        </eis:legalDocument>
      </eis:extdata>
    </extension>
--- a/app/views/registrar/xml_consoles/epp_requests/domain/transfer.xml
+++ b/app/views/registrar/xml_consoles/epp_requests/domain/transfer.xml
@ -13,7 +13,7 @@
    <extension>
      <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
        <eis:legalDocument type="pdf">
-          JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==
+          dGVzdCBmYWlsCg==
        </eis:legalDocument>
      </eis:extdata>
    </extension>
--- a/app/views/registrar/xml_consoles/epp_requests/domain/update.xml
+++ b/app/views/registrar/xml_consoles/epp_requests/domain/update.xml
@ -5,41 +5,41 @@
      <domain:update
       xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
        <domain:name>example.ee</domain:name>
        <domain:chg>
          <domain:registrant>mak21</domain:registrant>
        </domain:chg>
        <domain:add>
          <domain:ns>
            <domain:hostObj>ns1.example.com</domain:hostObj>
            <domain:hostObj>ns2.example.com</domain:hostObj>
          </domain:ns>
          <domain:contact type="tech">mak21</domain:contact>
          <domain:status s="clientHold"
           lang="en">Payment overdue.</domain:status>
          <domain:status s="clientUpdateProhibited"/>
        </domain:add>
        <domain:rem>
          <domain:ns>
            <domain:hostObj>ns1.example.com</domain:hostObj>
          </domain:ns>
          <domain:contact type="tech">mak21</domain:contact>
          <domain:status s="clientHold"/>
        </domain:rem>
        <domain:chg>
          <domain:registrant>mak21</domain:registrant>
          <domain:authInfo>
            <domain:pw>newpw</domain:pw>
          </domain:authInfo>
        </domain:chg>
      </domain:update>
    </update>
    <extension>
      <secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
        <secDNS:rem>
          <secDNS:keyData>
            <secDNS:flags>257</secDNS:flags>
            <secDNS:protocol>3</secDNS:protocol>
            <secDNS:alg>8</secDNS:alg>
            <secDNS:pubKey>700b97b591ed27ec2590d19f06f88bba700b97b591ed27ec2590d19f</secDNS:pubKey>
          </secDNS:keyData>
        </secDNS:rem>
      </secDNS:update>
    </extension>
    <extension>
      <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
        <eis:legalDocument type="pdf">
-          JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==
+          dGVzdCBmYWlsCg==
        </eis:legalDocument>
      </eis:extdata>
    </extension>
--- a/app/views/registrar/xml_consoles/epp_requests/keyrelay/keyrelay.xml
+++ b/app/views/registrar/xml_consoles/epp_requests/keyrelay/keyrelay.xml
@ -17,7 +17,7 @@
      </ext:expiry>
    </ext:keyrelay>
    <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
-      <eis:legalDocument type="pdf">JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==</eis:legalDocument>
+      <eis:legalDocument type="pdf">dGVzdCBmYWlsCg==</eis:legalDocument>
    </eis:extdata>
    <ext:clTRID>1422542244</ext:clTRID>
  </command>
--- a/config/environments/alpha.rb
+++ b/config/environments/alpha.rb
@ -46,10 +46,10 @@ Rails.application.configure do
  config.log_level = :info
  # Prepend all log lines with the following tags.
-  # config.log_tags = [ :subdomain, :uuid ]
+  config.log_tags = [:subdomain, :uuid, :remote_ip]
-  # Use a different logger for distributed setups.
+  # config.log_tags = [:subdomain, :uuid, :remote_ip]
-  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+  config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new(ENV['app_name'] || 'registry'))
  # Use a different cache store in production.
  # config.cache_store = :mem_cache_store
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@ -35,6 +35,9 @@ Rails.application.configure do
  # Raises error for missing translations
  # config.action_view.raise_on_missing_translations = true
  # config.log_tags = [:subdomain, :uuid, :remote_ip]
  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new(ENV['app_name'] || 'registry'))
  config.action_mailer.default_url_options = { host: 'localhost:8081' }
  # for finding database optimization
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -46,10 +46,10 @@ Rails.application.configure do
  config.log_level = :info
  # Prepend all log lines with the following tags.
-  # config.log_tags = [ :subdomain, :uuid ]
+  config.log_tags = [:subdomain, :uuid, :remote_ip]
  # Use a different logger for distributed setups.
-  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+  config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new(ENV['app_name'] || 'registry'))
  # Use a different cache store in production.
  # config.cache_store = :mem_cache_store
--- a/config/environments/staging.rb
+++ b/config/environments/staging.rb
@ -46,10 +46,10 @@ Rails.application.configure do
  config.log_level = :info
  # Prepend all log lines with the following tags.
-  # config.log_tags = [ :subdomain, :uuid ]
+  config.log_tags = [:subdomain, :uuid, :remote_ip]
  # Use a different logger for distributed setups.
-  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+  config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new(ENV['app_name'] || 'registry'))
  # Use a different cache store in production.
  # config.cache_store = :mem_cache_store
--- a/config/initializers/settings.rb
+++ b/config/initializers/settings.rb
@ -1,4 +1,4 @@
-TEST_EMAILS = 
+TEST_EMAILS =
  if Rails.env.test?
    %w(
      test@example.com
@ -9,5 +9,6 @@ TEST_EMAILS =
      new@example.com
    )
  else
    ENV['whitelist_emails_for_staging'] ||= ''
    ENV['whitelist_emails_for_staging'].split(',').map(&:strip)
  end
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -657,7 +657,7 @@ en:
  m_id: 'M-ID'
  pending_removed: Pending was successfully removed.
  pending_applied: Pending was successfully applied.
-  something_wrong: Not success, something went wrong!
+  something_wrong: Not success, something went wrong
  failure: Not success
  not_found: Not found
  no_connection_to_registry: Connection issue to the registry EPP or REPP server! Please try again later.
@ -781,14 +781,14 @@ en:
  unimplemented_object_service: 'Unimplemented object service'
  contact_email_update_subject: 'Teie domeenide kontakt epostiaadress on muutunud / Contact e-mail addresses of your domains have changed'
  object_status_prohibits_operation: 'Object status prohibits operation'
-  pending_update_request_for_old_registrant_subject: "Kinnitustaotlus domeeni %{name} registreerija vahetuseks / Application for approval for registrant chache of %{name}"
+  pending_update_request_for_old_registrant_subject: "Kinnitustaotlus domeeni %{name} registreerija vahetuseks / Application for approval for registrant change of %{name}"
  pending_update_notification_for_new_registrant_subject: "Domeeni %{name} registreerija vahetus protseduur on algatatud / %{name} registrant change"
  pending_update_rejected_notification_for_new_registrant_subject: "Domeeni %{name} registreerija vahetuse taotlus tagasi lükatud / %{name} registrant change declined"
  pending_update_expired_notification_for_new_registrant_subject: "Domeeni %{name} registreerija vahetuse taotlus on tühistatud / %{name} registrant change cancelled"
  registrant_updated_notification_for_new_registrant_subject: 'Domeeni %{name} registreerija vahetus teostatud / Registrant change of %{name} has been finished.'
  registrant_updated_notification_for_old_registrant_subject: 'Domeeni %{name} registreerija vahetus teostatud / Registrant change of %{name} has been finished.'
  domain_pending_deleted_subject: "Kinnitustaotlus domeeni %{name} kustutamiseks .ee registrist / Application for approval for deletion of %{name}"
-  pending_delete_rejected_notification_subject: "Domeeni %{name} kustutamise taotlus tagasi lükatud / %{name) deletion declined"
+  pending_delete_rejected_notification_subject: "Domeeni %{name} kustutamise taotlus tagasi lükatud / %{name} deletion declined"
  pending_delete_expired_notification_subject: "Domeeni %{name} kustutamise taotlus on tühistatud / %{name} deletion cancelled"
  delete_confirmation_subject: "Domeeni %{name} kustutatud / %{name} deleted"
  whois: WHOIS
@ -909,4 +909,5 @@ en:
  poll_pending_delete_confirmed_by_registrant: 'Registrant confirmed domain deletion'
  manage: Manage
  pending_epp: Pending epp
-
+  id: ID
  hidden: '[hidden]'
--- a/doc/epp-examples.md
+++ b/doc/epp-examples.md
--- a/lib/sorted_country.rb
+++ b/lib/sorted_country.rb
@ -6,12 +6,13 @@ class SortedCountry
    include ActionView::Helpers
    def all_options(selected = nil)
-      quick_options = options_for_select(quick_list + [['---', '']], selected)  
+      quick_options = options_for_select([['', '']] + quick_list, { selected: selected })  
      # no double select
      selected = quick_list.map(&:second).include?(selected) ? '' : selected 
-      all_options = options_for_select(all_sorted_truncated, selected)
+      all_options = options_for_select([['---', '---']] + all_sorted_truncated, 
                                       { selected: selected, disabled: ['---'] })
      quick_options + all_options
    end
--- a/public/assets/.sprockets-manifest-48c2dd3ff16b86b70040480e74a50543.json
+++ b/public/assets/.sprockets-manifest-48c2dd3ff16b86b70040480e74a50543.json
--- a/public/assets/admin-manifest-5729e7fb1a7bc14e9eecd448e5809449b2f9df89194aa3fef831b9affb96b005.js
+++ b/public/assets/admin-manifest-5729e7fb1a7bc14e9eecd448e5809449b2f9df89194aa3fef831b9affb96b005.js
--- a/public/assets/admin-manifest.js
+++ b/public/assets/admin-manifest.js
--- a/public/assets/registrant-manifest-a2003d1a69b4bdf015c46964954aacf8be29f409e1a79d7d9d0b8d75244179ce.js
+++ b/public/assets/registrant-manifest-a2003d1a69b4bdf015c46964954aacf8be29f409e1a79d7d9d0b8d75244179ce.js
--- a/public/assets/registrant-manifest.js
+++ b/public/assets/registrant-manifest.js
--- a/public/assets/registrar-manifest-e978136c269d5727a484c9fe6b6feaf6be7a29cf8fc8605f397bdad192bb5e38.js
+++ b/public/assets/registrar-manifest-e978136c269d5727a484c9fe6b6feaf6be7a29cf8fc8605f397bdad192bb5e38.js
--- a/public/assets/registrar-manifest.js
+++ b/public/assets/registrar-manifest.js
--- a/spec/epp/contact_spec.rb
+++ b/spec/epp/contact_spec.rb
@ -51,7 +51,8 @@ describe 'EPP Contact', epp: true do
          },
          voice: { value: '+372.1234567' },
          fax: nil,
-          email: { value: 'test@example.example' }
+          email: { value: 'test@example.example' },
          authInfo: nil
        }
        create_xml = @epp_xml.create(defaults.deep_merge(overwrites), extension)
        epp_plain_request(create_xml, options)
@ -80,6 +81,7 @@ describe 'EPP Contact', epp: true do
        @contact.ident.should == '37605030299'
        @contact.street.should == '123 Example'
        @contact.legal_documents.count.should == 1
        @contact.auth_info.length.should > 0
        log = ApiLog::EppLog.last
        log.request_command.should == 'create'
@ -89,6 +91,18 @@ describe 'EPP Contact', epp: true do
        log.api_user_registrar.should == 'registrar1'
      end
      it 'creates a contact with custom auth info' do
        response = create_request({
          authInfo: { pw: { value: 'custompw' } }
        })
        response[:msg].should == 'Command completed successfully'
        response[:result_code].should == '1000'
        @contact = Contact.last
        @contact.auth_info.should == 'custompw'
      end
      it 'successfully saves ident type with legal document' do
        extension = {
          ident: {
@ -501,6 +515,22 @@ describe 'EPP Contact', epp: true do
        Setting.client_status_editing_enabled = true
      end
      it 'should update auth info' do
        xml = @epp_xml.update({
          id: { value: 'FIRST0:SH8013' },
          chg: {
            authInfo: { pw: { value: 'newpassword' } }
          }
        })
        response = epp_plain_request(xml, :xml)
        response[:results][0][:msg].should == 'Command completed successfully'
        response[:results][0][:result_code].should == '1000'
        contact = Contact.find_by(code: 'FIRST0:SH8013')
        contact.auth_info.should == 'newpassword'
      end
      it 'should add value voice value' do
        xml = @epp_xml.update({
          id: { value: 'FIRST0:SH8013' },
@ -537,29 +567,6 @@ describe 'EPP Contact', epp: true do
        Contact.find_by(code: 'FIRST0:SH8013').phone.should == phone # aka not changed
      end
      it 'should honor chg value over add value when both changes same attribute' do
        pending 'It should not be possible to add voice (in add)'
        xml = @epp_xml.update({
          id: { value: 'FIRST0:SH8013' },
          add: {
            voice: { value: '+372.11111111111' }
          },
          chg: {
            voice: { value: '+372.222222222222' },
            authInfo: { pw: { value: 'password' } }
          }
        })
        response = epp_plain_request(xml)
        response[:results][0][:msg].should == 'Command completed successfully'
        response[:results][0][:result_code].should == '1000'
        contact = Contact.find_by(code: 'FIRST0:SH8013')
        contact.phone.should == '+372.222222222222'
        contact.update_attribute(:phone, '+372.7654321') # restore default value
      end
      it 'should not allow to remove required voice attribute' do
        contact = Contact.find_by(code: 'FIRST0:SH8013')
        phone = contact.phone
@ -579,128 +586,12 @@ describe 'EPP Contact', epp: true do
        contact.phone.should == phone
      end
-      # TODO: Update request rem block must be analyzed
+      it 'should return general policy error when updating org' do
      it 'should not allow to remove required attribute' do
        pending 'It should not be possible to remove or add voice (in add and rem)'
        contact = Contact.find_by(code: 'FIRST0:SH8013')
        phone = contact.phone
        # TODO: Refactor authInfo under chg block
        xml = @epp_xml.update({
          id: { value: 'FIRST0:SH8013' },
          authInfo: { pw: { value: 'password' } },
          rem: {
            voice: { value: '+372.7654321' }
          }
        })
        response = epp_plain_request(xml)
        response[:results][0][:msg].should == 'Required parameter missing - phone [phone]'
        response[:results][0][:result_code].should == '2003'
        contact = Contact.find_by(code: 'FIRST0:SH8013')
        contact.phone.should == phone
      end
      it 'should honor add over rem' do
        pending 'It should not be possible to remove or add voice (in add and rem)'
        # TODO: Refactor authInfo under chg block
        xml = @epp_xml.update({
          id: { value: 'FIRST0:SH8013' },
          authInfo: { pw: { value: 'password' } },
          rem: {
            voice: { value: 'not important' }
          },
          add: {
            voice: { value: '+372.3333333' }
          }
        })
        response = epp_plain_request(xml)
        response[:results][0][:msg].should == 'Command completed successfully'
        response[:results][0][:result_code].should == '1000'
        contact = Contact.find_by(code: 'FIRST0:SH8013')
        contact.phone.should == '+372.3333333'
        contact.update_attribute(:phone, '+372.7654321') # restore default value
      end
      it 'should honor chg over rem' do
        pending 'It should not be possible to remove or add voice (in add and rem)'
        # TODO: Refactor authInfo under chg block
        xml = @epp_xml.update({
          id: { value: 'FIRST0:SH8013' },
          authInfo: { pw: { value: 'password' } },
          rem: {
            voice: { value: 'not important' }
          },
          chg: {
            voice: { value: '+372.44444444' }
          }
        })
        response = epp_plain_request(xml)
        response[:results][0][:msg].should == 'Command completed successfully'
        response[:results][0][:result_code].should == '1000'
        contact = Contact.find_by(code: 'FIRST0:SH8013')
        contact.phone.should == '+372.44444444'
        contact.update_attribute(:phone, '+372.7654321') # restore default value
      end
      it 'should honor chg over rem and add' do
        pending 'It should not be possible to remove or add voice (in add and rem)'
        # TODO: Refactor authInfo under chg block
        xml = @epp_xml.update({
          id: { value: 'FIRST0:SH8013' },
          authInfo: { pw: { value: 'password' } },
          chg: {
            voice: { value: '+372.666666' }
          },
          add: {
            voice: { value: '+372.555555' }
          },
          rem: {
            voice: { value: 'not important' }
          }
        })
        response = epp_plain_request(xml)
        response[:results][0][:msg].should == 'Command completed successfully'
        response[:results][0][:result_code].should == '1000'
        contact = Contact.find_by(code: 'FIRST0:SH8013')
        contact.phone.should == '+372.666666'
        contact.update_attribute(:phone, '+372.7654321') # restore default value
      end
      it 'should not remove password' do
        pending 'There should be no possibility to remove pw'
        xml = @epp_xml.update({
          id: { value: 'FIRST0:SH8013' },
          authInfo: { pw: { value: 'password' } },
          rem: {
            authInfo: { pw: { value: 'password' } }
          }
        })
        response = epp_plain_request(xml)
        response[:results][0][:msg].should == 'Command completed successfully'
        response[:results][0][:result_code].should == '1000'
        contact = Contact.find_by(code: 'FIRST0:SH8013')
        contact.auth_info.should == 'password'
      end
      it 'should return general policy error when removing org' do
        pending 'Test says it should throw error when removing org, it does not do it when removing it with chg block'
        xml = @epp_xml.update({
          id: { value: 'FIRST0:SH8013' },
          chg: {
            postalInfo: {
-              org: { value: '' }
+              org: { value: 'shouldnot' }
            },
            authInfo: { pw: { value: 'password' } }
          }
@ -712,22 +603,24 @@ describe 'EPP Contact', epp: true do
        response[:results][0][:result_code].should == '2306'
      end
-      it 'should return error when removing street' do
+      it 'does not allow to edit statuses if policy forbids it' do
-        pending 'Test says it tests removing street, but actually street is not removed'
+        Setting.client_status_editing_enabled = false
-        # TODO: Refactor authInfo under chg block
+
        xml = @epp_xml.update({
          id: { value: 'FIRST0:SH8013' },
-          authInfo: { pw: { value: 'password' } },
+          add: [{
-          rem: {
+            _anonymus: [
-            postalInfo: {
+              { status: { value: '', attrs: { s: 'clientUpdateProhibited' } } }
-              name: { value: 'not important' }
+            ]
-            }
+          }]
          }
        })
        response = epp_plain_request(xml)
-        response[:results][0][:msg].should == "Required parameter missing - name [name]"
+        response[:results][0][:msg].should == "Parameter value policy error. Client-side object status "\
-        response[:results][0][:result_code].should == '2003'
+                                              "management not supported: status [status]"
        response[:results][0][:result_code].should == '2306'
        Setting.client_status_editing_enabled = true
      end
    end
--- a/spec/epp/domain_spec.rb
+++ b/spec/epp/domain_spec.rb
@ -147,6 +147,20 @@ describe 'EPP Domain', epp: true do
      d.reserved.should == false
    end
    it 'creates a domain with custom auth info' do
      dn = next_domain_name
      response = epp_plain_request(domain_create_xml({
        name: { value: dn },
        authInfo: { pw: { value: 'asdasd' } }
      }))
      d = Domain.last
      response[:msg].should == 'Command completed successfully'
      response[:result_code].should == '1000'
      d.auth_info.should == 'asdasd'
    end
    # it 'creates ria.ee with valid ds record' do
      # xml = domain_create_xml({
        # name: { value: 'ria.ee' }
@ -1805,6 +1819,22 @@ describe 'EPP Domain', epp: true do
      d.pending_update?.should == true
    end
    it 'updates a domain and changes auth info' do
      response = epp_plain_request(domain_update_xml({
        name: { value: domain.name },
        chg: [
          authInfo: { pw: { value: 'newpw' } }
        ]
      }))
      response[:results][0][:msg].should == 'Command completed successfully'
      response[:results][0][:result_code].should == '1000'
      d = Domain.last
      d.auth_info.should == 'newpw'
    end
    it 'should not return action pending when changes are invalid' do
      existing_pw = domain.auth_info
--- a/spec/epp/epp_helper_spec.rb
+++ b/spec/epp/epp_helper_spec.rb
@ -13,9 +13,6 @@ describe 'EPP Helper', epp: true do
              <domain:transfer
               xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
                <domain:name>' + dn + '</domain:name>
                <domain:authInfo>
                  <domain:pw roid="citizen_1234-REP">98oiewslkfkd</domain:pw>
                </domain:authInfo>
              </domain:transfer>
            </transfer>
            <clTRID>ABC-12345</clTRID>
--- a/spec/epp/keyrelay_spec.rb
+++ b/spec/epp/keyrelay_spec.rb
@ -166,7 +166,7 @@ describe 'EPP Keyrelay', epp: true do
    }, {
      _anonymus: [
        legalDocument: {
-          value: 'JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==',
+          value: 'dGVzdCBmYWlsCg==',
          attrs: { type: 'pdf' }
        }
      ]
@ -203,7 +203,7 @@ describe 'EPP Keyrelay', epp: true do
    }, {
      _anonymus: [
        legalDocument: {
-          value: 'JVBERi0xLjQKJcOkw7zDtsOfCjIgMCBvYmoKPDwvTGVuZ3RoIDMgMCBSL0Zp==',
+          value: 'dGVzdCBmYWlsCg==',
          attrs: { type: 'jpg' }
        }
      ]
--- a/spec/fabricators/registrar_fabricator.rb
+++ b/spec/fabricators/registrar_fabricator.rb
@ -9,7 +9,7 @@ Fabricator(:registrar) do
  country_code 'EE'
  code { sequence(:code) { |i| "REGISTRAR#{i}" } }
  reference_no { sequence(:reference_no) { |i| "RF#{i}" } }
-  white_ips { [Fabricate(:white_ip)] }
+  white_ips { [Fabricate(:white_ip), Fabricate(:white_ip, interface: WhiteIp::REGISTRAR)] }
 end
 Fabricator(:registrar_with_no_account_activities, from: :registrar) do
--- a/spec/fabricators/white_ip_fabricator.rb
+++ b/spec/fabricators/white_ip_fabricator.rb
@ -1,6 +1,6 @@
 Fabricator(:white_ip) do
  ipv4 '127.0.0.1'
-  interface WhiteIp::GLOBAL
+  interface WhiteIp::API
 end
 Fabricator(:white_ip_registrar, from: :white_ip) do
--- a/spec/features/registrar/domain_spec.rb
+++ b/spec/features/registrar/domain_spec.rb
@ -54,7 +54,6 @@ feature 'Domains', type: :feature do
      page.should_not have_text(d1.name)
      page.should have_text(d2.name)
    end
    it 'should search domains' do
@ -94,7 +93,26 @@ feature 'Domains', type: :feature do
      fill_in 'q_name_matches', with: 'abcd_.ee'
      find('.btn.btn-primary.search').click
      current_path.should == "/registrar/domains"
      page.should have_content('abcde.ee')
    end
    it 'should search foreign domain and transfer it' do
      user2 = Fabricate(:api_user, identity_code: @user.identity_code)
      d2 = Fabricate(:domain, registrar: user2.registrar)
      visit '/registrar/domains'
      page.should_not have_content(d2.name)
      fill_in 'q_name_matches', with: d2.name
      find('.btn.btn-primary.search').click
      current_path.should == "/registrar/domains/info"
      click_link 'Transfer'
      fill_in 'Password', with: d2.auth_info
      click_button 'Transfer'
      page.should have_content 'serverApproved'
      visit '/registrar/domains'
      page.should have_content d2.name
    end
  end
 end
--- a/spec/features/registrar/invoices_spec.rb
+++ b/spec/features/registrar/invoices_spec.rb
@ -50,5 +50,18 @@ feature 'Invoices', type: :feature do
      response_headers['Content-Type'].should == 'application/pdf'
      response_headers['Content-Disposition'].should == "attachment; filename=\"#{@invoice.pdf_name}\""
    end
    it 'should not see foreign invoices' do
      user2 = Fabricate(:api_user, identity_code: @user.identity_code)
      visit '/registrar/invoices'
      click_link @invoice.to_s
      page.should have_text(@invoice.to_s)
      page.should have_text('Buyer')
      click_link "#{user2} (#{user2.roles.first}) - #{user2.registrar}"
      page.should have_text('You are not authorized to access this page.')
      visit "/registrar/invoices/#{@invoice.id}/forward"
      page.should have_text('You are not authorized to access this page.')
    end
  end
 end
--- a/spec/features/registrar/sessions_spec.rb
+++ b/spec/features/registrar/sessions_spec.rb
@ -3,6 +3,7 @@ require 'rails_helper'
 feature 'Sessions', type: :feature do
  context 'with invalid ip' do
    it 'should not see login page' do
      Setting.registrar_ip_whitelist_enabled = true
      WhiteIp.destroy_all
      visit registrar_login_path
      page.should have_text('Access denied')
@ -31,11 +32,12 @@ feature 'Sessions', type: :feature do
      fill_in 'depp_user_tag', with: @api_user_invalid_ip.username
      fill_in 'depp_user_password', with: @api_user_invalid_ip.password
      click_button 'Log in'
-      page.should have_text('Access denied')
+      page.should have_text('IP is not whitelisted')
    end
    it 'should get in with invalid when whitelist disabled' do
      Setting.registrar_ip_whitelist_enabled = false
      Setting.api_ip_whitelist_enabled = false
      Fabricate(:registrar, white_ips: [Fabricate(:white_ip), Fabricate(:white_ip_registrar)])
      @api_user_invalid_ip = Fabricate(
        :api_user, identity_code: '37810013294', registrar: Fabricate(:registrar, white_ips: [])
@ -46,6 +48,7 @@ feature 'Sessions', type: :feature do
      click_button 'Log in'
      page.should have_text('Log out')
      Setting.registrar_ip_whitelist_enabled = true
      Setting.api_ip_whitelist_enabled = true
    end
    it 'should not get in with invalid user' do
--- a/spec/mailers/domain_mailer_spec.rb
+++ b/spec/mailers/domain_mailer_spec.rb
@ -122,8 +122,8 @@ describe DomainMailer do
      @new_registrant = Fabricate(:registrant, email: 'new@example.org')
      @domain = Fabricate(:domain, registrant: @registrant)
      @domain.deliver_emails = true
-      @domain.pending_json[:new_registrant_email] = 'new@example.org'
+      @domain.pending_json['new_registrant_email'] = 'new@example.org'
-      @domain.pending_json[:new_registrant_name]  = 'test name'
+      @domain.pending_json['new_registrant_name']  = 'test name'
      @mail = DomainMailer.pending_update_rejected_notification_for_new_registrant(@domain)
    end
--- a/spec/models/api_user_spec.rb
+++ b/spec/models/api_user_spec.rb
@ -3,6 +3,22 @@ require 'rails_helper'
 describe ApiUser do
  it { should belong_to(:registrar) }
  context 'class methods' do
    before do
      Fabricate(:api_user, identity_code: '')
      Fabricate(:api_user, identity_code: 14212128025)
    end
    it 'should return all api users with given identity code' do
      ApiUser.all_by_identity_code('14212128025').size.should == 1
      ApiUser.all_by_identity_code(14212128025).size.should == 1
    end
    it 'should not return any api user with blank identity code' do
      ApiUser.all_by_identity_code('').size.should == 0
    end
  end
  context 'with invalid attribute' do
    before :all do
      @api_user = ApiUser.new
--- a/spec/models/contact_spec.rb
+++ b/spec/models/contact_spec.rb
@ -34,7 +34,7 @@ describe Contact do
        "City is missing",
        "Country code is missing",
        "Street is missing",
-        "Zip is missing" 
+        "Zip is missing"
      ])
    end
@ -78,7 +78,7 @@ describe Contact do
      @contact.ident_country_code = 'INVALID'
      @contact.valid?
-      @contact.errors[:ident].should == 
+      @contact.errors[:ident].should ==
        ['Ident country code is not valid, should be in ISO_3166-1 alpha 2 format']
    end
@ -171,7 +171,7 @@ describe Contact do
    it 'should not remove ok status after save' do
      @contact.statuses.should == %w(ok)
-      @contact.save 
+      @contact.save
      @contact.statuses.should == %w(ok)
    end
@ -296,8 +296,8 @@ describe Contact do
      context 'after create' do
        it 'should not generate a new code when code is present' do
-          @contact = Fabricate.build(:contact, 
+          @contact = Fabricate.build(:contact,
-                                     code: 'FIXED:new-code', 
+                                     code: 'FIXED:new-code',
                                     auth_info: 'qwe321')
          @contact.code.should == 'FIXED:new-code' # still new record
          @contact.save.should == true
@ -305,15 +305,15 @@ describe Contact do
        end
        it 'should not allaw to use same code' do
-          @contact = Fabricate.build(:contact, 
+          @contact = Fabricate.build(:contact,
-                                     code: 'FIXED:new-code', 
+                                     code: 'FIXED:new-code',
                                     auth_info: 'qwe321')
          @contact.code.should == 'FIXED:new-code' # still new record
          @contact.save.should == true
          @contact.code.should == 'FIXED:NEW-CODE'
-          @contact = Fabricate.build(:contact, 
+          @contact = Fabricate.build(:contact,
-                                     code: 'FIXED:new-code', 
+                                     code: 'FIXED:new-code',
                                     auth_info: 'qwe321')
          @contact.code.should == 'FIXED:new-code' # still new record
          @contact.valid?
@ -321,10 +321,10 @@ describe Contact do
        end
        it 'should generate a new password' do
-          @contact = Fabricate.build(:contact, code: '123asd', auth_info: 'qwe321')
+          @contact = Fabricate.build(:contact, code: '123asd', auth_info: nil)
-          @contact.auth_info.should == 'qwe321'
+          @contact.auth_info.should == nil
          @contact.save.should == true
-          @contact.auth_info.should_not == 'qwe321'
+          @contact.auth_info.should_not be_nil
        end
        it 'should not allow same code' do
@ -359,7 +359,7 @@ describe Contact do
      context 'after update' do
        before :all do
-          @contact = Fabricate.build(:contact, 
+          @contact = Fabricate.build(:contact,
                                     code: '123asd',
                                     auth_info: 'qwe321')
          @contact.save
--- a/spec/models/domain_spec.rb
+++ b/spec/models/domain_spec.rb
@ -399,6 +399,7 @@ describe Domain do
    it 'should set pending update' do
      @domain.statuses = DomainStatus::OK # restore
      @domain.save
      @domain.pending_update?.should == false
      @domain.set_pending_update
@ -409,6 +410,7 @@ describe Domain do
    it 'should not set pending update' do
      @domain.statuses = DomainStatus::OK # restore
      @domain.statuses << DomainStatus::CLIENT_UPDATE_PROHIBITED
      @domain.save
      @domain.set_pending_update.should == nil # not updated
      @domain.pending_update?.should == false
@ -417,9 +419,12 @@ describe Domain do
    it 'should set pending delete' do
      @domain.statuses = DomainStatus::OK # restore
      @domain.save
      @domain.pending_delete?.should == false
-      @domain.set_pending_delete.should == ['pendingDelete']
+      @domain.set_pending_delete
      @domain.save
      @domain.statuses.should == ['pendingDelete']
      @domain.pending_delete?.should == true
      @domain.statuses = DomainStatus::OK # restore
    end
--- a/spec/support/epp.rb
+++ b/spec/support/epp.rb
@ -353,9 +353,7 @@ module Epp
    defaults = {
      name: { value: next_domain_name },
      period: nil,
-      authInfo: {
+      authInfo: nil
        pw: { value: '98oiewslkfkd', attrs: { roid: 'citizen_1234-REP' } }
      }
    }
    xml_params = defaults.deep_merge(xml_params)