Merge branch 'master' into registry-693

2025-06-10 14:44:47 +02:00 · 2018-02-21 01:49:01 +02:00 · 2018-02-21 01:49:01 +02:00 · f44d4ce925
commit f44d4ce925
parent e1ad847a89 7fb7499ca6
55 changed files with 536 additions and 277 deletions
--- a/test/fixtures/epp_sessions.yml
+++ b/test/fixtures/epp_sessions.yml
@ -1,9 +1,7 @@
 api_bestnames:
-  session_id: 1
-  registrar: bestnames
-  data: <%= Base64.encode64(Marshal.dump({api_user_id: ActiveRecord::Fixtures.identify(:api_bestnames)})) %>
+  session_id: api_bestnames
+  user: api_bestnames

 api_goodnames:
-  session_id: 2
-  registrar: goodnames
-  data: <%= Base64.encode64(Marshal.dump({api_user_id: ActiveRecord::Fixtures.identify(:api_goodnames)})) %>
+  session_id: api_goodnames
+  user: api_goodnames
--- a/test/integration/epp/login/credentials_test.rb
+++ b/test/integration/epp/login/credentials_test.rb
@ -0,0 +1,64 @@
+require 'test_helper'
+
+class EppLoginCredentialsTest < ActionDispatch::IntegrationTest
+  def test_correct_credentials
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <login>
+            <clID>test_bestnames</clID>
+            <pw>testtest</pw>
+            <options>
+              <version>1.0</version>
+              <lang>en</lang>
+            </options>
+            <svcs>
+              <objURI>https://epp.tld.ee/schema/domain-eis-1.0.xsd</objURI>
+              <objURI>https://epp.tld.ee/schema/contact-ee-1.1.xsd</objURI>
+              <objURI>urn:ietf:params:xml:ns:host-1.0</objURI>
+              <objURI>urn:ietf:params:xml:ns:keyrelay-1.0</objURI>
+            </svcs>
+          </login>
+        </command>
+      </epp>
+    XML
+
+    post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
+    assert EppSession.find_by(session_id: 'new_session_id')
+    assert_equal users(:api_bestnames), EppSession.find_by(session_id: 'new_session_id').user
+    assert Nokogiri::XML(response.body).at_css('result[code="1000"]')
+    assert_equal 1, Nokogiri::XML(response.body).css('result').size
+  end
+
+  def test_already_logged_in
+    assert true # Handled by mod_epp
+  end
+
+  def test_wrong_credentials
+    request_xml = <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <login>
+            <clID>non-existent</clID>
+            <pw>valid-but-wrong</pw>
+            <options>
+              <version>1.0</version>
+              <lang>en</lang>
+            </options>
+            <svcs>
+              <objURI>https://epp.tld.ee/schema/domain-eis-1.0.xsd</objURI>
+              <objURI>https://epp.tld.ee/schema/contact-ee-1.1.xsd</objURI>
+              <objURI>urn:ietf:params:xml:ns:host-1.0</objURI>
+              <objURI>urn:ietf:params:xml:ns:keyrelay-1.0</objURI>
+            </svcs>
+          </login>
+        </command>
+      </epp>
+    XML
+
+    post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=any_random_string' }
+    assert Nokogiri::XML(response.body).at_css('result[code="2501"]')
+  end
+end
--- a/test/integration/epp/login/session_limit_test.rb
+++ b/test/integration/epp/login/session_limit_test.rb
@ -0,0 +1,63 @@
+require 'test_helper'
+
+class EppLoginSessionLimitTest < ActionDispatch::IntegrationTest
+  def setup
+    travel_to Time.zone.parse('2010-07-05')
+    EppSession.delete_all
+  end
+
+  def test_not_reached
+    (EppSession.limit_per_registrar - 1).times do
+      EppSession.create!(session_id: SecureRandom.hex,
+                         user: users(:api_bestnames),
+                         updated_at: Time.zone.parse('2010-07-05'))
+    end
+
+    assert_difference 'EppSession.count' do
+      post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
+    end
+
+    assert Nokogiri::XML(response.body).at_css('result[code="1000"]')
+    assert_equal 1, Nokogiri::XML(response.body).css('result').size
+  end
+
+  def test_reached
+    EppSession.limit_per_registrar.times do
+      EppSession.create!(session_id: SecureRandom.hex,
+                         user: users(:api_bestnames),
+                         updated_at: Time.zone.parse('2010-07-05'))
+    end
+
+    assert_no_difference 'EppSession.count' do
+      post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' }
+    end
+
+    assert Nokogiri::XML(response.body).at_css('result[code="2501"]')
+  end
+
+  private
+
+  def request_xml
+    <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <login>
+            <clID>test_bestnames</clID>
+            <pw>testtest</pw>
+            <options>
+              <version>1.0</version>
+              <lang>en</lang>
+            </options>
+            <svcs>
+              <objURI>https://epp.tld.ee/schema/domain-eis-1.0.xsd</objURI>
+              <objURI>https://epp.tld.ee/schema/contact-ee-1.1.xsd</objURI>
+              <objURI>urn:ietf:params:xml:ns:host-1.0</objURI>
+              <objURI>urn:ietf:params:xml:ns:keyrelay-1.0</objURI>
+            </svcs>
+          </login>
+        </command>
+      </epp>
+    XML
+  end
+end
--- a/test/integration/epp/logout_test.rb
+++ b/test/integration/epp/logout_test.rb
@ -0,0 +1,37 @@
+require 'test_helper'
+
+class EppLogoutTest < ActionDispatch::IntegrationTest
+  def test_success_response
+    post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
+    assert Nokogiri::XML(response.body).at_css('result[code="1500"]')
+    assert_equal 1, Nokogiri::XML(response.body).css('result').size
+  end
+
+  def test_ends_current_session
+    post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
+    assert_nil EppSession.find_by(session_id: 'api_bestnames')
+  end
+
+  def test_keeps_other_sessions_intact
+    post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
+    assert EppSession.find_by(session_id: 'api_goodnames')
+  end
+
+  def test_anonymous_user
+    post '/epp/session/logout', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=non-existent' }
+    assert Nokogiri::XML(response.body).at_css('result[code="2201"]')
+  end
+
+  private
+
+  def request_xml
+    <<-XML
+      <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+      <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+        <command>
+          <logout/>
+        </command>
+      </epp>
+    XML
+  end
+end
--- a/test/models/epp_session_test.rb
+++ b/test/models/epp_session_test.rb
@ -0,0 +1,63 @@
+require 'test_helper'
+
+class EppSessionTest < ActiveSupport::TestCase
+  def setup
+    @epp_session = epp_sessions(:api_bestnames)
+  end
+
+  def test_valid
+    assert @epp_session.valid?
+  end
+
+  def test_invalid_without_session_id
+    @epp_session.session_id = nil
+    @epp_session.validate
+    assert @epp_session.invalid?
+  end
+
+  def test_invalid_without_user
+    @epp_session.user = nil
+    @epp_session.validate
+    assert @epp_session.invalid?
+  end
+
+  def test_invalid_if_persisted_record_with_the_same_session_id_exists
+    epp_session = EppSession.new(session_id: @epp_session.session_id, user: @epp_session.user)
+    epp_session.validate
+    assert epp_session.invalid?
+  end
+
+  # Having session_id constraints at the database level is crucial
+
+  def test_database_session_id_unique_constraint
+    epp_session = EppSession.new(session_id: @epp_session.session_id, user: @epp_session.user)
+
+    assert_raises ActiveRecord::RecordNotUnique do
+      epp_session.save(validate: false)
+    end
+  end
+
+  def test_database_session_id_not_null_constraint
+    @epp_session.session_id = nil
+    assert_raises ActiveRecord::StatementInvalid do
+      @epp_session.save(validate: false)
+    end
+  end
+
+  def test_limit_per_registrar
+    assert_equal 4, EppSession.limit_per_registrar
+  end
+
+  def test_limit_is_per_registrar
+    travel_to Time.zone.parse('2010-07-05')
+    EppSession.delete_all
+
+    EppSession.limit_per_registrar.times do
+      EppSession.create!(session_id: SecureRandom.hex,
+                         user: users(:api_goodnames),
+                         updated_at: Time.zone.parse('2010-07-05'))
+    end
+
+    refute EppSession.limit_reached?(registrars(:bestnames))
+  end
+end