Add feature to disable IP whitelist #2707

app/controllers/registrar_controller.rb

@@ -1,6 +1,5 @@
 class RegistrarController < ApplicationController
   before_action :authenticate_user!, :check_ip
-  # before_action :check_ip
   layout 'registrar/application'
 
   include Registrar::ApplicationHelper

app/models/registrar.rb

@@ -75,7 +75,7 @@ class Registrar < ActiveRecord::Base
 
   # rubocop:disable Metrics/AbcSize
   # rubocop:disable Metrics/MethodLength
-  def issue_prepayment_invoice(amount, description = nil) 
+  def issue_prepayment_invoice(amount, description = nil)
     # Currently only EIS can issue invoices
     eis = self.class.eis
 
@@ -157,10 +157,12 @@ class Registrar < ActiveRecord::Base
   end
 
   def api_ip_white?(ip)
+    return true unless Setting.api_ip_whitelist_enabled
     white_ips.api.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
   end
 
   def registrar_ip_white?(ip)
+    return true unless Setting.registrar_ip_whitelist_enabled
     white_ips.registrar.pluck(:ipv4, :ipv6).flatten.include?(ip) || global_ip_white?(ip)
   end
 

app/models/white_ip.rb

@@ -24,6 +24,8 @@ class WhiteIp < ActiveRecord::Base
 
   class << self
     def registrar_ip_white?(ip)
+      return true unless Setting.registrar_ip_whitelist_enabled
+
       at = WhiteIp.arel_table
       WhiteIp.where(
         at[:interface].eq(REGISTRAR).or(

app/views/admin/settings/index.haml

@@ -67,6 +67,8 @@
           = render 'setting_row', var: :transfer_wait_time
           = render 'setting_row', var: :ds_algorithm
           = render 'setting_row', var: :client_side_status_editing_enabled
+          = render 'setting_row', var: :api_ip_whitelist_enabled
+          = render 'setting_row', var: :registrar_ip_whitelist_enabled
   .row
     .col-md-12.text-right
       %button.btn.btn-primary=t(:save)

config/initializers/initial_settings.rb

@@ -34,6 +34,9 @@ if con.present? && con.table_exists?('settings')
   Setting.save_default(:days_to_renew_domain_before_expire, 90)
   Setting.save_default(:expire_warning_period, 15)
   Setting.save_default(:redemption_grace_period, 30)
+
+  Setting.save_default(:registrar_ip_whitelist_enabled, true)
+  Setting.save_default(:api_ip_whitelist_enabled, true)
 end
 
 # dev only setting

spec/features/registrar/sessions_spec.rb

@@ -8,6 +8,14 @@ feature 'Sessions', type: :feature do
       page.should have_text('Access denied')
     end
 
+    it 'should see login page when whitelist disabled' do
+      Setting.registrar_ip_whitelist_enabled = false
+      WhiteIp.destroy_all
+      visit registrar_login_path
+      page.should_not have_text('Access denied')
+      Setting.registrar_ip_whitelist_enabled = true
+    end
+
     it 'should see log in' do
       @fixed_registrar.white_ips = [Fabricate(:white_ip_registrar)]
       visit registrar_login_path
@@ -26,6 +34,20 @@ feature 'Sessions', type: :feature do
       page.should have_text('Access denied')
     end
 
+    it 'should get in with invalid when whitelist disabled' do
+      Setting.registrar_ip_whitelist_enabled = false
+      Fabricate(:registrar, white_ips: [Fabricate(:white_ip), Fabricate(:white_ip_registrar)])
+      @api_user_invalid_ip = Fabricate(
+        :api_user, identity_code: '37810013294', registrar: Fabricate(:registrar, white_ips: [])
+      )
+      visit registrar_login_path
+      fill_in 'depp_user_tag', with: @api_user_invalid_ip.username
+      fill_in 'depp_user_password', with: @api_user_invalid_ip.password
+      click_button 'Log in'
+      page.should have_text('Log out')
+      Setting.registrar_ip_whitelist_enabled = true
+    end
+
     it 'should not get in with invalid user' do
       visit registrar_login_path
       fill_in 'depp_user_tag', with: 'bla'