Merge pull request #639 from systemli/feat/user_aliases_api

feat: Add user API endpoint to get list of aliases
systemli · Sep 27, 2024 · de9526f · de9526f
2 parents b3437c4 + 29ee905
commit de9526f
Show file tree

Hide file tree

Showing 12 changed files with 155 additions and 26 deletions.
diff --git a/.env b/.env
@@ -62,3 +62,9 @@ KEYCLOAK_API_ENABLED=false
 KEYCLOAK_API_IP_ALLOWLIST="127.0.0.1, ::1"
 # Warning: set a secure access token
 KEYCLOAK_API_ACCESS_TOKEN="insecure"
+
+### Enable roundcube API ###
+# Set to `true` to enable roundcube API
+ROUNDCUBE_API_ENABLED=false
+# Access is restricted to these IPs (supports subnets like `10.0.0.1/24`)
+ROUNDCUBE_API_IP_ALLOWLIST="127.0.0.1, ::1"
diff --git a/.env.test b/.env.test
@@ -25,3 +25,5 @@ WKD_FORMAT="advanced"
 KEYCLOAK_API_ENABLED=true
 KEYCLOAK_API_IP_ALLOWLIST="127.0.0.1, ::1"
 KEYCLOAK_API_ACCESS_TOKEN="insecure"
+ROUNDCUBE_API_ENABLED=true
+ROUNDCUBE_API_IP_ALLOWLIST="127.0.0.1, ::1"
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -62,11 +62,11 @@ jobs:
           bin/console cache:clear --env=test
           bin/behat --format progress
 
-      - name: SonarCloud Scan
-        uses: sonarsource/sonarcloud-github-action@master
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+#      - name: SonarCloud Scan
+#        uses: sonarsource/sonarcloud-github-action@master
+#        env:
+#          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+#          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
   test-mariadb:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml
@@ -11,7 +11,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Psalm
-        uses: docker://vimeo/psalm-github-actions
+        uses: docker://ghcr.io/psalm/psalm-github-actions
         with:
           security_analysis: true
           report_file: results.sarif

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+# 3.9.0 (2024.09.27)
+
+* Add roundcube API endpoint to get list of aliases
+* Fix MailCryptKeyHandler create/update (#629)
+* Update dependencies
+
 # 3.8.0 (2024.05.30)
 
 * Add Support for TOTP in KeyCloak API

diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -116,6 +116,12 @@ security:
             provider: keycloak
             access_token:
                 token_handler: App\Security\KeycloakAccessTokenHandler
+        roundcube:
+            pattern: ^/api/roundcube
+            stateless: true
+            provider: user
+            http_basic:
+                realm: Roundcube API
         main:
             pattern: ^/
             provider: user
@@ -163,3 +169,9 @@ security:
           allow_if: "'%env(KEYCLOAK_API_ENABLED)%' == 'true' and is_granted('ROLE_KEYCLOAK')",
         }
       - { path: "^/api/keycloak", roles: ROLE_NO_ACCESS }
+      - {
+          path: "^/api/roundcube",
+          ips: "%env(ROUNDCUBE_API_IP_ALLOWLIST)%",
+          allow_if: "'%env(ROUNDCUBE_API_ENABLED)%' == 'true' and is_granted('ROLE_USER')",
+        }
+      - { path: "^/api/roundcube", roles: ROLE_NO_ACCESS }
diff --git a/src/Controller/RoundcubeController.php b/src/Controller/RoundcubeController.php
@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Controller;
+
+use App\Entity\Alias;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+
+class RoundcubeController extends AbstractController
+{
+    public function __construct(
+        private readonly EntityManagerInterface $manager,
+    ) {
+    }
+
+    #[Route(path: '/api/roundcube', name: 'api_roundcube', methods: ['GET'], stateless: true)]
+    public function getUserAliases(): Response
+    {
+        $user = $this->getUser();
+
+        $aliases = $this->manager->getRepository(Alias::class)->findByUser($user);
+        $aliasSources = array_map(static function ($alias) { return $alias->getSource(); }, $aliases);
+        return $this->json($aliasSources);
+    }
+}
diff --git a/src/DataFixtures/LoadAliasData.php b/src/DataFixtures/LoadAliasData.php
@@ -16,33 +16,20 @@ class LoadAliasData extends Fixture implements FixtureGroupInterface, DependentF
      */
     public function load(ObjectManager $manager): void
     {
-        $user = $manager->getRepository(User::class)->findByEmail('admin@example.org');
+        $user = $manager->getRepository(User::class)->findByEmail('user2@example.org');
 
-        for ($i = 1; $i < 5; ++$i) {
-            $alias = AliasFactory::create($user, null);
-
-            $manager->persist($alias);
-        }
-
-        $users = $manager->getRepository(User::class)->findAll();
-
-        for ($i = 1; $i < 500; ++$i) {
-            $alias = AliasFactory::create($users[random_int(0, count($users) - 1)], 'alias' . $i);
-
-            $manager->persist($alias);
-
-            if (($i % 100) === 0) {
-                $manager->flush();
-            }
-        }
+        $alias = AliasFactory::create($user, 'alias');
+        $manager->persist($alias);
+        $alias2 = AliasFactory::create($user, 'alias2');
+        $manager->persist($alias2);
 
         $manager->flush();
         $manager->clear();
     }
 
     public static function getGroups(): array
     {
-        return ['advanced'];
+        return ['basic'];
     }
 
     public function getDependencies(): array

diff --git a/src/DataFixtures/LoadRandomAliasData.php b/src/DataFixtures/LoadRandomAliasData.php
@@ -0,0 +1,54 @@
+<?php
+
+namespace App\DataFixtures;
+
+use App\Entity\User;
+use App\Factory\AliasFactory;
+use Doctrine\Bundle\FixturesBundle\Fixture;
+use Doctrine\Bundle\FixturesBundle\FixtureGroupInterface;
+use Doctrine\Common\DataFixtures\DependentFixtureInterface;
+use Doctrine\Persistence\ObjectManager;
+
+class LoadRandomAliasData extends Fixture implements FixtureGroupInterface, DependentFixtureInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function load(ObjectManager $manager): void
+    {
+        $user = $manager->getRepository(User::class)->findByEmail('admin@example.org');
+
+        for ($i = 1; $i < 5; ++$i) {
+            $alias = AliasFactory::create($user, null);
+
+            $manager->persist($alias);
+        }
+
+        $users = $manager->getRepository(User::class)->findAll();
+
+        for ($i = 1; $i < 500; ++$i) {
+            $alias = AliasFactory::create($users[random_int(0, count($users) - 1)], 'alias' . $i);
+
+            $manager->persist($alias);
+
+            if (($i % 100) === 0) {
+                $manager->flush();
+            }
+        }
+
+        $manager->flush();
+        $manager->clear();
+    }
+
+    public static function getGroups(): array
+    {
+        return ['advanced'];
+    }
+
+    public function getDependencies(): array
+    {
+        return [
+            LoadUserData::class,
+        ];
+    }
+}
diff --git a/src/DataFixtures/LoadUserData.php b/src/DataFixtures/LoadUserData.php
@@ -14,6 +14,7 @@ class LoadUserData extends AbstractUserData implements DependentFixtureInterface
     private array $users = [
         ['email' => 'admin@example.org', 'roles' => [Roles::ADMIN], 'totp' => false],
         ['email' => 'user@example.org', 'roles' => [Roles::USER], 'totp' => false],
+        ['email' => 'user2@example.org', 'roles' => [Roles::USER], 'totp' => false],
         ['email' => 'totp@example.org', 'roles' => [Roles::USER], 'totp' => true],
         ['email' => 'spam@example.org', 'roles' => [Roles::SPAM], 'totp' => false],
         ['email' => 'support@example.org', 'roles' => [Roles::MULTIPLIER], 'totp' => false],

diff --git a/tests/Controller/KeycloakControllerTest.php b/tests/Controller/KeycloakControllerTest.php
@@ -54,7 +54,7 @@ public function testGetUsersCount(): void
         self::assertResponseIsSuccessful();
 
         $data = json_decode($client->getResponse()->getContent(), true, 512, JSON_THROW_ON_ERROR);
-        self::assertEquals(6, $data);
+        self::assertEquals(7, $data);
     }
 
     public function testGetOneUser(): void

diff --git a/tests/Controller/RoundcubeControllerTest.php b/tests/Controller/RoundcubeControllerTest.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace App\Tests\Controller;
+
+use App\Entity\User;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+
+class RoundcubeControllerTest extends WebTestCase
+{
+    public function testGetUserAliasesWrongCredentials(): void
+    {
+        $client = static::createClient();
+        $client->request('GET', '/api/roundcube');
+
+        self::assertResponseStatusCodeSame(401);
+    }
+
+    public function testGetUserAliases(): void
+    {
+        $client = static::createClient();
+        $userRepository = static::getContainer()->get('doctrine')->getRepository(User::class);
+        $client->loginUser($userRepository->findOneByEmail('user2@example.org'));
+        $client->request('GET', '/api/roundcube');
+
+        self::assertResponseIsSuccessful();
+
+        $expected = [
+            'alias@example.org',
+            'alias2@example.org',
+        ];
+        $data = json_decode($client->getResponse()->getContent(), true, 512, JSON_THROW_ON_ERROR);
+        self::assertEquals($expected, $data);
+    }
+}