Handle SMTP 550 recipient-rejected errors with structured SmtpSendException

- Add SmtpSendException with smtpCode/smtpResponse/isRecipientRejected() - smtpSend() $expect closure throws SmtpSendException (with code) instead of RuntimeException - SmtpRelay::send() re-throws SmtpSendException so callers can inspect it - request-access.php (new): catch 550 → roll back token+approval, return HTTP 422 with FR user message - request-access.php (resend): catch 550 → HTTP 422 instead of silently claiming success - StudentEmail::sendConfirmation(): catch SmtpSendException → log+false (submission not aborted) - admin/actions/access-request.php: catch SmtpSendException post-approval → flash warning (recipient-rejected vs transient)
2026-05-06 19:19:19 +02:00 · 2026-04-30 12:40:14 +02:00
parent 8d115dc965
commit 89b7ab476e
5 changed files with 103 additions and 6 deletions
--- a/app/public/admin/actions/access-request.php
+++ b/app/public/admin/actions/access-request.php
@@ -52,9 +52,16 @@ try {
        $body = buildApprovalEmail($thesisTitle, $thesisAuthors, $accessUrl, $notes);
        $plain = strip_tags($body);

-        SmtpRelay::send($db, $request['email'], $subject, $body, $plain);
-
-        App::flash('success', "Demande approuvée. Email envoyé à {$request['email']}.");
+        try {
+            SmtpRelay::send($db, $request['email'], $subject, $body, $plain);
+            App::flash('success', "Demande approuvée. Email envoyé à {$request['email']}.");
+        } catch (SmtpSendException $e) {
+            error_log('[access-request] Email delivery failed after approval: ' . $e->getMessage());
+            $smtpMsg = $e->isRecipientRejected()
+                ? "Demande approuvée, mais l'email n'a pas pu être délivré : adresse inconnue ({$request['email']})."
+                : "Demande approuvée, mais l'envoi de l'email a échoué (erreur SMTP). L'utilisateur devra relancer une demande.";
+            App::flash('warning', $smtpMsg);
+        }

    } elseif ($action === 'reject') {
        $db->rejectAccessRequest($requestId, $notes);
--- a/app/public/request-access.php
+++ b/app/public/request-access.php
@@ -20,6 +20,7 @@ require_once __DIR__ . '/../bootstrap.php';
 require_once APP_ROOT . '/src/Database.php';
 require_once APP_ROOT . '/src/RateLimit.php';
 require_once APP_ROOT . '/src/SmtpRelay.php';
+// SmtpSendException is defined in SmtpRelay.php

 header('Content-Type: application/json');

@@ -114,6 +115,18 @@ if ($existingRequest) {
                'message' => 'Un nouvel email d\'accès vous a été envoyé.',
                'status'  => 'resent',
            ]);
+        } catch (SmtpSendException $e) {
+            error_log('Access request resend failed: ' . $e->getMessage());
+            if ($e->isRecipientRejected()) {
+                http_response_code(422);
+                echo json_encode([
+                    'success' => false,
+                    'message' => "L'adresse e-mail « {$email} » est introuvable sur le serveur de messagerie de l'ERG. Vérifiez l'orthographe ou utilisez une autre adresse.",
+                    'status'  => 'recipient_rejected',
+                ]);
+            } else {
+                echo json_encode(['success' => true, 'message' => 'Votre accès est déjà approuvé. Si vous n\'avez pas reçu l\'email, contactez l\'administrateur.']);
+            }
        } catch (Exception $e) {
            error_log('Access request resend failed: ' . $e->getMessage());
            echo json_encode(['success' => true, 'message' => 'Votre accès est déjà approuvé. Si vous n\'avez pas reçu l\'email, contactez l\'administrateur.']);
@@ -152,7 +165,31 @@ try {
        $body      = buildAutoApprovalEmail($thesis['title'], $thesis['authors'] ?? '', $accessUrl);
        $plain     = htmlToPlain($body);

-        SmtpRelay::send($db, $email, $subject, $body, $plain);
+        try {
+            SmtpRelay::send($db, $email, $subject, $body, $plain);
+        } catch (SmtpSendException $e) {
+            if ($e->isRecipientRejected()) {
+                // SMTP server does not know this address — roll back the approval
+                // so the user can retry with a valid address.
+                $db->getPDO()->exec(
+                    "DELETE FROM file_access_tokens WHERE request_id = {$requestId}"
+                );
+                $db->getPDO()->exec(
+                    "UPDATE file_access_requests
+                     SET status = 'rejected', admin_notes = 'Adresse e-mail inconnue du serveur de messagerie (550)'
+                     WHERE id = {$requestId}"
+                );
+                http_response_code(422);
+                echo json_encode([
+                    'success' => false,
+                    'message' => "L'adresse e-mail « {$email} » est introuvable sur le serveur de messagerie de l'ERG. Vérifiez l'orthographe ou utilisez une autre adresse.",
+                    'status'  => 'recipient_rejected',
+                ]);
+                exit;
+            }
+            // Transient send failure — access is approved, email may arrive later
+            error_log("[request-access] Email delivery failed for approved request #{$requestId}: " . $e->getMessage());
+        }

        http_response_code(200);
        echo json_encode([
@@ -201,6 +238,10 @@ try {
        ]);
    }

+} catch (SmtpSendException $e) {
+    error_log('Access request SMTP failure: ' . $e->getMessage());
+    http_response_code(500);
+    echo json_encode(['success' => false, 'message' => 'Erreur lors de l\'envoi de l\'email. Veuillez réessayer.']);
 } catch (Exception $e) {
    error_log('Access request failed: ' . $e->getMessage());
    http_response_code(500);