From e01f412d767c34fb1b5b9ba99bf0576fb1da079e Mon Sep 17 00:00:00 2001
From: Artur Beljajev <artur.beljajev@internet.ee>
Date: Sat, 14 Sep 2019 18:58:35 +0300
Subject: [PATCH] Fix EPP response code

Fixes #686
---
 app/controllers/epp/domains_controller.rb          | 14 +++++++++++++-
 test/integration/epp/domain/transfer/query_test.rb |  3 +--
 .../epp/domain/transfer/request_test.rb            |  5 ++---
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/app/controllers/epp/domains_controller.rb b/app/controllers/epp/domains_controller.rb
index 7a1dd2d8c0..2f31f7e5e7 100644
--- a/app/controllers/epp/domains_controller.rb
+++ b/app/controllers/epp/domains_controller.rb
@@ -182,7 +182,7 @@ def renew
     end
 
     def transfer
-      authorize! :transfer, @domain, @password
+      authorize! :transfer, @domain
       action = params[:parsed_frame].css('transfer').first[:op]
 
       if @domain.non_transferable?
@@ -194,6 +194,18 @@ def transfer
         return
       end
 
+      provided_transfer_code = params[:parsed_frame].css('authInfo pw').text
+      wrong_transfer_code = provided_transfer_code != @domain.transfer_code
+
+      if wrong_transfer_code
+        epp_errors << {
+          code: '2202',
+          msg: 'Invalid authorization information',
+        }
+        handle_errors
+        return
+      end
+
       @domain_transfer = @domain.transfer(params[:parsed_frame], action, current_user)
 
       if @domain.errors[:epp_errors].any?
diff --git a/test/integration/epp/domain/transfer/query_test.rb b/test/integration/epp/domain/transfer/query_test.rb
index e3bf7bdae4..bd12937715 100644
--- a/test/integration/epp/domain/transfer/query_test.rb
+++ b/test/integration/epp/domain/transfer/query_test.rb
@@ -30,8 +30,7 @@ def test_wrong_transfer_code
 
     post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_bestnames' }
 
-    # https://github.com/internetee/registry/issues/686
-    assert_epp_response :authorization_error
+    assert_epp_response :invalid_authorization_information
   end
 
   def test_no_domain_transfer
diff --git a/test/integration/epp/domain/transfer/request_test.rb b/test/integration/epp/domain/transfer/request_test.rb
index 877076be7f..6a1b5a9f1f 100644
--- a/test/integration/epp/domain/transfer/request_test.rb
+++ b/test/integration/epp/domain/transfer/request_test.rb
@@ -115,10 +115,9 @@ def test_wrong_transfer_code
 
     post '/epp/command/transfer', { frame: request_xml }, { 'HTTP_COOKIE' => 'session=api_goodnames' }
     @domain.reload
-    refute_equal @new_registrar, @domain.registrar
 
-    # https://github.com/internetee/registry/issues/686
-    assert_epp_response :authorization_error
+    assert_epp_response :invalid_authorization_information
+    refute_equal @new_registrar, @domain.registrar
   end
 
   private