Fix FLEXIAPI-342 Enforce password change when the External Account domain is changed

.gitlab-ci.yml

@@ -1,6 +1,6 @@
 variables:
-  ROCKY_8_IMAGE_VERSION: 20241113_143521_update_php_82
-  ROCKY_9_IMAGE_VERSION: 20250513_111901_upgrade_packages
+  ROCKY_8_IMAGE_VERSION: 20250702_171834_update_rocky8_dockerhub
+  ROCKY_9_IMAGE_VERSION: 20250702_171314_update_rocky9_dockerhub
   DEBIAN_12_IMAGE_VERSION: 20241204_162237_update_download_linphone_org
   PHP_REDIS_REMI_VERSION: php-pecl-redis6-6.1.0-1
   PHP_IGBINARY_REMI_VERSION: php-pecl-igbinary-3.2.16-2

CHANGELOG.md

@@ -57,6 +57,7 @@ v2.0
 - Fix FLEXIAPI-326 Rework email templates and translations
 - Fix FLEXIAPI-340 Fix the space resolution when getting the realm on Accounts
 - Fix FLEXIAPI-341 Allow realm to be empty when creating a Space
+- Fix FLEXIAPI-342 Enforce password change when the External Account domain is changed
 
 v1.6
 ----

flexiapi/app/Http/Controllers/Admin/ExternalAccountController.php

@@ -21,6 +21,7 @@ namespace App\Http\Controllers\Admin;
 
 use App\Http\Controllers\Controller;
 use App\Http\Requests\ExternalAccount\CreateUpdate;
+use App\Services\AccountService;
 use Illuminate\Http\Request;
 use Illuminate\Validation\Rule;
 
@@ -42,41 +43,9 @@ class ExternalAccountController extends Controller
 
     public function store(CreateUpdate $request, int $accountId)
     {
-        $account = Account::findOrFail($accountId);
-        $externalAccount = $account->external ?? new ExternalAccount;
+        $externalAccount = (new AccountService)->storeExternalAccount($request, $accountId);
 
-        $password = '';
-        if ($account->external?->realm != $request->get('realm')) {
-            $password = 'required_with:realm';
-        } elseif ($externalAccount->password == null) {
-            $password = 'required';
-        }
-
-        $request->validate(['password' => $password]);
-
-        $algorithm = 'MD5';
-
-        $externalAccount->account_id = $account->id;
-        $externalAccount->username = $request->get('username');
-        $externalAccount->domain = $request->get('domain');
-        $externalAccount->realm = $request->get('realm');
-        $externalAccount->registrar = $request->get('registrar');
-        $externalAccount->outbound_proxy = $request->get('outbound_proxy');
-        $externalAccount->protocol = $request->get('protocol');
-
-        if (!empty($request->get('password'))) {
-            $externalAccount->password = bchash(
-                $externalAccount->username,
-                $externalAccount->realm ?? $externalAccount->domain,
-                $request->get('password'),
-                $algorithm
-            );
-            $externalAccount->algorithm = $algorithm;
-        }
-
-        $externalAccount->save();
-
-        return redirect()->route('admin.account.show', $account->id);
+        return redirect()->route('admin.account.show', $externalAccount->account->id);
     }
 
     public function delete(int $accountId)

flexiapi/app/Http/Controllers/Api/Admin/ExternalAccountController.php

@@ -21,6 +21,7 @@ namespace App\Http\Controllers\Api\Admin;
 
 use App\Http\Controllers\Controller;
 use App\Http\Requests\ExternalAccount\CreateUpdate;
+use App\Services\AccountService;
 use Illuminate\Http\Request;
 use Illuminate\Validation\Rule;
 
@@ -36,41 +37,7 @@ class ExternalAccountController extends Controller
 
     public function store(CreateUpdate $request, int $accountId)
     {
-        $account = Account::findOrFail($accountId);
-        $externalAccount = $account->external ?? new ExternalAccount;
-
-        $password = '';
-        if ($account->external?->realm != $request->get('realm')) {
-            $password = 'required_with:realm';
-        } elseif ($externalAccount->password == null) {
-            $password = 'required';
-        }
-
-        $request->validate(['password' => $password]);
-
-        $algorithm = 'MD5';
-
-        $externalAccount->account_id = $account->id;
-        $externalAccount->username = $request->get('username');
-        $externalAccount->domain = $request->get('domain');
-        $externalAccount->realm = $request->get('realm');
-        $externalAccount->registrar = $request->get('registrar');
-        $externalAccount->outbound_proxy = $request->get('outbound_proxy');
-        $externalAccount->protocol = $request->get('protocol');
-        $externalAccount->algorithm = $algorithm;
-
-        if (!empty($request->get('password'))) {
-            $externalAccount->password = bchash(
-                $externalAccount->username,
-                $externalAccount->realm ?? $externalAccount->domain,
-                $request->get('password'),
-                $algorithm
-            );
-        }
-
-        $externalAccount->save();
-
-        return $externalAccount;
+        return (new AccountService)->storeExternalAccount($request, $accountId);
     }
 
     public function destroy(int $accountId)

flexiapi/app/Services/AccountService.php

@@ -23,6 +23,7 @@ use App\Account;
 use App\AccountCreationToken;
 use App\AccountRecoveryToken;
 use App\EmailChangeCode;
+use App\ExternalAccount;
 use App\Http\Requests\Account\Create\Request as CreateRequest;
 use App\Http\Requests\Account\Update\Request as UpdateRequest;
 use App\Libraries\OvhSMS;
@@ -399,4 +400,49 @@ class AccountService
 
         return $account;
     }
+
+    /**
+     * External account
+     */
+
+    public function storeExternalAccount(Request $request, int $accountId)
+    {
+        $account = Account::findOrFail($accountId);
+        $externalAccount = $account->external ?? new ExternalAccount;
+
+        $password = '';
+        if ($account->external?->realm != $request->get('realm')) {
+            $password = 'required_with:realm';
+        } elseif ($account->external?->domain != $request->get('domain')) {
+            $password = 'required_with:domain';
+        } elseif ($externalAccount->password == null) {
+            $password = 'required';
+        }
+
+        $request->validate(['password' => $password]);
+
+        $algorithm = 'MD5';
+
+        $externalAccount->account_id = $account->id;
+        $externalAccount->username = $request->get('username');
+        $externalAccount->domain = $request->get('domain');
+        $externalAccount->realm = $request->get('realm');
+        $externalAccount->registrar = $request->get('registrar');
+        $externalAccount->outbound_proxy = $request->get('outbound_proxy');
+        $externalAccount->protocol = $request->get('protocol');
+        $externalAccount->algorithm = $algorithm;
+
+        if (!empty($request->get('password'))) {
+            $externalAccount->password = bchash(
+                $externalAccount->username,
+                $externalAccount->realm ?? $externalAccount->domain,
+                $request->get('password'),
+                $algorithm
+            );
+        }
+
+        $externalAccount->save();
+
+        return $externalAccount;
+    }
 }