Commit graph

5861 commits

Author SHA1 Message Date
oleghasjanov
ae96863b88 feat: Implement P12 certificate generation improvements
- Replace hardcoded P12 password with randomly generated one
- Add p12_password column to certificates table
- Update certificate serializer to include p12 password in response
- Remove deprecated certificate revocation logic
- Add tests for certificate revocation functionality
- Implement async P12 generation via Sidekiq job
- Add job uniqueness to prevent parallel certificate generation

Migration changes:
- Replace p12_password_digest with p12_password column
- Add safety measures for column removal
2025-04-16 11:47:52 +03:00
oleghasjanov
072f4440e2 fixed tests 2025-04-16 11:47:52 +03:00
oleghasjanov
0ba69ea848 added interface handler 2025-04-16 11:47:52 +03:00
oleghasjanov
4d33898856 added logs 2025-04-16 11:47:52 +03:00
oleghasjanov
fe90d787c2 fix: improve certificate parsing and file extensions
- Fix PKCS12 container parsing by using consistent password
- Add proper file extensions for certificate downloads (.key, .csr, .crt)
- Improve private key parsing by removing unnecessary Base64 decoding
- Add error logging for certificate parsing failures
- Clean up certificate serializer code

The main changes include:
- Using P12_PASSWORD consistently across generation and parsing
- Adding proper file extensions for different certificate types
- Fixing private key parsing to handle PEM format correctly
- Adding detailed error logging for debugging purposes
- Removing redundant code comments and improving code clarity

This commit improves the reliability of certificate handling
and provides better user experience with correct file extensions.
2025-04-16 11:47:52 +03:00
oleghasjanov
0925fa4d4b feat: Implement new certificate generation service
- Refactor certificate generation into a dedicated service object
- Add Base64 encoding for p12 binary data storage
- Implement serial number generation and storage
- Remove deprecated certificate generation code
- Simplify certificate status checks
- Update certificate controller to use new generator
- Add proper password handling for p12 containers

The main changes include:
- Moving certificate generation logic to CertificateGenerator service
- Proper handling of binary data encoding
- Implementing serial number tracking for future CRL support
- Removing old certificate generation and validation code
- Simplifying the certificate lifecycle management

This commit provides a more maintainable and robust certificate
generation system while preparing for future CRL implementation.
2025-04-16 11:47:52 +03:00
oleghasjanov
d0f247c61c added rails logger 2025-04-16 11:47:52 +03:00
oleghasjanov
99b8650ccb added currect user as log 2025-04-16 11:47:52 +03:00
oleghasjanov
45caaded60 fix 2025-04-16 11:47:52 +03:00
oleghasjanov
6d388c52bd more logs 2025-04-16 11:47:52 +03:00
oleghasjanov
03a2d2c68d asd 2025-04-16 11:47:52 +03:00
oleghasjanov
b892242764 more logs 2025-04-16 11:47:52 +03:00
oleghasjanov
8cb976516c added more logs 2025-04-16 11:47:52 +03:00
oleghasjanov
4343c9f207 change to standard algorithm 2025-04-16 11:47:52 +03:00
oleghasjanov
1d853b5da9 add logs 2025-04-16 11:47:52 +03:00
oleghasjanov
d85b93b8f2 fixed password field in p12 container 2025-04-16 11:47:52 +03:00
oleghasjanov
c08c3878e0 fix: improve p12 container generation with proper certificate status
Fix p12 containers being incorrectly generated with revoked status
Add proper serial number generation based on current time
Improve CRL handling in certificate_revoked? method
Fix controller parameter naming from cert_params to p12_params
Add comprehensive tests for certificate status and CRL handling
Include diagnostic methods for troubleshooting CRL issues
This commit resolves the issue where certificates were incorrectly
considered revoked during p12 container generation due to missing
or improperly handled CRL files.
2025-04-16 11:47:52 +03:00
oleghasjanov
3b594cf30d fix tests 2025-04-16 11:47:52 +03:00
oleghasjanov
0fe20bd63b Fixed Certificate#update_crl test to properly verify CRL updater script call
The test for Certificate.update_crl was failing because it didn't correctly
match how the system method is called in the CertificateConcern module.
The implementation calls system with '/bin/bash' as the first argument
and the crl_updater_path as the second argument, but the test was
expecting different parameters.

- Simplified the test_update_crl_should_call_crl_updater_script test to
  directly verify the script path is used without trying to intercept
  the system call
- Added proper environment variable handling for crl_updater_path
- Ensured original method is restored after test execution
2025-04-16 11:47:52 +03:00
oleghasjanov
5355397025 feat: improve certificate download extensions
Update certificate download functionality to use appropriate file extensions:
- Use .p12 extension for PKCS#12 files
- Keep .pem extension for PEM-encoded files (CSR, CRT, private key)

This change ensures that downloaded certificate files have the correct extension based on their format, making it easier for users to identify and use the files correctly.
2025-04-16 11:47:52 +03:00
oleghasjanov
51035d1ddf Add UserCertificate model with tests
- Create UserCertificate model with validations and certificate renewal logic
- Add tests for UserCertificate model functionality
- Add user certificates fixtures for testing
- Add association between ApiUser and UserCertificates
- Add required gems: dry-types, dry-struct, openssl
- Add /certs to .gitignore

This commit implements the base model for storing user certificates in the
database, including private keys, CSRs, certificates and P12 files. The model
includes basic validation and certificate renewal functionality, with
comprehensive test coverage.
2025-04-16 11:47:50 +03:00
Timo Võhmar
1dc3396391
Merge pull request #2774 from internetee/daily-force-delete-and-lift-email-subscribe
feat: Add lifted force delete domains to daily admin notification
2025-04-07 14:27:08 +03:00
oleghasjanov
8234a0fe68 updated styles 2025-04-04 14:14:58 +03:00
oleghasjanov
bfecc3c40e refactor: improve force delete domain status tracking
- Add force_delete_domain_statuses_history_data to store force delete metadata
- Update force delete queries to use new JSON status history
- Refactor force delete tests to use travel_to helper
- Remove direct force_delete_start field usage
- Update status notes to include company identification number
2025-04-01 13:52:43 +03:00
oleghasjanov
c77a4d494d feat: add ability to skip business contact validation
- Add environment variable 'allow_validate_business_contacts' to control business contact validation
- Remove redundant company_is_relevant? method
- Add integration test for skipping company validation
2025-04-01 12:26:53 +03:00
oleghasjanov
917e426d91 feat: Add lifted force delete domains to daily admin notification
- Add tracking of lifted force delete domains with reason and date in json_statuses_history
- Modify ForceDeleteDailyAdminNotifierJob to include both force deleted and lifted domains
- Update admin mailer template to show separate tables for force deleted and lifted domains
- Update tests to reflect new functionality and fix timing issues with yesterday's data

Key changes:
- Store lift reason and date when canceling force delete
- Add new query method for finding lifted force delete domains
- Split email template into two sections
- Fix tests to properly handle the yesterday time window
2025-03-31 16:07:04 +03:00
Timo Võhmar
8d33bd5de0
Merge pull request #2771 from internetee/ipv6-whitelist-support
feat: support IPv6 /64 range in white IP validation
2025-03-28 14:25:33 +02:00
oleghasjanov
bc01dfaa3a feat: support IPv6 /64 range in white IP validation
- Split IP validation logic for IPv4 and IPv6 addresses
- Add specific validation for IPv6 to allow only single addresses (/128) or /64 ranges
- Remove old network address calculation for IPv6
- Keep IPv4 address limit validation unchanged
- Add localization for new IPv6 validation error message
- Add test coverage for IPv6 validation:
  * Test for valid /64 range
  * Test for valid single address
  * Test for invalid ranges (/48 and /96)
2025-03-24 15:16:10 +02:00
oleghasjanov
98f0bb283e fix path to localize issue 2025-03-21 13:45:07 +02:00
oleghasjanov
f79f32fb5d added condition for underage 2025-03-21 12:09:47 +02:00
oleghasjanov
9fa14c0c07 added condition 2025-03-20 16:45:25 +02:00
oleghasjanov
e6cb30b599 added check 2025-03-20 16:39:20 +02:00
oleghasjanov
7799727867 feat: add age validation for admin contacts
- Add AgeValidation module for consistent age checks
- Validate admin contacts must be at least 18 years old
- Move age validation logic from Domain to shared module
- Add tests for admin contact age validation
- Fix JSON format for admin_contacts_allowed_ident_type setting

This change ensures that administrative contacts must be adults (18+),
using the same age validation logic as for registrants. The validation
works with both birthday and Estonian ID formats. Settings are now
properly stored as JSON strings for consistent parsing.
2025-03-20 16:37:38 +02:00
tsoganov
d10f3d3b2c Modified validate dispute case 2025-03-18 16:34:03 +02:00
tsoganov
ad05aa0d36 Updated verify registrant change 2025-03-18 16:12:47 +02:00
tsoganov
c2881acdca Updated verify registrant change 2025-03-18 16:09:24 +02:00
Timo Võhmar
9db844a12c
Merge pull request #2763 from internetee/missing-reason-in-notification
Fix ProcessClientHold notification and added tests
2025-03-07 16:05:37 +02:00
oleghasjanov
95a6403595 Fix ProcessClientHold tests and implementation
This commit addresses several issues with the ProcessClientHold class and its tests:

1. Changed notification text in notify_client_hold method from 'force_delete_set_on_domain'
   to 'hold_client_on_domain' to better reflect the actual action being performed.
   Added corresponding translation key in locales/en.yml.

2. Fixed the test_send_mail_delivers_email test by using stub method instead of
   redefining DomainDeleteMailer.forced, which was causing conflicts with other tests.
   This ensures that tests are isolated and don't affect each other.

3. Updated all tests to use Domain.stub_any_instance(:force_delete_scheduled?, true)
   to properly stub the force_delete_scheduled? method.

4. Improved test assertions to ensure proper behavior of the ProcessClientHold class,
   including notification creation and client hold status setting.

5. Added proper error handling in tests to ensure methods don't raise exceptions.

The changes ensure that the ProcessClientHold class correctly handles client hold
status for domains in the force delete process, properly notifies registrars with
appropriate messages, and sends emails when required.
2025-03-06 15:32:39 +02:00
oleghasjanov
29c6c8ff44 Fix ProcessClientHold tests and implementation
This commit addresses several issues with the ProcessClientHold class and its tests:

1. Fixed the test_send_mail_delivers_email test by properly mocking the
   DomainDeleteMailer.forced method with correct parameter signatures
   and adding template_name to the domain.

2. Updated all tests to use Domain.stub_any_instance(:force_delete_scheduled?, true)
   to properly stub the force_delete_scheduled? method.

3. Improved test assertions to ensure proper behavior of the ProcessClientHold class,
   including notification creation and client hold status setting.

4. Added proper error handling in tests to ensure methods don't raise exceptions
   and restore original method implementations after testing.

The changes ensure that the ProcessClientHold class correctly handles client hold
status for domains in the force delete process, properly notifies registrars,
and sends emails when required.
2025-03-06 15:18:16 +02:00
oleghasjanov
ea8fa01f9b refactor 2025-03-06 11:51:01 +02:00
oleghasjanov
a11c0fca2d fix: handle HTTPClient::KeepAliveDisconnected in OrgRegistrantPhoneCheckerJob
This commit implements a reliable connection error handling solution for the
Company Register API integration. The job previously failed when connection
errors occurred without proper recovery mechanisms.
The implementation:
Adds a lightweight Retryable module with configurable retry logic
Implements smart caching of API responses (1 day expiration)
Handles common network errors like KeepAliveDisconnected and timeouts
Provides a fallback mechanism when all retry attempts fail
Ensures test reliability with cache-skipping in test environment
Testing:
Added specific tests for both recovery and fallback scenarios
Verified cache behavior in production and test environments
Resolves connection errors observed in production logs without adding
unnecessary complexity to the codebase.
2025-03-06 11:38:09 +02:00
oleghasjanov
ebff7a8321 fix: handle missing force_delete_start date
Update `force_delete_start_date` method to handle cases where `domain.force_delete_start` is not present:
- Return formatted current date plus expire warning period if `force_delete_start` is missing
- Ensure consistent date formatting across scenarios

This change prevents errors when `force_delete_start` is nil and provides a fallback date based on the current date and configured warning period.
2025-02-21 10:40:39 +02:00
Timo Võhmar
5b1a5a6d06
Merge pull request #2755 from internetee/upgrade-registrar-invalid-company-notification
Refactor force delete notifications and improve status handling
2025-02-20 10:11:17 +02:00
Timo Võhmar
98bf7fb594
Merge pull request #2751 from internetee/2742-clienthold-status-must-not-me-reset-unless-the-forcedelete-status-is-reset
fix: prevent client_hold status from returning after manual removal
2025-02-19 15:38:17 +02:00
oleghasjanov
be5bba09fb Refactor force delete notifications and improve status handling
- Add force delete type and start date to notifications
- Extract company status notes logic into separate method
- Standardize status message formatting for both soft and fast track deletes
- Update translation templates to include force delete type and start date info
- Add Estonian translation for new notification fields
2025-02-17 12:31:51 +02:00
Timo Võhmar
38dc5466e9
Merge pull request #2723 from internetee/company-validator-during-creation
feat: restore company validation for Estonian organizations
2025-02-12 10:33:28 +02:00
oleghasjanov
6194c5c58a fix: prevent client_hold status from returning after manual removal
- Add flag in force_delete_data to track manual client_hold removal
- Update ProcessClientHold to respect manual status removal
- Add test to verify client_hold doesn't return after admin removes it

When an admin manually removes the client_hold status from a domain,
it should not be automatically re-added by the ProcessClientHold job.
This change tracks manual removals and prevents the status from being
re-added while maintaining the force delete process.
2025-02-10 13:42:19 +02:00
Timo Võhmar
c4bbad934e
Merge pull request #2748 from internetee/admin-contacts-in-settings-and-validation
feat: add admin contact ident type validation
2025-02-06 11:09:44 +02:00
oleghasjanov
2d103bda99 fix: improve admin contact validation messages
- Update error message for missing admin contact to be more concise
- Standardize admin contact validation message for invalid ident type
- Remove redundant error message formatting

The changes make admin contact validation messages more consistent
throughout the application, using "Admin contact" terminology instead
of "Administrative contact" for better clarity and consistency.
2025-02-05 11:53:56 +02:00
oleghasjanov
f61baf32c5 commit
fix: improve company register status messages

- Update error message for missing company in registry
- Clarify status message format for existing companies
- Update dependencies: logger (1.6.5) and net-smtp (0.5.1)

The changes make company status messages more descriptive and clearer
for administrators when a company's registration status triggers domain
deletion. Messages now explicitly state whether a contact was not found
or has a specific status in the business registry.
2025-02-05 11:26:45 +02:00