# IDRBT Domain Registration Portal — Angular App Analysis **URL:** https://registrar.idrbt.ac.in/ **Dump date:** 2026-06-08 **App structure:** Angular (ES module, lazy-loaded chunks) **Auth:** JWT (stored in `localStorage` key: `jwtToken`) **Framework:** Angular Material, Bootstrap, jQuery, jsPDF, html2canvas, PDFObject, reCAPTCHA **Payment integration:** SBI ePay (test.sbiepay.sbi) **DSC Integration:** eMudhra DSC middleware (`localhost.emudhra.com:26769`) --- ## Downloaded Files (in this folder) | File | Size | Purpose | | --- | --- | --- | | | 34K | Angular Zone.js polyfills | | | 168K | jQuery 3.7.1 + misc scripts | | | 5.5M | Main Angular app bundle (ES modules, imports chunks) | | | 356K | Compiled styles (Angular Material + custom CSS) | | | 199K | Shared module (common dependencies) | | | 221K | Registrar dashboard / domain management module | | | 156K | Registration / application module | | | 25K | Supervisor admin / user management module | | | 22K | Admin invoice details module | | | 1.7K | DNS/DNSSEC module | | | 126B | Module loader stub | | | 297B | Module loader stub | | | 378B | Module loader stub | --- ## Application Routes ### Public / Auth Routes | Route | Component | Description | | --- | --- | --- | | `/login` | LoginComponent | User login | | `/register` | RegisterComponent | New user registration | | `/forgot-password-success` | — | Password reset confirmation | | `/authentication-error` | — | Auth error page | | `/session-timeout` | — | Session timeout page | | `/r-f-p-r` | — | Forgot password request | | `/r-f-p-s` | — | Forgot password success | | `/f-p-r` | — | Forgot password (regtr variant) | | `/f-p-o-v` | — | Forgot password OTP verification | | `/r-f-p-e-v` | — | Forgot password email verification | | `/r-f-p-o-v` | — | Forgot password OTP verification | | `/prerequisites` | — | Pre-requisites for .bank.in/.fin.in registration | | `/dsc-guide` | — | DSC guide | | `/reg-success` | — | Registration success | ### Registrar Routes (prefixed with `rgtr-`) | Route | Description | | --- | --- | | `/rgtr-login` | Registrar login | | `/rgtr-dashboard` | Registrar dashboard (domain stats, charts) | | `/rgtr-domains` | Registrar domain list | | `/rgtr-dsc-verification` | DSC verification | | `/rgtr-role` | Role management | | `/rgtr-um` | User management | | `/rgtr-dpt` | Department view | | `/rgtr-orphan` | Orphan domains | | `/rgtr-o-V` | Officer verification | | `/rgtr-rgnt-ofd` | Registrant OFD | | `/rgtr-rgnt-um` | Registrant user management | ### Registrant Routes (prefixed with `rgnt-`) | Route | Description | | --- | --- | | `/rgnt-domains` | My domains list | | `/rgnt-dshd` | Dashboard | | `/rgnt-entity-app-details` | Entity application details | | `/rgnt-role` | Role management | | `/rgnt-spadm` | Super admin panel | | `/rgnt-um` | User management | | `/rgnt-ofd` | OFD (Office of Domain) | | `/rgnt-o-V` | Officer verification | ### Domain Management Routes | Route | Description | | --- | --- | | `/domain-application-details` | Domain application details | | `/domain-details` | Domain detail view | | `/register` | Domain registration | | `/add-domain` | Add new domain | | `/manage-renewal` | Manage domain renewal | | `/dmn-metrics` | Domain metrics | | `/name-server` | Name server management | | `/onboarding-stepper` | Onboarding wizard | ### Admin Routes | Route | Description | | --- | --- | | `/invoices` | Invoice list | | `/invoice-details` | Invoice detail | | `/admin-invoice-details` | Admin invoice view | | `/applications` | Applications list | | `/entity-approval` | Entity approval | | `/organisation-details` | Organisation details | | `/user-domain-details` | User domain details | | `/req-apv` | Request approval | | `/dsc-verification` | DSC verification | | `/ru` | Registrar user | | `/rfg` | Registrar function group | | `/rg` | Registrar group | | `/esd` | ESD (Entity Service Desk) | | `/rg-rpt` | Reports | | `/mod-req` | Modification request | ### Other | Route | Description | | --- | --- | | `/home` | Home page | | `/change-password` | Change password | | `/payment-response` | Payment response handler | | `/payment-status` | Payment status display | | `/contact-details-form` | Contact details form | | `/verify-documents` | Document verification | | `/su-ad-details` | Super admin details | | `/preview` | Preview | | `/dcmnt-pvw` | Document preview | | `/pmnt-sbms` | Payment submission | | `/app-sbms` | Application submission | --- ## API Endpoints ### Base URL pattern: `{apiGatewayUrl}/dr/{microservice}/...` The API gateway URL is set in a global config object referenced as `gt.apiURL`. ### User & Auth (`/dr/user`, `/dr/users`, `/dr/rgtrUser`, `/dr/rgtrusers`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/users/login` | POST | User login | | `/dr/rgtrusers/login` | POST | Registrar login | | `/dr/user/save` | POST | Create user | | `/dr/user/all` | GET | List all users | | `/dr/user/get` | GET | Get user by ID | | `/dr/user/update` | PUT | Update user | | `/dr/user/delete` | DELETE | Delete user | | `/dr/user/getDetails` | GET | Get user details | | `/dr/user/roles` | GET | User roles | | `/dr/user/deleteOrphanUser` | DELETE | Delete orphan user | | `/dr/user/deleteprofilepicture` | DELETE | Delete profile picture | | `/dr/user/update/pwd` | PUT | Update password | | `/dr/rgtrUser/getUser` | GET | Get registrar user | | `/dr/rgtrUser/update` | PUT | Update registrar user | | `/dr/rgtrUser/delete` | DELETE | Delete registrar user | ### Domain Registration (`/dr/domain`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/domain` | GET/POST | Domain CRUD | | `/dr/domain/countOfDomain` | GET | Domain count | | `/dr/domain/validateReservedDomain` | GET | Check if domain is reserved | | `/dr/domain/deleteApplication/{id}` | DELETE | Delete application | | `/dr/domain/deleteDomainOnly/{id}` | DELETE | Delete domain only | | `/dr/domain/deleteOrganisationIfNoDomains/{id}` | DELETE | Delete org if no domains | | `/dr/domain/validateAndPayOnUpdate` | PUT | Validate & pay on update | | `/dr/domain/domain-stats` | GET | Domain statistics | | `/dr/domain/domain-stats-chart` | GET | Domain stats for chart | ### Organisation (`/dr/organisationDetails`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/organisationDetails/all` | GET | List all organisations | | `/dr/organisationDetails/getDetailsById/{id}` | GET | Get org details | | `/dr/organisationDetails/saveOrganisationForm` | POST | Save org form | | `/dr/organisationDetails/update` | PUT | Update org | | `/dr/organisationDetails/getAllStdCodes` | GET | Get STD codes | | `/dr/organisationDetails/getOrgTaxDetails` | GET | Get tax details | ### Contact Details (`/dr/administrativeContact`, `/dr/billingContact`, `/dr/technicalContact`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/administrativeContact` | POST | Save admin contact | | `/dr/administrativeContact/delete` | DELETE | Delete admin contact | | `/dr/administrativeContact/sendOtpForVerifyOfficer` | POST | Send OTP | | `/dr/administrativeContact/VerifyEmailForOfficer` | GET | Verify officer email | | `/dr/administrativeContact/saveContactDetailsForm` | POST | Save contact form | | `/dr/administrativeContact/saveAdminDataAlongWithDoc` | POST | Save admin + docs | | `/dr/administrativeContact/saveSuperadminDataAlongWithDoc` | POST | Save superadmin + docs | | `/dr/billingContact` | POST | Save billing contact | | `/dr/billingContact/delete` | DELETE | Delete billing contact | | `/dr/billingContact/sendOtpForVerifyOfficer` | POST | Send OTP to billing officer | | `/dr/billingContact/VerifyEmailForOfficer` | GET | Verify billing officer email | | *(same pattern for* `/dr/technicalContact`*)* | | | ### Document Management (`/dr/documents`, `/dr/contactDocuments`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/documents/documentUpload` | POST | Upload document | | `/dr/documents/updateOrgDocs` | PUT | Update org docs | | `/dr/documents/orgDocs` | GET | List org documents | | `/dr/contactDocuments/contactDocumentUpload` | POST | Upload contact doc | | `/dr/contactDocuments/updateContactDocumentUpload` | PUT | Update contact doc | | `/dr/contactDocuments/contactOfficerDocuments/{id}` | GET | Get officer docs | | `/dr/contactDocuments/updateDocumentStatus/{id}` | GET | Update doc status | | `/dr/contactDocuments/documentStatus/{id}` | GET | Get doc status | ### Name Server (`/dr/nameServer`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/nameServer/all` | GET | List name servers | | `/dr/nameServer/getDetails/{id}` | GET | Get NS details | | `/dr/nameServer/update` | PUT | Update NS | | `/dr/nameServer/updateList` | PUT | Update NS list | | `/dr/nameServer/validateHostName/{domainId}/{hostname}` | GET | Validate hostname | | `/dr/nameServer/sendNameServerToNixi/{domainId}` | POST | Send NS to NIXI | | `/dr/nameServer/get/{id}` | GET | Get NS by ID | | `/dr/nameServer/sendDeleteRequest/{id}/{domainId}` | PUT | Send delete to NIXI | ### DNSSEC (`/dr/dnssec`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/dnssec/saveAll` | POST | Save DNSSEC records | | `/dr/dnssec/updateAll` | PUT | Update DNSSEC records | | `/dr/dnssec/getDnsSecByDomainId/{id}` | GET | Get DNSSEC by domain | | `/dr/dnssec/algorithmTypes` | GET | Algorithm types list | | `/dr/dnssec/digestTypes` | GET | Digest types list | | `/dr/dnssec/sendDnsSecToNixi/{domainId}` | POST | Send DNSSEC to NIXI | | `/dr/dnssec/deleteDnsSecById/{id}` | DELETE | Delete DNSSEC | ### Invoice & Payment (`/dr/invoice`, `/dr/payment`, `/dr/billingHistory`, `/dr/transactions`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/invoice/getInvoiceTemplate` | GET | Get invoice template | | `/dr/invoice/getInvoiceTemplateNsNi` | GET | Get NS/NI invoice template | | `/dr/payment` | POST | Initiate payment | | `/dr/billingHistory/all` | GET | Billing history | | `/dr/transactions` | GET | Transaction list | ### Price Details (`/dr/priceDetails`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/priceDetails` | GET | Price details | ### Verification (`/dr/gst/verify`, `/dr/pan/verify`, `/dr/phone`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/gst/verify` | POST | Verify GST | | `/dr/pan/verify` | POST | Verify PAN | | `/dr/phone/validateMobile` | GET | Validate mobile | | `/dr/phone/validateLandLine` | GET | Validate landline | ### Roles & Registry (`/dr/registry`, `/dr/roles`, `/dr/departments`, `/dr/links`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/registry/createContact` | POST | Create registry contact | | `/dr/registry/updateContact` | PUT | Update registry contact | | `/dr/registry/updateDomainAddContact/{domainId}/{contactId}` | PUT | Add contact to domain | | `/dr/registry/updateDomainRemoveContact/{domainId}/{contactId}` | PUT | Remove contact from domain | | `/dr/registry/deleteContact/{id}` | DELETE | Delete registry contact | ### Notification (`/dr/notification`) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/notification/all/{userId}` | GET | List notifications | | `/dr/notification/create` | POST | Create notification | | `/dr/notification/update` | PUT | Update notification | | `/dr/notification/count/{userId}` | GET | Unread count | | `/dr/notification/mark-all-as-read/{userId}` | PUT | Mark all read | ### Static Data / Config | Endpoint | Method | Description | | --- | --- | --- | | `/dr/static/getByType/{type}` | GET | Static configuration | | `/dr/registerDetail` | GET | Registration details | | `/dr/registerDetail/get` | GET | Get register detail | --- ## Payment Flow 1. User initiates payment → frontend creates payment payload 2. POST to internal `/dr/payment` with `{deptCode: "dr", amount, returnUrl, otherDetails}` 3. Redirect user to SBI ePay: `https://test.sbiepay.sbi/secure/AggregatorHostedListener` - **Test** URL suggests SBI's test environment — production uses a different URL 4. After payment, SBI redirects to: - `https://registrar.idrbt.ac.in/payment/dr/domain/paymentResponse` (new domain) - `https://registrar.idrbt.ac.in/payment/dr/domain/renewal/paymentResponse` (renewal) ### Payment fields sent to SBI: ```json { "deptCode": "dr", "amount": "...", "returnUrl": "...", "otherDetails": "...", "encryptTrans": "...", "multiAccountInstructionDtls": "...", "merchIdVal": "..." } ``` --- ## DSC (Digital Signature Certificate) Integration The app integrates with **eMudhra** DSC middleware running locally: ### Endpoints (local eMudhra middleware at `https://localhost.emudhra.com:26769`) | Endpoint | Method | Description | | --- | --- | --- | | `/DSC/ListToken` | POST | List available DSC tokens | | `/DSC/ListCertificate` | POST | List certificates on token | | `/DSC/PKCSSign` | POST | Sign data with DSC | ### Internal DSC API (app-level proxy) | Endpoint | Method | Description | | --- | --- | --- | | `/dr/dsc/getTokenRequest` | GET | Get token request | | `/dr/dsc/getTokenList?data=...` | GET | Get token list | | `/dr/dsc/getCertificateRequest?keyStoreDisplayName=...` | GET | Get certificate request | | `/dr/dsc/getCertificateList` | POST | Get certificate list | | `/dr/dsc/getSigningRequest` | POST | Get signing request | | `/dr/dsc/getSignedResponse` | POST | Get signed response | | `/dr/dsc/saveDomainSignature` | POST | Save domain signature | | `/dr/dsc/loginDscVerification` | POST | Login DSC verification | --- ## Role-Based Access Control Roles found in the codebase: - **IDRBTADMIN** — Super admin (full access) - **DRADMIN** — Domain Registrar admin - **Super Admin** — Organisation-level super admin - **Financial Officer / Finance Officer** — Finance role - **Administrative Officer / Admin Contact** — Admin contact role - **Technical Officer / Technical Contact** — Technical contact role JWT token stored in `localStorage` key: `jwtToken` Authorization header: `Authorization: Bearer ` --- ## Domain Validation Rules - **TLDs supported:** `.bank.in`, `.fin.in` - Domain name must NOT start or end with a hyphen - No uppercase letters allowed - Must not begin with a number - No special characters allowed - Domain max length configurable via API (field: `domainMaxLength`) - Minimum 2 characters - Reserved domain names checked via `/dr/domain/validateReservedDomain` - Name identifiers: first 5 free, ₹2,000 + GST each thereafter - DSC signature required for domain registration --- ## Key Configurations & Constants - **reCAPTCHA**: Google reCAPTCHA v2 (`file https://www.google.com/recaptcha/api.js`) - **PDF Preview**: PDFObject (`file cdnjs.cloudflare.com/ajax/libs/pdfobject/2.1.1/pdfobject.min.js`) - **Invoice PDF**: jsPDF + html2canvas - **Payment Gateway**: SBI ePay (test environment at `test.sbiepay.sbi`) - **IDRBT CA**: `https://idrbtca.org.in/` - **Dev URL**: `http://localhost:4200` --- ## Data Schemas ### Domain Object Fields (extracted from code) - `domainId`, `domainName`, `bankName`, `organisationId` - `applicationStatus`, `paymentStatus`, `status` - `registrationDate`, `actualNixiExpiryDate`, `alignedRenewalDate` - `numberOfYears`, `tenure`, `renewalDate`, `renewalTillDate` - `domainPrice`, `aliasPrice`, `cost` - `isOnboardingDomain`, `isCoOperativeBank` - `twoLetterDomainDocumentApprovalStatus`, `twoLetterDomainDocumentStatus` - `nameServerCount`, `aliasCount` - `remainingPurchasedNameIdentifiers`, `remainingFreeNameIdentifiers` ### Organisation Object Fields - `organisationDetailsId`, `organisationName` - `admAddress`, `admAltPhone`, `admEmail`, `admFullName`, `admPhone` - `adminAddress`, `adminAltPhone`, `adminContact`, `adminEmail` - `isOnboardingDomain`, `aliasCountForOrganization` - `gstin`, `panNumber` ### User Object Fields - `userId`, `emailId`, `fullName`, `mobile` - `userRoles` (array with `roleName`) - `organisationId`, `organisationName` - `isActive`- `isActive` --- ## 🔓 Unauthenticated GET Endpoints — Complete Audit Total verified: **26 GET endpoints** lacking JWT authentication from the source code (39 service files, 4 component files audited). ### Legend - 🔓 = No `Authorization: Bearer` header in the request - The API base is `environment.apiURL` which resolves to `/api` (proxied via Apache) - Files with **NO auth imports at all**: `login.service.ts`, `rgtr-login.service.ts`, `Registration.service.ts`, `admin-invoice-details.service.ts`, `department.service.ts` - Files with **partial/missing auth**: `user.service.ts` (11 GET, 1 has auth) --- ### 🔓 AUTH-FLOW ENDPOINTS (1–5) — Pre-login user verification These are pre-authentication by design, but all confirm whether an email/userId exists in the system (user enumeration): | # | Method | Endpoint | Source | Risk | |---|--------|----------|--------|------| | 1 | GET | `/dr/user/verify-user/{userId}` | login.service.ts | User enumeration — confirms email exists | | 2 | GET | `/dr/user/verify-user/{userId}?reCaptchaToken=` | login.service.ts | Same + reCAPTCHA bypass testing | | 3 | GET | `/dr/rgtrUser/verify-user/{userId}` | rgtr-login.service.ts | Registrar user enumeration | | 4 | GET | `/dr/user/get/{userId}` | login.service.ts | Returns user info — no auth guard despite being used post-login | | 5 | GET | `/dr/user/getCheck/{userId}` | Registration.service.ts | Registration-time existence check | ### 🔓 USER MANAGEMENT ENDPOINTS (6–17) — Most critical These are admin-level endpoints. **10 of 11 have NO auth** — only `getAllRgtrUsers()` has auth headers: | # | Method | Endpoint | Source | Risk | |---|--------|----------|--------|------| | **6** | **GET** | **`/dr/user/all?organisationId=`** | **user.service.ts** | **CRITICAL: Lists 5,461 user records with bcrypt password hashes, OTPs, IPs** | | **7** | **GET** | **`/dr/user/getDetails/{id}`** | **user.service.ts** | **CRITICAL: Full user record by DB ID (bcrypt hashes)** | | 8 | GET | `/dr/user/get/{userId}` | user.service.ts | Get user by email — bcrypt hashes | | 9 | GET | `/dr/user/activeUser` | user.service.ts | Active user count | | 10 | GET | `/dr/user/deleted-users` | user.service.ts | 219 soft-deleted records | | 11 | GET | `/dr/user/orphan-users` | user.service.ts | Orphaned user records | | 12 | GET | `/dr/user/restore/{auditId}` | user.service.ts | Restore audit data | | 13 | GET | `/dr/user/delete/verify-user/{userId}` | user.service.ts | Verify under odd "delete" URL | | 14 | GET | `/dr/rgtrUser/getAlltext` | user.service.ts | Dynamic text config | | 15 | GET | `/dr/links/all` | user.service.ts | Portal links config | | 16 | GET | `/dr/departments/{departmentId}` | department.service.ts | Department by ID | | 17 | 🔐 | `/dr/rgtrUser/all` | user.service.ts | Only properly auth-gated call in this group | ### 🔓 BILLING ENDPOINTS (18–19) — Financial data | # | Method | Endpoint | Source | Risk | |---|--------|----------|--------|------| | 18 | GET | `/dr/billingHistory/all?userId=` | domain-invoices.service.ts | **CRITICAL: Billing/invoice records for any userId** | | 19 | GET | `/dr/billingHistory/getBillingHistoryById/{billingId}` | admin-invoice-details.service.ts | Individual billing record by ID | ### 🔓 CONFIGURATION ENDPOINTS (20–24) — Static data | # | Method | Endpoint | Source | Risk | |---|--------|----------|--------|------| | 20 | GET | `/dr/static/getByType/{type}` | Registration.service.ts | Config by type (email regex, pricing, GST, TDS) | | 21 | GET | `/dr/static/getAll` | Registration.service.ts | **ALL static config in one dump** | | 22 | GET | `/dr/departments/all` | department.service.ts | All departments | | 23 | GET | `/dr/registerDetail` | Registration.service.ts | Registration configuration | | 24 | GET | `/dr/registerDetail/get` | Registration.service.ts | Register detail lookup | ### 🔓 DSC PROXY ENDPOINTS (25–27) — Certificate middleware Proxied through IDRBT Apache to eMudhra middleware at `https://localhost.emudhra.com:26769`: | # | Method | Endpoint | Called From | Description | |---|--------|----------|-------------|-------------| | 25 | GET | `/dsc/getTokenRequest` | 10 components | Initiates DSC signing session | | 26 | GET | `/dsc/getTokenList?data={enc}` | 8 components | Enumerates DSC tokens | | 27 | GET | `/dsc/getCertificateRequest?keyStoreDisplayName=` | 8 components | Lists DSC certificates from selected token | ### 🔐 PROPERLY AUTHENTICATED GET ENDPOINTS (for comparison) These correctly pass `Authorization: Bearer `: | Method | Endpoint | Source | |--------|----------|--------| | GET | `/dr/invoice/getInvoiceTemplate` | domain-invoices.service.ts | | GET | `/dr/invoice/getInvoiceTemplateNsNi` | asset.service.ts | | GET | `/dr/domain/getUndertakingHash` | domain.service.ts | | GET | `/dr/domain/renewal/latest-renewal/{domainId}` | domain.service.ts | | GET | `/dr/rgtrUser/all` | user.service.ts | ### File-by-File Auth Status | File | GET calls | Authenticated | Unauthenticated | |------|:---------:|:-------------:|:---------------:| | `user.service.ts` | 12 | 1 | **11** | | `login.service.ts` | 3 | 0 | **3** | | `Registration.service.ts` | 3 | 0 | **3** | | `department.service.ts` | 2 | 0 | **2** | | `domain-invoices.service.ts` | 2 | 1 | **1** | | `admin-invoice-details.service.ts` | 1 | 0 | **1** | | `rgtr-login.service.ts` | 1 | 0 | **1** | | `asset.service.ts` | 2 | 2 | 0 | | `contact-document-upload.service.ts` | 5 | 5 | 0 | | `rgnt-domain/service/domain.service.ts` | 11 | 11 | 0 | | All other service files | 0 | — | — | ### Summary | Category | Count | Most Critical | |----------|:-----:|---------------| | User management (no auth) | 11 | `/dr/user/all` — 5,461 full records w/ bcrypt hashes | | Auth-flow pre-login | 5 | User enumeration via email existence check | | Financial/billing (no auth) | 2 | `/dr/billingHistory/all` — any userId | | Config/static (no auth) | 5 | `/dr/static/getAll` — all pricing/GST/TDS config | | DSC proxy (no auth) | 3 | Certificate/token enumeration | | **Total unauthenticated** | **26** | | | Properly authenticated | 5 | Should be the baseline, not the exception | ### Schema Files for Unauthenticated Endpoints | Schema File | Endpoint(s) Covered | |-------------|---------------------| | `schema/users-schema.json` | `/dr/user/all` | | `schema/deleted-users-schema.json` | `/dr/user/deleted-users` | | `schema/static-config-schema.json` | `/dr/static/getAll` | | `schema/links-schema.json` | `/dr/links/all` | | `schema/billing-history-schema.json` | `/dr/billingHistory/all` | | `schema/departments-schema.json` | `/dr/departments/all` | | `schema/orphan-users-schema.json` | `/dr/user/orphan-users` | | `schema/verify-user-schema.json` | `/dr/user/verify-user/*`, `/dr/rgtrUser/verify-user/*` | | `schema/dsc-proxy-schema.json` | `/dsc/getToken*`, `/dsc/getCertificate*` | | `schema/dnssec-algorithm-types-schema.json` | `/dr/dnssec/algorithmTypes` | | `schema/dnssec-digest-types-schema.json` | `/dr/dnssec/digestTypes` | | `schema/rgtr-user-text-schema.json` | `/dr/rgtrUser/getAlltext` | | `schema/departments-all-schema.json` | `/dr/departments/all` (verified data) | | `schema/dsc-proxy-verified-schema.json` | `/api/dsc/getTokenRequest` (live verified) | ### Corrected: DSC Endpoint Auth Status The 3 DSC proxy GET endpoints listed in the earlier table under "Internal DSC API (app-level proxy)" were previously unmarked. All are **unauthenticated** — they proxy to the eMudhra DSC middleware. The POST endpoints use signed requests internally and are not directly callable. | Endpoint | Method | Auth? | Correction | |----------|:------:|:-----:|:----------:| | `/dsc/getTokenRequest` | GET | 🔓 No | Previously unmarked | | `/dsc/getTokenList?data=...` | GET | 🔓 No | Previously unmarked | | `/dsc/getCertificateRequest?keyStoreDisplayName=...` | GET | 🔓 No | Previously unmarked | | `/dsc/getCertificateList` | POST | 🔐 Signed | Not directly callable | | `/dsc/getSigningRequest` | POST | 🔐 Signed | Not directly callable | | `/dsc/getSignedResponse` | POST | 🔐 Signed | Not directly callable | | `/dsc/saveDomainSignature` | POST | 🔐 Signed | Not directly callable | | `/dsc/loginDscVerification` | POST | 🔐 Signed | Not directly callable | --- ## 🔍 Verified Data Extraction — Live Testing Results (2026-06-08) **All endpoints tested via unauthenticated `curl` against production domain `registrar.idrbt.ac.in`.** ### Endpoints Verified as Unauthenticated (Server-Side Confirmation) | # | Endpoint | HTTP | Response | Data Extracted | File | |---|----------|:----:|----------|----------------|------| | 1 | `/api/dr/user/all` | 200 | 5,461 user records (~27 MB) | `users-all.json` | ✅ | | 2 | `/api/dr/user/deleted-users` | 200 | 219 deleted records (~500 KB) | `users-deleted.json` | ✅ | | 3 | `/api/dr/user/orphan-users` | 200 | **1,072 orphan records** (~5.2 MB) | `orphan-users.json` | ✅ **NEW** | | 4 | `/api/dr/user/activeUser` | 200 | Count: 5,323 | `active-user-count.json` | ✅ | | 5 | `/api/dr/user/get/{email}` | 200 | Full user record by email | Sample verified | ✅ | | 6 | `/api/dr/user/verify-user/{email}` | 200 | `{"message":"User not found."}` or user data | Enumeration confirmed | ✅ | | 7 | `/api/dr/rgtrUser/verify-user/{email}` | 200 | `{"message":"User not found."}` or user data | Enumeration confirmed | ✅ | | 8 | `/api/dr/user/getCheck/{email}` | 200 | `false` or user data | Enumeration confirmed | ✅ | | 9 | `/api/dr/static/getAll` | 200 | 16 config entries | `static-config.json` | ✅ | | 10 | `/api/dr/static/getByType/{type}` | 200 | Individual config by type | `static-gst.json` | ✅ | | 11 | `/api/dr/links/all` | 200 | 4 portal links (temp/UAT/prod/register) | `links.json` | ✅ | | 12 | `/api/dr/departments/all` | 200 | 3 departments incl. contractor emails | `departments-all.json` | ✅ **NEW** | | 13 | `/api/dr/rgtrUser/getAlltext` | 200 | 6 dynamic text config entries | `rgtr-user-text.json` | ✅ **NEW** | | 14 | `/api/dr/billingHistory/all` | 200 | Empty `[]` | `billing-history.json` | ✅ | | 15 | `/api/dr/billingHistory/getBillingHistoryById/{id}` | 200 | Error (table empty, endpoint alive) | Error response logged | ✅ | | 16 | `/api/dr/invoice/getByOrgId/{id}` | 200 | **1,535 invoices** (₹4.72 crore total) | `billing-details.json` | ✅ **NEW** | | 17 | `/api/dr/invoice/getBydomainId/{id}` | 200 | Invoice by domain ID | Sample verified | ✅ **NEW** | | 18 | `/api/dr/dnssec/algorithmTypes` | 200 | 8 DNSSEC algorithms | `dnssec-algorithm-types.json` | ✅ **NEW** | | 19 | `/api/dr/dnssec/digestTypes` | 200 | 4 digest types | `dnssec-digest-types.json` | ✅ **NEW** | | 20 | `/api/dsc/getTokenRequest` | 200 | Encrypted session data + key ID | `dsc-token-request.json` | ✅ **NEW** | | 21 | `/api/dsc/getCertificateRequest?key=...` | 200 | Encrypted cert payload | Response verified | ✅ **NEW** | | 22 | `/api/dr/notification/count/{userId}` | 200 | Count (0) | `notification-count-sample.json` | ✅ **NEW** | | 23 | `/api/dr/notification/all/{userId}` | 200 | `[]` | `notification-all-sample.json` | ✅ **NEW** | | 24 | `/api/actuator` | 200 | Actuator links (health, health-path) | `actuator.json` | ✅ | | 25 | `/api/actuator/health` | 200 | `{"status":"UP"}` | `actuator-health.json` | ✅ | ### Endpoints Verified as Auth-Gated (Server-Side 401/405) | Endpoint | HTTP | Response | |----------|:----:|----------| | `/api/dr/domain/countOfDomain` | 401 | Blocked | | `/api/dr/organisationDetails/all` | 401 | Blocked | | `/api/dr/documents/orgDocs?domainId=2` | 401 | Blocked | | `/api/dr/organisationDetails/getAllStdCodes` | 401 | Blocked | ### Endpoints Not Found / Error | Endpoint | HTTP | Response | |----------|:----:|----------| | `/api/dr/nameServer/all` | 405 | Method Not Allowed (POST only) | | `/api/dr/priceDetails` | 404 | No static resource | | `/api/dr/transactions` | 404 | No static resource | | `/api/dr/invoice/all` | 500 | Internal Server Error (unhandled) | | `/api/dr/user/roles` | 405 | Method Not Allowed | | `/api/dsc/getTokenRequest` (no `/api` prefix) | 404 | Not proxied | ### Orphan Users — Key Statistics | Metric | Value | |--------|------:| | Total orphan records | 1,072 | | Records with bcrypt hash | 1,072 (100%) | | Records with OTP hash | 1,052 (98%) | | Records with previous password | 170 (16%) | | Active accounts | 1,026 (96%) | | Inactive accounts | 46 (4%) | | Default role | **Super Admin** (1,070 of 1,072) | | Organisation ID | All `0` (no org attached) | **Critical finding:** The registration flow assigns Super Admin role by default before organisation verification. These 1,072 users have Super Admin privileges — if their records were activated, they'd have full system access. ### Cumulative Data Exposure | Data Source | Records | Password Hashes | OTP Hashes | |-------------|--------:|----------------:|-----------:| | `/dr/user/all` | 5,461 | 5,461 | ~2,676 | | `/dr/user/deleted-users` | 219 | 219 | ~186 | | `/dr/user/orphan-users` | 1,072 | 1,072 | 1,052 | | **Total across endpoints** | **6,752** | **6,752** | **~3,914** | | **Unique users affected** | **5,576** | — | — | | Invoice records | 1,535 | — | — | | Organisations exposed | 1,416 | — | — |