Fix username validation in account edit

.drone.yml

@@ -12,7 +12,7 @@ steps:
     environment:
       COMPOSER_CACHE_DIR: /tmp/cache
     commands:
-      - composer install --no-progress --no-interaction
+      - composer install --no-progress --no-interaction --ignore-platform-reqs
 
   - name: run unit tests
     image: php:7.4

Makefile

@@ -9,7 +9,7 @@ DOCKER_RUN = $(DOCKER_COMPOSE) run --rm app
 COMPOSER = $(DOCKER_RUN) composer
 PHPUNIT = $(DOCKER_RUN) vendor/bin/phpunit
 
-.PHONY: all clean VERSION \
+.PHONY: all clean version \
 	docker-up docker-up-detached docker-down docker-restart docker-build docker-rebuild docker-purge docker-logs docker-run \
 	composer-install composer-install-no-dev composer-update composer-cmd \
 	test phpunit open-coverage
@@ -99,7 +99,7 @@ open-coverage:
 
 # Create VERSION file from current git tag
 version:
-	git describe | tee VERSION
+	git describe --tags | tee VERSION
 
 
 # Clean up

public/static/style.css

@@ -27,6 +27,10 @@ a:hover, a:focus {
     text-decoration: underline;
 }
 
+.monospace {
+    font-family: monospace;
+}
+
 .gray {
     color: gray;
 }
@@ -248,7 +252,6 @@ details > summary {
 
 details > p {
     margin: 0.75rem 1rem;
-    font-family: monospace;
 }
 
 /* -- Detail columns -- */

sql/init_tables.sql

@@ -38,6 +38,7 @@ CREATE TABLE `mail_aliases`
     `alias_id`          int(10) unsigned NOT NULL AUTO_INCREMENT,
     `user_id`           int(10) unsigned NOT NULL,
     `mail_address`      varchar(255)     NOT NULL,
+    `wildcard_priority` smallint(6)      NOT NULL DEFAULT 0,
     `created_at`        datetime         NOT NULL DEFAULT NOW(),
     `modified_at`       datetime         NOT NULL DEFAULT NOW(),
     PRIMARY KEY (`alias_id`),

src/Common/FormData.php

@@ -20,7 +20,7 @@ abstract class FormData
             throw new InputValidationError("$fieldName is required.");
         } elseif (strlen($raw) < $minLength) {
             throw new InputValidationError("$fieldName is too short (minimum $minLength characters).");
-        } elseif (strlen($raw) > 100) {
+        } elseif (strlen($raw) > $maxLength) {
             throw new InputValidationError("$fieldName is too long (maximum $maxLength characters).");
         }
         return $raw;
@@ -44,25 +44,42 @@ abstract class FormData
 
     // Input validation - Application specific validators
 
-    protected static function validateUsername(string $username, bool $required = true, string $fieldName = 'Username'): ?string
+    private static function validateMailAddress(string $address, bool $required = true, string $fieldName = 'Mail address'): ?string
     {
-        if (!$required && $username === '') {
+        // Note: This validator allows '%' as wildcard character inside mail addresses.
+        if (!$required && $address === '') {
             return null;
         }
 
-        $username = strtolower(
+        $address = strtolower(
-            self::validateString($username, 3, 100, $fieldName)
+            self::validateString($address, 3, 100, $fieldName)
         );
 
-        if (!preg_match('/^[a-z0-9._+-]+@[a-z0-9.-]+$/', $username) || preg_match('/^\\.|\\.\\.|\\.@|@\\.|\\.$/', $username)) {
+        if (!preg_match('/^[a-z0-9%._+-]+@[a-z0-9%.-]+$/', $address) || preg_match('/^\\.|\\.\\.|\\.@|@\\.|\\.$/', $address)) {
             throw new InputValidationError("$fieldName is not valid (must be a valid mail address).");
         }
+        return $address;
+    }
+
+    protected static function validateUsername(string $username, bool $required = true): ?string
+    {
+        $username = self::validateMailAddress($username, $required, 'Username');
+
+        if ($username !== null && strpos($username, '%') !== false) {
+            throw new InputValidationError('Username must not contain the wildcard character "%" (use a wildcard alias instead).');
+        }
         return $username;
     }
 
-    protected static function validateAliasAddress(string $aliasAddress): string
+    protected static function validateAliasAddress(string $aliasAddress, bool $isWildcard): string
     {
-        return self::validateUsername($aliasAddress, true, 'Alias address');
+        $aliasAddress = self::validateMailAddress($aliasAddress, true, 'Alias address');
+
+        // Check if the address contains a wildcard character
+        if (!$isWildcard && strpos($aliasAddress, '%') !== false) {
+            throw new InputValidationError('Non-wildcard alias address must not contain "%" character.');
+        }
+        return $aliasAddress;
     }
 
     protected static function validatePassword(string $password, string $passwordRepeat, bool $required = true): ?string

src/Config/Loaders/YamlConfigLoader.php

@@ -30,7 +30,7 @@ class YamlConfigLoader implements ConfigLoaderInterface
             // App settings
             'appTitle' => $parsedConfig['appTitle'] ?? null,
             'environment' => $parsedConfig['environment'] ?? null,
-            'debug' => (bool)$parsedConfig['debug'] ?? null,
+            'debug' => isset($parsedConfig['debug']) ? (bool)$parsedConfig['debug'] : null,
             'timezone' => $parsedConfig['timezone'] ?? null,
             'dateTimeFormat' => $parsedConfig['dateTimeFormat'] ?? null,
 
@@ -39,7 +39,7 @@ class YamlConfigLoader implements ConfigLoaderInterface
 
             // Database settings
             'databaseHost' => $parsedConfig['database']['host'] ?? null,
-            'databasePort' => (int)$parsedConfig['database']['port'] ?? null,
+            'databasePort' => isset($parsedConfig['database']['port']) ? (int)$parsedConfig['database']['port'] : null,
             'databaseName' => $parsedConfig['database']['name'] ?? null,
             'databaseUsername' => $parsedConfig['database']['username'] ?? null,
             'databasePassword' => $parsedConfig['database']['password'] ?? null,

src/Frontend/Accounts/AccountAddAliasData.php

@@ -4,20 +4,34 @@ declare(strict_types=1);
 namespace MailAccountAdmin\Frontend\Accounts;
 
 use MailAccountAdmin\Common\FormData;
+use MailAccountAdmin\Exceptions\InputValidationError;
 
 class AccountAddAliasData extends FormData
 {
     private string $aliasAddress;
+    private bool $isWildcard;
+    private int $wildcardPriority;
 
-    private function __construct(string $aliasAddress)
+    private function __construct(string $aliasAddress, bool $isWildcard, int $wildcardPriority)
     {
+        if ($isWildcard && $wildcardPriority === 0) {
+            throw new InputValidationError('Wildcard alias must have a wildcard priority other than 0.');
+        } elseif (!$isWildcard) {
+            $wildcardPriority = 0;
+        }
+
         $this->aliasAddress = $aliasAddress;
+        $this->isWildcard = $isWildcard;
+        $this->wildcardPriority = $wildcardPriority;
     }
 
     public static function createFromArray(array $raw): self
     {
+        $isWildcard = self::validateBoolOption(trim($raw['is_wildcard'] ?? ''));
         return new self(
-            self::validateAliasAddress(trim($raw['alias_address'] ?? '')),
+            self::validateAliasAddress(trim($raw['alias_address'] ?? ''), $isWildcard),
+            $isWildcard,
+            self::validateInteger(trim($raw['wildcard_priority'] ?? '')),
         );
     }
 
@@ -25,4 +39,14 @@ class AccountAddAliasData extends FormData
     {
         return $this->aliasAddress;
     }
+
+    public function isWildcard(): bool
+    {
+        return $this->isWildcard;
+    }
+
+    public function getWildcardPriority(): int
+    {
+        return $this->wildcardPriority;
+    }
 }

src/Frontend/Accounts/AccountHandler.php

@@ -278,14 +278,22 @@ class AccountHandler
         // Check if account exists
         $this->ensureAccountExists($accountId);
 
+        $unescapedAddress = $address = $aliasAddData->getAliasAddress();
+        $wildcardPriority = 0;
+
+        if ($aliasAddData->isWildcard()) {
+            // If it's a wildcard alias, escape underscores
+            $address = str_replace('_', '\\_', $address);
+            $wildcardPriority = $aliasAddData->getWildcardPriority();
+        }
+
         // Check if alias address is still available
-        $address = $aliasAddData->getAliasAddress();
         if (!$this->accountRepository->checkUsernameAvailable($address) || !$this->aliasRepository->checkAliasAvailable($address)) {
-            throw new InputValidationError("Alias address \"$address\" is not available.");
+            throw new InputValidationError("Alias address \"$unescapedAddress\" is not available.");
         }
 
         // Create alias in database
-        $this->aliasRepository->createNewAlias($accountId, $address);
+        $this->aliasRepository->createNewAlias($accountId, $address, $wildcardPriority);
     }
 
 

src/Models/Alias.php

@@ -10,14 +10,23 @@ class Alias
     private int $id;
     private int $userId;
     private string $mailAddress;
+    private int $wildcardPriority;
     private DateTimeImmutable $createdAt;
     private DateTimeImmutable $modifiedAt;
 
-    private function __construct(int $id, int $userId, string $mailAddress, DateTimeImmutable $createdAt, DateTimeImmutable $modifiedAt)
+    private function __construct(
+        int $id,
+        int $userId,
+        string $mailAddress,
+        int $wildcardPriority,
+        DateTimeImmutable $createdAt,
+        DateTimeImmutable $modifiedAt
+    )
     {
         $this->id = $id;
         $this->userId = $userId;
         $this->mailAddress = $mailAddress;
+        $this->wildcardPriority = $wildcardPriority;
         $this->createdAt = $createdAt;
         $this->modifiedAt = $modifiedAt;
     }
@@ -28,6 +37,7 @@ class Alias
             (int)$data['alias_id'],
             (int)$data['user_id'],
             $data['mail_address'],
+            (int)$data['wildcard_priority'],
             new DateTimeImmutable($data['created_at']),
             new DateTimeImmutable($data['modified_at']),
         );
@@ -43,11 +53,24 @@ class Alias
         return $this->userId;
     }
 
-    public function getMailAddress(): string
+    public function getMailAddress(bool $unescape = true): string
     {
+        if ($this->isWildcard() && $unescape) {
+            return str_replace('\\_', '_', $this->mailAddress);
+        }
         return $this->mailAddress;
     }
 
+    public function isWildcard(): bool
+    {
+        return $this->wildcardPriority !== 0;
+    }
+
+    public function getWildcardPriority(): int
+    {
+        return $this->wildcardPriority;
+    }
+
     public function getCreatedAt(): DateTimeImmutable
     {
         return $this->createdAt;

src/Repositories/AliasRepository.php

@@ -11,11 +11,11 @@ class AliasRepository extends BaseRepository
 {
     public function fetchAliasesForUserId(int $userId): array
     {
-        $statement = $this->pdo->prepare('SELECT * FROM mail_aliases WHERE user_id = :user_id ORDER BY mail_address');
+        $statement = $this->pdo->prepare('SELECT * FROM mail_aliases WHERE user_id = :user_id ORDER BY wildcard_priority, mail_address');
         $statement->execute(['user_id' => $userId]);
         $rows = $statement->fetchAll(PDO::FETCH_ASSOC);
 
-        // Create Account models from rows
+        // Create Alias models from rows
         $aliasList = [];
         foreach ($rows as $row) {
             $aliasList[] = Alias::createFromArray($row);
@@ -43,12 +43,20 @@ class AliasRepository extends BaseRepository
         return $statement->rowCount() === 0;
     }
 
-    public function createNewAlias(int $userId, string $mailAddress): void
+    public function createNewAlias(int $userId, string $mailAddress, int $wildcardPriority = 0): void
     {
-        $statement = $this->pdo->prepare('INSERT INTO mail_aliases (user_id, mail_address) VALUES (:user_id, :mail_address)');
+        $query = '
+            INSERT INTO mail_aliases
+            (user_id, mail_address, wildcard_priority)
+            VALUES
+            (:user_id, :mail_address, :wildcard_priority)
+        ';
+
+        $statement = $this->pdo->prepare($query);
         $statement->execute([
             'user_id' => $userId,
             'mail_address' => $mailAddress,
+            'wildcard_priority' => $wildcardPriority,
         ]);
     }
 

templates/account_create.html.twig

@@ -24,7 +24,7 @@
             </p>
             <details>
                 <summary>Show list of known domains</summary>
-                <p>{{ domainList ? domainList | join(', ') : 'No domains exist yet.' }}</p>
+                <p class="monospace">{{ domainList ? domainList | join(', ') : 'No domains exist yet.' }}</p>
             </details>
             <table>
                 <tr>

templates/account_details.html.twig

@@ -71,13 +71,21 @@
             <table class="bordered_table">
                 <tr>
                     <th></th>
-                    <th>Address</th>
+                    <th style="min-width: 16em">Address</th>
+                    <th>Wildcard (priority)</th>
                     <th>Created at</th>
                 </tr>
                 {% for alias in aliases %}
                     <tr>
                         <td><input type="checkbox" id="delete_selected_{{ alias.getId() }}" name="selected_aliases[]" value="{{ alias.getId() }}"/></td>
                         <td><label for="delete_selected_{{ alias.getId() }}">{{ alias.getMailAddress() }}</label></td>
+                        <td>
+                            {% if alias.isWildcard() %}
+                                Yes ({{ alias.getWildcardPriority() }})
+                            {% else %}
+                                <span class="gray">No</span>
+                            {% endif %}
+                        </td>
                         <td>{{ alias.getCreatedAt() | date }}</td>
                     </tr>
                 {% endfor %}
@@ -95,7 +103,18 @@
             <tr>
                 <td><label for="add_alias_address">New alias:</label></td>
                 <td>
-                    <input id="add_alias_address" name="alias_address" value="{{ formData['new_alias'] | default('') }}" {{ success is defined or error is defined ? 'autofocus': '' }}/>
+                    <input id="add_alias_address" name="alias_address" value="{{ formData['alias_address'] | default('') }}" {{ success is defined or error is defined ? 'autofocus': '' }}/>
+                </td>
+            </tr>
+            <tr>
+                <td style="vertical-align: top">Wildcard:</td>
+                <td style="vertical-align: top">
+                    <label>
+                        <input type="checkbox" name="is_wildcard" {{ formData is defined and formData['is_wildcard'] | default() ? 'checked' : '' }}/>
+                        Create wildcard alias,
+                    </label>
+                    <label for="add_alias_wildcard_priority">priority:</label>
+                    <input type="number" id="add_alias_wildcard_priority" name="wildcard_priority" value="{{ formData['wildcard_priority'] | default('1') }}" style="width: 6em"/>
                 </td>
             </tr>
             <tr>
@@ -104,5 +123,18 @@
                 </td>
             </tr>
         </table>
+
+        <details>
+            <summary>How to define wildcard aliases?</summary>
+            <p>
+                Wildcard aliases use <code>%</code> as a placeholder for any amount of characters (zero or more),
+                e.g. <code>%@example.com</code> or <code>example-%@example.com</code>.
+            </p>
+            <p>
+                Additionally, a <b>wildcard priority</b> must be specified. When a mail address is looked up that
+                matches multiple (wildcard) aliases, the alias with the <b>lowest</b> wildcard priority will be used.
+                The priority must not be 0 (internally, the value 0 stands for regular non-wildcard aliases).
+            </p>
+        </details>
     </form>
 {% endblock %}