Skip to content

Commit

Permalink
Merge pull request #1319 from internetee/improve-epp-error-handling
Browse files Browse the repository at this point in the history 
Improve EPP error handling
  • Loading branch information
@vohmar
vohmar authored Sep 20, 2019
2 parents 767c8a4 + e01f412 commit 0f1edec
Show file tree
Hide file tree
Showing 21 changed files with 279 additions and 286 deletions.
105 changes: 48 additions & 57 deletions app/controllers/epp/base_controller.rb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
module Epp
class BaseController < ApplicationController
layout false
class BaseController < ActionController::Base
class AuthorizationError < StandardError; end

check_authorization
skip_before_action :verify_authenticity_token
layout false

before_action :ensure_session_id_passed
before_action :generate_svtrid
Expand All @@ -10,13 +13,50 @@ class BaseController < ApplicationController
before_action :validate_request
before_action :update_epp_session, if: 'signed_in?'

around_action :catch_epp_errors
around_action :wrap_exceptions

helper_method :current_user
helper_method :resource

rescue_from StandardError, with: :respond_with_command_failed_error
rescue_from AuthorizationError, with: :respond_with_authorization_error
rescue_from ActiveRecord::RecordNotFound, with: :respond_with_object_does_not_exist_error

protected

def respond_with_command_failed_error(exception)
epp_errors << {
code: '2400',
msg: 'Command failed',
}
handle_errors
log_exception(exception)
end

def respond_with_object_does_not_exist_error
epp_errors << {
code: '2303',
msg: 'Object does not exist',
}
handle_errors
end

def respond_with_authorization_error
epp_errors << {
code: '2201',
msg: 'Authorization error',
}
handle_errors
end

private

def wrap_exceptions
yield
rescue CanCan::AccessDenied
raise AuthorizationError
end

def validate_against_schema
return if ['hello', 'error', 'keyrelay'].include?(params[:action])
schema.validate(params[:nokogiri_frame]).each do |error|
Expand All @@ -28,47 +68,6 @@ def validate_against_schema
handle_errors and return if epp_errors.any?
end

def catch_epp_errors
err = catch(:epp_error) do
yield
nil
end
return unless err
@errors = [err]
handle_errors
end

rescue_from StandardError do |e|
@errors ||= []

if e.class == CanCan::AccessDenied
if @errors.blank?
@errors = [{
msg: t('errors.messages.epp_authorization_error'),
code: '2201'
}]
end
else
if @errors.blank?
@errors = [{
msg: 'Internal error.',
code: '2400'
}]
end

if Rails.env.test? || Rails.env.development?
puts e.backtrace.reverse.join("\n")
puts "\n BACKTRACE REVERSED!\n"
puts "\n FROM-EPP-RESCUE: #{e.message}\n\n\n"
else
logger.error "FROM-EPP-RESCUE: #{e.message}"
logger.error e.backtrace.join("\n")
end
end

render_epp_response '/epp/error'
end

def schema
EPP_ALL_SCHEMA
end
Expand Down Expand Up @@ -114,25 +113,13 @@ def handle_errors(obj = nil)
end
end

# for debugging
if @errors.blank?
@errors << {
code: '1',
msg: 'handle_errors was executed when there were actually no errors'
}
end

@errors.uniq!

logger.error "\nFOLLOWING ERRORS OCCURRED ON EPP QUERY:"
logger.error @errors.inspect
logger.error "\n"

render_epp_response '/epp/error'
end

def render_epp_response(*args)
@response = render_to_string(*args)
@response = render_to_string(*args, formats: 'xml')
render xml: @response
write_to_epp_log
end
Expand Down Expand Up @@ -406,5 +393,9 @@ def counter_update(registrar_code, ip)
logger.error "IPTABLES COUNTER UPDATE: cannot write #{ip} to #{counter_proc}: #{e}"
end
end

def log_exception(exception)
notify_airbrake(exception)
end
end
end
13 changes: 1 addition & 12 deletions app/controllers/epp/contacts_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,18 +84,7 @@ def find_password

def find_contact
code = params[:parsed_frame].css('id').text.strip.upcase

@contact = Epp::Contact.find_by_epp_code(code)

if @contact.blank?
epp_errors << {
code: '2303',
msg: t('errors.messages.epp_obj_does_not_exist'),
value: { obj: 'id', val: code }
}
fail CanCan::AccessDenied
end
@contact
@contact = Epp::Contact.find_by!(code: code)
end

#
Expand Down
101 changes: 61 additions & 40 deletions app/controllers/epp/domains_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,14 @@ class DomainsController < BaseController
before_action :find_password, only: %i[info update transfer delete]

def info
authorize! :info, @domain, @password
authorize! :info, @domain

@hosts = params[:parsed_frame].css('name').first['hosts'] || 'all'

sponsoring_registrar = (@domain.registrar == current_user.registrar)
correct_transfer_code_provided = (@domain.transfer_code == @password)
@reveal_full_details = (sponsoring_registrar || correct_transfer_code_provided)

case @hosts
when 'del'
@nameservers = @domain.delegated_nameservers.sort
Expand All @@ -28,26 +32,38 @@ def create
domain_name = DNS::DomainName.new(SimpleIDN.to_unicode(request_domain_name))

if domain_name.at_auction?
throw :epp_error,
code: '2306',
msg: 'Parameter value policy error: domain is at auction'
epp_errors << {
code: '2306',
msg: 'Parameter value policy error: domain is at auction',
}
handle_errors
return
elsif domain_name.awaiting_payment?
throw :epp_error,
code: '2003',
msg: 'Required parameter missing; reserved>pw element required for reserved domains'
epp_errors << {
code: '2003',
msg: 'Required parameter missing; reserved>pw element required for reserved domains',
}
handle_errors
return
elsif domain_name.pending_registration?
registration_code = params[:parsed_frame].css('reserved > pw').text

if registration_code.empty?
throw :epp_error,
code: '2003',
msg: 'Required parameter missing; reserved>pw element is required'
epp_errors << {
code: '2003',
msg: 'Required parameter missing; reserved>pw element is required',
}
handle_errors
return
end

unless domain_name.available_with_code?(registration_code)
throw :epp_error,
code: '2202',
msg: 'Invalid authorization information; invalid reserved>pw value'
epp_errors << {
code: '2202',
msg: 'Invalid authorization information; invalid reserved>pw value',
}
handle_errors
return
end
end
end
Expand Down Expand Up @@ -85,22 +101,15 @@ def create

def update
authorize! :update, @domain, @password
begin
if @domain.update(params[:parsed_frame], current_user)
if @domain.epp_pending_update.present?
render_epp_response '/epp/domains/success_pending'
else
render_epp_response '/epp/domains/success'
end
else
handle_errors(@domain)
end
rescue => e
if @domain.errors.any?
handle_errors(@domain)

if @domain.update(params[:parsed_frame], current_user)
if @domain.epp_pending_update.present?
render_epp_response '/epp/domains/success_pending'
else
throw e
render_epp_response '/epp/domains/success'
end
else
handle_errors(@domain)
end
end

Expand Down Expand Up @@ -173,18 +182,37 @@ def renew
end

def transfer
authorize! :transfer, @domain, @password
authorize! :transfer, @domain
action = params[:parsed_frame].css('transfer').first[:op]

if @domain.non_transferable?
throw :epp_error, {
epp_errors << {
code: '2304',
msg: I18n.t(:object_status_prohibits_operation)
msg: I18n.t(:object_status_prohibits_operation),
}
handle_errors
return
end

provided_transfer_code = params[:parsed_frame].css('authInfo pw').text
wrong_transfer_code = provided_transfer_code != @domain.transfer_code

if wrong_transfer_code
epp_errors << {
code: '2202',
msg: 'Invalid authorization information',
}
handle_errors
return
end

@domain_transfer = @domain.transfer(params[:parsed_frame], action, current_user)

if @domain.errors[:epp_errors].any?
handle_errors(@domain)
return
end

if @domain_transfer
render_epp_response '/epp/domains/transfer'
else
Expand Down Expand Up @@ -272,18 +300,11 @@ def validate_transfer

def find_domain
domain_name = params[:parsed_frame].css('name').text.strip.downcase
@domain = Epp::Domain.find_by_idn domain_name

unless @domain
epp_errors << {
code: '2303',
msg: I18n.t('errors.messages.epp_domain_not_found'),
value: { obj: 'name', val: domain_name }
}
fail CanCan::AccessDenied
end
domain = Epp::Domain.find_by_idn(domain_name)
raise ActiveRecord::RecordNotFound unless domain

@domain
@domain = domain
end

def find_password
Expand Down
5 changes: 2 additions & 3 deletions app/models/ability.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,12 @@ def epp # Registrar/api_user dynamic role
# can(:create, :epp_request)

# Epp::Domain
can(:info, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || pw.blank? ? true : d.transfer_code == pw }
can(:info, Epp::Domain)
can(:check, Epp::Domain)
can(:create, Epp::Domain)
can(:renew, Epp::Domain) { |d| d.registrar_id == @user.registrar_id }
can(:update, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
can(:transfer, Epp::Domain) { |d, pw| d.transfer_code == pw }
can(:view_password, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }
can(:transfer, Epp::Domain)
can(:delete, Epp::Domain) { |d, pw| d.registrar_id == @user.registrar_id || d.transfer_code == pw }

# Epp::Contact
Expand Down
21 changes: 9 additions & 12 deletions app/models/epp/contact.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,10 +154,17 @@ def update_attributes(frame, current_user)
type: ident_frame.attr('type'),
country_code: ident_frame.attr('cc'))

report_valid_ident_error if submitted_ident != identifier
if submitted_ident != identifier
add_epp_error('2308', nil, nil, I18n.t('epp.contacts.errors.valid_ident'))
return
end
else
ident_update_attempt = ident_frame.text.present? && (ident_frame.text != ident)
report_ident_update_error if ident_update_attempt

if ident_update_attempt
add_epp_error('2308', nil, nil, I18n.t('epp.contacts.errors.ident_update'))
return
end

identifier = Ident.new(code: ident,
type: ident_frame.attr('type'),
Expand Down Expand Up @@ -243,14 +250,4 @@ def add_legal_file_to_new frame
frame.css("legalDocument").first.content = doc.path if doc&.persisted?
self.legal_document_id = doc.id
end

private

def report_valid_ident_error
throw :epp_error, { code: '2308', msg: I18n.t('epp.contacts.errors.valid_ident') }
end

def report_ident_update_error
throw :epp_error, { code: '2308', msg: I18n.t('epp.contacts.errors.ident_update') }
end
end
Loading

0 comments on commit 0f1edec

Please sign in to comment.