@stamhoofd/backend 2.96.3 → 2.97.1

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@stamhoofd/backend",
-    "version": "2.96.3",
+    "version": "2.97.1",
     "main": "./dist/index.js",
     "exports": {
         ".": {
@@ -45,14 +45,14 @@
         "@simonbackx/simple-encoding": "2.22.0",
         "@simonbackx/simple-endpoints": "1.20.1",
         "@simonbackx/simple-logging": "^1.0.1",
-        "@stamhoofd/backend-i18n": "2.96.3",
-        "@stamhoofd/backend-middleware": "2.96.3",
-        "@stamhoofd/email": "2.96.3",
-        "@stamhoofd/models": "2.96.3",
-        "@stamhoofd/queues": "2.96.3",
-        "@stamhoofd/sql": "2.96.3",
-        "@stamhoofd/structures": "2.96.3",
-        "@stamhoofd/utility": "2.96.3",
+        "@stamhoofd/backend-i18n": "2.97.1",
+        "@stamhoofd/backend-middleware": "2.97.1",
+        "@stamhoofd/email": "2.97.1",
+        "@stamhoofd/models": "2.97.1",
+        "@stamhoofd/queues": "2.97.1",
+        "@stamhoofd/sql": "2.97.1",
+        "@stamhoofd/structures": "2.97.1",
+        "@stamhoofd/utility": "2.97.1",
         "archiver": "^7.0.1",
         "axios": "^1.8.2",
         "cookie": "^0.7.0",
@@ -70,5 +70,5 @@
     "publishConfig": {
         "access": "public"
     },
-    "gitHead": "9da200d4958b6959f604def8861ac00595a668cf"
+    "gitHead": "bf96e4489028e06431539f4b041086f4dbc3d277"
 }

package/src/audit-logs/EmailLogger.ts

@@ -1,42 +1,50 @@
-import { Email, EmailRecipient } from '@stamhoofd/models';
-import { AuditLogReplacement, AuditLogReplacementType, AuditLogType, EmailStatus, replaceEmailHtml } from '@stamhoofd/structures';
+import { Email } from '@stamhoofd/models';
+import { AuditLogReplacement, AuditLogReplacementType, AuditLogType, EmailStatus } from '@stamhoofd/structures';
 import { Formatter } from '@stamhoofd/utility';
 import { ModelLogger } from './ModelLogger';
 
 export const EmailLogger = new ModelLogger(Email, {
-    async optionsGenerator(event) {
-        if (event.type === 'deleted') {
-            return;
-        }
+    skipKeys: ['json', 'text', 'status', 'userId', 'createdAt', 'updatedAt', 'deletedAt', 'recipientFilter', 'emailRecipientsCount', 'otherRecipientsCount', 'succeededCount', 'softFailedCount', 'failedCount', 'membersCount', 'hardBouncesCount', 'softBouncesCount', 'spamComplaintsCount', 'recipientsStatus', 'recipientsErrors', 'emailErrors', 'sentAt'],
 
+    async optionsGenerator(event) {
         let oldStatus = EmailStatus.Draft;
 
         if (event.type === 'updated') {
             oldStatus = event.originalFields.status as EmailStatus;
         }
 
-        const newStatus = event.model.status as EmailStatus;
-        if (newStatus === oldStatus) {
-            return;
+        if (event.type === 'deleted' || (event.type === 'updated' && event.model.deletedAt && !event.getOldModel().deletedAt)) {
+            return {
+                type: AuditLogType.EmailDeleted,
+                data: {
+                },
+                generatePatchList: false,
+            };
         }
 
-        if (newStatus !== EmailStatus.Sent && newStatus !== EmailStatus.Sending) {
-            return;
+        const newStatus = event.model.status as EmailStatus;
+        if (newStatus === oldStatus || (newStatus !== EmailStatus.Sent && newStatus !== EmailStatus.Sending)) {
+            if (newStatus === EmailStatus.Draft) {
+                return;
+            }
+            return {
+                type: AuditLogType.EmailEdited,
+                data: {
+                },
+                generatePatchList: true,
+            };
         }
 
         if (newStatus === EmailStatus.Sent) {
-            const recipient = await EmailRecipient.select().where('emailId', event.model.id).whereNot('sentAt', null).first(false);
-            // Get first recipient
             return {
-                type: AuditLogType.EmailSent,
+                type: event.model.sendAsEmail ? AuditLogType.EmailSent : AuditLogType.EmailPublished,
                 data: {
-                    recipient,
                 },
                 generatePatchList: false,
             };
         }
 
-        if (event.model.emailType) {
+        if (event.model.emailType || !event.model.sendAsEmail) {
             // don't log the scheduled part of automated emails
             return;
         }
@@ -44,7 +52,6 @@ export const EmailLogger = new ModelLogger(Email, {
         return {
             type: AuditLogType.EmailSending,
             data: {
-                recipient: null,
             },
             generatePatchList: false,
         };
@@ -54,7 +61,7 @@ export const EmailLogger = new ModelLogger(Email, {
         const map = new Map([
             ['e', AuditLogReplacement.create({
                 id: model.id,
-                value: replaceEmailHtml(model.subject ?? '', options.data.recipient?.replacements ?? []),
+                value: model.subject ?? '',
                 type: AuditLogReplacementType.Email,
             })],
             ['c', AuditLogReplacement.create({
@@ -62,10 +69,8 @@ export const EmailLogger = new ModelLogger(Email, {
                 count: model.emailRecipientsCount ?? 0,
             })],
         ]);
-        if (options.data.recipient) {
-            map.set('html', AuditLogReplacement.html(
-                replaceEmailHtml(model.html ?? '', options.data.recipient?.replacements ?? []),
-            ));
+        if (model.html) {
+            map.set('html', AuditLogReplacement.html(model.html));
         }
         return map;
     },

package/src/endpoints/global/email/CreateEmailEndpoint.ts

@@ -83,6 +83,14 @@ export class CreateEmailEndpoint extends Endpoint<Params, Query, Body, ResponseB
         model.json = request.body.json;
         model.status = request.body.status;
         model.attachments = request.body.attachments;
+        model.sendAsEmail = request.body.sendAsEmail ?? true;
+        model.showInMemberPortal = request.body.showInMemberPortal ?? false;
+
+        if (model.showInMemberPortal) {
+            if (!model.recipientFilter.canShowInMemberPortal) {
+                model.showInMemberPortal = false;
+            }
+        }
 
         const list = organization ? organization.privateMeta.emails : (await Platform.getShared()).privateConfig.emails;
         const sender = list.find(e => e.id === request.body.senderId);

package/src/endpoints/global/email/GetAdminEmailsEndpoint.test.ts

@@ -0,0 +1,174 @@
+import { Request } from '@simonbackx/simple-endpoints';
+import { Email, EmailRecipient, MemberFactory, Organization, OrganizationFactory, RegistrationPeriod, RegistrationPeriodFactory, Token, User, UserFactory } from '@stamhoofd/models';
+import { EmailStatus, LimitedFilteredRequest, PermissionLevel, Permissions, Replacement } from '@stamhoofd/structures';
+import { TestUtils } from '@stamhoofd/test-utils';
+import { testServer } from '../../../../tests/helpers/TestServer';
+import { GetAdminEmailsEndpoint } from './GetAdminEmailsEndpoint';
+import { Formatter } from '@stamhoofd/utility';
+
+const baseUrl = `/email`;
+
+describe('Endpoint.getAdminEmails', () => {
+    const endpoint = new GetAdminEmailsEndpoint();
+    let period: RegistrationPeriod;
+    let organization: Organization;
+    let userToken: Token;
+    let user: User;
+    let member: any; // MemberWithRegistrations type
+
+    beforeAll(async () => {
+        TestUtils.setPermanentEnvironment('userMode', 'platform');
+
+        period = await new RegistrationPeriodFactory({
+            startDate: new Date(2023, 0, 1),
+            endDate: new Date(2023, 11, 31),
+        }).create();
+
+        organization = await new OrganizationFactory({ period })
+            .create();
+
+        user = await new UserFactory({
+            organization,
+            permissions: Permissions.create({ level: PermissionLevel.Full }),
+        }).create();
+
+        // Create a member associated with the user
+        member = await new MemberFactory({
+            organization,
+            user,
+        }).create();
+
+        userToken = await Token.createToken(user);
+    });
+
+    const getAdminEmails = async (query: LimitedFilteredRequest = new LimitedFilteredRequest({ limit: 10 }), token: Token = userToken, testOrganization: Organization = organization) => {
+        const request = Request.get({
+            path: baseUrl,
+            host: testOrganization.getApiHost(),
+            query,
+            headers: {
+                authorization: 'Bearer ' + token.accessToken,
+            },
+        });
+        return await testServer.test(endpoint, request);
+    };
+
+    test('Should return empty list when no emails are sent to user', async () => {
+        const response = await getAdminEmails();
+        expect(response.body.results).toHaveLength(0);
+    });
+
+    test('Should strip sensitive information from loginDetails', async () => {
+        // Create another user that will have sensitive data
+        const sensitiveUser = await new UserFactory({
+            organization,
+        }).create();
+
+        // Create an email
+        const email = new Email();
+        email.subject = 'Sensitive Data Email';
+        email.status = EmailStatus.Sent;
+        email.text = 'Email with sensitive replacements {{outstandingBalance}} {{loginDetails}} {{unsubscribeUrl}}';
+        email.html = '<p>Email with sensitive replacements {{outstandingBalance}} {{loginDetails}} {{unsubscribeUrl}}</p>';
+        email.json = {};
+        email.organizationId = organization.id;
+        email.showInMemberPortal = true;
+        email.sentAt = new Date();
+        await email.save();
+
+        // Create a recipient for the sensitive user (with different user data than our test user)
+        const sensitiveRecipient = new EmailRecipient();
+        sensitiveRecipient.emailId = email.id;
+        sensitiveRecipient.memberId = member.id; // Same member as our test user
+        sensitiveRecipient.userId = sensitiveUser.id; // Different user ID
+        sensitiveRecipient.email = sensitiveUser.email; // Different email
+        sensitiveRecipient.firstName = member.details.firstName;
+        sensitiveRecipient.lastName = member.details.lastName;
+        sensitiveRecipient.sentAt = new Date();
+
+        // Add sensitive replacements that should be stripped by the API
+        sensitiveRecipient.replacements = [
+            Replacement.create({
+                token: 'loginDetails',
+                value: '',
+                html: `<p class="description"><em>Login with <strong>${sensitiveUser.email}</strong> Alice Security Code: <span class="style-inline-code">ABCD-EFGH-IJKL-MNOP</span></em></p>`,
+            }),
+            Replacement.create({
+                token: 'unsubscribeUrl',
+                value: 'https://example.com/unsubscribe?token=secret-token-12345',
+            }),
+            Replacement.create({
+                token: 'signInUrl',
+                value: 'https://example.com/login?token=private-signin-token-67890',
+            }),
+            Replacement.create({
+                token: 'outstandingBalance',
+                value: '€ 150.00',
+            }),
+            Replacement.create({
+                token: 'balanceTable',
+                html: '<table><tr><td>Private balance information</td><td>€ 150.00</td></tr></table>',
+            }),
+        ];
+
+        await sensitiveRecipient.save();
+
+        // Search specifically for this email to avoid interference from other tests
+        const searchQuery = new LimitedFilteredRequest({
+            limit: 10,
+            search: 'Sensitive Data Email',
+        });
+
+        const response = await getAdminEmails(searchQuery);
+
+        expect(response.body.results).toHaveLength(1);
+        const emailResult = response.body.results[0];
+
+        const recipient = emailResult.exampleRecipient!;
+        expect(recipient).toBeDefined();
+
+        // The original recipient struct keeps its original userId and email from the sensitive user
+        expect(recipient.userId).toBe(sensitiveUser.id); // Original userId
+        expect(recipient.email).toBe(sensitiveUser.email); // Original email
+
+        // Verify that sensitive data has been properly processed
+        expect(recipient.replacements).toBeDefined();
+        expect(Array.isArray(recipient.replacements)).toBe(true);
+
+        const allReplacementsString = JSON.stringify(recipient.replacements);
+        expect(allReplacementsString).not.toContain('ABCD-EFGH-IJKL-MNOP'); // Original security code should be gone
+        expect(allReplacementsString).not.toContain('secret-token-12345'); // Original sensitive unsubscribe token should be gone
+        expect(allReplacementsString).not.toContain('private-signin-token-67890'); // Original sensitive signin token should be gone
+
+        // Verify that safe, current-user-appropriate replacements are created
+        const loginDetailsReplacement = recipient.replacements.find(r => r.token === 'loginDetails');
+        const unsubscribeUrlReplacement = recipient.replacements.find(r => r.token === 'unsubscribeUrl');
+
+        // loginDetails should exist and be empty/generic for web display
+        expect(loginDetailsReplacement).toBeDefined();
+        expect(loginDetailsReplacement!.html).not.toBe(undefined); // Should be empty for web display
+        expect(loginDetailsReplacement!.value).toBe('');
+        // Check html contains ••••
+        expect(loginDetailsReplacement!.html).toContain('••••');
+
+        // unsubscribeUrl should exist and be safe for web display
+        expect(unsubscribeUrlReplacement).toBeDefined();
+        expect(unsubscribeUrlReplacement!.value).toMatch(/^https:\/\//); // Should still be a valid URL
+        expect(unsubscribeUrlReplacement!.value).not.toContain('secret-token-12345'); // Original sensitive token should be gone
+
+        // This tests that Email.getStructureForUser properly handles sensitive data by:
+        // 1. Removing original sensitive replacements from other users' data
+        // 2. Creating fresh, appropriate replacements for the current viewer
+        // 3. Ensuring web safety of all replacement values
+
+        // Check outstandingBalance replacement IS not altered
+        const balanceReplacement = recipient.replacements.find(r => r.token === 'outstandingBalance');
+        expect(balanceReplacement).toBeDefined();
+        expect(balanceReplacement!.value).toBe('€ 150.00'); // Should be corrected to the new user
+
+        // Check balanceTable replacement IS not altered
+        const balanceTableReplacement = recipient.replacements.find(r => r.token === 'balanceTable');
+        expect(balanceTableReplacement).toBeDefined();
+        expect(balanceTableReplacement!.html).toBe('<table><tr><td>Private balance information</td><td>€ 150.00</td></tr></table>'); // Should be corrected to the new user
+    });
+});

package/src/endpoints/global/email/GetEmailEndpoint.ts

@@ -40,8 +40,8 @@ export class GetEmailEndpoint extends Endpoint<Params, Query, Body, ResponseBody
         if (!model || (model.organizationId !== (organization?.id ?? null))) {
             throw new SimpleError({
                 code: 'not_found',
-                human: 'Email not found',
-                message: $t(`9ddb6616-f62d-4c91-82a9-e5cf398e4c4a`),
+                message: 'Email not found',
+                human: $t(`9ddb6616-f62d-4c91-82a9-e5cf398e4c4a`),
                 statusCode: 404,
             });
         }