diff --git a/app/controllers/api/v1/business_registry/base_controller.rb b/app/controllers/api/v1/business_registry/base_controller.rb index a9a286f94e..5bacfd9e61 100644 --- a/app/controllers/api/v1/business_registry/base_controller.rb +++ b/app/controllers/api/v1/business_registry/base_controller.rb @@ -2,13 +2,6 @@ module Api module V1 module BusinessRegistry class BaseController < ::Api::V1::BaseController - include Concerns::CorsHeaders - include Concerns::TokenAuthentication - - before_action :authenticate - - protected - def render_error(message, status, details = nil) error_response = { error: message } error_response[:details] = details if details @@ -20,21 +13,6 @@ def render_success(data, status = :ok) = render(json: data, status: status) def allowed_ips ENV['business_registry_allowed_ips'].to_s.split(',').map(&:strip) end - - private - - def extract_token_from_header = request.headers['Authorization']&.split(' ')&.last - - def find_reserved_domain_status - token = extract_token_from_header - @reserved_domain_status = ReservedDomainStatus.find_by(access_token: token) - - if @reserved_domain_status.nil? - render json: { error: "Invalid token" }, status: :unauthorized - elsif @reserved_domain_status.token_expired? - render json: { error: "Token expired. Please refresh the token. TODO: provide endpoint" }, status: :unauthorized - end - end end end end diff --git a/app/controllers/api/v1/business_registry/concerns/cors_headers.rb b/app/controllers/api/v1/business_registry/concerns/cors_headers.rb deleted file mode 100644 index ee803545fc..0000000000 --- a/app/controllers/api/v1/business_registry/concerns/cors_headers.rb +++ /dev/null @@ -1,33 +0,0 @@ -module Api - module V1 - module BusinessRegistry - module Concerns - module CorsHeaders - extend ActiveSupport::Concern - - included do - before_action :set_cors_header - end - - private - - def set_cors_header - allowed_origins = ENV['ALLOWED_ORIGINS'].to_s.split(',') - origin = request.headers['Origin'] - - if allowed_origins.include?(origin) - response.headers['Access-Control-Allow-Origin'] = origin - response.headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, PATCH, DELETE, OPTIONS' - response.headers['Access-Control-Allow-Headers'] = 'Origin, Content-Type, Accept, Authorization, X-Requested-With' - response.headers['Access-Control-Allow-Credentials'] = 'true' - end - - if request.method == 'OPTIONS' - head :no_content - end - end - end - end - end - end -end diff --git a/app/controllers/api/v1/business_registry/concerns/token_authentication.rb b/app/controllers/api/v1/business_registry/concerns/token_authentication.rb deleted file mode 100644 index 9915eed336..0000000000 --- a/app/controllers/api/v1/business_registry/concerns/token_authentication.rb +++ /dev/null @@ -1,35 +0,0 @@ -module Api - module V1 - module BusinessRegistry - module Concerns - module TokenAuthentication - extend ActiveSupport::Concern - - included do - before_action :find_reserved_domain - end - - private - - def find_reserved_domain - token = extract_token_from_header - @reserved_domain_status = ReservedDomainStatus.find_by(access_token: token) - - if @reserved_domain_status.nil? - render json: { error: "Invalid token" }, status: :unauthorized - elsif @reserved_domain_status.token_expired? - render json: { error: "Token expired. Please refresh the token: PATCH || PUT '/api/v1/business_registry/refresh_token'" }, status: :unauthorized - else - @reserved_domain = ReservedDomain.find_by(name: @reserved_domain_status.name) - render json: { error: "Domain not found in reserved list" }, status: :not_found if @reserved_domain.nil? - end - end - - def extract_token_from_header - request.headers['Authorization']&.split(' ')&.last - end - end - end - end - end -end diff --git a/app/controllers/api/v1/business_registry/domain_names_controller.rb b/app/controllers/api/v1/business_registry/domain_names_controller.rb index b1b1c34a8b..f322da4bba 100644 --- a/app/controllers/api/v1/business_registry/domain_names_controller.rb +++ b/app/controllers/api/v1/business_registry/domain_names_controller.rb @@ -1,12 +1,7 @@ module Api module V1 module BusinessRegistry - class DomainNamesController < ::Api::V1::BusinessRegistry::BaseController - before_action :authenticate, only: [:show] - skip_before_action :find_reserved_domain, only: [:show] - - include Concerns::CorsHeaders - + class DomainNamesController < BaseController before_action :validate_organization_name def show diff --git a/app/controllers/api/v1/business_registry/long_reserve_domains_controller.rb b/app/controllers/api/v1/business_registry/long_reserve_domains_controller.rb index 4c01cc2817..8e02ee2b6c 100644 --- a/app/controllers/api/v1/business_registry/long_reserve_domains_controller.rb +++ b/app/controllers/api/v1/business_registry/long_reserve_domains_controller.rb @@ -2,8 +2,6 @@ module Api module V1 module BusinessRegistry class LongReserveDomainsController < BaseController - before_action :authenticate, only: [:create] - skip_before_action :find_reserved_domain, only: [:create] before_action :domain_names before_action :validate_params before_action :available_domains?, only: [:create] diff --git a/app/controllers/api/v1/business_registry/long_reserve_domains_status_controller.rb b/app/controllers/api/v1/business_registry/long_reserve_domains_status_controller.rb index e013b693d4..abb9a5df98 100644 --- a/app/controllers/api/v1/business_registry/long_reserve_domains_status_controller.rb +++ b/app/controllers/api/v1/business_registry/long_reserve_domains_status_controller.rb @@ -2,9 +2,6 @@ module Api module V1 module BusinessRegistry class LongReserveDomainsStatusController < BaseController - before_action :authenticate, only: [:create] - skip_before_action :find_reserved_domain, only: [:show] - before_action :set_reserved_domain_invoice, only: [:show] def show diff --git a/app/controllers/api/v1/business_registry/registration_code_controller.rb b/app/controllers/api/v1/business_registry/registration_code_controller.rb index 3c04e8a257..19299bea56 100644 --- a/app/controllers/api/v1/business_registry/registration_code_controller.rb +++ b/app/controllers/api/v1/business_registry/registration_code_controller.rb @@ -2,21 +2,8 @@ module Api module V1 module BusinessRegistry class RegistrationCodeController < BaseController - before_action :authenticate, only: [:show] - before_action :find_reserved_domain_status, only: [:show] - skip_before_action :find_reserved_domain, only: [:show] - def show - puts '---' - puts @reserved_domain_status.inspect - puts '---' - - if @reserved_domain_status.paid? - password = ReservedDomain.find(@reserved_domain_status.reserved_domain_id).password - render_success({ name: 'name', registration_code: password }) - else - render json: { error: 'Domain not paid', linkpay_url: @reserved_domain_status.linkpay_url }, status: :unprocessable_entity - end + # TODO: get reservation code by invoice number and user unique id end end end diff --git a/app/controllers/api/v1/business_registry/reserve_domains_controller.rb b/app/controllers/api/v1/business_registry/reserve_domains_controller.rb index c3ea38de8b..ed6e7ec561 100644 --- a/app/controllers/api/v1/business_registry/reserve_domains_controller.rb +++ b/app/controllers/api/v1/business_registry/reserve_domains_controller.rb @@ -2,8 +2,6 @@ module Api module V1 module BusinessRegistry class ReserveDomainsController < BaseController - before_action :authenticate, only: [:create] - skip_before_action :find_reserved_domain, only: [:create] before_action :validate_params def create diff --git a/ettevotja_rekvisiidid__lihtandmed.csv.zip b/ettevotja_rekvisiidid__lihtandmed.csv.zip index 18ac4db653..6b4f6ec314 100644 Binary files a/ettevotja_rekvisiidid__lihtandmed.csv.zip and b/ettevotja_rekvisiidid__lihtandmed.csv.zip differ diff --git a/test/integration/api/business_registry/domain_names_controller_test.rb b/test/integration/api/business_registry/domain_names_controller_test.rb index 242dd657d2..7775e7a134 100644 --- a/test/integration/api/business_registry/domain_names_controller_test.rb +++ b/test/integration/api/business_registry/domain_names_controller_test.rb @@ -3,34 +3,23 @@ class Api::V1::BusinessRegistry::DomainNamesControllerTest < ActionDispatch::IntegrationTest setup do @allowed_origins = ['http://example.com', 'https://test.com'] - ENV['ALLOWED_ORIGINS'] = @allowed_origins.join(',') @valid_ip = '127.0.0.1' ENV['auction_api_allowed_ips'] = @valid_ip end test "should return list of available organization domain names" do - get api_v1_business_registry_domain_names_path(organization_name: "Test Company AS"), - headers: { 'Origin' => @allowed_origins.first, 'REMOTE_ADDR' => @valid_ip } + get api_v1_business_registry_domain_names_path(organization_name: "Test Company AS") assert_response :success - assert_equal @allowed_origins.first, response.headers['Access-Control-Allow-Origin'] json_response = JSON.parse(response.body) assert_equal json_response['variants'], ["testcompany.test", "test-company.test"] end test "should handle invalid organization name" do - get api_v1_business_registry_domain_names_path(organization_name: "Invalid!@#Name"), - headers: { 'Origin' => @allowed_origins.first, 'REMOTE_ADDR' => @valid_ip } + get api_v1_business_registry_domain_names_path(organization_name: "Invalid!@#Name") assert_response :bad_request json_response = JSON.parse(response.body) assert_equal 'Invalid organization name', json_response['error'] end - - test "should not allow access from unauthorized IP" do - get api_v1_business_registry_domain_names_path(organization_name: "Test Company"), - headers: { 'Origin' => @allowed_origins.first, 'REMOTE_ADDR' => '192.168.1.1' } - - assert_response :unauthorized - end end