Fix FLEXIAPI-437 Forbid voicemail creation if the related account can't be reached by email

2026-02-07 13:58:24 +00:00 · 2026-02-04 09:16:18 +00:00 · 2026-02-04 09:16:18 +00:00 · 126f25de5a
commit 126f25de5a
parent 6550a9082c
6 changed files with 27 additions and 7 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -3,7 +3,7 @@ variables:
  ROCKY_9_IMAGE_VERSION: 20250702_171314_update_rocky9_dockerhub
  ROCKY_10_IMAGE_VERSION: 20250908_164454_rocky10_first
  DEBIAN_12_IMAGE_VERSION: 20250908_154742_refresh_dependencies
-  DEBIAN_13_IMAGE_VERSION: 20260120_152506_update_packages
+  DEBIAN_13_IMAGE_VERSION: 20260204_090147_update_packages
  PHP_REDIS_REMI_VERSION: php-pecl-redis6-6.1.0-1
  PHP_IGBINARY_REMI_VERSION: php-pecl-igbinary-3.2.16-2
  PHP_MSGPACK_REMI_VERSION: php-pecl-msgpack-2.2.0-3
--- a/flexiapi/app/Http/Controllers/Api/Admin/Account/VoicemailController.php
+++ b/flexiapi/app/Http/Controllers/Api/Admin/Account/VoicemailController.php
@ -18,6 +18,11 @@ class VoicemailController extends Controller
    public function store(Request $request, int $accountId)
    {
        $account = Account::findOrFail($accountId);
+
+        if ($account->email == null) {
+            abort(422, 'The account should be reachable by email');
+        }
+
        $request->validate([
            'sip_from' => 'nullable|starts_with:sip',
            'content_type' => [
--- a/flexiapi/lang/fr.json
+++ b/flexiapi/lang/fr.json
@ -81,6 +81,7 @@
    "Dictionary": "Dictionnaire",
    "Display name": "Nom d'affichage",
    "Domain": "Domaine",
+    "Domain used if empty": "Le domaine est utilisé si vide",
    "Don’t have the app yet?": "Vous n’avez pas encore l’application ?",
    "Download Linphone" : "Télécharger Linphone",
    "Edit": "Éditer",
@ -136,6 +137,7 @@
    "Meeting": "Réunions",
    "Min characters to search": "Nombre minimum de caractères pour chercher",
    "Month": "Mois",
+    "Must be different than domain": "Doit être différent du domaine",
    "My Account": "Mon Compte",
    "My Space": "Mon Espace",
    "Name": "Nom",
--- a/flexiapi/resources/views/admin/account/external/show.blade.php
+++ b/flexiapi/resources/views/admin/account/external/show.blade.php
@ -54,18 +54,18 @@
                <div>
                    <input placeholder="realm" name="realm" type="text"
                        value="@if($externalAccount->id){{ $externalAccount->realm }}@else{{ old('realm') }}@endif">
-                    <label for="username">{{ __('Realm') }}</label>
+                    <label for="username">{{ __('Realm') }} ({{ __('Domain used if empty') }})</label>
                    @include('parts.errors', ['name' => 'realm'])
                </div>
                <div>
                    <input placeholder="domain.tld" name="registrar" type="text"
                        value="@if($externalAccount->id){{ $externalAccount->registrar }}@else{{ old('registrar') }}@endif">
-                    <label for="domain">{{ __('Registrar') }}</label>
+                    <label for="domain">{{ __('Registrar') }} ({{ __('Must be different than domain') }})</label>
                </div>
                <div>
                    <input placeholder="outbound.tld" name="outbound_proxy" type="text"
                        value="@if($externalAccount->id){{ $externalAccount->outbound_proxy }}@else{{ old('outbound_proxy') }}@endif">
-                    <label for="domain">{{ __('Outbound Proxy') }}</label>
+                    <label for="domain">{{ __('Outbound Proxy') }} ({{ __('Must be different than domain') }})</label>
                </div>
                <div class="select">
                    <select name="protocol">
--- a/flexiapi/resources/views/api/documentation/about_auth.blade.php
+++ b/flexiapi/resources/views/api/documentation/about_auth.blade.php
@ -94,6 +94,8 @@ The API will then check if the token was signed properly, is still valid and aut

 ### Using DIGEST

+**When the JWT authentication is configured, the DIGEST auth is not available anymore.**
+
 To discover the available hashing algorythm you MUST send an unauthenticated request to one of the restricted endpoints.<br />
 Only DIGEST-MD5 and DIGEST-SHA-256 are supported through the authentication layer.

--- a/flexiapi/tests/Feature/ApiVoicemailTest.php
+++ b/flexiapi/tests/Feature/ApiVoicemailTest.php
@ -28,11 +28,22 @@ class ApiVoicemailTest extends TestCase
    protected $route = '/api/accounts/me/voicemails';
    protected $uploadRoute = '/api/files/';

-    public function testAccount()
+    public function testAccountWithoutEmail()
    {
        $account = Account::factory()->create();
        $account->generateUserApiKey();

+        $this->keyAuthenticated($account)
+            ->json('POST', $this->route, [
+                'content_type' => 'audio/opus'
+            ])->assertStatus(422);
+    }
+
+    public function testAccount()
+    {
+        $account = Account::factory()->withEmail()->create();
+        $account->generateUserApiKey();
+
        $this->keyAuthenticated($account)
            ->json('POST', $this->route, [])
            ->assertJsonValidationErrors(['content_type']);
@ -78,7 +89,7 @@ class ApiVoicemailTest extends TestCase
        $admin = Account::factory()->admin()->create();
        $admin->generateUserApiKey();

-        $account = Account::factory()->create();
+        $account = Account::factory()->withEmail()->create();
        $account->generateUserApiKey();

        $adminRoute = '/api/accounts/' . $account->id . '/voicemails';
@ -115,7 +126,7 @@ class ApiVoicemailTest extends TestCase

    public function testUpload()
    {
-        $account = Account::factory()->create();
+        $account = Account::factory()->withEmail()->create();
        $account->generateUserApiKey();

        $accountFile = $this->keyAuthenticated($account)