playground
/
entrydns
mirror of https://github.com/EntryDNS/entrydns.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

restrict simple API to A records only

pull/1/head
Nicolae Claudius 13 years ago
parent
4858b7abb2
commit
87e43e5cc3
3 changed files with 19 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      app/controllers/records_controller.rb
  2. 10
      spec/controllers/records_controller_spec.rb
  3. 2
      spec/support/shared_context/data.rb

8
app/controllers/records_controller.rb
Unescape View File

@ -31,14 +31,20 @@ class RecordsController < ApplicationController
protect_from_forgery :except => 'modify'
skip_authorize_resource :only => :modify
MODIFY_ERROR = 'ERROR: only A records can be modified with this API'
MODIFY_OK = 'OK'
# TODO: externalize
def modify
@record = Record.where(:authentication_token => params[:authentication_token]).first!
if @record.type != 'A'
return render :text => MODIFY_ERROR
end
@record.content = params[:ip] || client_remote_ip
@record.save!
respond_with(@record) do |format|
format.html {
render :text => 'OK'
render :text => MODIFY_OK
}
end
end

10
spec/controllers/records_controller_spec.rb
Unescape View File

@ -39,6 +39,7 @@ describe RecordsController do
ip = '127.0.0.2'
put :modify, :authentication_token => a_record.authentication_token, :ip => ip
response.should be_success
response.body.should == RecordsController::MODIFY_OK
assigns(:record).should == a_record
assigns(:record).content.should == ip
end
@ -48,9 +49,18 @@ describe RecordsController do
request.env["HTTP_X_FORWARDED_FOR"] = ip
put :modify, :authentication_token => a_record.authentication_token
response.should be_success
response.body.should == RecordsController::MODIFY_OK
assigns(:record).should == a_record
assigns(:record).content.should == ip
end
it "errors when not A type @record with" do
ip = '127.0.0.3'
request.env["HTTP_X_FORWARDED_FOR"] = ip
put :modify, :authentication_token => soa_record.authentication_token
response.should be_success
response.body.should == RecordsController::MODIFY_ERROR
end
end

2
spec/support/shared_context/data.rb
Unescape View File

@ -12,4 +12,6 @@ shared_context "data" do
let(:a_record){Factory(:a, :content => '127.0.0.1', :domain => domain)}
let(:soa_record){domain.soa_record}
end

Write Preview
Loading…
Cancel
Save