Merge remote-tracking branch 'origin/add-registrant-api-token-log' into add-role-filter-to-registrant-api

2025-06-10 22:54:47 +02:00 · 2021-02-23 13:48:05 +02:00 · 2021-02-23 13:48:05 +02:00 · f60bf4013c
commit f60bf4013c
parent 951d95a3e8 d864265760
60 changed files with 1153 additions and 178 deletions
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@ -11,7 +11,7 @@ module Api
      end

      def authenticate_shared_key
-        api_key = "Basic #{ENV['api_shared_key']}"
+        api_key = "Basic #{ENV['rwhois_internal_api_shared_key']}"
        head(:unauthorized) unless api_key == request.authorization
      end

--- a/app/controllers/api/v1/bounces_controller.rb
+++ b/app/controllers/api/v1/bounces_controller.rb
@ -1,7 +1,7 @@
 module Api
  module V1
    class BouncesController < BaseController
-      before_action :authenticate_shared_key
+      before_action :validate_shared_key_integrity

      # POST api/v1/bounces/
      def create
@ -20,6 +20,13 @@ module Api

        params.require(:data)
      end
+
+      private
+
+      def validate_shared_key_integrity
+        api_key = "Basic #{ENV['rwhois_bounces_api_shared_key']}"
+        head(:unauthorized) unless api_key == request.authorization
+      end
    end
  end
 end
--- a/app/controllers/api/v1/contact_requests_controller.rb
+++ b/app/controllers/api/v1/contact_requests_controller.rb
@ -0,0 +1,37 @@
+module Api
+  module V1
+    class ContactRequestsController < BaseController
+      before_action :authenticate_shared_key
+
+      # POST api/v1/contact_requests/
+      def create
+        return head(:bad_request) if contact_request_params[:email].blank?
+
+        contact_request = ContactRequest.save_record(contact_request_params)
+        render json: contact_request, status: :created
+      rescue StandardError
+        head(:bad_request)
+      end
+
+      def update
+        return head(:bad_request) if params[:id].blank?
+
+        process_id(params[:id])
+      end
+
+      def process_id(id)
+        record = ContactRequest.find_by(id: id)
+        return :not_found unless record
+
+        record.update_status(contact_request_params)
+        render json: record, status: :ok
+      rescue StandardError
+        head :bad_request
+      end
+
+      def contact_request_params
+        params.require(:contact_request).permit(:email, :whois_record_id, :name, :status, :ip)
+      end
+    end
+  end
+end
--- a/app/controllers/api/v1/registrant/auth_controller.rb
+++ b/app/controllers/api/v1/registrant/auth_controller.rb
@ -19,6 +19,8 @@ module Api
          token = create_token(user)

          if token
+            ToStdout.msg("Bearer for #{eid_params[:first_name]} #{eid_params[:last_name]} " \
+                         "(#{eid_params[:ident]}) - '#{token[:access_token]}'")
            render json: token
          else
            render json: { errors: [{ base: ['Cannot create generate session token'] }] }
--- a/app/controllers/epp/contacts_controller.rb
+++ b/app/controllers/epp/contacts_controller.rb
@ -14,7 +14,7 @@ module Epp
      authorize! :check, Epp::Contact

      ids = params[:parsed_frame].css('id').map(&:text)
-      @results = Epp::Contact.check_availability(ids)
+      @results = Epp::Contact.check_availability(ids, reg: current_user.registrar.code)
      render_epp_response '/epp/contacts/check'
    end

@ -93,7 +93,11 @@ module Epp

    def find_contact
      code = params[:parsed_frame].css('id').text.strip.upcase
-      @contact = Epp::Contact.find_by!(code: code)
+      reg_code = current_user.registrar.code.upcase
+      arr = [code, "#{reg_code}:#{code}", "CID:#{code}", "CID:#{reg_code}:#{code}"]
+
+      contact = arr.find { |c| Epp::Contact.find_by(code: c).present? }
+      @contact = Epp::Contact.find_by!(code: contact || code)
    end

    #
--- a/app/controllers/registrar/admin_contacts_controller.rb
+++ b/app/controllers/registrar/admin_contacts_controller.rb
@ -0,0 +1,18 @@
+class Registrar
+  class AdminContactsController < BulkChangeController
+    BASE_URL = URI.parse("#{ENV['repp_url']}domains/admin_contacts").freeze
+    ACTIVE_TAB = :admin_contact
+
+    def update
+      authorize! :manage, :repp
+      uri = BASE_URL
+      request = form_request(uri)
+      response = do_request(request, uri)
+      start_notice = t('.replaced')
+
+      process_response(response: response,
+                       start_notice: start_notice,
+                       active_tab: ACTIVE_TAB)
+    end
+  end
+end
--- a/app/controllers/registrar/bulk_change_controller.rb
+++ b/app/controllers/registrar/bulk_change_controller.rb
@ -26,6 +26,84 @@ class Registrar

    private

+    def form_request(uri)
+      request = Net::HTTP::Patch.new(uri)
+      request.set_form_data(current_contact_id: params[:current_contact_id],
+                            new_contact_id: params[:new_contact_id])
+      request.basic_auth(current_registrar_user.username,
+                         current_registrar_user.plain_text_password)
+      request
+    end
+
+    def process_response(response:, start_notice: '', active_tab:)
+      parsed_response = JSON.parse(response.body, symbolize_names: true)
+
+      if response.code == '200'
+        notices = success_notices(parsed_response, start_notice)
+
+        flash[:notice] = notices.join(', ')
+        redirect_to registrar_domains_url
+      else
+        @error = response.code == '404' ? 'Contact(s) not found' : parsed_response[:message]
+        render file: 'registrar/bulk_change/new', locals: { active_tab: active_tab }
+      end
+    end
+
+    def success_notices(parsed_response, start_notice)
+      notices = [start_notice]
+
+      notices << "#{t('.affected_domains')}: " \
+                   "#{parsed_response[:data][:affected_domains].join(', ')}"
+
+      if parsed_response[:data][:skipped_domains]
+        notices << "#{t('.skipped_domains')}: " \
+                     "#{parsed_response[:data][:skipped_domains].join(', ')}"
+      end
+      notices
+    end
+
+    def do_request(request, uri)
+      response = if Rails.env.test?
+                   do_test_request(request, uri)
+                 elsif Rails.env.development?
+                   do_dev_request(request, uri)
+                 else
+                   do_live_request(request, uri)
+                 end
+      response
+    end
+
+    def do_live_request(request, uri)
+      client_cert = File.read(ENV['cert_path'])
+      client_key = File.read(ENV['key_path'])
+      Net::HTTP.start(uri.hostname, uri.port,
+                      use_ssl: (uri.scheme == 'https'),
+                      cert: OpenSSL::X509::Certificate.new(client_cert),
+                      key: OpenSSL::PKey::RSA.new(client_key)) do |http|
+        http.request(request)
+      end
+    end
+
+    def do_dev_request(request, uri)
+      client_cert = File.read(ENV['cert_path'])
+      client_key = File.read(ENV['key_path'])
+      Net::HTTP.start(uri.hostname, uri.port,
+                      use_ssl: (uri.scheme == 'https'),
+                      verify_mode: OpenSSL::SSL::VERIFY_NONE,
+                      cert: OpenSSL::X509::Certificate.new(client_cert),
+                      key: OpenSSL::PKey::RSA.new(client_key)) do |http|
+        http.request(request)
+      end
+    end
+
+    def do_test_request(request, uri)
+      Net::HTTP.start(uri.hostname, uri.port,
+                      use_ssl: (uri.scheme == 'https'),
+                      verify_mode: OpenSSL::SSL::VERIFY_NONE) do |http|
+        http.request(request)
+      end
+    end
+
    def ready_to_renew?
      domain_ids_for_bulk_renew.present? && params[:renew].present?
    end
--- a/app/controllers/registrar/domain_transfers_controller.rb
+++ b/app/controllers/registrar/domain_transfers_controller.rb
@ -25,32 +25,7 @@ class Registrar
                           current_registrar_user.plain_text_password)


-        if Rails.env.test?
-          response = Net::HTTP.start(uri.hostname, uri.port,
-                                     use_ssl: (uri.scheme == 'https'),
-                                     verify_mode: OpenSSL::SSL::VERIFY_NONE) do |http|
-            http.request(request)
-          end
-        elsif Rails.env.development?
-          client_cert = File.read(ENV['cert_path'])
-          client_key = File.read(ENV['key_path'])
-          response = Net::HTTP.start(uri.hostname, uri.port,
-                                     use_ssl: (uri.scheme == 'https'),
-                                     verify_mode: OpenSSL::SSL::VERIFY_NONE,
-                                     cert: OpenSSL::X509::Certificate.new(client_cert),
-                                     key: OpenSSL::PKey::RSA.new(client_key)) do |http|
-            http.request(request)
-          end
-        else
-          client_cert = File.read(ENV['cert_path'])
-          client_key = File.read(ENV['key_path'])
-          response = Net::HTTP.start(uri.hostname, uri.port,
-                                     use_ssl: (uri.scheme == 'https'),
-                                     cert: OpenSSL::X509::Certificate.new(client_cert),
-                                     key: OpenSSL::PKey::RSA.new(client_key)) do |http|
-            http.request(request)
-          end
-        end
+        response = do_request(request, uri)

        parsed_response = JSON.parse(response.body, symbolize_names: true)

--- a/app/controllers/registrar/nameservers_controller.rb
+++ b/app/controllers/registrar/nameservers_controller.rb
@ -18,32 +18,7 @@ class Registrar
      request.basic_auth(current_registrar_user.username,
                         current_registrar_user.plain_text_password)

-      if Rails.env.test?
-        response = Net::HTTP.start(uri.hostname, uri.port,
-                                   use_ssl: (uri.scheme == 'https'),
-                                   verify_mode: OpenSSL::SSL::VERIFY_NONE) do |http|
-          http.request(request)
-        end
-      elsif Rails.env.development?
-        client_cert = File.read(ENV['cert_path'])
-        client_key = File.read(ENV['key_path'])
-        response = Net::HTTP.start(uri.hostname, uri.port,
-                                   use_ssl: (uri.scheme == 'https'),
-                                   verify_mode: OpenSSL::SSL::VERIFY_NONE,
-                                   cert: OpenSSL::X509::Certificate.new(client_cert),
-                                   key: OpenSSL::PKey::RSA.new(client_key)) do |http|
-          http.request(request)
-        end
-      else
-        client_cert = File.read(ENV['cert_path'])
-        client_key = File.read(ENV['key_path'])
-        response = Net::HTTP.start(uri.hostname, uri.port,
-                                   use_ssl: (uri.scheme == 'https'),
-                                   cert: OpenSSL::X509::Certificate.new(client_cert),
-                                   key: OpenSSL::PKey::RSA.new(client_key)) do |http|
-          http.request(request)
-        end
-      end
+      response = do_request(request, uri)

      parsed_response = JSON.parse(response.body, symbolize_names: true)

--- a/app/controllers/registrar/tech_contacts_controller.rb
+++ b/app/controllers/registrar/tech_contacts_controller.rb
@ -1,62 +1,19 @@
 class Registrar
  class TechContactsController < BulkChangeController
+    BASE_URL = URI.parse("#{ENV['repp_url']}domains/contacts").freeze
+    ACTIVE_TAB = :technical_contact
+
    def update
      authorize! :manage, :repp

-      uri = URI.parse("#{ENV['repp_url']}domains/contacts")
+      uri = BASE_URL
+      request = form_request(uri)
+      response = do_request(request, uri)
+      start_notice = t('.replaced')

-      request = Net::HTTP::Patch.new(uri)
-      request.set_form_data(current_contact_id: params[:current_contact_id],
-                            new_contact_id: params[:new_contact_id])
-      request.basic_auth(current_registrar_user.username,
-                         current_registrar_user.plain_text_password)
-
-      if Rails.env.test?
-        response = Net::HTTP.start(uri.hostname, uri.port,
-                                   use_ssl: (uri.scheme == 'https'),
-                                   verify_mode: OpenSSL::SSL::VERIFY_NONE) do |http|
-          http.request(request)
-        end
-      elsif Rails.env.development?
-        client_cert = File.read(ENV['cert_path'])
-        client_key = File.read(ENV['key_path'])
-        response = Net::HTTP.start(uri.hostname, uri.port,
-                                   use_ssl: (uri.scheme == 'https'),
-                                   verify_mode: OpenSSL::SSL::VERIFY_NONE,
-                                   cert: OpenSSL::X509::Certificate.new(client_cert),
-                                   key: OpenSSL::PKey::RSA.new(client_key)) do |http|
-          http.request(request)
-        end
-      else
-        client_cert = File.read(ENV['cert_path'])
-        client_key = File.read(ENV['key_path'])
-        response = Net::HTTP.start(uri.hostname, uri.port,
-                                   use_ssl: (uri.scheme == 'https'),
-                                   cert: OpenSSL::X509::Certificate.new(client_cert),
-                                   key: OpenSSL::PKey::RSA.new(client_key)) do |http|
-          http.request(request)
-        end
-      end
-
-      parsed_response = JSON.parse(response.body, symbolize_names: true)
-
-      if response.code == '200'
-        notices = [t('.replaced')]
-
-        notices << "#{t('.affected_domains')}: " \
-                   "#{parsed_response[:data][:affected_domains].join(', ')}"
-
-        if parsed_response[:data][:skipped_domains]
-          notices << "#{t('.skipped_domains')}: " \
-                     "#{parsed_response[:data][:skipped_domains].join(', ')}"
-        end
-
-        flash[:notice] = notices.join(', ')
-        redirect_to registrar_domains_url
-      else
-        @error = response.code == '404' ? 'Contact(s) not found' : parsed_response[:message]
-        render file: 'registrar/bulk_change/new', locals: { active_tab: :technical_contact }
-      end
+      process_response(response: response,
+                       start_notice: start_notice,
+                       active_tab: ACTIVE_TAB)
    end
  end
 end
--- a/app/controllers/repp/v1/domains/admin_contacts_controller.rb
+++ b/app/controllers/repp/v1/domains/admin_contacts_controller.rb
@ -0,0 +1,21 @@
+module Repp
+  module V1
+    module Domains
+      class AdminContactsController < BaseContactsController
+        def update
+          super
+
+          unless @new_contact.identical_to?(@current_contact)
+            @epp_errors << { code: 2304, msg: 'Admin contacts must be identical' }
+          end
+
+          return handle_errors if @epp_errors.any?
+
+          affected, skipped = AdminDomainContact.replace(@current_contact, @new_contact)
+          @response = { affected_domains: affected, skipped_domains: skipped }
+          render_success(data: @response)
+        end
+      end
+    end
+  end
+end
--- a/app/controllers/repp/v1/domains/base_contacts_controller.rb
+++ b/app/controllers/repp/v1/domains/base_contacts_controller.rb
@ -0,0 +1,31 @@
+module Repp
+  module V1
+    module Domains
+      class BaseContactsController < BaseController
+        before_action :set_current_contact, only: [:update]
+        before_action :set_new_contact, only: [:update]
+
+        def set_current_contact
+          @current_contact = current_user.registrar.contacts
+                                         .find_by!(code: contact_params[:current_contact_id])
+        end
+
+        def set_new_contact
+          @new_contact = current_user.registrar.contacts.find_by!(code: params[:new_contact_id])
+        end
+
+        def update
+          @epp_errors ||= []
+          @epp_errors << { code: 2304, msg: 'New contact must be valid' } if @new_contact.invalid?
+        end
+
+        private
+
+        def contact_params
+          params.require(%i[current_contact_id new_contact_id])
+          params.permit(:current_contact_id, :new_contact_id)
+        end
+      end
+    end
+  end
+end
--- a/app/controllers/repp/v1/domains/contacts_controller.rb
+++ b/app/controllers/repp/v1/domains/contacts_controller.rb
@ -1,23 +1,9 @@
 module Repp
  module V1
    module Domains
-      class ContactsController < BaseController
-        before_action :set_current_contact, only: [:update]
-        before_action :set_new_contact, only: [:update]
-
-        def set_current_contact
-          @current_contact = current_user.registrar.contacts.find_by!(
-            code: contact_params[:current_contact_id]
-          )
-        end
-
-        def set_new_contact
-          @new_contact = current_user.registrar.contacts.find_by!(code: params[:new_contact_id])
-        end
-
+      class ContactsController < BaseContactsController
        def update
-          @epp_errors ||= []
-          @epp_errors << { code: 2304, msg: 'New contact must be valid' } if @new_contact.invalid?
+          super

          if @new_contact == @current_contact
            @epp_errors << { code: 2304, msg: 'New contact must be different from current' }
@ -29,13 +15,6 @@ module Repp
          @response = { affected_domains: affected, skipped_domains: skipped }
          render_success(data: @response)
        end
-
-        private
-
-        def contact_params
-          params.require(%i[current_contact_id new_contact_id])
-          params.permit(:current_contact_id, :new_contact_id)
-        end
      end
    end
  end