Corrected accreditation api

Dockerfile.production

@@ -63,20 +63,28 @@ RUN RAILS_ENV=production bundle exec rake assets:precompile
 # Final stage for app image
 FROM base
 
-# Install packages needed for deployment
+# Install packages needed for deployment (incl. wkhtmltopdf runtime deps)
 RUN apt-get update -qq && \
     apt-get install --no-install-recommends -y \
     curl \
+    git \
     postgresql-client \
     imagemagick=* \
     shared-mime-info \
     libpq-dev \
     locales \
-    curl \
     zip \
     unzip \
     libzip-dev \
     nodejs \
+    libxrender1 \
+    libxext6 \
+    libx11-6 \
+    libfontconfig1 \
+    libfreetype6 \
+    libjpeg62-turbo \
+    xfonts-base \
+    xfonts-75dpi \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
@@ -95,6 +103,11 @@ COPY --from=build /opt/webapps/app /opt/webapps/app
 RUN groupadd --system --gid 1000 rails && \
     useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
     chown -R rails:rails db log tmp
+
+# Fix permissions for wkhtmltopdf-binary gem (run as root before switching user)
+RUN chmod +x /usr/local/bundle/ruby/*/gems/wkhtmltopdf-binary-*/bin/wkhtmltopdf* 2>/dev/null || true && \
+    chown -R 1000:1000 /usr/local/bundle/ruby/*/gems/wkhtmltopdf-binary-*/bin/ 2>/dev/null || true
+
 USER 1000:1000
 
 # Entrypoint prepares the database.

app/controllers/admin/api_users_controller.rb

@@ -23,11 +23,9 @@ def create
       end
     end
 
-    def show;
-    end
+    def show; end
 
-    def edit;
-    end
+    def edit; end
 
     def update
       @api_user.attributes = api_user_params
@@ -47,25 +45,9 @@ def destroy
 
     def set_test_date_to_api_user
       user_api = User.find(params[:user_api_id])
+      Actions::RecordDateOfTest.record_result_to_api_user(api_user: user_api, date: Time.zone.now)
 
-      uri = URI.parse((ENV['registry_demo_registrar_api_user_url']) + "?username=#{user_api.username}&identity_code=#{user_api.identity_code}")
-
-      response = base_get_request(uri: uri, port: ENV['registry_demo_registrar_port'])
-
-      case response.code
-      when "200"
-        result = JSON.parse(response.body)
-        demo_user_api = result['user_api']
-
-        Actions::RecordDateOfTest.record_result_to_api_user(api_user:user_api,
-                                                            date: demo_user_api['accreditation_date']) unless demo_user_api.empty?
-
-        redirect_to request.referrer, notice: 'User API found'                                                    
-      when "404"
-        redirect_to request.referrer, notice: 'User API not found or not accredited yet'
-      else
-        redirect_to request.referrer, notice: 'Something went wrong'
-      end
+      redirect_to request.referrer, notice: 'Accreditation status set successfully'
     end
 
     def remove_test_date_to_api_user
@@ -74,18 +56,11 @@ def remove_test_date_to_api_user
       user_api.accreditation_expire_date = nil
       user_api.save
 
-      redirect_to request.referrer
+      redirect_to request.referrer, notice: 'Accreditation status removed successfully'
     end
 
     private
 
-    def base_get_request(uri:, port:)
-      http = Net::HTTP.new(uri.host, port)
-      req = Net::HTTP::Get.new(uri.request_uri)
-
-      http.request(req)
-    end
-
     def api_user_params
       params.require(:api_user).permit(:username, :plain_text_password, :active,
                                        :identity_code, { roles: [] })

app/controllers/admin/registrars_controller.rb

@@ -1,7 +1,7 @@
 require 'net/http'
 
 module Admin
-  class RegistrarsController < BaseController  # rubocop:disable Metrics/ClassLength
+  class RegistrarsController < BaseController # rubocop:disable Metrics/ClassLength
     load_and_authorize_resource
     before_action :set_registrar, only: %i[show edit update destroy]
     before_action :set_registrar_status_filter, only: [:index]
@@ -64,54 +64,8 @@ def destroy
       end
     end
 
-    def set_test_date
-      registrar = Registrar.find(params[:registrar_id])
-
-      uri = URI.parse((ENV['registry_demo_registrar_results_url']) + "?registrar_name=#{registrar.name}")
-
-      response = base_get_request(uri: uri, port: ENV['registry_demo_registrar_port'])
-
-      if response.code == '200'
-        record_result_for_each_api_user(response: response)
-      else
-        redirect_to request.referer, notice: 'Registrar no found'
-      end
-    end
-
-    def remove_test_date
-      registrar = Registrar.find(params[:registrar_id])
-      registrar.api_users.each do |api|
-        api.accreditation_date = nil
-        api.accreditation_expire_date = nil
-        api.save
-      end
-
-      redirect_to request.referer
-    end
-
     private
 
-    def record_result_for_each_api_user(response:)
-      result = JSON.parse(response.body)
-      registrar_users = result['registrar_users']
-
-      return redirect_to request.referer, notice: 'Registrar found, but not accreditated yet' if registrar_users.empty?
-
-      registrar_users.each do |api|
-        a = ApiUser.find_by(username: api['username'], identity_code: api['identity_code'])
-        Actions::RecordDateOfTest.record_result_to_api_user(api_user: a, date: api['accreditation_date']) unless a.nil?
-      end
-
-      redirect_to request.referer, notice: 'Registrar found'
-    end
-
-    def base_get_request(uri:, port:)
-      http = Net::HTTP.new(uri.host, port)
-      req = Net::HTTP::Get.new(uri.request_uri)
-
-      http.request(req)
-    end
-
     def filter_by_status
       case params[:status]
       when 'Active'

app/controllers/api/v1/accreditation_center/auth_controller.rb

@@ -3,16 +3,12 @@
 module Api
   module V1
     module AccreditationCenter
-      class AuthController < ::Api::V1::AccreditationCenter::BaseController
-        before_action :authenticate_user
-
+      class AuthController < BaseController
         def index
           login = @current_user
           registrar = @current_user.registrar
 
-          # rubocop:disable Style/AndOr
           render_success(data: nil) and return unless login
-          # rubocop:enable Style/AndOr
 
           data = set_values_to_data(login: login, registrar: registrar)
 
@@ -21,25 +17,6 @@ def index
 
         private
 
-        def authenticate_user
-          username, password = Base64.urlsafe_decode64(basic_token).split(':')
-          @current_user ||= ApiUser.find_by(username: username, plain_text_password: password)
-
-          return if @current_user
-
-          raise(ArgumentError)
-        rescue NoMethodError, ArgumentError
-          @response = { code: 2202, message: 'Invalid authorization information' }
-          render(json: @response, status: :unauthorized)
-        end
-
-        def basic_token
-          pattern = /^Basic /
-          header  = request.headers['Authorization']
-          header = header.gsub(pattern, '') if header&.match(pattern)
-          header.strip
-        end
-
         def set_values_to_data(login:, registrar:)
           data = login.as_json(only: %i[id
                                         username

app/controllers/api/v1/accreditation_center/base_controller.rb

@@ -4,25 +4,50 @@ module Api
   module V1
     module AccreditationCenter
       class BaseController < ActionController::API
-        if Feature.allow_accr_endspoints?
-          rescue_from ActiveRecord::RecordNotFound, with: :show_not_found_error
-          rescue_from ActiveRecord::RecordInvalid, with: :show_invalid_record_error
-          rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
-            error = {}
-            error[parameter_missing_exception.param] = ['parameter is required']
-            response = { errors: [error] }
-            render json: response, status: :unprocessable_entity
-          end
-
-          private
-
-          def show_not_found_error
-            render json: { errors: [{ base: ['Not found'] }] }, status: :not_found
-          end
-
-          def show_invalid_record_error(exception)
-            render json: { errors: exception.record.errors }, status: :bad_request
-          end
+        before_action :check_feature_enabled, :authenticate_user
+
+        rescue_from ActiveRecord::RecordNotFound, with: :show_not_found_error
+        rescue_from ActiveRecord::RecordInvalid, with: :show_invalid_record_error
+        rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
+          response = { errors: "Parameter #{parameter_missing_exception.param} is required" }
+          render json: response, status: :unprocessable_entity
+        end
+
+        private
+
+        def check_feature_enabled
+          return if Feature.allow_accr_endspoints?
+
+          render json: {
+            errors: 'Accreditation Center API is not allowed'
+          }, status: :forbidden
+        end
+
+        def show_not_found_error
+          render json: { errors: 'Not found' }, status: :not_found
+        end
+
+        def show_invalid_record_error(exception)
+          render json: { errors: exception.record.errors }, status: :bad_request
+        end
+
+        def authenticate_user
+          username, password = Base64.strict_decode64(basic_token).split(':')
+          @current_user ||= ApiUser.find_by(username: username, plain_text_password: password)
+
+          return if @current_user
+
+          raise(ArgumentError)
+        rescue NoMethodError, ArgumentError
+          @response = { code: 2202, message: 'Invalid authorization information' }
+          render(json: @response, status: :unauthorized)
+        end
+
+        def basic_token
+          pattern = /^Basic /
+          header  = request.headers['Authorization']
+          header = header.gsub(pattern, '') if header&.match(pattern)
+          header.strip
         end
       end
     end

app/controllers/api/v1/accreditation_center/contacts_controller.rb

@@ -3,14 +3,14 @@
 module Api
   module V1
     module AccreditationCenter
-      class ContactsController < ::Api::V1::AccreditationCenter::BaseController
+      class ContactsController < BaseController
         def show
           @contact = Contact.find_by(code: params[:id])
 
           if @contact
             render json: { code: 1000, contact: Serializers::Repp::Contact.new(@contact,
                                                                                show_address: false).to_json },
-                   status: :found
+                   status: :ok
           else
             render json: { errors: 'Contact not found' }, status: :not_found
           end

app/controllers/api/v1/accreditation_center/domains_controller.rb

@@ -3,14 +3,14 @@
 module Api
   module V1
     module AccreditationCenter
-      class DomainsController < ::Api::V1::AccreditationCenter::BaseController
+      class DomainsController < BaseController
         def show
           @domain = Domain.find_by(name: params[:name])
 
           if @domain
             render json: { code: 1000, domain: Serializers::Repp::Domain.new(@domain,
                                                                              sponsored: true).to_json },
-                   status: :found
+                   status: :ok
           else
             render json: { errors: 'Domain not found' }, status: :not_found
           end

app/controllers/api/v1/accreditation_center/invoice_status_controller.rb

@@ -1,31 +1,17 @@
 module Api
   module V1
     module AccreditationCenter
-      class InvoiceStatusController < ::Api::V1::AccreditationCenter::BaseController
+      class InvoiceStatusController < BaseController
         def index
-          username, password = Base64.urlsafe_decode64(basic_token).split(':')
-          @current_user ||= ApiUser.find_by(username: username, plain_text_password: password)
-
-          return render json: { errors: 'No user found' }, status: :not_found if @current_user.nil?
-
           @invoices = @current_user.registrar.invoices.select { |i| i.cancelled_at != nil }
 
           if @invoices
             render json: { code: 1000, invoices: @invoices },
-                   status: :found
+                   status: :ok
           else
             render json: { errors: 'No invoices' }, status: :not_found
           end
         end
-
-        private
-
-        def basic_token
-          pattern = /^Basic /
-          header  = request.headers['Authorization']
-          header = header.gsub(pattern, '') if header&.match(pattern)
-          header.strip
-        end
       end
     end
   end

app/controllers/api/v1/accreditation_center/results_controller.rb

@@ -3,7 +3,7 @@
 module Api
   module V1
     module AccreditationCenter
-      class ResultsController < ::Api::V1::AccreditationCenter::BaseController
+      class ResultsController < BaseController
         def show
           accr_users = []
           registrar = Registrar.find_by(name: params[:registrar_name])

app/controllers/api/v1/base_controller.rb

@@ -6,7 +6,8 @@ class BaseController < ActionController::API
       private
 
       def authenticate
-        ip_allowed = allowed_ips.include?(request.remote_ip)
+        Rails.logger.debug "[authenticate] Request IP: #{request.remote_ip}"
+        ip_allowed = ip_allowed?(request.remote_ip)
         head :unauthorized unless ip_allowed
       end
 
@@ -21,8 +22,15 @@ def not_found_error
         render json: json, status: :not_found
       end
 
-      def allowed_ips
-        ENV['auction_api_allowed_ips'].split(',').map(&:strip)
+      def ip_allowed?(ip)
+        allowed_ips = ENV['auction_api_allowed_ips'].to_s.split(',').map(&:strip)
+        allowed_ips.any? do |entry|
+          begin
+            IPAddr.new(entry).include?(ip)
+          rescue IPAddr::InvalidAddressError
+            ip == entry
+          end
+        end
       end
     end
   end