covered with tests

internetee · Jul 31, 2024 · 85c9468 · 85c9468
1 parent a53d189
commit 85c9468
Show file tree

Hide file tree

Showing 24 changed files with 801 additions and 224 deletions.
diff --git a/app/controllers/api/v1/business_registry/domain_names_controller.rb b/app/controllers/api/v1/business_registry/domain_names_controller.rb
@@ -9,7 +9,7 @@ class DomainNamesController < ::Api::V1::BaseController
         def show
           name = params[:organization_name]
           all_variants = ::BusinessRegistry::DomainNameGeneratorService.generate(name)
-          available_variants = ::BusinessRegistry::DomainAvailabilityChecker.filter_available(all_variants)
+          available_variants = ::BusinessRegistry::DomainAvailabilityCheckerService.filter_available(all_variants)
           render json: { variants: available_variants }, status: :ok
         end
 

diff --git a/app/controllers/api/v1/business_registry/refresh_token_controller.rb b/app/controllers/api/v1/business_registry/refresh_token_controller.rb
@@ -2,9 +2,9 @@ module Api
   module V1
     module BusinessRegistry
       class RefreshTokenController < ::Api::V1::BaseController
-        # before_action :set_cors_header
+        before_action :set_cors_header
         before_action :find_reserved_domain
-        # before_action :authenticate, only: [:update]
+        before_action :authenticate, only: [:update]
 
         def update
           @reserved_domain_status.refresh_token

diff --git a/app/controllers/api/v1/business_registry/registration_code_controller.rb b/app/controllers/api/v1/business_registry/registration_code_controller.rb
@@ -2,9 +2,9 @@ module Api
   module V1
     module BusinessRegistry
       class RegistrationCodeController < ::Api::V1::BaseController
-        # before_action :set_cors_header
+        before_action :set_cors_header
         before_action :find_reserved_domain
-        # before_action :authenticate, only: [:show]
+        before_action :authenticate, only: [:show]
 
         def show
           render json: { name: @reserved_domain.name, registration_code: @reserved_domain.password }, status: :ok

diff --git a/app/controllers/api/v1/business_registry/release_controller.rb b/app/controllers/api/v1/business_registry/release_controller.rb
@@ -11,10 +11,10 @@ def destroy
             render json: { error: "Token expired. Please refresh the token. TODO: provide endpoint" }, status: :unauthorized
           else
             if @reserved_domain_status.destroy
-              EisBilling::SendReservedDomainCancellationInvoiceStatus.new(domain_name: domain_name, token: @reserved_domain_status.access_token).call
-              render json: { message: "Domain '#{@reserved_domain.name}' has been successfully released" }, status: :ok
+              EisBilling::SendReservedDomainCancellationInvoiceStatus.new(domain_name: @reserved_domain_status.name, token: @reserved_domain_status.access_token).call
+              render json: { message: "Domain '#{@reserved_domain_status.name}' has been successfully released" }, status: :ok
             else
-              render json: { error: "Failed to release domain", details: @reserved_domain.errors.full_messages }, status: :unprocessable_entity
+              render json: { error: "Failed to release domain", details: @reserved_domain_status.errors.full_messages }, status: :unprocessable_entity
             end
           end
         end

diff --git a/app/controllers/api/v1/business_registry/reserve_controller.rb b/app/controllers/api/v1/business_registry/reserve_controller.rb
@@ -2,11 +2,13 @@ module Api
   module V1
     module BusinessRegistry
       class ReserveController < ::Api::V1::BaseController
-        # before_action :set_cors_header
-        # before_action :validate_params
-        # before_action :authenticate, only: [:create]
+        before_action :set_cors_header
+        before_action :validate_params
+        before_action :authenticate, only: [:create]
 
         INITIATOR = 'business_registry'.freeze
+        OK = '200'.freeze
+        CREATED = '201'.freeze
 
         def create
           domain_name = params[:domain_name]&.downcase&.strip
@@ -23,13 +25,12 @@ def create
             reference_no = nil
             invoice = invoice_structure(invoice_number, reference_no, reserved_domain_status.access_token)
             result = EisBilling::AddDeposits.new(invoice).call
-
-            pared_result = JSON.parse(result.body)
+            wrap_result = wrap_result(result)
 
-            if result.code == "201" || result.code == "200"
-              render json: { message: "Domain reserved successfully", token: reserved_domain_status.access_token, linkpay: pared_result['everypay_link'] }, status: :created
+            if wrap_result.status_code_success
+              render json: { message: "Domain reserved successfully", token: reserved_domain_status.access_token, linkpay: wrap_result.linkpay }, status: :created
             else
-              render json: { error: "Failed to reserve domain", details: pared_result }, status: :unprocessable_entity
+              render json: { error: "Failed to reserve domain", details: wrap_result.details }, status: :unprocessable_entity
             end
           else
             render json: { error: "Failed to reserve domain", details: reserved_domain_status.errors.full_messages }, status: :unprocessable_entity
@@ -38,6 +39,13 @@ def create
 
         private
 
+        def wrap_result(result)
+          parsed_result = JSON.parse(result.body)
+
+          Struct.new(:status_code_success, :linkpay, :details)
+            .new(result.code == OK || result.code == CREATED, parsed_result['everypay_link'], parsed_result)
+        end
+
         def reservetion_domain_price
           124.00
         end

diff --git a/app/controllers/api/v1/business_registry/status_controller.rb b/app/controllers/api/v1/business_registry/status_controller.rb
@@ -2,9 +2,8 @@ module Api
   module V1
     module BusinessRegistry
       class StatusController < ::Api::V1::BaseController
-        # before_action :set_cors_header
-        # before_action :validate_params
-        # before_action :authenticate, only: [:create]
+        before_action :set_cors_header
+        before_action :authenticate, only: [:create]
         before_action :find_reserved_domain
 
         def show
@@ -16,10 +15,14 @@ def show
 
             if result.paid?
               @reserved_domain_status.paid!
-              reserve_domain = ReservedDomain.find_by(name: domain_name)
-              reserved_domain = ReservedDomain.new(name: domain_name).save! if reserve_domain.nil?
+              reserved_domain = ReservedDomain.find_by(name: domain_name)
 
-              render json: { invoice_status: result.status, reserve_domain_name: reserve_domain.name, password: reserve_domain.password }, status: :ok
+              if reserved_domain.nil?
+                reserved_domain = ReservedDomain.new(name: domain_name)
+                reserved_domain.save!
+              end
+
+              render json: { invoice_status: result.status, reserved_domain: reserved_domain.name, password: reserved_domain.password }, status: :ok
             else
               render json: { invoice_status: result.status }, status: :ok
             end

diff --git a/...s_registry/domain_availability_checker.rb → ...ry/domain_availability_checker_service.rb b/...s_registry/domain_availability_checker.rb → ...ry/domain_availability_checker_service.rb
@@ -1,5 +1,5 @@
 module BusinessRegistry
-  class DomainAvailabilityChecker
+  class DomainAvailabilityCheckerService
     def self.filter_available(domains)
       reserved_domains = ReservedDomain.where(name: domains).pluck(:name)
       domains - reserved_domains

diff --git a/app/services/eis_billing/get_reserved_domain_invoice_status.rb b/app/services/eis_billing/get_reserved_domain_invoice_status.rb
@@ -20,10 +20,6 @@ def call
       http = EisBilling::Base.base_request
       res = http.get(reserved_domain_invoice_statuses_url, EisBilling::Base.headers)
 
-      puts '----'
-      puts res.body
-      puts '----'
-
       wrap_result(res)
     end
 

diff --git a/test/integration/api/business_registry/check_test.rb b/test/integration/api/business_registry/check_test.rb
diff --git a/test/integration/api/business_registry/domain_names_controller_test.rb b/test/integration/api/business_registry/domain_names_controller_test.rb
@@ -0,0 +1,47 @@
+require 'test_helper'
+
+class Api::V1::BusinessRegistry::DomainNamesControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @allowed_origins = ['http://example.com', 'https://test.com']
+    ENV['ALLOWED_ORIGINS'] = @allowed_origins.join(',')
+    @valid_ip = '127.0.0.1'
+    ENV['auction_api_allowed_ips'] = @valid_ip
+  end
+
+  test "should return list of available organization domain names" do
+    get api_v1_business_registry_domain_names_path(organization_name: "Test Company AS"), 
+        headers: { 'Origin' => @allowed_origins.first, 'REMOTE_ADDR' => @valid_ip }
+
+    assert_response :success
+    assert_equal @allowed_origins.first, response.headers['Access-Control-Allow-Origin']
+    json_response = JSON.parse(response.body)
+    assert_includes json_response['variants'], 'testcompany'
+    assert_includes json_response['variants'], 'test-company'
+    assert_includes json_response['variants'], 'test_company'
+    assert_includes json_response['variants'], "testcompany#{Time.current.year}"
+  end
+
+  test "should handle invalid organization name" do
+    get api_v1_business_registry_domain_names_path(organization_name: "Invalid!@#Name"), 
+        headers: { 'Origin' => @allowed_origins.first, 'REMOTE_ADDR' => @valid_ip }
+
+    assert_response :bad_request
+    json_response = JSON.parse(response.body)
+    assert_equal 'Invalid organization name', json_response['error']
+  end
+
+  test "should not set CORS header for disallowed origin" do
+    get api_v1_business_registry_domain_names_path(organization_name: "Test Company"), 
+        headers: { 'Origin' => 'http://malicious.com', 'REMOTE_ADDR' => @valid_ip }
+
+    assert_response :unauthorized
+    assert_nil response.headers['Access-Control-Allow-Origin']
+  end
+
+  test "should not allow access from unauthorized IP" do
+    get api_v1_business_registry_domain_names_path(organization_name: "Test Company"), 
+        headers: { 'Origin' => @allowed_origins.first, 'REMOTE_ADDR' => '192.168.1.1' }
+
+    assert_response :unauthorized
+  end
+end
diff --git a/test/integration/api/business_registry/refresh_token_controller_test.rb b/test/integration/api/business_registry/refresh_token_controller_test.rb
@@ -0,0 +1,67 @@
+require 'test_helper'
+
+class Api::V1::BusinessRegistry::RefreshTokenControllerTest < ActionDispatch::IntegrationTest
+  setup do
+    @reserved_domain = reserved_domains(:one)
+    @reserved_domain_status = ReservedDomainStatus.create(
+      reserved_domain: @reserved_domain,
+      name: @reserved_domain.name,
+      token_created_at: Time.current
+    )
+    @reserved_domain_status.refresh_token
+    @allowed_origins = ['http://example.com', 'https://test.com']
+    ENV['ALLOWED_ORIGINS'] = @allowed_origins.join(',')
+
+    @valid_ip = '127.0.0.1'
+    @invalid_ip = '192.168.1.1'
+    ENV['auction_api_allowed_ips'] = @valid_ip
+  end
+
+  test "should refresh token" do
+    old_token = @reserved_domain_status.access_token
+    patch api_v1_business_registry_refresh_token_path, 
+          headers: { 
+            'Authorization' => "Bearer #{old_token}",
+            'Origin' => @allowed_origins.first,
+            'REMOTE_ADDR' => @valid_ip
+          }
+    assert_response :success
+    assert_equal @allowed_origins.first, response.headers['Access-Control-Allow-Origin']
+    json_response = JSON.parse(response.body)
+    assert_equal "Token refreshed", json_response['message']
+    assert_not_equal old_token, json_response['token']
+  end
+
+  test "should return error for invalid token" do
+    patch api_v1_business_registry_refresh_token_path, 
+          headers: { 
+            'Authorization' => "Bearer invalid_token",
+            'Origin' => @allowed_origins.first,
+            'REMOTE_ADDR' => @valid_ip
+          }
+    assert_response :unauthorized
+    json_response = JSON.parse(response.body)
+    assert_equal "Invalid token", json_response['error']
+  end
+
+  test "should not set CORS header for disallowed origin" do
+    patch api_v1_business_registry_refresh_token_path, 
+          headers: { 
+            'Authorization' => "Bearer #{@reserved_domain_status.access_token}",
+            'Origin' => 'http://malicious.com',
+            'REMOTE_ADDR' => @valid_ip
+          }
+    assert_response :unauthorized
+    assert_nil response.headers['Access-Control-Allow-Origin']
+  end
+
+  test "should not allow refresh from unauthorized IP" do
+    patch api_v1_business_registry_refresh_token_path, 
+          headers: { 
+            'Authorization' => "Bearer #{@reserved_domain_status.access_token}",
+            'Origin' => @allowed_origins.first,
+            'REMOTE_ADDR' => @invalid_ip
+          }
+    assert_response :unauthorized
+  end
+end
diff --git a/...siness_registry/registration_code_test.rb → ...stry/registration_code_controller_test.rb b/...siness_registry/registration_code_test.rb → ...stry/registration_code_controller_test.rb
@@ -5,8 +5,12 @@ class RegistrationCodeTest < ApplicationIntegrationTest
 
   def setup
     @reserved_domain = reserved_domains(:one)
-    @reserved_domain.refresh_token
-    @reserved_domain.update(token_created_at: Time.current)
+    @reserved_domain_status = ReservedDomainStatus.create(
+      reserved_domain: @reserved_domain,
+      name: @reserved_domain.name,
+      token_created_at: Time.current
+    )
+    @reserved_domain_status.refresh_token
     @allowed_origins = ['http://example.com', 'https://test.com']
     ENV['ALLOWED_ORIGINS'] = @allowed_origins.join(',')
 
@@ -16,10 +20,9 @@ def setup
   end
 
   test "should return registration code for a valid token" do
-    @reserved_domain.refresh_token
     get api_v1_business_registry_registration_code_path, 
       headers: { 
-        'Authorization' => "Bearer #{@reserved_domain.reload.access_token}",
+        'Authorization' => "Bearer #{@reserved_domain_status.access_token}",
         'Origin' => @allowed_origins.first,
         'REMOTE_ADDR' => @valid_ip
       }
@@ -31,16 +34,16 @@ def setup
   end
 
   test "should return error for expired token" do
-    @reserved_domain.update(token_created_at: 31.days.ago)
+    @reserved_domain_status.update(token_created_at: 31.days.ago)
     get api_v1_business_registry_registration_code_path, 
         headers: { 
-          'Authorization' => "Bearer #{@reserved_domain.reload.access_token}",
+          'Authorization' => "Bearer #{@reserved_domain_status.access_token}",
           'Origin' => @allowed_origins.first,
           'REMOTE_ADDR' => @valid_ip
         }
     assert_response :unauthorized
     json_response = JSON.parse(response.body)
-    assert_equal "Token expired", json_response['error']
+    assert_equal "Token expired. Please refresh the token. TODO: provide endpoint", json_response['error']
   end
 
   test "should return error for invalid token" do
@@ -58,7 +61,7 @@ def setup
   test "should not set CORS header for disallowed origin" do
     get api_v1_business_registry_registration_code_path, 
         headers: { 
-          'Authorization' => "Bearer #{@reserved_domain.access_token}",
+          'Authorization' => "Bearer #{@reserved_domain_status.access_token}",
           'Origin' => 'http://malicious.com',
           'REMOTE_ADDR' => @valid_ip
         }