Upgrade to Rails 5.0

Closes #377

app/controllers/admin/contacts_controller.rb

@@ -3,6 +3,7 @@ module Admin
     load_and_authorize_resource
     before_action :set_contact, only: [:show]
     helper_method :ident_types
+    helper_method :domain_filter_params
 
     def index
       params[:q] ||= {}
@@ -19,7 +20,7 @@ module Admin
 
       normalize_search_parameters do
         @q = contacts.search(search_params)
-        @contacts = @q.result.uniq.page(params[:page])
+        @contacts = @q.result.distinct.page(params[:page])
       end
 
       @contacts = @contacts.per(params[:results_per_page]) if params[:results_per_page].to_i.positive?
@@ -84,5 +85,9 @@ module Admin
     def ident_types
       Contact::Ident.types
     end
+
+    def domain_filter_params
+      params.permit(:domain_filter)
+    end
   end
 end

app/controllers/admin/domains/force_delete_controller.rb

@@ -33,7 +33,7 @@ module Admin
       end
 
       def notify_by_email?
-        ActiveRecord::Type::Boolean.new.type_cast_from_user(params[:notify_by_email])
+        ActiveRecord::Type::Boolean.new.cast(params[:notify_by_email])
       end
     end
   end

app/controllers/api/cors_controller.rb

@@ -5,7 +5,7 @@ module Api
 
     def cors_preflight_check
       set_access_control_headers
-      render text: ''
+      render plain: ''
     end
 
     def set_access_control_headers

app/controllers/api/v1/base_controller.rb

@@ -1,5 +1,3 @@
-require 'rails5_api_controller_backport'
-
 module Api
   module V1
     class BaseController < ActionController::API

app/controllers/api/v1/registrant/auth_controller.rb

@@ -1,4 +1,3 @@
-require 'rails5_api_controller_backport'
 require 'auth_token/auth_token_creator'
 
 module Api
@@ -16,7 +15,7 @@ module Api
         end
 
         def eid
-          user = RegistrantUser.find_or_create_by_api_data(eid_params)
+          user = RegistrantUser.find_or_create_by_api_data(eid_params.to_h)
           token = create_token(user)
 
           if token

app/controllers/api/v1/registrant/base_controller.rb

@@ -1,4 +1,3 @@
-require 'rails5_api_controller_backport'
 require 'auth_token/auth_token_decryptor'
 
 module Api

app/controllers/application_controller.rb

@@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
 
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  protect_from_forgery with: :exception, prepend: true
 
   before_action do
     resource = controller_name.singularize.to_sym

app/controllers/epp/base_controller.rb

@@ -3,7 +3,6 @@ module Epp
     class AuthorizationError < StandardError; end
 
     check_authorization
-    skip_before_action :verify_authenticity_token
     layout false
 
     before_action :ensure_session_id_passed

app/controllers/registrant/contacts_controller.rb

@@ -1,6 +1,7 @@
 class Registrant::ContactsController < RegistrantController
   helper_method :domain
   helper_method :fax_enabled?
+  helper_method :domain_filter_params
   skip_authorization_check only: %i[edit update]
 
   def show
@@ -99,4 +100,8 @@ class Registrant::ContactsController < RegistrantController
       http.request(request)
     end
   end
+
+  def domain_filter_params
+    params.permit(:domain_filter)
+  end
 end

app/controllers/registrar/contacts_controller.rb

@@ -3,6 +3,7 @@ class Registrar
     before_action :init_epp_contact
     helper_method :address_processing?
     helper_method :ident_types
+    helper_method :domain_filter_params
 
     def index
       authorize! :view, Depp::Contact
@@ -68,7 +69,7 @@ class Registrar
 
     def create
       authorize! :create, Depp::Contact
-      @contact = Depp::Contact.new(params[:depp_contact])
+      @contact = Depp::Contact.new(contact_params)
 
       if @contact.save
         redirect_to registrar_contact_url(@contact.id)
@@ -79,9 +80,9 @@ class Registrar
 
     def update
       authorize! :edit, Depp::Contact
-      @contact = Depp::Contact.new(params[:depp_contact])
+      @contact = Depp::Contact.new(contact_params)
 
-      if @contact.update_attributes(params[:depp_contact])
+      if @contact.update_attributes(contact_params)
         redirect_to registrar_contact_url(@contact.id)
       else
         render 'edit'
@@ -95,7 +96,7 @@ class Registrar
 
     def destroy
       authorize! :delete, Depp::Contact
-      @contact = Depp::Contact.new(params[:depp_contact])
+      @contact = Depp::Contact.new(contact_params_for_delete)
 
       if @contact.delete
         redirect_to registrar_contacts_url, notice: t(:destroyed)
@@ -104,6 +105,12 @@ class Registrar
       end
     end
 
+    protected
+
+    def domain_filter_params
+      params.permit(:domain_filter)
+    end
+
     private
 
     def init_epp_contact
@@ -131,5 +138,22 @@ class Registrar
     def ident_types
       Contact::Ident.types
     end
+
+    def contact_params
+      params.require(:depp_contact).permit(:id,
+                                           :name,
+                                           :email,
+                                           :phone,
+                                           :org_name,
+                                           :ident, :ident_type, :ident_country_code,
+                                           :street, :city, :zip, :state, :country_code,
+                                           :password,
+                                           :legal_document,
+                                           :code)
+    end
+
+    def contact_params_for_delete
+      params.require(:depp_contact).permit(:id, :password, :legal_document)
+    end
   end
 end

app/controllers/registrar/domains_controller.rb

@@ -2,16 +2,17 @@ class Registrar
   class DomainsController < DeppController
     before_action :init_domain, except: :new
     helper_method :contacts
+    helper_method :search_params
 
     def index
       authorize! :view, Depp::Domain
 
-      params[:q] ||= {}
-      params[:q].delete_if { |_k, v| v.blank? }
-      if params[:q].length == 1 && params[:q][:name_matches].present?
-        @domain = Domain.find_by(name: params[:q][:name_matches])
-        if @domain
-          redirect_to info_registrar_domains_url(domain_name: @domain.name) and return
+      if search_params.to_h.delete_if { |_key, value| value.blank? }.length == 1 &&
+        search_params[:name_matches].present?
+        domain = Domain.find_by(name: search_params[:name_matches])
+
+        if domain
+          redirect_to info_registrar_domains_url(domain_name: domain.name) and return
         end
       end
 
@@ -24,15 +25,15 @@ class Registrar
       end
 
       normalize_search_parameters do
-        @q = domains.search(params[:q])
+        @q = domains.search(search_params)
         @domains = @q.result.page(params[:page])
-        if @domains.count == 0 && params[:q][:name_matches] !~ /^%.+%$/
-          # if we do not get any results, add wildcards to the name field and search again
-          n_cache = params[:q][:name_matches]
-          params[:q][:name_matches] = "%#{params[:q][:name_matches]}%"
-          @q = domains.search(params[:q])
+
+        # if we do not get any results, add wildcards to the name field and search again
+        if @domains.count == 0 && search_params[:name_matches] !~ /^%.+%$/
+          new_search_params = search_params.to_h
+          new_search_params[:name_matches] = "%#{new_search_params[:name_matches]}%"
+          @q = domains.search(new_search_params)
           @domains = @q.result.page(params[:page])
-          params[:q][:name_matches] = n_cache # we don't want to show wildcards in search form
         end
       end
 
@@ -164,17 +165,26 @@ class Registrar
     end
 
     def normalize_search_parameters
-      ca_cache = params[:q][:valid_to_lteq]
+      ca_cache = search_params[:valid_to_lteq]
       begin
-        end_time = params[:q][:valid_to_lteq].try(:to_date)
-        params[:q][:valid_to_lteq] = end_time.try(:end_of_day)
+        end_time = search_params[:valid_to_lteq].try(:to_date)
+        search_params[:valid_to_lteq] = end_time.try(:end_of_day)
       rescue
         logger.warn('Invalid date')
       end
 
       yield
 
-      params[:q][:valid_to_lteq] = ca_cache
+      search_params[:valid_to_lteq] = ca_cache
+    end
+
+    def search_params
+      params.fetch(:q, {}).permit(:name_matches,
+                                  :registrant_ident_eq,
+                                  :contacts_ident_eq,
+                                  :nameservers_hostname_eq,
+                                  :valid_to_gteq,
+                                  :valid_to_lteq)
     end
   end
 end

app/controllers/registrar/sessions_controller.rb

@@ -55,7 +55,7 @@ class Registrar
       ip_allowed = restricted_ip.can_access_registrar_area?(resource.registrar)
 
       unless ip_allowed
-        render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
+        render plain: t('registrar.authorization.ip_not_allowed', ip: request.ip)
         warden.logout(:registrar_user)
         return
       end
@@ -171,7 +171,7 @@ class Registrar
 
       return if allowed
 
-      render text: t('registrar.authorization.ip_not_allowed', ip: request.ip)
+      render plain: t('registrar.authorization.ip_not_allowed', ip: request.ip)
     end
 
     def current_ability

app/controllers/registrar/xml_consoles_controller.rb

@@ -19,7 +19,7 @@ class Registrar
       xml_dir_path = Rails.root + 'app/views/registrar/xml_consoles/epp_requests'
       xml = File.read("#{xml_dir_path}/#{params[:obj]}/#{params[:epp_action]}.xml")
       xml.gsub!('<clTRID>ABC-12345</clTRID>', "<clTRID>#{cl_trid}</clTRID>")
-      render text: xml
+      render plain: xml
     end
   end
 end