diff --git a/app/controllers/admin/pending_deletes_controller.rb b/app/controllers/admin/pending_deletes_controller.rb index 2eda703bd..369e007cd 100644 --- a/app/controllers/admin/pending_deletes_controller.rb +++ b/app/controllers/admin/pending_deletes_controller.rb @@ -5,17 +5,17 @@ class Admin::PendingDeletesController < AdminController def update authorize! :update, :pending - if registrant_verification.domain_registrant_delete_confirm! + if registrant_verification.domain_registrant_delete_confirm!("admin #{current_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied) else - redirect_to admin_edit_domain_path(@domain.id), alert: t(:failure) + redirect_to admin_domain_path(@domain.id), alert: t(:failure) end end def destroy authorize! :destroy, :pending - if registrant_verification.domain_registrant_delete_reject! + if registrant_verification.domain_registrant_delete_reject!("admin #{current_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed) else redirect_to admin_domain_path(@domain.id), alert: t(:failure) diff --git a/app/controllers/admin/pending_updates_controller.rb b/app/controllers/admin/pending_updates_controller.rb index 6e41a6c57..8da05c480 100644 --- a/app/controllers/admin/pending_updates_controller.rb +++ b/app/controllers/admin/pending_updates_controller.rb @@ -5,7 +5,7 @@ class Admin::PendingUpdatesController < AdminController def update authorize! :update, :pending - if registrant_verification.domain_registrant_change_confirm! + if registrant_verification.domain_registrant_change_confirm!("admin #{current_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied) else redirect_to edit_admin_domain_path(@domain.id), alert: t(:failure) @@ -14,7 +14,7 @@ class Admin::PendingUpdatesController < AdminController def destroy authorize! :destroy, :pending - if registrant_verification.domain_registrant_change_reject! + if registrant_verification.domain_registrant_change_reject!("admin #{current_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed) else redirect_to admin_domain_path(@domain.id), alert: t(:failure) diff --git a/app/controllers/registrant/domain_delete_confirms_controller.rb b/app/controllers/registrant/domain_delete_confirms_controller.rb index 209456808..abef63174 100644 --- a/app/controllers/registrant/domain_delete_confirms_controller.rb +++ b/app/controllers/registrant/domain_delete_confirms_controller.rb @@ -20,17 +20,20 @@ class Registrant::DomainDeleteConfirmsController < RegistrantController @registrant_verification = RegistrantVerification.new(domain_id: @domain.id, domain_name: @domain.name, verification_token: params[:token]) + + initiator = current_user ? current_user.username : t(:user_not_authenticated) + if params[:rejected] - if @registrant_verification.domain_registrant_delete_reject! - flash[:notice] = t(:registrant_domain_delete_rejected) + if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}") + flash[:notice] = t(:registrant_domain_verification_rejected) redirect_to registrant_domain_delete_confirm_path(@domain.id, rejected: true) else flash[:alert] = t(:registrant_domain_delete_rejected_failed) return render 'show' end elsif params[:confirmed] - if @registrant_verification.domain_registrant_delete_confirm! - flash[:notice] = t(:registrant_domain_delete_confirmed) + if @registrant_verification.domain_registrant_delete_confirm!("email link #{initiator}") + flash[:notice] = t(:registrant_domain_verification_confirmed) redirect_to registrant_domain_delete_confirm_path(@domain.id, confirmed: true) else flash[:alert] = t(:registrant_domain_delete_confirmed_failed) diff --git a/app/controllers/registrant/domain_update_confirms_controller.rb b/app/controllers/registrant/domain_update_confirms_controller.rb index 598681d7a..471a35ee3 100644 --- a/app/controllers/registrant/domain_update_confirms_controller.rb +++ b/app/controllers/registrant/domain_update_confirms_controller.rb @@ -20,8 +20,11 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController @registrant_verification = RegistrantVerification.new(domain_id: @domain.id, domain_name: @domain.name, verification_token: params[:token]) + + initiator = current_user ? current_user.username : t(:user_not_authenticated) + if params[:rejected] - if @registrant_verification.domain_registrant_change_reject! + if @registrant_verification.domain_registrant_change_reject!("email link, #{initiator}") flash[:notice] = t(:registrant_domain_verification_rejected) redirect_to registrant_domain_update_confirm_path(@domain.id, rejected: true) else @@ -29,7 +32,7 @@ class Registrant::DomainUpdateConfirmsController < RegistrantController return render 'show' end elsif params[:confirmed] - if @registrant_verification.domain_registrant_change_confirm! + if @registrant_verification.domain_registrant_change_confirm!("email link, #{initiator}") flash[:notice] = t(:registrant_domain_verification_confirmed) redirect_to registrant_domain_update_confirm_path(@domain.id, confirmed: true) else diff --git a/app/jobs/domain_delete_confirm_job.rb b/app/jobs/domain_delete_confirm_job.rb index e147e3aa8..3cc13bcd3 100644 --- a/app/jobs/domain_delete_confirm_job.rb +++ b/app/jobs/domain_delete_confirm_job.rb @@ -1,5 +1,6 @@ class DomainDeleteConfirmJob < Que::Job - def run(domain_id, action) + def run(domain_id, action, initiator = nil) + ::PaperTrail.whodunnit = "job - #{self.class.name} - #{action} by #{initiator}" # it's recommended to keep transaction against job table as short as possible. ActiveRecord::Base.transaction do domain = Epp::Domain.find(domain_id) diff --git a/app/jobs/domain_update_confirm_job.rb b/app/jobs/domain_update_confirm_job.rb index 67007d334..4a47cc364 100644 --- a/app/jobs/domain_update_confirm_job.rb +++ b/app/jobs/domain_update_confirm_job.rb @@ -1,5 +1,6 @@ class DomainUpdateConfirmJob < Que::Job - def run(domain_id, action) + def run(domain_id, action, initiator = nil) + ::PaperTrail.whodunnit = "job - #{self.class.name} - #{action} by #{initiator}" # it's recommended to keep transaction against job table as short as possible. ActiveRecord::Base.transaction do domain = Epp::Domain.find(domain_id) diff --git a/app/jobs/update_whois_record_job.rb b/app/jobs/update_whois_record_job.rb index 71f2b7e19..acfafa3d4 100644 --- a/app/jobs/update_whois_record_job.rb +++ b/app/jobs/update_whois_record_job.rb @@ -1,6 +1,8 @@ class UpdateWhoisRecordJob < Que::Job def run(names, type) + ::PaperTrail.whodunnit = "job - #{self.class.name} - #{type}" + klass = case type when 'reserved'then ReservedDomain when 'blocked' then BlockedDomain diff --git a/app/models/domain_cron.rb b/app/models/domain_cron.rb index 6f04b92d5..bd0c779c7 100644 --- a/app/models/domain_cron.rb +++ b/app/models/domain_cron.rb @@ -3,6 +3,7 @@ class DomainCron def self.clean_expired_pendings STDOUT << "#{Time.zone.now.utc} - Clean expired domain pendings\n" unless Rails.env.test? + ::PaperTrail.whodunnit = "cron - #{__method__}" expire_at = Setting.expire_pending_confirmation.hours.ago count = 0 expired_pending_domains = Domain.where('registrant_verification_asked_at <= ?', expire_at) @@ -33,6 +34,7 @@ class DomainCron def self.start_expire_period STDOUT << "#{Time.zone.now.utc} - Expiring domains\n" unless Rails.env.test? + ::PaperTrail.whodunnit = "cron - #{__method__}" domains = Domain.where('valid_to <= ?', Time.zone.now) marked = 0 real = 0 @@ -50,6 +52,7 @@ class DomainCron def self.start_redemption_grace_period STDOUT << "#{Time.zone.now.utc} - Setting server_hold to domains\n" unless Rails.env.test? + ::PaperTrail.whodunnit = "cron - #{__method__}" d = Domain.where('outzone_at <= ?', Time.zone.now) marked = 0 real = 0 @@ -92,6 +95,11 @@ class DomainCron STDOUT << "#{Time.zone.now.utc} - Destroying domains\n" unless Rails.env.test? c = 0 + Domain.where("statuses @> '{deleteCandidate}'::varchar[]").each do |x| + ::PaperTrail.whodunnit = "cron - #{__method__} case statuses" + WhoisRecord.where(domain_id: x.id).destroy_all + destroy_with_message x + STDOUT << "#{Time.zone.now.utc} Domain.destroy_delete_candidates: by deleteCandidate ##{x.id} (#{x.name})\n" unless Rails.env.test? Domain.where('delete_at <= ?', Time.zone.now).each do |x| next unless x.delete_candidateable? @@ -110,6 +118,10 @@ class DomainCron Domain.where('force_delete_at <= ?', Time.zone.now).each do |x| DomainDeleteJob.enqueue(x.id, run_at: rand(((24*60) - (DateTime.now.hour * 60 + DateTime.now.minute))).minutes.from_now) STDOUT << "#{Time.zone.now.utc} DomainCron.destroy_delete_candidates: job added by force delete time ##{x.id} (#{x.name})\n" unless Rails.env.test? + ::PaperTrail.whodunnit = "cron - #{__method__} case force_deleted_at" + WhoisRecord.where(domain_id: x.id).destroy_all + destroy_with_message x + STDOUT << "#{Time.zone.now.utc} DomainCron.destroy_delete_candidates: by force delete time ##{x.id} (#{x.name})\n" unless Rails.env.test? c += 1 end diff --git a/app/models/epp/domain.rb b/app/models/epp/domain.rb index be8f2f6eb..61ee6a2d8 100644 --- a/app/models/epp/domain.rb +++ b/app/models/epp/domain.rb @@ -525,7 +525,6 @@ class Epp::Domain < Domain self.statuses.delete(DomainStatus::PENDING_UPDATE) self.upid = user.registrar.id if user.registrar self.up_date = Time.zone.now - ::PaperTrail.whodunnit = user.id_role_username # updator str should be the request originator not the approval user return unless update(frame, user, false) clean_pendings! diff --git a/app/models/registrant_verification.rb b/app/models/registrant_verification.rb index 253bac630..95e24d36b 100644 --- a/app/models/registrant_verification.rb +++ b/app/models/registrant_verification.rb @@ -13,27 +13,27 @@ class RegistrantVerification < ActiveRecord::Base validates :verification_token, :domain_name, :domain, :action, :action_type, presence: true - def domain_registrant_change_confirm! + def domain_registrant_change_confirm!(initiator) self.action_type = DOMAIN_REGISTRANT_CHANGE self.action = CONFIRMED - DomainUpdateConfirmJob.enqueue domain.id, CONFIRMED if save + DomainUpdateConfirmJob.enqueue domain.id, CONFIRMED, initiator if save end - def domain_registrant_change_reject! + def domain_registrant_change_reject!(initiator) self.action_type = DOMAIN_REGISTRANT_CHANGE self.action = REJECTED - DomainUpdateConfirmJob.run domain.id, REJECTED if save + DomainUpdateConfirmJob.run domain.id, REJECTED, initiator if save end - def domain_registrant_delete_confirm! + def domain_registrant_delete_confirm!(initiator) self.action_type = DOMAIN_DELETE self.action = CONFIRMED - DomainDeleteConfirmJob.enqueue domain.id, CONFIRMED if save + DomainDeleteConfirmJob.enqueue domain.id, CONFIRMED, initiator if save end - def domain_registrant_delete_reject! + def domain_registrant_delete_reject!(initiator) self.action_type = DOMAIN_DELETE self.action = REJECTED - DomainDeleteConfirmJob.enqueue domain.id, REJECTED if save + DomainDeleteConfirmJob.enqueue domain.id, REJECTED, initiator if save end end diff --git a/config/locales/en.yml b/config/locales/en.yml index 5cc0031af..a5bf12885 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -961,3 +961,4 @@ en: only_estonian_residets_can_signin: "Access currently available only to Estonian citizens and e-residents with Estonian ID-card or Mobile-ID." deleted: 'Deleted' cant_match_version: 'Impossible match version with request' + user_not_authenticated: "user not authenticated"