From a8a90e197bbd5620b3f4ef46ea8e25847d6d9223 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?= Date: Wed, 2 Jul 2025 11:22:32 +0200 Subject: [PATCH] Fix FLEXIAPI-342 Enforce password change when the External Account domain is changed --- .gitlab-ci.yml | 4 +- CHANGELOG.md | 1 + .../Admin/ExternalAccountController.php | 37 ++------------- .../Api/Admin/ExternalAccountController.php | 37 +-------------- flexiapi/app/Services/AccountService.php | 46 +++++++++++++++++++ 5 files changed, 54 insertions(+), 71 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7bcd06c..7f61b18 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,6 @@ variables: - ROCKY_8_IMAGE_VERSION: 20241113_143521_update_php_82 - ROCKY_9_IMAGE_VERSION: 20250513_111901_upgrade_packages + ROCKY_8_IMAGE_VERSION: 20250702_171834_update_rocky8_dockerhub + ROCKY_9_IMAGE_VERSION: 20250702_171314_update_rocky9_dockerhub DEBIAN_12_IMAGE_VERSION: 20241204_162237_update_download_linphone_org PHP_REDIS_REMI_VERSION: php-pecl-redis6-6.1.0-1 PHP_IGBINARY_REMI_VERSION: php-pecl-igbinary-3.2.16-2 diff --git a/CHANGELOG.md b/CHANGELOG.md index b4e9e18..8c260b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -57,6 +57,7 @@ v2.0 - Fix FLEXIAPI-326 Rework email templates and translations - Fix FLEXIAPI-340 Fix the space resolution when getting the realm on Accounts - Fix FLEXIAPI-341 Allow realm to be empty when creating a Space +- Fix FLEXIAPI-342 Enforce password change when the External Account domain is changed v1.6 ---- diff --git a/flexiapi/app/Http/Controllers/Admin/ExternalAccountController.php b/flexiapi/app/Http/Controllers/Admin/ExternalAccountController.php index 86afb4a..a7b27fc 100644 --- a/flexiapi/app/Http/Controllers/Admin/ExternalAccountController.php +++ b/flexiapi/app/Http/Controllers/Admin/ExternalAccountController.php @@ -21,6 +21,7 @@ namespace App\Http\Controllers\Admin; use App\Http\Controllers\Controller; use App\Http\Requests\ExternalAccount\CreateUpdate; +use App\Services\AccountService; use Illuminate\Http\Request; use Illuminate\Validation\Rule; @@ -42,41 +43,9 @@ class ExternalAccountController extends Controller public function store(CreateUpdate $request, int $accountId) { - $account = Account::findOrFail($accountId); - $externalAccount = $account->external ?? new ExternalAccount; + $externalAccount = (new AccountService)->storeExternalAccount($request, $accountId); - $password = ''; - if ($account->external?->realm != $request->get('realm')) { - $password = 'required_with:realm'; - } elseif ($externalAccount->password == null) { - $password = 'required'; - } - - $request->validate(['password' => $password]); - - $algorithm = 'MD5'; - - $externalAccount->account_id = $account->id; - $externalAccount->username = $request->get('username'); - $externalAccount->domain = $request->get('domain'); - $externalAccount->realm = $request->get('realm'); - $externalAccount->registrar = $request->get('registrar'); - $externalAccount->outbound_proxy = $request->get('outbound_proxy'); - $externalAccount->protocol = $request->get('protocol'); - - if (!empty($request->get('password'))) { - $externalAccount->password = bchash( - $externalAccount->username, - $externalAccount->realm ?? $externalAccount->domain, - $request->get('password'), - $algorithm - ); - $externalAccount->algorithm = $algorithm; - } - - $externalAccount->save(); - - return redirect()->route('admin.account.show', $account->id); + return redirect()->route('admin.account.show', $externalAccount->account->id); } public function delete(int $accountId) diff --git a/flexiapi/app/Http/Controllers/Api/Admin/ExternalAccountController.php b/flexiapi/app/Http/Controllers/Api/Admin/ExternalAccountController.php index 2cb162b..55e35c0 100644 --- a/flexiapi/app/Http/Controllers/Api/Admin/ExternalAccountController.php +++ b/flexiapi/app/Http/Controllers/Api/Admin/ExternalAccountController.php @@ -21,6 +21,7 @@ namespace App\Http\Controllers\Api\Admin; use App\Http\Controllers\Controller; use App\Http\Requests\ExternalAccount\CreateUpdate; +use App\Services\AccountService; use Illuminate\Http\Request; use Illuminate\Validation\Rule; @@ -36,41 +37,7 @@ class ExternalAccountController extends Controller public function store(CreateUpdate $request, int $accountId) { - $account = Account::findOrFail($accountId); - $externalAccount = $account->external ?? new ExternalAccount; - - $password = ''; - if ($account->external?->realm != $request->get('realm')) { - $password = 'required_with:realm'; - } elseif ($externalAccount->password == null) { - $password = 'required'; - } - - $request->validate(['password' => $password]); - - $algorithm = 'MD5'; - - $externalAccount->account_id = $account->id; - $externalAccount->username = $request->get('username'); - $externalAccount->domain = $request->get('domain'); - $externalAccount->realm = $request->get('realm'); - $externalAccount->registrar = $request->get('registrar'); - $externalAccount->outbound_proxy = $request->get('outbound_proxy'); - $externalAccount->protocol = $request->get('protocol'); - $externalAccount->algorithm = $algorithm; - - if (!empty($request->get('password'))) { - $externalAccount->password = bchash( - $externalAccount->username, - $externalAccount->realm ?? $externalAccount->domain, - $request->get('password'), - $algorithm - ); - } - - $externalAccount->save(); - - return $externalAccount; + return (new AccountService)->storeExternalAccount($request, $accountId); } public function destroy(int $accountId) diff --git a/flexiapi/app/Services/AccountService.php b/flexiapi/app/Services/AccountService.php index 56d7787..c88e705 100644 --- a/flexiapi/app/Services/AccountService.php +++ b/flexiapi/app/Services/AccountService.php @@ -23,6 +23,7 @@ use App\Account; use App\AccountCreationToken; use App\AccountRecoveryToken; use App\EmailChangeCode; +use App\ExternalAccount; use App\Http\Requests\Account\Create\Request as CreateRequest; use App\Http\Requests\Account\Update\Request as UpdateRequest; use App\Libraries\OvhSMS; @@ -399,4 +400,49 @@ class AccountService return $account; } + + /** + * External account + */ + + public function storeExternalAccount(Request $request, int $accountId) + { + $account = Account::findOrFail($accountId); + $externalAccount = $account->external ?? new ExternalAccount; + + $password = ''; + if ($account->external?->realm != $request->get('realm')) { + $password = 'required_with:realm'; + } elseif ($account->external?->domain != $request->get('domain')) { + $password = 'required_with:domain'; + } elseif ($externalAccount->password == null) { + $password = 'required'; + } + + $request->validate(['password' => $password]); + + $algorithm = 'MD5'; + + $externalAccount->account_id = $account->id; + $externalAccount->username = $request->get('username'); + $externalAccount->domain = $request->get('domain'); + $externalAccount->realm = $request->get('realm'); + $externalAccount->registrar = $request->get('registrar'); + $externalAccount->outbound_proxy = $request->get('outbound_proxy'); + $externalAccount->protocol = $request->get('protocol'); + $externalAccount->algorithm = $algorithm; + + if (!empty($request->get('password'))) { + $externalAccount->password = bchash( + $externalAccount->username, + $externalAccount->realm ?? $externalAccount->domain, + $request->get('password'), + $algorithm + ); + } + + $externalAccount->save(); + + return $externalAccount; + } }