From 10f69770234929d282c4c17f22c726c0ff791b4c Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Sun, 15 Sep 2024 17:32:43 +1000
Subject: [PATCH] Adjustments for expense imports

---
 app/Http/Controllers/MailgunController.php        |  4 ++++
 app/Http/Controllers/PostMarkController.php       |  9 +++++----
 .../Requests/Company/UpdateCompanyRequest.php     | 15 ++++++++-------
 .../Company/ValidExpenseMailbox.php               | 15 +++------------
 app/Services/InboundMail/InboundMail.php          |  2 +-
 app/Services/InboundMail/InboundMailEngine.php    |  8 ++++----
 6 files changed, 25 insertions(+), 28 deletions(-)

diff --git a/app/Http/Controllers/MailgunController.php b/app/Http/Controllers/MailgunController.php
index 06a37b0cff55..d44b5e3ad2ea 100644
--- a/app/Http/Controllers/MailgunController.php
+++ b/app/Http/Controllers/MailgunController.php
@@ -64,6 +64,8 @@ class MailgunController extends BaseController
     {
 
         $input = $request->all();
+        
+        nlog($input);
 
         if (\abs(\time() - $request['signature']['timestamp']) > 15) {
             return response()->json(['message' => 'Success'], 200);
@@ -118,6 +120,8 @@ class MailgunController extends BaseController
     {
         $input = $request->all();
 
+        nlog($input);
+
         if (!array_key_exists('sender', $input) || !array_key_exists('recipient', $input) || !array_key_exists('message-url', $input)) {
             nlog('Failed: Message could not be parsed, because required parameters are missing. Please ensure contacting this api-endpoint with a store & notify operation instead of a forward operation!');
             return response()->json(['message' => 'Failed. Missing Parameters. Use store and notify!'], 400);
diff --git a/app/Http/Controllers/PostMarkController.php b/app/Http/Controllers/PostMarkController.php
index 88e6812fd38e..82905513fcc7 100644
--- a/app/Http/Controllers/PostMarkController.php
+++ b/app/Http/Controllers/PostMarkController.php
@@ -273,7 +273,9 @@ class PostMarkController extends BaseController
 
         $input = $request->all();
 
-        if (!($request->has('token') && $request->get('token') == config('ninja.inbound_mailbox.inbound_webhook_token')))
+        nlog($input);
+
+        if (!$request->has('token') || $request->token != config('ninja.inbound_mailbox.inbound_webhook_token'))
             return response()->json(['message' => 'Unauthorized'], 403);
 
         if (!(array_key_exists("MessageStream", $input) && $input["MessageStream"] == "inbound") || !array_key_exists("To", $input) || !array_key_exists("From", $input) || !array_key_exists("MessageID", $input)) {
@@ -281,17 +283,16 @@ class PostMarkController extends BaseController
             return response()->json(['message' => 'Failed. Missing/Invalid Parameters.'], 400);
         }
         
-        $company = MultiDB::findAndSetDbByExpenseMailbox($input["To"]);
+        $company = MultiDB::findAndSetDbByExpenseMailbox($input["ToFull"][0]["Email"]);
 
         if (!$company) {
             nlog('[PostmarkInboundWebhook] unknown Expense Mailbox occured while handling an inbound email from postmark: ' . $input["To"]);
-            // $inboundEngine->saveMeta($input["From"], $input["To"], true); // important to save this, to protect from spam
             return response()->json(['message' => 'Ok'], 200);
         }
 
         $inboundEngine = new InboundMailEngine($company);
 
-        if ($inboundEngine->isInvalidOrBlocked($input["From"], $input["To"])) {
+        if ($inboundEngine->isInvalidOrBlocked($input["From"], $input["ToFull"][0]["Email"])) {
             return response()->json(['message' => 'Blocked.'], 403);
         }
 
diff --git a/app/Http/Requests/Company/UpdateCompanyRequest.php b/app/Http/Requests/Company/UpdateCompanyRequest.php
index 52d6d80aa9d4..44ef906d4476 100644
--- a/app/Http/Requests/Company/UpdateCompanyRequest.php
+++ b/app/Http/Requests/Company/UpdateCompanyRequest.php
@@ -11,14 +11,15 @@
 
 namespace App\Http\Requests\Company;
 
-use App\DataMapper\CompanySettings;
-use App\Http\Requests\Request;
-use App\Http\ValidationRules\Company\ValidExpenseMailbox;
-use App\Http\ValidationRules\ValidSettingsRule;
-use App\Http\ValidationRules\EInvoice\ValidCompanyScheme;
-use App\Http\ValidationRules\Company\ValidSubdomain;
 use App\Utils\Ninja;
+use App\Http\Requests\Request;
 use App\Utils\Traits\MakesHash;
+use Illuminate\Validation\Rule;
+use App\DataMapper\CompanySettings;
+use App\Http\ValidationRules\ValidSettingsRule;
+use App\Http\ValidationRules\Company\ValidSubdomain;
+use App\Http\ValidationRules\Company\ValidExpenseMailbox;
+use App\Http\ValidationRules\EInvoice\ValidCompanyScheme;
 
 class UpdateCompanyRequest extends Request
 {
@@ -76,7 +77,7 @@ class UpdateCompanyRequest extends Request
             $rules['subdomain'] = ['nullable', 'regex:/^[a-zA-Z0-9.-]+[a-zA-Z0-9]$/', new ValidSubdomain()];
         }
 
-        $rules['expense_mailbox'] = ['email', 'nullable', new ValidExpenseMailbox()];
+        $rules['expense_mailbox'] = ['sometimes','email', 'nullable', new ValidExpenseMailbox(), Rule::unique('companies')->ignore($this->company->id)];
 
         return $rules;
     }
diff --git a/app/Http/ValidationRules/Company/ValidExpenseMailbox.php b/app/Http/ValidationRules/Company/ValidExpenseMailbox.php
index 8ae3b97129bb..eb7be7c3e447 100644
--- a/app/Http/ValidationRules/Company/ValidExpenseMailbox.php
+++ b/app/Http/ValidationRules/Company/ValidExpenseMailbox.php
@@ -32,30 +32,21 @@ class ValidExpenseMailbox implements Rule
 
     public function passes($attribute, $value)
     {
-        if (empty($value)) {
+        if (empty($value) || !config('ninja.inbound_mailbox.expense_mailbox_endings')) {
             return true;
         }
 
-        // early return, if we dont have any additional validation
-        if (!config('ninja.inbound_mailbox.expense_mailbox_endings')) {
-            $this->validated_schema = true;
-            return MultiDB::checkExpenseMailboxAvailable($value);
-        }
 
         // Validate Schema
         $validated = false;
         foreach ($this->endings as $ending) {
             if (str_ends_with($value, $ending)) {
-                $validated = true;
-                break;
+                return true;
             }
         }
 
-        if (!$validated)
-            return false;
+        return false;
 
-        $this->validated_schema = true;
-        return MultiDB::checkExpenseMailboxAvailable($value);
     }
 
     /**
diff --git a/app/Services/InboundMail/InboundMail.php b/app/Services/InboundMail/InboundMail.php
index 4532a041dedb..f7ab8652ea95 100644
--- a/app/Services/InboundMail/InboundMail.php
+++ b/app/Services/InboundMail/InboundMail.php
@@ -30,7 +30,7 @@ class InboundMail
 
     public string $text_body;
 
-    /** @var array[\Illuminate\Http\UploadedFile] $documents */
+    /** @var array[?\Illuminate\Http\UploadedFile] $documents */
     public array $documents = [];
 
     public ?Carbon $date = null;
diff --git a/app/Services/InboundMail/InboundMailEngine.php b/app/Services/InboundMail/InboundMailEngine.php
index 3aee96e2fdc0..aa08eee23d0e 100644
--- a/app/Services/InboundMail/InboundMailEngine.php
+++ b/app/Services/InboundMail/InboundMailEngine.php
@@ -265,14 +265,14 @@ class InboundMailEngine
 
         // whitelists
         $whitelist = explode(",", $this->company->inbound_mailbox_whitelist);
-        if (in_array($email->from, $whitelist))
+        if (is_array($whitelist) && in_array($email->from, $whitelist))
             return true;
-        if (in_array($domain, $whitelist))
+        if (is_array($whitelist) && in_array($domain, $whitelist))
             return true;
         $blacklist = explode(",", $this->company->inbound_mailbox_blacklist);
-        if (in_array($email->from, $blacklist))
+        if (is_array($blacklist) && in_array($email->from, $blacklist))
             return false;
-        if (in_array($domain, $blacklist))
+        if (is_array($blacklist) && in_array($domain, $blacklist))
             return false;
 
         // allow unknown