PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2188ff5479dbc4da707f2f8f5e82b346ba4b51f7
xamxam/TODO.md
Pontoporeia 2188ff5479 docs: add SMTP 550 postfix fix report for mail admin
2026-05-05 11:04:52 +02:00

132 lines
8.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# TODO
## Admin area cleanup
- [x] Combine `acces-etudiante.php` + `file-access.php` into `acces.php` (two `<section>` blocks)
- [x] Move `system.php` content into `parametres.php` (system section + logs section)
- [x] Use `<section>` for sections, `<fieldset>` only where form fields are present
- [x] Redirect legacy URLs (acces-etudiante.php, file-access.php, system.php) with 301
- [x] Update action redirects to point to new pages
- [x] Update admin nav header (merged 3 items → 2)
## Bug fixes
- [x] Fix `$enabledAccessTypes` undefined / `array_map()` TypeError on edit page — controller was fetching `getAccessTypes()` instead of `getEnabledFormAccessTypes()` and returning it under the wrong key
- [x] Fix fatal TypeError: `old()` called with wrong arity in `jury-fieldset.php` partial under partage context — removed `?: null` coercions so `$juryPresident`/`$juryPromoteur` are `''` not `null`, keeping `$addMode` false
- [x] Fix `$formData` destroyed by included partials (`fieldset-academic.php`, `fieldset-metadata.php`, `fieldset-licence-explanation.php` were incorrectly unsetting `$formData`/wrong variable in caller scope)
## Form help blocks — sortable admin UI
- [x] Migration 005: add `sort_order` column to `form_help_blocks`
- [x] `Database::getAllFormHelpBlocks()` — ORDER BY sort_order, expose sort_order in returned data
- [x] `Database::reorderFormHelpBlocks(array $keys)` — persist new order
- [x] `actions/form-help-reorder.php` — HTMX POST handler (CSRF-protected, 204 response)
- [x] `templates/admin/contenus.php` — replace table with two-panel layout:
- Left: SortableJS + htmx drag-and-drop card list
- Right: static form structure reference (fieldsets + inputs)
- [x] CSS in admin.css: `.fhb-*` classes for layout, cards, ghost/chosen/drag states
- [x] `schema.sql` — updated `form_help_blocks` DDL with `sort_order`
- [x] Vendor SortableJS 1.15.2 into `assets/js/sortable.min.js` (remove CDN dependency)
## Bug fixes (continued)
- [x] Fix missing favicon tags in `partage/recapitulatif.php`
- [x] Fix fatal `Class "SmtpRelay" not found` in `StudentEmail.php` — add `require_once SmtpRelay.php` before `StudentEmail.php` in `partage/index.php`
- [x] Add missing favicon tags to all three `<head>` blocks in `partage/index.php` (error page, password gate, main form)
## Rename posterg → xamxam throughout codebase
- [x] Rename `nginx/posterg.conf``nginx/xamxam.conf` (+ `.conf.reference`)
- [x] Update nginx conf: `server_name`, log paths, htpasswd path, header comments
- [x] Update `justfile`: SSH host alias, group, DB filename, conf path, tmp paths
- [x] Update `scripts/deploy-server.sh`: group, conf paths, site names, URLs
- [x] Update `scripts/setup-server.sh`: APP_DIR, APP_GROUP, comments
- [x] Update `scripts/manage-admin-users.sh`: htpasswd path
- [x] Update `scripts/migrate.sh`: DB filename
- [x] Update `scripts/setup-dev.sh`: DB filename
- [x] Update `scripts/copy_crash_logs.sh`: log filenames, hostname
- [x] Update `README.md`: SSH host, paths, DB name
- [x] Update `nginx/README.md`, `nginx/SETUP.md`, and all `nginx/docs/*.md`
- [x] Update PHP source: `Database.php`, `SystemController.php`, `MediaController.php`, `LiveReloadController.php`, `SmtpRelay.php`, `live-reload.php`, export actions
- [x] Update `app/migrations/run.php`, `app/tests/README.md`, `app/storage/README.md`
- [x] Replace all remaining "Post-ERG" branding with "XAMXAM" (scripts, PHP source, schema, docs)
- [x] `deploy-server.sh`: remove legacy `sites-enabled/posterg` symlink to fix duplicate `limit_req_zone` nginx error
- [x] `deploy-server.sh`: auto-migrate `.htpasswd-posterg``.htpasswd-xamxam` if new file absent
- [x] `deploy-server.sh`: auto-migrate `posterg.db``xamxam.db` if new DB missing/empty; remove legacy file
- [x] `deploy-server.sh`: clean up legacy posterg nginx configs and prune old backups
- [x] Rename local `storage/posterg.db``storage/xamxam.db`
## LDAP auth migration (pending client access)
- [ ] Get LDAP server hostname, port, service-account DN+password, base DN, user attr, group DN from client
- [ ] Verify TCP reachability from XAMXAM VM to LDAP server (port 636)
- [ ] See `docs/LDAP_AUTH_PLAN.md` for full phase-by-phase plan
## SMTP transport security hardening
- [x] Enable TLS peer verification (`verify_peer`, `verify_peer_name`, `peer_name`) on both `smtpSend` and `smtpProbe` — removes MITM vulnerability from `verify_peer: false`
- [x] Add `caBundlePath()` — resolves system CA bundle path (php.ini → Debian/RHEL/Alpine candidates → PHP built-in fallback)
- [x] Set SSL context options explicitly on socket before `stream_socket_enable_crypto()` for STARTTLS (both probe and send paths)
- [x] Add `sanitiseEnvelope()` — strips CR/LF from envelope addresses to prevent SMTP command injection
- [x] Fix RFC 5321 §4.5.2 dot-stuffing: replace `preg_replace` with correct CRLF-normalise → `str_replace("\r\n.", "\r\n..")` sequence
## SMTP notify_email fix
- [x] Migration 006: add `notify_email` column to `smtp_settings`
- [x] `SmtpRelay::getSettings()` — include `notify_email` in SELECT + defaults
- [x] `SmtpRelay::updateSettings()` — persist `notify_email`
- [x] `SmtpRelay::getNotifyEmail()` — returns `notify_email` ?? `from_email`
- [x] `request-access.php` — use `getNotifyEmail()` instead of `from_email` for admin notifications
- [x] `actions/settings.php` — wire `smtp_notify_email` POST field
- [x] Template: add "Adresse de notification admin" field to SMTP form
- [x] `schema.sql` — updated DDL
## SMTP credential validation
- [x] Add `SmtpProbeException` with `field` property for structured error classification
- [x] Add `SmtpRelay::test()` — returns `{ok, error, field}` with field = input id to highlight
- [x] `smtpProbe()` throws typed exceptions per failure point:
- connect fail → name resolution error → `smtp_host`
- connect fail → port refused → `smtp_port`
- connect fail → timeout → `smtp_host`
- bad greeting / timeout after connect → `smtp_host` / `smtp_port`
- STARTTLS not supported / TLS negotiation fail → `smtp_encryption`
- AUTH rejected, code 535 → `smtp_password`; other auth failures → `smtp_username`
- [x] `actions/settings.php`: store `$_SESSION['_flash_smtp_field']` on probe failure
- [x] `parametres.php` controller: consume + clear `_flash_smtp_field` into `$smtpErrorField`
- [x] Template: `aria-invalid`, `aria-describedby`, inline `<small class="param-field-error">` per field
- [x] JS: scroll + focus the offending field on page load
- [x] CSS: red `border-bottom` on `[aria-invalid]`, `.param-field-error` error text style
## Répertoire layout
- [x] Make column headings sticky/non-scrollable; only `ul` scrolls per column
- [x] Remove padding from `.search-main` and `.repertoire-index`
- [x] Minimal horizontal padding inside columns (`var(--space-2xs)`)
- [x] Align all column headings to the same baseline row (2-row grid via `display: contents`)
## SMTP 550 recipient-rejected handling
- [x] Add `SmtpSendException` — carries `smtpCode` + `smtpResponse`; `isRecipientRejected()` for 550554
- [x] `smtpSend()` `$expect` closure throws `SmtpSendException` (with code) instead of plain `RuntimeException`
- [x] `SmtpRelay::send()` re-throws `SmtpSendException` so callers can react
- [x] `request-access.php` (new auto-approve): catch 550 → roll back token + approval, return HTTP 422 with user-facing message
- [x] `request-access.php` (resend path): catch 550 → return HTTP 422 instead of silent "access approved"
- [x] `StudentEmail::sendConfirmation()`: catch `SmtpSendException` → log + return false (submission must not be aborted)
- [x] `admin/actions/access-request.php`: catch `SmtpSendException` after approval → flash warning distinguishing recipient-rejected vs transient
- [x] `docs/SMTP_550_POSTFIX_FIX.md` — report for Postfix admin (diagnosis, 3 fix options, verification steps)
## CSS refactor
- [x] Move semantic HTML element baseline styles into common.css
- `fieldset` (background, border, padding, radius)
- `legend` (font, weight, color, transform)
- `small` (size, color, display, margin)
- `table`, `th`, `td` (collapse, sizing, spacing)
- `dialog` + `::backdrop`
- `details > summary`
- [x] Remove duplicated rules from admin.css, form.css, system.css, file-access.css
- [x] Fix file-access.css to use real design tokens (was using undefined --border, --surface, --accent, etc.)
- [x] Remove redundant @import url("./variables.css") from admin.css, system.css, file-access.css
Reference in New Issue View Git Blame Copy Permalink