From 7863322c9d4012f0a0c29303851d586db36d4c0b Mon Sep 17 00:00:00 2001 From: Sergei Tsoganov Date: Fri, 4 Aug 2023 13:43:02 +0300 Subject: [PATCH] Registrar ip restriction on every request --- app/controllers/repp/v1/base_controller.rb | 1 + app/controllers/repp/v1/registrar/auth_controller.rb | 2 +- test/integration/repp/v1/accounts/switch_user_test.rb | 8 ++++---- test/integration/repp/v1/base_test.rb | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/app/controllers/repp/v1/base_controller.rb b/app/controllers/repp/v1/base_controller.rb index f6b3b4f7dd..1faca4e68d 100644 --- a/app/controllers/repp/v1/base_controller.rb +++ b/app/controllers/repp/v1/base_controller.rb @@ -9,6 +9,7 @@ class BaseController < ActionController::API # rubocop:disable Metrics/ClassLeng before_action :set_locale before_action :validate_webclient_ca before_action :validate_api_user_cert + before_action :check_registrar_ip_restriction before_action :check_api_ip_restriction before_action :set_paper_trail_whodunnit diff --git a/app/controllers/repp/v1/registrar/auth_controller.rb b/app/controllers/repp/v1/registrar/auth_controller.rb index 3c831f4a90..676ea670ef 100644 --- a/app/controllers/repp/v1/registrar/auth_controller.rb +++ b/app/controllers/repp/v1/registrar/auth_controller.rb @@ -2,9 +2,9 @@ module Repp module V1 module Registrar class AuthController < BaseController - before_action :check_registrar_ip_restriction, only: :index before_action :validate_webclient_user_cert, only: :index skip_before_action :authenticate_user, only: :tara_callback + skip_before_action :check_registrar_ip_restriction, only: :tara_callback skip_before_action :check_api_ip_restriction, only: :tara_callback skip_before_action :validate_api_user_cert, only: :tara_callback diff --git a/test/integration/repp/v1/accounts/switch_user_test.rb b/test/integration/repp/v1/accounts/switch_user_test.rb index 2299f2bf5c..fa26b442d4 100644 --- a/test/integration/repp/v1/accounts/switch_user_test.rb +++ b/test/integration/repp/v1/accounts/switch_user_test.rb @@ -53,8 +53,8 @@ def test_switches_to_unlinked_api_user end def test_returns_error_response_if_throttled - ENV["shunter_default_threshold"] = '1' - ENV["shunter_enabled"] = 'true' + ENV['shunter_default_threshold'] = '1' + ENV['shunter_enabled'] = 'true' new_user = users(:api_goodnames) new_user.update(identity_code: '1234') @@ -71,7 +71,7 @@ def test_returns_error_response_if_throttled assert_response :bad_request assert_equal json[:code], 2502 assert response.body.include?(Shunter.default_error_message) - ENV["shunter_default_threshold"] = '10000' - ENV["shunter_enabled"] = 'false' + ENV['shunter_default_threshold'] = '10000' + ENV['shunter_enabled'] = 'false' end end diff --git a/test/integration/repp/v1/base_test.rb b/test/integration/repp/v1/base_test.rb index 9d976d30c8..3fdc84c30e 100644 --- a/test/integration/repp/v1/base_test.rb +++ b/test/integration/repp/v1/base_test.rb @@ -67,7 +67,7 @@ def test_takes_ip_whitelist_into_account_if_webclient_request Repp::V1::BaseController.stub_any_instance(:webclient_request?, true) do Repp::V1::BaseController.stub_any_instance(:validate_webclient_ca, true) do - get repp_v1_registrar_auth_index_path, headers: @auth_headers.merge!({ 'Request-IP' => whiteip.ipv4 }) + get repp_v1_contacts_path, headers: @auth_headers.merge!({ 'Request-IP' => whiteip.ipv4 }) end end