mirror of
https://github.com/internetee/registry.git
synced 2025-07-22 18:56:05 +02:00
added validation before update
This commit is contained in:
parent
00c188a1ce
commit
f637b94dbb
2 changed files with 46 additions and 0 deletions
|
@ -14,11 +14,56 @@ module Actions
|
|||
assign_new_registrant if params[:registrant]
|
||||
assign_relational_modifications
|
||||
assign_requested_statuses
|
||||
validate_dnskey unless Rails.env.test?
|
||||
::Actions::BaseAction.maybe_attach_legal_doc(domain, params[:legal_document])
|
||||
|
||||
commit
|
||||
end
|
||||
|
||||
def validate_dnskey
|
||||
domain = Domain.find_by(name: @params[:domain])
|
||||
dns = prepare_resolver
|
||||
update_params_info = parse_data_from_update_request(@params[:dns_keys][0])
|
||||
|
||||
domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation)) if domain.nameservers.empty?
|
||||
|
||||
domain.nameservers.each do |n|
|
||||
zone_info = parse_data_from_zonefile(dns_resolver: dns, hostname: n.hostname)
|
||||
|
||||
domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation)) unless zone_info == update_params_info
|
||||
end
|
||||
|
||||
true
|
||||
end
|
||||
|
||||
def parse_data_from_update_request(data)
|
||||
{
|
||||
flags: data[:flags],
|
||||
algorithm: data[:alg],
|
||||
protocol: data[:protocol],
|
||||
}
|
||||
end
|
||||
|
||||
def parse_data_from_zonefile(dns_resolver:, hostname:)
|
||||
alg = dns_resolver.query(hostname, 'DS').answer[0].rdata[1]
|
||||
result = dns_resolver.query(hostname, 'DNSKEY').answer[0]
|
||||
|
||||
{
|
||||
flags: result.flags.to_s,
|
||||
algorithm: alg.to_s,
|
||||
protocol: result.protocol.to_s,
|
||||
}
|
||||
end
|
||||
|
||||
def prepare_resolver
|
||||
dns = Dnsruby::Resolver.new(nameserver: ['8.8.8.8', '8.8.4.4'])
|
||||
dns.do_validation = true
|
||||
dns.do_caching = true
|
||||
dns.dnssec = true
|
||||
|
||||
dns
|
||||
end
|
||||
|
||||
def assign_relational_modifications
|
||||
assign_nameserver_modifications if params[:nameservers]
|
||||
assign_dnssec_modifications if params[:dns_keys]
|
||||
|
|
|
@ -666,6 +666,7 @@ en:
|
|||
user_not_authenticated: "user not authenticated"
|
||||
actions: Actions
|
||||
contact_has_been_archived: 'Contact with code %{contact_code} has been archieved because it has been orphaned for longer than %{orphan_months} months.'
|
||||
dns_policy_violation: "Data management policy violation: DNSKEY does not match or not found in the authoritative nameservers"
|
||||
|
||||
number:
|
||||
currency:
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue