feat: enhance mail sending functionality with recipient address source

Author: tacxou

apps/api/src/management/identities/identities.module.ts

@@ -40,7 +40,7 @@ import { IdentitiesPasswordExpirationReminderService } from '~/management/identi
     ]),
     FilestorageModule,
     forwardRef(() => BackendsModule),
-    SettingsModule,
+    forwardRef(() => SettingsModule),
     PasswordHistoryModule,
     AgentsModule,
   ],

apps/api/src/management/mail/_dto/mail-send-many.dto.ts

@@ -1,19 +1,28 @@
-import { ApiProperty } from '@nestjs/swagger'
-import { Types } from 'mongoose'
-import { IsArray, IsObject, IsOptional, IsString } from 'class-validator'
+import { ApiProperty } from '@nestjs/swagger';
+import { Types } from 'mongoose';
+import { IsArray, IsIn, IsObject, IsOptional, IsString } from 'class-validator';
 
 export class MailSendManyDto {
   @ApiProperty({ description: 'Ids des identities destinataires' })
   @IsArray()
-  public ids: Types.ObjectId[]
+  public ids: Types.ObjectId[];
 
   @ApiProperty({ description: 'Nom du template mailer (ex: initaccount)' })
   @IsString()
-  public template: string
+  public template: string;
 
   @ApiProperty({ required: false, description: 'Variables additionnelles injectées dans le template' })
   @IsOptional()
   @IsObject()
-  public variables?: Record<string, string>
-}
+  public variables?: Record<string, string>;
 
+  @ApiProperty({
+    required: false,
+    enum: ['principal', 'personnel'],
+    description:
+      'Si renseigné, adresse destinataire lue via le chemin JSON SMTP (e-mail principal ou e-mail personnel). Sinon, politique de mot de passe (emailAttribute).',
+  })
+  @IsOptional()
+  @IsIn(['principal', 'personnel'])
+  public recipientAddressSource?: 'principal' | 'personnel';
+}

apps/api/src/management/mail/mail-send.controller.ts

@@ -1,10 +1,10 @@
-import { Body, Controller, HttpStatus, Post, Res } from '@nestjs/common'
-import { ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger'
-import { Response } from 'express'
-import { UseRoles } from '~/_common/decorators/use-roles.decorator'
-import { AC_ACTIONS, AC_DEFAULT_POSSESSION } from '~/_common/types/ac-types'
-import { MailSendManyDto } from './_dto/mail-send-many.dto'
-import { MailSendService } from './mail-send.service'
+import { Body, Controller, HttpStatus, Post, Res } from '@nestjs/common';
+import { ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
+import { Response } from 'express';
+import { UseRoles } from '~/_common/decorators/use-roles.decorator';
+import { AC_ACTIONS, AC_DEFAULT_POSSESSION } from '~/_common/types/ac-types';
+import { MailSendManyDto } from './_dto/mail-send-many.dto';
+import { MailSendService } from './mail-send.service';
 
 @Controller('mail')
 @ApiTags('management/mail')
@@ -24,8 +24,8 @@ export class MailSendController {
       ids: (body.ids || []).map((id) => String(id)),
       template: body.template,
       variables: body.variables,
-    })
-    return res.status(HttpStatus.OK).json({ statusCode: HttpStatus.OK, data: result })
+      recipientAddressSource: body.recipientAddressSource,
+    });
+    return res.status(HttpStatus.OK).json({ statusCode: HttpStatus.OK, data: result });
   }
 }
-

apps/api/src/management/mail/mail-send.service.ts

@@ -1,50 +1,81 @@
-import { BadRequestException, Injectable, Logger } from '@nestjs/common'
-import { MailerService } from '@nestjs-modules/mailer'
-import { get } from 'radash'
-import { IdentitiesCrudService } from '~/management/identities/identities-crud.service'
-import { PasswdadmService } from '~/settings/passwdadm.service'
-import { IdentityState } from '~/management/identities/_enums/states.enum'
+import { BadRequestException, Injectable, Logger } from '@nestjs/common';
+import { MailerService } from '@nestjs-modules/mailer';
+import { get } from 'radash';
+import { IdentitiesCrudService } from '~/management/identities/identities-crud.service';
+import { PasswdadmService } from '~/settings/passwdadm.service';
+import { MailadmService } from '~/settings/mailadm.service';
+import { IdentityState } from '~/management/identities/_enums/states.enum';
 
 @Injectable()
 export class MailSendService {
-  private readonly logger = new Logger(MailSendService.name)
+  private readonly logger = new Logger(MailSendService.name);
 
   public constructor(
     private readonly identities: IdentitiesCrudService,
     private readonly passwdadmService: PasswdadmService,
     private readonly mailer: MailerService,
+    private readonly mailadmService: MailadmService,
   ) {}
 
   public async sendTemplateToIdentities(args: {
-    ids: string[]
-    template: string
-    variables?: Record<string, string>
+    ids: string[];
+    template: string;
+    variables?: Record<string, string>;
+    recipientAddressSource?: 'principal' | 'personnel';
   }): Promise<{ sent: number; skipped: number }> {
-    const template = String(args.template || '').trim()
+    const template = String(args.template || '').trim();
     if (!template) {
-      throw new BadRequestException('Template requis')
+      throw new BadRequestException('Template requis');
     }
-    const variables = (args.variables && typeof args.variables === 'object' ? args.variables : {}) as Record<string, any>
+    const variables = (args.variables && typeof args.variables === 'object' ? args.variables : {}) as Record<
+      string,
+      any
+    >;
 
-    const policies: any = await this.passwdadmService.getPolicies()
-    const mailAttribute = String(policies?.emailAttribute || '')
-    if (!mailAttribute) {
-      throw new BadRequestException("Attribut mail alternatif non configuré (settings.passwordpolicies.emailAttribute)")
+    const smtp = await this.mailadmService.getParams();
+    const principalPath = String(smtp?.recipientJsonPathEmailPrincipal || '').trim();
+    const personnelPath = String(smtp?.recipientJsonPathEmailPersonnel || '').trim();
+    const policies: any = await this.passwdadmService.getPolicies();
+    const policyMailAttribute = String(policies?.emailAttribute || '');
+
+    const source = args.recipientAddressSource;
+    let mailPath: string;
+    if (source === 'principal') {
+      mailPath = principalPath;
+      if (!mailPath) {
+        throw new BadRequestException(
+          "Chemin JSON « e-mail principal » non configuré (paramètres → Serveur SMTP → Chemin JSON de l'e-mail principal).",
+        );
+      }
+    } else if (source === 'personnel') {
+      mailPath = personnelPath;
+      if (!mailPath) {
+        throw new BadRequestException(
+          "Chemin JSON « e-mail personnel » non configuré (paramètres → Serveur SMTP → Chemin JSON de l'e-mail personnel).",
+        );
+      }
+    } else {
+      mailPath = policyMailAttribute;
+      if (!mailPath) {
+        throw new BadRequestException(
+          'Attribut mail alternatif non configuré (settings.passwordpolicies.emailAttribute)',
+        );
+      }
     }
 
-    const identities = await this.identities.model.find({ _id: { $in: args.ids }, state: IdentityState.SYNCED }).lean()
+    const identities = await this.identities.model.find({ _id: { $in: args.ids }, state: IdentityState.SYNCED }).lean();
     if (!identities?.length) {
-      throw new BadRequestException('Aucune identité synchronisée trouvée')
+      throw new BadRequestException('Aucune identité synchronisée trouvée');
     }
 
-    let sent = 0
-    let skipped = 0
+    let sent = 0;
+    let skipped = 0;
 
     for (const identity of identities) {
-      const to = get(identity as any, mailAttribute) as string
+      const to = get(identity as any, mailPath) as string;
       if (!to) {
-        skipped++
-        continue
+        skipped++;
+        continue;
       }
 
       try {
@@ -56,15 +87,16 @@ export class MailSendService {
             identity,
             ...variables,
           },
-        })
-        sent++
+        });
+        sent++;
       } catch (e) {
-        this.logger.warn(`Failed to send template <${template}> to identity <${(identity as any)?._id}>: ${e?.message || e}`)
-        skipped++
+        this.logger.warn(
+          `Failed to send template <${template}> to identity <${(identity as any)?._id}>: ${e?.message || e}`,
+        );
+        skipped++;
       }
     }
 
-    return { sent, skipped }
+    return { sent, skipped };
   }
 }
-

apps/api/src/settings/_dto/mail.settings.dto.ts

@@ -1,5 +1,6 @@
-import { IsEmail, IsString, IsUrl } from 'class-validator';
+import { IsEmail, IsOptional, IsString, IsUrl, Matches, ValidateIf } from 'class-validator';
 import { ApiProperty } from '@nestjs/swagger';
+import { MAIL_RECIPIENT_JSON_PATH_REGEX } from '~/settings/_utils/mail-recipient-json-path.util';
 
 export class MailSettingsDto {
   @IsUrl({ protocols: ['smtp', 'smtps'], require_protocol: true, require_tld: false })
@@ -17,4 +18,32 @@ export class MailSettingsDto {
   @IsString()
   @ApiProperty({ example: 'myPassword', description: 'password', type: String })
   public password: string;
+
+  @ValidateIf((_, v) => v !== undefined && v !== null && String(v).trim() !== '')
+  @IsString()
+  @Matches(MAIL_RECIPIENT_JSON_PATH_REGEX, {
+    message:
+      'Le chemin doit comporter au moins un point et uniquement des segments alphanumériques, tirets ou underscores (ex. inetOrgPerson.mail)',
+  })
+  @IsOptional()
+  @ApiProperty({
+    required: false,
+    example: 'additionalFields.mailPersonnel',
+    description: "Chemin JSON (point) vers l'e-mail personnel de l'identité (envois template)",
+  })
+  public recipientJsonPathEmailPersonnel?: string;
+
+  @ValidateIf((_, v) => v !== undefined && v !== null && String(v).trim() !== '')
+  @IsString()
+  @Matches(MAIL_RECIPIENT_JSON_PATH_REGEX, {
+    message:
+      'Le chemin doit comporter au moins un point et uniquement des segments alphanumériques, tirets ou underscores (ex. inetOrgPerson.mail)',
+  })
+  @IsOptional()
+  @ApiProperty({
+    required: false,
+    example: 'inetOrgPerson.mail',
+    description: "Chemin JSON (point) vers l'e-mail principal de l'identité (envois template)",
+  })
+  public recipientJsonPathEmailPrincipal?: string;
 }

apps/api/src/settings/_utils/mail-recipient-json-path.util.ts

@@ -0,0 +1,28 @@
+/** Chemin style JSON (segments séparés par des points), ex. `inetOrgPerson.mail` */
+export const MAIL_RECIPIENT_JSON_PATH_REGEX = /^[a-zA-Z0-9_-]+(?:\.[a-zA-Z0-9_-]+)+$/;
+
+/**
+ * Vérifie que chaque segment du chemin existe comme clé sur l'objet (structure présente).
+ * La valeur finale peut être vide : on valide la présence des clés intermédiaires et finale.
+ */
+export function identityJsonPathStructureExists(root: unknown, path: string): boolean {
+  const segments = path
+    .split('.')
+    .map((s) => s.trim())
+    .filter(Boolean);
+  if (segments.length < 2) {
+    return false;
+  }
+  let cur: unknown = root;
+  for (const seg of segments) {
+    if (cur == null || typeof cur !== 'object') {
+      return false;
+    }
+    const obj = cur as Record<string, unknown>;
+    if (!Object.prototype.hasOwnProperty.call(obj, seg)) {
+      return false;
+    }
+    cur = obj[seg];
+  }
+  return true;
+}

apps/api/src/settings/mailadm.service.ts

@@ -1,19 +1,67 @@
 import { AbstractSettingsService } from '~/settings/_abstracts/abstract-settings.service';
-import { Injectable } from '@nestjs/common';
+import { BadRequestException, Injectable } from '@nestjs/common';
+import { InjectConnection, InjectModel } from '@nestjs/mongoose';
+import { Connection, Model } from 'mongoose';
 import { MailSettingsDto } from '~/settings/_dto/mail.settings.dto';
+import { Settings } from '~/settings/_schemas/settings.schema';
+import { IdentityState } from '~/management/identities/_enums/states.enum';
+import { identityJsonPathStructureExists } from '~/settings/_utils/mail-recipient-json-path.util';
 
 @Injectable()
 export class MailadmService extends AbstractSettingsService {
+  public constructor(
+    @InjectModel(Settings.name) model: Model<Settings>,
+    @InjectConnection() private readonly mongoConnection: Connection,
+  ) {
+    super(model);
+  }
+
   public async getParams(): Promise<MailSettingsDto | null> {
-    const data = await this.getParameter<MailSettingsDto>('smtpServer');
-    return data;
+    return await this.getParameter<MailSettingsDto>('smtpServer');
   }
 
   public async setParams(params: MailSettingsDto): Promise<any> {
+    await this.assertRecipientJsonPathsOnSampleIdentity(params);
     return await this.setParameter('smtpServer', params);
   }
 
   protected async defaultValues<T = MailSettingsDto>(): Promise<T> {
     return <T>new MailSettingsDto();
   }
+
+  private async assertRecipientJsonPathsOnSampleIdentity(params: MailSettingsDto): Promise<void> {
+    const paths: { key: keyof MailSettingsDto; path: string }[] = [];
+    const personnel = String(params.recipientJsonPathEmailPersonnel || '').trim();
+    const principal = String(params.recipientJsonPathEmailPrincipal || '').trim();
+    if (personnel) {
+      paths.push({ key: 'recipientJsonPathEmailPersonnel', path: personnel });
+    }
+    if (principal) {
+      paths.push({ key: 'recipientJsonPathEmailPrincipal', path: principal });
+    }
+
+    if (paths.length === 0) {
+      return;
+    }
+
+    const sample = await this.mongoConnection.collection('identities').findOne({ state: IdentityState.SYNCED });
+    if (!sample) {
+      return;
+    }
+
+    const validations: Record<string, string> = {};
+    for (const { key, path } of paths) {
+      if (!identityJsonPathStructureExists(sample, path)) {
+        validations[key] =
+          "Ce chemin n'existe pas sur une identité synchronisée d'exemple (vérifiez la casse et les segments séparés par des points).";
+      }
+    }
+    if (Object.keys(validations).length > 0) {
+      throw new BadRequestException({
+        statusCode: 400,
+        message: 'Erreur de validation : ' + Object.keys(validations).join(', '),
+        validations,
+      });
+    }
+  }
 }

apps/api/src/settings/settings.module.ts

@@ -10,6 +10,7 @@ import { PasswdadmService } from '~/settings/passwdadm.service';
 import { PasswdadmController } from '~/settings/passwdadm.controller';
 import { MailadmService } from '~/settings/mailadm.service';
 import { MailadmController } from '~/settings/mailadm.controller';
+
 @Module({
   exports: [SmsadmService, PasswdadmService, MailadmService],
   imports: [

apps/api/tests/unit/settings/mailadm.service.spec.ts

@@ -4,8 +4,16 @@ import { MailSettingsDto } from '~/settings/_dto/mail.settings.dto'
 describe('MailadmService', () => {
   let service: MailadmService
 
+  const mockCollection = {
+    findOne: jest.fn().mockResolvedValue(null),
+  }
+
+  const mockConnection = {
+    collection: jest.fn().mockReturnValue(mockCollection),
+  }
+
   beforeEach(() => {
-    service = new MailadmService({} as any)
+    service = new MailadmService({} as any, mockConnection as any)
   })
 
   it('should read smtp params via getParameter(smtpServer)', async () => {