new: [requestAccess] Made the requestAccess endpoint more API friendly and some UI improvements

- better handling of empty parameters - added the mock functionality to both API and UI, this will generate the e-mail to be sent and return it with no actual sending happening - defaulting to mock if emailing is disabled - fixed some minor bugs
2019-08-30 11:10:59 +02:00 · 2019-08-30 11:10:59 +02:00 · 181bda4698
parent 1305d4cb7b
commit 181bda4698
5 changed files with 41 additions and 20 deletions
--- a/app/Controller/CommunitiesController.php
+++ b/app/Controller/CommunitiesController.php
@ -76,6 +76,9 @@ class CommunitiesController extends AppController
            'recursive' => -1,
            'fields' => array('User.gpgkey')
        ));
+        if (!empty($gpgkey['User']['gpgkey'])) {
+            $gpgkey = $gpgkey['User']['gpgkey'];
+        }
        if (!$this->request->is('post')) {
            if ($this->_isRest()) {
                return $this->RestResponse->describe('Communities', 'requestAccess', false, $this->response->type());
@ -83,7 +86,7 @@ class CommunitiesController extends AppController
            $this->request->data['Server']['email'] = $this->Auth->user('email');
            $this->request->data['Server']['org_name'] = $this->Auth->user('Organisation')['name'];
            $this->request->data['Server']['org_uuid'] = $this->Auth->user('Organisation')['uuid'];
-            $this->request->data['Server']['gpgkey'] = $gpgkey['User']['gpgkey'];
+            $this->request->data['Server']['gpgkey'] = $gpgkey;
        } else {
            if (empty($this->request->data['Server'])) {
                $this->request->data = array('Server' => $this->request->data);
@ -149,26 +152,36 @@ Thank you in advance!',
            }
            $params = array();
            $params['to'] = $community['email'];
-            $params['reply-to'] = $this->request->data['Server']['email'];
-            $params['requestor_gpgkey'] = $this->request->data['Server']['gpgkey'];
+            $params['reply-to'] = empty($this->request->data['Server']['email']) ? $this->Auth->user('email') : $this->request->data['Server']['email'];
+            $params['requestor_gpgkey'] = empty($this->request->data['Server']['gpgkey']) ? $gpgkey : $this->request->data['Server']['gpgkey'];
            $params['gpgkey'] = $community['pgp_key'];
            $params['body'] = $body;
            $params['subject'] = '[' . $community['name'] . '] Requesting MISP access';
+            $params['mock'] = !empty($this->request->data['Server']['mock']);
            $result = $this->User->sendEmailExternal($this->Auth->user(), $params);
            $message = $result ? __('Request sent.') : __('Something went wrong and the request could not be sent.');
            if ($this->_isRest()) {
-                if ($result) {
+                if ($result === true) {
                    return $this->RestResponse->saveSuccessResponse('Communities', 'requestAccess', $id, false, $message);
+                } elseif ($result) {
+                    return $this->RestResponse->viewData($result);
                } else {
                    return $this->RestResponse->saveFailResponse('Communities', 'requestAccess', false, $message);
                }
            } else {
-                if ($result) {
+                if ($result === true) {
                    $this->Flash->success($message);
+                    $this->redirect(array('controller' => 'communities', 'action' => 'view', $id));
+                } elseif ($result) {
+                    $this->set('result', $result);
+                    $this->render('request_access_email');
                } else {
                    $this->Flash->error($message);
+                    $this->redirect(array('controller' => 'communities', 'action' => 'view', $id));
                }
-                $this->redirect(array('controller' => 'communities', 'action' => 'view', $id));
+            }
+            if (!empty($this->request->data['Server']['mock'])) {
+                $this->set('mock', $this->request->data['Server']['mock']);
            }
        }
        $this->set('community', $community);
--- a/app/Controller/Component/RestResponseComponent.php
+++ b/app/Controller/Component/RestResponseComponent.php
@ -55,7 +55,7 @@ class RestResponseComponent extends Component
            'requestAccess' => array(
                'description' => "POST a request object describing yourself and your organisation to request access to the desired community.",
                'mandatory' => array(),
-                'optional' => array('org_name', 'org_uuid', 'sync', 'org_description', 'email', 'message', 'anonymise', 'gpgkey'),
+                'optional' => array('org_name', 'org_uuid', 'sync', 'org_description', 'email', 'message', 'anonymise', 'gpgkey', 'mock'),
                'params' => array('uuid')
            )
        ),
@ -996,6 +996,13 @@ class RestResponseComponent extends Component
                'values' => array(1 => 'True', 0 => 'False' ),
                'help' => __('Will only return  id, timestamp, published and uuid')
            ),
+            'mock' => array(
+                'input' => 'radio',
+                'type' => 'integer',
+                'values' => array(1 => 'True', 0 => 'False' ),
+                'operators' => array('equal'),
+                'help' => __('Mock the query')
+            ),
            'model' => array(
                'input' => 'select',
                'type' => 'string',
--- a/app/Model/User.php
+++ b/app/Model/User.php
@ -742,19 +742,6 @@ class User extends AppModel
    public function sendEmailExternal($user, $params)
    {
        $this->Log = ClassRegistry::init('Log');
-        if (Configure::read('MISP.disable_emailing')) {
-            $this->Log->create();
-            $this->Log->save(array(
-                    'org' => 'SYSTEM',
-                    'model' => 'User',
-                    'model_id' => $user['id'],
-                    'email' => $user['email'],
-                    'action' => 'email',
-                    'title' => 'Email to ' . $user['email'] . ', titled "' . $params['subject'] . '" failed. Reason: Emailing is currently disabled on this instance.',
-                    'change' => null,
-            ));
-            return true;
-        }
        $params['body'] = str_replace('\n', PHP_EOL, $params['body']);
        $Email = new CakeEmail();
        $recipient = array('User' => array('email' => $params['to']));
@ -790,6 +777,9 @@ class User extends AppModel
                }
            }
            $Email->attachments($attachments);
+            if (Configure::read('MISP.disable_emailing') || !empty($params['mock'])) {
+                $Email->transport('Debug');
+            }
            $result = $Email->send($params['body']);
            $Email->reset();
            return $result;
--- a/app/View/Communities/request_access.ctp
+++ b/app/View/Communities/request_access.ctp
@ -48,6 +48,11 @@
            $this->Form->input('anonymise', array(
                'label' => __('Anonymise information on the server used to issue the request'),
                'type' => 'checkbox'
+            )) .
+            $this->element('/genericElements/Forms/clear') .
+            $this->Form->input('mock', array(
+                'label' => __('Generate e-mail for later use, but do not send it'),
+                'type' => 'checkbox'
            ))
        ),
        $this->Form->button('Submit', array(
--- a/app/View/Elements/genericElements/SideMenu/side_menu.ctp
+++ b/app/View/Elements/genericElements/SideMenu/side_menu.ctp
@ -605,6 +605,12 @@

                            ));
                        }
+                        if ($menuItem === 'view_email') {
+                            echo $this->element('/genericElements/SideMenu/side_menu_link', array(
+                                'text' => __('Request E-mail'),
+                                'element_id' => 'view_email'
+                            ));
+                        }
                    }
                    break;