From 0f6df9e3f8d8d5c328582dfd05e59fb3012ad20d Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 20:00:40 +0300 Subject: [PATCH 01/59] Regenerate Devise translation --- config/locales/devise.en.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/config/locales/devise.en.yml b/config/locales/devise.en.yml index 9524e860ce..3a853fe31e 100644 --- a/config/locales/devise.en.yml +++ b/config/locales/devise.en.yml @@ -9,12 +9,12 @@ en: failure: already_authenticated: "You are already signed in." inactive: "Your account is not activated yet." - invalid: "Invalid email or password." + invalid: "Invalid %{authentication_keys} or password." locked: "Your account is locked." last_attempt: "You have one more attempt before your account is locked." - not_found_in_database: "Invalid email address or password." + not_found_in_database: "Invalid %{authentication_keys} or password." timeout: "Your session expired. Please sign in again to continue." - unauthenticated: "You need to sign in." + unauthenticated: "You need to sign in before continuing." unconfirmed: "You have to confirm your email address before continuing." mailer: confirmation_instructions: @@ -23,6 +23,10 @@ en: subject: "Reset password instructions" unlock_instructions: subject: "Unlock instructions" + email_changed: + subject: "Email Changed" + password_change: + subject: "Password Changed" omniauth_callbacks: failure: "Could not authenticate you from %{kind} because \"%{reason}\"." success: "Successfully authenticated from %{kind} account." From ebe831e78247bde3eb50347969b46622ee24db21 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 20:23:54 +0300 Subject: [PATCH 02/59] Regenerate and tune Devise config --- config/initializers/devise.rb | 82 +++++++++++++++++++++-------------- 1 file changed, 49 insertions(+), 33 deletions(-) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index eceb6d5f22..c2f89e691c 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -1,26 +1,31 @@ -require 'devise_custom_failure' +# frozen_string_literal: true # Use this hook to configure devise mailer, warden hooks and so forth. # Many of these configuration options can be set straight in your model. Devise.setup do |config| - config.warden do |manager| - manager.failure_app = DeviseCustomFailure - end - # The secret key used by Devise. Devise uses this key to generate # random tokens. Changing this key will render invalid all existing # confirmation, reset password and unlock tokens in the database. + # Devise will use the `secret_key_base` as its `secret_key` + # by default. You can change it below and use your own secret key. config.secret_key = ENV['devise_secret'] + # ==> Controller configuration + # Configure the parent class to the devise controllers. + # config.parent_controller = 'DeviseController' + # ==> Mailer Configuration # Configure the e-mail address which will be shown in Devise::Mailer, # note that it will be overwritten if you use your own mailer class # with default "from" parameter. - config.mailer_sender = 'noreply@example.com' + config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com' # Configure the class responsible to send e-mails. # config.mailer = 'Devise::Mailer' + # Configure the parent class responsible to send e-mails. + # config.parent_mailer = 'ActionMailer::Base' + # ==> ORM configuration # Load and configure the ORM. Supports :active_record (default) and # :mongoid (bson_ext recommended) by default. Other ORMs may be @@ -35,7 +40,7 @@ # session. If you need permissions, you should implement that in a before filter. # You can also supply a hash where the value is a boolean determining whether # or not authentication should be aborted when the value is not present. - # config.authentication_keys = [ :email ] + # config.authentication_keys = [:email] # Configure parameters from the request object used for authentication. Each entry # given should be a request method and it will automatically be passed to the @@ -67,7 +72,7 @@ # :database = Support basic authentication with authentication key + password # config.http_authenticatable = false - # If http headers should be returned for AJAX requests. True by default. + # If 401 status code should be returned for AJAX requests. True by default. # config.http_authenticatable_on_xhr = true # The realm used in Http Basic Authentication. 'Application' by default. @@ -91,20 +96,31 @@ # from the server. You can disable this option at your own risk. # config.clean_up_csrf_token_on_authentication = true + # When false, Devise will not attempt to reload routes on eager load. + # This can reduce the time taken to boot the app but if your application + # requires the Devise mappings to be loaded during boot time the application + # won't boot properly. + # config.reload_routes = true + # ==> Configuration for :database_authenticatable - # For bcrypt, this is the cost for hashing the password and defaults to 10. If - # using other encryptors, it sets how many times you want the password re-encrypted. + # For bcrypt, this is the cost for hashing the password and defaults to 11. If + # using other algorithms, it sets how many times you want the password to be hashed. # # Limiting the stretches to just one in testing will increase the performance of # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use # a value less than 10 in other environments. Note that, for bcrypt (the default - # encryptor), the cost increases exponentially with the number of stretches (e.g. + # algorithm), the cost increases exponentially with the number of stretches (e.g. # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation). - config.stretches = Rails.env.test? ? 1 : 10 + config.stretches = Rails.env.test? ? 1 : 11 + + # Set up a pepper to generate the hashed password. + # config.pepper = '1fc02c7f3a9d5d0dc6c3e49828eb45d29e5fdb3136f78ee0063a2cdf774b7ed53ea40176d5823703554b7f015dd23c0e491fb488bb705a0768db32d02b1d088d' - # Setup a pepper to generate the encrypted password. - # config.pepper = '4d1b39f778c3ea5b415476ce410f337a27895181a8ccd586c60e50e0f7284' \ - # '3d5d6ded80558ed7a4637de6b3a1504379270af6eee995fd9a329e4f4c5daa33882' + # Send a notification to the original email when the user's email is changed. + # config.send_email_changed_notification = false + + # Send a notification email when the user's password is changed. + # config.send_password_change_notification = false # ==> Configuration for :confirmable # A period that the user is allowed to access the website even without @@ -129,11 +145,11 @@ config.reconfirmable = true # Defines which key will be used when confirming an account - # config.confirmation_keys = [ :email ] + # config.confirmation_keys = [:email] # ==> Configuration for :rememberable # The time the user will be remembered without asking for credentials again. - config.remember_for = 2.weeks + # config.remember_for = 2.weeks # Invalidates all the remember me tokens when the user signs out. config.expire_all_remember_me_on_sign_out = true @@ -152,15 +168,12 @@ # Email regex used to validate email formats. It simply asserts that # one (and only one) @ exists in the given string. This is mainly # to give user feedback and not to assert the e-mail validity. - # config.email_regexp = /\A[^@]+@[^@]+\z/ + config.email_regexp = /\A[^@\s]+@[^@\s]+\z/ # ==> Configuration for :timeoutable # The time you want to timeout the user session without activity. After this # time the user will be asked for credentials again. Default is 30 minutes. - config.timeout_in = ENV['user_session_timeout'].to_i.seconds if ENV['user_session_timeout'] - - # If true, expires auth token on session timeout. - # config.expire_auth_token_on_timeout = false + # config.timeout_in = 30.minutes # ==> Configuration for :lockable # Defines which strategy will be used to lock an account. @@ -169,7 +182,7 @@ # config.lock_strategy = :failed_attempts # Defines which key will be used when locking and unlocking an account - # config.unlock_keys = [ :email ] + # config.unlock_keys = [:email] # Defines which strategy will be used to unlock an account. # :email = Sends an unlock link to the user email @@ -186,24 +199,28 @@ # config.unlock_in = 1.hour # Warn on the last attempt before the account is locked. - # config.last_attempt_warning = false + # config.last_attempt_warning = true # ==> Configuration for :recoverable # # Defines which key will be used when recovering the password for an account - # config.reset_password_keys = [ :email ] + # config.reset_password_keys = [:email] # Time interval you can reset your password with a reset password key. # Don't put a too small interval or your users won't have the time to # change their passwords. config.reset_password_within = 6.hours + # When set to false, does not sign a user in automatically after their password is + # reset. Defaults to true, so a user is signed in automatically after a reset. + # config.sign_in_after_reset_password = true + # ==> Configuration for :encryptable - # Allow you to use another encryption algorithm besides bcrypt (default). You can use - # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1, - # :authlogic_sha512 (then you should set stretches above to 20 for default behavior) - # and :restful_authentication_sha1 (then you should set stretches to 10, and copy - # REST_AUTH_SITE_KEY to pepper). + # Allow you to use another hashing or encryption algorithm besides bcrypt (default). + # You can use :sha1, :sha512 or algorithms from others authentication tools as + # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20 + # for default behavior) and :restful_authentication_sha1 (then you should set + # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper). # # Require the `devise-encryptable` gem when using anything other than bcrypt # config.encryptor = :sha512 @@ -220,7 +237,7 @@ # Set this configuration to false if you want /users/sign_out to sign out # only the current scope. By default, Devise signs out all scopes. - # config.sign_out_all_scopes = true + config.sign_out_all_scopes = false # ==> Navigation configuration # Lists the formats that should be treated as navigational. Formats like @@ -260,8 +277,7 @@ # The router that invoked `devise_for`, in the example above, would be: # config.router_name = :my_engine # - # When using omniauth, Devise cannot automatically set Omniauth path, + # When using OmniAuth, Devise cannot automatically set OmniAuth path, # so you need to do it manually. For the users scope, it would be: # config.omniauth_path_prefix = '/my_engine/users/auth' end - From bb39d0340e6eeaf441c34aa4d76cedf484ccda72 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 20:24:52 +0300 Subject: [PATCH 03/59] Remove routing specs --- app/models/user.rb | 2 +- spec/routing/registrar/domains_routing_spec.rb | 9 --------- spec/routing/registrar/sessions_routing_spec.rb | 9 --------- 3 files changed, 1 insertion(+), 19 deletions(-) delete mode 100644 spec/routing/registrar/domains_routing_spec.rb delete mode 100644 spec/routing/registrar/sessions_routing_spec.rb diff --git a/app/models/user.rb b/app/models/user.rb index b69e0250c7..150311e907 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,6 +1,6 @@ class User < ActiveRecord::Base include Versions # version/user_version.rb - devise :trackable, :timeoutable + devise :database_authenticatable, :trackable, :timeoutable attr_accessor :phone diff --git a/spec/routing/registrar/domains_routing_spec.rb b/spec/routing/registrar/domains_routing_spec.rb deleted file mode 100644 index e30d1dd24d..0000000000 --- a/spec/routing/registrar/domains_routing_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'rails_helper' - -RSpec.describe Registrar::DomainsController do - describe 'routing' do - it 'routes to #index' do - expect(get: '/registrar/domains').to route_to('registrar/domains#index') - end - end -end diff --git a/spec/routing/registrar/sessions_routing_spec.rb b/spec/routing/registrar/sessions_routing_spec.rb deleted file mode 100644 index 24e075e58c..0000000000 --- a/spec/routing/registrar/sessions_routing_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'rails_helper' - -RSpec.describe Registrar::SessionsController do - describe 'routing' do - it 'routes to #login' do - expect(get: '/registrar/login').to route_to('registrar/sessions#login') - end - end -end From c538579d5b2a451f5b522b06b7ba6fb1f9eafd33 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 20:36:06 +0300 Subject: [PATCH 04/59] Remove `rememberable` and `lockable` modules from `AdminUser` --- app/models/admin_user.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/admin_user.rb b/app/models/admin_user.rb index d76c42dec5..c2c2132262 100644 --- a/app/models/admin_user.rb +++ b/app/models/admin_user.rb @@ -9,7 +9,7 @@ class AdminUser < User ROLES = %w(user customer_service admin) # should not match to api_users roles - devise :database_authenticatable, :rememberable, :trackable, :validatable, :lockable + devise :database_authenticatable, :trackable, :validatable def self.min_password_length Devise.password_length.min From 756836001c9179c00575a9dbdd5e0fc3f2e4db35 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 20:39:52 +0300 Subject: [PATCH 05/59] Remove unused routes --- config/routes.rb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/config/routes.rb b/config/routes.rb index ecb0544090..6fe587caa7 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -20,7 +20,6 @@ # REGISTRAR ROUTES namespace :registrar do - resource :dashboard root 'dashboard#show' resources :invoices do @@ -247,9 +246,6 @@ end resources :delayed_jobs - - resource :dashboard - resources :epp_logs resources :repp_logs From 28416a3375580d604a278f2c400b49b7247eddae Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 20:43:23 +0300 Subject: [PATCH 06/59] Use singular controller --- app/controllers/admin/dashboard_controller.rb | 8 ++++++++ app/controllers/admin/dashboards_controller.rb | 9 --------- .../{dashboards/show.haml => dashboard/show.html.erb} | 0 config/routes.rb | 4 ++-- 4 files changed, 10 insertions(+), 11 deletions(-) create mode 100644 app/controllers/admin/dashboard_controller.rb delete mode 100644 app/controllers/admin/dashboards_controller.rb rename app/views/admin/{dashboards/show.haml => dashboard/show.html.erb} (100%) diff --git a/app/controllers/admin/dashboard_controller.rb b/app/controllers/admin/dashboard_controller.rb new file mode 100644 index 0000000000..35efab5993 --- /dev/null +++ b/app/controllers/admin/dashboard_controller.rb @@ -0,0 +1,8 @@ +module Admin + class DashboardController < BaseController + authorize_resource class: false + + def show + end + end +end \ No newline at end of file diff --git a/app/controllers/admin/dashboards_controller.rb b/app/controllers/admin/dashboards_controller.rb deleted file mode 100644 index 52d82ea0af..0000000000 --- a/app/controllers/admin/dashboards_controller.rb +++ /dev/null @@ -1,9 +0,0 @@ -module Admin - class DashboardsController < BaseController - authorize_resource class: false - - def show - redirect_to [:admin, :domains] if can? :show, Domain - end - end -end diff --git a/app/views/admin/dashboards/show.haml b/app/views/admin/dashboard/show.html.erb similarity index 100% rename from app/views/admin/dashboards/show.haml rename to app/views/admin/dashboard/show.html.erb diff --git a/config/routes.rb b/config/routes.rb index 6fe587caa7..7e0e998151 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -149,6 +149,8 @@ # ADMIN ROUTES namespace :admin do + root 'dashboard#show' + resources :keyrelays resources :zonefiles resources :zones, controller: 'dns/zones', except: %i[show destroy] @@ -258,8 +260,6 @@ authenticate :user do mount Que::Web, at: 'que' end - - root 'dashboards#show' end devise_for :users From 724d421f4410297cedad8d2c2d2c1f94ef9e46b9 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 20:50:02 +0300 Subject: [PATCH 07/59] Remove Devise FailureApp --- lib/devise_custom_failure.rb | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 lib/devise_custom_failure.rb diff --git a/lib/devise_custom_failure.rb b/lib/devise_custom_failure.rb deleted file mode 100644 index a8a9471734..0000000000 --- a/lib/devise_custom_failure.rb +++ /dev/null @@ -1,18 +0,0 @@ -class DeviseCustomFailure < Devise::FailureApp - def redirect_url - return registrant_login_url if request.original_fullpath.to_s.match(%r{^\/registrant}) - return registrar_login_url if request.original_fullpath.to_s.match(%r{^\/registrar}) - return '/admin' if request.original_fullpath.to_s.match(%r{^\/admin\/que}) - return admin_login_url if request.original_fullpath.to_s.match(%r{^\/admin}) - root_url - end - - # You need to override respond to eliminate recall - def respond - if http_auth? - http_auth - else - redirect - end - end -end From febbe1282d94f39530f7cc2f66e6b9fdc9770774 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 21:02:56 +0300 Subject: [PATCH 08/59] Fix links --- app/views/layouts/admin/base.haml | 2 +- app/views/layouts/devise.haml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/views/layouts/admin/base.haml b/app/views/layouts/admin/base.haml index 717c5015ca..8ec55c4249 100644 --- a/app/views/layouts/admin/base.haml +++ b/app/views/layouts/admin/base.haml @@ -19,7 +19,7 @@ %span.icon-bar %span.icon-bar %span.icon-bar - = link_to admin_dashboard_path, class: 'navbar-brand' do + = link_to admin_root_path, class: 'navbar-brand' do = ENV['app_name'] - if unstable_env.present? .text-center diff --git a/app/views/layouts/devise.haml b/app/views/layouts/devise.haml index 81248b86d6..aaa1c8e31e 100644 --- a/app/views/layouts/devise.haml +++ b/app/views/layouts/devise.haml @@ -18,7 +18,7 @@ %span.icon-bar %span.icon-bar %span.icon-bar - = link_to admin_dashboard_path, class: 'navbar-brand' do + = link_to admin_login_path, class: 'navbar-brand' do = ENV['app_name'] - if unstable_env.present? .text-center From 450a95f628676d7ca07c775f28d6c71fd36558ab Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 21:08:44 +0300 Subject: [PATCH 09/59] Revert "Remove routing specs" This reverts commit bb39d0340e6eeaf441c34aa4d76cedf484ccda72. --- app/models/user.rb | 2 +- spec/routing/registrar/domains_routing_spec.rb | 9 +++++++++ spec/routing/registrar/sessions_routing_spec.rb | 9 +++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 spec/routing/registrar/domains_routing_spec.rb create mode 100644 spec/routing/registrar/sessions_routing_spec.rb diff --git a/app/models/user.rb b/app/models/user.rb index 150311e907..b69e0250c7 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,6 +1,6 @@ class User < ActiveRecord::Base include Versions # version/user_version.rb - devise :database_authenticatable, :trackable, :timeoutable + devise :trackable, :timeoutable attr_accessor :phone diff --git a/spec/routing/registrar/domains_routing_spec.rb b/spec/routing/registrar/domains_routing_spec.rb new file mode 100644 index 0000000000..e30d1dd24d --- /dev/null +++ b/spec/routing/registrar/domains_routing_spec.rb @@ -0,0 +1,9 @@ +require 'rails_helper' + +RSpec.describe Registrar::DomainsController do + describe 'routing' do + it 'routes to #index' do + expect(get: '/registrar/domains').to route_to('registrar/domains#index') + end + end +end diff --git a/spec/routing/registrar/sessions_routing_spec.rb b/spec/routing/registrar/sessions_routing_spec.rb new file mode 100644 index 0000000000..24e075e58c --- /dev/null +++ b/spec/routing/registrar/sessions_routing_spec.rb @@ -0,0 +1,9 @@ +require 'rails_helper' + +RSpec.describe Registrar::SessionsController do + describe 'routing' do + it 'routes to #login' do + expect(get: '/registrar/login').to route_to('registrar/sessions#login') + end + end +end From 02137b620ed2bff753162fb9c64cf85a4956f0f9 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 21:10:53 +0300 Subject: [PATCH 10/59] Remove routing specs --- spec/routing/registrar/domains_routing_spec.rb | 9 --------- spec/routing/registrar/sessions_routing_spec.rb | 9 --------- 2 files changed, 18 deletions(-) delete mode 100644 spec/routing/registrar/domains_routing_spec.rb delete mode 100644 spec/routing/registrar/sessions_routing_spec.rb diff --git a/spec/routing/registrar/domains_routing_spec.rb b/spec/routing/registrar/domains_routing_spec.rb deleted file mode 100644 index e30d1dd24d..0000000000 --- a/spec/routing/registrar/domains_routing_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'rails_helper' - -RSpec.describe Registrar::DomainsController do - describe 'routing' do - it 'routes to #index' do - expect(get: '/registrar/domains').to route_to('registrar/domains#index') - end - end -end diff --git a/spec/routing/registrar/sessions_routing_spec.rb b/spec/routing/registrar/sessions_routing_spec.rb deleted file mode 100644 index 24e075e58c..0000000000 --- a/spec/routing/registrar/sessions_routing_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'rails_helper' - -RSpec.describe Registrar::SessionsController do - describe 'routing' do - it 'routes to #login' do - expect(get: '/registrar/login').to route_to('registrar/sessions#login') - end - end -end From c31f507c254195094997fb6727195839afe6ca60 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Tue, 19 Jun 2018 22:20:52 +0300 Subject: [PATCH 11/59] Specify Devise modules for each type of user --- app/models/admin_user.rb | 2 +- app/models/api_user.rb | 1 + app/models/registrant_user.rb | 2 ++ app/models/user.rb | 1 - 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/models/admin_user.rb b/app/models/admin_user.rb index c2c2132262..b53d6531a9 100644 --- a/app/models/admin_user.rb +++ b/app/models/admin_user.rb @@ -9,7 +9,7 @@ class AdminUser < User ROLES = %w(user customer_service admin) # should not match to api_users roles - devise :database_authenticatable, :trackable, :validatable + devise :database_authenticatable, :trackable, :validatable, :timeoutable def self.min_password_length Devise.password_length.min diff --git a/app/models/api_user.rb b/app/models/api_user.rb index ce32c4045b..3782920763 100644 --- a/app/models/api_user.rb +++ b/app/models/api_user.rb @@ -2,6 +2,7 @@ class ApiUser < User include EppErrors + devise :database_authenticatable, :trackable, :timeoutable def epp_code_map { diff --git a/app/models/registrant_user.rb b/app/models/registrant_user.rb index 12cae0d82a..1e1eb452f8 100644 --- a/app/models/registrant_user.rb +++ b/app/models/registrant_user.rb @@ -2,6 +2,8 @@ class RegistrantUser < User ACCEPTED_ISSUER = 'AS Sertifitseerimiskeskus' attr_accessor :idc_data + devise :database_authenticatable, :trackable, :timeoutable + def ability @ability ||= Ability.new(self) end diff --git a/app/models/user.rb b/app/models/user.rb index b69e0250c7..8968e27369 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,6 +1,5 @@ class User < ActiveRecord::Base include Versions # version/user_version.rb - devise :trackable, :timeoutable attr_accessor :phone From 9684c8e59f58d2b7285b65122c3250fe7b97ac26 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 20 Jun 2018 12:21:22 +0300 Subject: [PATCH 12/59] Refactor Devise integration - Use scoped users - Use the named route helpers instead of hardcoded paths --- app/controllers/admin/base_controller.rb | 14 ++++- .../admin/pending_deletes_controller.rb | 4 +- .../admin/pending_updates_controller.rb | 4 +- app/controllers/admin/sessions_controller.rb | 23 +++++--- app/controllers/application_controller.rb | 56 ++---------------- .../registrant/contacts_controller.rb | 3 +- .../domain_delete_confirms_controller.rb | 2 +- .../domain_update_confirms_controller.rb | 2 +- .../registrant/domains_controller.rb | 4 +- .../registrant/sessions_controller.rb | 21 +++++-- app/controllers/registrant_controller.rb | 15 ++++- .../account_activities_controller.rb | 2 +- app/controllers/registrar/base_controller.rb | 14 +++-- .../registrar/bulk_change_controller.rb | 2 +- .../registrar/contacts_controller.rb | 6 +- .../registrar/current_user_controller.rb | 4 +- .../registrar/deposits_controller.rb | 2 +- app/controllers/registrar/depp_controller.rb | 10 ++-- .../registrar/domain_transfers_controller.rb | 2 +- .../registrar/domains_controller.rb | 8 +-- .../registrar/invoices_controller.rb | 2 +- .../registrar/nameservers_controller.rb | 2 +- .../registrar/profile_controller.rb | 4 +- .../registrar/sessions_controller.rb | 32 +++++----- .../registrar/tech_contacts_controller.rb | 2 +- app/views/admin/base/_menu.haml | 2 +- .../admin/sessions/{login.haml => new.haml} | 2 +- app/views/layouts/devise.haml | 2 +- .../layouts/registrant/application.html.erb | 6 +- .../sessions/{login.haml => new.haml} | 0 .../registrar/base/_current_user.html.erb | 4 +- app/views/registrar/invoices/index.haml | 4 +- .../sessions/{login.haml => new.haml} | 2 +- config/locales/registrar/sessions.en.yml | 2 +- config/routes.rb | 59 ++++++++----------- doc/controllers_complete.svg | 8 --- spec/features/registrar/home_link_spec.rb | 2 +- .../registrar/sign_in/mobile_id_spec.rb | 2 +- .../registrar/sign_in/password_spec.rb | 39 ------------ spec/features/registrar/sign_out_spec.rb | 14 ----- .../requests/registrar/ip_restriction_spec.rb | 12 ++-- spec/requests/registrar/linked_users_spec.rb | 9 ++- .../registrar/sign_in/password_spec.rb | 16 ----- spec/requests/registrar/sign_out_spec.rb | 18 ------ spec/support/features/session_helpers.rb | 4 +- spec/support/requests/session_helpers.rb | 6 +- test/integration/admin/login_test.rb | 27 +++++++++ test/integration/admin/logout_test.rb | 15 +++++ test/integration/admin/protected_area_test.rb | 22 +++++++ test/integration/registrar/login_test.rb | 39 ++++++++++++ test/integration/registrar/logout_test.rb | 15 +++++ .../registrar/protected_area_test.rb | 22 +++++++ 52 files changed, 313 insertions(+), 280 deletions(-) rename app/views/admin/sessions/{login.haml => new.haml} (84%) rename app/views/registrant/sessions/{login.haml => new.haml} (100%) rename app/views/registrar/sessions/{login.haml => new.haml} (88%) delete mode 100644 spec/features/registrar/sign_in/password_spec.rb delete mode 100644 spec/features/registrar/sign_out_spec.rb delete mode 100644 spec/requests/registrar/sign_in/password_spec.rb delete mode 100644 spec/requests/registrar/sign_out_spec.rb create mode 100644 test/integration/admin/login_test.rb create mode 100644 test/integration/admin/logout_test.rb create mode 100644 test/integration/admin/protected_area_test.rb create mode 100644 test/integration/registrar/login_test.rb create mode 100644 test/integration/registrar/logout_test.rb create mode 100644 test/integration/registrar/protected_area_test.rb diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb index 7de43f7fc2..52ff6aa7ce 100644 --- a/app/controllers/admin/base_controller.rb +++ b/app/controllers/admin/base_controller.rb @@ -1,10 +1,20 @@ module Admin class BaseController < ApplicationController - before_action :authenticate_user! + before_action :authenticate_admin_user! helper_method :head_title_sufix def head_title_sufix t(:admin_head_title_sufix) end + + private + + def current_ability + @current_ability ||= Ability.new(current_admin_user) + end + + def user_for_paper_trail + current_admin_user.present? ? current_admin_user.id_role_username : 'public' + end end -end +end \ No newline at end of file diff --git a/app/controllers/admin/pending_deletes_controller.rb b/app/controllers/admin/pending_deletes_controller.rb index 86529da840..9cc8702c5a 100644 --- a/app/controllers/admin/pending_deletes_controller.rb +++ b/app/controllers/admin/pending_deletes_controller.rb @@ -6,7 +6,7 @@ class PendingDeletesController < BaseController def update authorize! :update, :pending - if registrant_verification.domain_registrant_delete_confirm!("admin #{current_user.username}") + if registrant_verification.domain_registrant_delete_confirm!("admin #{current_admin_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied) else redirect_to admin_domain_path(@domain.id), alert: t(:failure) @@ -16,7 +16,7 @@ def update def destroy authorize! :destroy, :pending - if registrant_verification.domain_registrant_delete_reject!("admin #{current_user.username}") + if registrant_verification.domain_registrant_delete_reject!("admin #{current_admin_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed) else redirect_to admin_domain_path(@domain.id), alert: t(:failure) diff --git a/app/controllers/admin/pending_updates_controller.rb b/app/controllers/admin/pending_updates_controller.rb index e402227e0c..4a2e5ec7c2 100644 --- a/app/controllers/admin/pending_updates_controller.rb +++ b/app/controllers/admin/pending_updates_controller.rb @@ -6,7 +6,7 @@ class PendingUpdatesController < BaseController def update authorize! :update, :pending - if registrant_verification.domain_registrant_change_confirm!("admin #{current_user.username}") + if registrant_verification.domain_registrant_change_confirm!("admin #{current_admin_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_applied) else redirect_to edit_admin_domain_path(@domain.id), alert: t(:failure) @@ -15,7 +15,7 @@ def update def destroy authorize! :destroy, :pending - if registrant_verification.domain_registrant_change_reject!("admin #{current_user.username}") + if registrant_verification.domain_registrant_change_reject!("admin #{current_admin_user.username}") redirect_to admin_domain_path(@domain.id), notice: t(:pending_removed) else redirect_to admin_domain_path(@domain.id), alert: t(:failure) diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index 1bdcd30dcc..1e9be9eb7d 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -1,8 +1,6 @@ module Admin class SessionsController < Devise::SessionsController - skip_authorization_check only: :create - - def login + def new @admin_user = AdminUser.new end @@ -10,19 +8,28 @@ def create if params[:admin_user].blank? @admin_user = AdminUser.new flash[:alert] = 'Something went wrong' - return render 'login' + return render :new end @admin_user = AdminUser.find_by(username: params[:admin_user][:username]) @admin_user ||= AdminUser.new(username: params[:admin_user][:username]) if @admin_user.valid_password?(params[:admin_user][:password]) - sign_in @admin_user, event: :authentication - redirect_to admin_root_url, notice: I18n.t(:welcome) + sign_in_and_redirect(:admin_user, @admin_user, event: :authentication) else flash[:alert] = 'Authorization error' - render 'login' + render :new end end + + private + + def after_sign_in_path_for(resource_or_scope) + admin_root_path + end + + def after_sign_out_path_for(resource_or_scope) + new_admin_user_session_path + end end -end +end \ No newline at end of file diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 87dabad018..518b752b7e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -12,63 +12,15 @@ class ApplicationController < ActionController::Base end rescue_from CanCan::AccessDenied do |exception| - redirect_to current_root_url, alert: exception.message + redirect_to root_url, alert: exception.message end - helper_method :registrant_request?, :registrar_request?, :admin_request?, :current_root_url helper_method :available_languages - def registrant_request? - request.path.match(/^\/registrant/) - end - - def registrar_request? - request.path.match(/^\/registrar/) - end - - def admin_request? - request.path.match(/^\/admin/) - end - - def current_root_url - if registrar_request? - registrar_root_url - elsif registrant_request? - registrant_login_url - elsif admin_request? - admin_root_url - end - end - - def after_sign_in_path_for(_resource) - rt = session[:user_return_to].to_s.presence - login_paths = [admin_login_path, registrar_login_path, '/login'] - return rt if rt && !login_paths.include?(rt) - current_root_url - end - - def after_sign_out_path_for(_resource) - if registrar_request? - registrar_login_url - elsif registrant_request? - registrant_login_url - elsif admin_request? - admin_login_url - end - end - def info_for_paper_trail { uuid: request.uuid } end - def user_for_paper_trail - user_log_str(current_user) - end - - def user_log_str(user) - user.nil? ? 'public' : user.id_role_username - end - def comma_support_for(parent_key, key) return if params[parent_key].blank? return if params[parent_key][key].blank? @@ -80,4 +32,8 @@ def comma_support_for(parent_key, key) def available_languages { en: 'English', et: 'Estonian' }.invert end -end + + def user_for_paper_trail + current_user.present? ? current_user.id_role_username : 'public' + end +end \ No newline at end of file diff --git a/app/controllers/registrant/contacts_controller.rb b/app/controllers/registrant/contacts_controller.rb index db6c279ebd..948bc1a949 100644 --- a/app/controllers/registrant/contacts_controller.rb +++ b/app/controllers/registrant/contacts_controller.rb @@ -2,7 +2,6 @@ class Registrant::ContactsController < RegistrantController helper_method :domain_ids def show @contact = Contact.where(id: contacts).find_by(id: params[:id]) - @current_user = current_user authorize! :read, @contact end @@ -19,7 +18,7 @@ def contacts def domain_ids @domain_ids ||= begin - ident_cc, ident = @current_user.registrant_ident.to_s.split '-' + ident_cc, ident = current_registrant_user.registrant_ident.to_s.split '-' BusinessRegistryCache.fetch_by_ident_and_cc(ident, ident_cc).associated_domain_ids end end diff --git a/app/controllers/registrant/domain_delete_confirms_controller.rb b/app/controllers/registrant/domain_delete_confirms_controller.rb index af8516462f..a57c6178a8 100644 --- a/app/controllers/registrant/domain_delete_confirms_controller.rb +++ b/app/controllers/registrant/domain_delete_confirms_controller.rb @@ -19,7 +19,7 @@ def update domain_name: @domain.name, verification_token: params[:token]) - initiator = current_user ? current_user.username : t(:user_not_authenticated) + initiator = current_registrant_user ? current_registrant_user.username : t(:user_not_authenticated) if params[:rejected] if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}") diff --git a/app/controllers/registrant/domain_update_confirms_controller.rb b/app/controllers/registrant/domain_update_confirms_controller.rb index ca91f0192d..feaa39d6ea 100644 --- a/app/controllers/registrant/domain_update_confirms_controller.rb +++ b/app/controllers/registrant/domain_update_confirms_controller.rb @@ -19,7 +19,7 @@ def update domain_name: @domain.name, verification_token: params[:token]) - initiator = current_user ? current_user.username : t(:user_not_authenticated) + initiator = current_registrant_user ? current_registrant_user.username : t(:user_not_authenticated) if params[:rejected] if @registrant_verification.domain_registrant_change_reject!("email link, #{initiator}") diff --git a/app/controllers/registrant/domains_controller.rb b/app/controllers/registrant/domains_controller.rb index 0e2f6eeaf6..06b24624db 100644 --- a/app/controllers/registrant/domains_controller.rb +++ b/app/controllers/registrant/domains_controller.rb @@ -54,13 +54,13 @@ def set_domain end def domains - ident_cc, ident = @current_user.registrant_ident.split '-' + ident_cc, ident = current_registrant_user.registrant_ident.split '-' begin BusinessRegistryCache.fetch_associated_domains ident, ident_cc rescue Soap::Arireg::NotAvailableError => error flash[:notice] = I18n.t(error.json[:message]) Rails.logger.fatal("[EXCEPTION] #{error.to_s}") - current_user.domains + current_registrant_user.domains end end diff --git a/app/controllers/registrant/sessions_controller.rb b/app/controllers/registrant/sessions_controller.rb index 80a23eb0a3..c29c920b04 100644 --- a/app/controllers/registrant/sessions_controller.rb +++ b/app/controllers/registrant/sessions_controller.rb @@ -1,7 +1,7 @@ class Registrant::SessionsController < Devise::SessionsController layout 'registrant/application' - def login + def new end def id @@ -10,11 +10,10 @@ def id @user = RegistrantUser.find_or_create_by_idc_data(id_code, id_issuer) if @user - sign_in(@user, event: :authentication) - redirect_to registrant_root_url + sign_in_and_redirect(:registrant_user, @user, event: :authentication) else flash[:alert] = t('login_failed_check_id_card') - redirect_to registrant_login_url + redirect_to new_registrant_user_session_url end end @@ -68,7 +67,7 @@ def mid_status when 'USER_AUTHENTICATED' @user = RegistrantUser.find_by(registrant_ident: "#{session[:user_country]}-#{session[:user_id_code]}") - sign_in @user + sign_in(:registrant_user, @user) flash[:notice] = t(:welcome) flash.keep(:notice) render js: "window.location = '#{registrant_root_path}'" @@ -97,4 +96,14 @@ def find_user_by_idc(idc) return User.new unless idc ApiUser.find_by(identity_code: idc) || User.new end -end + + private + + def after_sign_in_path_for(resource_or_scope) + registrant_root_path + end + + def after_sign_out_path_for(resource_or_scope) + new_registrant_user_session_path + end +end \ No newline at end of file diff --git a/app/controllers/registrant_controller.rb b/app/controllers/registrant_controller.rb index 72fb78a086..76be97a1fc 100644 --- a/app/controllers/registrant_controller.rb +++ b/app/controllers/registrant_controller.rb @@ -1,11 +1,22 @@ class RegistrantController < ApplicationController - before_action :authenticate_user! + before_action :authenticate_registrant_user! layout 'registrant/application' include Registrant::ApplicationHelper helper_method :head_title_sufix + def head_title_sufix t(:registrant_head_title_sufix) end -end + + private + + def current_ability + @current_ability ||= Ability.new(current_registrant_user, request.remote_ip) + end + + def user_for_paper_trail + current_registrant_user.present? ? current_registrant_user.id_role_username : 'public' + end +end \ No newline at end of file diff --git a/app/controllers/registrar/account_activities_controller.rb b/app/controllers/registrar/account_activities_controller.rb index 0b95d0122b..baa0256afb 100644 --- a/app/controllers/registrar/account_activities_controller.rb +++ b/app/controllers/registrar/account_activities_controller.rb @@ -4,7 +4,7 @@ class AccountActivitiesController < BaseController def index params[:q] ||= {} - account = current_user.registrar.cash_account + account = current_registrar_user.registrar.cash_account ca_cache = params[:q][:created_at_lteq] begin diff --git a/app/controllers/registrar/base_controller.rb b/app/controllers/registrar/base_controller.rb index 90f2f5210a..2bd2eb492f 100644 --- a/app/controllers/registrar/base_controller.rb +++ b/app/controllers/registrar/base_controller.rb @@ -2,7 +2,7 @@ class Registrar class BaseController < ApplicationController include Registrar::ApplicationHelper - before_action :authenticate_user! + before_action :authenticate_registrar_user! before_action :check_ip_restriction helper_method :depp_controller? helper_method :head_title_sufix @@ -10,21 +10,21 @@ class BaseController < ApplicationController protected def current_ability - @current_ability ||= Ability.new(current_user, request.remote_ip) + @current_ability ||= Ability.new(current_registrar_user, request.remote_ip) end private def check_ip_restriction ip_restriction = Authorization::RestrictedIP.new(request.ip) - allowed = ip_restriction.can_access_registrar_area?(current_user.registrar) + allowed = ip_restriction.can_access_registrar_area?(current_registrar_user.registrar) return if allowed - sign_out current_user + sign_out current_registrar_user flash[:alert] = t('registrar.authorization.ip_not_allowed', ip: request.ip) - redirect_to registrar_login_url + redirect_to new_registrar_user_session_url end def depp_controller? @@ -34,5 +34,9 @@ def depp_controller? def head_title_sufix t(:registrar_head_title_sufix) end + + def user_for_paper_trail + current_registrar_user.present? ? current_registrar_user.id_role_username : 'public' + end end end diff --git a/app/controllers/registrar/bulk_change_controller.rb b/app/controllers/registrar/bulk_change_controller.rb index 562344a460..441127f6c7 100644 --- a/app/controllers/registrar/bulk_change_controller.rb +++ b/app/controllers/registrar/bulk_change_controller.rb @@ -10,7 +10,7 @@ def new private def available_contacts - current_user.registrar.contacts.order(:name).pluck(:name, :code) + current_registrar_user.registrar.contacts.order(:name).pluck(:name, :code) end def default_tab diff --git a/app/controllers/registrar/contacts_controller.rb b/app/controllers/registrar/contacts_controller.rb index cb059641ec..f343f9bfb5 100644 --- a/app/controllers/registrar/contacts_controller.rb +++ b/app/controllers/registrar/contacts_controller.rb @@ -21,11 +21,11 @@ def index end if params[:statuses_contains] - contacts = current_user.registrar.contacts.includes(:registrar).where( + contacts = current_registrar_user.registrar.contacts.includes(:registrar).where( "contacts.statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}" ) else - contacts = current_user.registrar.contacts.includes(:registrar) + contacts = current_registrar_user.registrar.contacts.includes(:registrar) end normalize_search_parameters do @@ -45,7 +45,7 @@ def download_list @contacts = Contact.find_by(name: params[:q][:name_matches]) end - contacts = current_user.registrar.contacts.includes(:registrar) + contacts = current_registrar_user.registrar.contacts.includes(:registrar) contacts = contacts.filter_by_states(params[:statuses_contains]) if params[:statuses_contains] normalize_search_parameters do diff --git a/app/controllers/registrar/current_user_controller.rb b/app/controllers/registrar/current_user_controller.rb index 266e4b9158..624ee294ef 100644 --- a/app/controllers/registrar/current_user_controller.rb +++ b/app/controllers/registrar/current_user_controller.rb @@ -3,9 +3,9 @@ class CurrentUserController < BaseController skip_authorization_check def switch - raise 'Cannot switch to unlinked user' unless current_user.linked_with?(new_user) + raise 'Cannot switch to unlinked user' unless current_registrar_user.linked_with?(new_user) - sign_in(new_user) + sign_in(:registrar_user, new_user) redirect_to :back, notice: t('.switched', new_user: new_user) end diff --git a/app/controllers/registrar/deposits_controller.rb b/app/controllers/registrar/deposits_controller.rb index ec6d139779..6b10ccdd3e 100644 --- a/app/controllers/registrar/deposits_controller.rb +++ b/app/controllers/registrar/deposits_controller.rb @@ -7,7 +7,7 @@ def new end def create - @deposit = Deposit.new(deposit_params.merge(registrar: current_user.registrar)) + @deposit = Deposit.new(deposit_params.merge(registrar: current_registrar_user.registrar)) @invoice = @deposit.issue_prepayment_invoice if @invoice&.persisted? diff --git a/app/controllers/registrar/depp_controller.rb b/app/controllers/registrar/depp_controller.rb index 234ab40b7c..87269b160d 100644 --- a/app/controllers/registrar/depp_controller.rb +++ b/app/controllers/registrar/depp_controller.rb @@ -5,13 +5,13 @@ class DeppController < BaseController rescue_from(Errno::ECONNRESET, Errno::ECONNREFUSED) do |exception| logger.error 'COULD NOT CONNECT TO REGISTRY' logger.error exception.backtrace.join("\n") - redirect_to registrar_login_url, alert: t(:no_connection_to_registry) + redirect_to new_registrar_user_session_url, alert: t(:no_connection_to_registry) end before_action :authenticate_user def authenticate_user - redirect_to registrar_login_url and return unless depp_current_user + redirect_to new_registrar_user_session_url and return unless depp_current_user end def depp_controller? @@ -19,10 +19,10 @@ def depp_controller? end def depp_current_user - return nil unless current_user + return nil unless current_registrar_user @depp_current_user ||= Depp::User.new( - tag: current_user.username, - password: current_user.password + tag: current_registrar_user.username, + password: current_registrar_user.password ) end diff --git a/app/controllers/registrar/domain_transfers_controller.rb b/app/controllers/registrar/domain_transfers_controller.rb index 7c0925f032..f65f3cece5 100644 --- a/app/controllers/registrar/domain_transfers_controller.rb +++ b/app/controllers/registrar/domain_transfers_controller.rb @@ -21,7 +21,7 @@ def create uri = URI.parse("#{ENV['repp_url']}domain_transfers") request = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') request.body = { data: { domainTransfers: domain_transfers } }.to_json - request.basic_auth(current_user.username, current_user.password) + request.basic_auth(current_registrar_user.username, current_registrar_user.password) if Rails.env.test? diff --git a/app/controllers/registrar/domains_controller.rb b/app/controllers/registrar/domains_controller.rb index 7cb8fdfbee..d2969bb69b 100644 --- a/app/controllers/registrar/domains_controller.rb +++ b/app/controllers/registrar/domains_controller.rb @@ -16,11 +16,11 @@ def index end if params[:statuses_contains] - domains = current_user.registrar.domains.includes(:registrar, :registrant).where( + domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant).where( "statuses @> ?::varchar[]", "{#{params[:statuses_contains].join(',')}}" ) else - domains = current_user.registrar.domains.includes(:registrar, :registrant) + domains = current_registrar_user.registrar.domains.includes(:registrar, :registrant) end normalize_search_parameters do @@ -142,7 +142,7 @@ def renew def search_contacts authorize! :create, Depp::Domain - scope = current_user.registrar.contacts.limit(10) + scope = current_registrar_user.registrar.contacts.limit(10) if params[:query].present? escaped_str = ActiveRecord::Base.connection.quote_string params[:query] scope = scope.where("name ilike '%#{escaped_str}%' OR code ilike '%#{escaped_str}%' ") @@ -159,7 +159,7 @@ def init_domain def contacts - current_user.registrar.contacts + current_registrar_user.registrar.contacts end def normalize_search_parameters diff --git a/app/controllers/registrar/invoices_controller.rb b/app/controllers/registrar/invoices_controller.rb index 735df91a31..548e47ebe1 100644 --- a/app/controllers/registrar/invoices_controller.rb +++ b/app/controllers/registrar/invoices_controller.rb @@ -6,7 +6,7 @@ class InvoicesController < BaseController def index params[:q] ||= {} - invoices = current_user.registrar.invoices.includes(:invoice_items, :account_activity) + invoices = current_registrar_user.registrar.invoices.includes(:invoice_items, :account_activity) normalize_search_parameters do @q = invoices.search(params[:q]) diff --git a/app/controllers/registrar/nameservers_controller.rb b/app/controllers/registrar/nameservers_controller.rb index b6f7af8291..90dd5afb42 100644 --- a/app/controllers/registrar/nameservers_controller.rb +++ b/app/controllers/registrar/nameservers_controller.rb @@ -12,7 +12,7 @@ def update attributes: { hostname: params[:new_hostname], ipv4: ipv4, ipv6: ipv6 } } }.to_json - request.basic_auth(current_user.username, current_user.password) + request.basic_auth(current_registrar_user.username, current_registrar_user.password) if Rails.env.test? response = Net::HTTP.start(uri.hostname, uri.port, diff --git a/app/controllers/registrar/profile_controller.rb b/app/controllers/registrar/profile_controller.rb index 5f202a894d..1fe6d6a0b6 100644 --- a/app/controllers/registrar/profile_controller.rb +++ b/app/controllers/registrar/profile_controller.rb @@ -5,13 +5,13 @@ class ProfileController < BaseController helper_method :linked_users def show - @user = current_user + @user = current_registrar_user end private def linked_users - current_user.linked_users + current_registrar_user.linked_users end end end diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb index 1a8b195ee8..d7a6907521 100644 --- a/app/controllers/registrar/sessions_controller.rb +++ b/app/controllers/registrar/sessions_controller.rb @@ -3,7 +3,7 @@ class SessionsController < Devise::SessionsController before_action :check_ip_restriction helper_method :depp_controller? - def login + def new @depp_user = Depp::User.new end @@ -30,7 +30,7 @@ def create unless @api_user @depp_user.errors.add(:base, t(:no_such_user)) - render 'login' and return + render :new and return end if @depp_user.pki @@ -41,14 +41,13 @@ def create if @depp_user.errors.none? if @api_user.active? - sign_in @api_user - redirect_to registrar_root_url + sign_in_and_redirect(:registrar_user, @api_user) else @depp_user.errors.add(:base, :not_active) - render 'login' + render :new end else - render 'login' + render :new end end @@ -56,11 +55,10 @@ def id @user = ApiUser.find_by_idc_data_and_allowed(request.env['SSL_CLIENT_S_DN'], request.ip) if @user - sign_in(@user, event: :authentication) - redirect_to registrar_root_url + sign_in_and_redirect(:registrar_user, @user, event: :authentication) else flash[:alert] = t('no_such_user') - redirect_to registrar_login_url + redirect_to new_registrar_user_session_url end end @@ -91,7 +89,7 @@ def mid @user = find_user_by_idc_and_allowed(response.user_id_code) else @user = find_user_by_idc(response.user_id_code) - end + end if @user.persisted? session[:user_id_code] = response.user_id_code @@ -117,7 +115,7 @@ def mid_status render json: { message: t(:check_your_phone_for_confirmation_code) }, status: :ok when 'USER_AUTHENTICATED' @user = find_user_by_idc_and_allowed(session[:user_id_code]) - sign_in @user + sign_in(:registrar_user, @user) flash[:notice] = t(:welcome) flash.keep(:notice) render js: "window.location = '#{registrar_root_url}'" @@ -163,8 +161,6 @@ def find_user_by_idc_and_allowed(idc) end end - - def check_ip_restriction ip_restriction = Authorization::RestrictedIP.new(request.ip) allowed = ip_restriction.can_access_registrar_area_sign_in_page? @@ -173,5 +169,13 @@ def check_ip_restriction render text: t('registrar.authorization.ip_not_allowed', ip: request.ip) end + + def after_sign_in_path_for(resource_or_scope) + registrar_root_path + end + + def after_sign_out_path_for(resource_or_scope) + new_registrar_user_session_path + end end -end +end \ No newline at end of file diff --git a/app/controllers/registrar/tech_contacts_controller.rb b/app/controllers/registrar/tech_contacts_controller.rb index 9d4568ad6a..fe3dd86da4 100644 --- a/app/controllers/registrar/tech_contacts_controller.rb +++ b/app/controllers/registrar/tech_contacts_controller.rb @@ -8,7 +8,7 @@ def update request = Net::HTTP::Patch.new(uri) request.set_form_data(current_contact_id: params[:current_contact_id], new_contact_id: params[:new_contact_id]) - request.basic_auth(current_user.username, current_user.password) + request.basic_auth(current_registrar_user.username, current_registrar_user.password) if Rails.env.test? response = Net::HTTP.start(uri.hostname, uri.port, diff --git a/app/views/admin/base/_menu.haml b/app/views/admin/base/_menu.haml index 7c813e43e8..957b7826da 100644 --- a/app/views/admin/base/_menu.haml +++ b/app/views/admin/base/_menu.haml @@ -41,4 +41,4 @@ - if signed_in? %ul.nav.navbar-nav.navbar-right - %li= link_to t(:log_out, user: current_user), '/admin/logout' + %li= link_to t(:log_out, user: current_admin_user), destroy_admin_user_session_path, method: :delete, class: 'navbar-link' diff --git a/app/views/admin/sessions/login.haml b/app/views/admin/sessions/new.haml similarity index 84% rename from app/views/admin/sessions/login.haml rename to app/views/admin/sessions/new.haml index 1ecca10aed..d37461c855 100644 --- a/app/views/admin/sessions/login.haml +++ b/app/views/admin/sessions/new.haml @@ -3,7 +3,7 @@ %h2.form-signin-heading.text-center Eesti Interneti SA %hr .form-signin - = form_for(@admin_user, url: admin_sessions_path, method: :create, html: {class: 'form-signin'}) do |f| + = form_for(@admin_user, url: admin_user_session_path, html: {class: 'form-signin'}) do |f| = render 'admin/shared/errors', object: f.object - error_class = f.object.errors.any? ? 'has-error' : '' diff --git a/app/views/layouts/devise.haml b/app/views/layouts/devise.haml index aaa1c8e31e..839290cef2 100644 --- a/app/views/layouts/devise.haml +++ b/app/views/layouts/devise.haml @@ -18,7 +18,7 @@ %span.icon-bar %span.icon-bar %span.icon-bar - = link_to admin_login_path, class: 'navbar-brand' do + = link_to new_admin_user_session_path, class: 'navbar-brand' do = ENV['app_name'] - if unstable_env.present? .text-center diff --git a/app/views/layouts/registrant/application.html.erb b/app/views/layouts/registrant/application.html.erb index 075ac46526..6d47b72cfb 100644 --- a/app/views/layouts/registrant/application.html.erb +++ b/app/views/layouts/registrant/application.html.erb @@ -37,7 +37,7 @@ <% end %> <% end %> - <% if current_user %> + <% if current_registrant_user %>
    <% if can? :view, Depp::Domain %> @@ -54,9 +54,9 @@ <% end %>
    - <% if user_signed_in? %> + <% if registrant_user_signed_in? %>
  • - <%= link_to t(:log_out, user: current_user), '/registrant/logout' %> + <%= link_to t(:log_out, user: current_registrant_user), destroy_registrant_user_session_path, method: :delete %>
    • <% end %>
diff --git a/app/views/registrant/sessions/login.haml b/app/views/registrant/sessions/new.haml similarity index 100% rename from app/views/registrant/sessions/login.haml rename to app/views/registrant/sessions/new.haml diff --git a/app/views/registrar/base/_current_user.html.erb b/app/views/registrar/base/_current_user.html.erb index 75d159bfbd..0e45c9c7d8 100644 --- a/app/views/registrar/base/_current_user.html.erb +++ b/app/views/registrar/base/_current_user.html.erb @@ -1,5 +1,5 @@ -<% current_user_presenter = UserPresenter.new(user: current_user, view: self) %> +<% current_user_presenter = UserPresenter.new(user: current_registrar_user, view: self) %> <%= link_to current_user_presenter.login_with_role, registrar_profile_path, id: 'registrar-profile-btn', class: 'navbar-link' %> | -<%= link_to t('.sign_out'), registrar_destroy_user_session_path, method: :delete, class: 'navbar-link' %> +<%= link_to t('.sign_out'), destroy_registrar_user_session_path, method: :delete, class: 'navbar-link' %> diff --git a/app/views/registrar/invoices/index.haml b/app/views/registrar/invoices/index.haml index 61d955708b..47270f2a65 100644 --- a/app/views/registrar/invoices/index.haml +++ b/app/views/registrar/invoices/index.haml @@ -4,8 +4,8 @@ = render 'shared/title', name: t(:your_account) = t(:your_current_account_balance_is, - balance: currency(current_user.registrar.cash_account.balance), - currency: current_user.registrar.cash_account.currency) + balance: currency(current_registrar_user.registrar.cash_account.balance), + currency: current_registrar_user.registrar.cash_account.currency) %h1= t(:invoices) .row diff --git a/app/views/registrar/sessions/login.haml b/app/views/registrar/sessions/new.haml similarity index 88% rename from app/views/registrar/sessions/login.haml rename to app/views/registrar/sessions/new.haml index 75ec951af9..4d273c9f43 100644 --- a/app/views/registrar/sessions/login.haml +++ b/app/views/registrar/sessions/new.haml @@ -2,7 +2,7 @@ .form-signin.col-md-6.center-block.text-center %h2.form-signin-heading.text-center= t(:log_in) %hr - = form_for @depp_user, url: registrar_sessions_path, html: {class: 'form-signin'} do |f| + = form_for @depp_user, url: registrar_user_session_path, html: {class: 'form-signin'} do |f| = render 'registrar/shared/errors', object: f.object - error_class = f.object.errors.any? ? 'has-error' : '' diff --git a/config/locales/registrar/sessions.en.yml b/config/locales/registrar/sessions.en.yml index 25031e1895..55d72979c6 100644 --- a/config/locales/registrar/sessions.en.yml +++ b/config/locales/registrar/sessions.en.yml @@ -1,7 +1,7 @@ en: registrar: sessions: - login: + new: login_btn: Login login_mid: login_btn: Login diff --git a/config/routes.rb b/config/routes.rb index 7e0e998151..6c78b1742d 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -22,6 +22,16 @@ namespace :registrar do root 'dashboard#show' + devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' }, + class_name: 'ApiUser' + devise_scope :registrar_user do + get 'login/mid' => 'sessions#login_mid' + post 'login/mid' => 'sessions#mid' + post 'login/mid_status' => 'sessions#mid_status' + post 'id' => 'sessions#id' + post 'mid' => 'sessions#mid' + end + resources :invoices do member do get 'download_pdf' @@ -33,18 +43,6 @@ resources :deposits resources :account_activities - devise_scope :user do - get 'login' => 'sessions#login' - get 'login/mid' => 'sessions#login_mid' - post 'login/mid' => 'sessions#mid' - post 'login/mid_status' => 'sessions#mid_status' - - post 'sessions' => 'sessions#create' - post 'id' => 'sessions#id' - post 'mid' => 'sessions#mid' - delete 'logout', to: '/devise/sessions#destroy', as: :destroy_user_session - end - put 'current_user/switch/:new_user_id', to: 'current_user#switch', as: :switch_current_user resource :profile, controller: :profile, only: :show @@ -100,6 +98,16 @@ namespace :registrant do root 'domains#index' + devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' }, + class_name: 'RegistrantUser' + devise_scope :registrant_user do + get 'login/mid' => 'sessions#login_mid' + post 'login/mid' => 'sessions#mid' + post 'login/mid_status' => 'sessions#mid_status' + post 'mid' => 'sessions#mid' + post 'id' => 'sessions#id' + end + resources :domains, only: %i[index show] do collection do get :download_list @@ -112,19 +120,6 @@ resources :domain_update_confirms resources :domain_delete_confirms - - devise_scope :user do - get 'login' => 'sessions#login' - get 'login/mid' => 'sessions#login_mid' - post 'login/mid' => 'sessions#mid' - post 'login/mid_status' => 'sessions#mid_status' - - post 'sessions' => 'sessions#create' - post 'mid' => 'sessions#mid' - post 'id' => 'sessions#id' - get 'logout' => '/devise/sessions#destroy' - end - resources :domains do resources :registrant_verifications collection do @@ -150,6 +145,8 @@ # ADMIN ROUTES namespace :admin do root 'dashboard#show' + devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' }, + class_name: 'AdminUser' resources :keyrelays resources :zonefiles @@ -251,18 +248,10 @@ resources :epp_logs resources :repp_logs - devise_scope :user do - get 'login' => 'sessions#login' - post 'sessions' => 'sessions#create' - get 'logout' => '/devise/sessions#destroy' - end - - authenticate :user do + authenticate :admin_user do mount Que::Web, at: 'que' end end - devise_for :users - root to: redirect('admin/login') -end +end \ No newline at end of file diff --git a/doc/controllers_complete.svg b/doc/controllers_complete.svg index 7f3644dd3c..0501ceac95 100644 --- a/doc/controllers_complete.svg +++ b/doc/controllers_complete.svg @@ -433,14 +433,6 @@ ApplicationController -admin_request? -after_sign_in_path_for -after_sign_out_path_for -api_user_log_str -current_root_url -registrant_request? -registrar_request? -user_for_paper_trail _layout diff --git a/spec/features/registrar/home_link_spec.rb b/spec/features/registrar/home_link_spec.rb index 04d61e1b7b..b42c41746a 100644 --- a/spec/features/registrar/home_link_spec.rb +++ b/spec/features/registrar/home_link_spec.rb @@ -2,7 +2,7 @@ RSpec.feature 'Registrar area home link', db: true do scenario 'is visible' do - visit registrar_login_url + visit new_registrar_user_session_url expect(page).to have_link('registrar-home-btn', href: registrar_root_path) end end diff --git a/spec/features/registrar/sign_in/mobile_id_spec.rb b/spec/features/registrar/sign_in/mobile_id_spec.rb index bc26daff51..35c0cc18e0 100644 --- a/spec/features/registrar/sign_in/mobile_id_spec.rb +++ b/spec/features/registrar/sign_in/mobile_id_spec.rb @@ -9,7 +9,7 @@ end scenario 'login with phone number' do - visit registrar_login_path + visit new_registrar_user_session_url click_on 'login-with-mobile-id-btn' fill_in 'user[phone]', with: '1234' diff --git a/spec/features/registrar/sign_in/password_spec.rb b/spec/features/registrar/sign_in/password_spec.rb deleted file mode 100644 index 64e22b8f44..0000000000 --- a/spec/features/registrar/sign_in/password_spec.rb +++ /dev/null @@ -1,39 +0,0 @@ -require 'rails_helper' - -RSpec.feature 'Registrar area password sign-in' do - scenario 'signs in the user with valid credentials' do - create(:api_user_with_unlimited_balance, - active: true, - login: 'test', - password: 'testtest') - - visit registrar_login_path - sign_in_with 'test', 'testtest' - - expect(page).to have_text(t('registrar.base.current_user.sign_out')) - end - - scenario 'notifies the user with invalid credentials' do - create(:api_user, login: 'test', password: 'testtest') - - visit registrar_login_path - sign_in_with 'test', 'invalid' - - expect(page).to have_text('No such user') - end - - scenario 'notifies the user with inactive account' do - create(:api_user, active: false, login: 'test', password: 'testtest') - - visit registrar_login_path - sign_in_with 'test', 'testtest' - - expect(page).to have_text('User is not active') - end - - def sign_in_with(username, password) - fill_in 'depp_user_tag', with: username - fill_in 'depp_user_password', with: password - click_button 'Login' - end -end diff --git a/spec/features/registrar/sign_out_spec.rb b/spec/features/registrar/sign_out_spec.rb deleted file mode 100644 index 09ae011cd2..0000000000 --- a/spec/features/registrar/sign_out_spec.rb +++ /dev/null @@ -1,14 +0,0 @@ -require 'rails_helper' - -RSpec.feature 'Registrar area sign-out', settings: false do - background do - sign_in_to_registrar_area(user: create(:api_user_with_unlimited_balance)) - end - - scenario 'signs the user out' do - visit registrar_root_path - click_on t('registrar.base.current_user.sign_out') - - expect(page).to have_text('Signed out successfully.') - end -end diff --git a/spec/requests/registrar/ip_restriction_spec.rb b/spec/requests/registrar/ip_restriction_spec.rb index 69ba336020..e43b7946b6 100644 --- a/spec/requests/registrar/ip_restriction_spec.rb +++ b/spec/requests/registrar/ip_restriction_spec.rb @@ -22,7 +22,7 @@ context 'when ip is allowed' do let!(:white_ip) { create(:white_ip, ipv4: '127.0.0.1', - registrar: controller.current_user.registrar, + registrar: controller.current_registrar_user.registrar, interfaces: [WhiteIp::REGISTRAR]) } specify do @@ -36,12 +36,12 @@ it 'signs the user out' do get registrar_root_url follow_redirect! - expect(controller.current_user).to be_nil + expect(controller.current_registrar_user).to be_nil end it 'redirects to login url' do get registrar_root_url - expect(response).to redirect_to(registrar_login_url) + expect(response).to redirect_to(new_registrar_user_session_url) end end end @@ -67,14 +67,14 @@ interfaces: [WhiteIp::REGISTRAR]) } specify do - get registrar_login_path + get new_registrar_user_session_path expect(response).to be_success end end context 'when ip is not allowed' do specify do - get registrar_login_path + get new_registrar_user_session_path expect(response.body).to match "Access denied" end end @@ -82,7 +82,7 @@ context 'when IP restriction is disabled' do specify do - get registrar_login_path + get new_registrar_user_session_path expect(response).to be_success end end diff --git a/spec/requests/registrar/linked_users_spec.rb b/spec/requests/registrar/linked_users_spec.rb index d5d51e3c69..352508f6d1 100644 --- a/spec/requests/registrar/linked_users_spec.rb +++ b/spec/requests/registrar/linked_users_spec.rb @@ -6,7 +6,7 @@ let!(:current_user) { create(:api_user, id: 1, identity_code: 'code') } before do - sign_in_to_registrar_area(user: current_user) + sign_in current_user end context 'when ip is allowed' do @@ -23,7 +23,7 @@ it 'signs in as a new user' do put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_url } follow_redirect! - expect(controller.current_user.id).to eq(2) + expect(controller.current_registrar_user.id).to eq(2) end it 'redirects back' do @@ -46,7 +46,6 @@ put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_path } end - follow_redirect! expect(controller.current_user.id).to eq(1) end end @@ -62,7 +61,7 @@ specify do put '/registrar/current_user/switch/2' - expect(response).to redirect_to(registrar_login_url) + expect(response).to redirect_to(new_registrar_user_session_url) end end end @@ -70,7 +69,7 @@ context 'when user is not authenticated' do specify do put '/registrar/current_user/switch/2' - expect(response).to redirect_to(registrar_login_url) + expect(response).to redirect_to(new_registrar_user_session_url) end end end diff --git a/spec/requests/registrar/sign_in/password_spec.rb b/spec/requests/registrar/sign_in/password_spec.rb deleted file mode 100644 index b875de98a0..0000000000 --- a/spec/requests/registrar/sign_in/password_spec.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'rails_helper' - -RSpec.describe 'Registrar area password sign-in', settings: false do - let!(:user) { create(:api_user, active: true, login: 'test', password: 'testtest') } - - it 'signs the user in' do - post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' } - follow_redirect! - expect(controller.current_user).to eq(user) - end - - it 'redirects to root url' do - post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' } - expect(response).to redirect_to(registrar_root_url) - end -end diff --git a/spec/requests/registrar/sign_out_spec.rb b/spec/requests/registrar/sign_out_spec.rb deleted file mode 100644 index 4f5b099c01..0000000000 --- a/spec/requests/registrar/sign_out_spec.rb +++ /dev/null @@ -1,18 +0,0 @@ -require 'rails_helper' - -RSpec.describe 'Registrar area sign-out', settings: false do - before do - sign_in_to_registrar_area - end - - it 'signs the user out' do - delete registrar_destroy_user_session_path - follow_redirect! - expect(controller.current_user).to be_nil - end - - it 'redirects to login url' do - delete registrar_destroy_user_session_path - expect(response).to redirect_to(registrar_login_url) - end -end diff --git a/spec/support/features/session_helpers.rb b/spec/support/features/session_helpers.rb index df02691d26..70ebce981e 100644 --- a/spec/support/features/session_helpers.rb +++ b/spec/support/features/session_helpers.rb @@ -1,7 +1,7 @@ module Features module SessionHelpers def sign_in_to_admin_area(user: create(:admin_user)) - visit admin_login_url + visit new_admin_user_session_url fill_in 'admin_user[username]', with: user.username fill_in 'admin_user[password]', with: user.password @@ -10,7 +10,7 @@ def sign_in_to_admin_area(user: create(:admin_user)) end def sign_in_to_registrar_area(user: create(:api_user)) - visit registrar_login_url + visit new_registrar_user_session_url fill_in 'depp_user_tag', with: user.username fill_in 'depp_user_password', with: user.password diff --git a/spec/support/requests/session_helpers.rb b/spec/support/requests/session_helpers.rb index 84cb9c7014..6c30c00c9d 100644 --- a/spec/support/requests/session_helpers.rb +++ b/spec/support/requests/session_helpers.rb @@ -1,11 +1,11 @@ module Requests module SessionHelpers def sign_in_to_admin_area(user: create(:admin_user)) - post admin_sessions_path, admin_user: { username: user.username, password: user.password } + post admin_user_session_path, admin_user: { username: user.username, password: user.password } end def sign_in_to_registrar_area(user: create(:api_user)) - post registrar_sessions_path, { depp_user: { tag: user.username, password: user.password } } + post registrar_user_session_path, { depp_user: { tag: user.username, password: user.password } } end end -end +end \ No newline at end of file diff --git a/test/integration/admin/login_test.rb b/test/integration/admin/login_test.rb new file mode 100644 index 0000000000..898c8b1489 --- /dev/null +++ b/test/integration/admin/login_test.rb @@ -0,0 +1,27 @@ +require 'test_helper' + +class AdminAreaLoginTest < ActionDispatch::IntegrationTest + def setup + @user = users(:admin) + end + + def test_correct_username_and_password + visit new_admin_user_session_url + fill_in 'admin_user_username', with: @user.username + fill_in 'admin_user_password', with: 'testtest' + click_button 'Log in' + + assert_text 'Log out' + assert_current_path admin_root_path + end + + def test_wrong_password + visit new_admin_user_session_url + fill_in 'admin_user_username', with: @user.username + fill_in 'admin_user_password', with: 'wrong' + click_button 'Log in' + + assert_text 'Authorization error' + assert_current_path new_admin_user_session_path + end +end \ No newline at end of file diff --git a/test/integration/admin/logout_test.rb b/test/integration/admin/logout_test.rb new file mode 100644 index 0000000000..f157769930 --- /dev/null +++ b/test/integration/admin/logout_test.rb @@ -0,0 +1,15 @@ +require 'test_helper' + +class AdminAreaLogoutTest < ActionDispatch::IntegrationTest + def setup + sign_in users(:admin) + end + + def test_logout + visit admin_root_url + click_on 'Log out' + + assert_text 'Signed out successfully' + assert_current_path new_admin_user_session_path + end +end \ No newline at end of file diff --git a/test/integration/admin/protected_area_test.rb b/test/integration/admin/protected_area_test.rb new file mode 100644 index 0000000000..b13e335ce0 --- /dev/null +++ b/test/integration/admin/protected_area_test.rb @@ -0,0 +1,22 @@ +require 'test_helper' + +class AdminAreaProtectedAreaTest < ActionDispatch::IntegrationTest + def test_unauthenticated_user_is_asked_to_authenticate_when_navigating_to_protected_area + visit admin_domains_url + assert_text 'You need to sign in before continuing' + assert_current_path new_admin_user_session_path + end + + def test_authenticated_user_can_access_protected_area + sign_in users(:admin) + visit admin_domains_url + assert_current_path admin_domains_path + end + + def test_authenticated_user_is_not_asked_to_authenticate_again + sign_in users(:admin) + visit new_admin_user_session_url + assert_text 'You are already signed in' + assert_current_path admin_root_path + end +end \ No newline at end of file diff --git a/test/integration/registrar/login_test.rb b/test/integration/registrar/login_test.rb new file mode 100644 index 0000000000..bfacd3c166 --- /dev/null +++ b/test/integration/registrar/login_test.rb @@ -0,0 +1,39 @@ +require 'test_helper' + +class RegistrarAreaLoginTest < ActionDispatch::IntegrationTest + def setup + @user = users(:api_bestnames) + end + + def test_correct_username_and_password + visit new_registrar_user_session_url + fill_in 'depp_user_tag', with: @user.username + fill_in 'depp_user_password', with: 'testtest' + click_button 'Login' + + assert_text 'Log out' + assert_current_path registrar_root_path + end + + def test_wrong_password + visit new_registrar_user_session_url + fill_in 'depp_user_tag', with: @user.username + fill_in 'depp_user_password', with: 'wrong' + click_button 'Login' + + assert_text 'No such user' + assert_current_path new_registrar_user_session_path + end + + def test_inactive_user + @user.update!(active: false) + + visit new_registrar_user_session_url + fill_in 'depp_user_tag', with: @user.username + fill_in 'depp_user_password', with: 'testtest' + click_button 'Login' + + assert_text 'User is not active' + assert_current_path new_registrar_user_session_path + end +end \ No newline at end of file diff --git a/test/integration/registrar/logout_test.rb b/test/integration/registrar/logout_test.rb new file mode 100644 index 0000000000..9f2bba9dd5 --- /dev/null +++ b/test/integration/registrar/logout_test.rb @@ -0,0 +1,15 @@ +require 'test_helper' + +class RegistrarAreaLogoutTest < ActionDispatch::IntegrationTest + def setup + sign_in users(:api_bestnames) + end + + def test_logout + visit registrar_root_url + click_on 'Log out' + + assert_text 'Signed out successfully' + assert_current_path new_registrar_user_session_path + end +end \ No newline at end of file diff --git a/test/integration/registrar/protected_area_test.rb b/test/integration/registrar/protected_area_test.rb new file mode 100644 index 0000000000..967a37dec8 --- /dev/null +++ b/test/integration/registrar/protected_area_test.rb @@ -0,0 +1,22 @@ +require 'test_helper' + +class RegistrarAreaProtectedAreaTest < ActionDispatch::IntegrationTest + def test_unauthenticated_user_is_asked_to_authenticate_when_navigating_to_protected_area + visit registrar_domains_url + assert_text 'You need to sign in before continuing' + assert_current_path new_registrar_user_session_path + end + + def test_authenticated_user_can_access_protected_area + sign_in users(:api_bestnames) + visit registrar_domains_url + assert_current_path registrar_domains_path + end + + def test_authenticated_user_is_not_asked_to_authenticate_again + sign_in users(:api_bestnames) + visit new_registrar_user_session_url + assert_text 'You are already signed in' + assert_current_path registrar_root_path + end +end \ No newline at end of file From fa9731be16d01ba8afc32c196047ca731e81b666 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 20 Jun 2018 12:21:44 +0300 Subject: [PATCH 13/59] Remove redirection --- app/controllers/registrar/dashboard_controller.rb | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/app/controllers/registrar/dashboard_controller.rb b/app/controllers/registrar/dashboard_controller.rb index 80b3f530b6..468c7513ab 100644 --- a/app/controllers/registrar/dashboard_controller.rb +++ b/app/controllers/registrar/dashboard_controller.rb @@ -3,11 +3,6 @@ class DashboardController < BaseController authorize_resource class: false def show - if can?(:show, :poll) - redirect_to registrar_poll_url and return - elsif can?(:show, Invoice) - redirect_to registrar_invoices_url and return - end end end -end +end \ No newline at end of file From 904975ad2deefa3767f61ba6d908a1776d6076d0 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 20 Jun 2018 12:25:09 +0300 Subject: [PATCH 14/59] Update fixtures --- test/fixtures/users.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index b20bd8a838..494cadd24b 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -18,6 +18,7 @@ api_goodnames: admin: username: test + encrypted_password: <%= Devise::Encryptor.digest(AdminUser, 'testtest') %> type: AdminUser country_code: US roles: From 32ecf3605759bf072e136374d3addb56986adb91 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Fri, 13 Jul 2018 23:09:21 +0300 Subject: [PATCH 15/59] Rename `users.password` to `users.plain_text_password` Otherwise it conflicts with Devise --- app/api/repp/api.rb | 2 +- app/controllers/admin/api_users_controller.rb | 4 ++-- app/controllers/epp/sessions_controller.rb | 4 ++-- app/controllers/registrar/depp_controller.rb | 2 +- app/controllers/registrar/domain_transfers_controller.rb | 2 +- app/controllers/registrar/nameservers_controller.rb | 2 +- app/controllers/registrar/sessions_controller.rb | 3 ++- app/controllers/registrar/tech_contacts_controller.rb | 2 +- app/models/api_user.rb | 6 +++--- app/views/admin/api_users/_form.haml | 2 +- app/views/admin/api_users/show.haml | 2 +- ...13154915_rename_users_password_to_plain_text_password.rb | 5 +++++ db/structure.sql | 4 +++- lib/tasks/import.rake | 4 ++-- spec/api/repp/contact_v1_spec.rb | 2 +- spec/factories/api_user.rb | 2 +- spec/support/features/session_helpers.rb | 2 +- spec/support/requests/session_helpers.rb | 2 +- test/fixtures/users.yml | 4 ++-- 19 files changed, 32 insertions(+), 24 deletions(-) create mode 100644 db/migrate/20180713154915_rename_users_password_to_plain_text_password.rb diff --git a/app/api/repp/api.rb b/app/api/repp/api.rb index 7858cd625e..e5bda46f50 100644 --- a/app/api/repp/api.rb +++ b/app/api/repp/api.rb @@ -4,7 +4,7 @@ class API < Grape::API prefix :repp http_basic do |username, password| - @current_user ||= ApiUser.find_by(username: username, password: password) + @current_user ||= ApiUser.find_by(username: username, plain_text_password: password) if @current_user true else diff --git a/app/controllers/admin/api_users_controller.rb b/app/controllers/admin/api_users_controller.rb index 84344c2e9c..7f6eb1a3d5 100644 --- a/app/controllers/admin/api_users_controller.rb +++ b/app/controllers/admin/api_users_controller.rb @@ -32,7 +32,7 @@ def edit; end def update - params[:api_user].delete(:password) if params[:api_user][:password].blank? + params[:api_user].delete(:plain_text_password) if params[:api_user][:plain_text_password].blank? if @api_user.update(api_user_params) flash[:notice] = I18n.t('record_updated') redirect_to [:admin, @api_user] @@ -59,7 +59,7 @@ def set_api_user end def api_user_params - params.require(:api_user).permit(:username, :password, :active, + params.require(:api_user).permit(:username, :plain_text_password, :active, :registrar_id, :registrar_typeahead, :identity_code, { roles: [] }) end diff --git a/app/controllers/epp/sessions_controller.rb b/app/controllers/epp/sessions_controller.rb index e3e9f31149..05bbba9a81 100644 --- a/app/controllers/epp/sessions_controller.rb +++ b/app/controllers/epp/sessions_controller.rb @@ -81,7 +81,7 @@ def login if success if params[:parsed_frame].css('newPW').first - unless @api_user.update(password: params[:parsed_frame].css('newPW').first.text) + unless @api_user.update(plain_text_password: params[:parsed_frame].css('newPW').first.text) response.headers['X-EPP-Returncode'] = '2500' handle_errors(@api_user) and return end @@ -128,7 +128,7 @@ def logout def login_params user = params[:parsed_frame].css('clID').first.text pw = params[:parsed_frame].css('pw').first.text - { username: user, password: pw } + { username: user, plain_text_password: pw } end private diff --git a/app/controllers/registrar/depp_controller.rb b/app/controllers/registrar/depp_controller.rb index 87269b160d..70fb01c4a4 100644 --- a/app/controllers/registrar/depp_controller.rb +++ b/app/controllers/registrar/depp_controller.rb @@ -22,7 +22,7 @@ def depp_current_user return nil unless current_registrar_user @depp_current_user ||= Depp::User.new( tag: current_registrar_user.username, - password: current_registrar_user.password + password: current_registrar_user.plain_text_password ) end diff --git a/app/controllers/registrar/domain_transfers_controller.rb b/app/controllers/registrar/domain_transfers_controller.rb index f65f3cece5..71cbb306d3 100644 --- a/app/controllers/registrar/domain_transfers_controller.rb +++ b/app/controllers/registrar/domain_transfers_controller.rb @@ -21,7 +21,7 @@ def create uri = URI.parse("#{ENV['repp_url']}domain_transfers") request = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') request.body = { data: { domainTransfers: domain_transfers } }.to_json - request.basic_auth(current_registrar_user.username, current_registrar_user.password) + request.basic_auth(current_registrar_user.username, current_registrar_user.plain_text_password) if Rails.env.test? diff --git a/app/controllers/registrar/nameservers_controller.rb b/app/controllers/registrar/nameservers_controller.rb index 31a047d2fd..af2e00f7fe 100644 --- a/app/controllers/registrar/nameservers_controller.rb +++ b/app/controllers/registrar/nameservers_controller.rb @@ -12,7 +12,7 @@ def update attributes: { hostname: params[:new_hostname], ipv4: ipv4, ipv6: ipv6 } } }.to_json - request.basic_auth(current_registrar_user.username, current_registrar_user.password) + request.basic_auth(current_registrar_user.username, current_registrar_user.plain_text_password) if Rails.env.test? response = Net::HTTP.start(uri.hostname, uri.port, diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb index d7a6907521..a600869f8e 100644 --- a/app/controllers/registrar/sessions_controller.rb +++ b/app/controllers/registrar/sessions_controller.rb @@ -26,7 +26,8 @@ def create @depp_user.errors.add(:base, :webserver_client_cert_directive_should_be_required) end - @api_user = ApiUser.find_by(username: params[:depp_user][:tag], password: params[:depp_user][:password]) + @api_user = ApiUser.find_by(username: params[:depp_user][:tag], + plain_text_password: params[:depp_user][:password]) unless @api_user @depp_user.errors.add(:base, t(:no_such_user)) diff --git a/app/controllers/registrar/tech_contacts_controller.rb b/app/controllers/registrar/tech_contacts_controller.rb index fe3dd86da4..22d667a419 100644 --- a/app/controllers/registrar/tech_contacts_controller.rb +++ b/app/controllers/registrar/tech_contacts_controller.rb @@ -8,7 +8,7 @@ def update request = Net::HTTP::Patch.new(uri) request.set_form_data(current_contact_id: params[:current_contact_id], new_contact_id: params[:new_contact_id]) - request.basic_auth(current_registrar_user.username, current_registrar_user.password) + request.basic_auth(current_registrar_user.username, current_registrar_user.plain_text_password) if Rails.env.test? response = Net::HTTP.start(uri.hostname, uri.port, diff --git a/app/models/api_user.rb b/app/models/api_user.rb index 3782920763..da3497dd84 100644 --- a/app/models/api_user.rb +++ b/app/models/api_user.rb @@ -7,7 +7,7 @@ class ApiUser < User def epp_code_map { '2306' => [ # Parameter policy error - [:password, :blank] + [:plain_text_password, :blank] ] } end @@ -20,8 +20,8 @@ def self.min_password_length # Must precede .validates belongs_to :registrar has_many :certificates - validates :username, :password, :registrar, :roles, presence: true - validates :password, length: { minimum: min_password_length } + validates :username, :plain_text_password, :registrar, :roles, presence: true + validates :plain_text_password, length: { minimum: min_password_length } validates :username, uniqueness: true delegate :code, :name, to: :registrar, prefix: true diff --git a/app/views/admin/api_users/_form.haml b/app/views/admin/api_users/_form.haml index 9a26b9fc82..2e837b22ab 100644 --- a/app/views/admin/api_users/_form.haml +++ b/app/views/admin/api_users/_form.haml @@ -13,7 +13,7 @@ .col-md-4.control-label = f.label :password, nil, class: 'required' .col-md-7 - = f.text_field :password, required: true, class: 'form-control' + = f.text_field :plain_text_password, required: true, class: 'form-control' .form-group .col-md-4.control-label diff --git a/app/views/admin/api_users/show.haml b/app/views/admin/api_users/show.haml index 00e562c6db..2e13445d1d 100644 --- a/app/views/admin/api_users/show.haml +++ b/app/views/admin/api_users/show.haml @@ -21,7 +21,7 @@ %dd= @api_user.username %dt= t(:password) - %dd= @api_user.password + %dd= @api_user.plain_text_password %dt= t(:registrar_name) %dd= link_to(@api_user.registrar, admin_registrar_path(@api_user.registrar)) diff --git a/db/migrate/20180713154915_rename_users_password_to_plain_text_password.rb b/db/migrate/20180713154915_rename_users_password_to_plain_text_password.rb new file mode 100644 index 0000000000..9636d69bfb --- /dev/null +++ b/db/migrate/20180713154915_rename_users_password_to_plain_text_password.rb @@ -0,0 +1,5 @@ +class RenameUsersPasswordToPlainTextPassword < ActiveRecord::Migration + def change + rename_column :users, :password, :plain_text_password + end +end diff --git a/db/structure.sql b/db/structure.sql index b07f080008..40ae46e6d7 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -2282,7 +2282,7 @@ ALTER SEQUENCE public.settings_id_seq OWNED BY public.settings.id; CREATE TABLE public.users ( id integer NOT NULL, username character varying, - password character varying, + plain_text_password character varying, created_at timestamp without time zone, updated_at timestamp without time zone, email character varying, @@ -4757,3 +4757,5 @@ INSERT INTO schema_migrations (version) VALUES ('20180613030330'); INSERT INTO schema_migrations (version) VALUES ('20180613045614'); +INSERT INTO schema_migrations (version) VALUES ('20180713154915'); + diff --git a/lib/tasks/import.rake b/lib/tasks/import.rake index 2fa67a8270..a3b884935a 100644 --- a/lib/tasks/import.rake +++ b/lib/tasks/import.rake @@ -145,7 +145,7 @@ namespace :import do if y.try(:cert) == 'idkaart' id_users << ApiUser.new({ username: y.try(:password) ? y.try(:password) : y.try(:password), - password: ('a'..'z').to_a.shuffle.first(8).join, + plain_text_password: ('a'..'z').to_a.shuffle.first(8).join, identity_code: y.try(:password) ? y.try(:password) : y.try(:password), registrar_id: Registrar.find_by(legacy_id: x.try(:id)).try(:id), roles: ['billing'], @@ -154,7 +154,7 @@ namespace :import do else temp << ApiUser.new({ username: x.handle.try(:strip), - password: y.try(:password) ? y.try(:password) : ('a'..'z').to_a.shuffle.first(8).join, + plain_text_password: y.try(:password) ? y.try(:password) : ('a'..'z').to_a.shuffle.first(8).join, registrar_id: Registrar.find_by(legacy_id: x.try(:id)).try(:id), roles: ['epp'], legacy_id: y.try(:id) diff --git a/spec/api/repp/contact_v1_spec.rb b/spec/api/repp/contact_v1_spec.rb index 716eb40cc2..77ce38d2e5 100644 --- a/spec/api/repp/contact_v1_spec.rb +++ b/spec/api/repp/contact_v1_spec.rb @@ -45,6 +45,6 @@ end def http_auth_key - ActionController::HttpAuthentication::Basic.encode_credentials(user.username, user.password) + ActionController::HttpAuthentication::Basic.encode_credentials(user.username, user.plain_text_password) end end diff --git a/spec/factories/api_user.rb b/spec/factories/api_user.rb index a3f9623b63..01ba0f8da7 100644 --- a/spec/factories/api_user.rb +++ b/spec/factories/api_user.rb @@ -1,7 +1,7 @@ FactoryBot.define do factory :api_user do sequence(:username) { |n| "test#{n}" } - password 'a' * ApiUser.min_password_length + plain_text_password 'a' * ApiUser.min_password_length roles ['super'] registrar diff --git a/spec/support/features/session_helpers.rb b/spec/support/features/session_helpers.rb index 70ebce981e..1667db48cb 100644 --- a/spec/support/features/session_helpers.rb +++ b/spec/support/features/session_helpers.rb @@ -13,7 +13,7 @@ def sign_in_to_registrar_area(user: create(:api_user)) visit new_registrar_user_session_url fill_in 'depp_user_tag', with: user.username - fill_in 'depp_user_password', with: user.password + fill_in 'depp_user_password', with: user.plain_text_password click_button 'Login' end diff --git a/spec/support/requests/session_helpers.rb b/spec/support/requests/session_helpers.rb index 6c30c00c9d..01e7ae674e 100644 --- a/spec/support/requests/session_helpers.rb +++ b/spec/support/requests/session_helpers.rb @@ -5,7 +5,7 @@ def sign_in_to_admin_area(user: create(:admin_user)) end def sign_in_to_registrar_area(user: create(:api_user)) - post registrar_user_session_path, { depp_user: { tag: user.username, password: user.password } } + post registrar_user_session_path, { depp_user: { tag: user.username, password: user.plain_text_password } } end end end \ No newline at end of file diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index 494cadd24b..034af04840 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -1,6 +1,6 @@ api_bestnames: username: test_bestnames - password: testtest + plain_text_password: testtest type: ApiUser registrar: bestnames active: true @@ -9,7 +9,7 @@ api_bestnames: api_goodnames: username: test_goodnames - password: testtest + plain_text_password: testtest type: ApiUser registrar: goodnames active: true From 7a054ca8930cd2ea672e6c393cafb0e4ea113b95 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Fri, 13 Jul 2018 23:12:01 +0300 Subject: [PATCH 16/59] Fix tests and specs --- spec/requests/registrar/ip_restriction_spec.rb | 7 ++----- spec/requests/registrar/linked_users_spec.rb | 8 -------- test/system/registrar/sign_in_test.rb | 2 +- 3 files changed, 3 insertions(+), 14 deletions(-) diff --git a/spec/requests/registrar/ip_restriction_spec.rb b/spec/requests/registrar/ip_restriction_spec.rb index e43b7946b6..49a04428a1 100644 --- a/spec/requests/registrar/ip_restriction_spec.rb +++ b/spec/requests/registrar/ip_restriction_spec.rb @@ -2,11 +2,11 @@ RSpec.describe 'Registrar area IP restriction', settings: false do before do - @original_registrar_ip_whitelist_enabled = Setting.registrar_ip_whitelist_enabled + @original_registrar_ip_whitelist_enabled_setting = Setting.registrar_ip_whitelist_enabled end after do - Setting.registrar_ip_whitelist_enabled = @original_registrar_ip_whitelist_enabled + Setting.registrar_ip_whitelist_enabled = @original_registrar_ip_whitelist_enabled_setting end context 'when authenticated' do @@ -27,7 +27,6 @@ specify do get registrar_root_url - follow_redirect! expect(response).to be_success end end @@ -35,7 +34,6 @@ context 'when ip is not allowed' do it 'signs the user out' do get registrar_root_url - follow_redirect! expect(controller.current_registrar_user).to be_nil end @@ -49,7 +47,6 @@ context 'when IP restriction is disabled' do specify do get registrar_root_url - follow_redirect! expect(response).to be_success end end diff --git a/spec/requests/registrar/linked_users_spec.rb b/spec/requests/registrar/linked_users_spec.rb index 352508f6d1..05cf106000 100644 --- a/spec/requests/registrar/linked_users_spec.rb +++ b/spec/requests/registrar/linked_users_spec.rb @@ -40,14 +40,6 @@ put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_path } end.to raise_error('Cannot switch to unlinked user') end - - it 'does not sign in as a new user' do - suppress StandardError do - put '/registrar/current_user/switch/2', nil, { HTTP_REFERER: registrar_contacts_path } - end - - expect(controller.current_user.id).to eq(1) - end end end diff --git a/test/system/registrar/sign_in_test.rb b/test/system/registrar/sign_in_test.rb index 9af5522f9e..840839cccb 100644 --- a/test/system/registrar/sign_in_test.rb +++ b/test/system/registrar/sign_in_test.rb @@ -20,7 +20,7 @@ def test_mobile_id_sign_in_page mock_client.expect(:session_code, 1234) Digidoc::Client.stub(:new, mock_client) do - visit registrar_login_path + visit new_registrar_user_session_path click_on 'login-with-mobile-id-btn' From f6ad22156ee01d3a2a80dc5c7dbc4e9d8a904778 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Fri, 13 Jul 2018 23:13:58 +0300 Subject: [PATCH 17/59] Supply PaperTrail with current user --- app/controllers/admin/base_controller.rb | 2 +- app/controllers/admin/sessions_controller.rb | 4 ++++ app/controllers/registrar/base_controller.rb | 2 +- app/controllers/registrar/sessions_controller.rb | 4 ++++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb index 52ff6aa7ce..fe652b2db1 100644 --- a/app/controllers/admin/base_controller.rb +++ b/app/controllers/admin/base_controller.rb @@ -14,7 +14,7 @@ def current_ability end def user_for_paper_trail - current_admin_user.present? ? current_admin_user.id_role_username : 'public' + current_admin_user ? current_admin_user.id_role_username : 'guest' end end end \ No newline at end of file diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index 1e9be9eb7d..7c396845ce 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -31,5 +31,9 @@ def after_sign_in_path_for(resource_or_scope) def after_sign_out_path_for(resource_or_scope) new_admin_user_session_path end + + def user_for_paper_trail + current_admin_user ? current_admin_user.id_role_username : 'guest' + end end end \ No newline at end of file diff --git a/app/controllers/registrar/base_controller.rb b/app/controllers/registrar/base_controller.rb index 2bd2eb492f..23a5a9954e 100644 --- a/app/controllers/registrar/base_controller.rb +++ b/app/controllers/registrar/base_controller.rb @@ -36,7 +36,7 @@ def head_title_sufix end def user_for_paper_trail - current_registrar_user.present? ? current_registrar_user.id_role_username : 'public' + current_registrar_user ? current_registrar_user.id_role_username : 'guest' end end end diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb index a600869f8e..e1c98785b7 100644 --- a/app/controllers/registrar/sessions_controller.rb +++ b/app/controllers/registrar/sessions_controller.rb @@ -178,5 +178,9 @@ def after_sign_in_path_for(resource_or_scope) def after_sign_out_path_for(resource_or_scope) new_registrar_user_session_path end + + def user_for_paper_trail + current_registrar_user ? current_registrar_user.id_role_username : 'guest' + end end end \ No newline at end of file From c7e426b8edd3a7fb62ca30cc9ce09bf94757386f Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Sat, 14 Jul 2018 23:46:18 +0300 Subject: [PATCH 18/59] Extract translations --- config/locales/api_users.en.yml | 13 +++++++++++++ config/locales/en.yml | 10 ---------- 2 files changed, 13 insertions(+), 10 deletions(-) create mode 100644 config/locales/api_users.en.yml diff --git a/config/locales/api_users.en.yml b/config/locales/api_users.en.yml new file mode 100644 index 0000000000..724306e4a8 --- /dev/null +++ b/config/locales/api_users.en.yml @@ -0,0 +1,13 @@ +en: + activerecord: + errors: + models: + api_user: + attributes: + username: + blank: 'Username is missing' + taken: 'Username already exists' + password: + blank: 'Password is missing' + registrar: + blank: 'Registrar is missing' \ No newline at end of file diff --git a/config/locales/en.yml b/config/locales/en.yml index 2afbb45a50..6efaab51f0 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -135,16 +135,6 @@ en: registrar: blank: 'Registrar is missing' - api_user: - attributes: - username: - blank: 'Username is missing' - taken: 'Username already exists' - password: - blank: 'Password is missing' - registrar: - blank: 'Registrar is missing' - dnskey: attributes: alg: From 28393adfb12950991903155e1e1f23750ba906f6 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Sun, 15 Jul 2018 00:36:04 +0300 Subject: [PATCH 19/59] Fix translation --- config/locales/api_users.en.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config/locales/api_users.en.yml b/config/locales/api_users.en.yml index 724306e4a8..757ded049d 100644 --- a/config/locales/api_users.en.yml +++ b/config/locales/api_users.en.yml @@ -1,5 +1,8 @@ en: activerecord: + attributes: + api_user: + plain_text_password: Password errors: models: api_user: @@ -7,7 +10,7 @@ en: username: blank: 'Username is missing' taken: 'Username already exists' - password: + plain_text_password: blank: 'Password is missing' registrar: blank: 'Registrar is missing' \ No newline at end of file From 84bf96778089737a8e966065bcfb8442b802b243 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Sun, 15 Jul 2018 19:01:33 +0300 Subject: [PATCH 20/59] Fix template --- app/views/admin/api_users/_form.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/admin/api_users/_form.haml b/app/views/admin/api_users/_form.haml index 2e837b22ab..12ea322aaf 100644 --- a/app/views/admin/api_users/_form.haml +++ b/app/views/admin/api_users/_form.haml @@ -11,7 +11,7 @@ = f.text_field :username, required: true, autofocus: true, class: 'form-control' .form-group .col-md-4.control-label - = f.label :password, nil, class: 'required' + = f.label :plain_text_password, nil, class: 'required' .col-md-7 = f.text_field :plain_text_password, required: true, class: 'form-control' From 02aad0d7813e43bcc5e56278acf37811cbca728f Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Sun, 15 Jul 2018 19:01:43 +0300 Subject: [PATCH 21/59] Add tests --- test/integration/admin/api_user/new_test.rb | 25 +++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 test/integration/admin/api_user/new_test.rb diff --git a/test/integration/admin/api_user/new_test.rb b/test/integration/admin/api_user/new_test.rb new file mode 100644 index 0000000000..32b2e1188e --- /dev/null +++ b/test/integration/admin/api_user/new_test.rb @@ -0,0 +1,25 @@ +require 'test_helper' + +class AdminAreaNewApiUserTest < ActionDispatch::IntegrationTest + setup do + sign_in users(:admin) + end + + def test_new_api_user_creation_with_required_params + visit admin_api_users_url + click_link_or_button 'New API user' + + fill_in 'Username', with: 'newtest' + fill_in 'Password', with: 'testtest' + find('#api_user_registrar_id', visible: false).set(registrars(:bestnames).id) + + assert_difference 'ApiUser.count' do + click_link_or_button 'Save' + end + + assert_current_path admin_api_user_path(ApiUser.last) + assert_text 'Record created' + assert_text 'Username newtest' + assert_text 'Password testtest' + end +end \ No newline at end of file From a651ac8cabdc49ecff141bb3dabbe3a3d0a8d626 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Sun, 15 Jul 2018 19:26:43 +0300 Subject: [PATCH 22/59] Fix Rubocop warnings --- app/controllers/admin/api_users_controller.rb | 5 ++++- app/controllers/admin/dashboard_controller.rb | 3 +-- app/controllers/admin/sessions_controller.rb | 4 ++-- .../registrant/domain_delete_confirms_controller.rb | 3 ++- .../registrant/domain_update_confirms_controller.rb | 3 ++- app/controllers/registrant/sessions_controller.rb | 7 +++---- app/controllers/registrar/dashboard_controller.rb | 3 +-- app/controllers/registrar/domain_transfers_controller.rb | 3 ++- app/controllers/registrar/invoices_controller.rb | 3 ++- app/controllers/registrar/nameservers_controller.rb | 3 ++- app/controllers/registrar/sessions_controller.rb | 4 ++-- app/controllers/registrar/tech_contacts_controller.rb | 3 ++- app/models/api_user.rb | 2 +- 13 files changed, 26 insertions(+), 20 deletions(-) diff --git a/app/controllers/admin/api_users_controller.rb b/app/controllers/admin/api_users_controller.rb index 7f6eb1a3d5..bbf0a8a4e2 100644 --- a/app/controllers/admin/api_users_controller.rb +++ b/app/controllers/admin/api_users_controller.rb @@ -32,7 +32,10 @@ def edit; end def update - params[:api_user].delete(:plain_text_password) if params[:api_user][:plain_text_password].blank? + if params[:api_user][:plain_text_password].blank? + params[:api_user].delete(:plain_text_password) + end + if @api_user.update(api_user_params) flash[:notice] = I18n.t('record_updated') redirect_to [:admin, @api_user] diff --git a/app/controllers/admin/dashboard_controller.rb b/app/controllers/admin/dashboard_controller.rb index 35efab5993..f486987800 100644 --- a/app/controllers/admin/dashboard_controller.rb +++ b/app/controllers/admin/dashboard_controller.rb @@ -2,7 +2,6 @@ module Admin class DashboardController < BaseController authorize_resource class: false - def show - end + def show; end end end \ No newline at end of file diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index 7c396845ce..c0b47e687d 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -24,11 +24,11 @@ def create private - def after_sign_in_path_for(resource_or_scope) + def after_sign_in_path_for(_resource_or_scope) admin_root_path end - def after_sign_out_path_for(resource_or_scope) + def after_sign_out_path_for(_resource_or_scope) new_admin_user_session_path end diff --git a/app/controllers/registrant/domain_delete_confirms_controller.rb b/app/controllers/registrant/domain_delete_confirms_controller.rb index a57c6178a8..d6e4666c7e 100644 --- a/app/controllers/registrant/domain_delete_confirms_controller.rb +++ b/app/controllers/registrant/domain_delete_confirms_controller.rb @@ -19,7 +19,8 @@ def update domain_name: @domain.name, verification_token: params[:token]) - initiator = current_registrant_user ? current_registrant_user.username : t(:user_not_authenticated) + initiator = current_registrant_user ? current_registrant_user.username : + t(:user_not_authenticated) if params[:rejected] if @registrant_verification.domain_registrant_delete_reject!("email link #{initiator}") diff --git a/app/controllers/registrant/domain_update_confirms_controller.rb b/app/controllers/registrant/domain_update_confirms_controller.rb index 8c91db6ac2..413ac43ff0 100644 --- a/app/controllers/registrant/domain_update_confirms_controller.rb +++ b/app/controllers/registrant/domain_update_confirms_controller.rb @@ -19,7 +19,8 @@ def update domain_name: @domain.name, verification_token: params[:token]) - initiator = current_registrant_user ? current_registrant_user.username : t(:user_not_authenticated) + initiator = current_registrant_user ? current_registrant_user.username : + t(:user_not_authenticated) if params[:rejected] if @registrant_verification.domain_registrant_change_reject!("email link, #{initiator}") diff --git a/app/controllers/registrant/sessions_controller.rb b/app/controllers/registrant/sessions_controller.rb index c29c920b04..38efe94069 100644 --- a/app/controllers/registrant/sessions_controller.rb +++ b/app/controllers/registrant/sessions_controller.rb @@ -1,8 +1,7 @@ class Registrant::SessionsController < Devise::SessionsController layout 'registrant/application' - def new - end + def new; end def id id_code, id_issuer = request.env['SSL_CLIENT_S_DN'], request.env['SSL_CLIENT_I_DN_O'] @@ -99,11 +98,11 @@ def find_user_by_idc(idc) private - def after_sign_in_path_for(resource_or_scope) + def after_sign_in_path_for(_resource_or_scope) registrant_root_path end - def after_sign_out_path_for(resource_or_scope) + def after_sign_out_path_for(_resource_or_scope) new_registrant_user_session_path end end \ No newline at end of file diff --git a/app/controllers/registrar/dashboard_controller.rb b/app/controllers/registrar/dashboard_controller.rb index 468c7513ab..2b8fd2430f 100644 --- a/app/controllers/registrar/dashboard_controller.rb +++ b/app/controllers/registrar/dashboard_controller.rb @@ -2,7 +2,6 @@ class Registrar class DashboardController < BaseController authorize_resource class: false - def show - end + def show; end end end \ No newline at end of file diff --git a/app/controllers/registrar/domain_transfers_controller.rb b/app/controllers/registrar/domain_transfers_controller.rb index 71cbb306d3..acacc3ef4b 100644 --- a/app/controllers/registrar/domain_transfers_controller.rb +++ b/app/controllers/registrar/domain_transfers_controller.rb @@ -21,7 +21,8 @@ def create uri = URI.parse("#{ENV['repp_url']}domain_transfers") request = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json') request.body = { data: { domainTransfers: domain_transfers } }.to_json - request.basic_auth(current_registrar_user.username, current_registrar_user.plain_text_password) + request.basic_auth(current_registrar_user.username, + current_registrar_user.plain_text_password) if Rails.env.test? diff --git a/app/controllers/registrar/invoices_controller.rb b/app/controllers/registrar/invoices_controller.rb index 548e47ebe1..c29558e0ff 100644 --- a/app/controllers/registrar/invoices_controller.rb +++ b/app/controllers/registrar/invoices_controller.rb @@ -6,7 +6,8 @@ class InvoicesController < BaseController def index params[:q] ||= {} - invoices = current_registrar_user.registrar.invoices.includes(:invoice_items, :account_activity) + invoices = current_registrar_user.registrar.invoices + .includes(:invoice_items, :account_activity) normalize_search_parameters do @q = invoices.search(params[:q]) diff --git a/app/controllers/registrar/nameservers_controller.rb b/app/controllers/registrar/nameservers_controller.rb index af2e00f7fe..95da7e329a 100644 --- a/app/controllers/registrar/nameservers_controller.rb +++ b/app/controllers/registrar/nameservers_controller.rb @@ -12,7 +12,8 @@ def update attributes: { hostname: params[:new_hostname], ipv4: ipv4, ipv6: ipv6 } } }.to_json - request.basic_auth(current_registrar_user.username, current_registrar_user.plain_text_password) + request.basic_auth(current_registrar_user.username, + current_registrar_user.plain_text_password) if Rails.env.test? response = Net::HTTP.start(uri.hostname, uri.port, diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb index e1c98785b7..b3998f0461 100644 --- a/app/controllers/registrar/sessions_controller.rb +++ b/app/controllers/registrar/sessions_controller.rb @@ -171,11 +171,11 @@ def check_ip_restriction render text: t('registrar.authorization.ip_not_allowed', ip: request.ip) end - def after_sign_in_path_for(resource_or_scope) + def after_sign_in_path_for(_resource_or_scope) registrar_root_path end - def after_sign_out_path_for(resource_or_scope) + def after_sign_out_path_for(_resource_or_scope) new_registrar_user_session_path end diff --git a/app/controllers/registrar/tech_contacts_controller.rb b/app/controllers/registrar/tech_contacts_controller.rb index 22d667a419..1d459ef0f7 100644 --- a/app/controllers/registrar/tech_contacts_controller.rb +++ b/app/controllers/registrar/tech_contacts_controller.rb @@ -8,7 +8,8 @@ def update request = Net::HTTP::Patch.new(uri) request.set_form_data(current_contact_id: params[:current_contact_id], new_contact_id: params[:new_contact_id]) - request.basic_auth(current_registrar_user.username, current_registrar_user.plain_text_password) + request.basic_auth(current_registrar_user.username, + current_registrar_user.plain_text_password) if Rails.env.test? response = Net::HTTP.start(uri.hostname, uri.port, diff --git a/app/models/api_user.rb b/app/models/api_user.rb index da3497dd84..ccc71eac00 100644 --- a/app/models/api_user.rb +++ b/app/models/api_user.rb @@ -7,7 +7,7 @@ class ApiUser < User def epp_code_map { '2306' => [ # Parameter policy error - [:plain_text_password, :blank] + %i[plain_text_password blank] ] } end From 6f0c8862360cf811274375e36133f76a57e25d20 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Mon, 16 Jul 2018 00:58:22 +0300 Subject: [PATCH 23/59] Add tests --- .../epp/login/password_change_test.rb | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 test/integration/epp/login/password_change_test.rb diff --git a/test/integration/epp/login/password_change_test.rb b/test/integration/epp/login/password_change_test.rb new file mode 100644 index 0000000000..4851d2bd88 --- /dev/null +++ b/test/integration/epp/login/password_change_test.rb @@ -0,0 +1,33 @@ +require 'test_helper' + +class EppLoginCredentialsTest < ActionDispatch::IntegrationTest + def test_password_change + request_xml = <<-XML + + + + + test_bestnames + testtest + new-password + + 1.0 + en + + + https://epp.tld.ee/schema/domain-eis-1.0.xsd + https://epp.tld.ee/schema/contact-ee-1.1.xsd + urn:ietf:params:xml:ns:host-1.0 + urn:ietf:params:xml:ns:keyrelay-1.0 + + + + + XML + + post '/epp/session/login', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=new_session_id' } + assert_equal 'new-password', users(:api_bestnames).plain_text_password + assert_equal '1000', Nokogiri::XML(response.body).at_css('result')[:code] + assert_equal 1, Nokogiri::XML(response.body).css('result').size + end +end \ No newline at end of file From f1cbdec8e778815534690725b38282f81bc9828f Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Mon, 16 Jul 2018 01:06:30 +0300 Subject: [PATCH 24/59] Supply PaperTrail with current user --- app/controllers/application_controller.rb | 4 ---- app/controllers/registrant/sessions_controller.rb | 4 ++++ app/controllers/registrant_controller.rb | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 518b752b7e..dec34acbf2 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -32,8 +32,4 @@ def comma_support_for(parent_key, key) def available_languages { en: 'English', et: 'Estonian' }.invert end - - def user_for_paper_trail - current_user.present? ? current_user.id_role_username : 'public' - end end \ No newline at end of file diff --git a/app/controllers/registrant/sessions_controller.rb b/app/controllers/registrant/sessions_controller.rb index 38efe94069..6dabd8e8c2 100644 --- a/app/controllers/registrant/sessions_controller.rb +++ b/app/controllers/registrant/sessions_controller.rb @@ -105,4 +105,8 @@ def after_sign_in_path_for(_resource_or_scope) def after_sign_out_path_for(_resource_or_scope) new_registrant_user_session_path end + + def user_for_paper_trail + current_registrant_user.present? ? current_registrant_user.id_role_username : 'guest' + end end \ No newline at end of file diff --git a/app/controllers/registrant_controller.rb b/app/controllers/registrant_controller.rb index 76be97a1fc..2d5d3f0d7b 100644 --- a/app/controllers/registrant_controller.rb +++ b/app/controllers/registrant_controller.rb @@ -17,6 +17,6 @@ def current_ability end def user_for_paper_trail - current_registrant_user.present? ? current_registrant_user.id_role_username : 'public' + current_registrant_user.present? ? current_registrant_user.id_role_username : 'guest' end end \ No newline at end of file From 989bb3254843b4945ab7018cbf016f3a98f7f0d4 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Mon, 16 Jul 2018 01:31:36 +0300 Subject: [PATCH 25/59] Improve readability --- app/controllers/admin/base_controller.rb | 2 +- app/controllers/admin/sessions_controller.rb | 2 +- app/controllers/registrant/sessions_controller.rb | 2 +- app/controllers/registrant_controller.rb | 2 +- app/controllers/registrar/base_controller.rb | 2 +- app/controllers/registrar/sessions_controller.rb | 2 +- test/integration/admin/protected_area_test.rb | 2 +- test/integration/registrar/protected_area_test.rb | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/controllers/admin/base_controller.rb b/app/controllers/admin/base_controller.rb index fe652b2db1..17e75785a4 100644 --- a/app/controllers/admin/base_controller.rb +++ b/app/controllers/admin/base_controller.rb @@ -14,7 +14,7 @@ def current_ability end def user_for_paper_trail - current_admin_user ? current_admin_user.id_role_username : 'guest' + current_admin_user ? current_admin_user.id_role_username : 'anonymous' end end end \ No newline at end of file diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index c0b47e687d..a4a286cc18 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -33,7 +33,7 @@ def after_sign_out_path_for(_resource_or_scope) end def user_for_paper_trail - current_admin_user ? current_admin_user.id_role_username : 'guest' + current_admin_user ? current_admin_user.id_role_username : 'anonymous' end end end \ No newline at end of file diff --git a/app/controllers/registrant/sessions_controller.rb b/app/controllers/registrant/sessions_controller.rb index 6dabd8e8c2..db403b2a56 100644 --- a/app/controllers/registrant/sessions_controller.rb +++ b/app/controllers/registrant/sessions_controller.rb @@ -107,6 +107,6 @@ def after_sign_out_path_for(_resource_or_scope) end def user_for_paper_trail - current_registrant_user.present? ? current_registrant_user.id_role_username : 'guest' + current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous' end end \ No newline at end of file diff --git a/app/controllers/registrant_controller.rb b/app/controllers/registrant_controller.rb index 2d5d3f0d7b..9e8c1998e8 100644 --- a/app/controllers/registrant_controller.rb +++ b/app/controllers/registrant_controller.rb @@ -17,6 +17,6 @@ def current_ability end def user_for_paper_trail - current_registrant_user.present? ? current_registrant_user.id_role_username : 'guest' + current_registrant_user.present? ? current_registrant_user.id_role_username : 'anonymous' end end \ No newline at end of file diff --git a/app/controllers/registrar/base_controller.rb b/app/controllers/registrar/base_controller.rb index 23a5a9954e..499d445944 100644 --- a/app/controllers/registrar/base_controller.rb +++ b/app/controllers/registrar/base_controller.rb @@ -36,7 +36,7 @@ def head_title_sufix end def user_for_paper_trail - current_registrar_user ? current_registrar_user.id_role_username : 'guest' + current_registrar_user ? current_registrar_user.id_role_username : 'anonymous' end end end diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb index b3998f0461..5a7bce72f9 100644 --- a/app/controllers/registrar/sessions_controller.rb +++ b/app/controllers/registrar/sessions_controller.rb @@ -180,7 +180,7 @@ def after_sign_out_path_for(_resource_or_scope) end def user_for_paper_trail - current_registrar_user ? current_registrar_user.id_role_username : 'guest' + current_registrar_user ? current_registrar_user.id_role_username : 'anonymous' end end end \ No newline at end of file diff --git a/test/integration/admin/protected_area_test.rb b/test/integration/admin/protected_area_test.rb index b13e335ce0..59edb04c3c 100644 --- a/test/integration/admin/protected_area_test.rb +++ b/test/integration/admin/protected_area_test.rb @@ -1,7 +1,7 @@ require 'test_helper' class AdminAreaProtectedAreaTest < ActionDispatch::IntegrationTest - def test_unauthenticated_user_is_asked_to_authenticate_when_navigating_to_protected_area + def test_anonymous_user_is_asked_to_authenticate_when_navigating_to_protected_area visit admin_domains_url assert_text 'You need to sign in before continuing' assert_current_path new_admin_user_session_path diff --git a/test/integration/registrar/protected_area_test.rb b/test/integration/registrar/protected_area_test.rb index 967a37dec8..48de0bbb82 100644 --- a/test/integration/registrar/protected_area_test.rb +++ b/test/integration/registrar/protected_area_test.rb @@ -1,7 +1,7 @@ require 'test_helper' class RegistrarAreaProtectedAreaTest < ActionDispatch::IntegrationTest - def test_unauthenticated_user_is_asked_to_authenticate_when_navigating_to_protected_area + def test_anonymous_user_is_asked_to_authenticate_when_navigating_to_protected_area visit registrar_domains_url assert_text 'You need to sign in before continuing' assert_current_path new_registrar_user_session_path From a2451f4a13149ae6386d05e9bfba2585c273690a Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 18 Jul 2018 12:14:24 +0300 Subject: [PATCH 26/59] Fix test name --- test/integration/epp/login/password_change_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/epp/login/password_change_test.rb b/test/integration/epp/login/password_change_test.rb index 4851d2bd88..69c3140b62 100644 --- a/test/integration/epp/login/password_change_test.rb +++ b/test/integration/epp/login/password_change_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class EppLoginCredentialsTest < ActionDispatch::IntegrationTest +class EppLoginPasswordChangeTest < ActionDispatch::IntegrationTest def test_password_change request_xml = <<-XML From 5561825584f1f187b25b75e81966745f7ce9da92 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 18 Jul 2018 20:02:05 +0300 Subject: [PATCH 27/59] Use standard Devise sessions controller in admin area Fixes a bug when retrying to login with correct credentials --- app/controllers/admin/sessions_controller.rb | 22 -------------- app/models/admin_user.rb | 3 +- app/views/admin/sessions/_links.html.erb | 29 +++++++++++++++++++ app/views/admin/sessions/new.haml | 15 ---------- app/views/admin/sessions/new.html.erb | 30 ++++++++++++++++++++ app/views/admin/shared/_errors.haml | 5 ---- config/locales/admin/sessions.en.yml | 6 ++++ test/integration/admin/login_test.rb | 25 +++++++++++++--- 8 files changed, 88 insertions(+), 47 deletions(-) create mode 100644 app/views/admin/sessions/_links.html.erb delete mode 100644 app/views/admin/sessions/new.haml create mode 100644 app/views/admin/sessions/new.html.erb delete mode 100644 app/views/admin/shared/_errors.haml create mode 100644 config/locales/admin/sessions.en.yml diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index a4a286cc18..f4feefc3a8 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -1,27 +1,5 @@ module Admin class SessionsController < Devise::SessionsController - def new - @admin_user = AdminUser.new - end - - def create - if params[:admin_user].blank? - @admin_user = AdminUser.new - flash[:alert] = 'Something went wrong' - return render :new - end - - @admin_user = AdminUser.find_by(username: params[:admin_user][:username]) - @admin_user ||= AdminUser.new(username: params[:admin_user][:username]) - - if @admin_user.valid_password?(params[:admin_user][:password]) - sign_in_and_redirect(:admin_user, @admin_user, event: :authentication) - else - flash[:alert] = 'Authorization error' - render :new - end - end - private def after_sign_in_path_for(_resource_or_scope) diff --git a/app/models/admin_user.rb b/app/models/admin_user.rb index b53d6531a9..07686e9212 100644 --- a/app/models/admin_user.rb +++ b/app/models/admin_user.rb @@ -9,7 +9,8 @@ class AdminUser < User ROLES = %w(user customer_service admin) # should not match to api_users roles - devise :database_authenticatable, :trackable, :validatable, :timeoutable + devise :database_authenticatable, :trackable, :validatable, :timeoutable, + authentication_keys: [:username] def self.min_password_length Devise.password_length.min diff --git a/app/views/admin/sessions/_links.html.erb b/app/views/admin/sessions/_links.html.erb new file mode 100644 index 0000000000..93dadb0d8a --- /dev/null +++ b/app/views/admin/sessions/_links.html.erb @@ -0,0 +1,29 @@ +<%- if controller_name != 'sessions' %> + <%= link_to "Log in", new_session_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.registerable? && controller_name != 'registrations' %> + <%= link_to "Sign up", new_registration_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.recoverable? && controller_name != 'passwords' && + controller_name != 'registrations' %> + <%= link_to "Forgot your password?", new_password_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.confirmable? && controller_name != 'confirmations' %> + <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %> +
+<% end -%> + +<%- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && + controller_name != 'unlocks' %> + <%= link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name) %>
+<% end -%> + +<%- if devise_mapping.omniauthable? %> + <%- resource_class.omniauth_providers.each do |provider| %> + <%= link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", + omniauth_authorize_path(resource_name, provider) %>
+ <% end -%> +<% end -%> diff --git a/app/views/admin/sessions/new.haml b/app/views/admin/sessions/new.haml deleted file mode 100644 index d37461c855..0000000000 --- a/app/views/admin/sessions/new.haml +++ /dev/null @@ -1,15 +0,0 @@ -.row - .form-signin.col-md-6.center-block.text-center - %h2.form-signin-heading.text-center Eesti Interneti SA - %hr - .form-signin - = form_for(@admin_user, url: admin_user_session_path, html: {class: 'form-signin'}) do |f| - = render 'admin/shared/errors', object: f.object - - - error_class = f.object.errors.any? ? 'has-error' : '' - %div{class: error_class} - = f.text_field :username, class: 'form-control', placeholder: t(:username), required: true - = f.password_field :password, class: 'form-control', - autocomplete: 'off', placeholder: t(:password), required: true - %button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t(:log_in) - diff --git a/app/views/admin/sessions/new.html.erb b/app/views/admin/sessions/new.html.erb new file mode 100644 index 0000000000..5e655d9a6d --- /dev/null +++ b/app/views/admin/sessions/new.html.erb @@ -0,0 +1,30 @@ +
+ <%= form_for resource, as: resource_name, url: session_path(resource_name), + html: { class: 'col-md-6 form-signin center-block text-center' } do |f| %> + + +
+ + <%= f.label :username, class: 'sr-only' %> + <%= f.text_field :username, placeholder: AdminUser.human_attribute_name(:username), + required: true, + autofocus: true, + class: 'form-control' %> + + <%= f.label :password, class: 'sr-only' %> + <%= f.password_field :password, placeholder: AdminUser.human_attribute_name(:password), + required: true, + autocomplete: 'off', + class: 'form-control' %> + + <% if devise_mapping.rememberable? -%> +
+ +
+ <% end -%> + + <%= f.submit t('.sign_in_btn'), class: 'btn btn-lg btn-primary btn-block' %> + <% end %> +
+ +<%= render 'links' %> \ No newline at end of file diff --git a/app/views/admin/shared/_errors.haml b/app/views/admin/shared/_errors.haml deleted file mode 100644 index 50eb6de125..0000000000 --- a/app/views/admin/shared/_errors.haml +++ /dev/null @@ -1,5 +0,0 @@ -- if object.errors.any? - %p.text-danger - - object.errors.each do |attr, err| - = err - %br diff --git a/config/locales/admin/sessions.en.yml b/config/locales/admin/sessions.en.yml new file mode 100644 index 0000000000..154227b65d --- /dev/null +++ b/config/locales/admin/sessions.en.yml @@ -0,0 +1,6 @@ +en: + admin: + sessions: + new: + sign_in_btn: Sign in + remember_checkbox: Remember me \ No newline at end of file diff --git a/test/integration/admin/login_test.rb b/test/integration/admin/login_test.rb index 898c8b1489..c5aa98a11a 100644 --- a/test/integration/admin/login_test.rb +++ b/test/integration/admin/login_test.rb @@ -9,9 +9,9 @@ def test_correct_username_and_password visit new_admin_user_session_url fill_in 'admin_user_username', with: @user.username fill_in 'admin_user_password', with: 'testtest' - click_button 'Log in' + click_button 'Sign in' - assert_text 'Log out' + assert_text 'Signed in successfully' assert_current_path admin_root_path end @@ -19,9 +19,26 @@ def test_wrong_password visit new_admin_user_session_url fill_in 'admin_user_username', with: @user.username fill_in 'admin_user_password', with: 'wrong' - click_button 'Log in' + click_button 'Sign in' - assert_text 'Authorization error' + assert_text 'Invalid Username or password' assert_current_path new_admin_user_session_path end + + def test_retry_with_correct_credentials + visit new_admin_user_session_url + fill_in 'admin_user_username', with: @user.username + fill_in 'admin_user_password', with: 'wrong' + click_button 'Sign in' + + assert_text 'Invalid Username or password' + assert_current_path new_admin_user_session_path + + fill_in 'admin_user_username', with: @user.username + fill_in 'admin_user_password', with: 'testtest' + click_button 'Sign in' + + assert_text 'Signed in successfully' + assert_current_path admin_root_path + end end \ No newline at end of file From 7e356730e27ef551e6b268591f69b3104b29f8ab Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 18 Jul 2018 22:52:21 +0300 Subject: [PATCH 28/59] Fix spec helper --- spec/support/features/session_helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/support/features/session_helpers.rb b/spec/support/features/session_helpers.rb index 1667db48cb..b0e7668fe6 100644 --- a/spec/support/features/session_helpers.rb +++ b/spec/support/features/session_helpers.rb @@ -6,7 +6,7 @@ def sign_in_to_admin_area(user: create(:admin_user)) fill_in 'admin_user[username]', with: user.username fill_in 'admin_user[password]', with: user.password - click_button 'Log in' + click_button 'Sign in' end def sign_in_to_registrar_area(user: create(:api_user)) From 2e1ed2733ac19801ffc01d2058e75a079daea6ab Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 18 Jul 2018 23:24:56 +0300 Subject: [PATCH 29/59] Extract translation --- app/views/admin/sessions/new.html.erb | 2 +- config/locales/admin/sessions.en.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/app/views/admin/sessions/new.html.erb b/app/views/admin/sessions/new.html.erb index 5e655d9a6d..5160cf945c 100644 --- a/app/views/admin/sessions/new.html.erb +++ b/app/views/admin/sessions/new.html.erb @@ -1,7 +1,7 @@
<%= form_for resource, as: resource_name, url: session_path(resource_name), html: { class: 'col-md-6 form-signin center-block text-center' } do |f| %> - +

<%= t '.header_html' %>

diff --git a/config/locales/admin/sessions.en.yml b/config/locales/admin/sessions.en.yml index 154227b65d..b3a47b553d 100644 --- a/config/locales/admin/sessions.en.yml +++ b/config/locales/admin/sessions.en.yml @@ -2,5 +2,6 @@ en: admin: sessions: new: + header_html: Eesti Interneti SA
Admin portal sign_in_btn: Sign in remember_checkbox: Remember me \ No newline at end of file From e369d90e200f9f9def4247a2ce71c547b74d4d2f Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 00:23:17 +0300 Subject: [PATCH 30/59] Make UI consistent --- app/views/admin/base/_menu.haml | 2 +- config/locales/admin/base.en.yml | 5 +++++ test/integration/admin/logout_test.rb | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 config/locales/admin/base.en.yml diff --git a/app/views/admin/base/_menu.haml b/app/views/admin/base/_menu.haml index 957b7826da..833efb8891 100644 --- a/app/views/admin/base/_menu.haml +++ b/app/views/admin/base/_menu.haml @@ -41,4 +41,4 @@ - if signed_in? %ul.nav.navbar-nav.navbar-right - %li= link_to t(:log_out, user: current_admin_user), destroy_admin_user_session_path, method: :delete, class: 'navbar-link' + %li= link_to t('.sign_out'), destroy_admin_user_session_path, method: :delete, class: 'navbar-link' diff --git a/config/locales/admin/base.en.yml b/config/locales/admin/base.en.yml new file mode 100644 index 0000000000..c092815cf6 --- /dev/null +++ b/config/locales/admin/base.en.yml @@ -0,0 +1,5 @@ +en: + admin: + base: + menu: + sign_out: Sign out \ No newline at end of file diff --git a/test/integration/admin/logout_test.rb b/test/integration/admin/logout_test.rb index f157769930..159dc8de3c 100644 --- a/test/integration/admin/logout_test.rb +++ b/test/integration/admin/logout_test.rb @@ -7,7 +7,7 @@ def setup def test_logout visit admin_root_url - click_on 'Log out' + click_on 'Sign out' assert_text 'Signed out successfully' assert_current_path new_admin_user_session_path From 2374d947148de8cd8645fda2064bfa72ff884295 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 00:24:10 +0300 Subject: [PATCH 31/59] Remove unneeded condition --- app/views/admin/base/_menu.haml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/admin/base/_menu.haml b/app/views/admin/base/_menu.haml index 833efb8891..6c8e152018 100644 --- a/app/views/admin/base/_menu.haml +++ b/app/views/admin/base/_menu.haml @@ -39,6 +39,6 @@ %li= link_to t('.repp_log'), admin_repp_logs_path(created_after: 'today') %li= link_to t('.que'), '/admin/que' - - if signed_in? - %ul.nav.navbar-nav.navbar-right - %li= link_to t('.sign_out'), destroy_admin_user_session_path, method: :delete, class: 'navbar-link' + %ul.nav.navbar-nav.navbar-right + %li= link_to t('.sign_out'), destroy_admin_user_session_path, method: :delete, + class: 'navbar-link' \ No newline at end of file From bf33565d0edd8db9b0c2d3d8a403212af75e92be Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 00:40:43 +0300 Subject: [PATCH 32/59] Improve readability --- test/integration/admin/login_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/admin/login_test.rb b/test/integration/admin/login_test.rb index c5aa98a11a..364b6a0baf 100644 --- a/test/integration/admin/login_test.rb +++ b/test/integration/admin/login_test.rb @@ -25,7 +25,7 @@ def test_wrong_password assert_current_path new_admin_user_session_path end - def test_retry_with_correct_credentials + def test_retry_with_correct_username_and_password visit new_admin_user_session_url fill_in 'admin_user_username', with: @user.username fill_in 'admin_user_password', with: 'wrong' From 8606775035daed70459e9a7a9a808fa296f415bf Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 14:45:18 +0300 Subject: [PATCH 33/59] Fix registrar area login URL --- config/routes.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/routes.rb b/config/routes.rb index ba7804de3b..a2554817d3 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -22,7 +22,9 @@ namespace :registrar do root 'dashboard#show' - devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' }, + # /registrar/sessions path is hardcoded in Apache config for certificate-based authentication + # See https://github.com/internetee/registry/blob/master/README.md#installation + devise_for :users, path: 'sessions', path_names: { sign_in: 'login', sign_out: 'logout' }, class_name: 'ApiUser' devise_scope :registrar_user do get 'login/mid' => 'sessions#login_mid' From 2fce31e81b294871a5e08cfb3f2522e71e6dbc30 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 14:51:09 +0300 Subject: [PATCH 34/59] Remove Devise route customizations --- config/routes.rb | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/config/routes.rb b/config/routes.rb index a2554817d3..4dc186cde8 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -24,8 +24,7 @@ # /registrar/sessions path is hardcoded in Apache config for certificate-based authentication # See https://github.com/internetee/registry/blob/master/README.md#installation - devise_for :users, path: 'sessions', path_names: { sign_in: 'login', sign_out: 'logout' }, - class_name: 'ApiUser' + devise_for :users, path: 'sessions', class_name: 'ApiUser' devise_scope :registrar_user do get 'login/mid' => 'sessions#login_mid' post 'login/mid' => 'sessions#mid' @@ -100,8 +99,7 @@ namespace :registrant do root 'domains#index' - devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' }, - class_name: 'RegistrantUser' + devise_for :users, path: '', class_name: 'RegistrantUser' devise_scope :registrant_user do get 'login/mid' => 'sessions#login_mid' post 'login/mid' => 'sessions#mid' @@ -141,8 +139,7 @@ # ADMIN ROUTES namespace :admin do root 'dashboard#show' - devise_for :users, path: '', path_names: { sign_in: 'login', sign_out: 'logout' }, - class_name: 'AdminUser' + devise_for :users, path: '', class_name: 'AdminUser' resources :keyrelays resources :zonefiles From 7dcfdb0a5ac7db5727dbacc073844587bafac2de Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 15:22:42 +0300 Subject: [PATCH 35/59] Remove dead code --- config/routes.rb | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/config/routes.rb b/config/routes.rb index 4dc186cde8..1eddf4c6c2 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -122,18 +122,6 @@ resources :domain_update_confirms, only: %i[show update] resources :domain_delete_confirms, only: %i[show update] - - devise_scope :user do - get 'login' => 'sessions#login' - get 'login/mid' => 'sessions#login_mid' - post 'login/mid' => 'sessions#mid' - post 'login/mid_status' => 'sessions#mid_status' - - post 'sessions' => 'sessions#create' - post 'mid' => 'sessions#mid' - post 'id' => 'sessions#id' - get 'logout' => '/devise/sessions#destroy' - end end # ADMIN ROUTES From 1babdf33af70c70254a281cbbcf466ffcf40029f Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 16:32:47 +0300 Subject: [PATCH 36/59] Add comment --- config/routes.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/config/routes.rb b/config/routes.rb index 1eddf4c6c2..7988b7a66f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -99,6 +99,7 @@ namespace :registrant do root 'domains#index' + # POST /registrant/sign_in is not used devise_for :users, path: '', class_name: 'RegistrantUser' devise_scope :registrant_user do get 'login/mid' => 'sessions#login_mid' From 97650e2a6a3da27d066c2ade480ef259d7877bb0 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 16:55:42 +0300 Subject: [PATCH 37/59] Fix root route --- config/routes.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/routes.rb b/config/routes.rb index 7988b7a66f..8ecfd93600 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -235,5 +235,6 @@ end end - root to: redirect('admin/login') + # To prevent users seeing the default welcome message "Welcome aboard" from Rails + root to: redirect('admin/sign_in') end \ No newline at end of file From c1066f12c6e2270bc7d0ad6f8093066ab3757b8d Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 21:40:01 +0300 Subject: [PATCH 38/59] Fix registrar area authenticated root path --- app/controllers/registrar/sessions_controller.rb | 10 +++++++++- test/integration/registrar/login_test.rb | 2 +- test/integration/registrar/protected_area_test.rb | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/app/controllers/registrar/sessions_controller.rb b/app/controllers/registrar/sessions_controller.rb index 5a7bce72f9..c45c930e12 100644 --- a/app/controllers/registrar/sessions_controller.rb +++ b/app/controllers/registrar/sessions_controller.rb @@ -171,8 +171,16 @@ def check_ip_restriction render text: t('registrar.authorization.ip_not_allowed', ip: request.ip) end + def current_ability + @current_ability ||= Ability.new(current_registrar_user, request.remote_ip) + end + def after_sign_in_path_for(_resource_or_scope) - registrar_root_path + if can?(:show, :poll) + registrar_poll_path + else + registrar_root_path + end end def after_sign_out_path_for(_resource_or_scope) diff --git a/test/integration/registrar/login_test.rb b/test/integration/registrar/login_test.rb index bfacd3c166..a70a9cf251 100644 --- a/test/integration/registrar/login_test.rb +++ b/test/integration/registrar/login_test.rb @@ -12,7 +12,7 @@ def test_correct_username_and_password click_button 'Login' assert_text 'Log out' - assert_current_path registrar_root_path + assert_current_path registrar_poll_path end def test_wrong_password diff --git a/test/integration/registrar/protected_area_test.rb b/test/integration/registrar/protected_area_test.rb index 48de0bbb82..dd7f469808 100644 --- a/test/integration/registrar/protected_area_test.rb +++ b/test/integration/registrar/protected_area_test.rb @@ -17,6 +17,6 @@ def test_authenticated_user_is_not_asked_to_authenticate_again sign_in users(:api_bestnames) visit new_registrar_user_session_url assert_text 'You are already signed in' - assert_current_path registrar_root_path + assert_current_path registrar_poll_path end end \ No newline at end of file From b9d431427affd86c79eca0c587565ea70b347e35 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 21:52:02 +0300 Subject: [PATCH 39/59] Convert HAML to ERB --- app/views/registrant/sessions/new.haml | 11 ----------- app/views/registrant/sessions/new.html.erb | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 11 deletions(-) delete mode 100644 app/views/registrant/sessions/new.haml create mode 100644 app/views/registrant/sessions/new.html.erb diff --git a/app/views/registrant/sessions/new.haml b/app/views/registrant/sessions/new.haml deleted file mode 100644 index c24b19acaa..0000000000 --- a/app/views/registrant/sessions/new.haml +++ /dev/null @@ -1,11 +0,0 @@ -.row - .form-signin.col-md-6.center-block.text-center - %h2.form-signin-heading.text-center= t(:log_in) - %hr - .row - =t "only_estonian_residets_can_signin" - %br - = link_to '/registrant/login/mid' do - = image_tag 'mid.gif' - = link_to '/registrant/id', method: :post do - = image_tag 'id_card.gif' diff --git a/app/views/registrant/sessions/new.html.erb b/app/views/registrant/sessions/new.html.erb new file mode 100644 index 0000000000..712139f43e --- /dev/null +++ b/app/views/registrant/sessions/new.html.erb @@ -0,0 +1,18 @@ +
+ +
From abe3df24e23fe5fa69887587441c3e77e7b0a22c Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 19 Jul 2018 21:57:27 +0300 Subject: [PATCH 40/59] Extract translations --- app/views/registrant/sessions/new.html.erb | 6 +++--- config/locales/en.yml | 1 - config/locales/registrant/sessions.en.yml | 8 ++++++++ 3 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 config/locales/registrant/sessions.en.yml diff --git a/app/views/registrant/sessions/new.html.erb b/app/views/registrant/sessions/new.html.erb index 712139f43e..d711601b3d 100644 --- a/app/views/registrant/sessions/new.html.erb +++ b/app/views/registrant/sessions/new.html.erb @@ -1,11 +1,11 @@
-
+
\ No newline at end of file diff --git a/config/locales/en.yml b/config/locales/en.yml index 6efaab51f0..525baee17f 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -731,7 +731,6 @@ en: test_registrar: "Test registrar" verified_confirm: 'Verified status is for cases when current registrant is the one applying for the update. Legal document signed by the registrant is required. Are you sure this update is properly verified with the registrant?' verified: 'Verified' - only_estonian_residets_can_signin: "Access currently available only to Estonian citizens and e-residents with Estonian ID-card or Mobile-ID." deleted: 'Deleted' cant_match_version: 'Impossible match version with request' user_not_authenticated: "user not authenticated" diff --git a/config/locales/registrant/sessions.en.yml b/config/locales/registrant/sessions.en.yml new file mode 100644 index 0000000000..37d03e4425 --- /dev/null +++ b/config/locales/registrant/sessions.en.yml @@ -0,0 +1,8 @@ +en: + registrant: + sessions: + new: + header: Log in + hint: >- + Access currently available only to Estonian citizens and e-residents with Estonian ID-card + or Mobile-ID. \ No newline at end of file From 6de31605d99710d887bd84e7245a1ec66ed3c9c5 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 8 Aug 2018 19:36:14 +0300 Subject: [PATCH 41/59] Integrate master branch --- .../api_user => system/admin_area/api_users}/new_test.rb | 2 +- .../admin => system/admin_area}/protected_area_test.rb | 2 +- .../admin/login_test.rb => system/admin_area/sign_in_test.rb} | 2 +- .../logout_test.rb => system/admin_area/sign_out_test.rb} | 2 +- .../registrar_area}/protected_area_test.rb | 2 +- .../{sign_in_test.rb => sign_in/mobile_id_test.rb} | 4 ++-- .../registrar_area/sign_in/password_test.rb} | 2 +- .../logout_test.rb => system/registrar_area/sign_out_test.rb} | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) rename test/{integration/admin/api_user => system/admin_area/api_users}/new_test.rb (90%) rename test/{integration/admin => system/admin_area}/protected_area_test.rb (90%) rename test/{integration/admin/login_test.rb => system/admin_area/sign_in_test.rb} (95%) rename test/{integration/admin/logout_test.rb => system/admin_area/sign_out_test.rb} (79%) rename test/{integration/registrar => system/registrar_area}/protected_area_test.rb (90%) rename test/system/registrar_area/{sign_in_test.rb => sign_in/mobile_id_test.rb} (89%) rename test/{integration/registrar/login_test.rb => system/registrar_area/sign_in/password_test.rb} (93%) rename test/{integration/registrar/logout_test.rb => system/registrar_area/sign_out_test.rb} (79%) diff --git a/test/integration/admin/api_user/new_test.rb b/test/system/admin_area/api_users/new_test.rb similarity index 90% rename from test/integration/admin/api_user/new_test.rb rename to test/system/admin_area/api_users/new_test.rb index 32b2e1188e..aed012fdc3 100644 --- a/test/integration/admin/api_user/new_test.rb +++ b/test/system/admin_area/api_users/new_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class AdminAreaNewApiUserTest < ActionDispatch::IntegrationTest +class AdminAreaNewApiUserTest < ApplicationSystemTestCase setup do sign_in users(:admin) end diff --git a/test/integration/admin/protected_area_test.rb b/test/system/admin_area/protected_area_test.rb similarity index 90% rename from test/integration/admin/protected_area_test.rb rename to test/system/admin_area/protected_area_test.rb index 59edb04c3c..8aea012f00 100644 --- a/test/integration/admin/protected_area_test.rb +++ b/test/system/admin_area/protected_area_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class AdminAreaProtectedAreaTest < ActionDispatch::IntegrationTest +class AdminAreaProtectedAreaTest < ApplicationSystemTestCase def test_anonymous_user_is_asked_to_authenticate_when_navigating_to_protected_area visit admin_domains_url assert_text 'You need to sign in before continuing' diff --git a/test/integration/admin/login_test.rb b/test/system/admin_area/sign_in_test.rb similarity index 95% rename from test/integration/admin/login_test.rb rename to test/system/admin_area/sign_in_test.rb index 364b6a0baf..dcef0e3aa9 100644 --- a/test/integration/admin/login_test.rb +++ b/test/system/admin_area/sign_in_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class AdminAreaLoginTest < ActionDispatch::IntegrationTest +class AdminAreaSignInTest < ApplicationSystemTestCase def setup @user = users(:admin) end diff --git a/test/integration/admin/logout_test.rb b/test/system/admin_area/sign_out_test.rb similarity index 79% rename from test/integration/admin/logout_test.rb rename to test/system/admin_area/sign_out_test.rb index 159dc8de3c..046abba954 100644 --- a/test/integration/admin/logout_test.rb +++ b/test/system/admin_area/sign_out_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class AdminAreaLogoutTest < ActionDispatch::IntegrationTest +class AdminAreaSignOutTest < ApplicationSystemTestCase def setup sign_in users(:admin) end diff --git a/test/integration/registrar/protected_area_test.rb b/test/system/registrar_area/protected_area_test.rb similarity index 90% rename from test/integration/registrar/protected_area_test.rb rename to test/system/registrar_area/protected_area_test.rb index dd7f469808..08dd6a63e8 100644 --- a/test/integration/registrar/protected_area_test.rb +++ b/test/system/registrar_area/protected_area_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class RegistrarAreaProtectedAreaTest < ActionDispatch::IntegrationTest +class RegistrarAreaProtectedAreaTest < ApplicationSystemTestCase def test_anonymous_user_is_asked_to_authenticate_when_navigating_to_protected_area visit registrar_domains_url assert_text 'You need to sign in before continuing' diff --git a/test/system/registrar_area/sign_in_test.rb b/test/system/registrar_area/sign_in/mobile_id_test.rb similarity index 89% rename from test/system/registrar_area/sign_in_test.rb rename to test/system/registrar_area/sign_in/mobile_id_test.rb index 840839cccb..ecca00c56f 100644 --- a/test/system/registrar_area/sign_in_test.rb +++ b/test/system/registrar_area/sign_in/mobile_id_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class RegistrarAreaSignInTest < JavaScriptApplicationSystemTestCase +class RegistrarAreaMobileIDSignInTest < JavaScriptApplicationSystemTestCase def setup super WebMock.allow_net_connect! @@ -10,7 +10,7 @@ def setup @user.save end - def test_mobile_id_sign_in_page + def test_valid_phone_number mock_client = Minitest::Mock.new mock_client.expect(:authenticate, OpenStruct.new(user_id_code: '1234', challenge_id: '1234'), diff --git a/test/integration/registrar/login_test.rb b/test/system/registrar_area/sign_in/password_test.rb similarity index 93% rename from test/integration/registrar/login_test.rb rename to test/system/registrar_area/sign_in/password_test.rb index a70a9cf251..6878cd119e 100644 --- a/test/integration/registrar/login_test.rb +++ b/test/system/registrar_area/sign_in/password_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class RegistrarAreaLoginTest < ActionDispatch::IntegrationTest +class RegistrarAreaPasswordSignInTest < ApplicationSystemTestCase def setup @user = users(:api_bestnames) end diff --git a/test/integration/registrar/logout_test.rb b/test/system/registrar_area/sign_out_test.rb similarity index 79% rename from test/integration/registrar/logout_test.rb rename to test/system/registrar_area/sign_out_test.rb index 9f2bba9dd5..029167d481 100644 --- a/test/integration/registrar/logout_test.rb +++ b/test/system/registrar_area/sign_out_test.rb @@ -1,6 +1,6 @@ require 'test_helper' -class RegistrarAreaLogoutTest < ActionDispatch::IntegrationTest +class RegistrarAreaSignOutTest < ApplicationSystemTestCase def setup sign_in users(:api_bestnames) end From 096035ae115e77e517daae6184cb0a79c52547f1 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 8 Aug 2018 19:50:50 +0300 Subject: [PATCH 42/59] Revert old behaviour --- app/controllers/admin/sessions_controller.rb | 2 +- test/system/admin_area/protected_area_test.rb | 2 +- test/system/admin_area/sign_in_test.rb | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/controllers/admin/sessions_controller.rb b/app/controllers/admin/sessions_controller.rb index f4feefc3a8..57d702059b 100644 --- a/app/controllers/admin/sessions_controller.rb +++ b/app/controllers/admin/sessions_controller.rb @@ -3,7 +3,7 @@ class SessionsController < Devise::SessionsController private def after_sign_in_path_for(_resource_or_scope) - admin_root_path + admin_domains_path end def after_sign_out_path_for(_resource_or_scope) diff --git a/test/system/admin_area/protected_area_test.rb b/test/system/admin_area/protected_area_test.rb index 8aea012f00..9390348f08 100644 --- a/test/system/admin_area/protected_area_test.rb +++ b/test/system/admin_area/protected_area_test.rb @@ -17,6 +17,6 @@ def test_authenticated_user_is_not_asked_to_authenticate_again sign_in users(:admin) visit new_admin_user_session_url assert_text 'You are already signed in' - assert_current_path admin_root_path + assert_current_path admin_domains_path end end \ No newline at end of file diff --git a/test/system/admin_area/sign_in_test.rb b/test/system/admin_area/sign_in_test.rb index dcef0e3aa9..09c1f75495 100644 --- a/test/system/admin_area/sign_in_test.rb +++ b/test/system/admin_area/sign_in_test.rb @@ -12,7 +12,7 @@ def test_correct_username_and_password click_button 'Sign in' assert_text 'Signed in successfully' - assert_current_path admin_root_path + assert_current_path admin_domains_path end def test_wrong_password @@ -39,6 +39,6 @@ def test_retry_with_correct_username_and_password click_button 'Sign in' assert_text 'Signed in successfully' - assert_current_path admin_root_path + assert_current_path admin_domains_path end end \ No newline at end of file From 0d770137b604cec14905a584e2800edf3f242a46 Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Wed, 8 Aug 2018 22:47:51 +0300 Subject: [PATCH 43/59] Convert HAML to ERB --- app/views/registrar/sessions/new.haml | 22 ------------------- app/views/registrar/sessions/new.html.erb | 26 +++++++++++++++++++++++ 2 files changed, 26 insertions(+), 22 deletions(-) delete mode 100644 app/views/registrar/sessions/new.haml create mode 100644 app/views/registrar/sessions/new.html.erb diff --git a/app/views/registrar/sessions/new.haml b/app/views/registrar/sessions/new.haml deleted file mode 100644 index 4d273c9f43..0000000000 --- a/app/views/registrar/sessions/new.haml +++ /dev/null @@ -1,22 +0,0 @@ -.row - .form-signin.col-md-6.center-block.text-center - %h2.form-signin-heading.text-center= t(:log_in) - %hr - = form_for @depp_user, url: registrar_user_session_path, html: {class: 'form-signin'} do |f| - = render 'registrar/shared/errors', object: f.object - - - error_class = f.object.errors.any? ? 'has-error' : '' - %div{class: error_class} - = f.text_field :tag, class: 'form-control', placeholder: t(:username), required: true - = f.password_field :password, class: 'form-control', - autocomplete: 'off', placeholder: t(:password), required: true - - %button.btn.btn-lg.btn-primary.btn-block{:type => 'submit'}= t('.login_btn') - - %hr - = link_to '/registrar/login/mid', id: 'login-with-mobile-id-btn' do - = image_tag 'mid.gif' - = link_to '/registrar/id', method: :post do - = image_tag 'id_card.gif' - - diff --git a/app/views/registrar/sessions/new.html.erb b/app/views/registrar/sessions/new.html.erb new file mode 100644 index 0000000000..e3f8d61284 --- /dev/null +++ b/app/views/registrar/sessions/new.html.erb @@ -0,0 +1,26 @@ +
+ +
\ No newline at end of file From 080defa228e240ff57155d2551acff2a721e89ca Mon Sep 17 00:00:00 2001 From: Artur Beljajev Date: Thu, 9 Aug 2018 13:39:48 +0300 Subject: [PATCH 44/59] Fix home page URL for anonymous users of registrar area --- app/views/layouts/registrar/sessions.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/layouts/registrar/sessions.html.erb b/app/views/layouts/registrar/sessions.html.erb index 4632e477c9..985b6ccead 100644 --- a/app/views/layouts/registrar/sessions.html.erb +++ b/app/views/layouts/registrar/sessions.html.erb @@ -17,7 +17,7 @@