Fix p12 containers being incorrectly generated with revoked status
Add proper serial number generation based on current time
Improve CRL handling in certificate_revoked? method
Fix controller parameter naming from cert_params to p12_params
Add comprehensive tests for certificate status and CRL handling
Include diagnostic methods for troubleshooting CRL issues
This commit resolves the issue where certificates were incorrectly
considered revoked during p12 container generation due to missing
or improperly handled CRL files.
The test for Certificate.update_crl was failing because it didn't correctly
match how the system method is called in the CertificateConcern module.
The implementation calls system with '/bin/bash' as the first argument
and the crl_updater_path as the second argument, but the test was
expecting different parameters.
- Simplified the test_update_crl_should_call_crl_updater_script test to
directly verify the script path is used without trying to intercept
the system call
- Added proper environment variable handling for crl_updater_path
- Ensured original method is restored after test execution
Update certificate download functionality to use appropriate file extensions:
- Use .p12 extension for PKCS#12 files
- Keep .pem extension for PEM-encoded files (CSR, CRT, private key)
This change ensures that downloaded certificate files have the correct extension based on their format, making it easier for users to identify and use the files correctly.
- Create UserCertificate model with validations and certificate renewal logic
- Add tests for UserCertificate model functionality
- Add user certificates fixtures for testing
- Add association between ApiUser and UserCertificates
- Add required gems: dry-types, dry-struct, openssl
- Add /certs to .gitignore
This commit implements the base model for storing user certificates in the
database, including private keys, CSRs, certificates and P12 files. The model
includes basic validation and certificate renewal functionality, with
comprehensive test coverage.
- Add force_delete_domain_statuses_history_data to store force delete metadata
- Update force delete queries to use new JSON status history
- Refactor force delete tests to use travel_to helper
- Remove direct force_delete_start field usage
- Update status notes to include company identification number
- Add environment variable 'allow_validate_business_contacts' to control business contact validation
- Remove redundant company_is_relevant? method
- Add integration test for skipping company validation
- Add tracking of lifted force delete domains with reason and date in json_statuses_history
- Modify ForceDeleteDailyAdminNotifierJob to include both force deleted and lifted domains
- Update admin mailer template to show separate tables for force deleted and lifted domains
- Update tests to reflect new functionality and fix timing issues with yesterday's data
Key changes:
- Store lift reason and date when canceling force delete
- Add new query method for finding lifted force delete domains
- Split email template into two sections
- Fix tests to properly handle the yesterday time window
- Split IP validation logic for IPv4 and IPv6 addresses
- Add specific validation for IPv6 to allow only single addresses (/128) or /64 ranges
- Remove old network address calculation for IPv6
- Keep IPv4 address limit validation unchanged
- Add localization for new IPv6 validation error message
- Add test coverage for IPv6 validation:
* Test for valid /64 range
* Test for valid single address
* Test for invalid ranges (/48 and /96)
- Add AgeValidation module for consistent age checks
- Validate admin contacts must be at least 18 years old
- Move age validation logic from Domain to shared module
- Add tests for admin contact age validation
- Fix JSON format for admin_contacts_allowed_ident_type setting
This change ensures that administrative contacts must be adults (18+),
using the same age validation logic as for registrants. The validation
works with both birthday and Estonian ID formats. Settings are now
properly stored as JSON strings for consistent parsing.
This commit updates the email validation pattern in Truemail configuration to better handle various email format edge cases. The changes include:
Refine email regex pattern in config/initializers/truemail.rb to properly validate:
RFC compliant local parts with allowed special characters
Proper domain name formatting
Prevention of consecutive dots in both local part and domain
Leading and trailing dots in local part
Add comprehensive test cases in test/interactions/email_check_test.rb to verify:
Valid email formats like standard addresses, underscore usage, and dot-atom formats
Invalid email formats including consecutive dots, leading/trailing dots, and invalid characters
These changes ensure our email validation is more RFC-compliant while still being strict enough to catch common errors. The test suite now explicitly validates both positive and negative test cases for email format validation.
This commit addresses several issues with the ProcessClientHold class and its tests:
1. Changed notification text in notify_client_hold method from 'force_delete_set_on_domain'
to 'hold_client_on_domain' to better reflect the actual action being performed.
Added corresponding translation key in locales/en.yml.
2. Fixed the test_send_mail_delivers_email test by using stub method instead of
redefining DomainDeleteMailer.forced, which was causing conflicts with other tests.
This ensures that tests are isolated and don't affect each other.
3. Updated all tests to use Domain.stub_any_instance(:force_delete_scheduled?, true)
to properly stub the force_delete_scheduled? method.
4. Improved test assertions to ensure proper behavior of the ProcessClientHold class,
including notification creation and client hold status setting.
5. Added proper error handling in tests to ensure methods don't raise exceptions.
The changes ensure that the ProcessClientHold class correctly handles client hold
status for domains in the force delete process, properly notifies registrars with
appropriate messages, and sends emails when required.
This commit addresses several issues with the ProcessClientHold class and its tests:
1. Fixed the test_send_mail_delivers_email test by properly mocking the
DomainDeleteMailer.forced method with correct parameter signatures
and adding template_name to the domain.
2. Updated all tests to use Domain.stub_any_instance(:force_delete_scheduled?, true)
to properly stub the force_delete_scheduled? method.
3. Improved test assertions to ensure proper behavior of the ProcessClientHold class,
including notification creation and client hold status setting.
4. Added proper error handling in tests to ensure methods don't raise exceptions
and restore original method implementations after testing.
The changes ensure that the ProcessClientHold class correctly handles client hold
status for domains in the force delete process, properly notifies registrars,
and sends emails when required.
This commit implements a reliable connection error handling solution for the
Company Register API integration. The job previously failed when connection
errors occurred without proper recovery mechanisms.
The implementation:
Adds a lightweight Retryable module with configurable retry logic
Implements smart caching of API responses (1 day expiration)
Handles common network errors like KeepAliveDisconnected and timeouts
Provides a fallback mechanism when all retry attempts fail
Ensures test reliability with cache-skipping in test environment
Testing:
Added specific tests for both recovery and fallback scenarios
Verified cache behavior in production and test environments
Resolves connection errors observed in production logs without adding
unnecessary complexity to the codebase.
- Add flag in force_delete_data to track manual client_hold removal
- Update ProcessClientHold to respect manual status removal
- Add test to verify client_hold doesn't return after admin removes it
When an admin manually removes the client_hold status from a domain,
it should not be automatically re-added by the ProcessClientHold job.
This change tracks manual removals and prevents the status from being
re-added while maintaining the force delete process.
- Change error code from 2004 to 2306 for admin contact validation
- Add explicit validation check for required admin contacts
- Update tests to expect new error code
The error code 2306 better reflects the EPP standard for policy-based
validation failures. This change makes the error handling more consistent
with EPP specifications when validating admin contact requirements.
- Move company status handling logic into a separate method `handle_company_statuses`
- Improve code readability by splitting proceed_company_status method
- Keep status update logic after handling company statuses
- Add notes parameter to force delete interactions to provide more context
- Include company registry status in force delete notifications
- Add status mapping constants for better readability
- Move status note assignment before save in force delete process
Technical details:
- Add notes field to Domains::ForceDelete::Base interaction
- Update force delete notifications to include status notes
- Add REGISTRY_STATUSES mapping in CompanyRegisterStatusJob
- Update tests to verify new notification format
- Re-enable company validation logic for Estonian organization contacts
- Update company_register gem to use master branch
- Restore and update company validation tests
- Add additional check for Estonian country code in validation
This change ensures that only registered or liquidated Estonian companies
can be used when creating organizational contacts.
- Add new setting for allowed admin contact ident types
- Add validation for admin contact ident types on domain create/update
- Add UI controls for managing allowed ident types
- Add tests for new validation rules
- Update domain model to respect new settings
The changes allow configuring which identification types (private person,
organization, birthday) are allowed for administrative contacts. This is
enforced when creating new domains or adding new admin contacts.
feat: make technical contacts optional for all domains
- Remove automatic tech contact assignment from admin contacts
- Set minimum tech contacts to 0 for all registrant types
- Update tests to reflect optional tech contacts
- Keep max tech contacts limit from settings
This change implements the requirement to make technical contacts optional
for all domain types while maintaining the maximum limit from settings.
Previously tech contacts were required for organizations and automatically
copied from admin contacts.
