Merge pull request #43 from guavestudios/feature/allow-admins

maxperei · web-flow · commit 7ad94335b471 · 2025-02-05T17:15:29.000+01:00
Feature/allow admins
diff --git a/README.md b/README.md
@@ -76,13 +76,18 @@
     ``` shell
     php bin/console maintenance:enable 172.16.254.1 255.255.255.255 192.0.0.255
     ```
-3. Disable the plugin
+3.Enable the plugin and disable admin access
+
+    ``` shell
+    php bin/console maintenance:enable --disable-admin
+    ```
+4.Disable the plugin
 
     ``` shell
     php bin/console maintenance:disable
     ```
 
-4. Remove configuration file using CLI
+5.Remove configuration file using CLI
 
 By default, **maintenance.yaml** configuration file remains when running `maintenance:disable` or via admin panel using toggle disable
 Nevertheless passing option `[-c|--clear]` to command line above will reset previous saved configuration
@@ -91,9 +96,10 @@ Nevertheless passing option `[-c|--clear]` to command line above will reset prev
 
 - Enable/disable the plugin
 - Allow access for one or multiple ips addresses (optional)
-- Allow access for secret token (optional)
+- Allow access for secret token (session and request) (optional)
 - Create your custom message (optional)
 - Grant access to search bots during maintenance (optional)
+- Grant access to admins during maintenance (optional)
 
 ### If you want to put the **maintenance.yaml** in a directory, please add your directory in .env:
 
@@ -123,6 +129,11 @@ framework:
                 adapter: cache.adapter.redis
 ```
 
+### Precisions for access token
+
+Once token is generated, disallowing maintenance will be available thought request as well.
+So you can use it as query parameter `?synolia_maintenance_token={$token}` or in headers `HTTP_SYNOLIA_MAINTENANCE_TOKEN: token` for a particular request to bypass maintenance mode.
+
 ## Development
 
 See [How to contribute](CONTRIBUTING.md).
diff --git a/src/Checker/AdminChecker.php b/src/Checker/AdminChecker.php
@@ -40,14 +40,16 @@ public function isMaintenance(MaintenanceConfiguration $configuration, Request $
             $request = $this->requestStack->getMainRequest();
             Assert::isInstanceOf($request, Request::class);
 
-            if ($request === $this->requestStack->getCurrentRequest()) {
-                $flashBag = $request->getSession()->getBag('flashes');
-                if ($flashBag instanceof FlashBagInterface) {
-                    $flashBag->add('info', $this->translator->trans('maintenance.ui.message_info_admin'));
+            if ($configuration->isAllowAdmins()) {
+                if ($request === $this->requestStack->getCurrentRequest()) {
+                    $flashBag = $request->getSession()->getBag('flashes');
+                    if ($flashBag instanceof FlashBagInterface) {
+                        $flashBag->add('info', $this->translator->trans('maintenance.ui.message_info_admin'));
+                    }
                 }
-            }
 
-            return IsMaintenanceVoterInterface::ACCESS_GRANTED;
+                return IsMaintenanceVoterInterface::ACCESS_GRANTED;
+            }
         }
 
         return IsMaintenanceVoterInterface::ACCESS_DENIED;
diff --git a/src/Checker/TokenChecker.php b/src/Checker/TokenChecker.php
@@ -20,6 +20,14 @@ public static function getDefaultPriority(): int
 
     public function isMaintenance(MaintenanceConfiguration $configuration, Request $request): bool
     {
+        if ($request->query->get(TokenStorage::MAINTENANCE_TOKEN_NAME) === $configuration->getToken()) {
+            return IsMaintenanceVoterInterface::ACCESS_GRANTED;
+        }
+
+        if ($request->headers->get(TokenStorage::MAINTENANCE_TOKEN_NAME) === $configuration->getToken()) {
+            return IsMaintenanceVoterInterface::ACCESS_GRANTED;
+        }
+
         if ($request->getSession()->get(TokenStorage::MAINTENANCE_TOKEN_NAME) === $configuration->getToken()) {
             return IsMaintenanceVoterInterface::ACCESS_GRANTED;
         }
diff --git a/src/Command/EnableMaintenanceCommand.php b/src/Command/EnableMaintenanceCommand.php
@@ -10,6 +10,7 @@
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Input\InputArgument;
 use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Contracts\Cache\CacheInterface;
 use Symfony\Contracts\Translation\TranslatorInterface;
@@ -35,6 +36,7 @@ protected function configure(): void
     {
         $this
             ->addArgument('ips_address', InputArgument::IS_ARRAY, 'Add ips addresses (separate multiple ips with a space)')
+            ->addOption('disable-admin', null, InputOption::VALUE_NONE, 'disable admin access')
             ->setHelp('This command allows you to create the maintenance.yaml and also allows you to put the ips into this file.')
         ;
     }
@@ -68,6 +70,9 @@ private function getMaintenanceConfiguration(InputInterface $input): Maintenance
         $maintenanceConfiguration->setChannels($this->getChannels());
         $maintenanceConfiguration->setEnabled(true);
 
+        $disableAdmin = (bool) $input->getOption('disable-admin');
+        $maintenanceConfiguration->setAllowAdmins(!$disableAdmin);
+
         /** @var array $ipsAddress */
         $ipsAddress = $input->getArgument('ips_address');
         if ([] !== $ipsAddress) {
diff --git a/src/Controller/MaintenanceConfigurationController.php b/src/Controller/MaintenanceConfigurationController.php
@@ -56,7 +56,8 @@ public function __invoke(Request $request): Response
         }
 
         return $this->render('@SynoliaSyliusMaintenancePlugin/Admin/maintenanceConfiguration.html.twig', [
-            'form' => $form,
+            'maintenanceConfiguration' => $maintenanceConfiguration,
+            'form' => $form->createView(),
         ]);
     }
 }
diff --git a/src/EventSubscriber/MaintenanceEventsubscriber.php b/src/EventSubscriber/MaintenanceEventsubscriber.php
@@ -6,6 +6,7 @@
 
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Event\RequestEvent;
 use Symfony\Contracts\Cache\CacheInterface;
@@ -51,6 +52,15 @@ public function handle(RequestEvent $event): void
             'custom_message' => $configuration->getCustomMessage(),
         ]);
 
+        if ('json' === $event->getRequest()->getContentTypeFormat()) {
+            $event->setResponse(new JsonResponse([
+                'key' => 'maintenance',
+                'message' => $configuration->getCustomMessage(),
+            ], Response::HTTP_SERVICE_UNAVAILABLE));
+
+            return;
+        }
+
         $event->setResponse(new Response($responseContent, Response::HTTP_SERVICE_UNAVAILABLE));
     }
 
diff --git a/src/Exporter/MaintenanceConfigurationExporter.php b/src/Exporter/MaintenanceConfigurationExporter.php
@@ -38,6 +38,7 @@ public function export(MaintenanceConfiguration $configuration): void
         }
         $dataToExport['enabled'] = $configuration->isEnabled();
         $scheduler = $this->getSchedulerArray($configuration->getStartDate(), $configuration->getEndDate());
+        $dataToExport['allow_admins'] = $configuration->isAllowAdmins();
 
         $this->configurationFileManager->createMaintenanceFile(array_merge(
             $scheduler,
diff --git a/src/Factory/MaintenanceConfigurationFactory.php b/src/Factory/MaintenanceConfigurationFactory.php
@@ -46,6 +46,7 @@ public static function map(MaintenanceConfiguration $maintenanceConfiguration, ?
             'custom_message' => '',
             'token' => '',
             'allow_bots' => false,
+            'allow_admins' => true,
             'enabled' => true,
         ]);
         /**
@@ -56,6 +57,7 @@ public static function map(MaintenanceConfiguration $maintenanceConfiguration, ?
          *     'custom_message': string,
          *     'token': string,
          *     'allow_bots': bool,
+         *     'allow_admins': bool,
          *     'enabled': bool,
          *  } $options
          */
@@ -79,6 +81,7 @@ public static function map(MaintenanceConfiguration $maintenanceConfiguration, ?
             ->setCustomMessage($options['custom_message'])
             ->setToken($options['token'])
             ->setAllowBots($options['allow_bots'])
+            ->setAllowAdmins($options['allow_admins'])
             ->setEnabled($options['enabled'])
         ;
     }
diff --git a/src/Form/Type/MaintenanceConfigurationType.php b/src/Form/Type/MaintenanceConfigurationType.php
@@ -67,6 +67,10 @@ public function buildForm(FormBuilderInterface $builder, array $options): void
                 'label' => 'maintenance.ui.form.allow_bots',
                 'required' => true,
             ])
+            ->add('allowAdmins', CheckboxType::class, [
+                'label' => 'maintenance.ui.form.allow_admins',
+                'required' => true,
+            ])
         ;
 
         if ($this->channelRepository->count([]) > 1) {
diff --git a/src/Model/MaintenanceConfiguration.php b/src/Model/MaintenanceConfiguration.php
@@ -24,6 +24,8 @@ class MaintenanceConfiguration
 
     private bool $allowBots = false;
 
+    private bool $allowAdmins = true;
+
     public function __construct()
     {
         $this->token = bin2hex(random_bytes(16));
@@ -158,4 +160,16 @@ public function setAllowBots(bool $allowBots): self
 
         return $this;
     }
+
+    public function isAllowAdmins(): bool
+    {
+        return $this->allowAdmins;
+    }
+
+    public function setAllowAdmins(bool $allowAdmins): self
+    {
+        $this->allowAdmins = $allowAdmins;
+
+        return $this;
+    }
 }
diff --git a/src/Resources/translations/messages.de.yml b/src/Resources/translations/messages.de.yml
@@ -0,0 +1,33 @@
+maintenance:
+    ui:
+        message: Die Webseite befindet sich im Wartungsmodus
+        title: Wartungsmodus
+        subtitle: Wartungsmodus verwalten
+        form:
+            enabled: Aktiv?
+            ip: Ip Adressen ignorieren (getrennt mit ,)
+            token_storage:
+                button: Generiere Token
+                help: Zugriff über Token erlauben
+                message: Token wurde generiert
+            placeholder: 'Ip Adressen ignorieren (getrennt mit ,) Zum Beispiel: 255.255.255.255,192.0.0.255'
+            custom_message: Nachricht
+            start_date: Start
+            end_date: Ende
+            error_end_date: End-Datum muss hinter Startdatum liegen
+            allow_bots: Erlaube Bots den Zugriff während dem Wartungsmodus
+            allow_admins: Erlaube Admins den Zugriff während dem Wartungsmodus
+        message_enabled: Wartungsmodus aktiviert
+        message_disabled: Wartungsmodus deaktiviert
+        message_reset: Wartungsmodus zurückgesetzt
+        message_success_ips: Ip Adressen wurden gespeichert
+        message_error_ips: Fehler in den Ip-Adressen
+        message_disabled_404: Das Plugin ist nicht aktiv
+        message_success_message: Nachricht erfolgreich gespeichert
+        message_end_date_in_the_past: End-Datum ist in der Vergangenheit, Wartungsmodus wurde beendet
+        message_info_admin: Die Webseite ist im Wartungsmodus
+sylius_plus:
+    rbac:
+        parent:
+            plugin_synolia_maintenances: Wartungsmodus
+        sylius_admin_maintenance_configuration: Wartungsmodus verwalten
diff --git a/src/Resources/translations/messages.en.yml b/src/Resources/translations/messages.en.yml
@@ -16,6 +16,7 @@ maintenance:
             end_date: Ends at
             error_end_date: The end date must be later than the start date.
             allow_bots: Grant access to search bots during maintenance
+            allow_admins: Allow admins access during maintenance mode
         message_enabled: The maintenance plugin was successfully enabled.
         message_disabled: The maintenance plugin was successfully disabled.
         message_reset: The maintenance plugin was successfully reset.
diff --git a/src/Resources/translations/messages.fr.yml b/src/Resources/translations/messages.fr.yml
@@ -16,6 +16,7 @@ maintenance:
             end_date: Se termine le
             error_end_date: La date de fin doit être postérieure à la date de début.
             allow_bots: Accorder l'accès aux robots de recherche pendant la maintenance
+            allow_admins: Autoriser l'accès aux administrateurs pendant le mode de maintenance
         message_enabled: Le plugin de maintenance a été activé avec succès.
         message_disabled: Le plugin de maintenance a été désactivé avec succès.
         message_reset: Le plugin de maintenance a été réinitialisé avec succès.
diff --git a/src/Resources/views/Admin/maintenanceConfiguration.html.twig b/src/Resources/views/Admin/maintenanceConfiguration.html.twig
@@ -37,6 +37,9 @@
 			<div class="field">
 				<div style="margin-bottom: 0.5em">{{ 'maintenance.ui.form.token_storage.help'|trans }}</div>
 				<a class="ui secondary button" href="{{ path('sylius_admin_maintenance_token_storage') }}">{{ 'maintenance.ui.form.token_storage.button'|trans }}</a>
+                {% if maintenanceConfiguration.enabled and maintenanceConfiguration.token is defined and maintenanceConfiguration.token is not empty %}
+                    <kbd>{{ maintenanceConfiguration.token }}</kbd>
+                {% endif %}
 			</div>
 		</div>
 		{{ form_row(form.customMessage) }}
@@ -45,6 +48,7 @@
 			{{ form_row(form.endDate) }}
 		</div>
 		{{ form_row(form.allowBots) }}
+		{{ form_row(form.allowAdmins) }}
 		{% include '@SyliusUi/Form/Buttons/_update.html.twig' %}
 		{{ form_end(form) }}
 	</div>
diff --git a/tests/PHPUnit/MaintenanceAllowAccessByTokenTest.php b/tests/PHPUnit/MaintenanceAllowAccessByTokenTest.php
@@ -25,6 +25,8 @@ public function testMaintenanceFileWithToken(
         string $token,
         bool $isGenerated,
         bool $isInMaintenance,
+        array $params = [],
+        array $headers = [],
     ): void {
         /** @var ReflectionClassConstant $constant */
         $constant = (new ReflectionClass(ConfigurationFileManager::class))
@@ -41,10 +43,10 @@ public function testMaintenanceFileWithToken(
 
         $client = static::createClient();
         if ($isGenerated) {
-            $session = $this->createSession($client, $token);
+            $this->createSession($client, $token);
         }
 
-        $client->request('GET', '/en_US/');
+        $client->request('GET', '/en_US/', $params, [], $headers);
 
         if ($isInMaintenance) {
             $this->assertSiteIsInMaintenance();
@@ -65,6 +67,18 @@ public function tokens(): \Generator
         yield 'token generated is not that of the maintenance file, so no access to website' => [
             '63454fe526b4102103f76a4dbbd442e3', 'token123', true, true,
         ];
+        yield 'token is not generated but queryParams are matching, so access allowed' => [
+            'g00d_s$cr3t', '', false, false, ['synolia_maintenance_token' => 'g00d_s$cr3t'],
+        ];
+        yield 'token is not generated but headers are matching, so access allowed' => [
+            'g00d_s$cr3t', '', false, false, [], ['HTTP_SYNOLIA_MAINTENANCE_TOKEN' => 'g00d_s$cr3t'],
+        ];
+        yield 'token is not generated but queryParams are not matching, so no access to website' => [
+            'g00d_s$cr3t', '', false, true, ['synolia_maintenance_token' => '0th4r_s$cr3t'],
+        ];
+        yield 'token is generated and same token, so access to website even if queryParams are not matching' => [
+            'g00d_s$cr3t', 'g00d_s$cr3t', true, false, ['synolia_maintenance_token' => '0th4r_s$cr3t'],
+        ];
     }
 
     private function createSession(KernelBrowser $client, string $token): Session
diff --git a/tests/PHPUnit/MaintenanceAllowAccessToAdminAreaTest.php b/tests/PHPUnit/MaintenanceAllowAccessToAdminAreaTest.php
@@ -13,6 +13,27 @@ final class MaintenanceAllowAccessToAdminAreaTest extends AbstractWebTestCase
 {
     use AssertTrait;
 
+    public function testMaintenanceDisallowAccessToAdminArea(): void
+    {
+        /** @var ReflectionClassConstant $constant */
+        $constant = (new ReflectionClass(ConfigurationFileManager::class))
+            ->getReflectionConstant('MAINTENANCE_FILE')
+        ;
+        $file = $constant->getValue();
+
+        \file_put_contents(
+            $file,
+            Yaml::dump([
+                'custom_message' => 'Maintenance ON',
+                'allow_admins' => false,
+            ]),
+        );
+
+        self::$client->request('GET', '/admin/login');
+
+        self::assertResponseStatusCodeSame(503);
+    }
+
     public function testMaintenanceAllowAccessToAdminArea(): void
     {
         /** @var ReflectionClassConstant $constant */
diff --git a/tests/PHPUnit/MaintenanceEnabledTest.php b/tests/PHPUnit/MaintenanceEnabledTest.php
@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PHPUnit;
+
+use Symfony\Component\Yaml\Yaml;
+use Tests\Synolia\SyliusMaintenancePlugin\PHPUnit\AbstractWebTestCase;
+
+final class MaintenanceEnabledTest extends AbstractWebTestCase
+{
+    public function testMaintenanceIsEnabledForJsonRequests(): void
+    {
+        \file_put_contents(
+            $this->file,
+            Yaml::dump([
+                'enabled' => true,
+                'custom_message' => 'niwebnimaster',
+            ]),
+        );
+        self::$client->jsonRequest('GET', '/en_US/');
+
+        self::assertResponseStatusCodeSame(503);
+        self::assertResponseFormatSame('json');
+        self::assertResponseHeaderSame('Content-Type', 'application/json');
+        self::assertIsArray(json_decode(self::$client->getResponse()->getContent(), true));
+        self::assertArrayHasKey('key', json_decode(self::$client->getResponse()->getContent(), true));
+        self::assertArrayHasKey('message', json_decode(self::$client->getResponse()->getContent(), true));
+        self::assertSame('maintenance', json_decode(self::$client->getResponse()->getContent(), true)['key']);
+        self::assertSame('niwebnimaster', json_decode(self::$client->getResponse()->getContent(), true)['message']);
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,14 @@ public static function getDefaultPriority(): int`
`20`	`20`
`21`	`21`	`public function isMaintenance(MaintenanceConfiguration $configuration, Request $request): bool`
`22`	`22`	`{`
	`23`	`+ if ($request->query->get(TokenStorage::MAINTENANCE_TOKEN_NAME) === $configuration->getToken()) {`
	`24`	`+ return IsMaintenanceVoterInterface::ACCESS_GRANTED;`
	`25`	`+ }`
	`26`	`+`
	`27`	`+ if ($request->headers->get(TokenStorage::MAINTENANCE_TOKEN_NAME) === $configuration->getToken()) {`
	`28`	`+ return IsMaintenanceVoterInterface::ACCESS_GRANTED;`
	`29`	`+ }`
	`30`	`+`
`23`	`31`	`if ($request->getSession()->get(TokenStorage::MAINTENANCE_TOKEN_NAME) === $configuration->getToken()) {`
`24`	`32`	`return IsMaintenanceVoterInterface::ACCESS_GRANTED;`
`25`	`33`	`}`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,8 @@ public function __invoke(Request $request): Response`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`return $this->render('@SynoliaSyliusMaintenancePlugin/Admin/maintenanceConfiguration.html.twig', [`
`59`		`- 'form' => $form,`
	`59`	`+ 'maintenanceConfiguration' => $maintenanceConfiguration,`
	`60`	`+ 'form' => $form->createView(),`
`60`	`61`	`]);`
`61`	`62`	`}`
`62`	`63`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ public function export(MaintenanceConfiguration $configuration): void`
`38`	`38`	`}`
`39`	`39`	`$dataToExport['enabled'] = $configuration->isEnabled();`
`40`	`40`	`$scheduler = $this->getSchedulerArray($configuration->getStartDate(), $configuration->getEndDate());`
	`41`	`+ $dataToExport['allow_admins'] = $configuration->isAllowAdmins();`
`41`	`42`
`42`	`43`	`$this->configurationFileManager->createMaintenanceFile(array_merge(`
`43`	`44`	`$scheduler,`